|
|
41cf6ccc49
|
fix(deps): upgrade pingora 0.7→0.8 and aws-lc-sys to patch CVEs
- pingora* 0.7.0 → 0.8.0: fixes CVE-2026-2833 (HTTP request smuggling
via premature connection closure, CRITICAL)
- aws-lc-sys 0.37.1 → 0.38.0: fixes GHSA-65p9-r9h6-22vj (timing
side-channel in AES-CCM tag verification, HIGH)
Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
|
2026-03-10 23:38:19 +00:00 |
|
|
|
6ec0f78a5b
|
feat: initial sunbeam-proxy implementation
Custom Pingora-based edge proxy for the Sunbeam infrastructure stack.
- HTTPS termination: mkcert file-based (local dev) or rustls-acme ACME (production)
- Host-prefix routing with path-based sub-routing (auth virtual host)
- HTTP→HTTPS redirect, WebSocket passthrough
- cert-manager HTTP-01 challenge routing via Kubernetes Ingress watcher
- TLS cert auto-reload via K8s Secret watcher
- JSON structured audit logging (tracing-subscriber)
- OpenTelemetry OTLP stub (disabled by default)
- Multi-stage Dockerfile: musl static binary on chainguard/static distroless image
Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
|
2026-03-10 23:38:19 +00:00 |
|
