JPKCom DB
View on GitHub

Changelog — localproxy

Version history of localproxy — the local HTTP proxy for the JPKCom Developer Tools.

Version history of proxy-jpkcom-dev-tools. Entries are taken verbatim from the project's README. A hands-on guide with tips is available in the project guide.

v1.0.5

  • Built with Go 1.26.4 — picks up upstream stdlib fixes for crypto/tls, crypto/x509, net/http, and the runtime
  • go.mod toolchain directive bumped from go 1.26.3 to go 1.26.4

v1.0.4

  • Built with Go 1.26.3 — picks up upstream stdlib fixes for crypto/tls, crypto/x509, net/http, and the runtime
  • go.mod toolchain directive bumped from go 1.26.0 to go 1.26.3

v1.0.3

  • Hardened /inspect and /page body decompression: the decompressed stream is now also capped at --max-mb, preventing zip-bomb-style payloads where a small compressed body would expand to gigabytes of memory
  • Breaking (JSON shape): /inspect and /page now return headers as map[string][]string (JSON arrays of values) instead of map[string]string (joined with ", "). This fixes RFC 6265 §3 — multiple Set-Cookie headers used to be joined with ", ", producing an unparseable string because cookie expiry dates contain literal commas (e.g. expires=Sun, 27 Apr 2025 14:03:58 GMT). Browser-side consumers should access values via headers["X"][0] for single-value or headers["X"].join(", ") for display. A Array.isArray() guard makes code compatible with both old and new format.
  • CI now runs staticcheck ./... on linux/amd64 before producing release binaries; any finding blocks the release
  • Code formatted with gofmt -w (struct alignment cleanup)

v1.0.2

  • Built with Go 1.26.2 — includes upstream security fixes for crypto/tls, crypto/x509, net/url, and net/http
  • CI now runs go test -race -v ./... on linux/amd64 before producing release binaries; failed tests block the release
  • Expanded README testing section with -race and -cover examples and a summary of what main_test.go covers

v1.0.1

  • Added --version CLI flag to print version information
  • Added /version endpoint returning version, license, author, and repo as JSON
  • Added GPL-2.0-or-later license
  • Startup banner now shows version, license, author, and repository URL
  • Startup banner groups Address/Token, DNS/Origins, and License/Author/Repo into visually separated sections
  • Fixed resource safety: response body in redirect chain tracing is now closed immediately after receiving the response
  • Added FreeBSD (amd64, arm64), OpenBSD (amd64), and NetBSD (amd64) release binaries

v1.0.0

  • Initial release
  • Streaming proxy (/proxy), metadata inspection (/inspect), full page analysis (/page)
  • Per-session cryptographic token authentication
  • Origin allowlist, SSRF protection, configurable DNS resolver
  • CORS with Private Network Access support
  • Cross-platform binaries via GitHub Actions