github.com/avenga/couper@v1.12.2/CHANGELOG.md (about) 1 # Couper Changelog 2 3 ## [Unreleased](https://github.com/coupergateway/couper/compare/v1.12.2...master) 4 5 Unreleased changes are available as `coupergateway/couper:edge` container. 6 7 --- 8 9 ## [1.12.2](https://github.com/coupergateway/couper/releases/tag/v1.12.2) 10 11 * **Fixed** 12 * Reading the origin response-body even if there is no origin `body` or `json_body` variable reference; piping the response-body again to the client ([#766](https://github.com/coupergateway/couper/issues/766)) 13 14 ## [1.12.1](https://github.com/avenga/couper/releases/tag/v1.12.1) 15 16 * **Fixed** 17 * Erroneously sending an empty [`Server-Timing` header](https://docs.couper.io/configuration/command-line#oberservation-options) ([#700](https://github.com/avenga/couper/pull/700)) 18 * URL scheme while using the [`tls` block](https://docs.couper.io/configuration/block/server_tls) ([#703](https://github.com/avenga/couper/issues/703)) 19 * For [OIDC](https://docs.couper.io/configuration/block/oidc), trying to request userinfo from a non-existing (not required, though recommended) userinfo endpoint ([#709](https://github.com/avenga/couper/pull/709)) 20 * Use of [`backend_responses`'](https://docs.couper.io/configuration/variables#backend_responses) `body` or `json_body` properties in api-level [error handlers](https://docs.couper.io/configuration/block/error_handler) ([#710](https://github.com/avenga/couper/pull/710)) 21 * Some `..._file` attributes missing for path absolutizing ([#713](https://github.com/avenga/couper/pull/713)) 22 * `WWW-Authenticate` header `realm` param value for [`basic_auth`](https://docs.couper.io/configuration/block/basic_auth) ([#715](https://github.com/avenga/couper/pull/715)) 23 * [JWT access control](https://docs.couper.io/configuration/block/jwt) now creating `401` error status code, adding a `WWW-Authenticate: Bearer[...]` response header if appropriate ([#719](https://github.com/avenga/couper/pull/719)) 24 * Erroneous multiplying of [health probes](https://docs.couper.io/configuration/block/health), [jobs](https://docs.couper.io/configuration/block/job) and requests to [JWKS](https://docs.couper.io/configuration/block/jwt) and [OpenID configuration](https://docs.couper.io/configuration/block/oidc) resources after a reload with [`-watch`](https://docs.couper.io/configuration/command-line#basic-options) ([#730](https://github.com/avenga/couper/pull/730), [#736](https://github.com/avenga/couper/pull/736)) 25 * Reading PEM-encoded CA certificates ([`ca_file` setting](https://docs.couper.io/configuration/block/settings#attributes) or [`-ca-file` option](https://docs.couper.io/configuration/command-line#tls-options)) containing bytes trailing the PEM message ([#739](https://github.com/avenga/couper/pull/739)) 26 27 ## [1.12.0](https://github.com/avenga/couper/releases/tag/v1.12.0) 28 29 * **Added** 30 * [`beta_job`](https://docs.couper.io/configuration/block/job) block to describe one or more job `definitions` for simple recurring http tasks ([#610](https://github.com/avenga/couper/pull/610)) 31 * [`server_timing_header`](https://docs.couper.io/configuration/block/settings) setting, that allows Couper to include an additional `Server-Timing` HTTP response header field detailing connection and transport relevant metrics for each backend request. ([#657](https://github.com/avenga/couper/pull/657)) 32 33 * **Changed** 34 * Use nested `jwt_signing_profile` block in [`oauth2` block](https://docs.couper.io/configuration/block/oauth2) for `grant_type` `"urn:ietf:params:oauth:grant-type:jwt-bearer"` in absence of `assertion` attribute ([#619](https://github.com/avenga/couper/pull/619)) 35 * Improved the way an SPA `bootstrap_file` gets cached and served in combination with `bootstrap_data` ([#656](https://github.com/avenga/couper/pull/656)) 36 * Harmonized and improved logged error information for references to undefined blocks ([#651](https://github.com/avenga/couper/pull/651)) 37 * Unbeta permission features: ([#673](https://github.com/avenga/couper/pull/673)) 38 * `beta_required_permission` attribute for [`api`](https://docs.couper.io/configuration/block/api#attribute-beta_required_permission) and [`endpoint`](https://docs.couper.io/configuration/block/endpoint#attribute-beta_required_permission) blocks, 39 * `beta_granted_permissions` and `beta_required_permission` [request context variables](https://docs.couper.io/configuration/variables#request), 40 * `beta_insufficient_permissions` [error type](https://docs.couper.io/configuration/error-handling/#api-error-types), 41 * `beta_permissions_claim`, `beta_permissions_map`, `beta_permissions_map_file`, `beta_roles_claim`, `beta_roles_map` and `beta_roles_map_file` attributes for [`jwt` block](https://docs.couper.io/configuration/block/jwt#attributes). 42 43 * **Fixed** 44 * Use of [backend-related variables](https://docs.couper.io/configuration/variables#backend) in [`custom_log_fields`](https://docs.couper.io/observation/logging#custom-logging) within a [`backend` block](https://docs.couper.io/configuration/block/backend) ([#658](https://github.com/avenga/couper/pull/658)) 45 * Loop with evaluation error in [`custom_log_fields`](https://docs.couper.io/observation/logging#custom-logging) if log level is `"debug"` ([#659](https://github.com/avenga/couper/pull/659)) 46 * Removed error message with `couper help` [command](https://docs.couper.io/configuration/command-line) ([#678](https://github.com/avenga/couper/pull/678)) 47 48 ## [1.11.2](https://github.com/avenga/couper/releases/tag/v1.11.2) 49 50 * **Fixed** 51 * Requests to wildcard (`**`) [endpoints](https://docs.couper.io/configuration/block/endpoint) using backends with a wildcard [`path` attribue](https://docs.couper.io/configuration/block/backend#attributes), where the wildcard matches the empty string (regression; since v1.11.0) ([#655](https://github.com/avenga/couper/pull/655)) 52 * [internal alloc] stop creating request context based jwt, oauth2 and saml (hcl) functions without related definitions ([#666](https://github.com/avenga/couper/pull/666)) 53 * [internal alloc] reduced allocation amount while proxying requests ([#666](https://github.com/avenga/couper/pull/666)) 54 * Removing websockets related headers while the proxy `websockets` option is `false` (or no block definition exist) ([#666](https://github.com/avenga/couper/pull/666)) 55 56 ## [1.11.1](https://github.com/avenga/couper/releases/tag/v1.11.1) 57 58 * **Fixed** 59 * [Endpoint sequences](https://docs.couper.io/configuration/block/endpoint#endpoint-sequence) not being terminated by errors (e.g. `unexpected_status`) (regression; since v1.11.0) ([#648](https://github.com/avenga/couper/pull/648)) 60 * [Health route](https://docs.couper.io/observation/health) affected by [access control](https://docs.couper.io/configuration/access-control) (regression; since v1.11.0) ([#654](https://github.com/avenga/couper/pull/654)) 61 62 63 ## [1.11.0](https://github.com/avenga/couper/releases/tag/v1.11.0) 64 65 * **Added** 66 * **mTLS** Support for [`server`](https://docs.couper.io/configuration/block/server_tls) and [`backend`](https://docs.couper.io/configuration/block/backend_tls) blocks ([#615](https://github.com/avenga/couper/pull/615)) 67 * `spa` block option to inject server-data to the applications `bootstrap_file` with [`bootstrap_data`](https://docs.couper.io/configuration/block/spa#bootstrap-data) ([#626](https://github.com/avenga/couper/issues/626)) 68 * OAuth2 client authentication methods (`token_endpoint_auth_method` values) `"client_secret_jwt"` and `"private_key_jwt"` including `jwt_signing_profile` block for [`oauth2`](https://docs.couper.io/configuration/block/oauth2_req_auth), [`beta_oauth2`](https://docs.couper.io/configuration/block/oauth2_ac) and [`oidc`](https://docs.couper.io/configuration/block/oidc) blocks ([#599](https://github.com/avenga/couper/pull/599)) 69 * [`trim()` function](https://docs.couper.io/configuration/functions) ([#605](https://github.com/avenga/couper/pull/605)) 70 * `beta_roles_map_file` and `beta_permissions_map_file` attributes to [`jwt` block](https://docs.couper.io/configuration/block/jwt) ([#613](https://github.com/avenga/couper/pull/613)) 71 72 * **Changed** 73 * Replaced the JWT library because the former library was no longer maintained ([#612](https://github.com/avenga/couper/pull/612)) 74 * Routing and [OpenAPI validation](https://docs.couper.io/configuration/block/openapi) now use gorilla/mux ([#614](https://github.com/avenga/couper/pull/614)) 