2557 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Kévin Dunglas	fb324331f4	Merge commit from fork ... Both fallbacks in splitPos relied on golang.org/x/text/search with search.IgnoreCase, which performs Unicode equivalence matching far beyond ASCII case folding. Combined with the validated-ASCII guarantee on every SplitPath entry, that fallback turned non-PHP filenames into PHP scripts: - when the inner loop hit a non-ASCII byte and the IndexString fallback returned -1, the loop broke without resetting match=false, so a stale match=true caused a non-existent .php to be reported (PoC: "/name.<U+00A1>.txt"). - search.IgnoreCase folded fullwidth, mathematical and circled letters onto ASCII, so "/shell.<math sans-serif php>", "/shell.<fullwidth p>hp", "/shell.<circled php>" were all detected as ".php" files. Replace the fallback with strict byte-level ASCII case-insensitive matching: any byte >= utf8.RuneSelf in the path can never be part of a match, since SplitPath entries are validated ASCII-only and lower-cased in Provision(). This keeps the hot path branch-light and removes the x/text/search dependency from the main module. Reported against FrankenPHP as GHSA-3g8v-8r37-cgjm and GHSA-v4h7-cj44-8fc8. The vulnerable function in this module was adapted from the same FrankenPHP code.	2026-05-07 13:59:42 -06:00
tomholford	0780d4489c	httpcaddyfile: accept duration strings for log sampling interval (#7694) ... Co-authored-by: tomholford <tomholford@users.noreply.github.com>	2026-05-07 18:32:20 +00:00
Zen Dodd	d2172bea61	chore: Fix golangci-lint 2.12.1 findings (#7690)	2026-05-07 03:40:26 -04:00
Zen Dodd	c7c9f3108a	caddyauth: Revert "set user placeholders before auth rejection (#7685)" (#7688) ... This reverts commit 7e77eec0ae.	2026-05-05 09:12:46 -06:00
Rayan Salhab	7e77eec0ae	caddyauth: set user placeholders before auth rejection (#7685) ... * caddyauth: set user placeholders before auth rejection * docs: update auth placeholder comment	2026-05-03 13:40:11 +10:00
Felix Eckhofer	ef496e58ef	caddytls: Expand ACME credentials (#7554) ... * caddytls: Expand ACME credentials This allows using global placeholders such as {file./run/secrets/key_id} when setting up the tls configuration. * chore(formatting): gofmt on acmeissuer_test	2026-05-03 07:13:57 +10:00
Amemoyoi	18ab0f955f	admin: reject non-canonical config array indices (#7592) ... * admin: reject non-canonical config array indices * admin: expand canonical array index test coverage * Update admin.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Update admin.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * admin: improve canonical array index test diagnostics --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2026-04-30 09:39:57 -06:00
mfrischknecht	6a64bb2ce5	listeners: clean up stale Unix socket files on Windows (#7676) ... * Delete old unix domain socket files on Windows While Windows doesn't have the need to reuse a socket file descriptor by dup()ing it on config reloads, there still is a valid need for an equivalent to the `syscall.Unlink()` call in listen_unix.go (also in `reuseUnixSocket`). If a previous Caddy instance didn't terminate properly, the chances it will leave behind a socket file are very high, breaking all subsequent starting attempts. Other than for regular files, Windows seemingly has no way for a process to flag a UNIX domain socket file with `FILE_DELETE_ON_CLOSE`, which means this scenario can never be avoided entirely (e.g. in the case of crashes). For the long comment on `isAbstractUnixSocket`: the logic itself is likely of dubious value, but I thought it better to explicitly reference the issue, as I have just spent half an hour searching the web to figure out whether abstract names will work or not on Windows. At least, the logic as-is should now do the sensible thing if these are ever implemented properly (and it matches what the Golang standard library does internally). * Add a dial attempt to check for active server processes As @steadytao pointed out (thanks!), the previous code didn't have solid proof that an existing unix socket file had really been orphaned, as it's also possible that there's another server process (still running). This would still give the Windows implementation parity with the unix one (as that one also unlinks the socket file without further checks), but I've performed a couple of small tests and found this way of handling socket files still problematic at least problematic if Caddy is used as a reverse proxy in real world scenarios. In tests with a simple Caddyfile that only declares an admin socket, starting two caddy instances with the same Caddyfile works and behaves like one would expect: the second instance removes the first instance's socket file and "wins" the race. When Caddy is used as a reverse proxy, though, what'll happen is more complicated: While the second instance wins the race for the admin socket, as long as the Caddyfile specifies