Releases: firezone/firezone
Releases · firezone/firezone
1.0.5
✨ Features
- feat(gateway): added support for docker secrets (#5031) @jamilbk (#5043)
- chore(relay): allow domains in
--otel-grpc-endpoint
@thomaseizinger (#5059) - feat(portal): Track page views and sign ups using Mixpanel and HubSpot on public pages @AndrewDryga (#5050)
- feat(windows-client): run the GUI and tunnel in separate processes @ReactorScram (#4978)
- feat(website): New landing page @jamilbk (#5033)
- feat(devops): Add example for spinning up performance testing VMs on Azure @jamilbk (#4647)
- feat(website): Increase team user limit to 100 @jamilbk (#5002)
- feat(connlib): report resource status to client @conectado (#4931)
🐛 Bug Fixes
- fix(portal): UX: only show everyone note for users @jamilbk (#5073)
- fix(gui-client): log and continue if getting or deleting the token fails @ReactorScram (#5021)
- fix(portal): Dedicate 3/12 width for columns with IPs @jamilbk (#5001)
🧰 Maintenance
- style: Use consistent button colors for CTAs @jamilbk (#5032)
- build(gui-client): add post-install and pre-remove scripts to the deb package @ReactorScram (#5011)
- chore(windows): style the MSI installer @ReactorScram (#4990)
- refactor(portal): Update IDP creation flow @bmanifold (#4984)
- chore(connlib): remove unused
ConnlibError::Snownet
variant @thomaseizinger (#5078) - build(deps): Bump redis-macros from 0.2.1 to 0.3.0 in /rust @dependabot (#5040)
- chore(relay): allow domains in
--otel-grpc-endpoint
@thomaseizinger (#5059) - chore(gui-client): remove incorrect DNS deactivation @ReactorScram (#5067)
- chore(gui-client): disable the Welcome screen only after the first sign-in @ReactorScram (#5066)
- chore(connlib): fix copy-paste typo in comment about DNS @ReactorScram (#5053)
- chore(connlib): make encapsulate pure @conectado (#5055)
- build(deps): Bump arboard from 3.3.2 to 3.4.0 in /rust @dependabot (#5038)
- build(deps): Bump libc from 0.2.154 to 0.2.155 in /rust @dependabot (#5039)
- feat(windows-client): run the GUI and tunnel in separate processes @ReactorScram (#4978)
- refactor(connlib): use events for pushing updated resource list @thomaseizinger (#5035)
- chore(connlib): upgrade domain version from 0.9 to 0.10 @conectado (#5028)
- refactor(website): fix wording @jamilbk (#5048)
- chore(gui-client): log connlib
on_disconnect
errors in the IPC service @ReactorScram (#5045) - chore(ux): Add sync time hint help to idp show @jamilbk (#5034)
- feat(devops): Add example for spinning up performance testing VMs on Azure @jamilbk (#4647)
- chore(rust): update to Rust 1.78 @ReactorScram (#5006)
- chore(connlib): ensure there are client_resources before trying to sample them in proptest @conectado (#5017)
- chore(connlib): set_payload is called for udp packets for tests @conectado (#5018)
- chore: remove beta mention from pricing page @jamilbk (#5013)
- chore(connlib): limit resource_update to resource changes @conectado (#5005)
- chore(client): update internal docs for Windows and Linux GUI Clients @ReactorScram (#5003)
- test: remove backwards compatibility code for older Docker images @ReactorScram (#4993)
- chore(portal): Use redactor to reduce chances of accidentally logging secrets @AndrewDryga (#4983)
- chore: bump versions for 1.0.4 release @jamilbk (#4985)
📝 Documentation
- docs: Fix code block styling @jamilbk (#5058)
- docs: Add SupportOptions consistently to auth pages @jamilbk (#5030)
