Diffusion FreeBSD ports repository 480501bc199e

www/caddy: Update to 2.11.4 (security)
480501bc199e
Actions

Description

www/caddy: Update to 2.11.4 (security)

Changes:

Security-related patches:
- caddyhttp: Normalize Windows backslashes in path matcher (thanks
  @Vincent550102)
- rewrite: Prevent placeholder re-expansion in injected query
  (thanks @WhiskerEnt)
- templates: Improved stripHTML action to more reliably remove
  malformed HTML (thanks to @jmrcsnchz)
- caddyhttp: Ignore header fields with underscores to prevent
  collisions (thanks @Vincent550102 for the report and @dunglas for
  the patch)

  NB: These security patches may be breaking if your application
  relies on the buggy behaviors.

What's Changed:
- reverseproxy: further prevent body closes from dial errors by
  @jameshartig in #7715
- caddytls: Fix client auth (fix #7724) by @mholt in #7727
  chore: deps upgrade by @mohammed90 in #7751
- caddyhttp: omit Last-Modified for unusable mod times by @bb4242 in
  #7740
- caddytls: fix TLS state races and ECH rotation retry by @broady in
  #7756
- chore: clean up wording and typo fixes by @steadytao in #7745
- reverseproxy: Add regression test for DialInfo network override by
  @eyupcanakman in #7758
- caddyauth: add candidate placeholders for rejected identities by
  @steadytao in #7698
- cmd: support caddy start on IPv6-only hosts by @steadytao in #7744
- caddyfile: preserve implicit TLS issuer semantics by @steadytao in
  #7743
- reverseproxy: wraps request body to prevent closing if not read by
  @WeidiDeng in #7719
- caddytls: match IDN SNI in connection policies by @steadytao in
  #7742
- build(deps): bump the all-updates group across 1 directory with
  9 updates by @dependabot[bot] in #7752
- caddyhttp: normalize Windows backslashes in path matcher by
  @Vincent550102 in #7763
- go.mod: update x/net by @steadytao in #7767
- rewrite: prevent placeholder re-expansion in injected query by
  @WhiskerEnt in #7761
- perf(replacer): optimize memory allocation for file placeholders
  by @Jualhosting in #7773
- caddytls: skip idna.ToASCII for pure ASCII SNI values by
  @sleet0922 in #7770
- encode: prioritize zstd and br over gzip in content negotiation by
  @Jualhosting in #7772
- httpcaddyfile: fix incorrect error message on duplicate matchers
  by @Brunotlps in #7780
- Patch for GHSA-vcc4-2c75-vc9v by @jmrcsnchz in #7785