diff --git a/Release.md b/Release.md index c42987d3..58fb4358 100644 --- a/Release.md +++ b/Release.md @@ -1,3 +1,18 @@ -## Fixes +## Compatibility Policy -* Fixed a configuration-dependent authentication bypass in `type = "http"` proxies when `routeByHTTPUser` is used together with `httpUser` / `httpPassword`. This affected proxy-style requests. Proxy-style authentication failures now return `407 Proxy Authentication Required`. +Starting with v0.69.0, each minor release is supported until there are nine newer minor releases. For example, v0.69.0 will be supported until v0.78.0 is released. Within this window, frpc v0.69.0 is guaranteed to work with any frps from v0.61.0 to v0.77.0, and vice versa. Patch releases within the same minor are always compatible. Versions outside the support window may continue to work on a best-effort basis, but compatibility is no longer guaranteed. + +For mixed-version deployments, upgrade frps first, then upgrade frpc. This keeps the server side ready for newer client-side protocol behavior before clients start using it. + +## Notes + +This release introduces wire protocol v2 as a transition path for future frpc/frps protocol changes. The existing wire protocol is difficult to extend without compatibility risk, and upcoming changes, including replacing deprecated stream encryption methods, require a versioned protocol. + +**The default value of `transport.wireProtocol` remains `v1` in this release, but it will switch to `v2` in the next release.** Users can keep the default for now. To test v2 early, upgrade both frpc and frps to versions that support it, then set `transport.wireProtocol = "v2"` in frpc. A v2-enabled frpc cannot connect to an older frps. + +v1 will be deprecated when v2 becomes the default in the next release. It will continue to be supported until v0.78.0 is released, and may be removed in v0.78.0 or later. + +## Features + +* Added `transport.wireProtocol` for frpc to select the internal message protocol used between frpc and frps. Supported values are `v1` and `v2`. +* Added client protocol visibility in the frps dashboard and `/api/clients` API. Online clients now report their negotiated protocol as `v1` or `v2`. diff --git a/doc/deprecations.md b/doc/deprecations.md new file mode 100644 index 00000000..a5d394c5 --- /dev/null +++ b/doc/deprecations.md @@ -0,0 +1,38 @@ +# Deprecations + +This document tracks deprecated features and APIs that are still shipped but scheduled for removal. Maintainers should review this list before each release to decide whether any items are due for removal. + +For the version compatibility policy that bounds these support windows, see the latest `Release.md`. + +## Active + +### Wire protocol v1 + +- **Deprecated since:** v0.70.0 (planned, when v2 becomes the default). +- **Removal target:** v0.78.0 or later. v0.69.0 (the last release where v1 is the default) is supported until v0.78.0 is released, so v0.77.0 is the last release that must keep v1 support. +- **Replacement:** wire protocol v2 (`transport.wireProtocol = "v2"` in frpc). +- **Code references:** v1 message types and codec under `pkg/msg/` and the protocol negotiation path in `client/` and `server/`. +- **Notes:** Removing v1 will also drop compatibility with any frpc/frps that does not negotiate v2. + +### INI configuration format + +- **Deprecated since:** predates this document; startup warning has been in place for several releases. +- **Removal target:** TBD. +- **Replacement:** YAML / JSON / TOML. +- **Code references:** + - `cmd/frpc/sub/root.go` — frpc startup warning. + - `cmd/frps/root.go` — frps startup warning. + - `pkg/config/legacy/` — legacy INI parser; remove together with the warnings. + +### Visitor connections without `runID` + +- **Deprecated since:** v0.50.0 (when `runID` was introduced). +- **Removal target:** TBD. +- **Replacement:** require `runID` on every visitor connection. +- **Code references:** + - `server/service.go` — `RegisterVisitorConn` still accepts empty `runID` for backward compatibility. +- **Notes:** Removal will break frpc clients released before v0.50.0. Schedule for a release where dropping pre-v0.50.0 frpc is acceptable. + +## Removed + +_None yet._ diff --git a/pkg/plugin/client/http_proxy.go b/pkg/plugin/client/http_proxy.go index 0f6b55f4..2cb22bbe 100644 --- a/pkg/plugin/client/http_proxy.go +++ b/pkg/plugin/client/http_proxy.go @@ -107,13 +107,7 @@ func (hp *HTTPProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) { return } - if req.Method == http.MethodConnect { - // deprecated - // Connect request is handled in Handle function. - hp.ConnectHandler(rw, req) - } else { - hp.HTTPHandler(rw, req) - } + hp.HTTPHandler(rw, req) } func (hp *HTTPProxy) HTTPHandler(rw http.ResponseWriter, req *http.Request) { @@ -135,33 +129,6 @@ func (hp *HTTPProxy) HTTPHandler(rw http.ResponseWriter, req *http.Request) { } } -// deprecated -// Hijack needs to SetReadDeadline on the Conn of the request, but if we use stream compression here, -// we may always get i/o timeout error. -func (hp *HTTPProxy) ConnectHandler(rw http.ResponseWriter, req *http.Request) { - hj, ok := rw.(http.Hijacker) - if !ok { - rw.WriteHeader(http.StatusInternalServerError) - return - } - - client, _, err := hj.Hijack() - if err != nil { - rw.WriteHeader(http.StatusInternalServerError) - return - } - - remote, err := net.Dial("tcp", req.URL.Host) - if err != nil { - http.Error(rw, "Failed", http.StatusBadRequest) - client.Close() - return - } - _, _ = client.Write([]byte("HTTP/1.1 200 OK\r\n\r\n")) - - go libio.Join(remote, client) -} - func (hp *HTTPProxy) Auth(req *http.Request) bool { if hp.opts.HTTPUser == "" && hp.opts.HTTPPassword == "" { return true diff --git a/pkg/util/version/version.go b/pkg/util/version/version.go index 14f04ede..ca109b02 100644 --- a/pkg/util/version/version.go +++ b/pkg/util/version/version.go @@ -14,7 +14,7 @@ package version -var version = "0.68.1" +var version = "0.69.0" func Full() string { return version