Releases: DefGuard/defguard
v1.2.0
🥳 New Features 🎉
🛜 Network Device Management & Command Line Client – Connect and manage devices using either a WireGuard connection or our headless command-line client. A new dedicated section on the dashboard now showcases network device statistics.
➕ Multiple addresses per network interface in gateway (with IPv4 and IPv6) is now supported.
😈 FreeBSD and OPNSense new package/plugin
🔄 Google External OIDC now includes the ability to automatically synchronize users, groups, and user statuses. It can also decide to disable or delete users in Defguard based on the Google Directory. Same functionality will be available for other external OIDC providers (Microsoft, Okta, …) soon.
🖥️ Desktop Client detects if the connection is active, notifies the user if it isn’t, and attempts to reconnect automatically.
📥 New Gateway disconnect notifications section in settings
🔔 Defguard will now notify you when a new release is available and/or if it’s a critical security update.
👥 Any group can be defined as admin group
Please consider buying the enterprise license to support us!
🎗️Please remember that all enterprise features are free (up to certain limits)
The whole defguard team thanks you! 🫡
🪲 Fixes
📊 Dashboard statistics had a major rewrite and now they should be more accrue and reliable
📏 Fixed interface name if location name is long #933
🏭 TOTP code fixes
📖 Upgrade notes
Please remember to read the upgrade notes before doing the upgrade!
v1.1.4
⚠️ WARNING: Please read the upgrade notes for version 1.1.4, as we've introduced a change which may require certain modifications before you update ⚠️
Upgrade notes: https://docs.defguard.net/admin-and-features/setting-up-your-instance/upgrading#any-previous-core-release-greater-than-core-1.1.4
What's Changed
Quick fix release
- build-binaries is meant for X86_64 runner only by @moubctez in #884
- Make emails case insensitive by @moubctez in #886
Full Changelog: v1.1.3...v1.1.4
🎉 1.1.x: All Enterprise features are free! 🎉
All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.
Further improvements:
🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration
🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..
🛜 Fixed IPv6 configuration in the Location settings
Contributors
Assets 8
v1.1.3
Quick fix release
- Allow usernames with minimum 1 character by @moubctez in #878
- Okta fixes - more about Okta integration in our docs - fallback to calling user-info if claims not present in the ID token by @t-aleksander in #883
🎉 1.1.x: All Enterprise features are free! 🎉
All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.
Further improvements:
🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration
🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..
🛜 Fixed IPv6 configuration in the Location settings
Detailed changes
- Fix ipv6 input and database adminid constraints by @t-aleksander in #851
- Enable enterprise features when within certain limits by @t-aleksander in #852
- OpenID via Proxy by @moubctez in #845
- Add external oidc tests by @t-aleksander in #855
- Remove web3 functionality from frontend, update docs links by @t-aleksander in #857
New Contributors
- @eltociear made their first contribution in #848
Full Changelog: v1.0.0...v1.1.2
Contributors
Assets 8
v1.1.2
Quick fix release
- Make smtp password and email optional by @t-aleksander in #869
🎉 1.1.x: All Enterprise features are free! 🎉
All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.
Further improvements:
🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration
🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..
🛜 Fixed IPv6 configuration in the Location settings
Please consider buying the enterprise license to support us!
The whole defguard team thanks you! 🫡
Detailed changes
- Fix ipv6 input and database adminid constraints by @t-aleksander in #851
- Enable enterprise features when within certain limits by @t-aleksander in #852
- OpenID via Proxy by @moubctez in #845
- Add external oidc tests by @t-aleksander in #855
- Remove web3 functionality from frontend, update docs links by @t-aleksander in #857
New Contributors
- @eltociear made their first contribution in #848
Full Changelog: v1.0.0...v1.1.2
Contributors
Assets 8
v1.1.1
Quick fix release
- Fix enterprise settings sometimes not taking effect immediately, log gateway's token rejection reason by @t-aleksander in #865
🎉 1.1.x: All Enterprise features are free! 🎉
All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.
Further improvements:
🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration
🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..
🛜 Fixed IPv6 configuration in the Location settings
Please consider buying the enterprise license to support us!
The whole defguard team thanks you! 🫡
Detailed changes
- Fix ipv6 input and database adminid constraints by @t-aleksander in #851
- Enable enterprise features when within certain limits by @t-aleksander in #852
- OpenID via Proxy by @moubctez in #845
- Add external oidc tests by @t-aleksander in #855
- Remove web3 functionality from frontend, update docs links by @t-aleksander in #857
New Contributors
- @eltociear made their first contribution in #848
Full Changelog: v1.0.0...v1.1.0
Contributors
Assets 8
v1.1.0
🎉 All Enterprise features are free! 🎉
All Enterprise features (within certain limits) are now free and do not require a license.
Limits should be more than sufficient for home, small business, and student use. More details here.
Further improvements:
🔐 Ability to use external OIDC for secure remote enrollment and Desktop client configuration
🔏 External OIDC now supports code authorization flow - extending Custom OIDC support to Okta, JumpCloud, Zitadel and others..
