Releases: firezone/firezone
Releases · firezone/firezone
1.0.3
✨ Features
- feat(blog): How DNS works in Firezone @jamilbk (#4828)
- feat(connlib): traffic filtering @conectado (#4779)
🐛 Bug Fixes
- fix(portal): Ensure site can be changed when multi-site is false @jamilbk (#4915)
- fix(connlib): add_resource multiple times with same resource id @conectado (#4914)
- fix(connlib): filters for resoruces with multiple ips @conectado (#4911)
- fix(connlib): resource filter deserialization @conectado (#4910)
- fix(Android): add alert dialog for errors in auth flow @jasonboukheir (#4835)
- Fix: Exclude legacy docs from kb search and vice versa @mdp (#4833)
🧰 Maintenance
- chore(website): add user count to feature cards @jamilbk (#4923)
- chore: fix blog typo @jamilbk (#4920)
- fix(website): Add z-40 to fix sidebar layering @jamilbk (#4909)
- chore(connlib): pass to client new fields @conectado (#4900)
- chore(website): Hide banner @jamilbk (#4902)
- ci(gui-client/linux): publish deb package in the release @ReactorScram (#4876)
- chore(docker): local dev docker-compose @conectado (#4748)
- ci(windows): fix unused deps static analysis @ReactorScram (#4898)
- chore(gui-client/linux): fix single-instance @ReactorScram (#4890)
- chore(gui-client/linux): fix group name,
firezone
should befirezone-client
@ReactorScram (#4889) - ci: Disable android UI tests due to timeouts / flakiness @jamilbk (#4891)
- chore(connlib): remove unused parking_lot @conectado (#4886)
- test(android): Only run tests for x86_64 android @jamilbk (#4870)
- chore(gui-client/linux): export all logs, not just app logs @ReactorScram (#4830)
- chore(gui-client/linux): show an error if the user doesn't belong to the
firezone
group @ReactorScram (#4822) - chore(gui-client/linux): add smoke test checklist @ReactorScram (#4882)
- chore(gui-client/linux): fix deep links on Ubuntu 22.04 @ReactorScram (#4881)
- chore(gui-client/linux): add install script and change group to
firezone-client
@ReactorScram (#4879) - chore(gui-client/linux): poll for DNS changes every 5 seconds @ReactorScram (#4875)
- chore(gui-client): cleanup @ReactorScram (#4836)
- chore(linux-client): make headless client / IPC service logs group-readable @ReactorScram (#4825)
- chore(firezone-tunnel): Remove unused
SIOCGIFMTU
in tun_android @jamilbk (#4869) - chore(deps): Bump flowbite-react @jamilbk (#4864)
- chore(deps): bump browser tests @jamilbk (#4865)
- chore(deps): Add hilt-testing to dependabot group @jamilbk (#4861)
- chore(ci): bump versions @jamilbk (#4840)
- build(deps): Bump libc from 0.2.153 to 0.2.154 in /rust @dependabot (#4894)
- refactor(portal): Remove Permit all and grey out form when traffic filters disabled @jamilbk (#4887)
- build(deps): Bump reqwest from 0.12.2 to 0.12.4 in /rust @dependabot (#4895)
- build(deps): Bump socket2 from 0.5.6 to 0.5.7 in /rust @dependabot (#4863)
- build(deps): Bump hashicorp/tfc-workflows-github from 1.2.0 to 1.3.0 @dependabot (#4841)
- build(deps): Bump anyhow from 1.0.81 to 1.0.82 in /rust @dependabot (#4810)
- build(deps): Bump @tauri-apps/cli from 1.5.11 to 1.5.12 in /rust/gui-client @dependabot (#4846)
- build(deps): Bump @tauri-apps/api from 1.5.3 to 1.5.4 in /rust/gui-client @dependabot (#4847)
- refactor(infra): Install gateways without using Docker @AndrewDryga (#4839)
- build(deps): Bump swift-bridge from 0.1.53 to 0.1.55 in /rust @dependabot (#4862)
- build(deps): Bump puppeteer from 22.6.4 to 22.7.1 in /scripts/tests/browser @dependabot (#4866)
- build(deps): Bump @next/mdx from 14.1.4 to 14.2.3 in /website @dependabot (#4867)
- build(deps-dev): Bump typescript from 5.4.2 to 5.4.5 in /website @dependabot (#4868)
- build(deps-dev): Bump typescript from 5.4.3 to 5.4.5 in /rust/gui-client @dependabot (#4844)
- build(deps): Bump com.google.dagger:hilt-android-testing from 2.51 to 2.51.1 in /kotlin/android @dependabot (#4858)
- refactor(gui-client/linux): use the same systemd service file in CI as in production @ReactorScram (#4832)
- build(deps): Bump gradle/wrapper-validation-action from 2 to 3 @dependabot (#4843)
- build(deps): Bump @fontsource/source-sans-3 from 5.0.19 to 5.0.20 in /elixir/apps/web/assets @dependabot (#4848)
- build(deps): Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 @dependabot (#4842)
- build(deps): Bump asciinema-player from 3.7.0 to 3.7.1 in /website @dependabot (#4849)
- build(deps-dev): Bump @types/node from 20.12.2 to 20.12.7 in /rust/gui-client @dependabot (#4845)
- build(deps): Bump mixpanel-browser from 2.49.0 to 2.50.0 in /website @dependabot (#4850)
- build(deps): Bump react-icons from 5.0.1 to 5.2.0 in /website @dependabot (#4852)
- build(deps): Bump @types/node from 20.11.25 to 20.12.7 in /website @dependabot (#4853)
- build(deps): Bump com.google.firebase:firebase-bom from 32.8.0 to 32.8.1 in /kotlin/android @dependabot (#4856)
- build(deps): Bump org.mozilla.rust-android-gradle.rust-android from 0.9.3 to 0.9.4 in /kotlin/android @dependabot (#4857)
📝 Documentation
1.0.2
This release reverts a change that could cause connectivity issues seen by some users.
