Skip to content

Releases: tempesta-tech/tempesta

Tempesta FW 0.7.1

04 Apr 19:33
f55c930
Compare
Choose a tag to compare

Installation

Use installation manual

New features

  • CVE-2024-2758: HTTP limits: Changed default settings to more strict
  • Implement max_concurrent_streams limitation
  • Implement http limits for request headers
  • Frang: fix parsing of request method with TCP segmentation
  • Fix unlimited body parsing and add body iterator
  • Fix of CCM tls encryption and decryption
  • Fix of infinite loop in chunked body (HTTP/2)
  • Fix race with using parser fields
  • Fix HTTP/2 headers name confusion
  • Fix GPF when skb reused
  • Fix of changing http2 window size
  • Fix BUG_ON in tdb_htrie_descen
  • Rewrite tfw_hpack_node_compare to make it clean & fast
  • Fix incorrect server connection reference counter
  • Hide "Te" header from HTTP/1.x backend when proxying response over HTTP/2.

Tempesta-fw 0.7.0

04 Jul 18:30
e64ce6e
Compare
Choose a tag to compare

Installation

Use installation script:

git clone https://github.com/tempesta-tech/tempesta.git
tempesta/pkg/scripts/tempesta_installer.sh --install

Start tempesta:

systemctl restart tempesta-fw

Check is it works properly:

systemctl status tempesta-fw

Watch logs:

journalctl -u tempesta-fw

Tail logs:

journalctl -u tempesta-fw -f

New features

  • HTTP/2 is now supported for the server side
  • Websockets
  • Significantly improved TLS handshakes perfromance
  • TLS sessions resumption
  • SAN TLS certificates
  • Custom HTTP redirects
  • Per-vhost listening addresses and TLS configuration
  • Access log
  • include configuration option
  • Caching by Cookie header value
  • Cache behavior tuning (new options cache_control_ignore and cache_resp_hdr_del)
  • Automatic Platform Optimization with a new header X-Tempesta-Cache for PURGE method
  • Sticky cookies load balancing

Known issues

  • No Tempesta DB removal and eviction (web cache overflow is possible)
  • No HTTP/2 streams prioritization
  • Several bugs

Full Changelog: https://github.com/tempesta-tech/tempesta/commits/ubuntu-20/0.7.0

Tempesta FW release 0.6.8

04 Mar 08:46
7c6285d
Compare
Choose a tag to compare

Tempesta FW is an all-in-one solution for high performance web content delivery and advanced protection against DDoS and web attacks.

You can download the Tempesta FW software by clicking here: tempesta-fw-dkms_0.6.8_amd64.deb.

The required kernel build for Ubuntu 20 LTS Kernel 5.10.35+ is available at https://github.com/tempesta-tech/linux-5.10.35-tfw/releases/tag/ubuntu-20%2F5.10.35%2B

Release 0.6.7

25 Jun 18:39
937b69c
Compare
Choose a tag to compare

DKMS module for Tempesta patched kernel.

Install instructions are available on project's Wiki.

Dependencies:

  • dkms (>= 2.1.0.0),
  • libboost-dev,
  • libboost-program-options-dev,
  • kdump-tools

Changes since previous release (0.6.6):

  • Fix issues when starting Tempesta via systemd (#1420).

Known issues:

  • Slow TLS PK algorithms
  • No TempestaDB eviction & removal
  • Several bugs: [To be checked and filled]

Release 0.6.6

10 Jun 06:19
2877ee7
Compare
Choose a tag to compare
Release 0.6.6 Pre-release
Pre-release

DKMS module for Tempesta patched kernel.

Install instructions are available on project's Wiki.

Dependencies:

  • dkms (>= 2.1.0.0),
  • libboost-dev,
  • libboost-program-options-dev,
  • kdump-tools

Changes since previous release (0.6.2):

  • Multiple TLS fixes:
  • Fix parsing of an empty extension if it comes last in ClientHello.
  • Fix cached data corruption during encryption.
  • Close the connection on errors during TLS handshake stage.
  • Fix decryption of large records spanning multiple skb's.
  • Verify ClientHello extention lengths before trying to read their data.
  • Fix the deadlock caused by the error reporting during handshake stage.
  • Handle ciphertexts larger than 16384 bytes.
  • Fix TCP sequence numbering when working with fast same-host backends.
  • Handle enormous ciphersuite lists in ClientHello messages.
  • Fix crashes on server-client ciphersuite mismatch.
  • Fix crashes on TLS handshakes utilizing SHA384.
  • Fix crashes on heavily fragmented TLS handshakes.
  • Fix crashes on premature handshake termination from a client.
  • Decrease TLS handshake context a bit.

