Version 1.1

Upgrading from 1.0

There are no incompatibility issues upgrading from 1.0, but users who disable secure cookies (enabled by default) should migrate to use --cookie-secure=false instead of --cookie-https-only=false.

New Features and Changes

• #40 fix loading environment variables
• #46 allow hiding custom login form when using htpasswd
• #54 documentation fixes (thanks @rhoml)
• #50 support white listing URLs from authentication via -skip-auth-regex (thanks @vishnuchilamakuru)
• #57 new -cookie-http-only setting (thanks @tomtaylor)
• #63 support listening on sockets (thanks @dhowden)
• #66 improve option parsing errors (thanks @mbland)
• #68 new -pass-host-header option (thanks @johnboxall)
• #70 ability to customize the sign-in template (contributions from @Tetsuharu and @hughes)
• #17 fix handling of encoded slashes in request path (contributions from @adrian-gomez)
• #69 make -redirect-uri optional (contributions from @mondotron)
• #71 rename -cookie-https-only to -cookie-secure to remove confusion
• #73 enhanced request access log configurable with -request-logging=false