Skip to content
Snakeway Logo Snakeway Logo Snakeway

v0.6.0 Release Notes

Highlights

Section titled “Highlights”

  • New built-in Network Policy device (L7 allow/deny by client identity)

    • Add a network_policy_device to enforce CIDR-based allow/deny decisions at the HTTP layer.
    • Includes forwarded-request handling controls (e.g., whether to allow forwarded requests and what to do when forwarded headers are invalid).

  • New built-in Request Rate Limiting device (L7)

    • Add a request_rate_limiting_device to cap request volume per client over a rolling time window.

  • Listener-level connection controls

    • Connection filtering (CIDR allow/deny + IP family controls + behavior when peer address is missing).
    • Connection rate limiting to cap new connections per client per window.
    • These are configured under your listener bind block, so you can enforce them before requests even reach routing/devices.

  • WASM tooling renamed and clarified

    • The CLI command previously surfaced as “plugin” tooling is now presented as WASM device tooling to match Snakeway’s “device” model.

  • Docs overhaul focused on “how to operate Snakeway”

    • Device configuration docs were reorganized under /configuration/devices/*.
    • New/updated guides for CLI usage, WASM device authoring, and runtime logging.

Everything Else

Section titled “Everything Else”

  • Config scaffolding and templates

    • The repo now includes config templates for common devices (identity, network policy, request filtering, request rate limiting, structured logging) and ingress examples.
    • snakeway config init uses embedded templates to generate a starter config directory (useful for first-run setup and repeatable environments).

  • Config dump improvements

    • snakeway config dump supports emitting both “spec” (as-written config) and “runtime” (lowered internal representation) to help debug what Snakeway actually loaded.

  • Routing and service spec ergonomics

    • Service route settings were refined (for example, websocket connection limits can be expressed as an optional field where applicable).

  • Dependency upgrades that matter to operators

    • Upgraded the underlying Pingora dependency line and related runtime components, which is groundwork for newer networking features and future performance work.
    • WASM toolchain dependencies were updated to newer versions, aligning with current WASI/WIT tooling.

  • Tests and fixtures refreshed

    • Expanded integration coverage for newly added devices and network-level controls to reduce regressions in “real proxy” scenarios.

If you are upgrading from v0.5.4:

  • Review any configs that previously relied on “plugin” CLI naming—use the WASM device command naming going forward.
  • If you want connection-level admission control, move those policies into the listener bind configuration (connection filter / connection rate limiting).
  • If you want request-level admission control, enable the new L7 devices (Network Policy / Request Rate Limiting) in devices.d/.