75 * Usage of `env` variables and functions is now possible for the `defaults` block ([#630](https://github.com/avenga/couper/pull/630)) 76 77 * **Fixed** 78 * Aligned the evaluation of [`beta_oauth2`](https://docs.couper.io/configuration/block/oauth2_ac)/[`oidc`](https://docs.couper.io/configuration/block/oidc) `redirect_uri` to `saml` `sp_acs_url` ([#589](https://github.com/avenga/couper/pull/589)) 79 * Proper handling of empty [`beta_oauth2`](https://docs.couper.io/configuration/block/oauth2_ac)/[`oidc`](https://docs.couper.io/configuration/block/oidc) `scope` ([#593](https://github.com/avenga/couper/pull/593)) 80 * Throwing [sequence errors](https://docs.couper.io/configuration/error-handling#endpoint-error-types) and selecting appropriate [error handlers](https://docs.couper.io/configuration/error-handling) ([#595](https://github.com/avenga/couper/pull/595)) 81 * Allow setting of the `typ` JWT header in [`jwt_signing_profile`s](https://docs.couper.io/configuration/block/jwt_signing_profile) ([#616](https://github.com/avenga/couper/pull/616)) 82 * CVE-2021-3538 related to our `request_id_format` option if switched to `uuid4`: replaced the underlying package to `github.com/google/uuid` ([#611](https://github.com/avenga/couper/pull/611)) 83 * Possible panic for nested [endpoint sequences](https://docs.couper.io/configuration/block/endpoint#endpoint-sequence) ([#618](https://github.com/avenga/couper/pull/618)) 84 * Cycle check for [endpoint sequences](https://docs.couper.io/configuration/block/endpoint#endpoint-sequence) ([#623](https://github.com/avenga/couper/pull/623)) 85 * In [endpoint sequences](https://docs.couper.io/configuration/block/endpoint#endpoint-sequence) send requests only once ([#624](https://github.com/avenga/couper/pull/624)) 86 87 88 ## [1.10.1](https://github.com/avenga/couper/releases/tag/v1.10.1) 89 90 * **Fixed** 91 * [endpoint `/**` path wildcards](https://docs.couper.io/configuration/block/endpoint) sometimes not matching ([#603](https://github.com/avenga/couper/pull/603)) 92 * Some errors in the [`default()` function](https://docs.couper.io/configuration/functions) ([#596](https://github.com/avenga/couper/pull/596)) 93 94 ## [1.10.0](https://github.com/avenga/couper/releases/tag/v1.10.0) 95 96 Couper 1.10 is a feature release comprising new features for a more flexible and cleaner configuration. It also comes with some bug fixes and some smaller improvements. See below for a complete list of changes. 97 98 The new [`environment` block](https://docs.couper.io/configuration/block/environment) along with its corresponding [setting](https://docs.couper.io/configuration/block/settings) and the [`-e` command line option](https://docs.couper.io/configuration/command-line#basic-options) allows for a cleaner and safer configuration if Couper is to be deployed in different environments. Read more about that feature in our [example](https://github.com/avenga/couper-examples/tree/master/environment). 99 100 Labeled, reusable [`proxy` blocks](https://docs.couper.io/configuration/block/proxy) provide means for a leaner and less repetitive configuration. 101 102 In case a backend request requires authorization, the new [`beta_token_request` block](https://docs.couper.io/configuration/block/token_request) can request the required token and make the response available via the [`beta_token_response` variable](https://docs.couper.io/configuration/variables#beta_token_response). 103 104 Finally, a stricter [`endpoint`](https://docs.couper.io/configuration/block/endpoint) path validation for a clearer and more consistent path matching is now applied. Some characters or character sequences like `?`, `#`, and `/../` are no longer allowed; empty path parameters won't match anymore. 105 106 As always the [Couper VSCode extension](https://marketplace.visualstudio.com/items?itemName=AvengaGermanyGmbH.couper) has been updated to support all new features. 107 108 We have launched our [documentation website](https://docs.couper.io/) to find blocks and attributes more easily. 109 110 * **Added** 111 * [`environment` block](https://docs.couper.io/configuration/block/environment), [setting](https://docs.couper.io/configuration/block/settings) and [`couper.environment` variable](https://docs.couper.io/configuration/variables#couper) ([#521](https://github.com/avenga/couper/pull/521), ([#534](https://github.com/avenga/couper/pull/534), [#545](https://github.com/avenga/couper/pull/545)), ([#546](https://github.com/avenga/couper/pull/546)) 112 * used go version in `version` command ([#552](https://github.com/avenga/couper/pull/552)) 113 * new `grant_type`s `"password"` and `"urn:ietf:params:oauth:grant-type:jwt-bearer"` with related attributes for [`oauth2` block](https://docs.couper.io/configuration/block/oauth2) ([#555](https://github.com/avenga/couper/pull/555)) 114 * [`beta_token_request` block](https://docs.couper.io/configuration/block/token_request), [`backend`](https://docs.couper.io/configuration/variables#backend) and [`beta_token_response`](https://docs.couper.io/configuration/variables#beta_token_response) variables and `beta_token(s)` properties of [`backends` variable](https://docs.couper.io/configuration/variables#backends) ([#517](https://github.com/avenga/couper/pull/517)) 115 * reusable [`proxy` block](https://docs.couper.io/configuration/block/proxy) ([#561](https://github.com/avenga/couper/pull/561)) 116 117 * **Changed** 118 * Renamed `-debug` to `-pprof` and made debug port configurable via `-pprof-port`. Both [command line options](https://docs.couper.io/configuration/command-line#profiling-options) can also be specified via the respective [`settings`](https://docs.couper.io/configuration/block/settings). ([#577](https://github.com/avenga/couper/pull/577)) 119 120 * **Fixed** 121 * [`form_body`, `headers` and `cookies`](https://docs.couper.io/configuration/block/request#attributes) can now be properly [custom-logged](https://docs.couper.io/observation/logging#custom-logging) ([#535](https://github.com/avenga/couper/pull/535)) 122 * Disallow empty path parameters ([#526](https://github.com/avenga/couper/pull/526)) 123 * Disallow endpoint path patterns not starting with `/`, endpoint path patterns and `base_path`s having `.` or `..` segments ([#584](https://github.com/avenga/couper/pull/584)) 124 * Basic Auth client authentication with OAuth2 (client ID and secret must be URL encoded) ([#537](https://github.com/avenga/couper/pull/537)) 125 * Config validation, e.g. label-uniqueness checks ([#563](https://github.com/avenga/couper/pull/563)) 126 * [OIDC](https://docs.couper.io/configuration/block/oidc) not using referenced backends, if only specific backends (`configuration_backend`, `jwks_uri_backend`, `token_backend`, `userinfo_backend`) were configured ([#570](https://github.com/avenga/couper/pull/570)) 127 * [OIDC](https://docs.couper.io/configuration/block/oidc) configuration related go-routine leak after retrieving a new payload due to config ttl ([#564](https://github.com/avenga/couper/pull/564)) 128 129 * **Removed** 130 * Endpoint path normalization to better match OpenAPI behavior ([#526](https://github.com/avenga/couper/pull/526)) 131 132 ## [1.9.2](https://github.com/avenga/couper/releases/tag/v1.9.2) 133 134 * **Fixed** 135 * configuration related panic while loading backends with [`oauth2` block](https://docs.couper.io/configuration/block/oauth2_req_auth) which depends on other defined backends ([#524](https://github.com/avenga/couper/pull/524)) 136 * erroneous retries for [`oauth2`](https://docs.couper.io/configuration/block/oauth2_req_auth) backend authorization ([#529](https://github.com/avenga/couper/pull/529)) 137 * with `retries = 0` ([#528](https://github.com/avenga/couper/pull/528)) 138 * with `retries` > `0` and related origin configuration ([#529](https://github.com/avenga/couper/pull/529)) 139 * race condition resulting in empty [`backends.<label>.health.state` variable](https://docs.couper.io/configuration/block/health) ([#530](https://github.com/avenga/couper/pull/530)) 140 * enabled json html escaping inherited from Go lib ([#531](https://github.com/avenga/couper/pull/531)) 141 142 ## [1.9.1](https://github.com/avenga/couper/releases/tag/v1.9.1) 143 144 * **Fixed** 145 * Missing environment key error while using multiple configuration files ([#522](https://github.com/avenga/couper/pull/522)) 146 147 ## [1.9.0](https://github.com/avenga/couper/releases/tag/v1.9.0) 148 149 Couper 1.9 is a feature release bringing more comfort and enhanced stability to 150 the Couper configuration. It also improves the permission handling and provides a 151 couple of bug fixes. For a complete list of changes see below. 