# Kore 4.2.3

## New features
- Ability to add authenticators to filemaps. [73be741b]
- Python: Add support for CRLs in kore.domain(). [52ff37c5]

## Bug fixes
- The Kore parent process will use the correct exit code if a worker process calls fatalx(). [e2fcedfa]
- Fix a bug in kore.recvmsg() related to the returned length of the ancdata. [f7a76f7e]
- Several bug fixes for concurrency when using Python 3.10.x [f6c54042], [30c86525], [fd94fba]

## Other changes
- Removed useless debug messages all across the board. [a2d312d0]
- Added more format attributes where useful. [5e21de3a]
- Added KORE_TMPDIR define (default /tmp) for single binary builds. [2211bb8f]

# Kore 4.2.2

## Bug fixes
- Fixed incorrect order in kore.connection.x509dict

# Kore 4.2.1

## Bug fixes
- Fixed building single apps with PYTHON=1 flavor set.
- Fixed building Kore with CURL=1 and TLS_BACKEND set to none.
- Fixed TLS client authentication, it incorrectly always returned 403.

# Kore 4.2.0

## Docker images
- Kore now provides official Docker images on [docker hub](https://hub.docker.com/r/kore/kore).

## Changes
- New website!
- Removed OpenSSL 1.0.2 support.
- TLS 1.3 is now the default for tls_version.
- Fixed support for Python 3.10 and higher.
- Kore ships with the ffdhe4096 DH parameters.
- Changed the routing configuration context.
- JSON API error handling functions no longer take a kore_json context as parameter.
- Removed stale out-of-date examples.
- Changed the way the workers log to the parent process.
- Changed kore.domain() and kore.server() for Python API, name is now a keyword, if omitted defaults to "default".
- Added new HTTP APIs for obtaining headers as native C types.
- http_state_create() no longer takes an onfree callback.
- Updated log levels in the ACME process.
- New logfile configuration option, allowing all Kore logs to go to the given file instead of stdout.
- New kodev commands: cflags, ldflags and gen.
- New TLS_BACKEND option to compile without TLS.
- New privsep configuration context.
- New @kore.route("url", methods=[]) decorator in Python API.
- New http_response_json() API function.
- New http_response_close() API function.
- New kore_signal_trap() API function.
- New kore_worker_signal() API hook.
- New kore.connection.x509dict in Python API.
- New koreapp.workerstop, koreapp.workerstart hooks for Python.
- New kore.task_id() for Python, returning current coroutine ID.
- New kore.sigtrap() for Python, trapping a given signal.
- New kore.privsep() for Python, for setting up the new privsep configuration.
- New curlopt keyword for kore.httpclient, allowing setting of specific curl options directly into it.
- New TARGET_PLATFORM environment variable for cross building Linux.
- New on_body, on_headers and on_free route handlers.
- New kore_mem_zero() function.
- New http.protocol() for Python API.
- Removed run_as and root configuration options.
- Removed keymgr_runas and keymgr_root configuration options.
- Removed acme_runas and acme_root configuration options.
- Added ability for parent to send messages via the msg framework to workers.
- Added several new system calls to seccomp whitelist filters.
- Added support for overriding previously set headers with http_response_header().
- Added support for 100 in http_response_* APIs.
- Added new "docker" deployment target for Python.
- Updated the pgsql code to understand PGRES_PIPELINE_SYNC and PGRES_PIPELINE_ABORTED.
- Modified Kore child handling code to wait for processes in its worker process group.
- And much more..

## Bug fixes
- All kore_pool elements are now always properly aligned on a boundary of 8.
- execve() now takes an environment pointer instead of NULL.
- Fixed a problem in kore.socket.recvfrom() Python API.
- Fixed several wrong log messages while parsing configuration.
- Fixed a bug in the kore_http client related to OPTIONS and DELETE methods.
- Fixed potential uninitialised parameter in accesslog.
- Fixed small bugs in several examples.
- Fix bug in several kore_json_create_*() API functions with regards to variadic arguments.
- Fixed dependencies in the Kore Makefile.
- Fixed how Kore obtains paths to openssl on Mac platforms.

