Update golang.org/x/net to version 0.33 due to CVE-2024-45338.
Update nats-server to version 2.10.24 due to CVE-2024-45337.
Version 6.6.2 (2024-12-17)
Update golang.org/x/crypto to version 0.31 due to CVE-2024-45337. Affected part of the library is not used.
Version 6.6.1 (2024-12-09)
Brainz
Fixed an issue where statistics queries would fail to retrieve data.
Version 6.6.0 (2024-11-27)
General
Support for roles.
Brainz
Resolved an issue where removing a tag from an agent incorrectly returned a 500 Internal Server Error instead of the actual error reason.
Addressed a problem where statistics aggregation caused unnecessary growth in the WAL log.
Updated agent state changes in logs to display as text values for better clarity.
Updated the basic invalidation lock acquisition error message to a debug-level log, providing clearer context and reducing unnecessary noise.
CLI
Fixed an issue where the CLI override flag for configs displayed an incorrect long value.
Router
Removed the duration field from the router’s request-log.
UI
New table for displaying resources and information
In some views it is now possible to have the option to batch-select items and interact with several at resources at once. Look for the check icon
at the top of the table.
Customize your layout in the UI, all columns in tables are now resizeable and moveable. This means that you can resize a column to fit
your preferences and move columns so the information you feel is most important is what you will see first.
Unanimous way of creating tags and domains
When creating a new tag or domain you will now recognize the same behaviour. We now ship the UI with an input field that will let you
seamlessly create multiple tags/domains just by keep writing.
Reworked the invalidations view of created invalidations
There is a new tab available at the top of each invalidation, errors. All errors and information that was previously shown at the
very top of each invalidation page is now placed here. This view also comes with a new layout for an easier overview.
Major overhaul of UI, this has lead to several improvements in workflows and a performance boost.
Improved handling of invalidation deployment history data
Version 6.4.1 (2024-09-20)
UI
Ability to configure HTTPS for IDP redirects on the varnish-controller-ui (-idp-https-redirect).
Brainz
Fixed a bug that prevented comma-separated ID filtering for specific resources (domains, configsets, tagroutes).
Version 6.4.0 (2024-09-17)
General
Updated NATS to latest version: 2.10.20.
Binaries built with Go 1.23.1.
Fixes a migration bug where file labels where reset during upgrade from a version prior to 5.3.0.
Agent
Shared deployments now have 2 new headers added to the request to see which VCLGroup name and Agent name the request came from.
X-Agent-Name
X-VCLGroup-Name
The agents now supports to gather statistics per domain. This has to be enabled manually and it will increase the size of the statistics depending on number of domains deployed.
Enabled via -domain-stats, this can be enabled through the CLI or UI with the configurations or configuration sets.
Changes to statistics sampling in the agents
A new flag (-stats-filter) has been introduced to the agents, used to configure statistics with one flag, supporting wildcards. Use either this or the old statistics filters
The new -stats-filter will now supersede the -vclgroup-stats-filter, -agent-stats-filter and -accounting-stats-filter (which will be deprecated in the next major release).
The new filter also supports filtering of accounting keys, with wildcard support.
The root VCL has been updated to support domain statistics.
Router
BaseURL for agents and external routes in the router is now stripped from the trailing / to avoid getting location set with double slashes (//).
VCLI
Fixes a bug where file state where not updated correctly, causing VCLGroup deployment with --wait time out when no changes to a file had been made.
UI
Fixes a bug in UI CDN map when changing default data.
Version 6.3.2 (2024-07-10)
General
Updated NATS to the latest version: 2.10.17.
Version 6.3.1 (2024-07-10)
Agent
Backups on agents will now only be taken if there are deployments. This will remove a previous warning message that wasn’t critical.
UI
Version of varnish-controller-ui showed 0.0.0 in the 6.3.0 release, this has been fixed.
The UI now validates the IDP client secret less strict.
Version 6.3.0 (2024-07-08)
General
Binaries built with Go 1.22.5.
This release includes the Basic Invalidation feature. This feature is exclusively API/CLI-based for integration purposes, designed for both heavy-duty and straightforward purging tasks.
Version 6.2.0 (2024-06-18)
Important
Previous versions of the Varnish Controller aggregated UDO dynamic backends and S3 VMOD statistics with the IP and port in the counter names.
These old statistic names will be deleted upon upgrading to version 6.2.0.
The Varnish Controller agent will normalize the counter names and remove the IP and port to get a better aggregation of your statistics.
This could take some time with larger databases.
General
Binaries built with Go 1.22.4.
Brainz
Fixed an invalidation bug that occurred when specifying multiple domains belonging to different VCLGroups but deployed with the same tag.
