Skip to content

Releases: openziti/ziti

v1.1.8

29 Jul 17:59
@github-actions github-actions
v1.1.8
This tag was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
28fb11b
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.8 Pre-release
Pre-release

Release 1.1.8

What's New

  • Bug fixes, enhancements and continuing progress on controller HA

Component Updates and Bug Fixes

  • github.com/openziti/edge-api: v0.26.20 -> v0.26.23

    • Issue #120 - Add API for retrieving services referencing a config
    • Issue #121 - Add API for retrieving the set of attribute roles used by posture checks

  • github.com/openziti/sdk-golang: v0.23.38 -> v0.23.39

    • Issue #596 - SDK should submit selected config types to auth and service list APIs
    • Issue #593 - SDK Golang OIDC Get API Session Returns Wrong Value

  • github.com/openziti/storage: v0.2.47 -> v0.3.0

    • Issue #80 - Set indexes aren't cleaned up when referenced entities are deleted, only when they change
    • Issue #78 - Allow searching for things without case sensitivity

  • github.com/openziti/ziti: v1.1.7 -> v1.1.8

    • Issue #2121 - Use router data model for edge router tunnel
    • Issue #2245 - Add ability to retrieve a list of services that reference a config
    • Issue #2089 - Enhance Management API to list Posture Check Roles
    • Issue #2209 - /edge/v1/external-jwt-signers needs to be open
    • Issue #2010 - Add config information to router data model
    • Issue #1990 - Implement subscriber model for identity/service events in router
    • Issue #2240 - Secondary ext-jwt Auth Policy check incorrectly requires primary ext-jwt auth to be enabled
Assets 8

v1.1.7

16 Jul 13:21
@github-actions github-actions
v1.1.7
This tag was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
94013fe
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.7 Latest
Latest

Release 1.1.7

What's New

  • Release actions fixes
  • Fix for a flaky acceptance test
Assets 8

v1.1.6

15 Jul 17:39
@github-actions github-actions
v1.1.6
This tag was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
1144159
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.6

Release 1.1.6

What's New

  • Trust Domain Configuration
  • Controller HA Beta 2

Trust Domain Configuration

OpenZiti controllers from this release forward will now require a trust domain to be configured.
High Availability (HA) controllers already have this requirement. HA Controllers configure their trust domain via SPIFFE
ids that are embedded in x509 certificates.

For feature parity, non-HA controllers will now have this same requirement. However, as re-issuing certificates is not
always easily done. To help with the transition, non-HA controllers will have the ability to have their trust domain
sourced from the controller configuration file through the root configuration value trustDomain. The configuration
field which takes a string that must be URI hostname compatible (see: https://github.com/spiffe/spiffe/blob/main/standards/SPIFFE-ID.md).
If this value is not defined, a trust domain will be generated from the root CA certificate of the controller.

For networks that will be deployed after this change, it is highly suggested that a SPIFFE id is added to certificates.
The ziti pki create ... tooling supports the --spiffe-id option to help handle this scenario.

Generated Trust Domain Log Messages

The following log messages are examples of warnings produced when a controller is using a generated trust domain:

WARNING this environment is using a default generated trust domain [spiffe://d561decf63d229d66b07de627dbbde9e93228925], 
  it is recommended that a trust domain is specified in configuration via URI SANs or the 'trustDomain' field

WARNING this environment is using a default generated trust domain [spiffe://d561decf63d229d66b07de627dbbde9e93228925], 
  it is recommended that if network components have enrolled that the generated trust domain be added to the 
  configuration field 'additionalTrustDomains'

Trust domain resolution:

  • Non-HA controllers

    • Prefers SPIFFE ids in x509 certificate URI SANs, looking at the leaf up the signing chain
    • Regresses to trustDomain in the controller configuration file if not found
    • Regress to generating a trust domain from the server certificates root CA, if the above do not resolve

  • HA Controllers

    • Requires x509 SPIFFE ids in x509 certificate URI SANs

Additional Trust Domains

When moving between trust domains (i.e. from the default generated to a new named one), the controller supports having
other trust domains. The trust domains do not replace certificate chain validation, which is still checked and enforced.

Additional trust domains are configured in the controller configuration file under the root field
additionalTrustDomains. This field is an array of hostname safe strings.

The most common use case for this is field is if a network has issued certificates using the generated trust domain and
now wants to transition to a explicitly defined one.

Controller HA Beta 2

This release can be run in HA mode. The code is still beta, as we're still finding and fixing bugs. Several bugs
have been fixed since Beta 1 and c-based SDKs and tunnelers now work in HA mode. The smoketest can now be run
with HA controllers and clients.

