For detailed changes from the prior release, click on the version number, and
its link will bring up a GitHub listing of changes. Use git log on the
command line for details.
- Colorize test output and run tests for node 20 and "current" #515 (@consideRatio, @minrk)
- Publish to Docker Hub alongside Quay.io #514 (@consideRatio, @minrk)
- Move from DockerHub to quay.io #508 (@yuvipanda, @minrk)
- fix GitHub workflow badge URL #509 (@shoito, @consideRatio)
- build(deps): bump jupyterhub/action-major-minor-tag-calculator from 2 to 3 #513 (@consideRatio)
- build(deps): bump actions/setup-node from 3 to 4 #511 (@manics)
- build(deps): bump docker/setup-buildx-action from 2 to 3 #500 (@consideRatio)
- build(deps): bump docker/build-push-action from 4 to 5 #499 (@consideRatio)
- build(deps): bump actions/checkout from 3 to 4 #498 (@consideRatio)
- build(deps): bump docker/setup-qemu-action from 2 to 3 #497 (@consideRatio)
- Revert "build(deps): bump prom-client from 14.2.0 to 15.0.0" #507 (@manics)
- build(deps): bump prom-client from 14.2.0 to 15.0.0 #505 (@manics, @consideRatio)
- build(deps): bump winston from 3.10.0 to 3.11.0 #503 (@consideRatio)
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@0xETHengineer (activity) | @consideRatio (activity) | @manics (activity) | @minrk (activity) | @shoito (activity) | @yuvipanda (activity)
4.6.0 - 2023-09-19
- Enable keep-alive,
--keep-alive-timeoutflag added (default: 5000ms) #492 (@minrk, @a3626a, @consideRatio, @davidxia)
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@a3626a (activity) | @consideRatio (activity) | @davidxia (activity) | @minrk (activity)
4.5.6 - 2023-08-10
- Update alpine from 3.17 to 3.18 and refreeze package-lock.json #490 (@consideRatio)
- dependabot: monthly updates of github actions #474 (@consideRatio)
- build(deps): bump winston from 3.9.0 to 3.10.0 #486 (@manics)
- build(deps): bump winston from 3.8.2 to 3.9.0 #479 (@consideRatio)
- build(deps): bump strftime from 0.10.1 to 0.10.2 #478 (@consideRatio)
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @manics (activity) | @minrk (activity)
4.5.5 - 2023-04-03
- Update base image to node:lts-alpine3.17 #470 (@stefanc18)
- build(deps): bump prom-client from 14.1.1 to 14.2.0 #468 (@dependabot)
- build(deps): bump json5 from 2.2.0 to 2.2.3 #458 (@dependabot)
- build(deps): bump prom-client from 14.1.0 to 14.1.1 #456 (@dependabot)
- build(deps): bump qs from 6.5.2 to 6.5.3 #454 (@dependabot)
- build(deps): bump minimatch from 3.0.4 to 3.0.8 #452 (@dependabot)
- build(deps-dev): bump ws from 8.12.1 to 8.13.0 #467 (@dependabot)
- build(deps-dev): bump ws from 8.12.0 to 8.12.1 #464 (@dependabot)
- build(deps): bump docker/build-push-action from 3 to 4 #462 (@dependabot)
- build(deps-dev): bump ws from 8.11.0 to 8.12.0 #459 (@dependabot)
(GitHub contributors page for this release)
@consideRatio | @dependabot | @minrk | @pre-commit-ci | @stefanc18 | @welcome
4.5.4 - 2022-12-06
- build(deps): bump winston from 3.8.1 to 3.8.2 #432 (@dependabot)
- ci: small updates to workflows, updating misc versions #439 (@consideRatio)
- build(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 #437 (@dependabot)
- build(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 #436 (@dependabot)
- build(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 #435 (@dependabot)
(GitHub contributors page for this release)
4.5.3 - 2022-09-09
- build(deps): bump prom-client from 14.0.1 to 14.1.0 #428 (@dependabot)
- ci: add dependabot bumping of github actions #418 (@consideRatio)
4.5.2 - 2022-08-19
