libpve-http-server-perl (5.2.2) bookworm; urgency=medium * handle issues with clients where they actively disconnect while we also actively try to close the connection, so that both happens in parallel. This fixes a regression with the last update that mostly affected setups with a reverse proxy like HAProxy in front of the Provmox VE API daemon, where the race to close the connection was amplified due to the almost non-existent latency between those two components and seemingly also by how aggresive HAProxy closes connections. -- Proxmox Support Team Tue, 08 Apr 2025 16:44:09 +0200 libpve-http-server-perl (5.2.1) bookworm; urgency=medium * fix #6230: increase allowed post size from 64 KiB to 512 KiB to accommodate large resource mappings or any other configuration where entries can grow very big. * fix unexpected EOF for client when closing TLS session. -- Proxmox Support Team Mon, 07 Apr 2025 21:44:15 +0200 libpve-http-server-perl (5.2.0) bookworm; urgency=medium * fix external linking when cookie was acquired via HTML formatter due to overly strict SameSite attribute. * fix #5699: add support to define a HTTP header from which the real IP of a connection should be parsed from. This can be useful for setups with a reverse proxy in front of the API server. On top of that add support for optionally configuring an allow-list of IP networks that the real source IP must match one to allow the connection to be handled. * Always stringify error for responses to the 'extjs' formatter explicitly to avoid the call to to_json fail when trying to serialize a blessed object, like a PVE::APIClient::Exception. * fix #6503: return error messages from the API also for the json formatter. * fix #4816: do not try to disconnect twice if client sends no data, avoiding a false-positive error in the system log. * add error message directly into the HTTP body if it's empty, making it easier for HTTP clients that do not have access to the HTTP headers to extract said error message. * use the '500 Internal Server Error' HTTP error response were appropriate instead of '501 Not Implemented'. -- Proxmox Support Team Tue, 28 Jan 2025 16:08:54 +0100 libpve-http-server-perl (5.1.2) bookworm; urgency=medium * fix #5391: proxy request: avoid "HTTP 599 Too many redirections" error that could occur due to long-running requests and bad timing during connection reuse. Disable connection reuse for all but GET requests that are proxied between different nodes, and allow one retry in this case. This can add a tiny bit of overhead if many PUT requests that are proxied to other nodes are issued with only a small delay between each other. However, such a high-frequency PUT request pattern is considered an edge case, and benchmarks show that the slowdown is about 2ms on average, which is often negligible compared to the actual time required to process the request. -- Proxmox Support Team Fri, 04 Oct 2024 14:02:39 +0200 libpve-http-server-perl (5.1.1) bookworm; urgency=medium * handler: only allow downloads for annotated endpoints and remove support for directly returned download info -- Proxmox Support Team Mon, 23 Sep 2024 11:07:22 +0200 libpve-http-server-perl (5.1.0) bookworm; urgency=medium * http: support the deflate compression content encoding -- Proxmox Support Team Mon, 22 Apr 2024 13:14:26 +0200 libpve-http-server-perl (5.0.6) bookworm; urgency=medium * access control: avoid "uninitialized value" warning if using IP ranges -- Proxmox Support Team Tue, 26 Mar 2024 09:16:48 +0100 libpve-http-server-perl (5.0.5) bookworm; urgency=medium * fix #4859: properly configure TLSv1.3 only mode -- Proxmox Support Team Fri, 03 Nov 2023 12:06:31 +0100 libpve-http-server-perl (5.0.4) bookworm; urgency=medium * fix #4802: reduce CA lookups while proxying with OpenSSL as packaged in Debian 12 Bookworm. * avoid AnyEvent::AIO to fix CPU spinning if the pure-perl implementation libanyevent-aio-perl is installed, for example on development machines when trying to use the perl language server. -- Proxmox Support Team Mon, 03 Jul 2023 09:38:56 +0200 libpve-http-server-perl (5.0.3) bookworm; urgency=medium * proxy request: handle missing content-type header -- Proxmox Support Team Fri, 09 Jun 2023 18:58:05 +0200 libpve-http-server-perl (5.0.2) bookworm; urgency=medium * formatter/bootstrap: set SameSite attr of auth cookie to 'strict' * when proxying requests, preserve json formatting instead of converting to x-www-form-urlencoded * support actual arrays for array parameters, as a replacement for '-list' and '-alist' formats -- Proxmox Support Team Wed, 07 Jun 2023 13:21:19 +0200 libpve-http-server-perl (5.0.1) bookworm; urgency=medium * fix regression in the html (bootstrap) based API debug explorer, which came in through a more strict pattern checking in a newer version of the used URL encoding library -- Proxmox Support Team Sat, 03 Jun 2023 15:15:47 +0200 libpve-http-server-perl (5.0.0) bookworm; urgency=medium * switch over to native versioning * various small code and packaging clean ups * re-build for Debian 12 Bookworm based releases -- Proxmox Support Team Wed, 17 May 2023 07:26:11 +0200 libpve-http-server-perl (4.2-3) bullseye; urgency=medium * file upload: don't always calculate MD5 for syslog message, rather log the file name instead, * explicitly disallow tmpfilename parameter in query URL -- Proxmox Support Team