| CARVIEW |
Select Language
HTTP/2 200
date: Mon, 29 Dec 2025 14:20:18 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"e2de76c875546d2b64770300a9a20648"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=OV2YzTGMxuRBFx3GhAx0Y5j1dadN0hT9RWzLMuNqoLfSrpFdE%2FCMQXhX0ONvmFONX4GUtvZgAACKZsjRdEEXQNw2VM5YsZ9tkvsJrS5W0Lbp3VvNBoN5xxLd2wFCJvMC0Fg3ibUZ%2FsIHzmcYG%2B6TSFS23Ctuqz4%2Fx8auEhhCqPjpwE5kQusizlcRNW8CyU1%2BOHTTnTrcQfihxNbp88qVTOXSECR67munI9MHG%2FXryYvCNYjV2X3inmv1ovqayMfrxJ6bKFGD69MtBmbNvej5dw%3D%3D--bwBsg1Xv6%2BNPI8k9--JjtNqhfxUsd1wJYXJzrbjA%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1938542526.1767018016; Path=/; Domain=github.com; Expires=Tue, 29 Dec 2026 14:20:16 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Tue, 29 Dec 2026 14:20:16 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: C404:2B1209:6289084:76140CE:69528E20
Releases · DefGuard/defguard · GitHub
19 Dec 16:59
wojcik91
Maciek
Loading
05 Dec 13:17
t-aleksander
Aleksander
Loading
27 Nov 12:00
Loading
14 Nov 13:37
wojcik91
Maciek
Loading
15 Oct 11:27
wojcik91
Maciek
Read more
Loading
25 Sep 12:57
Read more
Loading
15 Sep 13:10
wojcik91
Maciek
Read more
Loading
12 Sep 18:51
Read more
Loading
11 Sep 11:44
Read more
Loading
10 Sep 11:33
wojcik91
Maciek
Read more
Loading
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 80
Releases: DefGuard/defguard
Releases · DefGuard/defguard
v1.6.0
v1.6.0
This tag was signed with the committer’s verified signature.
wojcik91
Maciek
SSH Key Fingerprint: eRz2283d6udLa+YSCb4NjvelYH0sekiz1ipNZsQdcVE
Verified
Learn about vigilant mode.
9529d1d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
đźš— Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - with native Wireguard networking based on WireguardNT. Please read the migration docs.
 MacOS Desktop Client introduces native Swift/macOS VPN implementation and is published in Apple macOS Store officially.
🖥️ All desktop Clients now have a new MTU setting available.
🚦 Introducing Client Traffic Policy Selection. This lets administrators define whether VPN clients can choose their routing mode or are forced to use a specific traffic policy, such as routing all traffic through the VPN or only predefined traffic.
What's Changed
- update dev from staging by @filipslezaklab in #1369
- Release 1.5 merger by @wojcik91 in #1577
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #1546
- Fixes pentest issue DG25-10 from 2025-09-02 by @j-chmielewski in #1579
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #1580
- Don't send empty strings when phone number is not provided by @j-chmielewski in #1583
- Fixes pentest issue DG25-17 from 2025-09-02 by @j-chmielewski in #1581
- Fixes pentest issue DG25-21 from 2025-09-02 by @j-chmielewski in #1587
- Fixes pentest issue DG25-1 from 2025-09-02 by @j-chmielewski in #1588
- Fixes pentest issue DG25-24 from 2025-09-02 by @moubctez in #1585
- put mail handler into a separate crate by @wojcik91 in #1590
- Cleanup and revive OpenID login test by @moubctez in #1591
- Fixes pentest issue DG25-11 from 2025-09-02 by @wojcik91 in #1593
- Fixes pentest issue DG25-25 and DG25-20 from 2025-09-02 by @t-aleksander in #1574
- Fixes pentest issue DG25-32 from 2025-09-02 by @j-chmielewski in #1597
- fix document links by @wojcik91 in #1599
- Merge main into dev after 1.5.1 release by @j-chmielewski in #1619
- Create SBOM files by @j-chmielewski in #1620
- CI: scan code with trivy by @j-chmielewski in #1622
- Return NotFound to proxy for missing OpenID provider by @moubctez in #1626
- Periodic sbom regeneration by @j-chmielewski in #1627
- Switch to non-Alpine node:24 by @moubctez in #1628
- add missing error logs in proxy request handlers by @wojcik91 in #1616
- verify audit log events in API integration tests by @wojcik91 in #1624
