v0.10.1

Fixes

• Fixed regression that prevented TLS client certificates and other
  TLS environment variables from being initialized.

v0.10.0

Features

• Added support for the HAProxy "PROXY" protocol via the
  --proxy-protocol flag. This allows the server to determine the
  real client IP address when operating behind a reverse proxy such
  as nginx or stunnel.
• Added support for running a server without TLS via the --no-tls
  flag.

Fixes

• Fixed incorrect mimetype/charset in responses for compressed files
  ending in .gz and .bz2.
• The "meta" component in jetforce's request logs is now surrounded
  by double quotation marks, to allow for unambiguous log parsing.
  Any quotation marks inside of the meta string itself will be escaped
  with a single backslash, (e.g. \").

Changes

• Updated required twisted version to >= 21.7.0.
• Added support for python 3.11.

v0.9.1

Fixes

• Fix strict_trailing_slash argument being applied as strict_port when specified on a route decorator.
• Add support for python 3.10.

v0.9.0

Fixes

• Fix not including trailing slashes in $PATH_INFO for CGI scripts.
• Fix not sending the complete certificate chain for TLS certificates
  that include a chain.
• Fix incorrect type signature for the EnvironDict type class.

Changes

• Make the application Request class overridable.

v0.8.2

Fixes

• Fix trailing ] at the end of auto-generated directory names.

v0.8.1

Changes

• Remove new type hint syntax that was causing an error in python 3.7.

v0.8.0

Changes

• Added support for international domain names using IDN encoding.
• Several improvements to internal python type hinting coverage.
• Added a py.typed file to indicate project support for type hints.
• Optimized TCP packets when streaming directory listings.
• Optimized TCP packets when streaming large CGI responses.
• Improved error handling to catch invalid responses from CGI scripts.
• Fixed a bug where TLS_CLIENT_AUTHORISED would sometimes be set to
  True/False instead of 1/0.
• Fixed error handling edge case when the client killed the connection
  before all data has been sent. A CancelledError exception will now
  be raised internally instead of a ConnectionClosed exception.

v0.7.0

Spec Changes

• Requests containing URLs without a scheme are no longer accepted.
• The server will stop redirecting the root URL "gemini://example.com" to
  "gemini://example.com/". These URLs are cannonically the same per the url RFC
  definition and should both return successful responses.
• The CGI variable TLS_CLIENT_HASH now formats the certificate hash as
  "SHA256:<HASH>" where <HASH> is uppercase hexidecimal. The old base64
  fingerprint will still be available as TLS_CLIENT_HASH_B64 to help migrate
  existing CGI scripts, but it's recommended that you support the new hash
  format moving forward.

v0.6.0

Bugfixes

• The default mimetype for unknown file extensions will now be sent as
  "application/octet-stream" instead of "text/plain". The expectation is that
  it would be safer for a client to download an unknown file rather than
  attempting to display it inline as text.
• Fixed a bug that prevented loading the default mimetype definitions from
  /etc/mime.types and other system-level files.

Features

• The static file server now has a --rate-limit flag that can be used
  to define per-IP address rate limiting for requests. Requests that exceed
  the specified rate will receive a 44 SLOW DOWN error response.
• Server access logs are now directed to stdout instead of stderr.
  Error traceback and other messages will still be directed to stderr.
• File chunking size has been optimized for streaming large static files.

Examples

• Added an example that demonstrates how to use the new RateLimiter class
  (examples/rate_limit.py).

v0.5.0

Spec Changes

• URLs with a userinfo component will now be rejected with a status of 59.
• The status code definitions have been updated to match the recent changes
  to the gemini spec:
  • 21 SUCCESS_END_OF_SESSION -> (removed)
  • 61 TRANSIENT_CERTIFICATE_REQUESTED -> CERTIFICATE_NOT_AUTHORISED
  • 62 AUTHORISED_CERTIFICATE_REQUIRED -> CERTIFICATE_NOT_VALID
  • 63 CERTIFICATE_NOT_ACCEPTED -> (removed)
  • 64 FUTURE_CERTIFICATE_REJECTED -> (removed)
  • 65 EXPIRED_CERTIFICATE_REJECTED -> (removed)

Bugfixes

• Jetforce will now always terminate the TCP connection without waiting for a
  TLS close_notify alert response from the client. This fixes a bug where some
  clients would appear to hang after receiving the content from the server.

Features

• The jetforce-client tool now supports writing TLS keys to a logfile to
  facilitate debugging TLS connections using tools like Wireshark.
• If an application response handler returns a twisted.Deferred object, the
  errback will now be invoked when the TCP connection is closed.
• Error stack traces are no longer shown when the client prematurely closes
  the connection.

Examples

• Added a new example that demonstrates streaming data to client connections
  (examples/chatroom.py).
• Added a new example that demonstrates extending the static file server with
  common patterns like redirects and authenticated directories
  (examples/redirect.py).