Releases · bunkerity/bunkerweb

19 Jun 12:06

github-actions

v1.5.8

93445ac

v1.5.8

Documentation : https://docs.bunkerweb.io/1.5.8/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.8 or ghcr.io/bunkerity/bunkerweb:1.5.8
Scheduler : bunkerity/bunkerweb-scheduler:1.5.8 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.8
Autoconf : bunkerity/bunkerweb-autoconf:1.5.8 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.8
UI : bunkerity/bunkerweb-ui:1.5.8 or ghcr.io/bunkerity/bunkerweb-ui:1.5.8

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.8&filter=all&dist=

Changelog :

[LINUX] Support Fedora 40 and drop support of Fedora 39
[BUGFIX] Fix potential errors when upgrading from a previous version
[BUGFIX] Fix rare bug on the web UI when editing the SERVER_NAME setting of a service
[BUGFIX] Fix potential race conditions between the autoconf and the scheduler waiting for each other indefinitely
[BUGFIX] Fix Let's Encrypt certificate renewal when a certificate date changes by forcing the renewal
[BUGFIX] Fix issues with k8s integration and the save_config.py script
[FEATURE] Add nightly build of the OWASP coreruleset that are automatically downloaded and updated
[FEATURE] Enhance security on error pages, default server page and loading page by adding a custom Content-Security-Policy header with nonces and removing the Server header
[FEATURE] Add new DATABASE_URI_READONLY setting to allow setting up a fallback read-only database URI in case the main database URI is not available
[FEATURE] Add automatic fallback to either read-only on the primary database or to the read-only database URI when the main database URI is not available and automatically switch back to the main database URI when it becomes available again
[FEATURE] Add experimental support of HTTP/3 (QUIC)
[FEATURE] Optimize the way the scheduler handles jobs and the way the jobs are executed
[FEATURE] Optimize the way the cache files are being refreshed from the database
[FEATURE] Add failover logic in case the NGINX configuration is not valid to fallback to the previous configuration and log the error to prevent the service from being stopped
[UI] Force HTTPS on setup wizard
[UI] Fallback to self-signed certificate when UI is installed with setup wizard and let's encrypt is not used
[UI] Force HTTPS even if UI is installed in advanced mode
[UI] Add OVERRIDE_ADMIN_CREDS environment variable to allow overriding the default admin credentials even if an admin user already exists
[UI] Optimize the way the UI handles the requests and the responses
[AUTOCONF] Refactor Autoconf config parsing and saving logic so that it doesn't override the scheduler or UI config every time
[MISC] Update logger format and datefmt for better readability
[DEPS] Updated NGINX version to v1.26.1
[DEPS] Updated stream-lua-nginx-module version to the latest commit to incorporate the latest changes and fixes for NGINX v1.26
[DEPS] Updated coreruleset-v4 version to v4.3.0
[DEPS] Updated lua-resty-openssl version to v1.4.0

Assets 3

14 May 18:31

github-actions

v1.5.7

edc76a2

v1.5.7

Documentation : https://docs.bunkerweb.io/1.5.7/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.7 or ghcr.io/bunkerity/bunkerweb:1.5.7
Scheduler : bunkerity/bunkerweb-scheduler:1.5.7 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.7
Autoconf : bunkerity/bunkerweb-autoconf:1.5.7 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.7
UI : bunkerity/bunkerweb-ui:1.5.7 or ghcr.io/bunkerity/bunkerweb-ui:1.5.7

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.7&filter=all&dist=

Changelog :

