v2.8.3
Security warning: take a closer look at new option allowed_origins
if you are using connect proxy feature.
No backwards incompatible changes here.
Improvements:
- Possibility to set
allowed_origins
option (#431). This option allows setting an array of allowed origin patterns (array of strings) for WebSocket and SockJS endpoints to prevent Cross site request forgery attack. This can be especially important when using connect proxy feature. If you are using JWT authentication then you should be safe. Note, that since you get an origin header as part of proxy request from Centrifugo it's possible to check allowed origins without upgrading to Centrifugo v2.8.3. See docs for more details about this new option - Multi-arch Docker build support - at the moment for
linux/amd64
andlinux/arm64
. See #433
Centrifugo v2.8.3 based on latest Go 1.16.2, Centrifugo does not vendor its dependencies anymore.
Docker images
docker pull centrifugo/centrifugo:v2.8.3
docker pull centrifugo/centrifugo:v2
docker pull centrifugo/centrifugo:v2.8
docker pull centrifugo/centrifugo:latest