Releases: warp-tech/warpgate
Releases · warp-tech/warpgate
v0.16.0
Security fixes
- 3c003fc - fixed CVE-2025-54804
- This vulnerability has allowed a malicious authenticated client or target server to trigger a Rust panic in Warpgate and potentially cause a service restart
Major changes
- Docker image : add healthcheck, linting and run as regular user by @hugosxm in #1433
- The Docker image now runs under UID
1000instead of0. Depending on your setup, this might cause permission errors when trying to access the Warpgate data files, you might have tochmodthem. Run Docker with--uid 0to revert to the old, less safe behaviour.
- The Docker image now runs under UID
- Added bandwidth limiting support in #1443
- You can set bandwidth limits globally, per user and per target - works for SSH, MySQL and Postgres targets.
Changes
Fixes
- fd6607b - fix channels losing unflushed data when closing
- 4d5ebe4 - fix SCP hangups
- 05235d9 - fixed incorrect relative path resolution in setup
- 5a4b295 - fixed #1424 - OOB UI fails with repeating characters
versionattribute is obsolete by @ulab in #1435- 8ad6972 - fixed #1442 - unnecessary
get_infoauth restrictions
New Contributors
- @hugosxm made their first contribution in #1433
- @ulab made their first contribution in #1435
- @tom-90 made their first contribution in #1449
Full Changelog: v0.15.0...v0.16.0
Contributors
ulab, tom-90, and hugosxm
Assets 10
v0.15.0
Features
- fixed #1104 - SNI support in #1402 - see https://warpgate.null.page/sni/
- fixed #1220 -
direct-streamlocal(local UNIX socket forwarding) support in 103a480 - fixed #1368 - correctly generate version number in docker in #1372
- fixed #954 - enable gzip support for http targets in 9e144f8
- fixed #1367 - replace Swagger with Stoplight Elements in the API playground and add a note about token header in 1df9b45
Fixes
- fixed #1381 - skip password auth in postgres if not required in #1383
- fix(panel): fix user profile link by @joseluisgonzalezca in #1384
- feat(http): support for insecured websocket connections if
TLS Verifyflag is disabled by @joseluisgonzalezca in #1385 - fix(logs): normalize logs timestamp format with fixed sub-second digits by @joseluisgonzalezca in #1387
- fix(auth): skip web approval auth method only if there are other authentication methods available by @joseluisgonzalezca in #1390
- fixed #1396 - fixed API token auth for getAllTargets API in #1397
- fixed #1395 - preselect current user in access instructions modal by @Eugeny in #1405
- fixed #1404 - SSO user autocreation not working with Entra ID by @Eugeny in #1406
- fixed #1411 - duplicate Host header sent to HTTP/2 targets by @Eugeny in #1412
New Contributors
- @joseluisgonzalezca made their first contribution in #1384
Full Changelog: v0.14.1...v0.15.0
Contributors
Eugeny and joseluisgonzalezca
Assets 10
v0.15.0-beta.2
Contributors
Eugeny
Assets 10
v0.15.0-beta.1
Features
- fixed #1104 - SNI support in #1402 - see https://warpgate.null.page/sni/
- fixed #1220 -
direct-streamlocal(local UNIX socket forwarding) support in 103a480 - fixed #1368 - correctly generate version number in docker in #1372
- fixed #954 - enable gzip support for http targets in 9e144f8
- fixed #1367 - replace Swagger with Stoplight Elements in the API playground and add a note about token header in 1df9b45
Fixes
- fixed #1381 - skip password auth in postgres if not required in #1383
- fix(panel): fix user profile link by @joseluisgonzalezca in #1384
- feat(http): support for insecured websocket connections if
TLS Verifyflag is disabled by @joseluisgonzalezca in #1385 - fix(logs): normalize logs timestamp format with fixed sub-second digits by @joseluisgonzalezca in #1387
- fix(auth): skip web approval auth method only if there are other authentication methods available by @joseluisgonzalezca in #1390
- fixed #1396 - fixed API token auth for getAllTargets API in #1397
New Contributors
- @joseluisgonzalezca made their first contribution in #1384
Full Changelog: v0.14.1...v0.15.0-beta.1
Contributors
joseluisgonzalezca
Assets 10
v0.14.1
v0.14.0
Major changes
