go-gemini v0.2.3
Version 0.2.3 brings a few minor bug fixes and improvements.
Adnan Maolood (3):
readme: Update Gemini specification version
doc: Fix Mux documentation
fs: Prevent invalid directory links
Yujiri (1):
Fix parsing of list item lines
Version 0.2.2
Version 0.2.2 brings some improvements to Mux, the Gemini request
multiplexer.
Mux now properly handles redirects for patterns with wildcard or empty
hostnames. A more comprehensive test suite has also been added to ensure
that Mux behaves properly.
Support for specifying schemes in patterns provided to Mux has been
removed. Mux now only accepts requests with a scheme of "gemini".
Adnan Maolood (3):
mux: Remove support for handling schemes
mux: Add more tests
mux: Tweak documentation
Version 0.2.1 is released!
Version 0.2.1 fixes a few bugs and makes a few changes.
A panic caused by an out-of-bounds slice access in FileServer was fixed.
Users of FileServer should upgrade to avoid any issues.
The FileServer redirection code has been improved and now redirects to
the canonical path in more cases.
The ServeContent function has been removed as it does not provide much
useful functionality. Users should use ResponseWriter.SetMediaType and
io.Copy instead.
The ServeFile function no longer takes a Request argument and will no
longer perform any checks of the request URL or redirections. Users of
are expected to sanitize the file name before providing it to ServeFile.
For redirection to canonical paths, use FileServer.
An issue where wrapping a ResponseWriter with LoggingMiddleware would
cause an empty meta to be written was fixed.
Adnan Maolood (6):
fs: Fix panic on indexing URL of zero length
LoggingMiddleware: Prevent writing empty meta
fs: Remove ServeContent function
fs: Refactor
fs: Improve redirect behavior
fs: Avoid equality check if lengths don't match
Version 0.2.0 is released!
Version 0.2.0 represents a milestone in the development of go-gemini.
It brings a stronger promise of stability and backwards compatibility.
Version 0.2.0 can be used with Go 1.15, though some filesystem-related
functionality is only available on Go 1.16 and above as it relies on the
io/fs package. Those who do not need this functionality can continue to
use Go 1.15.
Future 0.2.x versions will focus mainly on improving documentation,
ironing out bugs, and polishing existing features.
Revert "Require Go 1.16"
This reverts commit 0e87d64ffc2512563926d15cea6806f47205f7f9.
response: Remove unnecessary length check
Version 0.1.22 is released!
Version 0.1.22 brings some bug fixes and tweaks.
ServeMux has been renamed to Mux.
The default media type for responses no longer specifies "charset=utf-8"
as it is implied.
ReadResponse now limits the size of the response header so that it does
not read more than necessary. ReadRequest and ReadResponse also no longer
treat an empty meta as valid.
An issue where ServeFile did not specify the media type for directory
index pages has been fixed.
Adnan Maolood (10):
Rename ServeMux to Mux
Remove charset=utf-8 from default media type
Remove unused field
response: Treat empty meta as invalid
Tweak request and response parsing
client: Close connection on error
client: Only get cert if TrustCertificate is set
fs: Fix empty media type for directory index pages
response: Don't use bufReadCloser
response: Limit response header size
Version 0.1.21 is released!
Version 0.1.21 reintroduces StatusSensitiveInput as there has not been
an official decision to remove it.
Version 0.1.20 is released!
Version 0.1.20 brings some bug fixes and improvements.
LoggingMiddleware has been moved out of examples/server.go and into the
library so that those who need it can easily take advantage of it.
The tofu submodule now encodes fingerprints in base64 instead of hex to
reduce the size of fingerprints. KnownHosts.Load now attempts to create
the known hosts file and any parent directories if they do not exist.
The default duration for certificates created with certificate.Store is
now 100 years instead of 250 years. The certificate store will also
attempt to create the certificate directory provided in Load if it does
not exist. The certificate store will also clean the path provided to
Load to fix an issue where certificates failed to load properly from
relative paths.
The certificate store no longer supports certificates scoped to certain
paths. Clients are recommended to limit the scope of certificates to
entire hosts for simplicity.
StatusSensitiveInput has been removed to encourage servers to rely on
client certificates for authentication instead of passwords. Those who
still wish to use it can use the number 11 instead.
Adnan Maolood (13):
certificate.Store: Clean scope path in Load
Move LoggingMiddleware out of examples/server.go
certificate.Store: Make 100 years the default duration
certificate.Store: Don't check parent scopes in Lookup
certificate.Store: Don't call os.MkdirAll
tofu: Automatically create file in KnownHosts.Load
tofu: Fix format in error message
tofu: Use base64-encoded sha256 fingerprints
tofu: Fix known host unmarshaling
examples/client: Fix certificate trust check
Remove StatusSensitiveInput
tofu: Use stricter file permissions
certificate.Store: Call os.MkdirAll on Load
Noah Kleiner (1):
tofu: Create path if not exists
Version 0.1.19 is released!
Version 0.1.19 brings some bug fixes and changes.
Most notably, go-gemini now follows updated TOFU guidelines which can be
found at gemini://drewdevault.com/2020/09/21/Gemini-TOFU.gmi
- The Client no longer performs checks on the server's TLS certificate's
notBefore, notAfter, common name and DNS names.
- certificate.Store now creates certificates with a default duration of
250 years.
- The tofu submodule has been updated to use the new known hosts format,
which is the same as the old one except that it no longer includes an
expiration timestamp.
Various bugs in certificate.Store have been fixed, including a deadlock
which was triggered upon generating a new certificate.