152 153 As of release 1.9 it is possible to split a Couper configuration into multiple 154 `.hcl`-files. You can now, for example, use different configuration files for 155 your `api`, `files` and `definitions` blocks, or keep your development, testing 156 and production setups separated. All the configuration files given at 157 [startup](https://docs.couper.io/configuration/command-line) will be [merged together](https://docs.couper.io/configuration/multiple-files). 158 159 The new block [`beta_health`](https://docs.couper.io/configuration/block/health) ([beta](https://docs.couper.io/getting-started/beta-features)) 160 allows you to configure recurring health check requests for a backend. 161 By default, Couper won't request backends considered unhealthy which might help 162 them recover due to the reduced amount of requests. 163 The current health state of a backend can be accessed by variable. 164 Changes in healthiness will be [logged](https://docs.couper.io/observation/logging) and exported as [metrics](https://docs.couper.io/observation/metrics). 165 166 To make permission handling easier to grasp we've dropped the term `scope` and 167 accordingly changed the names of the `beta_scope`, `beta_scope_claim` and `beta_scope_map` 168 attributes to `beta_required_permission`, `beta_permissions_claim` and `beta_permissions_map`, 169 respectively. Furthermore, `beta_required_permission` (formerly `beta_scope`) can now 170 be an HCL expression. If `beta_required_permission` is specified in both an `endpoint` 171 and its parent `api` block, the former *overrides* the latter. 172 Our permission handling examples illustrate some common use cases: 173 [basic example](https://github.com/avenga/couper-examples/tree/master/permissions), 174 [roles example](https://github.com/avenga/couper-examples/tree/master/permissions-rbac), 175 [map example](https://github.com/avenga/couper-examples/tree/master/permissions-map) 176 177 Along with this release goes the latest [extension for VSCode](https://marketplace.visualstudio.com/items?itemName=AvengaGermanyGmbH.couper) 178 which now indicates misplaced blocks and attributes, missing block labels and so on. 179 We've also updated the completion suggestions and fixed a couple of syntax highlighting 180 issues. 181 182 * **Added** 183 * Couper now [reads and merges multiple configuration files](https://docs.couper.io/configuration/multiple-files) ([#437](https://github.com/avenga/couper/pull/437), [#515](https://github.com/avenga/couper/pull/515)) 184 * `beta_health`-block to `backend`-block to enable continuous health-checks for defined backends ([#313](https://github.com/avenga/couper/pull/313)) 185 * `backends.<name>.health` variable to access the current health-check state _(subject to change)_ 186 * Log malformed duration settings ([#487](https://github.com/avenga/couper/pull/487)) 187 * `url` attribute could make use of our wildcard pattern `/**` and relative urls in combination with a backend reference ([#480](https://github.com/avenga/couper/pull/480)) 188 * `jwks_max_stale` in [`jwt` block](./docs/REFERENCE.md#jwt-block) ([#502](https://github.com/avenga/couper/pull/502)) 189 * `jwks_ttl`, `jwks_max_stale` and `configuration_max_stale` in [`oidc` block](./docs/REFERENCE.md#oidc-block) ([#502](https://github.com/avenga/couper/pull/502)) 190 * Error handling for `backend`, `backend_openapi_validation` and `backend_timeout` [error types](./docs/ERRORS.md) ([#490](https://github.com/avenga/couper/pull/490)) 191 * `response.bytes` log-field to backend logs if read from body, fallback is the `Content-Length` header ([#494](https://github.com/avenga/couper/pull/494)) 192 * [Error types](./docs/ERRORS.md) `endpoint` and `access_control` ([#500](https://github.com/avenga/couper/pull/500)) 193 194 * **Changed** 195 * Permission handling: ([#477](https://github.com/avenga/couper/pull/477), [#504](https://github.com/avenga/couper/pull/504)) 196 * renamed `beta_scope` attribute for [`api`](./docs/REFERENCE.md#api-block) and [`endpoint`](./docs/REFERENCE.md#endpoint-block) blocks to `beta_required_permission`; `beta_required_permission` in `endpoint` now *overriding* `beta_required_permission` in containing `api` block; allowing an expression as attribute value 197 * renamed `beta_scope_claim` and `beta_scope_map` attributes for [`jwt` block](./docs/REFERENCE.md#jwt-block) to `beta_permissions_claim` and `beta_permissions_map` 198 * removed `beta_operation_denied` and `beta_scope` [error types](./docs/ERRORS.md#api-and-endpoint-error-types) 199 * renamed `beta_insufficient_scope` [error type](./docs/ERRORS.md#api-and-endpoint-error-types) to `beta_insufficient_permissions` 200 * added `request.context.beta_required_permission` and `request.context.beta_granted_permissions` [request variables](./docs/REFERENCE.md#request) 201 * Clarified the type of various [attributes/variables](./docs/REFERENCE.md) ([#485](https://github.com/avenga/couper/pull/485)) 202 * [`spa` block](./docs/REFERENCE.md#spa-block) can be defined multiple times now ([#510](https://github.com/avenga/couper/pull/510)) 203 * [`files` block](./docs/REFERENCE.md#files-block) can be defined multiple times now ([#513](https://github.com/avenga/couper/pull/513)) 204 205 * **Fixed** 206 * Keys in object type attribute values are only handled case-insensitively if reasonable (e.g. they represent HTTP methods or header field values) ([#461](https://github.com/avenga/couper/pull/461)) 207 * Multiple labels for [`error_handler` blocks](./docs/ERRORS.md#error_handler-specification) ([#462](https://github.com/avenga/couper/pull/462)) 208 * [`error_handler` blocks](./docs/REFERENCE.md#error-handler-block) for an error type defined in both `endpoint` and `api` ([#469](https://github.com/avenga/couper/pull/469)) 209 * Request methods are treated case-insensitively when comparing them to methods in the `allowed_methods` attribute of [`api`](./docs/REFERENCE.md#api-block) or [`endpoint`](./docs/REFERENCE.md#endpoint-block) blocks ([#478](https://github.com/avenga/couper/pull/478)) 210 * Do not allow multiple `backend` blocks in `proxy` and `request` blocks ([#483](https://github.com/avenga/couper/pull/483)) 211 * Panic if an [`error_handler` block](./docs/REFERENCE.md#error-handler-block) following another `error_handler` block has no label ([#486](https://github.com/avenga/couper/pull/486)) 212 * Spurious `duplicate endpoint /**` error for APIs sharing the same base path ([#507](https://github.com/avenga/couper/pull/507)) 213 * Invalid (by [OpenAPI validation](./docs/REFERENCE.md#openapi-block)) backend response missing in [`backend_responses`](./docs/REFERENCE.md#backend_responses) ([#501](https://github.com/avenga/couper/pull/501)) 214 * Ignore the `expected_status` check for a request configured via a [`proxy`](./docs/REFERENCE.md#proxy-block) or [`request`](./docs/REFERENCE.md#request-block) block if a [`backend` error](./docs/ERRORS.md#endpoint-error-types) occurred ([#505](https://github.com/avenga/couper/pull/505)) 215 * `merge()` function removes key with `null` value. ([#518](https://github.com/avenga/couper/pull/518)) 216 217 * **Removed** 218 * support for `beta_oidc` block (use [`oidc` block](./docs/REFERENCE.md#oidc-block) instead) ([#475](https://github.com/avenga/couper/pull/475)) 219 * support for `beta_oauth_authorization_url` and `beta_oauth_verifier` functions (use `oauth2_authorization_url` and `oauth2_verifier` [functions](./docs/REFERENCE.md#functions) instead) ([#475](https://github.com/avenga/couper/pull/475)) 220 * `path` attribute from `endpoint` (and `proxy`) block; use `path` attribute in `backend` block instead ([#516](https://github.com/avenga/couper/pull/516)) 221 222 ## [1.8.1](https://github.com/avenga/couper/releases/tag/v1.8.1) 223 224 * **Fixed** 225 * missing error handling while loading a given `ca_file` ([#460](https://github.com/avenga/couper/pull/460)) 226 * allow [`api` blocks](./docs/REFERENCE.md#api-block) sharing the same `base_path` ([#471](https://github.com/avenga/couper/pull/471)) 227 228 ## [1.8.0](https://github.com/avenga/couper/releases/tag/v1.8.0) 229 230 * **Added** 231 * `disable_private_caching` attribute for the [JWT Block](./docs/REFERENCE.md#jwt-block) ([#418](https://github.com/avenga/couper/pull/418)) 232 * [`backend_request`](./docs/REFERENCE.md#backend_request) and [`backend_response`](./docs/REFERENCE.md#backend_response) variables ([#430](https://github.com/avenga/couper/pull/430)) 233 * `beta_scope_map` attribute for the [JWT Block](./docs/REFERENCE.md#jwt-block) ([#434](https://github.com/avenga/couper/pull/434)) 234 * `saml` [error type](./docs/ERRORS.md#error-types) ([#424](https://github.com/avenga/couper/pull/424)) 235 * `allowed_methods` attribute for the [API](./docs/REFERENCE.md#api-block) or [Endpoint Block](./docs/REFERENCE.md#endpoint-block) ([#444](https://github.com/avenga/couper/pull/444)) 236 * new HCL [functions](./docs/REFERENCE.md#functions): `contains()`, `join()`, `keys()`, `length()`, `lookup()`, `set_intersection()`, `to_number()` ([#455](https://github.com/avenga/couper/pull/455)) 237 * `ca_file` option to `settings` (also as argument and environment option) ([#447](https://github.com/avenga/couper/pull/447)) 238 * Option for adding the given PEM encoded ca-certificate to the existing system certificate pool for all outgoing connections. 