v2023.2.0

Features

• dgw: /jet/jrec endpoint for session recording (#404) (bbc0c41941) (DGW-64) (#408) (51355a1ac4) (#410) (8a28a44d5d) (#417) (56578f8785) (1816b9586f)

  Adds new JREC token type for session recording.
  Adds new jet_rft (recording file type) private claim.
  Handles /jet/jrec route for WSS to file streaming.

• dgw: /jet/heartbeat endpoint (#406) (605d3871de)

  The /jet/heartbeat endpoint requires a scope token for the
  "gateway.heartbeat.read" scope. It is very similar to /jet/health, but
  returns additional information that should not be publicly available
  such as the current number of running sessions.

• dgw: /jet/jrec/list endpoint (#412) (332c86fc5e)

• dgw: /jet/jrec/pull/{id}/{filename} endpoint (#416) (8187f8bb2e) (#431) (66dc4e3009)

  Recording files can be fetched using this new endpoint and a
  JREC token with the jet_rop operation set to pull.

• dgw: ngrok tunnel support (711164010a) (9e29a1d3ce)

• dgw: add ldap, ldaps application protocols (#432) (bdb34ef27e)

• dgw: add known application protocol "tunnel" (c3142870f2) (ARC-142)

  This is known as Devolutions Gateway Tunnel on RDM side.

Improvements

• dgw: [breaking] move jet/{tcp,tls} endpoints under /jet/fwd (#407)

  That is:

  • /jet/tcp → /jet/fwd/tcp
  • /jet/tls → /jet/fwd/tls

  This is a breaking change, but these routes were not yet used by any other Devolutions product
  until 2023.2.x releases, so it is safe to change this at this point.

• jetsocat: default port in WebSocket URLs (#413) (354e097d4e)

  With this change, port may be omitted from the WebSocket URL.
  In such case, the default port will be used (either 80 or 443).

• dgw: log version on start (#414) (7391114a4d)

  Useful when troubleshooting issues using user’s logs.

• dgw: improve HTTP error reporting (#415) (ad19a2fa7c)

• pwsh: use .NET 6 RSA APIs when available (#435) (974d8ee1da)

  Use .NET 6 RSA public/private key APIs when available.

• dgw: graceful shutdown (ef1d12d468)

• dgw: do not enforce scheme in /jet/fwd routes (#430) (54e467f803)

  This was inconsistent with other routes such as /jet/jmux where
  dst_hst will have the http or https scheme, but this is
  simply used as a filter policy and Devolutions Gateway will not
  wrap the stream further into an "https protocol layer".

  Instead, we rely on the requested URI to choose between plain TCP
  and TLS wrapping at proxy level (i.e.: /jet/fwd/tcp vs /jet/fwd/tls).

Performance

• dgw: re-use TLS client config (#433) (b6ebb01aad)

  As of rustls 0.21, it’s possible to disable the TLS resumption that is
  not supported by some services such as CredSSP.

  This allow us to reuse the same TLS client config and connector for
  all proxy-based TLS connections.
  (TlsConnector is just a wrapper around the config providing the
  connect method.)

  Making one of these can be expensive, and should be once per process
  rather than once per connection.

  source

Build

• deps: update dependencies (abf5b00d33)

• deps: bump serde from 1.0.162 to 1.0.163 (#437) (3f3127a178)

• deps: bump tokio from 1.28.0 to 1.28.1 (#439) (2fefafe529)

• deps: bump uuid from 1.3.2 to 1.3.3 (#438) (561c89d0f3)

• deps: update tokio-tungstenite version (c1e9f506e1)

• deps: bump x509-cert from 0.2.1 to 0.2.2 (#444) (6bb0b24ff9)

• deps: bump chrono from 0.4.24 to 0.4.25 (#447) (46cdb1e737)

• deps: bump proptest from 1.1.0 to 1.2.0 (#449) (b82e21ac93)

• deps: bump tokio from 1.28.1 to 1.28.2 (#448) (7de2a2fd64)

Continuous Integration

• Build and package jet-doctor and tokengen (#423) (564717fbe2)

• Enable dependabot pull requests (988921039e)

• Update Artifactory credentials (#440) (8a4ecc003b)

• Limit builds on forked PRs, optimize CI workflow (#441) (39d5f9a350)