- Upgrade Debian packages to get latest security fixes by @moubctez in #1648
- fix(e2e): update selectors in external OIDC tests by @wojcik91 in #1656
- fix e2e test enroll via external oidc by @filipslezaklab in #1657
- APT uploading/signing workflow by @jakub-tldr in #1655
- List whole directory by @jakub-tldr in #1664
- Validate IP address in Wizard by @jakub-tldr in #1667
- Service locations (Pre-logon, Always-on) by @t-aleksander in #1666
- User enrollment pending by @j-chmielewski in #1675
- Merge main into dev before 1.6 release by @j-chmielewski in #1680
- Basic client version reporting by @t-aleksander in #1688
- add option to pre-fetch OpenID directory users during sync by @wojcik91 in #1689
- add option to configure enrollment token duration by @wojcik91 in #1698
- fix(gRPC): improve handling device pubkey change by @wojcik91 in #1703
- add invalid location address validation by @wojcik91 in #1707
- Attempt to add depends to FreeBSD package by @moubctez in #1709
- Remove AMI building by @t-aleksander in #1710
- Implement "force all traffic" enterprise setting by @j-chmielewski in #1706
- Filter MFA locations on network devices modal, block creating devices without name by @jakub-tldr in #1719
- Fix traffic policy settings styling by @j-chmielewski in #1720
- Fix validator for ipv4 with port by @jakub-tldr in #1723
- Fix ipv4 validator by @j-chmielewski in #1726
- RPM config fix by @jakub-tldr in #1730
- Validator fix, Frontend unit testing by @jakub-tldr in #1733
- Fix e2e test by @t-aleksander in #1742
- Add support for license tiers by @wojcik91 in #1746
- don't tag Docker image as latest automatically by @wojcik91 in #1749
- disable default latest tag in docker action by @wojcik91 in #1751
- display license tier on settings page by @wojcik91 in #1754
Full Changelog: v1.5.2...v1.6.0
Contributors
j-chmielewski, moubctez, and 4 other contributors
Assets 12
1 person reacted
v1.6.0-rc1
v1.6.0-rc1
This tag was signed with the committer’s verified signature.
t-aleksander
Aleksander
SSH Key Fingerprint: wf3uDqemmcftPJKB9j9zJiWqYCPFHs3mttiOVTmD9lc
Verified
Learn about vigilant mode.
c15367f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
⚠️ ⚠️ ⚠️ ⚠️ ⚠️ This is a release candidate which is not compatible with 1.5.x ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
What's Changed
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
đźš— Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - see the client 1.6 alpha releases with native Wireguard networking based on WireguardNT. Please read the migration docs.
 MacOS Desktop Client introduces native Swift/macOS VPN implementation and will soon be published in Apple macOS Store officially. TestFlight URL: https://testflight.apple.com/join/d4MvaBgw.
🖥️ All desktop Clients now have a new MTU setting available.
Other Changes
- RPM config fix by @jakub-tldr in #1730
- Validator fix, Frontend unit testing by @jakub-tldr in #1733
- Fix e2e test by @t-aleksander in #1742
Full Changelog: v1.6.0-alpha3...v1.6.0-rc1
Contributors
jakub-tldr and t-aleksander
Assets 8
v1.6.0-alpha3
3b3dc27
This commit was created on GitHub.com and signed with GitHub’s verified signature.
⚠️ ⚠️ ⚠️ ⚠️ ⚠️ This is an alpha release which is not compatible with 1.5.x ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
What's Changed
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
đźš— Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - see the client 1.6 alpha releases with native Wireguard networking based on WireguardNT. Please read the migration docs.
 MacOS Desktop Client introduces native Swift/macOS VPN implementation and will soon be published in Apple macOS Store officially. TestFlight URL: https://testflight.apple.com/join/d4MvaBgw.
🖥️ All desktop Clients now have a new MTU setting available.
