1.3.1

1.3.1

• Changed

  • Error log-level for upstream responses with status 500 to Info log-level (#258)

• Fixed

  • Missing support for set_response_status within a plain error_handler block (#257)
  • Panic in jwt_sign() and saml_sso_url() functions without proper configuration (#243)

1.3

1.3

• Added

  • Modifier (set/add/remove_form_params) for the form parameters (#223)
  • Modifier (set_response_status) to be able to modify the response HTTP status code (#250)

• Changed

  • Stronger configuration check for path and path_prefix attributes, possibly resulting in configuration errors (#232)
  • Modifier (set/add/remove_response_headers) is available for api, files, server and spa block too (#248)

• Fixed

  • The path field in the backend log (#232)
  • Upstream requests with a known body-size have a Content-Length HTTP header field instead of Transfer-Encoding: chunked (#163)
  • Exit endpoint if an error is occurred in request or proxy instead of processing a defined response (#233)

1.2

1.2

Release date: 2021-05-19

The most important feature of Couper 1.2 is the introduction of custom error handling in form of the error_handler block.
You can now register error handlers for error types. Instead of the standard error_file template, you can flexibly respond with arbitrary responses.
error_handler is allowed in access control blocks (jwt, saml2 …), where you could e.g. handle missing tokens with a redirect-to-login.
In the future, error_handler will be usable in more config areas. Refer to the example if you want to see it in action.

• Added

  • error_handler block for access controls (#140)
  • backend_responses.*.body variable for accessing raw response body content (#182)
  • more oauth2 config options: scope and token_endpoint_auth_method (client_secret_basic or client_secret_post) (#219, #220)

• Changed

  • saml2 fallback to nameid-format:unspecified (#217)
  • basic_auth always responds with status code 401 (#227)
  • openapi resolves relative server URLs to the current backend origin (#230)

• Fixed

  • Fix /healthz route when called with accept-encoding: gzip (#222)
  • Don't panic over duplicate access control definitions, log error instead (#221)
  • Response for missing routes should have status code 404 (#224)
  • Fix possible race-condition with concurrent openapi validations (#231)
  • Fix use of server URLs without port in openapi (#230)

1.1.1

1.1.1

2021-04-21

Bug Fixes

• Endpoint responses are written and logged with correct status-code (#216)
  • affected: a plain response without any additional headers or body configuration

1.1

1.1

Release date: 2021-04-16

Bug Fixes

• allow more +json mime types (#207)
  • determines if ja request/response body gets parsed and provided as json_body variable
• missing check for empty endpoint path patterns (#211)
• protected API (base)paths returns status 401 instead of 404 if a protected route was not found (#211)
• jwt source config definition (#210)
• missing inner context on context copy
• possible panic for unhandled error template write errors (#205)
• backend reference usage with string label (#189)
• cli argument filtering (#204)
• misleading jwt rsa key error (#203)
• watch handling on stat errors (#202)

Change

• Change access control validation logging (#199)
  • log the first occurred error instead of an array

Features

• Add OAuth2 token request retry option (#167) (#209)

1.0 Release 🍾

1.0 🍾

Release date: 2021-04-09

We are happy and proud to announce Couper's 1.0 release!

During the last months we have received a lot of valuable feedback
from our early users. With such insights into real-world use-cases
and problems, we have worked ourselves through a couple of
iterations. The result is a better configuration that is easy to
read, yet powerful and expressive. Thanks to everyone for
contributing feedback!

We consider the configuration now stable. Upcoming releases will
remain compatible as we add more features. The structured log output
of Couper will of course stay JSON, but its structure may change
until we declare it stable, too.

If you are interested in using a developer-friendly API gateway that
is not bloated, we invite you to try out Couper! Have a look at the
examples.

Added

• couper help and usage documentation (#187)

Changed

• Ensure unique keys for set_* and add_* attributes (#183)
• Docker: split entrypoint and command (#192)

Fixed

• Fix missing backend.origin attribute url validation (#191)

0.9

0.9

Release date: 2021-04-08

Features

• watch option for given Couper configuration file (#24)
  • use -watch or via environment COUPER_WATCH=true to watch for file changes
• log option pretty print for json log-format (#179)
  • -log-pretty to enable formatted and key colored logs

Change

• Change variable names to more user-friendly ones (#180):
  • req -> request
  • ctx -> context
  • bereqs -> backend_requests
  • beresps -> backend_responses
  • bereq -> removed
  • beresp -> removed
• Log option for parent fields are 'global' now (#176)
  • COUPER_ACCESS_LOG_PARENT_FIELD, COUPER_BACKEND_LOG_PARENT_FIELD -> COUPER_LOG_PARENT_FIELD

Bug Fixes

• Log option for json formatted logs: (#176)
  • configured parent key applies to (almost) all log fields

0.8

v0.8

2021-04-06

Bug Fixes

• Some possible race conditions in combination with multiple proxy and/or request
  definitions are fixed (#157) (#160)
• Log endpoint related recovered panics
• CORS behaviour: result is now only dependent on the config, not the actual request; fixed Vary headers (#173)
• Fix json type assumption (#177)
  • req.json_body result is an empty object for specific types (#165)
  • Empty json array encodes to null. (#162)
• Fix missing string conversion for evaluated number values (#175)
• Loading optional labels of same type
• multiplexer behaviour with multiple servers and hosts (#161)
• Fix missing access_control for file handler (#169)
• 404 behaviour for access controlled endpoints:
  deny instead of 404 if the request matches the related base_path (#143)

Changes

• Rename log type for backend requests: couper_upstream -> couper_backend (#159) (#172)
• Rename post variable to form_body (#158)

Features

• Add json_body attribute for request and response block (#158)
• bytes log field to represent the body size

0.7

0.7

2021-03-23

Bug Fixes

• Recover from possible request/proxy related panics (#157) (#145)
• Configuration related hcl merge with an empty attributes and nested blocks

Change

• backend block attributes basic_auth, path_prefix and proxy hcl evaluation during runtime
• request attributes hcl evaluation during runtime (#152)
• Change configuration in combination with URL and backend.origin (#144)
  • request and proxy block can use the url attribute instead of define or reference a backend
  • same applies to oauth2.token_endpoint
• no X-Forwarded-For header enrichment from couper proxy (#139)
• more log context for access control related errors (#154)

Features

• saml 2.0 access_control support (#113)
• Add new strip-secure-cookies setting (#147)
  • removes Secure flag from all Set-Cookie header
• CORS support (server, files, spa) (#134)
  • previously api only
• error_file attribute for endpoint block
• hcl functions:
  • merge
• backend
  • OAuth2 support (#130)
    • grant_type: client_credentials
    • token memory storage with ttl
  • path_prefix attribute (#138)

0.6.1

0.6.1

2021-03-15

Bug Fixes

• Fix missing panic recovering for backend roundtrips (#142)
  • Fix backend timeout behaviour
  • Add a more specific error message for proxy body copy errors

Change

• Couper just passes the X-Forwarded-For header if any instead of adding the client remote addr to the list (#139)

Features

• url_encode function for RFC 3986 string encoding (#136)