Maintenance
- test(android): add instrumentation test github action @jasonboukheir (#4178)
- chore(gui-client/linux): have systemd direct our connlib logs to
/var/log/dev.firezone.client
@ReactorScram (#4823) - chore(website): Bump versions @jamilbk (#4821)
🐛 Bug Fixes
- revert: "fix(snownet): don't nominate discarded candidates" @jamilbk (#4838)
- fix(connlib): remove ice candidate on invalidate candidate message @conectado (#4837)
1.0.1
✨ Features
- feat(portal): Allow creating resources from Resources page @AndrewDryga (#4775)
- feat(portal): Add legal_name field to accounts and sync it with new stripe metadata key @AndrewDryga (#4771)
🐛 Bug Fixes
- fix(windows-client): package name should be "Firezone" not "firezone-client-gui" @ReactorScram (#4814)
- fix(snownet): don't nominate discarded candidates @thomaseizinger (#4806)
- fix(portal): Update site deletion modal message @bmanifold (#4795)
- fix(gateway): Fix conditional used to check for upgrades @jamilbk (#4796)
- fix(portal): Fix traffic filtering to send port-less rules @AndrewDryga (#4778)
- fix(headless-client): clean up and exit gracefully when
on_disconnect
called @ReactorScram (#4785) - fix(windows-client): allow sign out while connlib is raising the tunnel @ReactorScram (#4766)
- fix(website): fix linux client link @jamilbk (#4774)
🧰 Maintenance
- chore(gui-client): use new download links @ReactorScram (#4754)
- chore(gui-client/linux): fix notifications @ReactorScram (#4803)
- revert(android): revert to unpublished version @jamilbk (#4807)
- chore(gui-client/linux): fix DNS @ReactorScram (#4802)
- perf: increase UDP send rate for performance test @jamilbk (#4793)
- chore(connlib): make peer pure by taking utc time from parameters @conectado (#4773)
- chore(gui-client): enable keyring for Linux @ReactorScram (#4799)
- chore(devops): Add client monitor VM @bmanifold (#4794)
- chore(gui-client): proof of concept for process splitting @ReactorScram (#4788)
- chore(website): Update intro video @jamilbk (#4786)
- chore(gateway): Handle edge cases where gateway binary couldn't be downloaded @jamilbk (#4783)
- ci: use consistent binary dest path naming @jamilbk (#4772)
- ci: Bump versions and fix release overwrites @jamilbk (#4769)
- ci: bootstrap browser test harness if missing @jamilbk (#4767)
- Fix: Correct typo in Terraform links @mdp (#4768)
- build(deps): Bump tracing-panic from 0.1.1 to 0.1.2 in /rust @dependabot (#4811)
- build(deps): Bump tauri from 1.6.1 to 1.6.2 in /rust @dependabot (#4809)
- refactor(linux-client): package systemd unit for IPC service @ReactorScram (#4752)
- refactor: Remove multiqueue flag for tun on Linux @jamilbk (#4798)
- build(deps): Bump serde_json from 1.0.115 to 1.0.116 in /rust @dependabot (#4731)
- build(deps): Bump async-trait from 0.1.79 to 0.1.80 in /rust @dependabot (#4732)
- refactor(linux-client): remove FIREZONE_ID from example systemd file @ReactorScram (#4714)
- refactor: Make published artifact names consistent and use permalinks @ReactorScram (#4746)
📝 Documentation
1.0.0
✨ Features
- fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
- feat(website): Add battlecard to landing page @jamilbk (#4744)
- feat(connlib): smoothly migrate relayed connections @thomaseizinger (#4568)
- docs: Add common use cases @jamilbk (#4677)
- feat(docs): Add Cloudflare WARP known incompatibility issue @jamilbk (#4704)
- feat(portal): Broadcast relays presence to gateways and add invalidate_ice_candidates messages @AndrewDryga (#4685)
- ci: Only build debug images for
linux/amd64
@jamilbk (#4612) - ci: Enable client compatibility tests @jamilbk (#4610)
🐛 Bug Fixes
- fix(linux-client): forbid passing the token as a CLI arg @ReactorScram (#4683)
- fix(snownet): invalidate host candidates on reconnect @thomaseizinger (#4755)
- fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
- fix(portal): Hide API clients sidebar link in UI when feature disabled @bmanifold (#4747)
- fix(relay): clear channel bindings when allocation is deleted @thomaseizinger (#4705)
- fix(portal): Fix bug with preset values in policies dropdowns @AndrewDryga (#4693)
- fix(website): Add missing sidebar link @jamilbk (#4676)
- fix(linux-client): don't show the token in
--help
@ReactorScram (#4654) - fix(website): Fix broken links @jamilbk (#4645)
- fix(apple): Append to Swift logfile instead of overwriting each time @jamilbk (#4633)
- fix(windows-client): remove spurious "Connected to Firezone" notifications @ReactorScram (#4603)
- fix(windows): patch some DNS leaks @ReactorScram (#4530)
- fix(portal): remove typo in manual command var @jamilbk (#4614)
- fix(ci): Override release_drafter commitish since we run on PRs now @jamilbk (#4608)
- fix(ci): autolabeler to fix changelog drafting @jamilbk (#4591)
🧰 Maintenance
- chore(connlib): forward panics containing an owned string @thomaseizinger (#4760)
- chore: remove test lib bash sourcing from customer-run scripts @jamilbk (#4753)
- chore(snownet): free memory of allocation without valid credentials @thomaseizinger (#4720)
- chore(ip-packet): address PR feedback @thomaseizinger (#4721)
- revert: Revert removal of GitHub link in the navbar @jamilbk (#4734)
- chore(website): revert split-horizon DNS terming @jamilbk (#4703)
- ci: Don't run browser tests on release images @jamilbk (#4722)
- test(client): add reconnection tests from a client using a headless browser @conectado (#4569)
- chore(snownet): don't update remote socket from WG activity @thomaseizinger (#4615)
- chore(website): Publish macOS client @jamilbk (#4719)
- chore(docs): Update sizing recs for Gateways @jamilbk (#4708)