- Updated alpine base image to 3.16 #416 (@Christian-Nunnally)
- build(deps): bump winston from 3.8.0 to 3.8.1 #406 (@dependabot)
- build(deps): bump winston from 3.7.2 to 3.8.0 #405 (@dependabot)
- build(deps): bump winston from 3.6.0 to 3.7.2 #390 (@dependabot)
- build(deps): bump minimist from 1.2.5 to 1.2.6 #389 (@dependabot)
- build(deps): bump follow-redirects from 1.14.7 to 1.14.8 #378 (@dependabot)
- build(deps): bump winston from 3.5.1 to 3.6.0 #377 (@dependabot)
- build(deps): bump winston from 3.5.0 to 3.5.1 #374 (@dependabot)
- tests: fix associated with going from ws 7 to ws 8 #403 (@consideRatio)
(GitHub contributors page for this release)
@Christian-Nunnally | @consideRatio | @manics | @minrk | @snickell
4.5.1 - 2022-02-02
- ci: test against node 17, rely on pre-commit.ci, tweak workflow triggers and comments #372 (@consideratio)
- image: use latest alpine (3.12 -> 3.15) #371 (@consideRatio)
- npm audit fix #370 (@minrk)
- Bump winston from 3.4.0 to 3.5.0 #367 (@dependabot)
- Bump winston from 3.3.4 to 3.4.0 #364 (@dependabot)
- Bump winston from 3.3.3 to 3.3.4 #360 (@dependabot)
- Bump ws from 8.4.0 to 8.4.2 #362 (@dependabot)
- Bump ws from 7.5.3 to 8.4.0 #361 (@dependabot)
- Bump strftime from 0.10.0 to 0.10.1 #355 (@dependabot)
- Bump prom-client from 13.2.0 to 14.0.1 #354 (@dependabot)
- Bump prom-client from 13.1.0 to 13.2.0 #340 (@dependabot)
(GitHub contributors page for this release)
4.5.0 - 2021-07-19
This minor release will only be available for you if you have node version 12 and higher as we have explicitly dropped support for lower versions.
- Fix to flags configuring ip addresses for ipv4+ipv6 compatebility #333 (@consideRatio)
- Handle store backend errors #325 (@dtaniwaki)
- Require node 12+ explicitly #323 (@consideRatio)
- Set client SSL on only CA case #319 (@dtaniwaki)
- docs: update outdated requirement of node #335 (@consideRatio)
- Amend changelog about dropping statsd #317 (@consideRatio)
- ci: add tests of node 16 #334 (@consideRatio)
- ci: fix details in workflows causing duplicated builds and a failure #326 (@consideRatio)
- Bump ws from 7.4.5 to 7.5.3 #324 #328 #332, #331 (@dependabot)
- Bump commander from 7.2.0 to 8.0.0 #329 (@dependabot)
(GitHub contributors page for this release)
@consideRatio | @dtaniwaki | @Icare2000 | @manics | @minrk
- By mistake we released this as version 4.4.0 instead of 5.0.0 even though we introduced a breaking change in #314 by dropping support for using statsd metrics.
- Support prometheus metrics #314 (@dtaniwaki)
- readme: update --help output #315 (@consideRatio)
- Bump lodash from 4.17.20 to 4.17.21 #312 (@dependabot)
- Bump ws from 7.4.4 to 7.4.5 #306 (@dependabot)
- ci: github actions security #307 (@consideRatio)
(GitHub contributors page for this release)
@consideRatio | @dependabot | @dtaniwaki | @minrk
4.3.2 - 2021-04-12
- Bump jasmine from 3.6.4 to 3.7.0 #302 (@dependabot)
- Bump commander from 7.1.0 to 7.2.0 #301 (@dependabot)
- Bump ws from 7.4.3 to 7.4.4 #299 (@dependabot)
(GitHub contributors page for this release)
@consideRatio | @dependabot | @manics | @minrk
4.3.1 - 2021-03-05
(GitHub contributors page for this release)
@consideRatio | @manics | @minrk
4.3.0 - 2021-03-05
4.3 is a small release that should mostly improve behavior when things are going wrong, especially when endpoints are unavailable and clients are still trying to talk to them.
In particular:
- requests to unavailable endpoints no longer register as activity
- improved error handling and quieter logging in these cases, especially when running on node >= 12.9.
