Releases: tempesta-tech/tempesta
Tempesta FW 0.7.1
Installation
Use installation manual
New features
- CVE-2024-2758: HTTP limits: Changed default settings to more strict
- Implement
max_concurrent_streams
limitation - Implement http limits for request headers
- Frang: fix parsing of request method with TCP segmentation
- Fix unlimited body parsing and add body iterator
- Fix of CCM tls encryption and decryption
- Fix of infinite loop in chunked body (HTTP/2)
- Fix race with using parser fields
- Fix HTTP/2 headers name confusion
- Fix GPF when skb reused
- Fix of changing http2 window size
- Fix BUG_ON in tdb_htrie_descen
- Rewrite tfw_hpack_node_compare to make it clean & fast
- Fix incorrect server connection reference counter
- Hide "Te" header from HTTP/1.x backend when proxying response over HTTP/2.
Tempesta-fw 0.7.0
Installation
Use installation script:
git clone https://github.com/tempesta-tech/tempesta.git
tempesta/pkg/scripts/tempesta_installer.sh --install
Start tempesta:
systemctl restart tempesta-fw
Check is it works properly:
systemctl status tempesta-fw
Watch logs:
journalctl -u tempesta-fw
Tail logs:
journalctl -u tempesta-fw -f
New features
- HTTP/2 is now supported for the server side
- Websockets
- Significantly improved TLS handshakes perfromance
- TLS sessions resumption
- SAN TLS certificates
- Custom HTTP redirects
- Per-vhost listening addresses and TLS configuration
- Access log
include
configuration option- Caching by Cookie header value
- Cache behavior tuning (new options
cache_control_ignore
andcache_resp_hdr_del
) - Automatic Platform Optimization with a new header
X-Tempesta-Cache
forPURGE
method - Sticky cookies load balancing
Known issues
- No Tempesta DB removal and eviction (web cache overflow is possible)
- No HTTP/2 streams prioritization
- Several bugs
Full Changelog: https://github.com/tempesta-tech/tempesta/commits/ubuntu-20/0.7.0
Tempesta FW release 0.6.8
Tempesta FW is an all-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks.
You can download the Tempesta FW software by clicking here: tempesta-fw-dkms_0.6.8_amd64.deb.
The required kernel build for Ubuntu 20 LTS Kernel 5.10.35+ is available at https://github.com/tempesta-tech/linux-5.10.35-tfw/releases/tag/ubuntu-20%2F5.10.35%2B
Release 0.6.7
DKMS module for Tempesta patched kernel.
Install instructions are available on project's Wiki.
Dependencies:
- dkms (>= 2.1.0.0),
- libboost-dev,
- libboost-program-options-dev,
- kdump-tools
Changes since previous release (0.6.6):
- Fix issues when starting Tempesta via systemd (#1420).
Known issues:
- Slow TLS PK algorithms
- No TempestaDB eviction & removal
- Several bugs: [To be checked and filled]
Release 0.6.6
DKMS module for Tempesta patched kernel.
Install instructions are available on project's Wiki.
Dependencies:
- dkms (>= 2.1.0.0),
- libboost-dev,
- libboost-program-options-dev,
- kdump-tools
Changes since previous release (0.6.2):
- Multiple TLS fixes:
- Fix parsing of an empty extension if it comes last in ClientHello.
- Fix cached data corruption during encryption.
- Close the connection on errors during TLS handshake stage.
- Fix decryption of large records spanning multiple skb's.
- Verify ClientHello extention lengths before trying to read their data.
- Fix the deadlock caused by the error reporting during handshake stage.
- Handle ciphertexts larger than 16384 bytes.
- Fix TCP sequence numbering when working with fast same-host backends.
- Handle enormous ciphersuite lists in ClientHello messages.
- Fix crashes on server-client ciphersuite mismatch.
- Fix crashes on TLS handshakes utilizing SHA384.
- Fix crashes on heavily fragmented TLS handshakes.
- Fix crashes on premature handshake termination from a client.
- Decrease TLS handshake context a bit.
Changes:
- TempestaTLS 0.2 (tight TCP integration, fast handshake FSM)
- HTTPtables
- Sticky cookie extension for L7 DDoS mitigation
- Multiple HTTP limiting extensions
- SIMD memory functions
- Temporal client accounting
- Multiple bugfixes
Known issues:
- Slow TLS PK algorithms
- No TempestaDB eviction & removal
- Several bugs: [To be checked and filled]
Release 0.6.2
DKMS module for Tempesta patched kernel.
Install instructions are available on project's Wiki.
Dependencies:
- dkms (>= 2.1.0.0),
- libboost-dev,
- libboost-program-options-dev,
- kdump-tools
Changes since previous release (0.6.1):
- TempestaTLS 0.2 (tight TCP integration, fast handshake FSM)
- HTTPtables
- Sticky cookie extension for L7 DDoS mitigation
- Multiple HTTP limiting extensions
- SIMD memory functions
- Temporal client accounting
- Multiple bugfixes
Known issues:
Release 0.5.4 Alpha
DKMS module for Tempesta patched kernel.
Install instructions are available on project's Wiki.
Dependencies:
- dkms (>= 2.1.0.0),
- libboost-dev,
- libboost-program-options-dev,
- kdump-tools
Changes since previous release (0.5.3):
- Fix #1066: fix broken items sequence in the work queue w/ backlog
- Remove functional tests from package
Known issues:
- Memory leaks in TLS (#614).
Release 0.5.3 Alpha
DKMS module for Tempesta patched kernel.
Dependencies:
dkms (>= 2.1.0.0),
libboost-dev,
libboost-program-options-dev,
kdump-tools
Install instructions are available on project's Wiki.
Changes since previous release (0.5.1):
Fix #852: don't drop a connection if it coulnd't be created due to an error
Move non-configured certificate error to start phase.
Cleanups and more user-friendly error messages.
Known issues:
Memory leaks in TLS (#614).
Release 0.5.1 Alpha
DKMS module for Tempesta patched kernel.
Dependencies:
dkms (>= 2.1.0.0),
libboost-dev,
libboost-program-options-dev,
kdump-tools
Install instructions are available on project's Wiki.
Changes since previous release (0.5.0):
Fix SIMD call from non FPU-safe context
Replace tfw_cstricmp() by strncasecmp() as tfw_sg_name_match() is called from process context
Backport of the fix of #938
Backport fix for #978
Backport fix for #918
Release 0.5 Alpha
DKMS module for Tempesta patched kernel.
Dependencies:
- dkms (>= 2.1.0.0),
- libboost-dev,
- libboost-program-options-dev,
- kdump-tools
Install instructions are available on project's Wiki.
Changes since previous release (0.5.0-pre8):
- Add HTTP health monitoring
- Performance optimisation and fixes for the On-the-fly reconfiguration
- Add Referer header support to HTTP match rules
- Add JavaScript challenge to Sticky Cookie module
- Add user defined headers to forwarded messages
- Whitelist requests from web search engines
- Protect from manual unloading under load
- Fix of response-request pairing for pipelined messages
- Many other minor fixes. See git log for more information.