Releases: warp-tech/warpgate
Releases · warp-tech/warpgate
v0.14.0-beta.2
v0.14.0-beta.1
Changes
- 863af5e: fixed #1323 -
In-browser auth(2FA/SSO) support for PostgreSQL (#1338) #1338 - 53971dc: #1334 New in-browser auth requests will automatically show up on the Warpgate homepage if the user is logged in (#1335) #1335
- Deleting an SSH target will now auto-remove its known hosts entry (#1300) #1300 (Chinmay Pai)
- ec98c3d: Offer checking and accepting SSH host keys from the admin UI (#1307) #1307
- Prefer SSO provider buttons will prefer
labelovernamein the login UI (Eugene) - 4533401: Warpgate will now forward HTTP basic auth credentials (if present) from an HTTP target's URL correctly (#1343) #1343
- cea7acc: #1281 - Added description fields for most objects (#1294) #1294
- 9841421: #1281 - List role members and targets in the UI (#1295) #1295
- 6b22399: Added SBOMs to release artifacts (#1289) #1289
- 74ca553: Add a "getting started" hints to the UI (#1344) #1344
Fixes
- Fixed Warpgate attempting RSA key auth against a target too many times, exhausting the OpenSSH limits (#1274) #1274 (Eugene)
- 95dce41: Fix SSH Client to respond to keyboard-interactive when target has optional 2FA (#1273) (samtoxie) #1273
- 51c8937: fixed frontend crash in list pagination
- 5d3a8ac: Force the config file format to YAML (#1299) (Mice7R) #1299
- 4b74303: #1271 - modals are invisible with
prefers-reduced-motion - 0a3e444: fixed #1285 - unable to add public keys via credentials self-service
- 26a9c99: fixed #1326 - UI allowing duplicate target names (#1328) #1328
- d465586: fixed enter key handling in the "create target" form
- b4076ef: fixed #1320 - JDBC based Postgres clients not connecting
- 87b409b: SQL content of prepared Postgres queries were not logged
- 5ee29b9: fixed #1337 - automatically strip the public key comment when setting via the API
- 2381f55: fixed #972 - SSH server not offering keyboard-interactive when only OOB or SSO auth is enabled for a user
v0.13.3
v0.13.2
Changes
- ee05440: pasting a public key will automatically fill out the label field now if the key has a comment
Fixes
v0.13.1
v0.13.0
Changes
- 409b382: UI facelift (#1175)
- 010534a: added support for user API tokens and an API playground (#1191)
- 1dec4c9: added a title field for public keys (#1171) (Mohammad Al Shakoush)
- 59884fb: added "last used" and "date created" fields for public keys (#1182) (Mohammad Al Shakoush)
- d51d882: fixed #1189 - updated default config to listen on IPv6 as well
- b76872f: added an option to auto-create SSO users #1245
- e203688: implemented agent forwarding over SSH (samtoxie) #1249
- 55dcd11: added
streamlocal-forwardsupport (remote UNIX socket forwarding) #1243
Fixes
- 40e49a2: Fixed SSO not respecting the OS' trusted TLS CAs (Thibaud Lepretre) #1233
- 2abe104: fixed #1234 - rustls panic in tokio-tungstenite
- 2cdf8ba: bump vulnerable deps (#1241) #1241
- 8d53f7b: bumped russh for the mlock() fix
- 7e15422: fixed #1258 - hide the version info until logged in (Eugene)
- 6ade841: correctly bind to both ipv4 and ipv6 when [::] is set as listen endpoint (#1193)
- create and canonicalize relative
data_path(#1180) (willow) - e89bc03: fixed #1218 - make target search case insensitive
- b665ca1: fixed #1197 - ticket creation on non-sqlite databases
v0.13.0-beta.2
v0.13.0-beta.1
Changes
- 409b382: UI facelift (#1175)
- 010534a: added support for user API tokens and an API playground (#1191)
- 1dec4c9: added a title field for public keys (#1171) (Mohammad Al Shakoush)
- 59884fb: added "last used" and "date created" fields for public keys (#1182) (Mohammad Al Shakoush)
- d51d882: fixed #1189 - updated default config to listen on IPv6 as well
Fixes
v0.12.0
Changes
- Self-service credentials management (#1145) - you can now allow users to manage their own credentials. Enable it in
Config -> Misc -> Global parameters. - Multiple return domains for SSO, prefer host header over
external_host(dbf96a8 / #1093) - Warpgate now users theHostheader to resolve its own external URL and only falls back to theexternal_hostfrom the config file if the header is missing. If you're running behind a reverse proxy, make sure thathttp.trust_x_forwarded_headersis set in the config and you're passing theX-Forwarded-Hostheader. SSO logins will also dynamically construct their return URL from theHostheader. You can restrict the allowed return domains with the newsso_providers[].return_domain_whitelistoption (a list of hostnames). - Passing user-identifying headers to HTTP targets (cc0b054 / #1107) - Warpgate now passes
x-warpgate-usernameandx-warpgate-authentication-typeheaders to HTTP targets. --enable-admin-tokenoption (9dd1c58) - setting it allows passing a global admin token via the WARPGATE_ADMIN_TOKEN env variable. This token can be used to authenticate against the admin REST API (pass it in thex-warpgate-tokenheader).