- Add tests for last-activity updates #293 (@minrk)
- adopt pre-commit #291 (@minrk)
- Bump commander from 6.2.1 to 7.1.0 #289 (@dependabot)
(GitHub contributors page for this release)
4.2.3 - 2021-02-19
- docs: update release instructions and readme badges #285 (@consideRatio)
- Bump ws from 7.4.2 to 7.4.3 #288 (@dependabot)
- Bump ws from 7.4.1 to 7.4.2 #282 (@dependabot)
- Bump ws from 7.4.0 to 7.4.1 #280 (@dependabot)
- Bump ws from 7.3.1 to 7.4.0 #273 (@dependabot)
- Bump commander from 6.2.0 to 6.2.1 #281 (@dependabot)
- Bump commander from 6.1.0 to 6.2.0 #271 (@dependabot)
@chancez | @consideRatio | @dependabot | @minrk
4.2.2 - 2020-10-25
This release contains bugfixes, notably the --custom-header implementation.
- Emit proxyRequestWs events correctly, and some inline docs #248 (@consideRatio)
- fix: --custom-header flag implementation #242 (@consideRatio)
- Fix incorrect this/that on logging statement #234 (@jmartell7)
- Security patches of known vulnerabilities in docker image #270 (@wongannaw)
- try dependabot for updates #256 (@minrk)
- simplify dockerignore to exclude node_modules #255 (@minrk)
- CI: npm audit cronjob details #246 (@consideRatio)
- Docker image: use package-lock.json and only include relevant parts #241 (@consideRatio)
- CI: fix .travis.yml syntax for cronjob #240 (@consideRatio)
- CI: npm-audit cronjob in travis #239 (@consideRatio)
- CI: test against node 14 #237 (@consideRatio)
- Stop installing development dependencies in Docker image #227 (@consideRatio)
- Bump jasmine from 3.6.1 to 3.6.2 #268 (@dependabot)
- Bump prettier from 2.1.1 to 2.1.2 #266 (@dependabot)
- Bump request from 2.88.0 to 2.88.2 #265 (@dependabot)
- Bump ws from 7.3.0 to 7.3.1 #264 (@dependabot)
- Bump request-promise-native from 1.0.5 to 1.0.9 #263 (@dependabot)
- Bump prettier from 2.0.0 to 2.1.1 #262 (@dependabot)
- Bump nyc from 15.0.0 to 15.1.0 #261 (@dependabot)
- Bump jasmine from 3.5.0 to 3.6.1 #260 (@dependabot)
- Bump commander from 5.1.0 to 6.1.0 #259 (@dependabot)
- Bump jshint from 2.10.2 to 2.12.0 #258 (@dependabot)
- Bump winston from 3.3.0 to 3.3.3 #257 (@dependabot)
- Update node Docker tag to v12.18.3 #253 (@renovate)
- Bump lodash from 4.17.15 to 4.17.19 #250 (@dependabot)
- chore(deps): update dependency ws to v7 #247 (@renovate)
- Update dependency winston to ~3.3.0 #245 (@renovate)
- Update node Docker tag to v12.18.2 #243 (@renovate)
- Deps: npm audit fix to bump patch versions #238 (@consideRatio)
- Update node Docker tag to v12.17.0 #233 (@renovate)
- Update node Docker tag to v12.16.3 #231 (@renovate)
- Update dependency prettier to v2 #230 (@renovate)
- Update dependency commander to v5 #229 (@renovate)
(GitHub contributors page for this release)
@consideRatio | @dependabot | @jmartell7 | @manics | @minrk | @renovate | @rgbkrk | @suryag10 | @welcome | @wongannaw
4.2.1 - 2020-03-11
This is a security release, fixing node package dependencies to configurable-http-proxy, which itself was left untouched.
- Security Fixes #226 (@rafael-ladislau)
- Update dependency commander to ~4.1.0 #225 (@renovate)
4.2.0 - 2019-11-14
- Now terminates on
SIGTERMas can be caused bydocker stoporkubectl delete - Add
--timeoutoption to configure when to drop a request - Add
--custom-headeroption that enables proxied requests to get additional headers attached - Support setting of the environment variable
CONFIGPROXY_AUTH_TOKENusing a mounted file on the Docker image's container - Node version bumped from 10 to 12.13.0 in the Docker image
- Various dependencies updated, including addressing security advisories from
npm auditwhich do not affect CHP security itself.
