Ledgetech Ledge Versions Save

• Feature: Allow blacklist of cookies evaluable in ESI variable expansion
• Bugfix: Fix occasional truncated body storage on chunked responses

• Bugfix: It is no longer possible to send Cookie or Authorization headers to ESI requests on another domain, unless explicitly added in manually using the before_esi_include_request event.
• Bugfix: ESI requests on the same domain would previously "loopback" to the current server_addr and server_port even if the scheme was different. We now check the scheme matches too before making this optimisation.
• Feature: ESI "loopback" can now be disabled with esi_attempt_loopback.

• New config options to disable ESI includes to third party domains, and to whitelist allowed domains.
• Minor tweaks to test framework for reliability

Fix request leak with upstream sockets when downstream sockets are prematurely aborted.

Fix crash with multiple Date response headers

Fixes some issues around SSRF and XSS exploits when using ESI variables

Bugfix: On cache read if the current key is missing from the repset (e.g. evicted) re-add it. An evicted or incomplete repset causes incomplete or failed purging.

• Feature: Vary support

• Feature: Vary support
• Feature: JSON Purge API