Download Latest Version v1.6.11 source code.tar.gz (102.1 MB)
Email in envelope

Get an email when there's a new version of BunkerWeb

Home / v1.6.10-rc5
Name Modified Size InfoDownloads / Week
Parent folder
BunkerWeb_documentation_v1.6.10.rc5.pdf 2026-05-06 21.8 MB
0
install-bunkerweb.sh 2026-05-06 157.6 kB
0
install-bunkerweb.sh.sha256 2026-05-06 87 Bytes
0
README.md 2026-05-06 2.5 kB
0
v1.6.10-rc5 source code.tar.gz 2026-05-06 100.8 MB
0
v1.6.10-rc5 source code.zip 2026-05-06 106.2 MB
0
Totals: 6 Items   229.0 MB 0

Documentation : https://docs.bunkerweb.io/1.6.10~rc5/

Docker tags :

  • All-in-one : bunkerity/bunkerweb-all-in-one:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-all-in-one:1.6.10-rc5
  • BunkerWeb : bunkerity/bunkerweb:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb:1.6.10-rc5
  • Scheduler : bunkerity/bunkerweb-scheduler:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-scheduler:1.6.10-rc5
  • Autoconf : bunkerity/bunkerweb-autoconf:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-autoconf:1.6.10-rc5
  • UI : bunkerity/bunkerweb-ui:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-ui:1.6.10-rc5
  • API : bunkerity/bunkerweb-api:1.6.10-rc5 or ghcr.io/bunkerity/bunkerweb-api:1.6.10-rc5

Linux packages : https://packagecloud.io/app/bunkerity/bunkerweb/search?q=1.6.10~rc5&filter=all&dist=

Changelog :

  • [BUGFIX] modsecurity/ui/antibot: stop USE_MODSECURITY_GLOBAL_CRS=yes from 403'ing UI POSTs and antibot challenges. Move UI exclusions to phase 1 (so phase-1 CRS rules like 920440 can be disabled), tolerate uppercase hostnames and :port in the Host chain regex, re.escape() hostnames in antibot.modsec-crs, and emit modsecurity off; on default-server UI proxy locations. Other defenses (limit, badbehavior, crowdsec, allowlists) still run. (Fixes [#3118])
  • [BUGFIX] database: back-fill bw_settings defaults from settings.json at read time when the catalogue row is missing or has a NULL/empty default, so directives like client_body_timeout no longer render empty after a desynced upgrade. Logs one WARNING per affected setting. (Fixes [#3450])
  • [BUGFIX] errors: revert the rc4 return 444; short-circuit on @bwerror* handlers. The deny path already exits via ngx.exit(get_deny_status()), so the gate only broke real 4xx/5xx rendering. Use INTERCEPTED_ERROR_CODES="" or ERRORS= for stealth. (Fixes [#3490], reverts [#3448])
  • [UI] Reports and Bans pages: CSV/Excel exports now include every column and honor the active search and SearchPanes filters. (Fixes [#3489])
  • [UI] Service edit page: restore non-UI-method settings and template defaults on advanced/raw save so omitted keys can't roll a service back to defaults; raw-mode draft toggle and the IS_DRAFT= line stay in sync both ways.
  • [LINUX] Support Fedora 44.
  • [DEPS] Updated NGINX version to v1.30.0 for all integrations.
  • [DEPS] Updated Modsecurity version to v3.0.15.
  • [DEPS] Updated Mbed TLS version to v4.1.0.
  • [DEPS] Updated libinjection version to v4.0.0.
  • [DEPS] Update coreruleset-v4 version to v4.26.0.
Source: README.md, updated 2026-05-06