a TCP downstream socket, the second process will not be able to take this one over from the first (also to be expected, that's how socket binding usually works). This results in a rather broken state: The first process still holds on to its TCP listening sockets, the second process fails to start because of the error in its listening attempt, leaving an orphaned admin socket file in the file system. Afterwards, the second process won't be running and the first _will_ be running but unable to be controlled because its admin socket has been replaced. This leaves the system in another state that is bad from an ops perspective. With this new change, we try first to connect to any unix socket that isn't already covered by our current process (with a very low timeout) and can easily decide if the socket is still in use by another process: - If the connection is accepted, there's obviously a server process. - If Windows returns WSACONNREFUSED [^1], there is either no active server process for the socket file anymore, or the socket file does not exist. - Any other errors are likely a sign that there still is a server process (e.g. a timeout would indicate that it's just slow in accepting new connection attempts). [^1]: https://learn.microsoft.com/en-us/windows/win32/winsock/windows-sockets-error-codes-2#wsaeconnrefused * chore: tidy Windows unix socket reuse helper --------- Co-authored-by: Zen Dodd <mail@steadytao.com>	2026-04-29 21:52:04 +10:00
Matt Holt	4d6945769d	reverseproxy: Add ability to clear dynamic upstreams cache during retries (#7662) ... * reverseproxy: Add ability to clear dynamic upstreams cache during retries This is an optional interface for dynamic upstream modules to implement if they cache results. TODO: More documentation; this is an experiment. * Add some godoc * Export interface; update godoc	2026-04-28 09:16:18 -06:00
Amemoyoi	2d33271482	admin: require path segment boundary in remote access control (#7673)	2026-04-27 08:43:39 -06:00
dependabot[bot]	c653e7d61a	build(deps): bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 (#7668) ... Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.9.0 to 5.9.2. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.9.0...v5.9.2) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.9.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-26 23:51:26 +10:00
Zen Dodd	c1918ff1ad	httpcaddyfile: inherit global ACME issuer settings in tls shortcuts (#7617)	2026-04-26 23:39:57 +10:00
Zen Dodd	fdbef2a6ef	logging: add regression coverage for rotated file mode (#7620)	2026-04-26 23:30:44 +10:00
Kévin Dunglas	2a3ed96f8c	metrics: Implement pushing via OLTP (#7664)	2026-04-25 06:52:08 -04:00
Francis Lavoie	355c178213	chore: Use atomics where appropriate (#7648) ... * chore: Use atomics where appropriate * Use atomic for shutdownAt	2026-04-25 03:47:54 -04:00
Matthew Holt	f6ee80be1b	go.mod: Upgrade dependencies including CertMagic	2026-04-24 11:40:54 -06:00
Matthew Holt	48c08e3890	admin: Limit config size (by @omercnet) ... GitHub was giving me errors related to merge status so we are doing this instead	2026-04-24 11:28:40 -06:00
Matthew Holt	cf42f61566	Typo fix in security policy	2026-04-24 09:50:06 -06:00
Zen Dodd	41aee97386	core: propagate ECH keys to the QUIC listener (#7670)	2026-04-23 13:33:41 -06:00
Matt Holt	441d5eb062	caddyhttp: prefer port 443 in auto-HTTPS and add tests (#7666)	2026-04-23 17:29:03 +10:00
Daniil Sivak	aed1af5976	reverseproxy: add lb_retry_match condition on response status (#7569)	2026-04-21 14:59:31 -04:00
Zen Dodd	4430756d5c	admin: Redact sensitive request headers in API logs (#7578) ... * admin: Redact sensitive request headers in API logs * Fix govulncheck and typed atomic lint failures * Sync Go module metadata after dependency downgrade	2026-04-17 14:56:42 -06:00
dependabot[bot]	af89c5ab02	build(deps): bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.0 (#7655) ... Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.8.0 to 5.9.0. - [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md) - [Commits](https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0) --- updated-dependencies: - dependency-name: github.com/jackc/pgx/v5 dependency-version: 5.9.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-17 14:50:53 -06:00
Mohammed Al Sahaf	bd9f145321	chore: add AGENTS.md (#7652) ... * chore: add `AGENTS.md` Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * Apply suggestions from code review Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * review feedback Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2026-04-17 14:49:58 -06:00
Steffen Busch	24bebd0a07	caddyhttp: Document missing placeholders for escaped URI and prefixed query (#7659)	2026-04-17 16:13:15 -04:00
