Security alert
The fix introduced on v1.6.0 (#564) still had a bug allowing any IP to bypass basic http auth in case an IP whitelist was set, regardless the IP was matching the IP or not. This release include the fix for the bug.
What's Changed
- server/server.go: use TLS config provided by acme/autocert by @stefanbenten in #567
- Bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in #581
- deps: remove ioutil package by @ginglis13 in #583
- Bump google.golang.org/grpc from 1.53.0 to 1.56.3 by @dependabot in #586
- Fixes transfer() issues by @luizluca in #579
- Add new example by @AdamsGH in #574
New Contributors
- @ginglis13 made their first contribution in #583
- @luizluca made their first contribution in #579
- @AdamsGH made their first contribution in #574
Full Changelog: v1.6.0...v1.6.1
Contributors
luizluca, stefanbenten, and 3 other contributors