Other Changes
- update dev from staging by @filipslezaklab in #1369
- Release 1.5 merger by @wojcik91 in #1577
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #1546
- Fixes pentest issue DG25-10 from 2025-09-02 by @j-chmielewski in #1579
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #1580
- Don't send empty strings when phone number is not provided by @j-chmielewski in #1583
- Fixes pentest issue DG25-17 from 2025-09-02 by @j-chmielewski in #1581
- Fixes pentest issue DG25-21 from 2025-09-02 by @j-chmielewski in #1587
- Fixes pentest issue DG25-1 from 2025-09-02 by @j-chmielewski in #1588
- Fixes pentest issue DG25-24 from 2025-09-02 by @moubctez in #1585
- put mail handler into a separate crate by @wojcik91 in #1590
- Cleanup and revive OpenID login test by @moubctez in #1591
- Fixes pentest issue DG25-11 from 2025-09-02 by @wojcik91 in #1593
- Fixes pentest issue DG25-25 and DG25-20 from 2025-09-02 by @t-aleksander in #1574
- Fixes pentest issue DG25-32 from 2025-09-02 by @j-chmielewski in #1597
- fix document links by @wojcik91 in #1599
- Merge main into dev after 1.5.1 release by @j-chmielewski in #1619
- Create SBOM files by @j-chmielewski in #1620
- CI: scan code with trivy by @j-chmielewski in #1622
- Return NotFound to proxy for missing OpenID provider by @moubctez in #1626
- Periodic sbom regeneration by @j-chmielewski in #1627
- Switch to non-Alpine node:24 by @moubctez in #1628
- add missing error logs in proxy request handlers by @wojcik91 in #1616
- verify audit log events in API integration tests by @wojcik91 in #1624
- Upgrade Debian packages to get latest security fixes by @moubctez in #1648
- fix(e2e): update selectors in external OIDC tests by @wojcik91 in #1656
- fix e2e test enroll via external oidc by @filipslezaklab in #1657
- APT uploading/signing workflow by @jakub-tldr in #1655
- List whole directory by @jakub-tldr in #1664
- Validate IP address in Wizard by @jakub-tldr in #1667
- Service locations (Pre-logon, Always-on) by @t-aleksander in #1666
- User enrollment pending by @j-chmielewski in #1675
- Merge main into dev before 1.6 release by @j-chmielewski in #1680
- Basic client version reporting by @t-aleksander in #1688
- add option to pre-fetch OpenID directory users during sync by @wojcik91 in #1689
- add option to configure enrollment token duration by @wojcik91 in #1698
- fix(gRPC): improve handling device pubkey change by @wojcik91 in #1703
- add invalid location address validation by @wojcik91 in #1707
- Attempt to add depends to FreeBSD package by @moubctez in #1709
- Remove AMI building by @t-aleksander in #1710
- Implement "force all traffic" enterprise setting by @j-chmielewski in #1706
- Filter MFA locations on network devices modal, block creating devices without name by @jakub-tldr in #1719
- Fix traffic policy settings styling by @j-chmielewski in #1720
Full Changelog: v1.5.2...v1.6.0-alpha3
Contributors
j-chmielewski, moubctez, and 4 other contributors
Assets 8
v1.6.0-alpha2
v1.6.0-alpha2
This tag was signed with the committer’s verified signature.
wojcik91
Maciek
SSH Key Fingerprint: eRz2283d6udLa+YSCb4NjvelYH0sekiz1ipNZsQdcVE
Verified
Learn about vigilant mode.
53eccb8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
⚠️ ⚠️ ⚠️ ⚠️ ⚠️ This is an alpha release which is not compatible with 1.5.x ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
What's Changed
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
đźš— Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - see the client 1.6 alpha releases with native Wireguard networking based on WireguardNT. Please read the migration docs.
 MacOS Desktop Client introduces native Swift/macOS VPN implementation and will soon be published in Apple macOS Store officially. TestFlight URL: https://testflight.apple.com/join/d4MvaBgw.
🖥️ All desktop Clients now have a new MTU setting available.
