add http server root password protection (#757)

- Feature: Added `--security-config-path` option to zenserver to configure security settings - Expects a path to a .json file - Default is an empty path resulting in no extra security settings and legacy behavior - Current support is a top level filter of incoming http requests restricted to the `password` type - `password` type will check the `Authorization` header and match it to the selected authorization strategy - Currently the security settings is very basic and configured to a fixed username+password at startup { "http" { "root": { "filter": { "type": "password", "config": { "password": { "username": "<username>", "password": "<password>" }, "protect-machine-local-requests": false, "unprotected-uris": [ "/health/", "/health/info", "/health/version" ] } } } } }
author: Dan Engelbrecht <[email protected]> 2026-02-17 14:00:53 +0100
committer: GitHub Enterprise <[email protected]> 2026-02-17 14:00:53 +0100
commit: 5e1e23e209eec75a396c18f8eee3d93a9e196bfc (patch)
tree: 31b2b3938468aacdb0621e8b932cb9e9738ee918 /CHANGELOG.md
parent: misc fixes brought over from sb/proto (#759) (diff)
download: zen-5e1e23e209eec75a396c18f8eee3d93a9e196bfc.tar.xz
zen-5e1e23e209eec75a396c18f8eee3d93a9e196bfc.zip
1 files changed, 29 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 487d45fef..c2fe710a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,33 @@
 ##
+- Feature: Added `--security-config-path` option to zenserver to configure security settings
+  - Expects a path to a .json file
+  - Default is an empty path resulting in no extra security settings and legacy behavior
+  - Current support is a top level filter of incoming http requests restricted to the `password` type
+  - `password` type will check the `Authorization` header and match it to the selected authorization strategy
+  - Currently the security settings is very basic and configured to a fixed username+password at startup
+
+        {
+            "http" {
+                "root": {
+                    "filter": {
+                        "type": "password",
+                        "config": {
+	                          "password": {
+	                              "username": "<username>",
+	                              "password": "<password>"
+	                          },
+                            "protect-machine-local-requests": false,
+	                          "unprotected-uris": [
+	                              "/health/",
+	                              "/health/info",
+	                              "/health/version"
+	                          ]
+                        }
+                    }
+                }
+            }
+        }
+
 - Improvement: Reduced time project and project oplogs are locked during GC and Validation
 - Improvement: `zen` now supports additional configuration of logging options, such as `--log-warn=...` for configuring log levels, etc (see `zen --help`)
author	Dan Engelbrecht <[email protected]>	2026-02-17 14:00:53 +0100
committer	GitHub Enterprise <[email protected]>	2026-02-17 14:00:53 +0100
commit	5e1e23e209eec75a396c18f8eee3d93a9e196bfc (patch)
tree	31b2b3938468aacdb0621e8b932cb9e9738ee918 /CHANGELOG.md
parent	misc fixes brought over from sb/proto (#759) (diff)
download	zen-5e1e23e209eec75a396c18f8eee3d93a9e196bfc.tar.xz zen-5e1e23e209eec75a396c18f8eee3d93a9e196bfc.zip