[LINUX] Support Ubuntu 24.04 (Noble)
[LINUX] Support RHEL 9.4 instead of 9.3
[LINUX] Support hot reload with systemctl reload
[BUGFIX] Fix rare error when the cache is not properly initialized and jobs are executed
[BUGFIX] Fix bug when downloading new mmdb files
[BUGFIX] Remove potential false positives with ModSecurity on the jobs page of the web UI
[BUGFIX] Fix bwcli not working with Redis sentinel
[BUGFIX] Fix potential issues when removing the bunkerweb Linux package
[BUGFIX] Fix bug when antibot is enabled and User-Agent or IP address has changed
[FEATURE] Add backup plugin to backup and restore easily the database
[FEATURE] Add LETS_ENCRYPT_CLEAR_OLD_CERTS setting to control if old certificates should be removed when generating Let's Encrypt certificates (default is no)
[FEATURE] Add DISABLE_DEFAULT_SERVER_STRICT_SNI setting to allow/block requests when SNI is unknown or unset (default is no)
[UI] General : fix tooltip crop because of overflow
[UI] General : fix select setting crop because of overflow and check if select is out of viewport to determine visible position
[UI] General : show logs on UI when pre rendering issue
[UI] General : Improve UI performance by using multiple workers for the web server and reducing the number of times we prompt a loading page
[UI] General : handle word breaks on dynamic text content
[UI] General : fix overflow issue with tables on Safari
[UI] General : fix static resources issue with firefox leading to loop requests
[UI] Global config : fix script error while fragment relate to a missing plugin
[UI] Global config / services page : filtering settings now open plugin select to highlight remaining plugin
[UI] Global config / services page : add combobox on plugin select open to search a plugin quick
[UI] Global config / services page : add order for settings to always respect the order defined in the plugin
[UI] Services page : show any invalid setting value on setting modal and disabled save if case
[UI] Reporting page : fix missing data and add new ones
[UI] Account page : keep license key form even if pro register to easy update
[UI] Wizard : Add the possibility to still configure reverse proxy even if an admin user already exists
[AUTOCONF] Speedup autoconf process when we have multiple events in short period of time
[DOCUMENTATION] Add upgrade procedure for 1.5.7+
[DOCUMENTATION] Rename Migrating section to Upgrading
[MISC] Drop support of ansible and vagrant integrations
[MISC] Support custom bwcli commands using plugins
[MISC] Add Docker labels in autoconf, bw, scheduler, and ui Dockerfiles
[DEPS] Update Python base Docker image to version 3.12.3-alpine3.19
[DEPS] Updated LuaJIT version to v2.1-20240314
[DEPS] Updated lua-resty-openssl version to 1.3.1
[DEPS] Updated coreruleset-v4 version to v4.2.0

Assets 3

25 Mar 21:00

github-actions

v1.5.6

8b4aff2

v1.5.6

Documentation : https://docs.bunkerweb.io/1.5.6/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.6 or ghcr.io/bunkerity/bunkerweb:1.5.6
Scheduler : bunkerity/bunkerweb-scheduler:1.5.6 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.6
Autoconf : bunkerity/bunkerweb-autoconf:1.5.6 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.6
UI : bunkerity/bunkerweb-ui:1.5.6 or ghcr.io/bunkerity/bunkerweb-ui:1.5.6

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.6&filter=all&dist=

Changelog :

