feat(deps): bump github.com/caddyserver/caddy/v2 from 2.10.2 to 2.11.4

[dependabot]

Bumps github.com/caddyserver/caddy/v2 from 2.10.2 to 2.11.4.

Release notes

Sourced from github.com/caddyserver/caddy/v2's releases.

v2.11.4

This release patches more security, security-adjacent, and normal bugs. The FrankenPHP project has collaborated on PHP-adjacent patches, which we are grateful for.

The recent surge of patches is mostly attributed to token predictors. We have had to reject more than 75% of "security" reports because they were AI slop spam (or just lazy/incorrect). Please use LLMs and agents wisely to avoid wasting precious maintainer resources. We have started blocking offending accounts that spam slop reports. Thank you to all who submit responsible reports following our security policy to make the project better. We appreciate that the community deems the Caddy project worthy of contribution to improve the broader ecosystem!

Security-related patches:

• caddyhttp: Normalize Windows backslashes in path matcher (thanks @​Vincent550102)
• rewrite: Prevent placeholder re-expansion in injected query (thanks @​WhiskerEnt)
• templates: Improved stripHTML action to more reliably remove malformed HTML (thanks to @​jmrcsnchz)
• caddyhttp: Ignore header fields with underscores to prevent collisions (thanks @​Vincent550102 for the report and @​dunglas for the patch)

There are also several other various fixes and enhancements by many other contributors. Thank you everyone who participated!

What's Changed

• reverseproxy: further prevent body closes from dial errors by @​jameshartig in caddyserver/caddy#7715
• caddytls: Fix client auth (fix #7724) by @​mholt in caddyserver/caddy#7727
• chore: deps upgrade by @​mohammed90 in caddyserver/caddy#7751
• caddyhttp: omit Last-Modified for unusable mod times by @​bb4242 in caddyserver/caddy#7740
• caddytls: fix TLS state races and ECH rotation retry by @​broady in caddyserver/caddy#7756
• chore: clean up wording and typo fixes by @​steadytao in caddyserver/caddy#7745
• reverseproxy: Add regression test for DialInfo network override by @​eyupcanakman in caddyserver/caddy#7758
• caddyauth: add candidate placeholders for rejected identities by @​steadytao in caddyserver/caddy#7698
• cmd: support caddy start on IPv6-only hosts by @​steadytao in caddyserver/caddy#7744
• caddyfile: preserve implicit TLS issuer semantics by @​steadytao in caddyserver/caddy#7743
• reverseproxy: wraps request body to prevent closing if not read by @​WeidiDeng in caddyserver/caddy#7719
• caddytls: match IDN SNI in connection policies by @​steadytao in caddyserver/caddy#7742
• build(deps): bump the all-updates group across 1 directory with 9 updates by @​dependabot[bot] in caddyserver/caddy#7752
• caddyhttp: normalize Windows backslashes in path matcher by @​Vincent550102 in caddyserver/caddy#7763
• go.mod: update x/net by @​steadytao in caddyserver/caddy#7767
• rewrite: prevent placeholder re-expansion in injected query by @​WhiskerEnt in caddyserver/caddy#7761
• perf(replacer): optimize memory allocation for file placeholders by @​Jualhosting in caddyserver/caddy#7773
• caddytls: skip idna.ToASCII for pure ASCII SNI values by @​sleet0922 in caddyserver/caddy#7770
• encode: prioritize zstd and br over gzip in content negotiation by @​Jualhosting in caddyserver/caddy#7772
• httpcaddyfile: fix incorrect error message on duplicate matchers by @​Brunotlps in caddyserver/caddy#7780
• Patch for GHSA-vcc4-2c75-vc9v by @​jmrcsnchz in caddyserver/caddy#7785

New Contributors

• @​jameshartig made their first contribution in caddyserver/caddy#7715
• @​bb4242 made their first contribution in caddyserver/caddy#7740
• @​broady made their first contribution in caddyserver/caddy#7756
• @​eyupcanakman made their first contribution in caddyserver/caddy#7758
• @​Vincent550102 made their first contribution in caddyserver/caddy#7763
• @​WhiskerEnt made their first contribution in caddyserver/caddy#7761
• @​Jualhosting made their first contribution in caddyserver/caddy#7773
• @​sleet0922 made their first contribution in caddyserver/caddy#7770
• @​Brunotlps made their first contribution in caddyserver/caddy#7780
• @​jmrcsnchz made their first contribution in caddyserver/caddy#7785

Full Changelog: caddyserver/caddy@v2.11.3...v2.11.4

... (truncated)

Commits

• e2eee6a templates: Patch for GHSA-vcc4-2c75-vc9v (#7785)
• 0e8eb41 httpcaddyfile: fix incorrect error message on duplicate matchers (#7780)
• 3eb8e48 Merge commit from fork
• 03e08ee encode: prioritize zstd and br over gzip in content negotiation (#7772)
• 86121c8 caddytls: skip idna.ToASCII for pure ASCII SNI values (#7770)
• 4d60d93 perf(replacer): optimize memory allocation for file placeholders (#7773)
• 176b043 rewrite: prevent placeholder re-expansion in injected query (#7761)
• 4c04143 Clarify policies for agents / LLM use
• 94fcea0 go.mod: update x/net (#7767)
• 44b667a go.mod: Update x/crypto
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)