🛜 Fixed IPv6 configuration in the Location settings
Please consider buying the enterprise license to support us!
The whole defguard team thanks you! 🫡
Detailed changes
- Fix ipv6 input and database adminid constraints by @t-aleksander in #851
- Enable enterprise features when within certain limits by @t-aleksander in #852
- OpenID via Proxy by @moubctez in #845
- Add external oidc tests by @t-aleksander in #855
- Remove web3 functionality from frontend, update docs links by @t-aleksander in #857
New Contributors
- @eltociear made their first contribution in #848
Full Changelog: v1.0.0...v1.1.0
Contributors
Assets 8
v1.0.0
🎉 Now you can support our development efforts! 🎉
We are introducing Enterprise License with unique features not available in the Open Source Open Core:
🔐 Ability to use external OIDC (Google/Microsoft/Custom) to login or create a defguard account.
💥 Real time sync for client configurations! First WireGuard client to support this feature!
🛑 Ability to disable users to manage their devices (just admins will have this possibility).
✖︎ Ability to disable users to configure WireGuard clients other than defguard desktop client.
🚦Ability to disable All traffic in the desktop client - just predefined traffic.
🔜 …More features will come soon!
Please consider buying the enterprise license to support us!
The whole defguard team thanks you! 🫡
🔥 New features (Open Source Open Core & Enterprise) 🔥
- core & proxy have now HTTP & gRPC healthchecks
- new MFA email messages to easily copy the code
- Multiple DNS servers support & search domain support
- Proxy and Gateway have better gRPC connection handling when a disconnect occurs
- New Kubernetes HELM charts (thanks to Prusa3D Research team ❤️
… and **a lot of 🐛 bugfixes! **
Desktop Client Major Upgrade
- Rewrite of the whole routing stack (on all platforms) with IPv6 support
- Tray menu for quick connect/disconnect
- Multiple DNS servers support
- Search domain support
- Settings menu has a new section displaying all log messages
- All log messages have been rewritten for better support and knowledge of what’s going on
📖 Upgrade notes
Please remember to read the upgrade notes before doing the upgrade!
v1.0.0-alpha1
🛑 Warning this is a ALPHA PRE-RELESE only working with alpha proxy&gateway&client! 🛑
👇👇👇For official release see below.👇👇👇
This is the first release of the new Open Source Open Core & Enterprise features like: external OpenID (Google/Microsoft/Custom), real time client sync and more!
All currently available enterprise features are in enterprise documentation section as well as information about upcoming enterprise license.
This release also includes the latest Open Source functionaries.
v0.11.0
We have focused on stability, business logs improvements and bug squashing in these release - but also have done some features:
New Features
Account disabling/enabling ⭐
Now you can disable or enable a user account (by @t-aleksander in #640)
Important: LDAP support for this feature is not implemented yet. See #660 for status.
Core & Proxy DEB & RPM packages
Upon a lot of requests we have added (besides docker/kubernetes) a pure package distribution of core & proxy (gateway already had it done for some time).
Done by @t-aleksander in #649
Other Changes
- feat: add warning when removing a group by @wojcik91 in #628
- feat: add new logo by @t-aleksander in #646
- Add more logging by @t-aleksander in #645
Fixes
- fix: mfa login screen styles by @j-chmielewski in #629
- fix: sync WireGuard locations allowed devices after removing user group by @wojcik91 in #630
- fix: make config structure valid if some fields are missing by @t-aleksander in #637
- fix: add workaround for wrong config file extension on some browsers by @t-aleksander in #638
- fix: verify mfa status during openid authorization by @t-aleksander in #641
- fix: invalidate all user sessions when MFA is enabled by @t-aleksander in #644
- fix: fix frontend linter errors by @t-aleksander in #651
- fix: prevent from adding duplicate public keys by @t-aleksander in #655
- Fix down migrations by @moubctez in #658
- Fix for #661 by @moubctez in #662
Contributors
Assets 8
v0.10.0
New Features
Groups support ⭐
We now support group management, including:
- Every VPN Location can now be protected by defined group access (previously only: All users || Admins)
- In OpenID Apps - for each app you can also include Group Scope - and when user logs in with defguard to an application, all groups that the user is part of is returned in the OIDC token
SSH & GPG keys management
Now any user can add/delete (manage) their public SSH & GPG keys, which is great for managing access to your servers with SSH keys from defguard. More in docs here: https://defguard.gitbook.io/defguard/admin-and-features/ssh-authentication
New YubiKey provisioning and management
after provisioning a YubiKey - the YK it’s visible in the user profile with serial number as well as GPG & SSH public keys corresponding to the YKs private keys
Also, there is a new look for YubiKey provisioning (in the key management dialog)
A lot of enhancements
-
proxy now has detailed logs with IP addresses and business logs - a lot of users asked for that to implement fail2ban since the proxy is a public service
-
Phone number is now optional during enrollment
Fixes
- MFA disconnecting bug
- email validation when adding a new user
Full Changelog: v0.9.0...v0.10.0