[LINUX] Support RHEL 9.3
[BUGFIX] Fix issues with the antibot feature (#866, #870)
[BUGFIX] Fix Bad behavior whitelist check in access phase
[BUGFIX] Fix ModSecurity FP on antibot page
[BUGFIX] Fix Whitelist core plugin missing a check for empty server_name in multisite mode
[BUGFIX] Fix Templator missing some common configs
[BUGFIX] Database update with external plugins reupload
[BUGFIX] UI delete or edit multiple setting
[LINUX] Add logrotate support for the logs
[UI] New : add bans management page in the web UI
[UI] New : add blocked requests page in the web UI
[UI] New : some core plugins pages in the web UI
[UI] General : enhance the Content-Security-Policy header in the web UI
[UI] General : dark mode enhancement
[UI] General : add visual feedback when filtering is matching nothing
[UI] General : blog news working and add dynamic banner news
[UI] Global config page : Add multisite edit, add context filter
[UI] Global config / Service page : remove tabs for select and enhance filtering (plugin name, multiple settings and context now includes)
[UI] Service page : add the possibility to clone a service in the web UI
[UI] Service page : add the possibility to set a service as draft in the web UI
[UI] Service page : add services filter when at least 4 services
[UI] Configs page : add path filtering related to config presence, remove service when config is root only
[UI] Pro license : add home card, show pro plugins on menu and plugins page, resume in account page, alert in case issue with license usage
[UI] Log page : enhance UX
[FEATURE] Add setting REDIS_SSL_VERIFY to activate/disable the SSL certificate verification when using Redis
[FEATURE] Add Redis Sentinel fallback to master automatically if no slaves are available
[FEATURE] Add Redis Sentinel support for bwcli
[FEATURE] Add new Metrics core plugin that will allow metrics collection and retrieval of internal metrics
[FEATURE] Add setting DATABASE_LOG_LEVEL to control SQLAlchemy loggers separately from the main one
[FEATURE] Add whitelist check for the default-server as well
[FEATURE] Add the possibility to choose between the coreruleset v3 and v4 that will be used by ModSecurity (default is v3)
[FEATURE] Add the TIMERS_LOG_LEVEL setting to control the log level of the lua timers
[FEATURE] Add pro version management to core plugins, the scheduler and the web UI
[FEATURE] Add REVERSE_PROXY_CUSTOM_HOST setting to set a custom Host header when using reverse proxy
[MISC] Add a better custom certificate cache handling
[MISC] Updated Linux base images in Dockerfiles
[MISC] Add recommended dialects to databases string
[MISC] Refine the data sent in the anonymous reporting feature and move the setting and the job to the "jobs" plugin
[MISC] BunkerWeb will now load the default loading page even on 404 errors when generating the configuration
[MISC] Update database schema to support the new pro version and optimize it
[MISC] Refactor SSL/TLS logics to make it more consistent
[MISC] Use ECDSA key instead of RSA for selfsigned/default/fallback certificates
[MISC] Refactor certbot-new job to optimize the certbot requests
[MISC] Refactor jobs utils to make it more consistent
[MISC] Review jobs and utils to make it more consistent and better in general
[MISC] Change BunkerWeb base Docker image to nginx:1.24.0-alpine-slim
[DOCUMENTATION] Update web UI's setup wizard instructions in the documentation
[DOCUMENTATION] Update plugins documentation to reflect the new plugin system
[DOCUMENTATION] Update ModSecurity documentation to reflect the new changes in the Security Tuning section
[DOCUMENTATION] Add pro version documentation
[DEPS] Updated stream-lua-nginx-module to v0.0.14
[DEPS] Updated lua-nginx-module version to v0.10.26
[DEPS] Updated libmaxminddb version to v1.9.1
[DEPS] Updated lua-resty-core to v0.1.28
[DEPS] Updated zlib version to v1.3.1
[DEPS] Updated ModSecurity version to v3.0.12
[DEPS] Updated coreruleset version to v3.3.5
[DEPS] Added coreruleset version v4.1.0
[DEPS] Updated lua-resty-mlcache version to v2.7.0
[DEPS] Updated lua-resty-openssl version to v1.2.1
[DEPS] Updated lua-resty-http version to v0.17.2

Assets 3

12 Jan 11:47

github-actions

v1.5.5

e3f318b

v1.5.5

Documentation : https://docs.bunkerweb.io/1.5.5/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.5 or ghcr.io/bunkerity/bunkerweb:1.5.5
Scheduler : bunkerity/bunkerweb-scheduler:1.5.5 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.5
Autoconf : bunkerity/bunkerweb-autoconf:1.5.5 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.5
UI : bunkerity/bunkerweb-ui:1.5.5 or ghcr.io/bunkerity/bunkerweb-ui:1.5.5

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.5&filter=all&dist=

Changelog :

[BUGFIX] Fix issues with the database when upgrading from version 1.5.3 and 1.5.4 to the most recent version
[BUGFIX] Fix ModSecurity-nginx to make it work with brotli
[BUGFIX] Remove certbot renew delay causing errors on k8s
[BUGFIX] Fix missing custom modsec files when BW instances change
[BUGFIX] Fix inconsistency on config changes when using Redis
[BUGFIX] Fix web UI not working when using / URL
[FEATURE] Add Anonymous reporting feature
[FEATURE] Add support for fallback Referrer-Policies
[FEATURE] Add 2FA support to web UI
[FEATURE] Add username and password management to web UI
[FEATURE] Add setting REVERSE_PROXY_INCLUDES to manually add "include" directives in the reverse proxies
[FEATURE] Add support for Redis Sentinel
[FEATURE] Add support for tls in Ingress definition
[MISC] Fallback to default HTTPS certificate to prevent errors
[MISC] Various internal improvements in LUA code
[MISC] Check nginx configuration before reload
[MISC] Updated Python Docker image to 3.12.1-alpine3.18 in Dockerfiles
[MISC] Switch gunicorn worker_class back to gevent in web UI
[DEPS] Updated ModSecurity to v3.0.11