# Kore 4.1.0
This minor release improves on internal APIs and has some minor bug fixes.

## New tool: kore-serve
This tool makes it easy to spin up static serving webserver quickly. To build it, run make tools-build and make tools-install.

## JSON API Improvements
- More strict parsing of JSON objects.
- Allow int64_t and uint64_t as JSON numbers.
Additionally the parser has been tested heavily in a security critical product. This work was sponsored by my employer, Tutus Data.

## ACME improvements
- Added and enabled POST-as-GET.
- Fixed a bug on LibreSSL where multi-domain setup could fail to renew certificates.

## Python API improvements
- Adds async socket.recvmsg to the Python API.

## Other changes
- Enabled TLS 1.3 for LibreSSL 3.2.2
- All Kore hooks prototypes now live inside of kore/hooks.h.
- Renamed "foreground" to "kore_foreground".
- Kore will now install its sources under $PREFIX/share/kore, allowing kodev build to build single binaries out of the box.
- kodev source command added (shows the location of the built-in source code).
- Added missing seccomp_tracing to the example configuration.
- Added kore build scripts under misc.
- Linux: added missing seccomp calls for certain platforms.
- Added kore_default_getopt(), which should be called from kore_parent_configure() in single binary builds if you want to retain the argument parsing.

# Kore 4.0.1
This patch release fixes an issue with the accept lock and pulls in a few patches from NetBSD and OpenBSD ports to make maintainer life a little bit easier.

## Important changes
- Pull in NetBSD and OpenBSD ports patches [aaf8be40] [f6af4a27] [3bf589c6]
- Only reset accept_avail if we actually grabbed the accept lock [636469f5]
- Fixed building with multiple make jobs if PYTHON=1 was specified. [85b26533]

## Small changes
- Added BEERS file.
- Fixed a few typos [d9673857]
- Removed lingering x86 seccomp code (Linux) [58247eec]

# Kore 4.0.0
After more then a year it is finally here. The kore 4.0.0 release. It has been a long time coming but real life kept me preoccupied for a long time. But here it is. Kore4 is actually real and I couldn't be more excited.

Quick shoutout to Kore its biggest sponsor, my employer Tutus Data AB.

## Major new features
- Fully priviledge seperated ACME support with Let's Encrypt or any compatible ACME provider.
- A better way of writing Kore Python applications.
- Full seccomp sandboxing for acme, keymgr and worker processes on Linux.
- Ability to mix TLS and non-TLS servers in a single configuration.
- Many improvements to the Python asynchronous runtime.
- Configuration based redirection.
- A complete builtin and easy to use JSON parser.
- Several bug fixes and speed improvements.

## Automatic HTTPS
If Kore is built with ACME=1 it will compile in the ACME support.

See the blog post from a while ago for more details.

Refer to the documentation on how to enable ACME for your domain via the Kore configuration.

## Python applications
With this release, you are able to launch your Kore Python applications directly as an argument to the kore binary. You can skip the entire configuration file and setup everything you need directly from inside your Kore Python application instead.

See the blog post from almost a year ago for more details.

## Python asynchronous runtime changes
- Runtime now under seccomp on Linux.
- Added coroutine tracing debug options.
- Fixed a memory leak in the kore.socket.sendto() routines.
- Fixed a bug where a kore.lock could cause an incorrect coroutine to be woken up.

## JSON API
The kore 4 release includes its own simple to use JSON parser. The parser was written to be easy to understand and review.

See the documentation on how to use this.

## Other
- DEBUG no longer implies NOOPT.
- Removed the NOTLS compile time option.
- Added more examples and updated several others.
- Added a KODEV_MINIMAL option to build without OpenSSL.
- The "static" and "dynamic" keyword have been replaced with "route".
- Moved the libcurl implementation to level triggered i/o to avoid hacks.
- Added a "pretty" HTTP error option.
- Wrapped the size_t for memory allocated in a meminfo structure for the future.
- Fixed a potential stall when reading results from libpq.
- Python objects that can be serialized can now be sent over to other workers.