7419b7a15a
Images: Remove redundant ModSecurity-nginx patch. ( #13740 )
...
Co-authored-by: marcel2012 <13705842+marcel2012@users.noreply.github.com>
2025-08-11 03:21:06 -07:00
19d2bd86cb
NGINX: Disable mimalloc's architecture specific optimizations. ( #13669 )
2025-07-23 06:12:27 -07:00
cd5c23cc65
NGINX: Bump to OpenResty v1.27.1.2. ( #13524 )
2025-06-18 04:48:50 -07:00
44329a804e
Images: Bump Alpine to v3.22. ( #13490 )
2025-06-08 09:10:22 -07:00
3710e62541
NGINX: Add NJS. ( #13324 )
...
Signed-off-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Co-authored-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
2025-05-06 10:33:14 -07:00
b6e5ca2a68
Images: Rework. (1/3) ( #13008 )
2025-03-23 08:18:32 -07:00
cb04b22b80
NGINX: Update ModSecurity. ( #12914 )
2025-03-01 08:20:55 -08:00
cc341973b0
NGINX: Align quotes. ( #12669 )
2025-01-11 21:52:02 +01:00
1ece0ddbc1
NGINX: Bump to OpenResty v1.27.1.1. ( #12229 )
2025-01-09 12:54:31 -08:00
69fd353086
NGINX: Bump ModSecurity. ( #12641 )
2025-01-08 15:22:30 -08:00
5b142ed7c4
NGINX: Bump OpenTelemetry. ( #12371 )
2025-01-06 21:52:30 +01:00
c8ab89c021
NGINX: Remove unused substitutions module. ( #12449 )
2025-01-03 02:08:13 +01:00
c160bfff69
Images: Bump Alpine to v3.21. ( #12481 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-20 18:04:10 +01:00
e33ca05c7b
Images: Remove NGINX v1.21. ( #12031 )
2024-10-01 09:33:49 +01:00
21cd966d1c
Remove global-rate-limit feature ( #11851 )
2024-08-25 21:03:29 +01:00
6de184668c
remove modsecurity coreruleset test files from nginx image ( #11617 )
2024-07-16 06:00:59 -07:00
25d2758e94
fixes brotli build issue ( #10484 )
2024-03-30 09:23:32 -07:00
e78af97ecd
chore(deps): upgrade headers-more module to 0.37 ( #10991 )
...
https://github.com/openresty/headers-more-nginx-module/compare/v0.34...v0.37
Signed-off-by: Milas Bowman <devnull@milas.dev>
2024-02-26 04:32:18 -08:00
dc36582389
change MODSECURITY_VERSION_LIB to 3.0.11 ( #10800 )
...
* feat: change MODSECURITY_VERSION_LIB to 3.0.11
* use sha commit instead of tag
2023-12-27 00:54:00 +01:00
a75db69c2e
Revert "upgrade nginx"
2023-11-29 11:44:48 -05:00
3a9cd1bd7e
sremove the v
2023-11-21 13:23:04 -05:00
1adb1116a4
remove unneeded patches
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-11-21 12:19:02 -05:00
4e39571ed4
upgrade nginx
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-11-21 11:44:54 -05:00
0a054d1f58
chore(dep): change lua-resty-cookie's repo ( #10630 )
...
since cloudflare has archived the upstream repo,
we choose a more active forked repo to use.
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2023-11-19 22:14:57 +01:00
0055ba3ea6
Remove legacy GeoIP from image ( #10500 )
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
2023-10-16 00:41:51 +02:00
3a28016a64
fix brotli build issues
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-10-01 14:51:48 -04:00
c3194dd388
upgrade owasp modsecurity core rule set to v3.3.5 ( #10323 )
2023-09-24 07:54:56 -07:00
c83422fd65
fix deps sha
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2023-07-22 06:41:22 +08:00
6416ed821d
chore: bump OpenResty to v1.21.4.2 ( #10219 )
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2023-07-20 08:36:09 -07:00
ebb6314494
Deprecate and remove AJP support ( #10158 )
2023-07-02 02:26:49 -07:00
05e5956545
tracing: upgrade to dd-opentracing-cpp v1.3.7 ( #10031 )
2023-06-11 11:45:47 -07:00
297036e169
Deprecate and remove influxdb feature ( #9861 )
2023-04-16 17:26:43 -07:00
f685c9b379
force rebuild for curl cve
...
