Per upstream:

>Reverse proxy got a lot of love with certain edge cases related to PROXY protocol, health check port, and closing body on retries. Dynamic upstreams are now tracked which enables passive health checking.
>Performance improvements for metrics.
>New tls_resolvers global option to control DNS resolvers for all sites when using the ACME DNS challenge.
>Log rolling now supports zstd compression; deprecated roll_gzip, which will be removed in the future. Use roll_compression instead.
>Refined logging and some error messages.
>Fixed a bug in rewrite handler that could cause some URIs to not be rewritten when URI path is an escaped form of target path. Thanks to @MaherAzzouzi for the report.
>Security fixes

>This release fixes two CVEs.

>@NucleiAv reported a bug in the forward_auth directive that could permit identity injection and potential privilege escalation.
>@sammiee5311 reported that vars_regexp double-expanded placeholders, allowing some unusual configs to reveal secrets.

Please find diff attached. OK?

• caddy.diff (2K)