- docs: Fix sidebar spacing a little @jamilbk (#5020)
- docs(client): add support options (Discord, email, etc.) to all Client docs @ReactorScram (#5008)
- docs: Uninstall Gateway @jamilbk (#4966)
- docs: Fix sidebar padding @jamilbk (#4989)
- docs: Refactor SSO guides to make sync optional @jamilbk (#4988)
- docs: Fix docs code blocks with arrow @jamilbk (#4982)
1.0.4
✨ Features
🐛 Bug Fixes
- fix(portal): Use info button style for buttons that change form elements and don't submit @jamilbk (#4958)
- fix(portal): Verify email token identity @AndrewDryga (#4977)
- fix(windows-client): clear Firezone-specific DNS rules at startup @ReactorScram (#4918)
- fix(gateway): Detect executables with 'ELF' string @jamilbk (#4974)
- fix(website): Fix docs overflow and layout issues @jamilbk (#4967)
- fix(portal): Fix edge cases with OIDC discovered in logs @AndrewDryga (#4777)
- fix various issues @jamilbk (#4956)
- fix(portal): Add provider icon to identity/group badges @jamilbk (#4947)
- fix(portal): don't confirm group selections if there aren't changes @jamilbk (#4946)
- fix(portal): Reduce button sizes in live_table to xs @jamilbk (#4945)
🧰 Maintenance
- ci: Add ci and test categories to auto labeler @jamilbk (#4922)
- ci: cache webview installer @jamilbk (#4935)
- ci(windows): time out the WebView2 install after 5 minutes @ReactorScram (#4981)
- build(deps): Bump base64 from 0.22.0 to 0.22.1 in /rust @dependabot (#4969)
- build(deps): Bump zip from 0.6.6 to 1.2.3 in /rust @dependabot (#4970)
- refactor(headless-client): deprecate subcommands for now @ReactorScram (#4953)
- chore(ipc-service/linux): fix incorrect error message @ReactorScram (#4976)
- build(deps): Bump tokio-util from 0.7.10 to 0.7.11 in /rust @dependabot (#4971)
- build(deps): bump chrono only @jamilbk (#4959)
- ci: fix flaky dns-systemd test by waiting a second before running @jamilbk (#4962)
- chore(windows-client): proof of concept for installing a system service with WiX @ReactorScram (#4903)
- chore(website): fix article width again @jamilbk (#4968)
- refactor(website): Make Enterprise plan stand out a bit more @jamilbk (#4957)
- build(deps): Bump ex_cldr_dates_times from 2.16.0 to 2.17.1 in /elixir @dependabot (#4948)
- chore(portal): Strop triggering alerts on fluentbit logs @AndrewDryga (#4955)
- chore(website): Gateway version mention @jamilbk (#4949)
- ci: fix issue with artifact names @jamilbk (#4928)
- refactor(headless-client): remove "linux-client" alias @ReactorScram (#4933)
- refactor(ci): use the same test framework for headless client and IPC service @ReactorScram (#4943)
- build(deps): Bump ex_cldr_numbers from 2.32.4 to 2.33.1 in /elixir @dependabot (#4859)
- chore: remove filters section from may update @jamilbk (#4944)
- chore(ci): fix
debug_exit
in the flaky systemd DNS test @ReactorScram (#4934) - chore(ci): add debugging for that flaky DNS test @ReactorScram (#4926)
- chore: Bump versions to link 1.0.3 packages @jamilbk (#4924)
- refactor(gui-client): move
known_dirs
module intoheadless-client
@ReactorScram (#4908) - chore(website): add user count to feature cards @jamilbk (#4923)
📝 Documentation
1.0.3
✨ Features
- feat(blog): How DNS works in Firezone @jamilbk (#4828)
- feat(connlib): traffic filtering @conectado (#4779)
🐛 Bug Fixes
- fix(portal): Ensure site can be changed when multi-site is false @jamilbk (#4915)