- chore(website): Use sales / sign up for CTA in navbar @jamilbk (#4711)
- chore(linux-client): allow custom token path @ReactorScram (#4666)
- chore: extract common
ip-packet
crate @thomaseizinger (#4702) - ci: remove setting of unused env variable @thomaseizinger (#4710)
- chore(relay): restore request metadata for control messages @thomaseizinger (#4699)
- chore(relay): log all failed requests on warn @thomaseizinger (#4700)
- chore(connlib): remove MTU refreshing @thomaseizinger (#4698)
- test(linux-client): move linux-group test out of integration tests @ReactorScram (#4692)
- chore(snownet): assert that we can send ICMP packets through the tunnel @thomaseizinger (#4675)
- test(connlib): assert connection intents using property-based state machine test @thomaseizinger (#4597)
- ci: run assertions inside docker container @thomaseizinger (#4680)
- ci(fix): replace more invalid ref chars @jamilbk (#4687)
- test(linux-client): disable failing test @ReactorScram (#4689)
- chore(docs): fix FAQ link to architecture @jamilbk (#4684)
- test(linux-client): fix linux-group integration test @ReactorScram (#4671)
- chore(phoenix-channel): don't log message on deserialisation error @thomaseizinger (#4673)
- chore(relay): parse
init
message @thomaseizinger (#4672) - chore(linux-client): print resources with
tracing::debug
@ReactorScram (#4658) - test(linux-client): temporarily disable failing linux-group integration test @ReactorScram (#4670)
- chore(connlib): add unit test for deserializing
broadcast_ice_candidates
@thomaseizinger (#4646) - chore(linux): only allow IPC connections from members of the
firezone
group @ReactorScram (#4628) - test(linux-client): check if we can add the user to a group in a CI test @ReactorScram (#4600)
- chore(docs): formalize the rule for logging sensitive info @ReactorScram (#4663)
- chore(linux): ask systemd to limit our privileges @ReactorScram (#4630)
- chore(docs): Recommend 3 gateways @jamilbk (#4649)
- chore(website): update wireguard impl @jamilbk (#4648)
- chore(rust): fix local docker development @conectado (#4642)
- chore(ci): build docker dev images with
main
@jamilbk (#4643) - chore(ci): Use netstat instead of ss for release image tests @jamilbk (#4640)
- chore(devops): Fix GH overriding main branch statuses @AndrewDryga (#4639)
- chore(portal): Add one more test for relays lb @AndrewDryga (#4638)
- chore(portal): Change name and structure of relays presence event @AndrewDryga (#4623)
- chore(ci): .env not available in
with
shared workflow context @jamilbk (#4631) - ci: Add tag name to build-dev-images @jamilbk (#4629)
- chore(connlib): upsert relays from "init" message @thomaseizinger (#4567)
- test(linux-client): separate the token from the systemd unit file @ReactorScram (#4626)
- refactor(perf-tests): add prefixes 'base' and 'head' @ReactorScram (#4598)
- test(integration): remove redundant
integration-test-
prefix @ReactorScram (#4601) - feat(portal): Broadcast relays presence updates to the client and return them in init @AndrewDryga (#4596)
- docs(client): how to read logs with jq @ReactorScram (#4599)
- chore(relay): perform graceful shutdown upon receiving SIGTERM @thomaseizinger (#4552)
- chore(relay): connect to portal in the background during startup @thomaseizinger (#4594)
- chore(snownet): add unit-test for roaming networks @thomaseizinger (#4585)
- chore(portal): Try new LoggerJSON implementation @AndrewDryga (#4595)
- ci: reduce duplication in integration tests @thomaseizinger (#4583)
- chore(clients): Bump Apple to 1.0.2; Android 1.0.1 @jamilbk (#4590)
- fix(website): Add metadatas for site links to generate @jamilbk (#4593)
- build(deps): Bump rustls from 0.22.3 to 0.22.4 in /rust in the cargo group @dependabot (#4715)
- build(deps): Bump time from 0.3.34 to 0.3.36 in /rust @dependabot (#4730)
- refactor(connlib): remove
PacketTransform
abstraction @thomaseizinger (#4709) - refactor(docs): Refactor KbSideBar to more accurately reflect content @jamilbk (#4712)
- build(deps): Bump either from 1.10.0 to 1.11.0 in /rust @dependabot (#4621)
- refactor(portal): Allow concurrent updates to synced actor/actor identities during sync @AndrewDryga (#4409)
- refactor(linux-client): rename
daemon
subcommand toipc-service
@ReactorScram (#4656) - refactor(portal): Refactor client login to use HTML meta refresh and cookie @bmanifold (#4617)
- refactor(test): use 'set -euox' instead of manual echos @ReactorScram (#4637)
- build(deps): Bump redis from 0.25.2 to 0.25.3 in /rust @dependabot (#4622)
- refactor(apple): Don't log error if calling stop on stopped tunnel @jamilbk (#4632)
- refactor: Discord -> Slack @jamilbk (#4616)
- refactor(headless-client): change CLI args for the IPC daemon @ReactorScram (#4604)
- build(deps): Bump hostname from 0.3.1 to 0.4.0 in /rust @dependabot (#4620)
- refactor(headless-client): use Tokio codec instead of hand-rolled length-delimited codec @ReactorScram (#4606)
- build(deps): Bump the windows group in /rust with 2 updates @dependabot (#4619)
📝 Documentation
1.0.0-pre.14
Features
- feat(docs): Add link to Terraform examples @jamilbk (#4508)
- feat(docs): Show page last updated at for each doc page @jamilbk (#4587)
- feat(website): GA updates @jamilbk (#3988)
- feat(portal): Allow completely deleting accounts @AndrewDryga (#4557)
🧰 Maintenance
- build(deps): Bump h2 from 0.3.25 to 0.3.26 in /rust @dependabot (#4525)
- build(deps): Bump quinn-udp from
a2a214b
tocc0d2e9
in /rust @dependabot (#4540) - build(deps): Bump swift-bridge from 0.1.52 to 0.1.53 in /rust @dependabot (#4541)
