From 077192e08ed28bfe2286edf65f14d2cdbba42b97 Mon Sep 17 00:00:00 2001
From: Marcel <110860055+Morethanevil@users.noreply.github.com>
Date: Sun, 20 Jul 2025 11:40:34 +0200
Subject: [PATCH 1/7] Update CHANGELOG.md

---
 CHANGELOG.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55e252f..9617a55 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,20 @@
+# v3.2.5 20 Jul 2025
+
+
++ Added new API endpoint /api/proxy/setTlsConfig (for HTTP Proxy Editor TLS tab)
++ Refactored TLS certificate management APIs with new handlers
++ Removed redundant functions from src/cert.go and delegated to tlsCertManager
++ Code optimization in tlscert module
++ Introduced a new constant CONF_FOLDER and updated configuration storage paths (phasing out hard coded paths)
++ Updated functions to set default TLS options when missing, default to SNI
++ Added Proxy Protocol v1 support in stream proxy [jemmy1794](https://github.com/jemmy1794)
++ Fixed Proxy UI bug [jemmy1794](https://github.com/jemmy1794)
++ Fixed assign static server to localhost or all interfaces [#688](https://github.com/tobychui/zoraxy/issues/688)
++ fixed empty SSO parameters by [7brend7](https://github.com/7brend7)
++ sort list of loaded certificates by expire date by [7brend7](https://github.com/7brend7)
++ Docker hardening by [PassiveLemon](https://github.com/PassiveLemon)
++ Fixed sort by destination [#713](https://github.com/tobychui/zoraxy/issues/713)
+
 # v3.2.4 28 Jun 2025
 
 A big release since v3.1.9. Versions from 3.2.0 to 3.2.3 were prereleases.

From 6493a82e5f646419e721bd42e872b792a81b2a3b Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 21 Jul 2025 07:21:55 +0800
Subject: [PATCH 2/7] Fixed #756

- Added missing TLS config on new http proxy creation
---
 .gitignore          | 1 +
 src/reverseproxy.go | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index 3301c8e..7938566 100644
--- a/.gitignore
+++ b/.gitignore
@@ -61,3 +61,4 @@ www/html/index.html
 *.exe
 /src/dist
 
+/src/plugins
diff --git a/src/reverseproxy.go b/src/reverseproxy.go
index 61c14e9..07bb9ec 100644
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@@ -389,6 +389,8 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
 			//TLS
 			BypassGlobalTLS:  useBypassGlobalTLS,
 			AccessFilterUUID: accessRuleID,
+			TlsOptions:       tlscert.GetDefaultHostSpecificTlsBehavior(),
+
 			//VDir
 			VirtualDirectories: []*dynamicproxy.VirtualDirectoryEndpoint{},
 			//Custom headers

From c982541a402dc446e32b5cc1fa44444128478074 Mon Sep 17 00:00:00 2001
From: Anthony Rubick <68485672+AnthonyMichaelTDM@users.noreply.github.com>
Date: Sun, 20 Jul 2025 23:39:34 -0700
Subject: [PATCH 3/7] fix(issue 758): Handle existing symlink in start_zerotier
 function

Closes Zoraxy 3.2.5 don't start in the docker container
Fixes #758
---
 docker/entrypoint.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docker/entrypoint.py b/docker/entrypoint.py
index d6078d9..e476d4b 100644
--- a/docker/entrypoint.py
+++ b/docker/entrypoint.py
@@ -73,7 +73,10 @@ def start_zerotier():
 
   os.makedirs(config_dir, exist_ok=True)
 
-  os.symlink(config_dir, zt_path, target_is_directory=True)
+  try:
+    os.symlink(config_dir, zt_path, target_is_directory=True)
+  except FileExistsError:
+    print(f"Symlink {zt_path} already exists, skipping creation.")
 
   zerotier_proc = popen(["zerotier-one"])
 

From 9230f9374d12efc24ee2cea353cc56df63a20bc1 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 21 Jul 2025 20:10:55 +0800
Subject: [PATCH 4/7] Added null check on front-end

- Added null check on TlsOption on front-end
---
 src/web/components/httprp.html | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html
index e5fcc27..31556a1 100644
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@@ -1423,11 +1423,17 @@
 
         /* ------------ TLS ------------ */
         updateTlsResolveList(uuid);
-        editor.find(".Tls_EnableSNI").prop("checked", !subd.TlsOptions.DisableSNI);
-       
-        editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", !subd.TlsOptions.DisableLegacyCertificateMatching);
-        editor.find(".Tls_EnableAutoHTTPS").prop("checked", !!subd.TlsOptions.EnableAutoHTTPS);
-
+        if (subd.TlsOptions){
+            editor.find(".Tls_EnableSNI").prop("checked", !subd.TlsOptions.DisableSNI);
+            editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", !subd.TlsOptions.DisableLegacyCertificateMatching);
+            editor.find(".Tls_EnableAutoHTTPS").prop("checked", !!subd.TlsOptions.EnableAutoHTTPS);
+        }else{
+            //Use default options
+            editor.find(".Tls_EnableSNI").prop("checked", true);
+            editor.find(".Tls_EnableLegacyCertificateMatching").prop("checked", true);
+            editor.find(".Tls_EnableAutoHTTPS").prop("checked", false);
+        }
+        
         editor.find(".Tls_EnableSNI").off("change").on("change", function() {
             saveTlsConfigs(uuid);
         });

From e718ff1c722fca6b18fa1ea689723385e4ee2111 Mon Sep 17 00:00:00 2001
From: Anthony Rubick <68485672+AnthonyMichaelTDM@users.noreply.github.com>
Date: Sun, 24 Aug 2025 17:34:00 -0500
Subject: [PATCH 5/7] add CODEOWNERS file

---
 CODEOWNERS | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 CODEOWNERS

diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000..3a776b9
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,12 @@
+# tobycui is the default owner for all files in this repository
+*       @tobychui
+
+# PassiveLemon is the docker maintainer
+/docker @PassiveLemon
+
+# jemmy1794 maintains the stream proxy module
+/src/mod/streamproxy @jemmy1794
+
+# AnthonyMichaelTDM maintains the plugins module
+/src/mod/plugins @AnthonyMichaelTDM
+/example/plugins @AnthonyMichaelTDM

From e4a12b27a68d3d1b824f9513355b374f749fc0ec Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 25 Aug 2025 06:56:44 +0800
Subject: [PATCH 6/7] Update CODEOWNERS

Added forward-auth module owner
---
 CODEOWNERS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CODEOWNERS b/CODEOWNERS
index 3a776b9..559a49b 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -4,6 +4,9 @@
 # PassiveLemon is the docker maintainer
 /docker @PassiveLemon
 
+# james-d-elliott is the community maintainer for forward-auth related functions
+/src/mod/auth/sso/forward @james-d-elliott
+
 # jemmy1794 maintains the stream proxy module
 /src/mod/streamproxy @jemmy1794
 

From cfd8f988fd68a0ad6aa32dd494dd345c0d157dee Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 25 Aug 2025 06:58:07 +0800
Subject: [PATCH 7/7] Update CODEOWNERS

---
 CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CODEOWNERS b/CODEOWNERS
index 559a49b..2212464 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -5,7 +5,7 @@
 /docker @PassiveLemon
 
 # james-d-elliott is the community maintainer for forward-auth related functions
-/src/mod/auth/sso/forward @james-d-elliott
+# /src/mod/auth/sso/forward @james-d-elliott
 
 # jemmy1794 maintains the stream proxy module
 /src/mod/streamproxy @jemmy1794