Version 0.6.2

Security

• Update time to a patched version regarding CVE-2026-25727 (I did not find any usage of the vulnerable parts)

Version 0.6.1

Fixed

• Set config defaults to provide backwards compatibility

Version 0.6.0

Added

• TLS certificate validity (expiration, revokation) check
• include_subdomains option to filter config

Version 0.5.3

Fixed

• COPR package rpkg build (no effect on the source code at all)

Version 0.5.2

Changed

• Replace crate confy with config for better backwards compatibility when extending the config file (NOTE: the config file will not be generated any more if missing)

Fixed

• Minor issues with SPEC file and Fedora Packaging Guidelines
• Build compatibility with distro's native Cargo (older version, thus Rust edition 2021 compatibility necessary)

Version 0.5.1

Added

• Configuration file reference
• Grafana dashboard example

Changed

• Update imap dependency to pre-release version since latest stable has outdated and vulnerable dependencies

Fixed

• Some SMTP TLS Reports could not be parsed:
  • Content-Encoding/Content-Type mismatch: Content-Encoding != 'gzip' && Content-type == 'application/tlsrpt+gzip'
  • Some report senders (e.g. Google) skip failure_details property if there are no failures
• Log raw SMTP TLS Reports payload on parse error
• Compatibility issues with RPM SPEC file

Version 0.5.0

Added

• Domain filter for incoming reports to block spam
• Derivation of additional metrics:
  • host, path and query of the origin URL
  • browser name and version as well as OS name and version based on user agent

Changed

• Default log level in service file from info to debug (actix logs validation errors as debug)

Fixed

• Handling of CSP report with level 2 content type and level 3 payload

Version 0.4.0

The new DMARC support requires some config file changes. By default it is disabled, since it requires IMAP credentials.

Added

• Support for the following types of reports:
  • DMARC

Changed

• Improve config file change handling by implementing default

Version 0.3.0

Added

• Support for the following types of reports:
  • COEP
  • COOP
• CHANGELOG.md

Changed

• Major restructuring to parse Reporting API reports more flexible
  • Support for single as well as multiple reports (JSON object vs. array of objects)
  • Single endpoint to handle all Reporting API based reports

Deprecated

• The following endpoints should be replaced by /reporting-api and will be removed in one of the following releases
  • /crash
  • /deprecation
  • /integrity
  • /intervention
  • /nel
  • /permissions

Fixed

• Binary path in service file
• Alloy config not dropping all the log statements any more

Version 0.2.0

Added

• Support for integrity-violation, intervention and permissions-policy-violation types of reports
• CONTRIBUTING.md
• RPM package build resources
• Grafana Alloy example config
• logrotate config (included in RPM package)
• Info about logging format to README.md
• Tests for parsers based on examples from RFCs, W3Cs and MDN

Changed

• Output format of reports in log files is closer to original report formats now

Fixed

• NEL report parsing:
  • sampling_fraction is actually a float and not unsigned int
  • url is actually optional