239 240 * **Changed** 241 * Automatically add the `private` directive to the response `Cache-Control` HTTP header field value for all resources protected by [JWT](./docs/REFERENCE.md#jwt-block) ([#418](https://github.com/avenga/couper/pull/418)) 242 243 * **Fixed** 244 * improved protection against sniffing using unauthorized requests with non-standard method to non-existent endpoints in protected API ([#441](https://github.com/avenga/couper/pull/441)) 245 * Couper handles OS-Signal `INT` in all cases in combination with the `-watch` argument ([#456](https://github.com/avenga/couper/pull/456)) 246 * some [error types](./docs/ERRORS.md#access-control-error-types) related to [JWT](./docs/REFERENCE.md#jwt-block) ([#438](https://github.com/avenga/couper/pull/438)) 247 248 ## [1.7.2](https://github.com/avenga/couper/releases/tag/v1.7.2) 249 250 * **Fixed** 251 * free up resources for backend response bodies without variable reference ([#449](https://github.com/avenga/couper/pull/449)) 252 * Linux and Windows binary version output (CI) ([#446](https://github.com/avenga/couper/pull/446)) 253 * error handling for empty `error_handler` labels ([#432](https://github.com/avenga/couper/pull/432)) 254 255 ## [1.7.1](https://github.com/avenga/couper/releases/tag/v1.7.1) 256 257 * **Fixed** 258 * missing upstream log field value for [`request.proto`](./docs/LOGS.md#backend-fields) ([#421](https://github.com/avenga/couper/pull/421)) 259 * handling of `for` loops in HCL ([#426](https://github.com/avenga/couper/pull/426)) 260 * handling of conditionals in HCL: only predicates evaluating to boolean are allowed ([#429](https://github.com/avenga/couper/pull/429)) 261 * broken binary on macOS Monterey; build with latest go 1.17.6 (ci) ([#439](https://github.com/avenga/couper/pull/439)) 262 263 ## [1.7](https://github.com/avenga/couper/releases/tag/v1.7.0) 264 265 We start 2022 with fresh release of Couper with some exciting features. 266 267 Our **OpenID-Connect** (OIDC) configuration specification has been proven as final and is moved out of beta to the [`oidc` block](./docs/REFERENCE.md#oidc-block). 268 (Couper will still support `beta_oidc` until version `1.8`). With OIDC, Couper supports a variety of Identity Provides such as Google, Azure AD, Keycloak and many more. 269 270 While microservices aim for decoupling, they still need to work _together_. A typical API gateway approach is to make them individually accessible and move the point of integration into the client. Couper **sequences** however allows you to chain requests _in the gateway_. The response of one service call is used as input for the request to the next service. This keeps coupling loose and inter-service connectivity robust. 271 How Couper can help here is explained in our [sequence example](https://github.com/avenga/couper-examples/tree/master/sequences). 272 273 As part of our efforts to ease observability, Couper now allows you to collect **custom log data**. Use the [`custom_log_fields` attribute](./docs/LOGS.md#custom-logging) 274 all over your configuration file to augment your logs with information that is relevant to your application. Check out our [example](https://github.com/avenga/couper-examples/tree/master/custom-logging) to find out how it works. 275 276 To further improve the developer experience with Couper the [container image](https://hub.docker.com/r/avenga/couper) supports `amd64` and `arm64` architecture now. 277 On top of that the binary installation has been improved for [homebrew](https://brew.sh/) users: `brew tap avenga/couper && brew install couper` and go! 278 279 * **Added** 280 * Support for [sequences](./docs/REFERENCE.md#endpoint-sequence) of outgoing endpoint requests ([#405](https://github.com/avenga/couper/issues/405)) 281 * `expected_status` attribute for `request` and `proxy` block definitions which can be caught with [error handling](./docs/ERRORS.md#endpoint-related-error_handler) ([#405](https://github.com/avenga/couper/issues/405)) 282 * [`custom_log_fields`](./docs/LOGS.md#custom-logging) attribute to be able to describe a user defined map for `custom` log field enrichment ([#388](https://github.com/avenga/couper/pull/388)) 283 * [`jwt` block](./docs/REFERENCE.md#jwt-block)/[`jwt_signing_profile` block](./docs/REFERENCE.md#jwt-signing-profile-block) support ECDSA signatures ([#401](https://github.com/avenga/couper/issues/401)) 284 * `user` as context variable from a [Basic Auth](./docs/REFERENCE.md#basic-auth-block) is now accessible via `request.context.<label>.user` for successfully authenticated requests ([#402](https://github.com/avenga/couper/pull/402)) 285 286 * **Changed** 287 * [`oidc` block](./docs/REFERENCE.md#oidc-block) is out of [beta](./docs/BETA.md). (The `beta_oidc` block name will be removed with Couper 1.8. ([#400](https://github.com/avenga/couper/pull/400)) 288 * `oauth2_authorization_url()` and `oauth2_verifier()` [functions](./docs/REFERENCE.md#functions) are our of beta. (The old function names `beta_oauth_...` will be removed with Couper 1.8). ([#400](https://github.com/avenga/couper/pull/400)) 289 * The access control for the OIDC redirect endpoint ([`oidc` block](./docs/REFERENCE.md#oidc-block)) now verifies ID token signatures ([#404](https://github.com/avenga/couper/pull/404)) 290 * `header = "Authorization"` is now the default token source for [JWT](./docs/REFERENCE.md#jwt-block) and may be omitted ([#413](https://github.com/avenga/couper/issues/413)) 291 * Improved the validation for unique keys in all map-attributes in the config ([#403](https://github.com/avenga/couper/pull/403)) 292 * Missing [scope or roles claims](./docs/REFERENCE.md#jwt-block), or scope or roles claim with unsupported values are now ignored instead of causing an error ([#380](https://github.com/avenga/couper/issues/380)) 293 * Unbeta [OIDC block](./docs/REFERENCE.md#oidc-block). The old block name is still usable with Couper 1.7, but will no longer work with Couper 1.8. ([#400](https://github.com/avenga/couper/pull/400)) 294 * Unbeta the `oauth2_authorization_url()` and `oauth2_verifier()` [function](./docs/REFERENCE.md#functions). The prefix is changed from `beta_oauth_...` to `oauth2_...`. The old function names are still usable with Couper 1.7, but will no longer work with Couper 1.8. ([#400](https://github.com/avenga/couper/pull/400)) 295 * Automatically add the `private` directive to the response `Cache-Control` HTTP header field value for all resources protected by [JWT](./docs/REFERENCE.md#jwt-block) ([#418](https://github.com/avenga/couper/pull/418)) 296 297 * **Fixed** 298 * build-date configuration for binary and docker builds ([#396](https://github.com/avenga/couper/pull/396)) 299 * exclude file descriptor limit startup-logs for Windows ([#396](https://github.com/avenga/couper/pull/396), [#383](https://github.com/avenga/couper/pull/383)) 300 * possible race conditions while updating JWKS for the [JWT access control](./docs/REFERENCE.md#jwt-block) ([#398](https://github.com/avenga/couper/pull/398)) 301 * panic while accessing primitive variables with a key ([#377](https://github.com/avenga/couper/issues/377)) 302 * [`default()`](./docs/REFERENCE.md#functions) function continues to the next fallback value if this is a string type and an argument evaluates to an empty string ([#408](https://github.com/avenga/couper/issues/408)) 303 * missing read of client-request bodies if related variables are used in referenced access controls only (e.g. JWT token source) ([#415](https://github.com/avenga/couper/pull/415)) 304 305 * **Dependencies** 306 * Update [kin-openapi](https://github.com/getkin/kin-openapi) used