anubis 1.23.0 #251906

BrewTestBot · 2025-10-30T02:22:31Z

Created by brew bump

Created with brew bump-formula-pr.

release notes

Sorry this took so long, work has been wiping me out. If you know of any companies that are hiring for someone of my skillset, please let me know.

Add default tencent cloud DENY rule.
Added (data)/meta/default-config.yaml for importing the entire default configuration at once.
Add -custom-real-ip-header flag to get the original request IP from a different header than x-real-ip.
Add contentLength variable to bot expressions.
Add COOKIE_SAME_SITE_MODE to force anubis cookies SameSite value, and downgrade automatically from None to Lax if cookie is insecure.
Fix lock convoy problem in decaymap (#1103).
Fix lock convoy problem in bbolt by implementing the actor pattern (#1103).
Remove bbolt actorify implementation due to causing production issues.
Document missing environment variables in installation guide: SLOG_LEVEL, COOKIE_PREFIX, FORCED_LANGUAGE, and TARGET_DISABLE_KEEPALIVE (#1086).
Add validation warning when persistent storage is used without setting signing keys.
Fixed robots2policy to properly group consecutive user agents into any: instead of only processing the last one (#925).
Make the fast algorithm prefer purejs when running in an insecure context.
Add the s3api storage backend to allow Anubis to use S3 API compatible object storage as its storage backend.
Fix a "stutter" in the cookie name prefix so the auth cookie is named techaro.lol-anubis-auth instead of techaro.lol-anubis-auth-auth.
Make cmd/containerbuild support commas for separating elements of the --docker-tags argument as well as newlines.
Add the DIFFICULTY_IN_JWT option, which allows one to add the difficulty field in the JWT claims which indicates the difficulty of the token (#1063).
Ported the client-side JS to TypeScript to avoid egregious errors in the future.
Fixes concurrency problems with very old browsers (#1082).
Randomly use the Refresh header instead of the meta refresh tag in the metarefresh challenge.
Update OpenRC service to truncate the runtime directory before starting Anubis.
Make the git client profile more strictly match how the git client behaves.
Make the default configuration reward users using normal browsers.
Allow multiple consecutive slashes in a row in application paths (#754).
Add option to set targetSNI to special keyword 'auto' to indicate that it should be automatically set to the request Host name (424).
The Preact challenge has been removed from the default configuration. It will be deprecated in the future.
An open redirect when in subrequest mode has been fixed.

Potentially breaking changes

Multiple checks at once has and-like semantics instead of or-like semantics

Anubis lets you stack multiple checks at once with blocks like this:

name: allow-prometheus
action: ALLOW
user_agent_regex: ^prometheus-probe$
remote_addresses:
  - 192.168.2.0/24

Previously, this only returned ALLOW if any one of the conditions matched. This behaviour has changed to only return ALLOW if all of the conditions match. I expect this to have some issues with user configs, however this fix is grave enough that it's worth the risk of breaking configs. If this bites you, please let me know so we can make an escape hatch.

Better error messages

In order to make it easier for legitimate clients to debug issues with their browser configuration and Anubis, Anubis will emit internal error detail in base 64 so that administrators can chase down issues. Future versions of this may also include a variant that encrypts the error detail messages.

Bug Fixes

Sometimes the enhanced temporal assurance in #1038 and #1068 could backfire because Chromium and its ilk randomize the amount of time they wait in order to avoid a timing side channel attack. This has been fixed by both increasing the amount of time a client has to wait for the metarefresh and preact challenges as well as making the server side logic more permissive.

