v2.3.0

• Feature: Allow blacklist of cookies evaluable in ESI variable expansion
• Bugfix: Fix occasional truncated body storage on chunked responses

v2.2.1

• Bugfix: It is no longer possible to send Cookie or Authorization headers to ESI requests on another domain, unless explicitly added in manually using the before_esi_include_request event.
• Bugfix: ESI requests on the same domain would previously "loopback" to the current server_addr and server_port even if the scheme was different. We now check the scheme matches too before making this optimisation.
• Feature: ESI "loopback" can now be disabled with esi_attempt_loopback.

v2.2.0

• New config options to disable ESI includes to third party domains, and to whitelist allowed domains.
• Minor tweaks to test framework for reliability

v2.1.4

Fix request leak with upstream sockets when downstream sockets are prematurely aborted.

v2.1.3

Fix crash with multiple Date response headers

v2.1.2

Fixes some issues around SSRF and XSS exploits when using ESI variables

v2.1.1

Bugfix: On cache read if the current key is missing from the repset (e.g. evicted) re-add it.
An evicted or incomplete repset causes incomplete or failed purging.

v2.1.0

• Feature: Vary support

v2.1.0-rc1

Increment version

v2.1.0 beta1

• Feature: Vary support
• Feature: JSON Purge API