for [OpenAPI](./docs/REFERENCE.md#openapi-block) validation to `v0.83.0` ([#399](https://github.com/avenga/couper/pull/399)) 307 308 ## [1.6](https://github.com/avenga/couper/releases/tag/1.6) 309 310 * **Added** 311 * Register `default` function as `coalesce` alias ([#356](https://github.com/avenga/couper/pull/356)) 312 * New HCL function [`relative_url()`](./docs/REFERENCE.md#functions) ([#361](https://github.com/avenga/couper/pull/361)) 313 * Log file descriptor limit at startup ([#383](https://github.com/avenga/couper/pull/383)) 314 * [`error_handler`](/docs/ERRORS.md) block support for `api` and `endpoint` blocks ([#317](https://github.com/avenga/couper/pull/317)) 315 * Enables reacting to additional [error types](/docs/ERRORS.md#error-types): `beta_scope`, `beta_insufficient_scope` and `beta_operation_denied` 316 * `split()` and `substr()` [functions](./docs/REFERENCE.md#functions) ([#390](https://github.com/avenga/couper/pull/390)) 317 * hcl syntax verification for our configuration file ([#296](https://github.com/avenga/couper/pull/296)), ([#168](https://github.com/avenga/couper/issues/168)), ([#188](https://github.com/avenga/couper/issues/188)) 318 * validate against the schema and additional requirements 319 * available as [`verify`](docs/CLI.md) command too 320 321 * **Changed** 322 * [`server` block](./docs/REFERENCE.md#server-block) label is now optional, [`api` block](./docs/REFERENCE.md#api-block) may be labelled ([#358](https://github.com/avenga/couper/pull/358)) 323 * Timings in logs are now numeric values ([#367](https://github.com/avenga/couper/issues/367)) 324 325 * **Fixed** 326 * Handling of [`accept_forwarded_url`](./docs/REFERENCE.md#settings-block) "host" if `H-Forwarded-Host` request header field contains a port ([#360](https://github.com/avenga/couper/pull/360)) 327 * Setting `Vary` response header fields for [CORS](./docs/REFERENCE.md#cors-block) ([#362](https://github.com/avenga/couper/pull/362)) 328 * Use of referenced backends in [OAuth2 CC Blocks](./docs/REFERENCE.md#oauth2-cc-block) ([#321](https://github.com/avenga/couper/issues/321)) 329 * [CORS](./docs/REFERENCE.md#cors-block) preflight requests are not blocked by access controls anymore ([#366](https://github.com/avenga/couper/pull/366)) 330 * Reduced memory usage for backend response bodies which just get piped to the client and are not required to be read by Couper due to a variable references ([#375](https://github.com/avenga/couper/pull/375)) 331 * However, if a huge message body is passed and additionally referenced via e.g. `json_body`, Couper may require a lot of memory for storing the data structure. 332 * For each SAML attribute listed in [`array_attributes`](./docs/REFERENCE.md#saml-block) at least an empty array is created in `request.context.<label>.attributes.<name>` ([#369](https://github.com/avenga/couper/pull/369)) 333 * HCL: Missing support for RelativeTraversalExpr, IndexExpr, UnaryOpExpr ([#389](https://github.com/avenga/couper/pull/389)) 334 * HCL: Missing support for different variable index key types ([#391](https://github.com/avenga/couper/pull/391)) 335 * [OIDC](./docs/REFERENCE.md#oidc-block): rejecting an ID token lacking an `aud` claim or with a `null` value `aud` ([#393](https://github.com/avenga/couper/pull/393)) 336 337 ## [1.5](https://github.com/avenga/couper/releases/tag/1.5) 338 339 * **Added** 340 * `Accept: application/json` request header to the OAuth2 token request, in order to make the Github token endpoint respond with a JSON token response ([#307](https://github.com/avenga/couper/pull/307)) 341 * Documentation of [logs](docs/LOGS.md) ([#310](https://github.com/avenga/couper/pull/310)) 342 * `signing_ttl` and `signing_key`/`signing_key_file` to [`jwt` block](./docs/REFERENCE.md#jwt-block) for use with [`jwt_sign()` function](#functions) ([#309](https://github.com/avenga/couper/pull/309)) 343 * `jwks_url` and `jwks_ttl` to [`jwt` block](./docs/REFERENCE.md#jwt-block) ([#312](https://github.com/avenga/couper/pull/312)) 344 * `token_value` attribute in [`jwt` block](./docs/REFERENCE.md#jwt-block) ([#345](https://github.com/avenga/couper/issues/345)) 345 * `headers` attribute in [`jwt_signing_profile` block](./docs/REFERENCE.md#jwt-signing-profile-block) ([#329](https://github.com/avenga/couper/issues/329)) 346 347 * **Changed** 348 * Organized log format fields for uniform access and upstream log ([#300](https://github.com/avenga/couper/pull/300)) 349 * `claims` in a [`jwt` block](./docs/REFERENCE.md#jwt-block) are now evaluated per request, so that [`request` properties](./docs/REFERENCE.md#request) can be used as required claim values ([#314](https://github.com/avenga/couper/pull/314)) 350 * how Couper handles missing variables during context evaluation ([#255](https://github.com/avenga/couper/pull/225)) 351 * Previously missing elements results in evaluation errors and expressions like `set_response_headers` failed completely instead of one key/value pair. 352 The evaluation has two steps now and will look up variables first and prepares the given expression to return `Nil` as fallback. 353 354 * **Fixed** 355 * Key for storing and reading [OpenID configuration](./docs/REFERENCE.md#oidc-block) ([#319](https://github.com/avenga/couper/pull/319)) 356 357 * [**Beta**](./docs/BETA.md) 358 * `beta_scope_claim` attribute to [`jwt` block](./docs/REFERENCE.md#jwt-block); `beta_scope` attribute to [`api`](./docs/REFERENCE.md#api-block) and [`endpoint` block](./docs/REFERENCE.md#endpoint-block)s; [error types](./docs/ERRORS.md#error-types) `beta_operation_denied` and `beta_insufficient_scope` ([#315](https://github.com/avenga/couper/pull/315)) 359 * `beta_roles_claim` and `beta_roles_map` attributes to [`jwt` block](./docs/REFERENCE.md#jwt-block) ([#325](https://github.com/avenga/couper/pull/325)) ([#338](https://github.com/avenga/couper/pull/338)) ([#352](https://github.com/avenga/couper/pull/352)) 360 * Metrics: [Prometheus exporter](./docs/METRICS.md) ([#295](https://github.com/avenga/couper/pull/295)) 361 362 * **Dependencies** 363 * build with go 1.17 ([#331](https://github.com/avenga/couper/pull/331)) 364 365 ## [1.4](https://github.com/avenga/couper/releases/tag/1.4) 366 367 Release date: 2021-08-26 368 369 This release introduces [_Beta Features_](./docs/BETA.md). We use beta features to develop and experiment with new, complex features for you while still being able to maintain our compatibility promise. You can see beta features as a feature preview. To make users aware that a beta feature is used their configuration items are prefixed with `beta_`. 370 371 The first beta features incorporate the OAuth2 functionality into the Access Control capabilities of Couper. The [`beta_oauth2 {}` block](./docs/REFERENCE.md#oauth2-ac-block-beta) implements OAuth2 Authorization Code Grant Flows. The companion block [`beta_oidc {}`](./docs/REFERENCE.md#oidc-block) implements [OIDC](https://openid.net/connect/), which allows simple integration of 3rd-party systems such as Google, Github or Keycloak for SSO (Single-Sign-On). 372 373 Together with transparent [Websockets](docs/REFERENCE.md#websockets-block) support that you can enable in your `proxy {}` block, you can guard existing Web applications with Couper via OIDC. 374 375 To aid observability of your setups, Couper sends its request ID as the `Couper-Request-Id` HTTP header in both backend requests and client responses. This makes it possible to trace events and correlate logs throughout the service chain. Couper can also accept a request ID generated by a downstream system like for example a load balancer. Like all [settings](./docs/REFERENCE.md#settings-block), these can be configured in the config, as [command line flag](./docs/CLI.md) or via [environment variables](./DOCKER.md#environment-options). 376 377 Load balancers or ingress services often provide `X-Forwarded-Host` headers. Couper can be configured to use these to change the properties of the `request` variable. This allows a Couper configuration to adapt to the run time environment, for example to create a back link for OIDC or SAML authorization requests with the `request.origin` variable. 378 379 If your applications are running in multiple setups, like testing and production environments, there will likely be more parameters that you want to have configurable. Backend origins, user names, credentials, timeouts, all that could be nice to be changed without a new deployment. Couper supports using environment variables with `env.VAR`-like expressions. Now, Couper can also provide [default values](./docs/REFERENCE.md#defaults-block) for those variables. This makes it easy to have values configurable without the need to provide values outside of Couper (e.g. in Kubernetes). Our [env vars example](https://github.com/avenga/couper-examples/blob/master/env-var/) shows that in action. 