- 863af5e: #1323 -
In-browser auth(2FA/SSO) support for PostgreSQL (#1338) #1338 - 53971dc: #1334 New in-browser auth requests will automatically show up on the Warpgate homepage if the user is logged in (#1335) #1335
- ec98c3d: Option to check and accepting SSH target's host keys from the admin UI (#1307) #1307
Changes
- Deleting an SSH target will now auto-remove its known hosts entry (#1300) #1300 (Chinmay Pai)
- Prefer SSO provider buttons will prefer
labelovernamein the login UI (Eugene) - 4533401: Warpgate will now forward HTTP basic auth credentials (if present) from an HTTP target's URL correctly (#1343) #1343
- cea7acc: #1281 - Added description fields for most objects (#1294) #1294
- 9841421: #1281 - List role members and targets in the UI (#1295) #1295
- 6b22399: Added SBOMs to release artifacts (#1289) #1289
- 74ca553: Add "getting started" hints to the UI (#1344) #1344
Fixes
- Fixed Warpgate attempting RSA key auth against a target too many times, exhausting the OpenSSH limits (#1274) #1274 (Eugene)
- 95dce41: Fix SSH Client to respond to keyboard-interactive when target has optional 2FA (#1273) (samtoxie) #1273
- 51c8937: fixed frontend crash in list pagination
- 5d3a8ac: Force the config file format to YAML (#1299) (Mice7R) #1299
- 4b74303: #1271 - modals are invisible with
prefers-reduced-motion - 0a3e444: fixed #1285 - unable to add public keys via credentials self-service
- 26a9c99: fixed #1326 - UI allowing duplicate target names (#1328) #1328
- d465586: fixed enter key handling in the "create target" form
- b4076ef: fixed #1320 - JDBC based Postgres clients not connecting
- 87b409b: SQL content of prepared Postgres queries were not logged
- 5ee29b9: fixed #1337 - automatically strip the public key comment when setting via the API
- 2381f55: fixed #972 - SSH server not offering keyboard-interactive when only OOB or SSO auth is enabled for a user
- 9bc1c9d: fixed #1346 - changing own password does not remove existing passwors
- 33803f1: fixed #1336 - correctly parse ECC certificates - no longer handle incorrect PEM header
- 331af97: fixed #1356 - generate config schema (#1357) #1357
v0.14.0-beta.3
v0.14.0-beta.2
v0.14.0-beta.1
Changes
- 863af5e: fixed #1323 -
In-browser auth(2FA/SSO) support for PostgreSQL (#1338) #1338 - 53971dc: #1334 New in-browser auth requests will automatically show up on the Warpgate homepage if the user is logged in (#1335) #1335
- Deleting an SSH target will now auto-remove its known hosts entry (#1300) #1300 (Chinmay Pai)
- ec98c3d: Offer checking and accepting SSH host keys from the admin UI (#1307) #1307
- Prefer SSO provider buttons will prefer
labelovernamein the login UI (Eugene) - 4533401: Warpgate will now forward HTTP basic auth credentials (if present) from an HTTP target's URL correctly (#1343) #1343
- cea7acc: #1281 - Added description fields for most objects (#1294) #1294
- 9841421: #1281 - List role members and targets in the UI (#1295) #1295
- 6b22399: Added SBOMs to release artifacts (#1289) #1289
- 74ca553: Add a "getting started" hints to the UI (#1344) #1344
Fixes
- Fixed Warpgate attempting RSA key auth against a target too many times, exhausting the OpenSSH limits (#1274) #1274 (Eugene)
- 95dce41: Fix SSH Client to respond to keyboard-interactive when target has optional 2FA (#1273) (samtoxie) #1273
- 51c8937: fixed frontend crash in list pagination
- 5d3a8ac: Force the config file format to YAML (#1299) (Mice7R) #1299
- 4b74303: #1271 - modals are invisible with
prefers-reduced-motion - 0a3e444: fixed #1285 - unable to add public keys via credentials self-service
- 26a9c99: fixed #1326 - UI allowing duplicate target names (#1328) #1328
- d465586: fixed enter key handling in the "create target" form
- b4076ef: fixed #1320 - JDBC based Postgres clients not connecting
- 87b409b: SQL content of prepared Postgres queries were not logged
- 5ee29b9: fixed #1337 - automatically strip the public key comment when setting via the API
- 2381f55: fixed #972 - SSH server not offering keyboard-interactive when only OOB or SSO auth is enabled for a user