Previously, this only returned ALLOW if any one of the conditions matched. This behaviour has changed to only return ALLOW if all of the conditions match. I expect this to have some issues with user configs, however this fix is grave enough that it's worth the risk of breaking configs. If this bites you, please let me know so we can make an escape hatch.
Better error messages
In order to make it easier for legitimate clients to debug issues with their browser configuration and Anubis, Anubis will emit internal error detail in base 64 so that administrators can chase down issues. Future versions of this may also include a variant that encrypts the error detail messages.
Bug Fixes
Sometimes the enhanced temporal assurance in #1038 and #1068 could backfire because Chromium and its ilk randomize the amount of time they wait in order to avoid a timing side channel attack. This has been fixed by both increasing the amount of time a client has to wait for the metarefresh and preact challenges as well as making the server side logic more permissive.
What's Changed
docs(installation): add SLOG_LEVEL environment variable to configuration by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1086
docs: document some missing env vars by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1087
build(deps): bump the github-actions group across 1 directory with 8 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1071
fix(robots2policy): handle multiple user agents under one block by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/925
feat(lib/store): add s3api storage backend by @Xe in https://github.com/TecharoHQ/anubis/pull/1089
Xe/demote temporal assurance by @Xe in https://github.com/TecharoHQ/anubis/pull/1090
feat: Warn on missing signing keys when persisting challenges by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1088
docs: add reminder for verified signatures in PR template by @JasonLovesDoggo in https://github.com/TecharoHQ/anubis/pull/1092
build(deps): bump the github-actions group with 4 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1093
security: npm audit fix for GHSA-hfm8-9jrf-7g9w et. al by @Xe in https://github.com/TecharoHQ/anubis/pull/1098
fix(cmd/containerbuild): support commas in --docker-tags by @Xe in https://github.com/TecharoHQ/anubis/pull/1099
feat(lib): Add option for adding difficulty field to JWT claims by @Earl0fPudding in https://github.com/TecharoHQ/anubis/pull/1063
chore: port client-side JS to TypeScript by @Xe in https://github.com/TecharoHQ/anubis/pull/1100
fix(decaymap): fix lock convoy by @Xe in https://github.com/TecharoHQ/anubis/pull/1106
feat(store/bbolt): implement actor pattern by @Xe in https://github.com/TecharoHQ/anubis/pull/1107
feat: allow to set cookie sameSite mode and fallback to Lax mode if cookie is not secure by @vaab in https://github.com/TecharoHQ/anubis/pull/1105
docs: add link to preact in challenge list by @agoujot in https://github.com/TecharoHQ/anubis/pull/1111
ci: add aarch64 for ssh CI by @Xe in https://github.com/TecharoHQ/anubis/pull/1112
ci(ssh): don't print uname -av output by @Xe in https://github.com/TecharoHQ/anubis/pull/1114
feat(expressions): add contentLength to bot expressions by @Xe in https://github.com/TecharoHQ/anubis/pull/1120
fix(run/openrc): truncate runtime directory before starting Anubis by @CyberTailor in https://github.com/TecharoHQ/anubis/pull/1122
build(deps): bump the npm group with 2 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1117
build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1118
Update nl.json removing literal translated cookie 'koekje' with 'cookie' by @jieter in https://github.com/TecharoHQ/anubis/pull/1126
convert issue templates into issue forms by @NetSysFire in https://github.com/TecharoHQ/anubis/pull/1115
build(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible in /test by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1130
feat(metarefresh): randomly use the Refresh header by @Xe in https://github.com/TecharoHQ/anubis/pull/1133
Add Door43 link to known instances documentation by @richmahn in https://github.com/TecharoHQ/anubis/pull/1136
fix: mend auth cookie name stutter by @Xe in https://github.com/TecharoHQ/anubis/pull/1139
Update Nynorsk translation by @turtlegarden in https://github.com/TecharoHQ/anubis/pull/1143
feat: support reading real client IP from a custom header by @avioletheart in https://github.com/TecharoHQ/anubis/pull/1138
enable auto setting of SNI based on host header by @jmcclelland in https://github.com/TecharoHQ/anubis/pull/1129
fix(lib): enable multiple consecutive slash support by @Xe in https://github.com/TecharoHQ/anubis/pull/1155
build(deps-dev): bump esbuild from 0.25.9 to 0.25.10 in the npm group by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1147
build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1132
build(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1131
fix(lib): serve CSS properly by @Xe in https://github.com/TecharoHQ/anubis/pull/1158
fix(default-config): make the default config far less paranoid by @Xe in https://github.com/TecharoHQ/anubis/pull/1179
fix(default-config): remove preact challenge by @Xe in https://github.com/TecharoHQ/anubis/pull/1184
feat: default config macro by @Xe in https://github.com/TecharoHQ/anubis/pull/1186
fix(lib): de-flake package lib tests by @Xe in https://github.com/TecharoHQ/anubis/pull/1187
Updated REDIRECT_DOMAINS documentation by @zc-devs in https://github.com/TecharoHQ/anubis/pull/1171
fix(default-config): sometimes browsers don't send Upgrade-Insecure-Requests by @Xe in https://github.com/TecharoHQ/anubis/pull/1189
fix(algorithms/fast): fix fast challenge on insecure contexts by @Xe in https://github.com/TecharoHQ/anubis/pull/1198
Xe/show error state by @Xe in https://github.com/TecharoHQ/anubis/pull/1203
locale: Update Nynorsk translation by @turtlegarden in https://github.com/TecharoHQ/anubis/pull/1204
docs: point get started button to the per-environment setup docs by @Xe in https://github.com/TecharoHQ/anubis/pull/1213
fix(store/bbolt): remove actorify by @Xe in https://github.com/TecharoHQ/anubis/pull/1215
feat(default-config): block tencent cloud by default by @Xe in https://github.com/TecharoHQ/anubis/pull/1216
link to docs site from readme by @pushcx in https://github.com/TecharoHQ/anubis/pull/1214
fix!(policy/checker): make List and-like by @Xe in https://github.com/TecharoHQ/anubis/pull/1217
chore: remove copilot instructions by @Xe in https://github.com/TecharoHQ/anubis/pull/1218
build(deps): bump the github-actions group across 1 directory with 6 updates by @dependabot[bot] in https://github.com/TecharoHQ/anubis/pull/1221
fix(lib): close open redirect when in subrequest mode by @Xe in https://github.com/TecharoHQ/anubis/pull/1222
New Contributors
@vaab made their first contribution in https://github.com/TecharoHQ/anubis/pull/1105
@agoujot made their first contribution in https://github.com/TecharoHQ/anubis/pull/1111
@NetSysFire made their first contribution in https://github.com/TecharoHQ/anubis/pull/1115
@richmahn made their first contribution in https://github.com/TecharoHQ/anubis/pull/1136
@avioletheart made their first contribution in https://github.com/TecharoHQ/anubis/pull/1138
@jmcclelland made their first contribution in https://github.com/TecharoHQ/anubis/pull/1129
@zc-devs made their first contribution in https://github.com/TecharoHQ/anubis/pull/1171
@pushcx made their first contribution in https://github.com/TecharoHQ/anubis/pull/1214
Full Changelog: https://github.com/TecharoHQ/anubis/compare/v1.22.0...v1.23.0