This new v2.36.1 release brings several security and bug fixes and is the last version supporting legacy Windows 7, 8, 8.1 platforms.

Security patch for RUSTSEC-2024-0437

This release temporarily removes the experimental Cargo feature from the resulting static-web-server binary (but not the Cargo feature itself) to prevent shipping the security vulnerability (RUSTSEC-2024-0437 #530) in this release.

The experimental Cargo feature (that includes experimental features like metrics and in-memory cache) will be restored to be part of the binary again in the next release.

End support for unmaintained Windows 7, 8, 8.1 platforms

As we mentioned a year ago (#447), SWS would not continue supporting legacy Windows 7, 8, and 8.1 platforms for so long as Microsoft stopped support for Windows 7 in 2020 and Rust requires Windows 10 as the minimum supported platform since 1.78.

Today, we announce that v2.36.1 is the last release supporting such legacy platforms and having Rust 1.76.0 as MSRV.
Future releases will bump up the MSRV when convenient and will require Windows 10 as the minimum supported platform.
However, although we will try to provide a patch for users wanting to build SWS manually for those legacy platforms in the future, we cannot fully guarantee that SWS will continue building for the aforementioned platforms.

Fixes

• ad4c171 Bugfix/security dependency updates including tokio, httparse, ring, rustls, bytes, serde and other crates. PR #532.
• 5fbd0c5 CORS: Add missing Origin to the Vary header value when CORS feature is enabled. PR #534 resolves #533 reported by @rbozan.

For more details see the v2.36.1 milestone and the full changelog v2.36.0...v2.36.1.

This new v2.36.0 release brings several security and bug fixes. A bugfix for the trailing slash redirect, a new feature to log from the X-Real-IP HTTP header as well as other improvements.

Fixes

• aadca81 Bugfix/security dependency updates including httparse, rustls, clap, bcrypt, maud, bytes and other crates. PR #524.
• 99aa74d Docker: Update Alpine (3.19.6) and Debian (12.9) Docker images. PR #518.
• a639039 Add missing query string to the URI trailing slash redirect. PR #523.

Features

• 134db39 Log from X-Real-IP HTTP header via new --log-x-real-ip option. PR #521 by @dctaf. See docs.

Refactorings

• 8fa9cda Improve fallback page path checking and logging. PR #522.
• 0053d74 CI: Improve post-release updates workflow. PR #525.

For more details see the v2.36.0 milestone and the full changelog v2.35.0...v2.36.0.

This new v2.35.0 release brings several security and bug fixes. A bugfix for the directory listing, new development Docker images as well as other improvements.

Fixes

• c236674 Bugfix/security dependency updates including hyper, tokio, rustls, glob, serde, time and other crates. PR #515.
• 206900b Directory listing HTML content outside of body tag. PR #511 by @alxv-su.
• 35bb607 CI: NetBSD 9.2 broken source link used by cross CI cross-compiling tool. PR #513

Features

• b46a7a0 Docker: Development Docker images based on master branch changes. PR #512 by @joseluisq and co-authored by @mschoettle. See docs.

Refactorings

• 1c4929d CI: Improve GitHub CI workflows. PR #514.

Docs

• 284eb50 Development Docker images description. PR #516. See docs.

For more details see the v2.35.0 milestone and the full changelog v2.34.0...v2.35.0.

Acknowledgments

Thanks to our new donor @thumbert for supporting the project.

This new v2.34.0 release brings several security and bug fixes. Better X-Forwarded-For handling and other improvements.

Breaking

• URL Redirects/Rewrites: Single Glob wildcard (*) will no longer match a path separator (/) in source but double wildcard (**) can be used instead if wanted. See docs below.
• Log Remote Address: log-remote-address option will no longer log from the X-Forwarded-For header by default. It has to be opted-in together with the new log-forwarded-for option. See docs below.

Fixes

• 93479ba Bugfix/security dependency updates including tokio, rustls, regex, tracing, flate2, serde, async-compression and other crates. PR #502.
• 4ed4bb4 Docker: Update Alpine (3.19.4) and Debian (12.8) Docker images. PR #505.
• 0768c20 CI: Update deprecated macos-12 Github Actions runner to macos-14.

Features

• 13e3f38 Better X-Forwarded-For handling via the new log-forwarded-for and trusted-proxies options. PR #495 by @Jeidnx. See docs.

Refactorings

• 96ed7df breaking: Prevent single Glob wildcard (*) from matching a path separator (/) in URL Redirect's source. PR #501 by @mschoettle. See docs.
• 2737f4c breaking: Prevent single Glob wildcard (*) from matching a path separator (/) in URL Rewrite's source. PR #506 by @mschoettle. See docs.
• 5516b6a Misc: Improve tests for URL Redirects feature. PR #503 by @mschoettle.

Docs

• e1a73c0 Add contributing, code of conduct and code guidelines pages.
• 12387a8 Improve docs configuration and fix some anchor links. PR #504 by @mschoettle. See docs.
• cd11bd6 Replace the deprecated TrueNAS Scale option with TrueCharts. PR #486 by @ctag. See docs.

For more details see the v2.34.0 milestone and the full changelog v2.33.1...v2.34.0.