- fix(connlib): add_resource multiple times with same resource id @conectado (#4914)
- fix(connlib): filters for resoruces with multiple ips @conectado (#4911)
- fix(connlib): resource filter deserialization @conectado (#4910)
- fix(Android): add alert dialog for errors in auth flow @jasonboukheir (#4835)
- Fix: Exclude legacy docs from kb search and vice versa @mdp (#4833)
🧰 Maintenance
- chore(website): add user count to feature cards @jamilbk (#4923)
- chore: fix blog typo @jamilbk (#4920)
- fix(website): Add z-40 to fix sidebar layering @jamilbk (#4909)
- chore(connlib): pass to client new fields @conectado (#4900)
- chore(website): Hide banner @jamilbk (#4902)
- ci(gui-client/linux): publish deb package in the release @ReactorScram (#4876)
- chore(docker): local dev docker-compose @conectado (#4748)
- ci(windows): fix unused deps static analysis @ReactorScram (#4898)
- chore(gui-client/linux): fix single-instance @ReactorScram (#4890)
- chore(gui-client/linux): fix group name,
firezone
should befirezone-client
@ReactorScram (#4889) - ci: Disable android UI tests due to timeouts / flakiness @jamilbk (#4891)
- chore(connlib): remove unused parking_lot @conectado (#4886)
- test(android): Only run tests for x86_64 android @jamilbk (#4870)
- chore(gui-client/linux): export all logs, not just app logs @ReactorScram (#4830)
- chore(gui-client/linux): show an error if the user doesn't belong to the
firezone
group @ReactorScram (#4822) - chore(gui-client/linux): add smoke test checklist @ReactorScram (#4882)
- chore(gui-client/linux): fix deep links on Ubuntu 22.04 @ReactorScram (#4881)
- chore(gui-client/linux): add install script and change group to
firezone-client
@ReactorScram (#4879) - chore(gui-client/linux): poll for DNS changes every 5 seconds @ReactorScram (#4875)
- chore(gui-client): cleanup @ReactorScram (#4836)
- chore(linux-client): make headless client / IPC service logs group-readable @ReactorScram (#4825)
- chore(firezone-tunnel): Remove unused
SIOCGIFMTU
in tun_android @jamilbk (#4869) - chore(deps): Bump flowbite-react @jamilbk (#4864)
- chore(deps): bump browser tests @jamilbk (#4865)
- chore(deps): Add hilt-testing to dependabot group @jamilbk (#4861)
- chore(ci): bump versions @jamilbk (#4840)
- build(deps): Bump libc from 0.2.153 to 0.2.154 in /rust @dependabot (#4894)
- refactor(portal): Remove Permit all and grey out form when traffic filters disabled @jamilbk (#4887)
- build(deps): Bump reqwest from 0.12.2 to 0.12.4 in /rust @dependabot (#4895)
- build(deps): Bump socket2 from 0.5.6 to 0.5.7 in /rust @dependabot (#4863)
- build(deps): Bump hashicorp/tfc-workflows-github from 1.2.0 to 1.3.0 @dependabot (#4841)
- build(deps): Bump anyhow from 1.0.81 to 1.0.82 in /rust @dependabot (#4810)
- build(deps): Bump @tauri-apps/cli from 1.5.11 to 1.5.12 in /rust/gui-client @dependabot (#4846)
- build(deps): Bump @tauri-apps/api from 1.5.3 to 1.5.4 in /rust/gui-client @dependabot (#4847)
- refactor(infra): Install gateways without using Docker @AndrewDryga (#4839)
- build(deps): Bump swift-bridge from 0.1.53 to 0.1.55 in /rust @dependabot (#4862)
- build(deps): Bump puppeteer from 22.6.4 to 22.7.1 in /scripts/tests/browser @dependabot (#4866)
- build(deps): Bump @next/mdx from 14.1.4 to 14.2.3 in /website @dependabot (#4867)
- build(deps-dev): Bump typescript from 5.4.2 to 5.4.5 in /website @dependabot (#4868)