- build(deps): Bump swift-bridge-build from 0.1.52 to 0.1.53 in /rust @dependabot (#4434)
- build(deps): Bump reqwest from 0.12.1 to 0.12.2 in /rust @dependabot (#4436)
- build(deps): Bump chrono from 0.4.35 to 0.4.37 in /rust @dependabot (#4432)
- style(docs): Use simple <pre> for monospace blocks @jamilbk (#4582)
- chore(snownet): capture emitted events in test harness @thomaseizinger (#4584)
- chore(ci): Allow versioning components separately @jamilbk (#4493)
- test(ci): Remove e2e false start @jamilbk (#4580)
- refactor(connlib): add property-based tests for adding and removing of resources @thomaseizinger (#4503)
- refactor(docs): Docs polish iteration, add DoH known issue @jamilbk (#4579)
- refactor(linux-client): replace
client-tunnel
withheadless-client
which is the same thing @ReactorScram (#4516) - chore(snownet): add unit-test for relayed connection @thomaseizinger (#4570)
- chore(website): Add more feature popovers to pricing page and "Customize account slug" feature @jamilbk (#4574)
- chore(portal): Send metrics to Google Cloud Monitoring @AndrewDryga (#4564)
- chore(windows): bump Rust to handle CVE-2024-24576 @ReactorScram (#4576)
- chore(client-tunnel): hook up placeholder IPC server for Linux @ReactorScram (#4465)
- chore(portal): normal weight for helptext @jamilbk (#4572)
- chore(connlib): fix test deps for 'connlib-client-shared' @ReactorScram (#4518)
- chore(gateway): remove unused derives and messages @thomaseizinger (#4563)
- chore(ci): Configure relay with new IP on restart tests @jamilbk (#4571)
- build(deps): switch to released
tracing-stackdriver
@thomaseizinger (#4547) - build(deps): bump str0m dependency @thomaseizinger (#4555)
- chore(website): april update @jamilbk (#4565)
- refactor(snownet): remove allow-list of STUN and TURN servers @thomaseizinger (#4551)
- chore(relay): fail health-check with 400 on being partitioned for > 15min @thomaseizinger (#4553)
- chore(snownet): add required feature to dev-dependency @thomaseizinger (#4536)
- chore(connlib): remove stale code @thomaseizinger (#4562)
- chore(portal): Show support options on the billing page and remove features table @AndrewDryga (#4559)
- fix(portal): Show count of returned records instead of page size @AndrewDryga (#4558)
- chore(rust): activate more lints for redundant code @thomaseizinger (#4492)
- feat(portal): Add API Client UI @bmanifold (#4023)
- chore(relay): remove stale arg @thomaseizinger (#4554)
- ci: assert that nothing busy loops after the perf tests @thomaseizinger (#4546)
- refactor(portal): Update actor group selection in portal @bmanifold (#4467)
- refactor(relay): favor
Instant
overSystemTime
@thomaseizinger (#4468) - chore: document DNS stub functions @ReactorScram (#4526)
- fix(snownet): invalidate allocation on invalid credentials @thomaseizinger (#4537)
- chore(website): Clarify billing cycle a bit more @jamilbk (#4544)
- chore(portal): Fix flaky tests @AndrewDryga (#4543)
- fix(website): fix billing FAQ for Team plan @jamilbk (#4542)
- chore(rust): enforce no wildcard matching @thomaseizinger (#4491)
- chore(nix): add Rust nightly dev-shell and
cargo-udeps
@thomaseizinger (#4474) - chore(ci): Add portal and relay downtime DNS resource tests @jamilbk (#4517)
- fix(portal): Ship hotfixes for various crash reports discovered in logs @AndrewDryga (#4538)
- chore(docs): Add Team plan badge to appropriate docs pages @jamilbk (#4533)
- chore(docs): macOS test flight link @jamilbk (#4534)
- chore(portal): Save MAU billing for a future feature update @jamilbk (#4414)
- chore(portal): Add Sign in from sign up form @jamilbk (#4529)
- docs: Mention signup in README and clarify self-hosting @jamilbk (#4528)
- chore(website): Use 'User' not 'Seat' when referring to pricing @jamilbk (#4524)
- chore(portal): Add users limit and use it as default limit for accounts @AndrewDryga (#4527)
- chore(devops): Change relay log level to match prod @jamilbk (#4520)
- chore(ci): Use target-specific cache when cross building @jamilbk (#4519)
- refactor(relay): remove heap-allocations from hotpath @thomaseizinger (#4457)
- chore(ci): scope cache by arch too @jamilbk (#4512)
- chore(ci): Scope GH rust cache per os type @jamilbk (#4504)
- chore(connlib): remove stale callback @thomaseizinger (#4501)
- refactor(apple): Collapse SwiftUI codepaths across platforms and remove dead code @jamilbk (#4417)
🔐 Security
1.0.0-pre.13
- fix(relay): don't busy-loop on
poll_timeout
@thomaseizinger (#4497) - fix(relay): always
continue
after ready events @thomaseizinger (#4494) - fix(relay): only unbind a channel if it is actually bound @thomaseizinger (#4495)
- fix(gateway): don't erroneously suspend eventloop @thomaseizinger (#4486)
1.0.0-pre.12
- chore(connlib): remove
Mutex
from windows TUN device @thomaseizinger (#4472) - chore(rust): remove unused dependencies @thomaseizinger (#4475)
- chore(rust): lint against redundant
async
@thomaseizinger (#4466) - fix(gateway): Publish all platforms for Gateway, not just
amd64
@jamilbk (#4459) - refactor(relay): replace
Command::Wake
withpoll_timeout
@thomaseizinger (#4455) - refactor(relay): reduce allocations during relaying @thomaseizinger (#4453)
- test(gui-client): unit test for Linux IPC @ReactorScram (#4277)
- refactor(linux-client): extract all code to
firezone-client-tunnel
@ReactorScram (#4448) - chore(portal): Send alert notifications to mobile channels @AndrewDryga (#4463)
- chore(portal): Fix flaky test @AndrewDryga (#4454)
- fix(docs): fix broken link to service accounts @jamilbk (#4456)
- chore(portal): Enable CDN and WAF @AndrewDryga (#4450)