What's Changed

docs(installation): add SLOG_LEVEL environment variable to configuration by @JasonLovesDoggo in docs(installation): add SLOG_LEVEL environment variable to configuration TecharoHQ/anubis#1086
docs: document some missing env vars by @JasonLovesDoggo in docs: document some missing env vars TecharoHQ/anubis#1087
build(deps): bump the github-actions group across 1 directory with 8 updates by @dependabot[bot] in build(deps): bump the github-actions group across 1 directory with 8 updates TecharoHQ/anubis#1071
fix(robots2policy): handle multiple user agents under one block by @JasonLovesDoggo in fix(robots2policy): handle multiple user agents under one block TecharoHQ/anubis#925
feat(lib/store): add s3api storage backend by @Xe in feat(lib/store): add s3api storage backend TecharoHQ/anubis#1089
Xe/demote temporal assurance by @Xe in Xe/demote temporal assurance TecharoHQ/anubis#1090
feat: Warn on missing signing keys when persisting challenges by @JasonLovesDoggo in feat: Warn on missing signing keys when persisting challenges TecharoHQ/anubis#1088
docs: add reminder for verified signatures in PR template by @JasonLovesDoggo in docs: add reminder for verified signatures in PR template TecharoHQ/anubis#1092
build(deps): bump the github-actions group with 4 updates by @dependabot[bot] in build(deps): bump the github-actions group with 4 updates TecharoHQ/anubis#1093
security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al by @Xe in security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al TecharoHQ/anubis#1098
fix(cmd/containerbuild): support commas in --docker-tags by @Xe in fix(cmd/containerbuild): support commas in --docker-tags TecharoHQ/anubis#1099
feat(lib): Add option for adding difficulty field to JWT claims by @Earl0fPudding in feat(lib): Add option for adding difficulty field to JWT claims TecharoHQ/anubis#1063
chore: port client-side JS to TypeScript by @Xe in chore: port client-side JS to TypeScript TecharoHQ/anubis#1100
fix(decaymap): fix lock convoy by @Xe in fix(decaymap): fix lock convoy TecharoHQ/anubis#1106
feat(store/bbolt): implement actor pattern by @Xe in feat(store/bbolt): implement actor pattern TecharoHQ/anubis#1107
feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure by @vaab in feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure TecharoHQ/anubis#1105
docs: add link to preact in challenge list by @agoujot in docs: add link to preact in challenge list TecharoHQ/anubis#1111
ci: add aarch64 for ssh CI by @Xe in ci: add aarch64 for ssh CI TecharoHQ/anubis#1112
ci(ssh): don't print uname -av output by @Xe in ci(ssh): don't print uname -av output TecharoHQ/anubis#1114
feat(expressions): add contentLength to bot expressions by @Xe in feat(expressions): add contentLength to bot expressions TecharoHQ/anubis#1120
fix(run/openrc): truncate runtime directory before starting Anubis by @CyberTailor in fix(run/openrc): truncate runtime directory before starting Anubis TecharoHQ/anubis#1122
build(deps): bump the npm group with 2 updates by @dependabot[bot] in build(deps): bump the npm group with 2 updates TecharoHQ/anubis#1117
build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in build(deps): bump the github-actions group with 3 updates TecharoHQ/anubis#1118
Update nl.json removing literal translated cookie 'koekje' with 'cookie' by @jieter in Update nl.json removing literal translated cookie 'koekje' with 'cookie' TecharoHQ/anubis#1126
convert issue templates into issue forms by @NetSysFire in convert issue templates into issue forms TecharoHQ/anubis#1115
build(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible in /test by @dependabot[bot] in build(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible in /test TecharoHQ/anubis#1130