- RELEASE.md documentation and small fixes #220 (@consideRatio)
- Terminate on SIGTERM #217 (@consideRatio)
- Fix Vulnerabilities #216 (@rafael-ladislau)
- Update dependency commander to v4 #214 (@renovate)
- chore: Udpate node, replace add with copy #213 (@jgwerner)
- Update dependency http-proxy to ~1.18.0 #212 (@renovate)
- Change user to numeric value for k8s compatibility #211 (@m2hofi94)
- Add file_env function to set the token env var #209 (@rcthomas)
- Allow setting request timeout #208 (@archite)
- Command line option for custom headers #206 (@ivan-gomes)
- chore(deps): update dependency nyc to v14 #202 (@renovate)
- Update dependency commander to ~2.20.0 #201 (@renovate)
4.1.0 - 2019-04-01
- Add
--redirect-tooption to specify destination port when redirecting http to https with--redirect-from. - Add health check endpoint at
/_chp_healthz. - Docker base image is updated to
node/10-alpinefromnode/6-alpine - Dependencies are updated via Renovate
4.0.0 - 2018-10-12
- Add support for client SSL certificates for encrypting proxied requests.
- Update all nodejs dependencies. Most significant is updating winston (logging) from 2 to 3. There is no longer a global logger,
instead use
this.log. - Drop support for node 4. Minimum node version is 6.
- Support CONFIGPROXY_SSL_KEY_PASSPHRASE env for setting the passphrase of ssl keys (API_SSL for api ssl key).
3.1.1 - 2018-01-15
- Fix a bug when using the new custom storage backend support where the body of requests could be lost.
3.1 adds two new features:
- Add
--change-originpassthrough for node-http-proxy's changeOrigin option. - Add support via
--storage-backend <storage-class>for custom storage classes. See configurable-http-proxy-redis-backend for an example using redis.
3.0 is a major release because much of the code has been reorganized to adopt some javascript standards:
- Use ES6 and Promises instead of ES5 and callbacks, which we can do without a compiler because CHP 2.0 required nodejs < 4.
- auto-format code with prettify (run
npm run fmtto auto-format your code after making changes).
There shouldn't be any major changes in 3.0, but marking it as a major upgrade because there could be regressions introduced by the restructuring.
Fixes:
- Fix routing of
/prefix?querywhere a query parameter was passed exactly on the routing prefix with no trailing slash.
Improvements:
- Quieter messages for ECONNREFUSED and ECONNRESET, which are generally not indicative of problems, but rather common events of peers disconnecting during a request.
- The docker image for
jupyterhub/configurable-http-proxyis now based onnode:6-alpine.
- Add logging of all API requests
- Fix docker image entrypoint, broken in 2.0.2
- Fix error raised trying to
setHeaderon an undefined response (e.g. when encountering socket-level error)
Important CHP 2.0.0 drops support for node.js ≤ 4.0.
Added:
- Add configuration option for proxy timeout
--proxy-timeout <n>, Timeout (in millis) when proxy receives no response from target.#86 - Add configuration options for auto rewrite and protocol rewrite
#73:
--auto-rewrite, Rewrite the Location header host/port in redirect responses--protocol-rewrite <proto>', Rewrite the Location header protocol in redirect responses to the specified protocol
- Add low-level code for separate stores of routes to enable future support of other data stores such as Redis #81
Changed:
- Support only LTS releases and above for NodeJS #82. This means only ≥ 4.0 are supported.
Fixed:
- Fix behavior to correctly handle children when a parent node is deleted #93
- Fix closure reference when serving custom error pages #91
- Improved all-interfaces warning message when
ip='*'#94
- small fixes for node 6 support
- fix
--no-x-forwardagain (for real, this time)
- add
--ssl-protocol, so that one can restrict to TLS, e.g.--ssl-protocol=TLSv1 - fix handling of ``--no-x-forward`
1.2 - 2016-04-19
- add statsd support
1.1 - 2016-01-04
- add
--ssl-request-certargs for certificate-based client authentication - fix some SSL parameters that were ignored for API requests
1.0 - 2016-01-04
- add
ConfigProxy.proxy_requestevent, for customizing requests as the pass through the proxy. - add more ssl-related options for specifying options on the CLI.
- fix regression in 0.5 where deleting a top-level route would also delete the default route.
0.5 - 2015-10-05
- add
--error-targetfor letting another http server render error pages. Server must handle/404and/503URLs. - add
--error-pathfor custom static HTML error pages.[CODE].htmlwill be used if it exists, otherwiseerror.html. - fix bug preventing root route from being deleted
0.4 - 2015-10-02
- add
--redirect-portfor automatically redirecting a common port to the correct one (e.g. redirecting http to https)
0.3 - 2015-04-29
- fixes for URL escaping
- add host-based routing