- chore(relay): reduce instrumentation overhead @thomaseizinger (#4426)
- chore(relay): make profiling in release build possible @thomaseizinger (#4441)
- chore(relay): remove per-packet logs on debug level @thomaseizinger (#4439)
- chore(relay): apply log
target
consistently @thomaseizinger (#4440) - chore(deps): Don't create duplicate dependabot groups @jamilbk (#4443)
- chore(gui-client): support cargo-mutants @ReactorScram (#4387)
- feat(website): Add team plan @jamilbk (#4416)
- fix(portal): Correct Edit account page title and label @jamilbk (#4412)
- fix(gateway): Fix systemd gateway install script @jamilbk (#4407)
- build(rust): Use Rust base image and bump to 1.77 @jamilbk (#4401)
- build(apple): Strip unused symbols from apple lib @jamilbk (#4404)
- build(connlib): Enable lto for release profile @jamilbk (#4398)
- fix(portal): Persist first user email to Stripe during account sign up @AndrewDryga (#4408)
- feat(android): UI notification for reauth @jasonboukheir (#3621)
- chore(portal): Increase page size to maximum when using MS Graph API @AndrewDryga (#4399)
- chore(apple): Add PrivacyManifest @jamilbk (#4400)
- chore(connlib): Remove atomicwrites and tokio::fs from apple compile path @jamilbk (#4395)
- refactor(portal): Move actor groups to own table in actor show page @bmanifold (#4392)
- fix(portal): Reuse code across sync jobs, only lock one row per job and fetch data asynchronously @AndrewDryga (#4396)
- chore(portal): Add billing.firezone.dev Stripe checkout domains @jamilbk (#4389)
- fix(connlib): Don't roll log files @jamilbk (#4390)
- Create everyone group on account sign up @AndrewDryga (#4388)
🧰 Maintenance
- refactor(gui-client): insert abstraction layer to put connlib behind IPC @ReactorScram (#4460)
- build(deps): Bump serde_json from 1.0.114 to 1.0.115 in /rust @dependabot (#4435)
- build(deps): Bump clap from 4.5.3 to 4.5.4 in /rust @dependabot (#4433)
- refactor(ci): move DNS control method up to docker-compose.yml @ReactorScram (#4341)
- build(deps): Bump flowbite-react from 0.7.2 to 0.7.8 in /website @dependabot (#4447)
- build(deps-dev): Bump tailwindcss from 3.4.1 to 3.4.3 in /rust/gui-client @dependabot (#4419)
- build(deps): Bump @types/react from 18.2.64 to 18.2.73 in /website @dependabot (#4431)
- build(deps): Bump @types/react-dom from 18.2.21 to 18.2.23 in /website @dependabot (#4428)
- build(deps): Bump @next/mdx from 14.1.3 to 14.1.4 in /website @dependabot (#4429)
- build(deps): Bump tailwindcss from 3.4.1 to 3.4.3 in /website @dependabot (#4430)
- build(deps-dev): Bump @types/node from 20.11.25 to 20.12.2 in /rust/gui-client @dependabot (#4418)
- build(deps-dev): Bump typescript from 5.4.2 to 5.4.3 in /rust/gui-client @dependabot (#4420)
- build(deps): Bump the retrofit group in /kotlin/android with 2 updates @dependabot (#4445)
- build(deps): Bump com.google.firebase:firebase-bom from 32.7.4 to 32.8.0 in /kotlin/android @dependabot (#4446)
- build(deps): Bump the hilt group in /kotlin/android with 3 updates @dependabot (#4444)
1.0.0-pre.11
- fix(portal): Serve static files with digests at root @AndrewDryga (#4386)
- fix(porta): Greatly improve HTTP 500 error page @AndrewDryga (#4382)
- fix(portal): Do not redact userpass virtual state (its a virtual field anyway) @AndrewDryga (#4370)
- fix(portal): Filter group actors by group id @AndrewDryga (#4369)
- fix(Windows client): fix "Tauri error" to "Firezone is already running" @ReactorScram (#4364)- feat(connlib): react to config updates @conectado (#4322)- fix(apple client): sign in crash, closes #4350 @ReactorScram (#4353)
- fix(portal): Fix bug in actor edit page preventing updates @bmanifold (#4347)
- fix(portal): Allow deleting synced actors after all identities are removed @AndrewDryga (#4346)
- fix(portal): Fix pagination issues with flows and activities, improve error handling around live tables @AndrewDryga (#4330)- fix(apple): sync tunnel configuration after saving @jamilbk (#4338)
- fix(connlib): only update the interface when setting dns if the effective dns changed @conectado (#4327)- fix(apple): Use keychain from the tunnel process *only* @jamilbk (#4335)
- fix(apple): Avoid getting stuck at the "load resources" view @jamilbk (#4336)
- fix(apple): Debounce sign in button @jamilbk (#4334)
- feat(apple): Handle network changes reliably on macOS and iOS @jamilbk (#4133)
- feat(phoenix-channel): fail on missing heartbeat after 5s @thomaseizinger (#4296)- fix(phoenix-channel): re-queue message upon send failure @thomaseizinger (#4294)- fix(portal): Fix online status on clients page @AndrewDryga (#4307)- fix(connlib): use quinn fork for quinn to work on ios @conectado (#4279)
- fix(gateway): answer with empty list of addresses on DNS resolution failure @thomaseizinger (#4266)- feat(portal): Add styled errors pages (404, 422, 500) @bmanifold (#4231)
- feat(android): changing managed config restarts TunnelService @jasonboukheir (#4181)
- feat(snownet): minimize delay when roaming @thomaseizinger (#4246)- feat(android): use device serial for
deviceName
@jasonboukheir (#4180) - fix(phoenix-channel): queue
join
message before others @thomaseizinger (#4242) - feat(android): detect network and dns changes and send them to connlib @conectado (#4163)
- feat(portal): Sync accounts between stripe and portal @AndrewDryga (#4173)- fix(portal): Fix various issues with presence-triggered table reloads @AndrewDryga (#4228)
- fix(connlib): remove outdated assertion due to possibility of network changes @conectado (#4222)- feat(portal): Track protocol in activities @AndrewDryga (#4215)
- feat(gui-client): Tauri welcome screen @ReactorScram (#4013)
