Upgrade CVE

What's Changed

• Upgrade Packages - (mediums revolved - 1 high) by @Jholderdevops in #154

New Contributors

• @Jholderdevops made their first contribution in #154

Full Changelog: v4.4.0...v4.4.1

v4.4.0 - Component Upgrades

Core Components Upgraded

• OpenResty: 1.19.3.2 -> 1.27.1.2
  • Includes nginx upgrade: 1.19.3 -> 1.27.1
• NAXSI: 1.3-> 1.7
  • Switched to actively maintained wargio/naxsi fork
• LuaRocks: 3.7.0 -> 3.12.0

v4.3.1

Fix some of the numeric fields been logged as string data type instead of numeric

v4.3.0

Notable Changes

• Upgrade base image from CentOS 8 to AlmaLinux 9.5
• Upgrade GeoIP Update CLI from v4.7.1 to v7.1.0
• Upgrade the image used for testing from mockingjay-server:1.9.0 to mockingjay-server:1.12.0
• Update UUID generation in Lua code to work with newer OpenResty/Nginx versions
• Commented out the "latest" tag in publish.sh as a best practice.

v4.2.0

Merge pull request #143 from chriswilliams13/http2_enabling

Added initial http2 functionality

v4.1.2

Update 418 request denied pages so a FEEDBACK_EMAIL can be added, also to add a little more description in the case of a NAXSI rule failure for the user.

V4.1.0

Merge pull request #138 from UKHomeOffice/issue-2239

parameterised ssl_session_timeout

v4.0.1

Changes:

• Update OpenResty to v1.19.3.2 to patch CVE-2021-23017

v4.0.0

Changes:

• Correct the name for the STATSD_METRICS variable (was previously STATSD_METRICS_ENABLED, which didn't have the desired effect)
• Update GeoIP package to v3.3
• Update GeoIPUpdate package to v4.7.1
• Update LuaRocks package to v3.7.0
• Update Naxsi package to v1.3
• Update OpenResty to v1.19.3.1

Security patch

Rebuild container to pick up latest patches