Update dependency restic/rest-server to v0.14.0 #11
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/restic-rest-server-0.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
0.12.1→0.14.0Release Notes
restic/rest-server (restic/rest-server)
v0.14.0Compare Source
Changelog for rest-server 0.14.0 (2025-05-31)
The following sections list the changes in rest-server 0.14.0 relevant to users. The changes are ordered by importance.
Summary
.htpasswdfilesDetails
Security #318: Fix world-readable permissions on new
.htpasswdfilesOn startup the rest-server Docker container creates an empty
.htpasswdfile if none exists yet. This file was world-readable by default, which can be a security risk, even though the file only contains hashed passwords.This has been fixed such that new
.htpasswdfiles are no longer world-readabble.The permissions of existing
.htpasswdfiles must be manually changed if relevant in your setup.#318 #340
Change #322: Update dependencies and require Go 1.23 or newer
All dependencies have been updated. Rest-server now requires Go 1.23 or newer to build.
This also disables support for TLS versions older than TLS 1.2. On Windows, rest-server now requires at least Windows 10 or Windows Server 2016. On macOS, rest-server now requires at least macOS 11 Big Sur.
#322 #338
Enhancement #174: Support proxy-based authentication
Rest-server now supports authentication via HTTP proxy headers. This feature can be enabled by specifying the username header using the
--proxy-auth-usernameoption (e.g.,--proxy-auth-username=X-Forwarded-User).When enabled, the server authenticates users based on the specified header and disables Basic Auth. Note that proxy authentication is disabled when
--no-authis set.#174 #307
Enhancement #189: Support group accessible repositories
Rest-server now supports making repositories accessible to the filesystem group by setting the
--group-accessible-reposoption. Note that permissions of existing files are not modified. To allow the group to read and write file, use a umask of007. To only grant read access use027. To make an existing repository group-accessible, usechmod -R g+rwX /path/to/repo.#189 #308
Enhancement #295: Output status of append-only mode on startup
Rest-server now displays the status of append-only mode during startup.
#295
Enhancement #315: Hardened tls settings
Rest-server now uses a secure TLS cipher suite set by default. The minimum TLS version is now TLS 1.2 and can be further increased using the new
--tls-min-veroption, allowing users to enforce stricter security requirements.#315
Enhancement #321: Add zip archive format for Windows releases
Windows users can now download rest-server binaries in zip archive format (.zip) in addition to the existing tar.gz archives.
#321 #346
v0.13.0Compare Source
Changelog for rest-server 0.13.0 (2024-07-26)
The following sections list the changes in rest-server 0.13.0 relevant to users. The changes are ordered by importance.
Summary
Details
Change #267: Update dependencies and require Go 1.18 or newer
Most dependencies have been updated. Since some libraries require newer language features, support for Go 1.17 has been dropped, which means that rest-server now requires at least Go 1.18 to build.
#267
Change #273: Shut down cleanly on TERM and INT signals
Rest-server now listens for TERM and INT signals and cleanly closes down the http.Server and listener when receiving either of them.
This is particularly useful when listening on a unix socket, as the server will now remove the socket file when it shuts down.
#273
Enhancement #271: Print listening address after start-up
When started with
--listen :0, rest-server would printstart server on :0The message now also includes the actual address listened on, for example
start server on 0.0.0.0:37333. This is useful when starting a server with an auto-allocated free port number (port 0).#271
Enhancement #272: Support listening on a unix socket
It is now possible to make rest-server listen on a unix socket by prefixing the socket filename with
unix:and passing it to the--listenoption, for example--listen unix:/tmp/foo.This is useful in combination with remote port forwarding to enable a remote server to backup locally, e.g.:
#272
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
Edited/Blocked Notification
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.