Fri, 14 Apr 2023 16:27:07 +0200 libpve-http-server-perl (4.2-2) bullseye; urgency=medium * multipart upload: properly parse file parts without Content-Type -- Proxmox Support Team Tue, 11 Apr 2023 14:44:03 +0200 libpve-http-server-perl (4.2-1) bullseye; urgency=medium * fix #4494: redirect incoming HTTP requests to HTTPS to avoid common pitfall when opening the Proxmox VE or Proxmox Mail Gateway web-interface for the first time -- Proxmox Support Team Thu, 16 Mar 2023 16:57:59 +0100 libpve-http-server-perl (4.1-6) bullseye; urgency=medium * multipart upload: fix upload of files starting with newlines * multipart upload: don't fail on presebce of additional headers * multipart upload: loosen trailing-newline requirement from spec, as some more popular clients (e.g., postman) violate that rule. * fix #4344: http-server: fix regression that required the 'Content-Type' to be always present for multipart headers, while it wasn't used at all. -- Proxmox Support Team Mon, 06 Mar 2023 13:39:57 +0100 libpve-http-server-perl (4.1-5) bullseye; urgency=medium * upload: re-allow having white-space in filenames -- Proxmox Support Team Mon, 07 Nov 2022 16:43:31 +0100 libpve-http-server-perl (4.1-4) bullseye; urgency=medium * acknowledge content-disposition header * request: add missing early return to future proof error check -- Proxmox Support Team Thu, 29 Sep 2022 14:37:05 +0200 libpve-http-server-perl (4.1-3) bullseye; urgency=medium * response: forbid linefeeds in response status message * proxy request: assert that API url starts with a slash * pass through streaming: only allow from privileged local pvedaemon as safety net * requests: assert that there is no @ in the URLs authority -- Proxmox Support Team Sat, 02 Jul 2022 09:16:21 +0200 libpve-http-server-perl (4.1-2) bullseye; urgency=medium * tls: log failure to apply TLS 1.3 ciphers * html formatter: encode href attributes for API debug viewer -- Proxmox Support Team Tue, 17 May 2022 16:40:12 +0200 libpve-http-server-perl (4.1-1) bullseye; urgency=medium * web socket: guard disconnect block check properly * avoid warning if request params does not exist * fix #3807: don't attempt response on closed handle * fix #3790: allow setting TLS 1.3 cipher suites * fix #3745: allow overriding TLS key location * fix #3789: allow disabling TLS v1.2/v1.3 -- Proxmox Support Team Thu, 13 Jan 2022 13:32:43 +0100 libpve-http-server-perl (4.0-4) bullseye; urgency=medium * webproxy: handle unflushed write buffer * fix #3724: disable TLS renegotiation * download-stream: allow the api call to set the content-encoding -- Proxmox Support Team Wed, 24 Nov 2021 18:14:53 +0100 libpve-http-server-perl (4.0-3) bullseye; urgency=medium * anyevent: move unlink from http-server to endpoint -- Proxmox Support Team Mon, 04 Oct 2021 10:18:12 +0200 libpve-http-server-perl (4.0-2) pve pmg; urgency=medium * AnyEvent/websocket_proxy: remove 'base64' handling * AnyEvent/websocket_proxy: drop handling of websocket subprotocols -- Proxmox Support Team Tue, 18 May 2021 10:19:00 +0200 libpve-http-server-perl (4.0-1) bullseye; urgency=medium * rebuild for Debian 11 Bullseye based releases -- Proxmox Support Team Fri, 14 May 2021 16:37:34 +0200 libpve-http-server-perl (3.2-2) pve pmg; urgency=medium * access control: correctly match v4-mapped-v6 addresses * access control: also match any IPv6 in 'ALL' -- Proxmox Support Team Fri, 07 May 2021 17:49:34 +0200 libpve-http-server-perl (3.2-1) pve pmg; urgency=medium * allow 'download' to be passed from API handler * utils: add LISTEN_IP option in proxy configuration * support streaming data form a file handle to a client * allow stream download from path and over short-cutted pvedaemon-proxy -- Proxmox Support Team Fri, 23 Apr 2021 13:54:04 +0200 libpve-http-server-perl (3.1-1) pve pmg; urgency=medium * accept connection phase: fix connection count leak * accept connection phase: immediately close socket on early error -- Proxmox Support Team Fri, 11 Dec 2020 08:39:36 +0100 libpve-http-server-perl (3.0-6) pve pmg; urgency=medium * fix #2766: allow application/json as content-type for post/put requests * increase maximal accepted header count to 64. Modern browsers and proxy combinations can exceed the old limit of 30. The maximal accumulated total header size of 8 KiB stays untouched. -- Proxmox Support Team Thu, 02 Jul 2020 09:42:39 +0200 libpve-http-server-perl (3.0-5) pve pmg; urgency=medium * partially fix #2618: use new unified spice port range helper from pve-common, increases maximum proxy port for spice to 61999 * Websocket: implement ping/pong from RFC * Websocket: performance improvements -- Proxmox Support Team Mon, 09 Mar 2020 16:12:45 +0100 libpve-http-server-perl (3.0-4) pve pmg; urgency=medium * allow ticket in 'Authorization' header as fallback * api-server: extract, set and handle API token header -- Proxmox Support Team Wed, 29 Jan 2020 09:32:04 +0100 libpve-http-server-perl (3.0-3) pve pmg; urgency=medium * send_file_start: allow to pass a open fh and content-type -- Proxmox Support Team Fri, 11 Oct 2019 11:25:12 +0200 libpve-http-server-perl (3.0-2) pve pmg; urgency=medium * decode_urlencoded: cope with undefined values * anyevent: rpcenv is optional and from our child instance -- Proxmox Support Team Thu, 11 Jul 2019 19:30:23 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libpve-http-server-perl`.