Other changes
- ef46e75: add keepalive_interval to ssh config (#1134) (Piotr Rotter)
- f1d565b: Svelte 5 migration (#1101)
- a20fdb8: Bumped russh (#1131)
- 379b1bc: fixed #983 - enable ssh-rsa when insecure algorithms are allowed
- b359838: Separate DB models for credentials (#1143)
Fixes
- 846e6d1: fixed #1110 - Fix switch for insecure ssh algorithms option (#1111) (hashfunc)
- 38dbb3b: fixed #1096 - SEC1 EC private key file support for TLS
- 80ee6cc: fixed #1074 - strip trailing slash in SSO issuer URLs and log errors properly
- 8acaaee: show more detailed error messages for API errors
- 3b29a3e: fixed #929 - sso: broken
additional_trusted_audiencesconfig option - 557921f: postgres listener was incorrectly using the mysql certificate & key
- 41d3158: fixed #1039 - first DB migration failing on Postgres
- 64d7194: fixed #1150 - send the
ssh-rsaclient key when insecure algorithms are enabled
v0.12.0-beta.1
Changes
- Self-service credentials management (#1145) - you can now allow users to manage their own credentials. Enable it in
Config -> Misc -> Global parameters. - Multiple return domains for SSO, prefer host header over
external_host(dbf96a8 / #1093) - Warpgate now users theHostheader to resolve its own external URL and only falls back to theexternal_hostfrom the config file if the header is missing. If you're running behind a reverse proxy, make sure thathttp.trust_x_forwarded_headersis set in the config and you're passing theX-Forwarded-Hostheader. SSO logins will also dynamically construct their return URL from theHostheader. You can restrict the allowed return domains with the newsso_providers[].return_domain_whitelistoption (a list of hostnames). - Passing user-identifying headers to HTTP targets (cc0b054 / #1107) - Warpgate now passes
x-warpgate-usernameandx-warpgate-authentication-typeheaders to HTTP targets. --enable-admin-tokenoption (9dd1c58) - setting it allows passing a global admin token via the WARPGATE_ADMIN_TOKEN env variable. This token can be used to authenticate against the admin REST API (pass it in thex-warpgate-tokenheader).
Other changes
- ef46e75: add keepalive_interval to ssh config (#1134) (Piotr Rotter)
- f1d565b: Svelte 5 migration (#1101)
- a20fdb8: Bumped russh (#1131)
- 379b1bc: fixed #983 - enable ssh-rsa when insecure algorithms are allowed
- b359838: Separate DB models for credentials (#1143)
Fixes
- 846e6d1: fixed #1110 - Fix switch for insecure ssh algorithms option (#1111) (hashfunc)
- 38dbb3b: fixed #1096 - SEC1 EC private key file support for TLS
- 80ee6cc: fixed #1074 - strip trailing slash in SSO issuer URLs and log errors properly
- 8acaaee: show more detailed error messages for API errors
- 3b29a3e: fixed #929 - sso: broken
additional_trusted_audiencesconfig option - 557921f: postgres listener was incorrectly using the mysql certificate & key
- 41d3158: fixed #1039 - first DB migration failing on Postgres