Skip to content

Releases: devSealWare/LightIPAM

Light IPAM v1.2.1

Choose a tag to compare

@devSealWare devSealWare released this 10 Jul 22:51
800fca1

Light IPAM v1.2.1 is a backward-compatible patch release focused on security
hardening, auditability, API consistency, and a simpler published-image install.

Highlights

  • Adds compose.release.yaml and a complete installation/upgrade guide for the
    published amd64 and arm64 app and scanner images.
  • Hardens CSV exports against spreadsheet-formula injection and adds conditional
    HSTS plus stricter CSP directives.
  • Restricts API-token creation to administrators and aligns webhook URL SSRF
    validation with scanner-agent endpoint validation.
  • Improves mutation audit metadata and returns the JSON error envelope for
    unsupported methods on registered /api/v1 routes.
  • Fixes the API fallback startup panic and the intermittent sealed-secret test.
  • Reorganizes the README around audience, product value, quick evaluation, and
    technical documentation.

Upgrade notes

  • No database migration; the schema remains at migration 23.
  • No breaking /api/v1 or scanner-protocol change; the scanner protocol remains
    v1.
  • Webhook create/update now requires https://. Move any plain-HTTP webhook
    endpoint behind TLS before editing and saving it again.
  • App and scanner images should be upgraded together to 1.2.1.

See the full changelog.

Light IPAM v1.2.0

Choose a tag to compare

@devSealWare devSealWare released this 06 Jul 21:17
15217dd

[1.2.0] - 2026-07-06

A backward-compatible release: no breaking /api/v1 or scanner-protocol changes, and
the two new database migrations (22, 23) are additive. The headline is device
correlation for multi-homed hardware — link-not-merge suggestions, now upgraded to a
gold-confidence signal from SNMP-derived chassis serials.

Added

  • SNMP hardware identity + gold-confidence device links (ADR 0030, migration 23):
    snmp_inventory (and combined) scans now read the device's ENTITY-MIB chassis
    serial number and sysObjectID, persist them through the discovery queue onto
    the imported device, and show the serial on the device page. An exact serial
    match across disjoint subnets is a gold-confidence "Serial match" link
    suggestion (independent of hostname/OS agreement), and a new
    Settings → Discovery toggle (default off) opts in to auto-linking those
    matches at import/sync time, audited as device.link.auto. Placeholder vendor
    serials ("N/A", "To be filled by O.E.M.", …) are filtered agent-side; the
    scanner protocol gains only optional observation fields and stays v1.
  • Same-physical-device links (ADR 0029, migration 22): a reversible link layer that
    groups the multiple device records a multi-homed device (e.g. a router with one
    IP and MAC per subnet) imports as. The device page suggests high-confidence
    matches (identical hostname + same OS family + disjoint subnets — never an exact
    OS-string match) for the operator to confirm or dismiss; nothing links
    automatically. Linked siblings show their IPs, subnets, MACs, OS, and services on
    the device page, records are never merged, and manual link/unlink always works.
    Link actions are audited (device.link.confirmed / .removed / .dismissed).

Fixed

  • Guarded the operator-supplied scanner-agent endpoint_url against SSRF: the app's
    mTLS dispatcher connects to that URL (TCP connect + TLS ClientHello) before the
    pinned-CA cert check runs, and the only prior validation was an https:// prefix
    check, so an endpoint like https://169.254.169.254 turned the app into an internal
    port-scan / metadata oracle. A new ValidateAgentEndpoint requires an https URL
    with a host and rejects literal loopback/link-local/unspecified IPs (private
    RFC-1918 ranges, where real agents live, stay allowed); it runs at save time and
    defensively in the dispatcher itself (CodeQL go/request-forgery).
  • Bounded the argon2 parameters (memory/iterations/parallelism) decoded from a stored
    password hash before their narrowing conversion to uint32/uint32/uint8
    an out-of-range value in a malformed or hostile hash string wrapped silently instead
    of failing closed (CodeQL go/incorrect-integer-conversion).
  • Range-checked the AGENT_SNMP_PORT / AGENT_NETBIOS_PORT / AGENT_MDNS_PORT
    scanner-agent environment variables (1–65535) before their narrowing conversion to
    uint16 — an out-of-range value (e.g. 65537) previously wrapped silently to 1
    instead of falling back to the documented default (CodeQL
    go/incorrect-integer-conversion).

Light IPAM v1.1.0

Choose a tag to compare

@devSealWare devSealWare released this 29 Jun 19:19
31acc45

[1.1.0] - 2026-06-29

A backward-compatible release: no breaking /api/v1 or scanner-protocol changes,
and the one new database migration (21) is additive. The headline is routing-aware
scanner egress, which fixes a macvlan agent silently finding zero hosts on routed
subnets.