- feat(connlib): reduce packet drops @thomaseizinger (#4168)
- fix(connlib): exclude sentinel dns range for resources ips @conectado (#4200)
- feat(portal): Add sign up override in portal @bmanifold (#3739)- feat(portal): Filtering, Fulltext Search, Pagination, Preloads @AndrewDryga (#3751)- feat(connlib): introduce
Session::reconnect
@thomaseizinger (#4116) - feat(snownet): introduce
connection
span to capturestr0m
andboringtun
logs @thomaseizinger (#4144) - fix(android): send Cidr format instead of IpNetwork format @conectado (#4134)- fix(android): spawn dedicated thread for connlib @thomaseizinger (#4145)
- fix(apple): spawn new thread for runtime to prevent it from being taken down @conectado (#4141)
- feat(gateway): add HTTP health check @thomaseizinger (#4120)
- feat(connlib): reduce stack size usage @thomaseizinger (#3958)- fix(portal): Increase group name max length @AndrewDryga (#4128)
- feat(linux): make deep link auth work @ReactorScram (#4102)
- Fix typo in _deploy_production.yml @jamilbk (#4113)- feat(docs): Example Gateway terraform module for GCP @jamilbk (#4011)- fix(relay): actually expire channels which allows re-binding them @thomaseizinger (#4094)
- feat(relay): improve logs for expiry and deletion of channel bindings @thomaseizinger (#4089)- fix(portal): Prevent invalid characters when entering account slug at sign in @AndrewDryga (#3917)
- fix(connlib): ignore certain multicast addresses @thomaseizinger (#4062)
- feat(snownet): log duration since intent after WG handshake completes @thomaseizinger (#3991)- feat(connlib): decrease connection setup latency @thomaseizinger (#4022)
- feat(snownet): timeout connections if we don't receive a candidate within 10s @thomaseizinger (#3790)
- feat(linux-client): generate firezone-id (device ID) automatically if it's not provided at launch @ReactorScram (#3920)
- fix(apple): Ignore expired login status @roop (#4052)
- feat(apple): In resources list, tapping on a list item shows a 'Copy Address' menu @roop (#4050)
- fix(apple): Align fields in Advanced Settings @roop (#4025)
- fix: let Tauri know about hiDPI icons @ReactorScram (#4039)
- fix(portal): Fix broken link to DNS docs @jamilbk (#4036)
- feat(snownet): always force a handshake when we change the socket @thomaseizinger (#3985)
- feat(apple): UI notification for reauth @roop (#3684)
- feat(windows): code sign Windows client @jamilbk (#3891)
- fix(ipad): Allow NavigationView to occupy entire screen @jamilbk (#3908)
- fix(android): Handle empty strings for allowed and disallowed VPN apps @jamilbk (#3918)
- fix(android): Fix crash on start due to Hilt 2.51 @jamilbk (#3916)
- fix: use
atomicwrites
to back up/etc/resolv.conf
more robustly @ReactorScram (#3828) - feat(linux-client): load token from
/etc/dev.firezone.client
... @ReactorScram (#4328) - feat(windows): listen for DNS change events @ReactorScram (#4198)
1.0.0-pre.10
New features
- feat(phoenix-channel): remove concept of "inbound requests" @thomaseizinger (#3831)
- feat(phoenix-channel): support the
wire
log target @thomaseizinger (#3832) - feat(phoenix-channel): log host as part of connection @thomaseizinger (#3836)
- feat(website): March Product Update @jamilbk (#3886)
- feat(snownet): set wireguard keep-alive @thomaseizinger (#3829)
- feat(website): add product download links to footer @jamilbk (#3820)
- refactor(docs): Clarify initial docs sync @jamilbk (#3819)
- feat(snownet): print some basic stats for STUN overhead @thomaseizinger (#3806)
- feat(gui-client): make all modules Linux-friendly @ReactorScram (#3737)
🐛 Bug Fixes
- fix(ci): Fix Android dependabot groups @jamilbk (#3869)
- fix(phoenix-channel): don't double join room @thomaseizinger (#3833)
- fix(docs): Add DNS docs for Linux @jamilbk (#3810)
- fix(portal): Fix IdP syncs @AndrewDryga (#3816)
- fix(portal): Use local image for logo path @jamilbk (#3814)
- fix(dependencies): Catch groups that dependabot missed @jamilbk (#3883)
- fix(website): Manually fix issues with new NodeJS libs @jamilbk (#3885)
- fix(phoenix-channel): retain order of messages to be sent to the portal @thomaseizinger (#3834)
- fix(ci): Publish images even for hotfixes @jamilbk (#3897)
- fix(website): Fix typos, clarify connection benefits mar 2024 blogpost @jamilbk (#3894)
- fix(tauri clients): apply auth base URL and API URL settings without app restart @ReactorScram (#3868)
🧰 Maintenance
- refactor: Reduce log levels for production releases to avoid filling customer's… @jamilbk (#3899)
- chore: Revert "fix(ci): Publish images even for hotfixes" @jamilbk (#3898)
- build(deps-dev): Bump floki from 0.35.3 to 0.35.4 in /elixir @dependabot (#3842)
- build(deps): Bump tempfile from 3.10.0 to 3.10.1 in /rust @dependabot (#3878)
- build(deps): Bump tauri from 1.6.0 to 1.6.1 in /rust @dependabot (#3881)
- build(deps): Bump walkdir from 2.4.0 to 2.5.0 in /rust @dependabot (#3882)
- refactor(linux): make a place for reverting
/etc/resolv.conf
@ReactorScram (#3822) - build(deps): Bump next-hubspot from 1.2.0 to 1.3.0 in /website @dependabot (#3875)
- build(deps): Bump fast-xml-parser from 4.3.3 to 4.3.5 in /website @dependabot (#3876)
- build(deps): Bump @types/node from 20.11.0 to 20.11.24 in /website @dependabot (#3877)
- build(deps): Bump lycheeverse/lychee-action from 1.9.0 to 1.9.3 @dependabot (#3850)
- build(deps): Bump asciinema-player from 3.6.3 to 3.7.0 in /website @dependabot (#3852)
- build(deps): Bump flowbite from 2.2.1 to 2.3.0 in /website @dependabot (#3854)
- build(deps): Bump flowbite from 2.2.1 to 2.3.0 in /elixir/apps/web/assets @dependabot (#3846)