Assets 3

05 Dec 10:40

github-actions

v1.5.4

588d04c

v1.5.4

Documentation : https://docs.bunkerweb.io/1.5.4/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.4 or ghcr.io/bunkerity/bunkerweb:1.5.4
Scheduler : bunkerity/bunkerweb-scheduler:1.5.4 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.4
Autoconf : bunkerity/bunkerweb-autoconf:1.5.4 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.4
UI : bunkerity/bunkerweb-ui:1.5.4 or ghcr.io/bunkerity/bunkerweb-ui:1.5.4

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.4&filter=all&dist=

Changelog :

[UI] Add an optional setup wizard for the web UI
[BUGFIX] Fix issues with the Linux integration and external databases
[BUGFIX] Fix scheduler trying to connect to Docker socket in k8s and swarm
[LINUX] Support Debian 12, Fedora 39 and RHEL 8.9
[DOCKER] Handle start and stop event of BunkerWeb with the scheduler
[MISC] Refactor database session handling to make it more stable with SQLite
[MISC] Add conditional block for open file cache in nginx config
[MISC] Updated core dependencies
[MISC] Updated python dependencies
[MISC] Updated Python Docker image to 3.12.0-alpine3.18 in Dockerfiles

Assets 3

30 Oct 23:57

github-actions

v1.5.3

e8803e3

v1.5.3

Documentation : https://docs.bunkerweb.io/1.5.3/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.3 or ghcr.io/bunkerity/bunkerweb:1.5.3
Scheduler : bunkerity/bunkerweb-scheduler:1.5.3 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.3
Autoconf : bunkerity/bunkerweb-autoconf:1.5.3 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.3
UI : bunkerity/bunkerweb-ui:1.5.3 or ghcr.io/bunkerity/bunkerweb-ui:1.5.3

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.3&filter=all&dist=

Changelog :

[BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
[BUGFIX] Fix Custom configs not following the service name after an update on the UI
[BUGFIX] Fix UI clearing configs folder at startup
[BUGFIX] Fix Database not clearing old services when not using multisite
[BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
[BUGFIX] Small fixes on linux paths creating unnecessary folders
[BUGFIX] Fix ACME renewal fails on redirection enabled Service
[BUGFIX] Fix errors when using a server name with multiple values in web UI
[BUGFIX] Fix error when deleting a service that have custom configs on web UI
[BUGFIX] Fix rare bug where database is locked
[MISC] Updated core dependencies
[MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
[MISC] Jobs that download files from urls will now remove old cached files if urls are empty
[MISC] Replaced gevent with gthread in UI for security reasons
[MISC] Add HTML sanitization when injecting code in pages in the UI
[MISC] Optimize the way the UI handles services creation and edition
[MISC] Optimize certbot renew script to renew all domains in one command
[MISC] Use capability instead of sudo in Linux
[SECURITY] Init work on OpenSSF best practices

Assets 3

10 Sep 15:43

github-actions

v1.5.2

d4f38cc

v1.5.2

Documentation : https://docs.bunkerweb.io/1.5.2/

Docker tags :

BunkerWeb : bunkerity/bunkerweb:1.5.2 or ghcr.io/bunkerity/bunkerweb:1.5.2
Scheduler : bunkerity/bunkerweb-scheduler:1.5.2 or ghcr.io/bunkerity/bunkerweb-scheduler:1.5.2
Autoconf : bunkerity/bunkerweb-autoconf:1.5.2 or ghcr.io/bunkerity/bunkerweb-autoconf:1.5.2
UI : bunkerity/bunkerweb-ui:1.5.2 or ghcr.io/bunkerity/bunkerweb-ui:1.5.2

