Search
Varnish Controller

Version 6

Version 6.0.1 (2024-02-28)

General

  • Output from -generate-config was missing its configuration section, now added correctly again. This affected brainz, agent, router and api-gw binaries.
  • The agent/router were not syncing updated environment/argument values correctly on restart. This meant that when changing an environment variable for the router/agent, it was not reflected in the database until any configuration was changed via the API. This is now fixed.

Brainz

  • Fix a migration issue that could affect Routing Rules cors_origin and cors_methods becoming lost during 6.0.0 upgrade.
  • Log entries for transferring an agent/router is now created for generated private tokens.

Agent

  • Skip verification of BaseURL if no BaseURL certificate is used for the agent.
  • Fix VTC for compilation of VCLGroups, that could in some cases miss to validate paths to files used by vmods.

UI

  • Now we always show router permissions, regardless off there is a router license or not.
  • Fixed a potential memory leak.
  • Fixed a bug where certificate info details not updating after uploading a new certificate.
  • Config set now show what options has changed after error on save.
  • Minor updates and changes to texts and styling.

Version 6.0.0 (2024-02-01)

General

  • All components built with Go 1.21.6.
  • Support for TLS certificates in both agents and routers (see Certificates).
  • Support for configuration of agent/routers via CLI/UI/API (see Config/ConfigSet).
  • Staging of VCLGroups has been removed.
  • Permission system reworked and might require some updates of permissions for users/organizations.
  • Description of statistic counters added (CLI/UI and a new API endpoint to retrieve them).
  • ErrorKey in API responses has been removed.
  • Swagger has been updated and now contains enum explanations.
  • Transfer agents and routers to and from organizations as private.
  • Statistics JSON data has been lower cased to match other JSON data via the REST API.
  • As PostgreSQL 11 is EOL from November 9th 2023, we highly recommend upgrading your PostgreSQL server. The Varnish Controller works with the latest version of PostgreSQL. More information can be found here.
  • Existing lookup-order with tags for routing rules will automatically be converted into tags:<id> and a new routing decision named tagroute will be created for the routing rule.
  • Improved deployment time.
  • Improved API filtering.

Brainz

  • Fixes several database warnings (duplicate keys).
  • Only token owners can now see shared organizations for a given shared token.
  • Fixed an issue where statistics could be retrieved for a private agent by a user not owner of the agent.
  • IDP base_url now has to be the OpenID Connect discovery manifest url. Previously configured IDP are migrated automatically.
  • JWT private key is now generated with 4096 bits.
  • Fixed an issue where dashboards in the UI would be cleared when creating a user as an organization administrator.
  • Extra info level logging for deployment events for routers/agents.

Agent

  • New flags (backwards compatible with old flags):
    • varnish-admin-host
    • varnish-port
    • varnish-invalidation-port
  • Varnishtest is now compiling/verifying VCL with same parameters configured in Varnishd.

Router

  • Instead of two fixed CORS headers that could be configured for HTTP routing, now an open list of headers can be specified. The old configuration is automatically migrated to the new headers field.
  • Added support to specify a number of DNS replies for DNS request routing.
  • Added support to exclude specific domains from being routed to or health checked.
  • Added support to drain traffic from specific Varnish servers to perform for example maintenance.
  • In some occasions the router would subscribe multiple times to heartbeats from agents. This have now been fixed so that the router only subscribe once per agent.
  • Tags routing now supports multiple subdecisions.

API-GW

  • varnishstat endpoints have now been removed please use the stats endpoint as by the deprecation guide.
  • The following fields have been changed to either return an empty array ([]) or an empty object ({}) in the JSON response.
    • Invalidations:
      • headers will be {} instead of null
      • tags will be [] instead of null
      • domains will be [] instead of null
      • paths will be [] instead of null
      • monitoringReasons will be {} instead of null
      • brainzErrors will be [] instead of null
    • Routing rules
      • healthCheckHeaders will be {} instead of null
      • headers will be {} instead of null
      • lookupOrder will be [] instead of null
    • External routes
      • healthCheckHeaders will be {} instead of null
    • Reject routes
      • httpRespHeaders will be {} instead of null
      • dnsRespIPv4s will be [] instead of null
      • dnsRespIPv6s will be [] instead of null
    • Plugin GRPC
      • allowedHeaders will be [] instead of null

CLI

  • vcli commands are now a bit more streamlined and output has been polished.
  • All vcli inspect commands now return an array of objects.
  • CIDR/ASN/Geolocation routes in vcli now uses flags without -to-tag (see deprecation).
  • Where data were previously displayed as a comma separated list in vcli is now instead displayed on separated rows to ease the overview.
  • The “yes” flag, -y, was missing on several commands such as file update, vg update etc. This has now been added.
  • New command added to list required permissions for a specific type (e.g. vcli perm requirements agent,vclgroup).

UI

  • Added support for logging in using IDP and setting up IDP configuration for organizations.
  • Reworked how we list and add domains in VCLGroups.
  • Permission view reworked and updated to make it easier to manage.
  • New items in the main menu for managing Certificates and Config Sets.
  • Fixed general styling problems.
  • Fixed an issue regarding detecting includes when file was having duplicate files included.
  • Fixed an issue regarding automatically addition of file type in detected includes.
  • Fixed an issue when showing available servers in VCLGroup not updating correctly.