Changes:

  • TempestaTLS 0.2 (tight TCP integration, fast handshake FSM)
  • HTTPtables
  • Sticky cookie extension for L7 DDoS mitigation
  • Multiple HTTP limiting extensions
  • SIMD memory functions
  • Temporal client accounting
  • Multiple bugfixes

Known issues:

  • Slow TLS PK algorithms
  • No TempestaDB eviction & removal
  • Several bugs: [To be checked and filled]

Release 0.6.2

29 Mar 19:57
85905e9
Compare
Choose a tag to compare

DKMS module for Tempesta patched kernel.

Install instructions are available on project's Wiki.

Dependencies:

  • dkms (>= 2.1.0.0),
  • libboost-dev,
  • libboost-program-options-dev,
  • kdump-tools

Changes since previous release (0.6.1):

  • TempestaTLS 0.2 (tight TCP integration, fast handshake FSM)
  • HTTPtables
  • Sticky cookie extension for L7 DDoS mitigation
  • Multiple HTTP limiting extensions
  • SIMD memory functions
  • Temporal client accounting
  • Multiple bugfixes

Known issues:

Release 0.5.4 Alpha

28 Sep 09:15
871200e
Compare
Choose a tag to compare
Release 0.5.4 Alpha Pre-release
Pre-release

DKMS module for Tempesta patched kernel.

Install instructions are available on project's Wiki.

Dependencies:

  • dkms (>= 2.1.0.0),
  • libboost-dev,
  • libboost-program-options-dev,
  • kdump-tools

Changes since previous release (0.5.3):

  • Fix #1066: fix broken items sequence in the work queue w/ backlog
  • Remove functional tests from package

Known issues:

  • Memory leaks in TLS (#614).

Release 0.5.3 Alpha

16 Aug 11:55
230e3f5
Compare
Choose a tag to compare
Release 0.5.3 Alpha Pre-release
Pre-release

DKMS module for Tempesta patched kernel.

Dependencies:

dkms (>= 2.1.0.0),
libboost-dev,
libboost-program-options-dev,
kdump-tools
Install instructions are available on project's Wiki.

Changes since previous release (0.5.1):

Fix #852: don't drop a connection if it coulnd't be created due to an error
Move non-configured certificate error to start phase.
Cleanups and more user-friendly error messages.

Known issues:

Memory leaks in TLS (#614).

Release 0.5.1 Alpha

10 May 14:26
c195643
Compare
Choose a tag to compare

DKMS module for Tempesta patched kernel.

Dependencies:

dkms (>= 2.1.0.0),
libboost-dev,
libboost-program-options-dev,
kdump-tools
Install instructions are available on project's Wiki.

Changes since previous release (0.5.0):

Fix SIMD call from non FPU-safe context
Replace tfw_cstricmp() by strncasecmp() as tfw_sg_name_match() is called from process context
Backport of the fix of #938
Backport fix for #978
Backport fix for #918

Release 0.5 Alpha

21 Mar 10:48
036a0f1
Compare
Choose a tag to compare

DKMS module for Tempesta patched kernel.

Dependencies:

  • dkms (>= 2.1.0.0),
  • libboost-dev,
  • libboost-program-options-dev,
  • kdump-tools

Install instructions are available on project's Wiki.

Changes since previous release (0.5.0-pre8):

  • Add HTTP health monitoring
  • Performance optimisation and fixes for the On-the-fly reconfiguration
  • Add Referer header support to HTTP match rules
  • Add JavaScript challenge to Sticky Cookie module
  • Add user defined headers to forwarded messages
  • Whitelist requests from web search engines
  • Protect from manual unloading under load
  • Fix of response-request pairing for pipelined messages
  • Many other minor fixes. See git log for more information.