NEWS in yahns-1.11.0 vs NEWS in yahns-1.12.0

- old
+ new

@@ -1,4 +1,66 @@ +=== yahns 1.12.0 - TLS fixes and more! / 2016-02-14 22:30 UTC + + Most notably, serving static files over HTTPS did not work + before this release with the "sendfile" gem installed. The + yahns_config(5) manpage is also updated with an example for + using OpenSSL::SSL::SSLContext objects. Users of + Rack::Request#scheme and env['rack.url_scheme'] should see + "https" properly set for HTTPS connections. + + There's also a bunch of internal tweaks like taking advantage of + the file-level frozen_string_literal: directive in 2.3 and + explicitly clearing short-lived string buffers + + TLS support is still in its early stages, but I'm experimenting + with Let's Encrypt (via getssl[1]) and hosting https://YHBT.net/ + on it. + + For now, I suggest using a separate yahns instance (with a + different master process) to avoid any potential data leaks + between HTTPS and HTTP instances. In the future, it may be + possible to isolate HTTPS from HTTP at the worker process level. + Supporting GnuTLS (alongside OpenSSL) may be in our future, too. + + To paraphrase the warning in http://www.postfix.org/TLS_README.html + (which was written before Heartbleed): + + WARNING + + By turning on TLS support in yahns, you not only get the + ability to encrypt traffic and to authenticate remote + clients. You also turn on thousands and thousands of + lines of OpenSSL library code. Assuming that OpenSSL is + written as carefully as Eric's own code, every 1000 lines + introduce one additional bug into yahns. + + I'm not nearly as careful with yahns as Wietse is with postfix, + either. + + 20 changes since v1.11.0: + README: updates for kqueue + add .gitattributes for Ruby method detection + nodoc internals + enable frozen_string_literal for Ruby 2.3+ + copyright updates for 2016 + extras/exec_cgi: fix frozen string error on slow responses + avoid StringIO#binmode for the next few years + use String#clear for short-lived buffers we create + gemspec: make rack a development dependency + build: install-gem forced to "--local" domain + acceptor: all subclasses of TCPServer use TCP_INFO + properly emulate sendfile for OpenSSL sockets + avoid race conditions in OpenSSL::SSL::SSLContext#setup + set HTTPS and rack.url_scheme in Rack env as appropriate + proxy_pass: pass X-Forwarded-Proto through + doc: switch to perlpod (from pandoc-flavored Markdown) + doc: trim down documentation slightly + doc: document ssl_ctx for "listen" directive + doc: various doc and linkification improvements + http_context: reduce constant lookup + bytecode + + [1] git clone https://github.com/srvrco/getssl.git + === yahns 1.11.0 - more minor updates / 2015-12-13 02:20 UTC There's some minor test case fixes and documentation updates. For OpenSSL users running the Ruby 2.3.0 preview releases,