Releases: ghostunnel/ghostunnel
Releases · ghostunnel/ghostunnel
Version 1.8.0
New Features
- Add support for systemd watchdog timer (@csstaub in #427). Ghostunnel can now be watched by systemd using the
WatchdogSec
option. If Ghostunnel fails to respond, systemd will automatically relaunch it. See docs/WATCHDOG.md for an example service file. - Implement landlock support to limit process privileges on Linux (@csstaub in #431). If started with the
--use-landlock
flag, Ghostunnel will call upon landlock on Linux to limit access to files and sockets. This is an experimental feature, please give it a try and let us know if you run into any issues.
Bug Fixes
- Avoid use of deprecated SecTrustGetCertificateAtIndex (@csstaub in #426)
- Fix nil ptr deref on Windows/Linux when keychain flags are used (@csstaub in #448)
- Close files properly and remove refs to deprecated io/ioutil (@testwill in #453 and #454)
- Fix RSA-PSS for Windows platform keys (@csstaub in #459 and #469)
Other Changes
- Upgrade to Go 1.22 (@csstaub in #419)
- Upgrade go-jose to v4.0.1 (@mcpherrinm in #423)
- Upgrade go-spiffe (@mcpherrinm in #429)
- Various other dependency updates via @dependabot
Full Changelog: v1.7.3...v1.8.0
Version 1.8.0-rc.2
Version 1.8.0-rc.1
New Features
- Add support for systemd watchdog timer (@csstaub in #427). Ghostunnel can now be watched by systemd using the
WatchdogSec
option. If Ghostunnel fails to respond, systemd will automatically relaunch it. See docs/WATCHDOG.md for an example service file. - Implement landlock support to limit process privileges on Linux (@csstaub in #431). If started with the
--use-landlock
flag, Ghostunnel will call upon landlock on Linux to limit access to files and sockets. This is an experimental feature, please give it a try and let us know if you run into any issues.
Bug Fixes
- Avoid use of deprecated SecTrustGetCertificateAtIndex (@csstaub in #426)
- Fix nil ptr deref on Windows/Linux when keychain flags are used (@csstaub in #448)
Other Changes
- Upgrade to Go 1.22 (@csstaub in #419)
- Upgrade go-jose to v4.0.1 (@mcpherrinm in #423)
- Upgrade go-spiffe (@mcpherrinm in #429)
- Various other dependency updates via @dependabot
Full Changelog: v1.7.3...v1.8.0-rc.1
Version 1.7.3
Version 1.7.2
Version 1.7.1
Version 1.7.0
Version 1.7.0-rc.1
Version 1.6.1
Version 1.6.0
Changes
- Add support for TLS 1.3 and fix bug that prevented the use of RSA-PSS when keychain identities were used on macOS/Win.
- Add new experimental flag for macOS (--keychain-require-token) to fetch keychain identities backed by hardware tokens.
- Changed the default log output to stdout, previously stderr, to avoid issues with Windows thinking the process crashed.
Other
Migrated release build process to GitHub Actions to avoid the need for cross-compilation toolchains. Unfortunately this means that linux/arm64 and windows/386 release builds will not be available for the moment. We plan to add back release builds for those platforms for when feasible with GitHub Actions.