feat(metarefresh): randomly use the Refresh header by @Xe in feat(metarefresh): randomly use the Refresh header TecharoHQ/anubis#1133
Add Door43 link to known instances documentation by @richmahn in Add Door43 link to known instances documentation TecharoHQ/anubis#1136
fix: mend auth cookie name stutter by @Xe in fix: mend auth cookie name stutter TecharoHQ/anubis#1139
Update Nynorsk translation by @turtlegarden in Update Nynorsk translation TecharoHQ/anubis#1143
feat: support reading real client IP from a custom header by @avioletheart in feat: support reading real client IP from a custom header TecharoHQ/anubis#1138
enable auto setting of SNI based on host header by @jmcclelland in enable auto setting of SNI based on host header TecharoHQ/anubis#1129
fix(lib): enable multiple consecutive slash support by @Xe in fix(lib): enable multiple consecutive slash support TecharoHQ/anubis#1155
build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group by @dependabot[bot] in build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group TecharoHQ/anubis#1147
build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 by @dependabot[bot] in build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 TecharoHQ/anubis#1132
build(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible by @dependabot[bot] in build(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible TecharoHQ/anubis#1131
fix(lib): serve CSS properly by @Xe in fix(lib): serve CSS properly TecharoHQ/anubis#1158
fix(default-config): make the default config far less paranoid by @Xe in fix(default-config): make the default config far less paranoid TecharoHQ/anubis#1179
fix(default-config): remove preact challenge by @Xe in fix(default-config): remove preact challenge TecharoHQ/anubis#1184
feat: default config macro by @Xe in feat: default config macro TecharoHQ/anubis#1186
fix(lib): de-flake package lib tests by @Xe in fix(lib): de-flake package lib tests TecharoHQ/anubis#1187
Updated REDIRECT_DOMAINS documentation by @zc-devs in Updated REDIRECT_DOMAINS documentation TecharoHQ/anubis#1171
fix(default-config): sometimes browsers don't send Upgrade-Insecure-Requests by @Xe in fix(default-config): sometimes browsers don't send Upgrade-Insecure-Requests TecharoHQ/anubis#1189
fix(algorithms/fast): fix fast challenge on insecure contexts by @Xe in fix(algorithms/fast): fix fast challenge on insecure contexts TecharoHQ/anubis#1198
Xe/show error state by @Xe in Xe/show error state TecharoHQ/anubis#1203
locale: Update Nynorsk translation by @turtlegarden in locale: Update Nynorsk translation TecharoHQ/anubis#1204
docs: point get started button to the per-environment setup docs by @Xe in docs: point get started button to the per-environment setup docs TecharoHQ/anubis#1213
fix(store/bbolt): remove actorify by @Xe in fix(store/bbolt): remove actorify TecharoHQ/anubis#1215
feat(default-config): block tencent cloud by default by @Xe in feat(default-config): block tencent cloud by default TecharoHQ/anubis#1216
link to docs site from readme by @pushcx in link to docs site from readme TecharoHQ/anubis#1214
fix!(policy/checker): make List and-like by @Xe in fix!(policy/checker): make List and-like TecharoHQ/anubis#1217
chore: remove copilot instructions by @Xe in chore: remove copilot instructions TecharoHQ/anubis#1218
build(deps): bump the github-actions group across 1 directory with 6 updates by @dependabot[bot] in build(deps): bump the github-actions group across 1 directory with 6 updates TecharoHQ/anubis#1221
fix(lib): close open redirect when in subrequest mode by @Xe in fix(lib): close open redirect when in subrequest mode TecharoHQ/anubis#1222