380 381 * **Added** 382 * `environment_variables` map in the [`defaults`](./docs/REFERENCE.md#defaults-block) block to define default values for environment variables ([#271](https://github.com/avenga/couper/pull/271)) 383 * [`https-dev-proxy` option](./docs/REFERENCE.md#settings-block) creates a TLS server listing on the given TLS port. Requests are forwarded to the given `server` port. The certificate is generated on-the-fly. This function is intended for local development setups to support browser features requiring HTTPS connections, such as secure cookies. ([#281](https://github.com/avenga/couper/pull/281)) 384 * [`websockets`](docs/REFERENCE.md#websockets-block) option in `proxy` block enables transparent websocket support when proxying to upstream backends ([#198](https://github.com/avenga/couper/issues/198)) 385 * Client request [variables](./docs/REFERENCE.md#request) `request.url`, `request.origin`, `request.protocol`, `request.host` and `request.port` ([#255](https://github.com/avenga/couper/pull/255)) 386 * [Command-line option](https://docs.couper.io/configuration/command-line#surrounding-architecture-options) `-accept-forwarded-url` and [setting](https://docs.couper.io/configuration/block/settings) `accept_forwarded_url` to accept `proto`, `host`, or `port` from `X-Forwarded-Proto`, `X-Forwarded-Host` or `X-Forwarded-Port` request headers ([#255](https://github.com/avenga/couper/pull/255)) 387 * Couper sends its request ID as `Couper-Request-Id` HTTP header in backend requests and client responses. This can be configured with the `request_id_backend_header` and `request_id_client_header` [settings](./docs/REFERENCE.md#settings-block) ([#268](https://github.com/avenga/couper/pull/268)) 388 * [`request_id_accept_from_header` setting](./docs/REFERENCE.md#settings-block) configures Couper to use a downstream request ID instead of generating its own in order to help correlating log events across services ([#268](https://github.com/avenga/couper/pull/268)) 389 * [`couper.version` variable](docs/REFERENCE.md#couper) ([#274](https://github.com/avenga/couper/pull/274)) 390 * `protocol`, `host`, `port`, `origin`, `body`, `json_body` to [`backend_requests` variable](./docs/REFERENCE.md#backend_requests) ([#278](https://github.com/avenga/couper/pull/278)) 391 * Locking to avoid concurrent requests to renew [OAuth2 Client Credentials](./docs/REFERENCE.md#oauth2-cc-block) access tokens ([#270](https://github.com/avenga/couper/issues/270)) 392 * `log-level` in the [`settings`](./docs/REFERENCE.md#settings-block) block to define when a log is printed ([#306](https://github.com/avenga/couper/pull/306)) 393 394 * **Changed** 395 * The `sp_acs_url` in the [SAML Block](./docs/REFERENCE.md#saml-block) may now be relative ([#265](https://github.com/avenga/couper/pull/265)) 396 397 * **Fixed** 398 * No GZIP compression for small response bodies ([#186](https://github.com/avenga/couper/issues/186)) 399 * Missing error type for [request](docs/REFERENCE.md#request-block)/[response](docs/REFERENCE.md#response-block) body, json_body or form_body related HCL evaluation errors ([#276](https://github.com/avenga/couper/pull/276)) 400 * [`request.url`](./docs/REFERENCE.md#request) and [`backend_requests.<label>.url`](./docs/REFERENCE.md#backend_requests) now contain a query string if present ([#278](https://github.com/avenga/couper/pull/278)) 401 * [`backend_responses.<label>.status`](./docs/REFERENCE.md#backend_responses) is now integer ([#278](https://github.com/avenga/couper/pull/278)) 402 * [`backend_requests.<label>.form_body`](./docs/REFERENCE.md#backend_requests) was always empty ([#278](https://github.com/avenga/couper/pull/278)) 403 * Documentation of [`request.query.<name>`](./docs/REFERENCE.md#request) ([#278](https://github.com/avenga/couper/pull/278)) 404 * Missing access log on some error cases ([#267](https://github.com/avenga/couper/issues/267)) 405 * Panic during backend origin / url usage with previous parse error ([#206](https://github.com/avenga/couper/issues/206)) 406 * [Basic Auth](./docs/REFERENCE.md#basic-auth-block) did not work if only the `htpasswd_file` attribute was defined ([#293](https://github.com/avenga/couper/pull/293)) 407 * Missing error handling for backend gzip header reads ([#291](https://github.com/avenga/couper/pull/291)) 408 * ResponseWriter fallback for possible statusCode 0 writes ([#291](https://github.com/avenga/couper/pull/291)) 409 * ResponseWriter buffer behaviour; prepared chunk writes ([#301](https://github.com/avenga/couper/pull/301)) 410 * Proper client-request canceling ([#294](https://github.com/avenga/couper/pull/294)) 411 412 * [**Beta**](./docs/BETA.md) 413 * OAuth2 Authorization Code Grant Flow: [`beta_oauth2 {}` block](./docs/REFERENCE.md#oauth2-ac-block-beta); [`beta_oauth_authorization_url()`](./docs/REFERENCE.md#functions) and [`beta_oauth_verifier()`](./docs/REFERENCE.md#functions) ([#247](https://github.com/avenga/couper/pull/247)) 414 * OIDC Authorization Code Grant Flow: [`beta_oidc {}` block](./docs/REFERENCE.md#oidc-block) ([#273](https://github.com/avenga/couper/pull/273)) 415 416 ## [1.3.1](https://github.com/avenga/couper/compare/1.3...1.3.1) 417 418 * **Changed** 419 * `Error` log-level for upstream responses with status `500` to `Info` log-level ([#258](https://github.com/avenga/couper/pull/258)) 420 421 * **Fixed** 422 * Missing support for `set_response_status` within a plain `error_handler` block ([#257](https://github.com/avenga/couper/pull/257)) 423 * Panic in jwt_sign() and saml_sso_url() functions without proper configuration ([#243](https://github.com/avenga/couper/issues/243)) 424 425 ## [1.3](https://github.com/avenga/couper/compare/1.2...1.3) 426 427 * **Added** 428 * Modifier (`set/add/remove_form_params`) for the form parameters ([#223](https://github.com/avenga/couper/pull/223)) 429 * Modifier (`set_response_status`) to be able to modify the response HTTP status code ([#250](https://github.com/avenga/couper/pull/250)) 430 431 * **Changed** 432 * Stronger configuration check for `path` and `path_prefix` attributes, possibly resulting in configuration errors ([#232](https://github.com/avenga/couper/pull/232)) 433 * Modifier (`set/add/remove_response_headers`) is available for `api`, `files`, `server` and `spa` block, too ([#248](https://github.com/avenga/couper/pull/248)) 434 435 * **Fixed** 436 * The `path` field in the backend log ([#232](https://github.com/avenga/couper/pull/232)) 437 * Upstream requests with a known body-size have a `Content-Length` HTTP header field instead of `Transfer-Encoding: chunked` ([#163](https://github.com/avenga/couper/issues/163)) 438 * Exit endpoint if an error is occurred in `request` or `proxy` instead of processing a defined `response` ([#233](https://github.com/avenga/couper/pull/233)) 439 440 ## [1.2](https://github.com/avenga/couper/compare/1.1.1...1.2) 441 442 Release date: 2021-05-19 443 444 The most important feature of Couper 1.2 is the introduction of _custom 445 error handling_ in form of the [`error_handler`](/docs/ERRORS.md) block. 446 You can now register error handlers for [error types](/docs/ERRORS.md#error-types). Instead of the standard `error_file` template, 447 you can flexibly respond with arbitrary `response`s. `error_handler` is allowed in access control blocks (`jwt`, `saml2` …), where you 448 could e.g. handle missing tokens with a redirect-to-login. In the 449 future, `error_handler` will be usable in more config areas. Refer to 450 the [example](https://github.com/avenga/couper-examples/tree/master/error-handling-ba) 451 if you want to see it in action. 452 453 * **Added** 454 * `error_handler` block for access controls ([#140](https://github.com/avenga/couper/pull/140)) 455 * `backend_responses.