NEWS in yahns-1.11.0 vs NEWS in yahns-1.12.0
- old
+ new
@@ -1,4 +1,66 @@
+=== yahns 1.12.0 - TLS fixes and more! / 2016-02-14 22:30 UTC
+
+ Most notably, serving static files over HTTPS did not work
+ before this release with the "sendfile" gem installed. The
+ yahns_config(5) manpage is also updated with an example for
+ using OpenSSL::SSL::SSLContext objects. Users of
+ Rack::Request#scheme and env['rack.url_scheme'] should see
+ "https" properly set for HTTPS connections.
+
+ There's also a bunch of internal tweaks like taking advantage of
+ the file-level frozen_string_literal: directive in 2.3 and
+ explicitly clearing short-lived string buffers
+
+ TLS support is still in its early stages, but I'm experimenting
+ with Let's Encrypt (via getssl[1]) and hosting https://YHBT.net/
+ on it.
+
+ For now, I suggest using a separate yahns instance (with a
+ different master process) to avoid any potential data leaks
+ between HTTPS and HTTP instances. In the future, it may be
+ possible to isolate HTTPS from HTTP at the worker process level.
+ Supporting GnuTLS (alongside OpenSSL) may be in our future, too.
+
+ To paraphrase the warning in http://www.postfix.org/TLS_README.html
+ (which was written before Heartbleed):
+
+ WARNING
+
+ By turning on TLS support in yahns, you not only get the
+ ability to encrypt traffic and to authenticate remote
+ clients. You also turn on thousands and thousands of
+ lines of OpenSSL library code. Assuming that OpenSSL is
+ written as carefully as Eric's own code, every 1000 lines
+ introduce one additional bug into yahns.
+
+ I'm not nearly as careful with yahns as Wietse is with postfix,
+ either.
+
+ 20 changes since v1.11.0:
+ README: updates for kqueue
+ add .gitattributes for Ruby method detection
+ nodoc internals
+ enable frozen_string_literal for Ruby 2.3+
+ copyright updates for 2016
+ extras/exec_cgi: fix frozen string error on slow responses
+ avoid StringIO#binmode for the next few years
+ use String#clear for short-lived buffers we create
+ gemspec: make rack a development dependency
+ build: install-gem forced to "--local" domain
+ acceptor: all subclasses of TCPServer use TCP_INFO
+ properly emulate sendfile for OpenSSL sockets
+ avoid race conditions in OpenSSL::SSL::SSLContext#setup
+ set HTTPS and rack.url_scheme in Rack env as appropriate
+ proxy_pass: pass X-Forwarded-Proto through
+ doc: switch to perlpod (from pandoc-flavored Markdown)
+ doc: trim down documentation slightly
+ doc: document ssl_ctx for "listen" directive
+ doc: various doc and linkification improvements
+ http_context: reduce constant lookup + bytecode
+
+ [1] git clone https://github.com/srvrco/getssl.git
+
=== yahns 1.11.0 - more minor updates / 2015-12-13 02:20 UTC
There's some minor test case fixes and documentation updates.
For OpenSSL users running the Ruby 2.3.0 preview releases,