New Contributors

@vaab made their first contribution in feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure TecharoHQ/anubis#1105
@agoujot made their first contribution in docs: add link to preact in challenge list TecharoHQ/anubis#1111
@NetSysFire made their first contribution in convert issue templates into issue forms TecharoHQ/anubis#1115
@richmahn made their first contribution in Add Door43 link to known instances documentation TecharoHQ/anubis#1136
@avioletheart made their first contribution in feat: support reading real client IP from a custom header TecharoHQ/anubis#1138
@jmcclelland made their first contribution in enable auto setting of SNI based on host header TecharoHQ/anubis#1129
@zc-devs made their first contribution in Updated REDIRECT_DOMAINS documentation TecharoHQ/anubis#1171
@pushcx made their first contribution in link to docs site from readme TecharoHQ/anubis#1214

Full Changelog: TecharoHQ/anubis@v1.22.0...v1.23.0

View the full release notes at https://github.com/TecharoHQ/anubis/releases/tag/v1.23.0.

chenrui333 · 2025-10-30T03:40:16Z

  ./web/build.sh
  ./web/build.sh: line 42: shopt: globstar: invalid shell option name
  make: *** [assets] Error 1

alebcay · 2025-11-01T00:50:12Z

==> curl --silent http://localhost:57321/robots.txt
Error: anubis: failed
An exception occurred within a child process:
  Minitest::Assertion: Expected "Homebrew\n" to include "User-agent: *\nDisallow: /".
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/minitest-5.26.0/lib/minitest/assertions.rb:176:in 'Minitest::Assertions#assert'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/minitest-5.26.0/lib/minitest/assertions.rb:259:in 'Minitest::Assertions#assert_includes'
/opt/homebrew/Library/Taps/homebrew/homebrew-core/Formula/a/anubis.rb:53:in 'block in <class:Anubis>'
/opt/homebrew/Library/Homebrew/formula.rb:2981:in 'block (3 levels) in Formula#run_test'
/opt/homebrew/Library/Homebrew/extend/kernel.rb:303:in 'Kernel#with_env'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/_methods.rb:259:in 'block in Kernel#_on_method_added'
/opt/homebrew/Library/Homebrew/formula.rb:2980:in 'block (2 levels) in Formula#run_test'
/opt/homebrew/Library/Homebrew/formula.rb:1309:in 'Formula#with_logging'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/_methods.rb:259:in 'block in Formula#_on_method_added'
/opt/homebrew/Library/Homebrew/formula.rb:2979:in 'block in Formula#run_test'
/opt/homebrew/Library/Homebrew/mktemp.rb:92:in 'block in Mktemp#run'
/opt/homebrew/Library/Homebrew/mktemp.rb:92:in 'Dir.chdir'
/opt/homebrew/Library/Homebrew/mktemp.rb:92:in 'Mktemp#run'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/_methods.rb:259:in 'block in Mktemp#_on_method_added'
/opt/homebrew/Library/Homebrew/formula.rb:3318:in 'Formula#mktemp'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/_methods.rb:259:in 'block in Formula#_on_method_added'
/opt/homebrew/Library/Homebrew/formula.rb:2973:in 'Formula#run_test'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/opt/homebrew/Library/Homebrew/vendor/bundle/ruby/3.4.0/gems/sorbet-runtime-0.6.12689/lib/types/private/methods/_methods.rb:259:in 'block in Formula#_on_method_added'
/opt/homebrew/Library/Homebrew/test.rb:53:in 'block in <main>'
/opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.4.5/lib/ruby/3.4.0/timeout.rb:185:in 'block in Timeout.timeout'
/opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.4.5/lib/ruby/3.4.0/timeout.rb:38:in 'Timeout::Error.handle_timeout'
/opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.4.5/lib/ruby/3.4.0/timeout.rb:194:in 'Timeout.timeout'
/opt/homebrew/Library/Homebrew/test.rb:59:in '<main>'

github-actions bot added go Go use is a significant feature of the PR or issue nodejs Node or npm use is a significant feature of the PR or issue bump-formula-pr PR was created using `brew bump-formula-pr` labels Oct 30, 2025

chenrui333 added the build failure CI fails while building the software label Oct 30, 2025

anubis 1.23.0

bc6b13c

daeho-ro force-pushed the bump-anubis-1.23.0 branch from 90c8ff8 to bc6b13c Compare October 30, 2025 09:49

chenrui333 added the help wanted Task(s) needing PRs from the community or maintainers label Nov 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

anubis 1.23.0 #251906

anubis 1.23.0 #251906

BrewTestBot commented Oct 30, 2025

Uh oh!

chenrui333 commented Oct 30, 2025

Uh oh!

alebcay commented Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

anubis 1.23.0 #251906

Are you sure you want to change the base?

anubis 1.23.0 #251906

Conversation

BrewTestBot commented Oct 30, 2025

Potentially breaking changes

Multiple checks at once has and-like semantics instead of or-like semantics

Better error messages

Bug Fixes

What's Changed

New Contributors

Uh oh!

chenrui333 commented Oct 30, 2025

Uh oh!

alebcay commented Nov 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants