v1.0.0

🛑 This proxy release requires defguard core 1.0.0 🛑

🔐 Securing proxy communication 🔐

Remember to secure the core & proxy with SSL based authorization! - more details in documentation.

📖 Upgrade notes

Please remember to always read the upgrade notes before doing the upgrade!

v1.0.0-alpha1

🛑 Warning this is a ALPHA PRE-RELESE only working with alpha proxy&core&client! 🛑

👇👇👇For official release see below.👇👇👇

This is the first release of the new Open Source Open Core & Enterprise features like: external OpenID (Google/Microsoft/Custom), real time client sync and more!

All currently available enterprise features are in enterprise documentation section as well as information about upcoming enterprise license.

This release also includes the latest Open Source functionaries.

What's Changed

• feat: disable showing manual wireguard configuration by @t-aleksander in #87
• Config polling by @j-chmielewski in #86
• chore: log version with git commit hash on startup by @j-chmielewski in #89
• update protobufs for the disable all traffic feature by @t-aleksander in #90
• Rework the instance config fetching by @t-aleksander in #91
• add teonite link by @t-aleksander in #92
• Enable ARMv7 Docker image build by @wojcik91 in #93
• Make a pre-release and release docker build workflow by @t-aleksander in #94

Full Changelog: v0.5.1...v1.0.0-alpha1

v0.5.1

What's Changed

Other Changes

• Fixes in the enrollment process by @cpprian in #69
• fix: Fix error codes by @t-aleksander in #73
• add health check grpc by @cpprian in #71
• fix typo by @cpprian in #74
• add debug logs by @cpprian in #75
• Build multiarch by @moubctez in #76
• Fix gRPC connection drop by @moubctez in #78

New Contributors

• @cpprian made their first contribution in #69

Full Changelog: v0.5.0...v0.5.1

v0.5.0

NOTE: this a copy of main release notes

We have focused on stability, business logs improvements and bug squashing in these release - but also have done some features:

New Features

User disabling/enabling ⭐

Now you can disable or enable a user account (by @t-aleksander in DefGuard/defguard#640)

Important: LDAP support for this feature is not implemented yet. See DefGuard/defguard#660 for status.

Core & Proxy DEB & RPM packages

Upon a lot of requests we have added (besides docker/kubernetes) a pure package distribution of core & proxy (gateway already had it done for some time).
Done by @t-aleksander in DefGuard/defguard#649

Other Changes

• feat: add warning when removing a group by @wojcik91 in DefGuard/defguard#628
• feat: add new logo by @t-aleksander in DefGuard/defguard#646
• Add more logging by @t-aleksander in DefGuard/defguard#645

Fixes

• fix: mfa login screen styles by @j-chmielewski in DefGuard/defguard#629
• fix: sync WireGuard locations allowed devices after removing user group by @wojcik91 in DefGuard/defguard#630
• fix: make config structure valid if some fields are missing by @t-aleksander in DefGuard/defguard#637
• fix: add workaround for wrong config file extension on some browsers by @t-aleksander in DefGuard/defguard#638
• fix: verify mfa status during openid authorization by @t-aleksander in DefGuard/defguard#641
• fix: invalidate all user sessions when MFA is enabled by @t-aleksander in DefGuard/defguard#644
• fix: fix frontend linter errors by @t-aleksander in DefGuard/defguard#651
• fix: prevent from adding duplicate public keys by @t-aleksander in DefGuard/defguard#655
• Fix down migrations by @moubctez in DefGuard/defguard#658
• Fix for #661 by @moubctez in DefGuard/defguard#662

v0.4.0

WARNING!

This version requires core v0.10.0

Release notes for this release

New Features

Groups support ⭐

We now support group management, including:

• Every VPN Location can now be protected by defined group access (previously only: All users || Admins)
• In OpenID Apps - for each app you can also include Group Scope - and when user logs in with defguard to an application, all groups that the user is part of is returned in the OIDC token

SSH & GPG keys management

Now any user can add/delete (manage) their public SSH & GPG keys, which is great for managing access to your servers with SSH keys from defguard. More in docs here: https://defguard.gitbook.io/defguard/admin-and-features/ssh-authentication

New YubiKey provisioning and management

after provisioning a YubiKey - the YK it’s visible in the user profile with serial number as well as GPG & SSH public keys corresponding to the YKs private keys
Also, there is a new look for YubiKey provisioning (in the key management dialog)

A lot of enhancements

• proxy now has detailed logs with IP addresses and business logs - a lot of users asked for that to implement fail2ban since the proxy is a public service

• Phone number is now optional during enrollment

Fixes

• MFA disconnecting bug
• email validation when adding a new user

Other Changes

• ci: build release binaries by @wojcik91 in #49
• feat: tracing setup by @j-chmielewski in #54
• fix(tracing): Extract client address from X-FORWARDED-FOR header by @j-chmielewski in #55
• Merge DEV branch by @j-chmielewski in #56
• fix: Don't show device configuration box if user has no network access by @j-chmielewski in #58
• fix: make phone optional during enrollment by @j-chmielewski in #59
• feat: fail2ban-friendly log format by @j-chmielewski in #61

New Contributors

• @j-chmielewski made their first contribution in #54

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

BREAKING CHANGES

Due to gRPC communications reversal this version requires defguard core version 0.9+.

Exciting New Features 🎉

• feat: password reset by @blazej-teonite in #39
• feat: reverse proxy gRPC service communication by @moubctez in #42
• feat: desktop client MFA by @wojcik91 in #46

Other Changes

• fix: password reset e2e enrollment fixes by @blazej-teonite in #40
• Added e2e test ids by @blazej-teonite in #41
• chore: update enrollment protos by @wojcik91 in #44

New Contributors

• @moubctez made their first contribution in #42

Full Changelog: v0.2.1...v0.3.0

v0.2.1

What's Changed

Other Changes

• fix: use optional x-forwarded for and insecure ip as fallback to dete… by @blazej-teonite in #33

Full Changelog: v0.2.0...v0.2.1

v0.2.0

What's Changed

Exciting New Features 🎉

• Desktop client support by @dzania in #19

Other Changes

• feat: add DNS to VPN device config by @wojcik91 in #22
• fix: ignore session timeout on last enrollment step by @filipslezaklab in #24
• Send IP address and user agent over gRPC by @blazej-teonite in #27
• feat: add device name validation to desktop client by @wojcik91 in #29

New Contributors

• @blazej-teonite made their first contribution in #27

Full Changelog: v0.1.0...v0.2.0

v0.1.0

What's Changed

Exciting New Features 🎉

• feat: setup enrollment proxy by @filipslezaklab in #2

Other Changes

• feat: add phone number to initial user info by @wojcik91 in #3
• fix: static file server fallback response code by @wojcik91 in #8
• chore: merge patch by @filipslezaklab in #10
• chore: move user activation into device step by @filipslezaklab in #11
• 279-e2e test by @dzania in #9
• feat: multi platform Docker build by @wojcik91 in #16

New Contributors

• @filipslezaklab made their first contribution in #2
• @wojcik91 made their first contribution in #3
• @dzania made their first contribution in #9

Full Changelog: https://github.com/DefGuard/proxy/commits/v0.1.0