v2023.2.0
Features
-
dgw:
/jet/jrec
endpoint for session recording (#404) (bbc0c41941) (DGW-64) (#408) (51355a1ac4) (#410) (8a28a44d5d) (#417) (56578f8785) (1816b9586f)Adds new JREC token type for session recording.
Adds newjet_rft
(recording file type) private claim.
Handles/jet/jrec
route for WSS to file streaming. -
dgw:
/jet/heartbeat
endpoint (#406) (605d3871de)The
/jet/heartbeat
endpoint requires a scope token for the
"gateway.heartbeat.read" scope. It is very similar to/jet/health
, but
returns additional information that should not be publicly available
such as the current number of running sessions. -
dgw:
/jet/jrec/list
endpoint (#412) (332c86fc5e) -
dgw:
/jet/jrec/pull/{id}/{filename}
endpoint (#416) (8187f8bb2e) (#431) (66dc4e3009)Recording files can be fetched using this new endpoint and a
JREC token with thejet_rop
operation set topull
. -
dgw: ngrok tunnel support (711164010a) (9e29a1d3ce)
-
dgw: add ldap, ldaps application protocols (#432) (bdb34ef27e)
-
dgw: add known application protocol "tunnel" (c3142870f2) (ARC-142)
This is known as Devolutions Gateway Tunnel on RDM side.
Improvements
-
dgw: [breaking] move
jet/{tcp,tls}
endpoints under/jet/fwd
(#407)That is:
/jet/tcp
→/jet/fwd/tcp
/jet/tls
→/jet/fwd/tls
This is a breaking change, but these routes were not yet used by any other Devolutions product
until2023.2.x
releases, so it is safe to change this at this point. -
jetsocat: default port in WebSocket URLs (#413) (354e097d4e)
With this change, port may be omitted from the WebSocket URL.
In such case, the default port will be used (either 80 or 443). -
dgw: log version on start (#414) (7391114a4d)
Useful when troubleshooting issues using user’s logs.
-
dgw: improve HTTP error reporting (#415) (ad19a2fa7c)
-
pwsh: use .NET 6 RSA APIs when available (#435) (974d8ee1da)
Use .NET 6 RSA public/private key APIs when available.
-
dgw: graceful shutdown (ef1d12d468)
-
dgw: do not enforce scheme in
/jet/fwd
routes (#430) (54e467f803)This was inconsistent with other routes such as
/jet/jmux
where
dst_hst
will have thehttp
orhttps
scheme, but this is
simply used as a filter policy and Devolutions Gateway will not
wrap the stream further into an "https
protocol layer".Instead, we rely on the requested URI to choose between plain TCP
and TLS wrapping at proxy level (i.e.:/jet/fwd/tcp
vs/jet/fwd/tls
).
Performance
-
dgw: re-use TLS client config (#433) (b6ebb01aad)
As of rustls 0.21, it’s possible to disable the TLS resumption that is
not supported by some services such as CredSSP.This allow us to reuse the same TLS client config and connector for
all proxy-based TLS connections.
(TlsConnector is just a wrapper around the config providing the
connect
method.)Making one of these can be expensive, and should be once per process
rather than once per connection.
Build
-
deps: update dependencies (abf5b00d33)
-
deps: bump serde from 1.0.162 to 1.0.163 (#437) (3f3127a178)
-
deps: bump tokio from 1.28.0 to 1.28.1 (#439) (2fefafe529)
-
deps: bump uuid from 1.3.2 to 1.3.3 (#438) (561c89d0f3)
-
deps: update tokio-tungstenite version (c1e9f506e1)
-
deps: bump x509-cert from 0.2.1 to 0.2.2 (#444) (6bb0b24ff9)
-
deps: bump chrono from 0.4.24 to 0.4.25 (#447) (46cdb1e737)
-
deps: bump proptest from 1.1.0 to 1.2.0 (#449) (b82e21ac93)
-
deps: bump tokio from 1.28.1 to 1.28.2 (#448) (7de2a2fd64)
Continuous Integration
-
Build and package jet-doctor and tokengen (#423) (564717fbe2)
-
Enable dependabot pull requests (988921039e)
-
Update Artifactory credentials (#440) (8a4ecc003b)
-
Limit builds on forked PRs, optimize CI workflow (#441) (39d5f9a350)