Version 1.7.0

Changes

• Update to Go 1.19 for release builds & bump dependencies
• Fix a memory leak in HTTP status checking (#379, thanks @phamann)
• Add support for OPA to allow auth based on Rego policies (#374, thanks @spacedub)
• Update to latest go-spiffe for better Windows support (#371, thanks @MarcosDY)

Version 1.7.0-rc.1

Changes

• Update to Go 1.19 for release builds & bump dependencies
• Fix a memory leak in HTTP status checking (#379, thanks @phamann)
• Add support for OPA to allow auth based on Rego policies (#374, thanks @spacedub)
• Update to latest go-spiffe for better Windows support (#371, thanks @MarcosDY)

Version 1.6.1

Changes

• Add support for HTTP status endpoints for targets (#365, thanks to @mccurdyc)
• Support for filtering keychain identities by serial and/or issuer (#352)
• Add initial ACME support in server mode (#348, thanks to @ryankoski)
• Better connect proxy resolution handling (#357, #360)

Version 1.6.0

Changes

• Add support for TLS 1.3 and fix bug that prevented the use of RSA-PSS when keychain identities were used on macOS/Win.
• Add new experimental flag for macOS (--keychain-require-token) to fetch keychain identities backed by hardware tokens.
• Changed the default log output to stdout, previously stderr, to avoid issues with Windows thinking the process crashed.

Other
Migrated release build process to GitHub Actions to avoid the need for cross-compilation toolchains. Unfortunately this means that linux/arm64 and windows/386 release builds will not be available for the moment. We plan to add back release builds for those platforms for when feasible with GitHub Actions.

Version 1.6.0-rc.3

Added changes to make RSA-PSS (for TLS 1.3) work on Windows using platform certificate store keys (certstore).

Version 1.6.0-rc.2

Second release candidate for 1.6.0, fixes ordering of TLS 1.3 cipher suites.

Version 1.6.0-rc.1

First release candidate for v1.6.0

Changes

• Add support for TLS 1.3 and fix bug that prevented the use of RSA-PSS when keychain identities were used on macOS.
• Add new experimental flag for macOS (--keychain-require-token) to fetch keychain identities backed by hardware tokens.
• Changed the default log output to stdout, previously stderr, to avoid issues with Windows thinking the process crashed.

Other

• Migrated release build process to GitHub Actions to avoid the need for cross-compilation toolchains. Unfortunately this means that {linux,darwin}/arm64 and windows/386 release builds will not be available for the moment. We plan to add back release builds for those platforms for when feasible with GitHub Actions.

Version 1.5.3

Updated Go to 1.15 and bumped dependencies to latest versions.

New Features
Allow serving /_status and /_metrics via HTTP by explicitly setting http:// prefix in status flag (#295)

Other
New Docker images are now available for arm64/armv7 via the ghostunnel/ghostunnel repo (#313)

Version 1.5.2

New Features

• Official release binaries are now built with Go 1.13+, making TLS 1.3 enabled by default.
• Expose keystore flags as env vars (#250) to make it possible to pass keystore flags via env.

Bugfixes & Other Changes

• Fixed issues with TLS 1.3/PKCS11 (#271) and ECC/PKCS11 (#257).
• Fixed a bug with status not being available in client mode with auth disabled (#268).
• Updated external dependencies, dropping the need for libtool/libltdl runtime dependency.

Version 1.5.1

This release is the same as v1.5.0, but compiled with Go 1.12.12 to address CVE-2019-16276.