*.body` variable for accessing raw response body content ([#182](https://github.com/avenga/couper/issues/182)) 456 * more `oauth2` config options: `scope` and `token_endpoint_auth_method` (`client_secret_basic` or `client_secret_post`) ([#219](https://github.com/avenga/couper/pull/219), [#220](https://github.com/avenga/couper/pull/220)) 457 458 * **Changed** 459 * `saml2` fallback to `nameid-format:unspecified` ([#217](https://github.com/avenga/couper/pull/217)) 460 * `basic_auth` always responds with status code `401` ([#227](https://github.com/avenga/couper/pull/227)) 461 * `openapi` resolves relative server URLs to the current backend origin ([#230](https://github.com/avenga/couper/pull/230)) 462 463 * **Fixed** 464 * Fix `/healthz` route when called with `accept-encoding: gzip` ([#222](https://github.com/avenga/couper/pull/222)) 465 * Don't panic over duplicate access control definitions, log error instead ([#221](https://github.com/avenga/couper/pull/221)) 466 * Response for missing routes should have status code `404` ([#224](https://github.com/avenga/couper/pull/224)) 467 * Fix possible race-condition with concurrent `openapi` validations ([#231](https://github.com/avenga/couper/pull/231)) 468 * Fix use of server URLs without port in `openapi` ([#230](https://github.com/avenga/couper/pull/230)) 469 470 ## [1.1.1](https://github.com/avenga/couper/compare/1.1...1.1.1) 471 472 Release date: 2021-04-21 473 474 * **Fixed** 475 * Endpoint responses are written and logged with correct status-code ([#216](https://github.com/avenga/couper/issues/216)) 476 * affected: a plain `response` without any additional headers or body configuration 477 478 ## [1.1](https://github.com/avenga/couper/compare/1.0...1.1) 479 480 Release date: 2021-04-16 481 482 * **Fixed** 483 * allow more +json mime types ([#207](https://github.com/avenga/couper/pull/207)) 484 * determines if ja request/response body gets parsed and provided as `json_body` variable 485 * missing check for empty endpoint path patterns ([#211](https://github.com/avenga/couper/pull/211)) 486 * protected API (base)paths returns status 401 instead of 404 if a protected route was not found ([#211](https://github.com/avenga/couper/pull/211)) 487 * jwt source config definition ([#210](https://github.com/avenga/couper/issues/210)) 488 * missing inner context on context copy 489 * possible panic for unhandled error template write errors ([#205](https://github.com/avenga/couper/pull/205)) 490 * backend reference usage with string label ([#189](https://github.com/avenga/couper/issues/189)) 491 * cli argument filtering ([#204](https://github.com/avenga/couper/issues/204)) 492 * misleading jwt rsa key error ([#203](https://github.com/avenga/couper/issues/203)) 493 * watch handling on stat errors ([#202](https://github.com/avenga/couper/pull/202)) 494 495 * **Changed** 496 * Change access control validation logging ([#199](https://github.com/avenga/couper/issues/199)) 497 * log the first occurred error instead of an array 498 499 * **Added** 500 * Add OAuth2 token request retry option ([#167](https://github.com/avenga/couper/issues/167)) ([#209](https://github.com/avenga/couper/issues/209)) 501 502 ## [1.0](https://github.com/avenga/couper/compare/0.9...1.0) 503 504 Release date: 2021-04-09 505 506 * **Added** 507 * `couper help` and usage documentation ([#187](https://github.com/avenga/couper/issues/187)) 508 509 * **Changed** 510 * Ensure unique keys for set_* and add_* attributes ([#183](https://github.com/avenga/couper/pull/183)) 511 * split docker entrypoint and command ([#192](https://github.com/avenga/couper/issues/192)) 512 513 * **Fixed** 514 * Fix missing `backend.origin` attribute url validation ([#191](https://github.com/avenga/couper/issues/191)) 515 516 ## [0.9](https://github.com/avenga/couper/compare/0.8...0.9) 517 518 Release date: 2021-04-08 519 520 * **Fixed** 521 * Log option for `json` formatted logs: ([#176](https://github.com/avenga/couper/issues/176)) 522 * configured parent key applies to (almost) all log fields 523 524 * **Changed** 525 * Change variable names to more user-friendly ones ([#180](https://github.com/avenga/couper/issues/180)): 526 * `req` -> `request` 527 * `ctx` -> `context` 528 * `bereq` -> *removed* 529 * `beresp` -> *removed* 530 * `bereqs` -> `backend_requests` 531 * `beresps` -> `backend_responses` 532 * Log option for parent fields are 'global' now ([#176](https://github.com/avenga/couper/issues/176)) 533 * `COUPER_ACCESS_LOG_PARENT_FIELD`, `COUPER_BACKEND_LOG_PARENT_FIELD` -> `COUPER_LOG_PARENT_FIELD` 534 535 * **Added** 536 * watch option for given Couper configuration file ([#24](https://github.com/avenga/couper/issues/24)) 537 * use `-watch` or via environment `COUPER_WATCH=true` to watch for file changes 538 * log option pretty print for `json` log-format ([#179](https://github.com/avenga/couper/pull/179)) 539 * `-log-pretty` to enable formatted and key colored logs 540 541 ## [0.8](https://github.com/avenga/couper/compare/0.7.0...v0.8) 542 543 Release date: 2021-04-06 544 545 * **Fixed** 546 * Some possible race conditions in combination with multiple `proxy` and/or `request` 547 definitions are fixed ([#157](https://github.com/avenga/couper/issues/177)) ([#160](https://github.com/avenga/couper/issues/160)) 548 * Log endpoint related recovered panics 549 * CORS behaviour: result is now only dependent on the config, not the actual request; fixed Vary headers ([#173](https://github.com/avenga/couper/issues/173)) 550 * Fix json type assumption ([#177](https://github.com/avenga/couper/issues/177)) 551 * `req.json_body` result is an empty object for specific types ([#165](https://github.com/avenga/couper/issues/165)) 552 * Empty json array encodes to `null`. ([#162](https://github.com/avenga/couper/issues/162)) 553 * Fix missing string conversion for evaluated number values ([#175](https://github.com/avenga/couper/issues/175)) 554 * Loading optional labels of same type 555 * multiplexer behaviour with multiple servers and hosts ([#161](https://github.com/avenga/couper/issues/161)) 556 * Fix missing access_control for file handler ([#169](https://github.com/avenga/couper/issues/169)) 557 * 404 behaviour for access controlled endpoints: 558 deny instead of 404 if the request matches the related base_path ([#143](https://github.com/avenga/couper/issues/143)) 559 560 * **Changed** 561 * Rename log type for backend requests: `couper_upstream` -> `couper_backend` ([#159](https://github.com/avenga/couper/pull/159)) ([#172](https://github.com/avenga/couper/pull/172)) 562 * Rename `post` variable to `form_body` ([#158](https://github.com/avenga/couper/pull/158)) 563 564 * **Added** 565 * Add `json_body` attribute for `request` and `response` block ([#158](https://github.com/avenga/couper/issues/158)) 566 * `bytes` log field to represent the body size 567 568 ## [0.7.0](https://github.com/avenga/couper/compare/0.6.1...0.7.0) 569 570 Release date: 2021-03-23 571 572 * **Fixed** 573 * Recover from possible request/proxy related panics ([#157](https://github.com/avenga/couper/pull/157)) ([#145](https://github.com/avenga/couper/pull/145)) 574 * Configuration related hcl merge with an empty attributes and nested blocks 575 576 * **Changed** 577 * `backend` block attributes `basic_auth`, `path_prefix` and `proxy` hcl evaluation during runtime 578 * `request` attributes hcl evaluation during runtime ([#152](https://github.com/avenga/couper/pull/152)) 579 * Change configuration in combination with URL and backend.origin ([#144](https://github.com/avenga/couper/issues/144)) 580 * `request` and `proxy` block can use the `url` attribute instead of define or reference a `backend` 581 * same applies to `oauth2.token_endpoint` 582 * no `X-Forwarded-For` header enrichment from couper `proxy` ([#139](https://github.com/avenga/couper/pull/139)) 583 * more log context for access control related errors ([#154](https://github.com/avenga/couper/issues/154)) 584 585 * **Added** 586 * `saml` 2.0 `access_control` support ([#113](https://github.com/avenga/couper/issues/113)) 587 * Add new `strip-secure-cookies` setting ([#147](https://github.com/avenga/couper/issues/147)) 588 * removes `Secure` flag from all `Set-Cookie` header 589 * CORS support (`server`, `files`, `spa`) ([#134](https://github.com/avenga/couper/issues/134)) 590 * previously `api` only 591 * `error_file` attribute for `endpoint` block 592 * hcl functions: 593 * `merge` 594 * `url_encode` 595 * `backend` 596 * OAuth2 support ([#130](https://github.com/avenga/couper/issues/130)) 597 * grant_type: `client_credentials` 598 * `token` memory storage with ttl 599 * `path_prefix` attribute ([#138](https://github.com/avenga/couper/issues/138)) 600 601 ## [0.6.1](https://github.com/avenga/couper/compare/0.6...0.6.1) 602 603 Release date: 2021-03-15 604 605 * **Fixed** 606 * Fix missing panic recovering for backend roundtrips ([#142](https://github.com/avenga/couper/issues/142)) 607 * Fix backend `timeout` behaviour 608 * Add a more specific error message for proxy body copy errors 609 610 * **Changed** 611 * Couper just passes the `X-Forwarded-For` header if any instead of adding the client remote addr to the list ([#139](https://github.com/avenga/couper/pull/139)) 612 613 * **Added** 614 * `url_encode` function for RFC 3986 string encoding ([#136](https://github.com/avenga/couper/pull/136)) 615 616 ## [0.6](https://github.com/avenga/couper/compare/0.5.1...0.6) 617 618 Release date: 2021-03-11 619 620 * **Breaking Change** 621 * `backend` will be consumed by proxy and request as transport configuration now. The previous behaviour 622 that `backend` represents a `proxy` functionality is removed. Also the `backend` block must be defined in 623 `definitions`, `proxy` or `request`. 