From 5c5f32741ce0aa05ca8bbdbc5fee7dcd0e50586c Mon Sep 17 00:00:00 2001 From: Fabrizio Salmi Date: Sat, 6 Dec 2025 23:13:17 +0100 Subject: [PATCH] docs: release v0.1.4 preparation (changelog, security, readme) --- CHANGELOG.md | 30 ++++++++++++++++++++++++++++++ README.md | 6 ++++++ SECURITY.md | 31 +++++++++++++++++++++++++++---- 3 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..0ddbe6d --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,30 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [v0.1.4] - 2025-12-06 + +### Security +- Fixed Panic vulnerability in `quic-go` by upgrading to `v0.54.0` (requires Caddy v2.10.x and Go 1.25). +- Addressed Dependabot Alert #7. + +### Changed +- Upgraded Caddy dependency to `v2.10.2`. +- Upgraded Go requirement to `1.25`. +- Improved CI workflows to use Go 1.25 for build and release. + +## [v0.1.3] - 2025-12-06 +### Fixed +- Downgraded `quic-go` to `v0.48.2` and Caddy to `v2.9.1` to temporarily resolve Go version conflicts (superseded by v0.1.4). +- Fixed import grouping for `gci` linter compliance. +- Fixed GitHub Actions release workflow. + +## [v0.1.2] - 2025-12-06 +### Added +- SOTA Engineering patterns (Zero-Copy headers, Wait-Free Ring Buffer, Circuit Breaker). +- ASN Blocking support. +- Configurable Request Body size limit. +- GeoIP Fail Open configuration. diff --git a/README.md b/README.md index ef5f979..b2a582c 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,12 @@ curl -fsSL -H "Pragma: no-cache" https://raw.githubusercontent.com/fabriziosalmi ## 🚀 Installation +### Prerequisites + +- [Go](https://golang.org/dl/) **1.25** or higher +- [Caddy](https://caddyserver.com/docs/install) **v2.10.x** or higher (for building with this plugin) +- [xcaddy](https://github.com/caddyserver/xcaddy) (for building Caddy with plugins) + ```bash # Step 1: Clone the caddy-waf repository from GitHub git clone https://github.com/fabriziosalmi/caddy-waf.git diff --git a/SECURITY.md b/SECURITY.md index 136882f..ac1ad8c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,12 +4,35 @@ | Version | Supported | | ------- | ------------------ | -| current | :white_check_mark: | - +| v0.1.x | :white_check_mark: | +| < 0.1.0 | :x: | ## Reporting a Vulnerability -There is automated security code scanning in place provided by GitHub. +We take the security of `caddy-waf` seriously. If you find a vulnerability, please report it! -Please open an issue to report a vulnerability. +### How to Report +Please do **NOT** open a public issue on GitHub. Instead, report the vulnerability via: + +1. **Email**: Send the details to the maintainer (fabrizio.salmi@gmail.com). +2. **GitHub Private Advisory**: Open a private advisory draft on this repository if you have permissions, or contact the maintainer to enable it. + +### Required Information + +When reporting a vulnerability, please include: + +- A description of the vulnerability. +- Steps to reproduce the issue (PoC code is helpful). +- Impact of the vulnerability. +- Affected versions. + +### Response Timeline + +- We will acknowledge your report within 48 hours. +- We will provide an estimated timeline for the fix within 1 week. +- We will release a patch as soon as possible. + +### Credit + +We will credit you in the release notes and changelog for responsibly disclosing vulnerabilities, unless you prefer to remain anonymous.