Other Changes
- update dev from staging by @filipslezaklab in #1369
- Release 1.5 merger by @wojcik91 in #1577
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #1546
- Fixes pentest issue DG25-10 from 2025-09-02 by @j-chmielewski in #1579
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #1580
- Don't send empty strings when phone number is not provided by @j-chmielewski in #1583
- Fixes pentest issue DG25-17 from 2025-09-02 by @j-chmielewski in #1581
- Fixes pentest issue DG25-21 from 2025-09-02 by @j-chmielewski in #1587
- Fixes pentest issue DG25-1 from 2025-09-02 by @j-chmielewski in #1588
- Fixes pentest issue DG25-24 from 2025-09-02 by @moubctez in #1585
- put mail handler into a separate crate by @wojcik91 in #1590
- Cleanup and revive OpenID login test by @moubctez in #1591
- Fixes pentest issue DG25-11 from 2025-09-02 by @wojcik91 in #1593
- Fixes pentest issue DG25-25 and DG25-20 from 2025-09-02 by @t-aleksander in #1574
- Fixes pentest issue DG25-32 from 2025-09-02 by @j-chmielewski in #1597
- fix document links by @wojcik91 in #1599
- Merge main into dev after 1.5.1 release by @j-chmielewski in #1619
- Create SBOM files by @j-chmielewski in #1620
- CI: scan code with trivy by @j-chmielewski in #1622
- Return NotFound to proxy for missing OpenID provider by @moubctez in #1626
- Periodic sbom regeneration by @j-chmielewski in #1627
- Switch to non-Alpine node:24 by @moubctez in #1628
- add missing error logs in proxy request handlers by @wojcik91 in #1616
- verify audit log events in API integration tests by @wojcik91 in #1624
- Upgrade Debian packages to get latest security fixes by @moubctez in #1648
- fix(e2e): update selectors in external OIDC tests by @wojcik91 in #1656
- fix e2e test enroll via external oidc by @filipslezaklab in #1657
- APT uploading/signing workflow by @jakub-tldr in #1655
- List whole directory by @jakub-tldr in #1664
- Validate IP address in Wizard by @jakub-tldr in #1667
- Service locations (Pre-logon, Always-on) by @t-aleksander in #1666
- User enrollment pending by @j-chmielewski in #1675
- Merge main into dev before 1.6 release by @j-chmielewski in #1680
- Basic client version reporting by @t-aleksander in #1688
- add option to pre-fetch OpenID directory users during sync by @wojcik91 in #1689
- add option to configure enrollment token duration by @wojcik91 in #1698
Full Changelog: v1.5.2...v1.6.0-alpha2
Contributors
j-chmielewski, moubctez, and 4 other contributors
Assets 8
v1.5.2
v1.5.2
This tag was signed with the committer’s verified signature.
wojcik91
Maciek
SSH Key Fingerprint: eRz2283d6udLa+YSCb4NjvelYH0sekiz1ipNZsQdcVE
Verified
Learn about vigilant mode.
5f4b67c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
This patch for version 1.5 includes fixes for a client app enrollment bug and adds SBOM generation to release workflow.
1.5.x is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
đź’«Desktop Client now supports External SSO/IdP MFA
🫆 Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
Migration guide
Before updating please make sure to read the migration guide
What's Changed
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in #1474
- Update tracing_subscriber by @moubctez in #1477
- add desktop deep links in emails by @filipslezaklab in ht...
Contributors
j-chmielewski, moubctez, and 5 other contributors
Assets 12
v1.5.1
d581510
This commit was created on GitHub.com and signed with GitHub’s verified signature.
This patch for version 1.5 includes fixes for vulnerabilities identified during our latest penetration test. As a fully transparent organization, Defguard publishes a Pentesting Security Report page where you can track the status of our vulnerability fixes.
1.5.x is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
đź’«Desktop Client now supports External SSO/IdP MFA
🫆 Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
Migration guide
Before updating please make sure to read the migration guide
What's Changed
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in https://github.com/DefGuar...
Contributors
j-chmielewski, moubctez, and 5 other contributors
Assets 12
v1.5.0
v1.5.0
This tag was signed with the committer’s verified signature.
wojcik91
Maciek
SSH Key Fingerprint: eRz2283d6udLa+YSCb4NjvelYH0sekiz1ipNZsQdcVE
Verified
Learn about vigilant mode.
97aca62
This commit was created on GitHub.com and signed with GitHub’s verified signature.
This is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
đź’«Desktop Client now supports External SSO/IdP MFA
🫆 Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
Migration guide
Before updating please make sure to read the migration guide
What's Changed
Other Changes
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in #1474
- Update tracing_subscriber by @moubctez in #1477
- add desktop deep links in emails by @filipslezaklab in #1476
- Return core version in http headers by @t-aleksander in https://github.com/De...
Contributors
j-chmielewski, moubctez, and 5 other contributors
Assets 8
3 people reacted
v1.5.0-rc3
41913dc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in #1474
- Update tracing_subscriber by @moubctez in #1477
- add desktop deep links in emails by @filipslezaklab in #1476
- Return core version in http headers by @t-aleksander in #1479
- Fix ami building by @t-aleksander in #1481
- Swagger docs by @jakub-tldr in #1485
- Version mismatch report by @moubctez in #1483
- Prevent pre-shared keys from being sent when mfa is disabled by @t-aleksander in #1493
- add outdated components modal by @filipslezaklab in #1494
- Typos fix by @jakub-tldr in #1496
- Remove system header from HTTP by @t-aleksander in #1507
- Disable exaggerate tracing span; Fix proxy version info; Box::pin large futures by @moubctez in #1498
- Fixes pentest issue DG25-3 from 2025-09-02 by @wojcik91 in #1510
- Fixes pentest issue DG25-8: Server-Side Template Injection (SSTI) from 2025-09-02 by @moubctez in #1511
- Fixes pentest issue DG25-19: Clickjacking vulnerability from 2025-09-02 by @t-aleksander in #1514
- Add test for dg25-19 vulnerability by @t-aleksander in #1517
- Fix UUID being nil by @moubctez in #1521
- Fixes pentest issue DG25-9 from 2025-09-02 by @filipslezaklab in #1518
- Fixes pentest issue DG25-27 from 2025-09-02 by @wojcik91 in #1524
- Fixes pentest issue DG25-12 from 2025-09-02 by @wojcik91 in #1527
- add trim to string fields in zod schemas by @filipslezaklab in #1528
- Fixes pentest issue DG25-13 from 2025-09-02 by @wojcik91 in https://...