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.2&filter=all&dist=

Changelog :

[BUGFIX] Fix UI fetching only default values from the database (fixes no trash button too)
[BUGFIX] Fix infinite loop when using autoconf
[BUGFIX] Fix BunkerWeb fails to start after reboot on Fedora and Rhel
[BUGFIX] Fix logs page not working in UI on Linux integrations
[BUGFIX] Fix settings regex that had issues in general and with the UI
[BUGFIX] Fix scheduler error with external plugins when reloading
[BUGFIX] Fix permissions with folders in linux integrations
[MISC] Push Docker images to GitHub packages (ghcr.io repository)
[MISC] Improved CI/CD
[MISC] Updated python dependencies
[MISC] Updated Python Docker image to 3.11.5-alpine in Dockerfiles
[MISC] Add support for ModSecurity JSON LogFormat
[MISC] Updated OWASP coreruleset to 3.3.5

Assets 3

08 Aug 19:11

github-actions

v1.5.1

fc1c81c

v1.5.1

Documentation : https://docs.bunkerweb.io/1.5.1/

Docker tags :

bunkerity/bunkerweb:1.5.1
bunkerity/bunkerweb-scheduler:1.5.1
bunkerity/bunkerweb-autoconf:1.5.1
bunkerity/bunkerweb-ui:1.5.1

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.5.1&filter=all&dist=

Changelog :

[BUGFIX] New version checker in logs displays "404 not found"
[BUGFIX] New version checker in UI
[BUGFIX] Only get the right keys from plugin.json files when importing plugins
[BUGFIX] Remove external resources for Google fonts in UI
[BUGFIX] Support multiple plugin uploads in one zip when using the UI
[BUGFIX] Variable being ignored instead of saved in the database when value is empty
[BUGFIX] ALLOWED_METHODS regex working with LOCK/UNLOCK methods
[BUGFIX] Custom certificate bug after the refactoring
[BUGFIX] Wrong variables in header phase (fix CORS feature too)
[BUGFIX] UI not working in Ubuntu (python zope module)
[BUGFIX] Patch ModSecurity to run it after LUA code (should fix whitelist problems)
[BUGFIX] Custom configurations from env were not being deleted properly
[BUGFIX] Missing concepts image not displayed in the documentation
[BUGFIX] Scheduler not picking up new instances IPs in autoconf modes
[BUGFIX] Autoconf deadlock in k8s
[BUGFIX] Missing HTTP and HTTPS ports for temp nginx
[BUGFIX] Infinite loop when sessions is not valid
[BUGFIX] Missing valid LE certificates in edge cases
[BUGFIX] Wrong service namespace in k8s
[BUGFIX] DNS_RESOLVERS regex not accepting hostnames
[PERFORMANCE] Reduce CPU and RAM usage of scheduler
[PERFORMANCE] Cache ngx.ctx instead of loading it each time
[PERFORMANCE] Use per-worker LRU cache for common RO LUA values
[FEATURE] Add Turnstile antibot mode
[FEATURE] Add more CORS headers
[FEATURE] Add KEEP_UPSTREAM_HEADERS to preserve headers when using reverse proxy
[FEATURE] Add the possibility to download the different lists and plugins from a local file (like the blacklist)
[FEATURE] External plugins can now be downloaded from a tar.gz and tar.xz file as well as zip
[FEATURE] Add X-Forwarded-Prefix header when using reverse proxy
[FEATURE] Add REDIRECT_TO_STATUS_CODE to choose status code 301 or 302 when redirecting
[DOCUMENTATION] Add timezone information
[DOCUMENTATION] Add timezone informat
[MISC] Add LOG_LEVEL=warning for docker socket proxy in docs, examples and boilerplates
[MISC] Temp remove VMWare provider for Vagrant integration
[MISC] Remove X-Script-Name header and ABSOLUTE_URI variable when using UI
[MISC] Move logs to /var/log/bunkerweb folder
[MISC] Reduce "Got an error reading communication packets" warnings in mariadb/mysql