prettysunflower	7dedd1486c	fix(caddyfile): {block} in snippet (#7558) ... * fix(caddyfile): {block} in snippet Resolve issue #7557 So, here is the situation: - Pull request #7206 included some changes to the doImport's function of Caddyfile's parser. What it does is that if there is no token within a block that follows the import, and the import contains `{block}`, then the `{block}` token is discarded. - After this pull request: - Issue #7518 noticed that in cases that `{block}` was not imported, a runtime error was raised due to the assumption that tokens were always added to `tokensCopy` on every iteration of `importedTokens`. This was fixed by pull request #7543. - Issue #7557 notices that {block} can be ignored when imported from a certain file. There, it's again an issue with how the import works. When `import snippets` is called, this import instruction doesn't contains any nested blocks. And when the argument replacer that is the `importedTokens` loop is called and finds `{block}`, it uses the block from the file's import (which in this case is nothing), `{block}` is erased, and unavailable when the import directive is called for the imported snippet. The changed in this commit addresses the second issue by checking before replacing `{block}` if we're currently in a snippet definition, and appending the `{block}` token to `tokensCopy` if we are. With this changes, when importing those snippets, the `{block}` token will be available to be replaced by the nested blocks in `tokensToAdd` if needed, or erased if there are no nested blocks and `tokensToAdd` is empty. Tests added in pull requests #7206 and #7543 passes with this new implementation, confirming that unused `{block}` are accepted if nothing is passed to `import`, as well as the other usual tests. A new test was also added based on issue #7557 reporting, and also passes. Signed-off-by: prettysunflower <me@prettysunflower.moe> * caddyfile: add imported snippet block placeholder coverage --------- Signed-off-by: prettysunflower <me@prettysunflower.moe> Co-authored-by: Zen Dodd <mail@steadytao.com>	2026-04-15 02:58:53 -04:00
Max Truxa	7586e68e27	fileserver: show symlink targets verbatim (#7579) ... `reveal_symlinks` was exposing symlink targets as fully resolved absolute paths, even if the target is a relative path. With this change the link target is shown as-is, without resolving anything.	2026-04-15 04:49:30 +10:00
Zen Dodd	0c7c91a447	logging: preserve ts for journald-wrapped JSON logs (#7644)	2026-04-13 17:33:02 -06:00
Dean Ruina	1a3e900b35	chore: bump timberjack to v1.4.1 (#7618)	2026-04-13 03:31:59 -04:00
tsinglua	0722cf6fd8	chore: replace interface{} with any for modernization (#7571) ... Signed-off-by: tsinglua <tsinglua@outlook.com>	2026-04-11 19:53:12 +03:00
Zen Dodd	8e2dd5079c	caddyfile: Improve import/global options UX for imports before global options (#7642) ... * caddyfile: improve import/global options UX Keep standalone global-options braces stable in fmt when they follow import lines. Also improve validate output for imports before the global options block with a clearer error message. Add focused formatter and parser regression coverage * caddyfile: satisfy staticcheck in formatter	2026-04-10 17:17:55 -06:00
Zen Dodd	5f44ea0748	logging: add journald encoder wrapper (#7623)	2026-04-10 17:09:12 -06:00
dependabot[bot]	c8e4ac2c8c	build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#7621) ... Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](https://github.com/go-jose/go-jose/compare/v4.1.3...v4.1.4) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-10 16:33:07 -06:00
Zen Dodd	7dcc041eec	vars: Add matcher placeholder handling tests (#7640) ... * vars: add matcher placeholder handling tests * vars: add query placeholder matcher coverage	2026-04-10 16:27:52 -06:00
Zen Dodd	ca0ca67fbd	reverseproxy: make stream copy buffer size configurable (#7627)	2026-04-10 14:49:32 -06:00
dependabot[bot]	92b62004eb	build(deps): bump the all-updates group across 1 directory with 11 updates (#7641) ... Bumps the all-updates group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/DeRuina/timberjack](https://github.com/DeRuina/timberjack) | `1.4.0` | `1.4.1` | | [github.com/google/cel-go](https://github.com/google/cel-go) | `0.27.0` | `0.28.0` | | [go.opentelemetry.io/contrib/exporters/autoexport](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [go.step.sm/crypto](https://github.com/smallstep/crypto) | `0.77.1` | `0.77.2` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.49.0` | `0.50.