For more information:

Component Updates and Bug Fixes

  • github.com/openziti/storage: v0.2.45 -> v0.2.46

    • Issue #76 - Add support for non-boltz symbols to the the boltz stores

  • github.com/openziti/ziti: v1.1.5 -> v1.1.6

    • Issue #2171 - Routers should consider control channels unresponsive if they are not connected
    • Issue #2219 - Add inspection for router connections
    • Issue #2195 - cached data model file set to
    • Issue #2222 - Add way to get read-only status from cluster nodes
    • Issue #2191 - Change raft list cluster members element name from values to data to match rest of REST api
    • Issue #785 - ziti edge update service-policy to empty/no posture checks fails
    • Issue #2205 - Merge fabric and edge model code
    • Issue #2165 - Add network id
Assets 8

v1.1.5

02 Jul 18:24
@github-actions github-actions
v1.1.5
This tag was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
aec0d3b
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.5

Release 1.1.5

What's New

  • Bug fixes

Component Updates and Bug Fixes

Assets 8

v1.1.4

14 Jun 19:11
@github-actions github-actions
v1.1.4
This tag was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
d2419f7
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.4

Release 1.1.4

What's New

  • Bug fixes
  • Controller HA Beta 1

Controller HA Beta 1

This release can be run in HA mode. The code is still beta, as we're still finding and fixing bugs. Several bugs
have been fixed since Alpha 3 and c-based SDKs and tunnelers now work in HA mode. The smoketest can now be run
with HA controllers and clients.

For more information:

Component Updates and Bug Fixes

Assets 8

v1.1.3

30 May 16:47
@github-actions github-actions
v1.1.3
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
82c4a71
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.3

Release 1.1.3

What's New

  • Sticky Terminator Selection
  • Linux and Docker deployments log formats no longer default to the simplified format option and now use logging library
    defaults: json for non-interactive, text for interactive.

NOTE: This release is the first since 1.0.0 to be marked promoted from pre-release. Be sure to check the release notes
for the rest of the post-1.0.0 releases to get the full set of changes.

Stick Terminator Strategy

This release introduces a new terminator selection strategy sticky. On every dial it will return a token to the
dialer, which represents the terminator used in the dial. This token maybe passed in on subsequent dials. If no token
is passed in, the strategy will work the same as the smartrouting strategy. If a token is passed in, and the
terminator is still valid, the same terminator will be used for the dial. A terminator will be consideder valid if
it still exists and there are no terminators with a higher precedence.

This is currently only supported in the Go SDK.

Go SDK Example

ziti edge create service test --terminator-strategy sticky

	conn := clientContext.Dial("test")
	token := conn.Conn.GetStickinessToken()
	_ = conn.Close()

	dialOptions := &ziti.DialOptions{
		ConnectTimeout:  time.Second,
		StickinessToken: token,
	}
	conn = clientContext.DialWithOptions("test", dialOptions))
	nextToken := conn.Conn.GetStickinessToken()
	_ = conn.Close()

Component Updates and Bug Fixes

Assets 8

v1.1.2

09 May 21:36
@github-actions github-actions
v1.1.2
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
d939996
This commit was signed with the committer’s verified signature.
andrewpmartinez Andrew
GPG key ID: 8FB844F819195D67
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.2 Pre-release
Pre-release

Release 1.1.2

What's New

  • Bug fixes and minor enhancements

Component Updates and Bug Fixes

  • github.com/openziti/sdk-golang: v0.23.32 -> v0.23.35
  • github.com/openziti/ziti: v1.1.1 -> v1.1.2
    • Issue #2032 - Auto CA Enrollment Fails w/ 400 Bad Request
    • Issue #2026 - Root Version Endpoint Handling 404s
    • Issue #2002 - JWKS endpoints may not refresh on new KID
    • Issue #2007 - Identities for edge routers with tunneling enabled sometimes show hasEdgeRouterConnection=false even though everything is OK
    • Issue #1983 - delete of non-existent entity causes panic when run on follower controller
Assets 8

v0.34.3

03 May 18:23
@github-actions github-actions
v0.34.3
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
0e231dc
This commit was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.34.3 Pre-release
Pre-release

This is a re-release of v1.0.0 to address a bug in the autonomous docker image, which doesn't correct handle changes to the major version.

Assets 8

v1.1.1

25 Apr 17:46
@github-actions github-actions
v1.1.1
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
20abb02
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.1 Pre-release
Pre-release

Release 1.1.1

What's New

  • HA Alpha-3
  • Bug fixes and minor enhancements

HA Alpha 3

This release can be run in HA mode. The code is still alpha, as we're still finding and fixing bugs.

For more information:

New Contributors

Thanks to new contributors

Component Updates and Bug Fixes

Contributors

Vrashabh-Sontakke
Assets 8

v1.1.0

22 May 21:22
@github-actions github-actions
v1.1.0
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
f0a3c25
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0 Pre-release
Pre-release

Release 1.1.0

What's New

  • HA Alpha2
  • Deployments Alpha
    • Linux packages provide systemd services for controller and router. Both depend on existing package openziti which provides the ziti command line tool.
      • openziti-controller provides ziti-controller.service
      • openziti-router provides ziti-router.service
    • Container images for controller and router now share the bootstrapping logic with the packages, so they
      support the same configuration options.

HA Alpha2

This release can be run in HA mode. The code is still alpha, so there are still some bugs and missing features,
however basic functionality work with the exceptions noted. See the HA Documementation
for instructions on setting up an HA cluster.

Known Issues

  • JWT Session exchange isn't working with Go SDK clients
    • This means Go clients will need to be restarted once their sessions expire
  • Service/service policy changes might not be reflected in routers
    • Changes to policy may not yet properly sync to the routers, causing unexpected behavior with ER/Ts running in HA mode

More information can be found on the HA Project Board

Component Updates and Bug Fixes

Assets 8