Contributors
j-chmielewski, moubctez, and 5 other contributors
Assets 8
v1.5.0-rc2
2826587
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in #1474
- Update tracing_subscriber by @moubctez in #1477
- add desktop deep links in emails by @filipslezaklab in #1476
- Return core version in http headers by @t-aleksander in #1479
- Fix ami building by @t-aleksander in #1481
- Swagger docs by @jakub-tldr in #1485
- Version mismatch report by @moubctez in #1483
- Prevent pre-shared keys from being sent when mfa is disabled by @t-aleksander in #1493
- add outdated components modal by @filipslezaklab in #1494
- Typos fix by @jakub-tldr in #1496
- Remove system header from HTTP by @t-aleksander in #1507
- Disable exaggerate tracing span; Fix proxy version info; Box::pin large futures by @moubctez in #1498
- Fixes pentest issue DG25-3 from 2025-09-02 by @wojcik91 in #1510
- Fixes pentest issue DG25-8: Server-Side Template Injection (SSTI) from 2025-09-02 by @moubctez in #1511
- Fixes pentest issue DG25-19: Clickjacking vulnerability from 2025-09-02 by @t-aleksander in #1514
- Add test for dg25-19 vulnerability by @t-aleksander in #1517
- Fix UUID being nil by @moubctez in #1521
- Fixes pentest issue DG25-9 from 2025-09-02 by @filipslezaklab in #1518
- Fixes pentest issue DG25-27 from 2025-09-02 by @wojcik91 in #1524
- Fixes pentest issue DG25-12 from 2025-09-02 by @wojcik91 in #1527
- add trim to string fields in zod schemas by @filipslezaklab in #1528
- Fixes pentest issue DG25-13 from 2025-09-02 by @wojcik91 in https://github.com/...
Contributors
j-chmielewski, moubctez, and 5 other contributors
Assets 8
v1.5.0-rc1
v1.5.0-rc1
This tag was signed with the committer’s verified signature.
wojcik91
Maciek
SSH Key Fingerprint: eRz2283d6udLa+YSCb4NjvelYH0sekiz1ipNZsQdcVE
Verified
Learn about vigilant mode.
c8e1bc9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
What's Changed
Other Changes
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in #1474
- Update tracing_subscriber by @moubctez in #1477
- add desktop deep links in emails by @filipslezaklab in #1476
- Return core version in http headers by @t-aleksander in #1479
- Fix ami building by @t-aleksander in #1481
- Swagger docs by @jakub-tldr in #1485
- Version mismatch report by @moubctez in #1483
- Prevent pre-shared keys from being sent when mfa is disabled by @t-aleksander in #1493
- add outdated components modal by @filipslezaklab in #1494
- Typos fix by @jakub-tldr in #1496
- Remove system header from HTTP by @t-aleksander in #1507
- Disable exaggerate tracing span; Fix proxy version info; Box::pin large futures by @moubctez in #1498
- Fixes pentest issue DG25-3 from 2025-09-02 by @wojcik91 in #1510
- Fixes pentest issue DG25-8: Server-Side Template Injection (SSTI) from 2025-09-02 by @moubctez in #1511
- Fixes pentest issue DG25-19: Clickjacking vulnerability from 2025-09-02 by @t-aleksander in #1514
- Add test for dg25-19 vulnerability by @t-aleksander in #1517
- Fix UUID being nil by @moubctez in #1521
- Fixes pentest issue DG25-9 from 2025-09-02 by @filipslezaklab in #1518
- Fixes pentest issue DG25-27 from 2025-09-02 by @wojcik91 in #1524
- Fixes pentest issue DG25-12 from 2025-09-02 by @wojcik91 in #1527
- add trim to string fields in zod schemas by @filipslezaklab in https://github...
Contributors
j-chmielewski, moubctez, and 5 other contributors
Assets 8
Previous Next
You can’t perform that action at this time.