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.52.0` | `0.53.0` | Updates `github.com/DeRuina/timberjack` from 1.4.0 to 1.4.1 - [Release notes](https://github.com/DeRuina/timberjack/releases) - [Changelog](https://github.com/DeRuina/timberjack/blob/main/CHANGELOG.md) - [Commits](https://github.com/DeRuina/timberjack/compare/v1.4.0...v1.4.1) Updates `github.com/google/cel-go` from 0.27.0 to 0.28.0 - [Release notes](https://github.com/google/cel-go/releases) - [Commits](https://github.com/google/cel-go/compare/v0.27.0...v0.28.0) Updates `go.opentelemetry.io/contrib/exporters/autoexport` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0) Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0) Updates `go.step.sm/crypto` from 0.77.1 to 0.77.2 - [Release notes](https://github.com/smallstep/crypto/releases) - [Commits](https://github.com/smallstep/crypto/compare/v0.77.1...v0.77.2) Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 - [Commits](https://github.com/golang/crypto/compare/v0.49.0...v0.50.0) Updates `golang.org/x/net` from 0.52.0 to 0.53.0 - [Commits](https://github.com/golang/net/compare/v0.52.0...v0.53.0) Updates `golang.org/x/term` from 0.41.0 to 0.42.0 - [Commits](https://github.com/golang/term/compare/v0.41.0...v0.42.0) Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 - [Commits](https://github.com/golang/sys/compare/v0.42.0...v0.43.0) Updates `golang.org/x/text` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/golang/text/releases) - [Commits](https://github.com/golang/text/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: github.com/DeRuina/timberjack dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-updates - dependency-name: github.com/google/cel-go dependency-version: 0.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.opentelemetry.io/contrib/exporters/autoexport dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.opentelemetry.io/contrib/propagators/autoprop dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.step.sm/crypto dependency-version: 0.77.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-updates - dependency-name: golang.org/x/crypto dependency-version: 0.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: golang.org/x/net dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: golang.org/x/term dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: golang.org/x/text dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-10 20:39:00 +00:00
dependabot[bot]	6c23ec2f3c	build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp (#7637) ... Bumps [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://github.com/open-telemetry/opentelemetry-go) from 1.42.0 to 1.43.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp dependency-version: 1.43.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-04-10 14:31:08 -06:00
vnxme	5de1565ff6	vars: Don't expand placeholders in values (#7629)	2026-04-10 09:37:43 -06:00
Harsh Patel	d7834676aa	tls: add system and combined CA pool modules (#7406) ... * feat: add system and combined CA pool modules * fix: combining pools using `CertificateProvider` * fix: lint issue * chore: caddyfiletests * doing it for first time, so not sure if its right. * fix: use `x509` native addCert * chore: explicit err handling * Apply suggestion from @mohammed90 --------- Co-authored-by: Mohammed Al Sahaf <mohammed@caffeinatedwonders.com>	2026-04-06 01:13:34 +03:00
Pieter Berkel	4f50458866	tls: expand placeholders in dns_challenge override_domain (#7609)	2026-03-31 05:46:32 +00:00
yubiuser	ea4ee3ae5d	reverseproxy: Fix check for header_up Host {upstream_hostport} redundancy (#7564) ... * Fix check for header_up Signed-off-by: yubiuser <github@yubiuser.dev> * Onyl check in case commonScheme == "https" Signed-off-by: yubiuser <github@yubiuser.dev> * Move check after TLS transport is enabled Signed-off-by: yubiuser <github@yubiuser.dev> --------- Signed-off-by: yubiuser <github@yubiuser.dev>	2026-03-30 10:56:10 -06:00
Francis Lavoie	30b80bece8	notify: Always send "READY=1" even after an error (#7597)	2026-03-28 13:08:34 -06:00
Sam Ottenhoff	7a630f2910	encode: make zstd checksum configurable (#7586) ... * http: make zstd checksum configurable * disable_checksum	2026-03-28 13:07:21 -06:00
Marc	62e9c05264	root: introduce down-propagating Helper.BlockState for other directives/plugins to use (#7594) ... * add 'root' key to Helper.State for access in frankenphp's `php_server` directive * clone state before passing it to child directives, but keep sharing it among sibling directives * propagate named route state from children to parent * use BlockState to set "root" instead * gofmt -w . * go fmt ./... * here we go	2026-03-28 17:44:42 +00:00
Tao	6f6771aa1d	rewrite: skip query rename when source key is absent (#7599)	2026-03-28 13:10:34 -04:00
Matt Holt	acf8d6a1ae	caddytls: Consolidate empty APs more smartly (#7567) ... * caddytls: Consoldate empty APs more smartly (fix #7559) * Revise consolidation logic	2026-03-26 14:41:34 -06:00
Matt Holt	e98ed6232d	chore: Resolve recent CI failures (#7593)	2026-03-25 23:21:27 -06:00
Matthew Holt	c35ba5588d	Add missing return to handleError in admin server ... Thanks to @Wernerina's LLM for finding this bug	2026-03-25 16:33:24 -06:00
Tao	5d189aff40	caddytls: Avoid default issuers for implicit tailscale policies (#7577)	2026-03-20 09:36:03 -06:00
vnxme	df65455b1f	caddyhttp: Sync placeholder expansion in vars and vars_regexp (#7573) ... * vars: Expand placeholders in custom variables like in `vars_regexp` * vars: Reuse variables inside match loops	2026-03-17 13:08:47 -06:00