Added

  • Routing-aware scanner egress: AGENT_SCAN_PIN_MODE (default auto) pins nmap
    probes to the macvlan source address only for L2-adjacent targets and lets routed
    targets follow the default route, so a single macvlan agent handles both adjacent
    and routed subnets with no per-scan configuration (always = the old unconditional
    pin, off = never pin) (ADR 0027).
  • Agent network diagnostics: a GET /diagnostics endpoint and an /agents/{id}
    detail panel surface the agent's interfaces, scan source/route, pin mode, nmap
    version, and capabilities — plus any pin/route mismatch — without a docker exec
    (ADR 0027).
  • A scanner-agent --healthcheck subcommand and a Compose healthcheck for the
    scanner-agent service (ADR 0027).
  • Save-time scan-scope validation on the scan and schedule forms: an invalid IPv4
    CIDR/target, or a schedule whose allowed CIDRs fall outside the chosen agent's
    allowlist, is now rejected inline instead of failing silently on every scheduler
    tick (ADR 0028).
  • A "Last run" column on the schedules page showing each schedule's most recent
    outcome (succeeded / failed / rejected) and failure reason (migration 21,
    ADR 0028).
  • A device service-count column on the Devices table and per-subnet utilization on
    the dashboard.
  • Light IPAM brand assets: logo lockups, favicons, an Apple touch icon, and a web
    app manifest.

Changed

  • Zero-host and pin/route-mismatch scans now return self-explaining notices, and
    app-to-agent dispatch failures are classified by layer (DNS/TCP/TLS/HTTP) — for
    example, a missing agent container reports "container not running" instead of a
    raw lookup scanner-agent … no such host (ADR 0027).

Fixed

  • A macvlan scanner agent no longer silently returns zero hosts when scanning a
    routed subnet (ADR 0027).
  • A scan schedule saved with a configuration the agent rejects at dispatch (e.g. a
    mistyped CIDR) no longer fails silently on every tick; it is caught at save time
    and its last-run outcome is surfaced on the schedules page (ADR 0028).

Light IPAM v1.0.0

Choose a tag to compare

@devSealWare devSealWare released this 24 Jun 02:29
f2e7295

1.0.0 - 2026-06-23

First stable release. Light IPAM is a lightweight IP address management system with
a clean web UI and optional, tightly-scoped active network discovery. The web app
runs unprivileged (zero Linux capabilities); all privileged scanning is isolated to a
separate, optional scanner agent.

Manual IPAM

  • First-admin bootstrap, local login/logout, Argon2id password hashing, sessions, and
    CSRF protection with strict security headers.
  • Subnet CRUD with global overlap/containment blocking and optional VLAN metadata.
  • Sparse IPv4 address records (/31 and /32 supported), device CRUD, and MAC
    tracking with private/rotating-MAC detection and best-effort OUI vendor lookup.
  • Devices grouped by subnet, global search across subnets/addresses/devices/MACs, and
    per-table selectable columns.
  • Tags and operator-defined custom fields (text) on subnets, addresses, and devices.
  • Multi-select bulk edit (status/VLAN/tag/clear-device/delete) and CSV import/export
    with a validated dry-run preview and all-or-nothing apply, plus a NetBox-compatible
    CSV format.
  • Immutable, append-only audit log with UI filters.

Identity, access & operations

  • Login throttling and account lockout, idle and absolute session timeouts, and a
    per-session origin record with active-session review and "log out everywhere".
  • Admin and read-only roles with central authorization.
  • TOTP multi-factor authentication with recovery codes.
  • OIDC single sign-on (authorization code + PKCE).
  • Encrypted secrets at rest (AES-256-GCM).
  • pg_dump-based backup and restore.
  • An app-managed certificate authority that issues and rotates short-lived agent mTLS
    certificates, which the agent hot-reloads.
  • A tabbed Settings page (Security, Users & Roles, Authentication, Agent certificates,
    Backup & Restore, Custom fields, Policy, Notifications) with policy editable at
    runtime, plus a per-user account page.

Network discovery (optional scanner agent)

  • Isolated scanner agent communicating with the app over mTLS, with an allowlist of
    permitted scan scopes and an immutable scan audit trail.
  • nmap-backed host discovery and service/OS detection, run in staged passes with
    dynamic per-type timeouts. NET_RAW is granted to the agent only.
  • Unprivileged SNMP discovery: ARP-table harvesting, device inventory with 802.1Q
    VLAN and interface mapping, and LLDP/CDP neighbor harvesting.
  • Unprivileged NetBIOS/mDNS name resolution, DNS forward/reverse enrichment, and DHCP
    lease-file ingestion.
  • A combined scan that runs every backend and enriches the hosts nmap discovers,
    merging findings per host.
  • A discovery review queue with conflict-aware reconciliation, per-agent auto-import,
    and a structured per-host scan-result detail view.
  • Subnet auto-create on import and an "Import all" action for the pending,
    non-conflicting discovery queue.
  • Manual and scheduled scans, with optional time-of-day/weekday scan windows in the
    schedule's own timezone.

Automation & integration

  • Policy / health checks: a read-only view flagging overlapping subnets, stale managed
    records, and unmanaged/conflicting discovered services.
  • Change webhooks: HMAC-signed JSON notifications fanned out from the audit log to
    subscribed endpoints.
  • Token-authenticated JSON API under /api/v1 for subnets, addresses, and devices.
  • lightipam-cli, a stdlib-only command-line client for the API.

Deployment

  • Docker Compose deployment with separate app, scanner-agent, and db images.
  • /healthz liveness and /readyz readiness probes; the build version is stamped
    into the binaries and reported on /healthz, in the startup log, and via
    --version.