Signed-off-by: James Strong <james.strong@chainguard.dev>
2022-12-21 12:36:20 -05:00
49bd5dd763
ModSecurity dependencies update to avoid Memory Leaks ( #9330 )
...
* Update ModSecurity to latest head
* modsecurity version pinned
2022-12-04 11:39:54 -08:00
0b5e068511
chore: update NGINX to 1.21.6 ( #9231 )
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2022-10-31 07:10:45 -07:00
bf8362cb50
chore: bump NGINX version v1.21.4 ( #8889 )
...
* chore: bump NGINX version v1.21.4
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* chore: bump all others
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* apply all patches
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* fix files hash
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
* fix ajp module
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2022-10-28 16:40:39 -07:00
855bcbce34
Update Version ModSecurity and Coreruleset ( #9086 )
...
This is related to some new bugs that found in LiveHackingEvent 1337up0522. The latest coreruleset need *ModSecurity version 2.9.6 or 3.0.8*
- https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec
- https://coreruleset.org/20220920/crs-version-3-3-4-and-3-2-3/
- https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/
- https://github.com/coreruleset/coreruleset/releases/tag/v3.3.4
2022-09-27 06:59:51 -07:00
18ee046b43
update dd-opentracing-cpp version in nginx build script ( #8848 )
...
* update dd-opentracing-cpp version in nginx build script
* idiomatic placement of "v" prefix in Datadog plugin version tag
2022-07-23 11:02:57 -07:00
0049796682
feat: update mimalloc to 1.7.6 ( #8827 )
...
Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>
2022-07-17 12:13:20 -07:00
01b92b8b3a
Nginx v1.19.10 ( #8307 )
2022-03-14 08:55:57 -07:00
15b0aba03b
First sidecar module: OpenTelemetry ( #8013 )
...
* remove opentelemetry from main nginx image
* add opentelemetry sidecar image
* handle extra modules in helm chart
* fix running helm chart
* mount the modules volume in the init container
* merge the mounted folder
* fix the otel image
* fix licence year
* fix cloudbuild image
* use the same nginx version as in the main image
* only retrieve /etc/nginx/modules for now
2022-01-16 13:33:28 -08:00
8ccec84496
fix nginx compilation flags ( #8023 )
...
* use '-O2' instead of '-Og'
'-O2' produce production optimized binary while '-Og' is used mostly
for debugging
* use '-mtune=generic' instead of '-mtune=native'
'-mtune=native' produce optimal code for builder host system, but it
can be sub-optimal for execution host system
2021-12-12 05:25:58 -08:00
eb482db5b3
disable opentelemetry on arm ( #7831 )
2021-10-24 12:12:21 -07:00
9da4d87d0c
Properly check whether we can install opentelemetry, and switch it back to main repo ( #7803 )
...
* check for the exact value of USE_OPENTELEMETRY
* use latest commit from the main opentelemetry-cpp-contrib repo
2021-10-12 12:16:34 -07:00
0c16980018
add OpenTelemetry to nginx base image ( #7669 )
2021-10-11 06:16:40 -07:00
5662db4509
Fix resty balancer checksum and location ( #7703 )
2021-09-26 10:28:21 -07:00
0606ef8282
fix: upgrade lua-resty-balancer to v0.04 ( #7702 )
...
it has two important bugfix:
1. should force convert weight to a number since it may cause dead loop
when weight is a string type "0".
2. out-of-bounds memory writing may happen in chash_point_sort.
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2021-09-26 08:50:23 -07:00
498892514d
Downgrade nginx to v1.19 ( #7639 )
...
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
2021-09-15 11:08:11 -07:00
4ce0227268
Remove addgroup directive from alpine building
2021-09-04 02:12:50 -03:00
8951b7e22a
Revert "Update base nginx" ( #7558 )
...
* Revert "Update base nginx (#7552 )"
This reverts commit c6bc9870f1
2021-08-28 07:38:52 -07:00
Marcel
Marco Ebert
Rafael Pinto
Long Wu Yuan
mhf42
Elizabeth Martin Campos
Ricardo Katz
Christian
Y.Horie
Milas Bowman
Adrian
James Strong
Jintao Zhang
Rashad Mammadli
David Goffredo
James Strong
Adam Hukalowicz
Nicolas Julian
David Goffredo
Guilhem Lettron
sskserk
Damien Mathieu
dmitry-j-mikhin
Ricardo Katz
Elvin Efendi