Releases: warp-tech/warpgate
Releases · warp-tech/warpgate
v0.8.0
Changes
- 0bc9ae1: session details (IP & security key) are now shown during OOB auth to reduce the chance of phishing a user into approving an auth attempt #858
- 983d0ad: bumped russh
Fixes
- f0bc1db: fixed #358 - quotes in connection instructions on Windows #859
- 49b92cd: fixed #855 - log client IPs and credentials used #861
- aca8d3d: fixed #857 - fixed default ticket expiry when using MySQL as a database, bumped sea-orm #862
v0.7.3
Security fixes
CVE-2023-37268 [8173f65]
Insufficient authentication checks for SSO users allowed any SSO user to elevate their permission to these of any other SSO user. All configurations using SSO are affected.
Changes
- f13a22f: HTTP: fixed #747 - don't include port in the X-Forwarded-For header
- UI: added search boxes - #761
- 4fe4bfe: fixed login errors not being displayed properly
- b1995be: Admin: disallow completely disabling authentication for a protocol
v0.7.2
Changes
- Docker: all protocols will be enabled by default when running
warpgate setup
- Dependency updates (Cléo REBERT) #739
v0.7.1
Security fixes
A malicious client or target could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of traffic (for their own connection only).
Commits
- 1ad08dc: fixed #496 - enabled support for all databases in Github builds
- 399f811: fixed RSA auth with signature algorithm mismatch
v0.7.0
Changes
Minimum required glibc version on Linux is now 2.18
Fixes
- fffd799: fixed #406 - Apple ID SSO not working - ⚠️ note the config layout changes
- 9714570: SSH: fixed #477 - send
ssh-rsa hostkey in addition to rsa-sha* - fixes Termius support on iOS
- SSH: correctly report channel open failures to client
- d90abcf: SSH: fixed missing CHANNEL_CLOSE messages - #459
v0.6.5
Changes
- f967609: Added unattended setup command (
warpgate unattended-setup) - fixes #409
- 7066dd5: Added password recovery command (
warpgate recover-access) - fixes #410
- Added option to forward username to SSH targets as-is #445 (Alex Donec)
- Removed the 1 second auth delay on SSH - #459 (Eugene Pankov)
- c236da5: Added support for MySQL and PostgreSQL as database storage (
database_url config option) - fixed #452
UI improvements
- 67866fe: added visual feedback to save buttons
- fd993c4: autofocus the OTP field - fixes #386
- 5bdddd3: allow cancelling authentication
Fixes
v0.6.4
Changes
- 773bf19: added missing channel success messages - fixes #349, fixes #364 - Termius, WinSCP and FileZilla compatibility
- deab505: fixed #353 - auto-enable auth policy when adding an OTP after a password or a public key
- 04e5ecf: #353 - forbid HTTP caching for API endpoints
v0.6.3
Changes
- 410e445: fixed login redirect not working during OOB auth
- a0fea63: auto-close OOB auth window when done
- 3157077: fixed #350 - deleting targets/users with assigned roles from the UI
- 6355c59: fixed #346 - policy editor incorrectly adding OOB auth for HTTP protocol