624 * Config migration, add a `proxy` block: 625 626 ```hcl 627 endpoint "/old" { 628 backend = "reference" 629 # or 630 backend { 631 #... 632 } 633 } 634 # change to: 635 endpoint "/new" { 636 proxy { 637 backend = "reference" 638 } 639 # or 640 proxy { 641 backend { 642 #... 643 } 644 } 645 } 646 ``` 647 648 * **Changed** 649 * Client-Request and upstream response body buffering by default 650 * Server shutdown delay and deadline defaults to `0s` now and can be configured via [env](DOCKER.md) if required 651 * Websocket connection upgrades in combination with `proxy {}` are disabled 652 * we will add a proxy option for ws usage later on 653 654 * **Fixed** 655 * An absolute path resolving for `*_file` configuration attributes ([#120](https://github.com/avenga/couper/pull/120)) 656 657 * **Added** 658 * Endpoint: 659 * Add `proxy` block to reverse proxy the client request to the configured `backend`. 660 * Add `request` block to send a simple upstream request. [Docs](docs/README.md#request-block) 661 * Add `response` block to create a custom client response. [Docs](docs/README.md#response-block) 662 * Add `jwt_sign()` function to be able to create and sign a token with a `jwt_signing_profile`. [Docs](docs/README.md#functions) ([#112](https://github.com/avenga/couper/issues/112)) 663 * Add `unixtime()` function for the current unix time in seconds ([#124](https://github.com/avenga/couper/issues/124)) 664 665 * **Code Refactoring** 666 * underlying code structure to represent an `endpoint` block with `proxy`, `request` and `response` configuration 667 * hcl evaluation context as own 'container' with `context.Context` interface 668 * test cleanups 669 670 * **Dependencies** 671 * build with go 1.16 672 * logrus to v1.8.1 673 * hcl to v2.9.1 674 * kin-openapi to v.0.49.0 675 676 ## [0.5.1](https://github.com/avenga/couper/compare/0.5...0.5.1) 677 678 Release date: 2021-02-16 679 680 * **Added** 681 * backend: 682 * a user-friendly `basic_auth` option 683 * backend `proxy` url, `disable_connection_reuse` and `http2` settings ([#108](https://github.com/avenga/couper/pull/108)) 684 * version command 685 686 * **Changed** 687 * KeepAlive `60s` ([#108](https://github.com/avenga/couper/pull/108)), previously `15s` 688 * Reject requests which hits an endpoint with basic-auth access-control, and the configured password evaluates to an empty string ([#115](https://github.com/avenga/couper/pull/115)) 689 690 ## [0.5](https://github.com/avenga/couper/compare/0.4.2...0.5) 691 692 Release date: 2021-01-29 693 694 * **Fixed** 695 * Fix missing http.Hijacker interface to be able to handle websocket upgrades ([#80](https://github.com/avenga/couper/issues/80)) 696 697 * **Added** 698 * Add additional eval functions: coalesce, json_decode, json_encode ([#105](https://github.com/avenga/couper/pull/105)) 699 * Add multi API support ([#103](https://github.com/avenga/couper/issues/103)) 700 * Add free endpoints ([#90](https://github.com/avenga/couper/issues/90)) 701 * Add remove_, set_ and add_headers ([#98](https://github.com/avenga/couper/issues/98)) 702 703 * **Code Refactoring** 704 * improved internals for configuration load 705 706 * **Dependencies** 707 * Upgrade hcl to 2.8.2 708 * Upgrade go-cty module to 1.5.0 709 * Upgrade logrus module to 1.7.0 710 * Upgrade kin-openapi module to v0.37 711 712 ## [0.4.2](https://github.com/avenga/couper/compare/0.4.1...0.4.2) 713 714 Release date: 2021-01-19 715 716 * **Fixed** 717 * Fix used backend hash not dependent on (hcl) config hierarchy (transport key) 718 * Fix logging http scheme even without a successful tls handshake ([#99](https://github.com/avenga/couper/pull/99)) 719 * Fix hcl.Body content for reference backends ([#96](https://github.com/avenga/couper/issues/96)) 720 721 ## [0.4.1](https://github.com/avenga/couper/compare/0.4...0.4.1) 722 723 Release date: 2021-01-18 724 725 * **Fixed** 726 * Fix path trailing slash ([#94](https://github.com/avenga/couper/issues/94)) 727 * Fix query encoding ([#93](https://github.com/avenga/couper/issues/93)) 728 * Fix log_format (settings) configuration ([#61](https://github.com/avenga/couper/issues/61)) 729 730 ## [0.4](https://github.com/avenga/couper/compare/v0.3...0.4) 731 732 Release date: 2021-01-13 733 734 * **Added** 735 * url log field ([#87](https://github.com/avenga/couper/issues/87)) 736 * Add proxy from env settings option ([#84](https://github.com/avenga/couper/issues/84)) 737 * Add backend settings: `disable_certificate_validation`, `max_connections` ([#86](https://github.com/avenga/couper/issues/86)) 738 739 * **Fixed** 740 * command flag filter for bool values ([#85](https://github.com/avenga/couper/issues/85)) 741 * different proxy options for same origin should be part of the origin transport key 742 743 * **Code Refactoring** 744 * configuration load and prepare related body merges on hcl level 745 746 ## [0.3](https://github.com/avenga/couper/compare/v0.2...v0.3) 747 748 Release date: 2020-12-15 749 750 * **Added** 751 * build version to startup log 752 * upstream request/response validation with `openapi` ([#21](https://github.com/avenga/couper/issues/21)) ([#22](https://github.com/avenga/couper/issues/22)) 753 * request-id: uuid v4 format option [#31](https://github.com/avenga/couper/issues/31) ([#53](https://github.com/avenga/couper/issues/53)) 754 * `path_params` [#59](https://github.com/avenga/couper/issues/59) 755 * gzip support ([#66](https://github.com/avenga/couper/issues/66)) 756 * `query_params` ([#73](https://github.com/avenga/couper/issues/73)) 757 * `json_body` access for request and response bodies [#44](https://github.com/avenga/couper/issues/44) ([#60](https://github.com/avenga/couper/issues/60)) 758 759 * **Changed** 760 * start Couper via `run` command now 761 * internal router [#59](https://github.com/avenga/couper/issues/59) 762 * docker tag behaviour on release [#70](https://github.com/avenga/couper/issues/70) ([#82](https://github.com/avenga/couper/issues/82)) 763 * request/response_headers to use `set` prefix ([#77](https://github.com/avenga/couper/issues/77)) 764 * passing the filename to underlying hcl diagnostics 765 * Dockerfile to provide simple file serving ([#63](https://github.com/avenga/couper/issues/63)) 766 767 * **Fixed** 768 * handling cty null or unknown values during roundtrip eval [#71](https://github.com/avenga/couper/issues/71) 769 * logging: start-time measurement 770 * missing `backend.hostname` documentation ([#62](https://github.com/avenga/couper/issues/62)) 771 772 ## [0.2](https://github.com/avenga/couper/compare/v0.1...v0.2) 773 774 Release date: 2020-10-08 775 776 * **Added** 777 * health check ([#29](https://github.com/avenga/couper/issues/29)) 778 * Basic-Auth support ([#19](https://github.com/avenga/couper/issues/19)) 779 * post (form) parsing for use in config variables ([#26](https://github.com/avenga/couper/issues/26)) 780 * more documentation 781 782 * **Fixed** 783 * wildcard path join with trailing slash and respect req path ([#45](https://github.com/avenga/couper/pull/45)) 784 * env var mapping ([#35](https://github.com/avenga/couper/pull/35)) 785 * JWT HMAC keys ([#32](https://github.com/avenga/couper/pull/32)) 786 787 ## 0.1 788 789 Release date: 2020-09-11 790 791 * **Added** 792 * Parse and load from given *HCL* configuration file 793 * Config structs for blocks: `server, api, endpoint, files, spa, definitions, jwt` 794 * HTTP handler implementation for `api backends, files, spa` and related config mappings 795 * CORS handling for `api` endpoints 796 * Access control configuration for all blocks 797 * Access control type `jwt` with claim validation 798 * _Access_ und _backend_ logs 799 * Configurable error templates with a fallback to our [defaults](./assets/files) 800 * Github actions for our continuous integration workflows 801 * [Dockerfile](./Dockerfile) 802 * [Documentation](./docs)