Fixed an issue where non-monitored invalidations could remain in a running state if a connection loss occurred with Brainz or the agent during the invalidation process.
Agent
Agents now creates a backup directory in its base-dir called backup. This directory contains last 20 deployment changes. See Agents.
Implemented normalization of S3 and UDO statistic counters.
Router
Reject Routes now support CNAME.
The default certificate that can be configured on the router via TLS management within the controller now uses a default cipher suite set for TLS v1.2 if none is specified.
CLI
vcli now supports to wait for deployments to be complete before returning. See VCLI Examples.
Version 6.1.3 (2024-05-29)
Brainz
Database performance improvements.
Agent
Use VCLGroup directory first when loading a VCL on agents, instead of system defaults.
Fixes a bug where vcl_path and vmod_path was generated with wrong defaults for cmds.cli file, when Varnish could not be reached.
UI
Fixed a bug in the editor where the file name in the tabs wouldn’t update as expected when renaming a file.
Version 6.1.2 (2024-05-20)
General
Binaries built with Go 1.22.3
Brainz
Fixed a bug in the invalidation handling when both VCLGroup and domain are provided as input arguments for shared deployments, but the domain didn’t exist, this will be rejected immediately.
Fixed a bug in the invalidation handling that could cause a request to remain in a running state even after the execution TTL had expired.
Changed log level to debug (from warning) for row not found when querying elements in the database which doesn’t exist.
File draft is now included in system debug.
Agent
Fixed a bug where the TLS version check failed for Varnish versions 6.0.13 and above.
Version 6.1.1 (2024-04-30)
Agent
Revert setting the TMPDIR environment variable for varnishtest to agent’s base-dir. In some cases the path set by the Agent would be too big for varnishtest, causing all VTC tests to fail.
UI
Show location of router traces in the UI.
Version 6.1.0 (2024-04-29)
General
Binaries built with Go 1.22.2
Decrease size of Varnish Controller gathers
Various performance improvements to database calls
API-GW
New endpoint to list related VCLGroups that will be redeployed when deploying a given VCLGroup.
/api/v1/vclgroups/<id>/related
ErrorMsg in API now have a details part which gives extra error information for config value errors.
Fix swagger documentation to not use localhost and instead use actual host.
Brainz
Various performance improvements to database calls.
ConfigSet validation failure will report which flag that failed to validate.
Improved VCLGroup deployments.
New endpoint to list related VCLGroups that will be redeployed when deploying a given VCLGroup.
Prometheus statistics names are now only in prometheus allowed format.
New VCLGroup feature: Keep On Failure.
Keeps previous VCLGroup deployed on an agent if the new deployment fails.
Default false to support previous behavior. Enable it per VCLGroup to enable this feature.
vcli vg add/update -k/--keep-on-failure.
JWT keys in brainz are now periodically generated and not just during start, letting brainz generate new keys more often.
Agent
Reload a VCLGroup on all agents or a specific agents.
Fix a bug where uptime was reported wrong if NTP was not synced before the agent started.
Fixes a bug where varnishtest was not ran with compile-timeout longer than the default of 60sec. This is now propagated correctly from brainz/api-gw compile-timeout configuration.
Fixes a bug where vcl_path and vmod_path could contain the agent’s base-dir multiple times.
Fix a bug for large VCL files that made the deployment time out.
Make sure exit code is always verified when validating with varnishtest on the agent.
Set TMPDIR environment variable for varnishtest to agent’s base-dir.
Router
Router Trace now includes location that shows the full redirect location (with respect to redirect template).
Router will now log an INFO message if no endpoints are left to route to and also if one endpoint is removed.
Fix a bug where uptime was reported wrong if NTP was not synced before the router started.
CLI
Support for compilation of files via vcli (see vcli file compile -h).
UI
Added Reload VCLGroup feature.
Added Keep on Failure feature in VCLGroups.
Changed how Controller gathers works in the UI.
It is now possbile to restart the tour of the ui in support page via the Explore Controller features.
Fixed showing affected VCLGroups when deploying.
Fixed a bug when when adding domains in VCLGroups using Select all.
Fixed a bug with line chart graphs.
Improved performance and memory-usage in the editor previewing controller-gathers and debug reports.
Version 6.0.3 (2024-05-20)
Agent
Fixed a bug where the TLS version check failed for Varnish versions 6.0.13 and above.
Version 6.0.2 (2024-03-13)
General
Added ownerships to the Controller Gather.
API-GW
Added caching for token validation to increase performance.
UI
Add search field when selecting domains in VCLGroup.
Fixed a bug where selecting a domain in a VCLGroup would only show 20 domains.
Version 6.0.1 (2024-02-28)
General
Output from -generate-config was missing its configuration section, now added correctly again. This affected brainz, agent, router and api-gw binaries.