This new v2.33.1 release brings several security and bug fixes as well as other minor improvements.

Fixes

• 93479ba Bugfix/security dependency updates including hyper, tokio, httparse, rustls, regex, once_cell, flate2, async-compression and other crates. PR #490.

Refactorings

• de8482d Do not set Last-Modified header if mtime is Unix epoch. PR #488 by @akhilles.

Docs

• 30a6409 Minor tweaks to man-pages-completions.md page.

For more details see the v2.33.1 milestone and the full changelog v2.33.0...v2.33.1.

This new v2.33.0 release brings several security and bug fixes. New features like experimental in-memory files cache with eviction policy support, new subcommand to generate man pages and shell completions as well as other improvements.

Note that experimental features are subject to change in future releases. Feel free to give it a try and let us know your feedback.

Fixes

• e25b586 Bugfix/security dependency updates including tokio, rustls, serde, toml, once_cell, flate2, clap and other crates. PR #479.
• a3d40b8 Crate: Issues when building SWS without default features. PR #480.
• 6bb6138 Docker: Update Alpine (3.18.9) and Debian (12.7) Docker images. PR #478.

Features

• 5bdfcd4 Advanced: Experimental in-memory files cache with eviction policy support via a new advanced config option. See PR #328 description for usage and details.
• ec85abd Crate: Add in-memory files cache to the experimental Cargo feature. See PR #482 description for more details.
  • MSRV update: Note that due to this change, the SWS's Minimum Supported Rust Version is now 1.76.0 when building from source or using it as a library. See docs.
• d567b4e CLI: Support for generating man pages and shell completions via new generate subcomand. PR #475 by @jcgruenhage. See docs.

For more details see the v2.33.0 milestone and the full changelog v2.32.2...v2.33.0.

Acknowledgments

Thanks to our new donor @ramkumarkb for supporting the project.

This new v2.32.2 release brings several security and bug fixes as well as other improvements.

Fixes

• 634dd98 Bugfix/security dependency updates including tokio, rustls, serde, toml, zstd, clap and other crates. PR #472.
• a72c7b3 Wrong Content-Encoding when serving a pre-compressed file if compression and compression-static features are enabled. PR #471 fixes #470 reported by @davinkevin.
• dd48972 CLI (regression): Boolean flags without explicit values do not work. PR #468 fixes #467 reported by @stardustman.
• 915d040 Tests: Not able to run tests via Cargo when passing non-SWS arguments. PR #466 fixes #465 reported by @fpletz.

Refactorings

• f228a7a Misc: Add a Make task for building all development Docker images.

For more details see the v2.32.2 milestone and the full changelog v2.32.1...v2.32.2.

This new v2.32.1 release brings several security and bug fixes as well as other improvements.

Fixes

• cfa3567 Bugfix/security dependency updates including hyper, tokio, rustls, jemallocator, url, zstd, toml, mime_guess and other crates. PR #463.
• 87ce30d Docker: Update Debian Docker images to 12.6. PR #461.
• 057239d Docker: Update Alpine Docker images to 3.18.7. PR #459.

Refactorings

• b3fad98 CI: Remove deprecated bors and improve devel workflow. PR #458.
• e64076c CI: Improve typos workflow configuration. PR #456 by @szepeviktor.
• 4c805d6 Remove some redundant async function signatures. PR #457.

Docs

• 25b1b1c Improve feature, versioning pages and remove dead links. PR #460.

For more details see the v2.32.1 milestone and the full changelog v2.32.0...v2.32.1.

This new v2.32.0 release brings several bug fixes and a new option to disable symlinks as well as other improvements.

Fixes

• cd5fa1b Bugfix/security dependency updates including hyper, tokio, regex, serde, httparse and other crates (also c227302, 6713932).
• 6031a1b Incorrect Content-Encoding for pre-compressed Zstd file requests. PR #452 fixes #451 reported by @nomeaning777.
• 3410365 Duplicated Vary response header for compression and compression-static features. PR #453.

Features

• eeb88da Disable symlinks via the new --disable-symlinks option. PR #454. See docs.
• b291189 Installer: Custom install version and directory options for binary installer. PR #449 by @frankli0324. See docs.

Docs

• a888397 Improve the download and install page. PR #450 (also 91f8ec0). See docs.

For more details see the v2.32.0 milestone and the full changelog v2.31.1...v2.32.0.

This new v2.31.1 release fixes an issue when running the SWS Linux ARM64 Musl binary on systems with greater memory page sizes than 4KB and re-enables build support for the legacy Windows 7 dropped by the previous release.

Fixes

• c5f851f Bugfix/security dependency updates.
• adaddde Jemalloc unsupported system page size in Linux ARM64 Musl. PR #446.
• 1763623 Lib: Cargo publish issue due to missing build.rs file include.

Refactorings

• 5f116d7 Re-enable Windows 7, 8, 8.1 build support. PR #447.
  The following Windows targets will build now using Rust 1.77.2 rather than the latest stable version, except aarch64-pc-windows-msvc (a.k.a. Windows ARM64):
  • x86_64-pc-windows-msvc
  • i686-pc-windows-msvc
  • x86_64-pc-windows-gnu