I am performing an incompatible upgrade of the caddy package in EPEL 9. In accordance with the incompatible upgrade policy [0], I proposed this upgrade just over a week ago on the epel-devel mailing list [1]. For reasons detailed in the previous email, it is no longer possible to update the package at the current version, preventing me from resolving known CVEs. Today the EPEL Steering Committee voted to approve this upgrade [2].
This upgrade will take the package from version 2.4.6 to 2.6.4. This includes a few backwards-incompatible changes. I believe these changes are on the milder side, and most users shouldn't notice a difference. Here are the most notable removals/changes:
- Reverse proxy: Incoming X-Forwarded-* headers will no longer be automatically trusted, to prevent spoofing. - Logging: Removed the deprecated common_log field from HTTP access logs, and the single_field encoder. - Logging: The remote_addr field has been replaced by remote_ip and remote_port fields in HTTP access logs, which split up the two parts of the remote address. - Caddyfile: The reverse_proxy directive's handle_response subdirective has had its status replacement functionality moved to a new replace_status subdirective.
There are also a few additional changes to features labeled as experimental, and some deprecations (not yet removed). For a full list, see the upstream release notes [3][4].
If you are able, please test and provide karma for the update [5].
[0] https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/ [1] https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject... [2] https://meetbot.fedoraproject.org/fedora-meeting/2023-08-23/epel.2023-08-23-... [3] https://github.com/caddyserver/caddy/releases/tag/v2.5.0 [4] https://github.com/caddyserver/caddy/releases/tag/v2.6.0 [5] https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8849a14e7f