The agent/router were not syncing updated environment/argument values correctly on restart. This meant
that when changing an environment variable for the router/agent, it was not reflected in the database until any configuration was changed
via the API. This is now fixed.
Brainz
Fix a migration issue that could affect Routing Rules cors_origin and cors_methods becoming lost during 6.0.0 upgrade.
Log entries for transferring an agent/router is now created for generated private tokens.
Agent
Skip verification of BaseURL if no BaseURL certificate is used for the agent.
Fix VTC for compilation of VCLGroups, that could in some cases miss to validate paths to files used by vmods.
UI
Now we always show router permissions, regardless off there is a router license or not.
Fixed a potential memory leak.
Fixed a bug where certificate info details not updating after uploading a new certificate.
Config set now show what options has changed after error on save.
Minor updates and changes to texts and styling.
Version 6.0.0 (2024-02-01)
General
All components built with Go 1.21.6.
Support for TLS certificates in both agents and routers (see Certificates).
Support for configuration of agent/routers via CLI/UI/API (see Config/ConfigSet).
Staging of VCLGroups has been removed.
Permission system reworked and might require some updates of permissions for users/organizations.
Description of statistic counters added (CLI/UI and a new API endpoint to retrieve them).
ErrorKey in API responses has been removed.
Swagger has been updated and now contains enum explanations.
Transfer agents and routers to and from organizations as private.
Statistics JSON data has been lower cased to match other JSON data via the REST API.
As PostgreSQL 11 is EOL from November 9th 2023, we highly recommend upgrading your PostgreSQL server. The Varnish Controller works with the latest version of PostgreSQL. More information can be found here.
Existing lookup-order with tags for routing rules will automatically be converted into tags:<id> and a new routing decision named tagroute will be created for the routing rule.
Improved deployment time.
Improved API filtering.
Brainz
Fixes several database warnings (duplicate keys).
Only token owners can now see shared organizations for a given shared token.
Fixed an issue where statistics could be retrieved for a private agent by a user not owner of the agent.
IDP base_url now has to be the OpenID Connect discovery manifest url. Previously configured IDP are migrated automatically.
JWT private key is now generated with 4096 bits.
Fixed an issue where dashboards in the UI would be cleared when creating a user as an organization administrator.
Extra info level logging for deployment events for routers/agents.
Agent
New flags (backwards compatible with old flags):
varnish-admin-host
varnish-port
varnish-invalidation-port
Varnishtest is now compiling/verifying VCL with same parameters configured in Varnishd.
Router
Instead of two fixed CORS headers that could be configured for HTTP routing, now an open list of headers can be specified. The old configuration is automatically migrated to the new headers field.
Added support to specify a number of DNS replies for DNS request routing.
Added support to exclude specific domains from being routed to or health checked.
Added support to drain traffic from specific Varnish servers to perform for example maintenance.
In some occasions the router would subscribe multiple times to heartbeats from agents. This have now been fixed so that the router only subscribe once per agent.
Tags routing now supports multiple subdecisions.
API-GW
varnishstat endpoints have now been removed please use the stats endpoint as by the deprecation guide.
The following fields have been changed to either return an empty array ([]) or an empty object ({}) in the JSON response.
Invalidations:
headers will be {} instead of null
tags will be [] instead of null
domains will be [] instead of null
paths will be [] instead of null
monitoringReasons will be {} instead of null
brainzErrors will be [] instead of null
Routing rules
healthCheckHeaders will be {} instead of null
headers will be {} instead of null
lookupOrder will be [] instead of null
External routes
healthCheckHeaders will be {} instead of null
Reject routes
httpRespHeaders will be {} instead of null
dnsRespIPv4s will be [] instead of null
dnsRespIPv6s will be [] instead of null
Plugin GRPC
allowedHeaders will be [] instead of null
CLI
vcli commands are now a bit more streamlined and output has been polished.
All vcli inspect commands now return an array of objects.
CIDR/ASN/Geolocation routes in vcli now uses flags without -to-tag (see deprecation).
Where data were previously displayed as a comma separated list in vcli is now instead displayed on separated rows to ease the overview.
The “yes” flag, -y, was missing on several commands such as file update, vg update etc. This has now been added.
New command added to list required permissions for a specific type (e.g. vcli perm requirements agent,vclgroup).
UI
Added support for logging in using IDP and setting up IDP configuration for organizations.
Reworked how we list and add domains in VCLGroups.
Permission view reworked and updated to make it easier to manage.
New items in the main menu for managing Certificates and Config Sets.
Fixed general styling problems.
Fixed an issue regarding detecting includes when file was having duplicate files included.
Fixed an issue regarding automatically addition of file type in detected includes.
Fixed an issue when showing available servers in VCLGroup not updating correctly.