- build(deps): Bump release-drafter/release-drafter from 5 to 6 @dependabot (#3849)
- build(deps): Bump @types/react from 18.2.51 to 18.2.61 in /website @dependabot (#3851)
- build(deps): Bump postcss from 8.4.33 to 8.4.35 in /website @dependabot (#3853)
- build(deps): Bump the com-android group in /kotlin/android with 1 update @dependabot (#3856)
- build(deps): Bump androidx.security:security-crypto from 1.1.0-alpha05 to 1.1.0-alpha06 in /kotlin/android @dependabot (#3857)
- build(deps): Bump androidx.hilt:hilt-compiler from 1.0.0 to 1.2.0 in /kotlin/android @dependabot (#3858)
- build(deps): Bump com.google.firebase:firebase-bom from 32.7.1 to 32.7.3 in /kotlin/android @dependabot (#3859)
- build(deps): Bump com.google.gms.google-services from 4.4.0 to 4.4.1 in /kotlin/android @dependabot (#3860)
- test(windows client): Add stack trace printing to smoke test @ReactorScram (#3813)
- chore(asdf-vm): add shellcheck version @ReactorScram (#3823)
- refactor(docs): Update SECURITY.md to mention opening GitHub security advisories @jamilbk (#3787)
- refactor(portal): unify format of error payloads in websocket connection @AndrewDryga (#3697)
- build(connlib): suppress
clippy::unnecessary_cast
lint on aarch64 Linux @ReactorScram (#3824) - deps: point to correct hash of str0m fork @thomaseizinger (#3827)
1.0.0-pre.9
Changelog
- fix(portal|website): Fix static paths for website and elixir @jamilbk (#3802)
- fix(connlib): update resource list on resource removal @conectado (#3796)
- Handle disconnect messages in LV @AndrewDryga (#3795)
- feat(snownet): only keep the best possible candidate pair alive @thomaseizinger (#3792)
- refactor(connlib): replace intent timer with explicit throttling @thomaseizinger (#3778)
- feat(snownet): reduce connection setup latency @thomaseizinger (#3772)
- chore: add nix scripts @thomaseizinger (#3771)
- chore(connlib): Tune log filters to enable
debug
in dev andinfo
for gateway deployments @jamilbk (#3788) - chore(snownet): reduce log levels @thomaseizinger (#3777)
- fix(portal|website): Fix favicons for dark mode @jamilbk (#3785)
- chore(repo): Move other dotfiles to reduce directory size of root @jamilbk (#3780)
- feat(android): add settings button to the session view @jasonboukheir (#3755)
- feat(connlib): support resource updates from the portal @conectado (#3754)
- chore: move markdown files into
docs/
directory @thomaseizinger (#3773) - refactor(connlib): unify handling of IP packets @thomaseizinger (#3762)
- chore: remove markdownlint config files @thomaseizinger (#3774)
- fix(gui-client): fix some papercuts @ReactorScram (#3769)
- feat(android): use Android ShareSheet for sharing logs @jasonboukheir (#3756)
- fix(android): delete log zip on finish and on create @jasonboukheir (#3757)
- refactor(connlib): unify peer storage @conectado (#3738)
- fix(connlib): correctly handle GRO @thomaseizinger (#3732)
- refactor(snownet): be more explicit about dispatching messages @thomaseizinger (#3741)
- build: enable Tauri dep for Linux and alphabetize deps @ReactorScram (#3742)
- fix(ci): phoenix channel tests not running @conectado (#3749)
- fix(gui-client): remove duplicated script @ReactorScram (#3745)
- fix(ci): run relay tests @conectado (#3747)
- fix(relay): update tests for current values @conectado (#3746)
- ci: change
cargo chef
call so it will ignore the GUI client @ReactorScram (#3740) - connlib: remove tun mutex @conectado (#3743)
- feat(ci): Test that relay restarts don't break existing connected entities @jamilbk (#3671)
- feat(dev): add dev yml for rust development @conectado (#3670)
- chore: make rtnetlink versions explicit @ReactorScram (#3736)
- chore(snownet): reuse
RingBuffer
@thomaseizinger (#3725) - refactor: rename windows-client to gui-client @ReactorScram (#3721)
- fix(ci): Fix flaky iperf3 "Bad file descriptor" @jamilbk (#3731)
- Remove assertions in sign-in success acceptance tests @bmanifold (#3733)
- refactor(portal): Remove assertions in sign-in success acceptance tests @bmanifold (#3730)
- fix(snownet): don't log addresses twice @thomaseizinger (#3711)
- feat(relay): increase number of allowed requests per nonce @thomaseizinger (#3726)
- refactor(portal): Add website_link component @jamilbk (#3715)
- fix(gateway): expire resources @conectado (#3722)
- feat(snownet): optimise which channels we bind @thomaseizinger (#3709)
- Disable sign up in staging @bmanifold (#3723)
- Add sign-in success page for clients @bmanifold (#3714)
- fix(connlib): set the real packet length before putting it into the device @conectado (#3718)
- fix(ci): Use default NDK on GH runners @jamilbk (#3716)
- fix(ci): Use workflow id to fetch perf results @jamilbk (#3710)
- fix(snownet): make TURN channel bindings more reliable @thomaseizinger (#3708)
- feat(connlib): filter out relays based on our locally created sockets @thomaseizinger (#3705)
- refactor(connlib): simplify resource ordering by implementing Ord trait @conectado (#3696)
- refactor(ci): Merge perf results into one comment @jamilbk (#3707)
- feat!(portal): return relays as plain socket addresses @thomaseizinger (#3665)
- chore(ci): enforce shellscript formatting and style @jamilbk (#3679)
- fix(ci): Fix js typo @jamilbk (#3704)
- fix(connlib): set socket to IPv6 only before binding address @thomaseizinger (#3701)
- fix(ci): Fix typo preventing perf-results from being calculated @jamilbk (#3703)
- fix(ci): Fix result overwrite @jamilbk (#3700)
- fix(ci): Run each perf test in its own matrix job @jamilbk (#3695)
- feat(portal): Billing system @AndrewDryga (#3642)
- refactor(connlib): replace
