chore: release v1.21.0-pre3

chore: release v1.21.0-pre2 (#816 )
* chore: release v1.21.0-pre2 * chore: disable automated stable package builds for now Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-25 09:32:43 +00:00 · 2025-07-12 17:29:18 -04:00 · 2025-07-12 16:57:08 -04:00
9 changed files with 81 additions and 144 deletions
@@ -1,8 +1,9 @@
 name: Package builds (stable)
 on:
-  release:
+  workflow_dispatch:
-    types: [published]
+  # release:
  #   types: [published]
 permissions:
  contents: write
@@ -1 +1 @@
-1.21.0-pre1
+1.21.0-pre3
@@ -17,7 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 > Please, be at ease. You are among friends here.
-In this release, Anubis becomes internationalized, gains the ability to use system load as input to issuing challenges,
+In this release, Anubis becomes internationalized, gains the ability to use system load as input to issuing challenges, finally fixes the "invalid response" after "success" bug, and more! Please read these notes before upgrading as the changes are big enough that administrators should take action to ensure that the upgrade goes smoothly.
 ### Big ticket changes
@@ -99,7 +99,6 @@ There are a bunch of other assorted features and fixes too:
 - Allow [Common Crawl](https://commoncrawl.org/) by default so scrapers have less incentive to scrape
 - The [bbolt storage backend](./admin/policies.mdx#bbolt) now runs its cleanup every hour instead of every five minutes.
 - Don't block Anubis starting up if [Thoth](./admin/thoth.mdx) health checks fail.
 - Multiple consecutive slashes are supported in upstream application URLs ([#754](https://github.com/TecharoHQ/anubis/issues/754)).
 ### Potentially breaking changes
@@ -75,7 +75,6 @@ type Server struct {
 	hs512Secret []byte
 	opts        Options
 	store       store.Interface
 	internalPath string
 }
 func (s *Server) getTokenKeyfunc() jwt.Keyfunc {
@@ -204,63 +204,6 @@ func TestCVE2025_24369(t *testing.T) {
 	}
 }
 func TestDoubleSlashes(t *testing.T) {
 	pol := loadPolicies(t, "", 0)
 	path := ""
 	srv := spawnAnubis(t, Options{
 		Next: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			path = r.URL.Path
 		}),
 		Policy: pol,
 	})
 	ts := httptest.NewServer(internal.RemoteXRealIP(true, "tcp", srv))
 	defer ts.Close()
 	cli := httpClient(t)
 	chall := makeChallenge(t, ts, cli)
 	resp := handleChallengeZeroDifficulty(t, ts, cli, chall)
 	if resp.StatusCode != http.StatusFound {
 		t.Fatal("can't solve challenge, see logs")
 	}
 	for _, tt := range []struct {
 		name, path string
 	}{
 		{
 			name: "basic",
 			path: "/foo",
 		},
 		{
 			name: "leading slashes",
 			path: "//foo",
 		},
 		{
 			name: "mid slashes",
 			path: "/foo//bar///baz",
 		},
 		{
 			name: "trailing slashes",
 			path: "/foo/bar///",
 		},
 	} {
 		t.Run(tt.name, func(t *testing.T) {
 			if _, err := cli.Get(ts.URL + tt.path); err != nil {
 				t.Errorf("can't make request to %s: %v", tt.path, err)
 			}
 			if path != tt.path {
 				t.Logf("want: %s", tt.path)
 				t.Logf("got:  %s", path)
 				t.Error("invalid path sent to server")
 			}
 		})
 	}
 }
 func TestCookieCustomExpiration(t *testing.T) {
 	pol := loadPolicies(t, "", 0)
 	ckieExpiration := 10 * time.Minute
@@ -108,7 +108,6 @@ func New(opts Options) (*Server, error) {
 		opts:        opts,
 		OGTags:      ogtags.NewOGTagCache(opts.Target, opts.Policy.OpenGraph, opts.Policy.Store),
 		store:       opts.Policy.Store,
 		internalPath: opts.BasePrefix + anubis.StaticPath,
 	}
 	mux := http.NewServeMux()
@@ -155,6 +154,7 @@ func New(opts Options) (*Server, error) {
 	registerWithPrefix(anubis.APIPrefix+"pass-challenge", http.HandlerFunc(result.PassChallenge), "GET")
 	registerWithPrefix(anubis.APIPrefix+"check", http.HandlerFunc(result.maybeReverseProxyHttpStatusOnly), "")
 	registerWithPrefix("/", http.HandlerFunc(result.maybeReverseProxyOrPage), "")
 	//goland:noinspection GoBoolExpressions
 	if anubis.Version == "devel" {
@@ -200,12 +200,7 @@ func (s *Server) respondWithStatus(w http.ResponseWriter, r *http.Request, msg s
 }
 func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	switch strings.HasPrefix(r.URL.Path, s.internalPath) {
 	case true:
 	s.mux.ServeHTTP(w, r)
 	case false:
 		s.maybeReverseProxyOrPage(w, r)
 	}
 }
 func (s *Server) stripBasePrefixFromRequest(r *http.Request) *http.Request {
@@ -1,12 +1,12 @@
 {
  "name": "@techaro/anubis",
-  "version": "1.21.0-pre1",
+  "version": "1.21.0-pre3",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "@techaro/anubis",
-      "version": "1.21.0-pre1",
+      "version": "1.21.0-pre3",
      "license": "ISC",
      "devDependencies": {
        "cssnano": "^7.0.7",
@@ -1,6 +1,6 @@
 {
  "name": "@techaro/anubis",
-  "version": "1.21.0-pre1",
+  "version": "1.21.0-pre3",
  "description": "",
  "main": "index.js",
  "scripts": {
Author	SHA1	Message	Date
Xe Iaso	25d75b352a	chore: release v1.21.0-pre3	2025-07-12 17:29:18 -04:00
Xe Iaso	de17823bc7	chore: release v1.21.0-pre2 (#816 ) * chore: release v1.21.0-pre2 * chore: disable automated stable package builds for now Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-07-12 16:57:08 -04:00