Skip to content
This repository was archived by the owner on Sep 19, 2024. It is now read-only.

0.7.1
Compare
Choose a tag to compare
@github-actions github-actions released this 19 Apr 09:09
· 43 commits to main since this release
0.7.1
1516415

Bug Fixes:

  • Properly handle memory allocation failures to avoid null pointer dereference.
  • Correctly handle TLS error codes.
  • Ensure bearSSL is thread-safe.
  • Fix memory leak that occurred when camblet did not handle encryption.
  • Improve repository readability by moving files to src/ and include/.
  • Address CPU hog during socket read by implementing an effective wait cycle.
  • Speed up manual TLS handling by omitting ALPN setting and inspection-based passthrough determination.

New Features:

  • Support using workload ID templates for policies, allowing dynamic extension of policies with metadata values at runtime.
  • Implement HTTP header injection to parse incoming and outgoing HTTP requests. SPIFFEEID is inserted into incoming HTTP requests if the client authenticated with a TLS certificate.
  • Implement sendpage for non-kTLS workloads, enabling proper handling of sendfile, especially for cases where the go fileserver implementation relies on sendfile for request handling.
  • Add support for AES-GCM and AES-CCM ciphers with kTLS.

Tests:

  • Add a test for kTLS-disabled environments.
  • Extend tests to cover all supported Debian environments (kernel versions: 5.15, 6.5).
  • Include a test for the get/set sockopt feature.
Assets 4
Loading