webrtc-rs
withsnownet
@conectado (#3391) - fix(snownet): don't trigger busy loop upon refreshing allocation @conectado (#3693)
- chore(repo): Update issue template with support links @jamilbk (#3678)
- Revert "feat(portal): Add sign-in success page for clients" @jamilbk (#3692)
- feat(portal): Add sign-in success page for clients @bmanifold (#3659)
- fix(ci): Ensure integration-tests allow for at least 30 seconds to establish a connection @jamilbk (#3676)
- Revert "fix(gateway): Remove
/dev/net/tun
requirement and clean up upgrade script @AndrewDryga (#3691) - fix(android): move log zip file outside of log folder @jasonboukheir (#3677)
- chore(portal): Add okta as IdP in dev @jamilbk (#3675)
- feat(android): Add support for per-app VPN configurable through MDM @jamilbk (#3657)
- fix(ci): Be explicit about service start order @jamilbk (#3673)
- refactor(ci): Use curl for connectivity tests in CI @jamilbk (#3674)
- chore(snownet): expose
Server
andClient
@thomaseizinger (#3664) - feat(snownet): instrument public API using
tracing
@thomaseizinger (#3663) - feat(linux): Control DNS with systemd-resolved @ReactorScram (#3643)
- ci: upgrade iperf @thomaseizinger (#3662)
- fix(snownet): generate candidates only after we accept the ICE answer @conectado (#3658)
- refactor(connlib): move DNS resolution into tunnel @thomaseizinger (#3652)
- refactor(ci): simplify dns resources in ci @jamilbk (#3653)
- fix(gateway): re-implement resource address resolution in eventloop @conectado (#3656)
- feat(linux): Notify systemd when we've started @ReactorScram (#3628)
- feat(android): add Reset to Defaults button and add space to settings activity @jasonboukheir (#3651)
- feat(snownet): timeout connections without a handshake after 20 seconds @thomaseizinger (#3633)
- ci: don't ping gateway before running perf @thomaseizinger (#3649)
- feat(snownet): attempt to make new allocation when refresh fails @thomaseizinger (#3631)
- refactor(gateway): perform DNS resolution of resources in eventloop @thomaseizinger (#3622)
- feat(snownet): invalidate candidates @thomaseizinger (#3604)
- chore(snownet): better logging @thomaseizinger (#3646)
- Update Okta IDP adapter in portal @bmanifold (#3647)
- ci: move tests to bash scripts @thomaseizinger (#3648)
- refactor(android): Clean up tunnel fd establishment @jamilbk (#3645)
- fix(android): prevent null pointer segfault on 32-bit platforms @jamilbk (#3619)
- ci(linux): add CI setup script for NetworkManager @ReactorScram (#3641)
- feat(linux): Add
FIREZONE_DNS_CONTROL
env var to choose which DNS control method to use @ReactorScram (#3629) - fix(snownet): remove
debug_assert!
for timed-out connections @thomaseizinger (#3635) - feat(snownet): only emit
ConnectionEstablished
upon the first connection @thomaseizinger (#3634) - feat(snownet): remove wireguard keep-alives @thomaseizinger (#3630)
- chore(connlib): Make request ioctl mutable @jamilbk (#3644)
- refactor(android): Simplify tunnel implementation and fix tunnel lifecycle @jamilbk (#3583)
- chore(website): Update team @jamilbk (#3638)
- ci(windows): test crash handling as part of smoke test @ReactorScram (#3624)
- chore: bump Rust version to 1.76 @thomaseizinger (#3632)
- Add Okta directory sync @bmanifold (#3614)
- Add dynamic/managed groups and default Everyone one @AndrewDryga (#3346)
- chore(ci): update Node to 20 in the Windows CI jobs @ReactorScram (#3611)
- ci(windows): add 'firezone' to the MSI names @ReactorScram (#3610)
- feat(portal): Broadcast resource sites @AndrewDryga (#3466)
- chore(ci): Fix CI deprecation and workflow warnings @jamilbk (#3612)
- ci(windows): fix warning about CONNLIB_LOG_UPLOAD_INTERVAL_SECS @ReactorScram (#3606)
- chore(apple): Add logs about accessing firezone-id in disk @roop (#3607)
- feat(connlib): remove duplication from logs @thomaseizinger (#3596)
- feat(snownet): refresh allocation upon each new connection @thomaseizinger (#3591)
- fix(snownet): replace
Allocation
if credentials to relay change @thomaseizinger (#3590) - refactor(snownet): introduce
CandidateEvent
@thomaseizinger (#3592) - feat(snownet): instrument the
handle_input
function with tracing @thomaseizinger (#3594) - refactor(connlib): remove unnecessary
Serialize
derive @thomaseizinger (#3595) - fix(snownet): don't try to re-authorize forever @thomaseizinger (#3589)
- feat(windows): split up signing-in state, closes #3597 @ReactorScram (#3599)
- chore(snownet): remove obsolete TODO @thomaseizinger (#3593)
- fix(snownet): don't mangle source IP to determine use of relay @thomaseizinger (#3556)
- fix(snownet): properly cleanup connections before adding a new one @conectado (#3587)
- fix(windows): Ensure crashes, errors, and panics are all logged to file @ReactorScram (#3572)
- fix(ci): wait for Vault to load sign in form before filling it out @jamilbk (#3585)
- Revert "chore(android): Remove i686 android target" @jamilbk (#3586)
- feat(devops): Add Trisha to staging GCP @jamilbk (#3584)
- refactor(portal): log in -> sign in @jamilbk (#3577)
- fix(snownet): don't attempt to bind a channel if we don't have a matching allocation @thomaseizinger (#3575)
- fix: don't initialize relay with non-existent interface @thomaseizinger (#3582)
- fix(snownet): always clear state of failed connections @thomaseizinger (#3581)
- feat(snownet): retry TURN allocations using exponential backoffs @thomaseizinger (#3530)
- chore(portal): Enable Microsoft Entra by default in all envs @jamilbk (#3576)
- ci(windows): run the Windows smoke test in CI @ReactorScram (#3542)
- fix(android): Use persistent device ID @jamilbk ...