v0.7.1

Security fixes

CVE-2023-28113 [6b3b49a]

A malicious client or target could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of traffic (for their own connection only).

Commits

• 1ad08dc: fixed #496 - enabled support for all databases in Github builds
• 399f811: fixed RSA auth with signature algorithm mismatch

v0.7.0

Changes

Minimum required glibc version on Linux is now 2.18

Fixes

• fffd799: fixed #406 - Apple ID SSO not working - ⚠️ note the config layout changes
• 9714570: SSH: fixed #477 - send ssh-rsa hostkey in addition to rsa-sha* - fixes Termius support on iOS
• SSH: correctly report channel open failures to client
• d90abcf: SSH: fixed missing CHANNEL_CLOSE messages - #459

v0.6.5

Changes

• f967609: Added unattended setup command (warpgate unattended-setup) - fixes #409
• 7066dd5: Added password recovery command (warpgate recover-access) - fixes #410
• Added option to forward username to SSH targets as-is #445 (Alex Donec)
• Removed the 1 second auth delay on SSH - #459 (Eugene Pankov)
• c236da5: Added support for MySQL and PostgreSQL as database storage (database_url config option) - fixed #452

UI improvements

• 67866fe: added visual feedback to save buttons
• fd993c4: autofocus the OTP field - fixes #386
• 5bdddd3: allow cancelling authentication

Fixes

• fixed scp freezing up - #479 (Eugene Pankov)
• a8e21b3: fixed session recordings not getting cleaned up - fixes #310
• 512396f: fixed #406 - Apple ID URL redirect
• 6f39338: fixed #406 - construct correct SSO URLs behind a reverse proxy

v0.6.4

Changes

• 773bf19: added missing channel success messages - fixes #349, fixes #364 - Termius, WinSCP and FileZilla compatibility
• deab505: fixed #353 - auto-enable auth policy when adding an OTP after a password or a public key
• 04e5ecf: #353 - forbid HTTP caching for API endpoints

v0.6.3

Changes

• 410e445: fixed login redirect not working during OOB auth
• a0fea63: auto-close OOB auth window when done
• 3157077: fixed #350 - deleting targets/users with assigned roles from the UI
• 6355c59: fixed #346 - policy editor incorrectly adding OOB auth for HTTP protocol

v0.6.2

Changes

• f806f32: fixed #316 - SSH in-browser auth hanging

v0.6.1

Major updates

• Targets, roles and users are now stored in the database instead of the config file
  • Your existing data will be automatically migrated into the database
  • To stave off the migration, set config_provider: file on the top level of your config file. File based target configuration will be removed in v0.7 however.

Changes

• SSH: added remote port and X11 forwarding - fixes #11, fixes #12
• SSH: record forwarded-tcpip channels
• fixed infinite HTTP redirect when the target redirects HTTP to HTTPS (#257)
• fixed #274 - don't pass-through the Host header
• fixed #269 - handle spaces in example commands
• added --debug CLI flag

v0.5.1

Changes

• 9c67009: fixed infinite HTTP redirect (#257)

v0.5.0

Major updates

• Added SSO support (OpenID Connect) for HTTP and SSH targets (#222)
• Added support for linking HTTP targets to subdomains
• HTTP: added support for tickets (as a GET parameter or Authorization header)

Changes

• HTTP: added X-Forwarded-* headers
• HTTP: session cookie is now set for all subdomains
• UI: added proper connection instructions for tickets
• UI: added test-target CLI support for HTTP and MySQL targets
• SSH: added support for AES-CTR ciphers, and diffie-hellman exchanges
• Sessions will be automatically killed if you revoke access by editing the config file
• Fixed scp not triggering target connection

v0.4.1

• fixed RSA public keys not getting accepted