- build(deps-dev): Bump typescript from 5.4.3 to 5.4.5 in /rust/gui-client @dependabot (#4844)
- build(deps): Bump com.google.dagger:hilt-android-testing from 2.51 to 2.51.1 in /kotlin/android @dependabot (#4858)
- refactor(gui-client/linux): use the same systemd service file in CI as in production @ReactorScram (#4832)
- build(deps): Bump gradle/wrapper-validation-action from 2 to 3 @dependabot (#4843)
- build(deps): Bump @fontsource/source-sans-3 from 5.0.19 to 5.0.20 in /elixir/apps/web/assets @dependabot (#4848)
- build(deps): Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 @dependabot (#4842)
- build(deps): Bump asciinema-player from 3.7.0 to 3.7.1 in /website @dependabot (#4849)
- build(deps-dev): Bump @types/node from 20.12.2 to 20.12.7 in /rust/gui-client @dependabot (#4845)
- build(deps): Bump mixpanel-browser from 2.49.0 to 2.50.0 in /website @dependabot (#4850)
- build(deps): Bump react-icons from 5.0.1 to 5.2.0 in /website @dependabot (#4852)
- build(deps): Bump @types/node from 20.11.25 to 20.12.7 in /website @dependabot (#4853)
- build(deps): Bump com.google.firebase:firebase-bom from 32.8.0 to 32.8.1 in /kotlin/android @dependabot (#4856)
- build(deps): Bump org.mozilla.rust-android-gradle.rust-android from 0.9.3 to 0.9.4 in /kotlin/android @dependabot (#4857)
📝 Documentation
1.0.2
This release reverts a change that could cause connectivity issues seen by some users.
Maintenance
- test(android): add instrumentation test github action @jasonboukheir (#4178)
- chore(gui-client/linux): have systemd direct our connlib logs to
/var/log/dev.firezone.client
@ReactorScram (#4823) - chore(website): Bump versions @jamilbk (#4821)
🐛 Bug Fixes
- revert: "fix(snownet): don't nominate discarded candidates" @jamilbk (#4838)
- fix(connlib): remove ice candidate on invalidate candidate message @conectado (#4837)
1.0.1
✨ Features
- feat(portal): Allow creating resources from Resources page @AndrewDryga (#4775)
- feat(portal): Add legal_name field to accounts and sync it with new stripe metadata key @AndrewDryga (#4771)
🐛 Bug Fixes
- fix(windows-client): package name should be "Firezone" not "firezone-client-gui" @ReactorScram (#4814)
- fix(snownet): don't nominate discarded candidates @thomaseizinger (#4806)
- fix(portal): Update site deletion modal message @bmanifold (#4795)
- fix(gateway): Fix conditional used to check for upgrades @jamilbk (#4796)
- fix(portal): Fix traffic filtering to send port-less rules @AndrewDryga (#4778)
- fix(headless-client): clean up and exit gracefully when
on_disconnect
called @ReactorScram (#4785) - fix(windows-client): allow sign out while connlib is raising the tunnel @ReactorScram (#4766)
- fix(website): fix linux client link @jamilbk (#4774)
🧰 Maintenance
- chore(gui-client): use new download links @ReactorScram (#4754)
- chore(gui-client/linux): fix notifications @ReactorScram (#4803)
- revert(android): revert to unpublished version @jamilbk (#4807)
- chore(gui-client/linux): fix DNS @ReactorScram (#4802)
- perf: increase UDP send rate for performance test @jamilbk (#4793)
- chore(connlib): make peer pure by taking utc time from parameters @conectado (#4773)
- chore(gui-client): enable keyring for Linux @ReactorScram (#4799)
- chore(devops): Add client monitor VM @bmanifold (#4794)
- chore(gui-client): proof of concept for process splitting @ReactorScram (#4788)
- chore(website): Update intro video @jamilbk (#4786)
- chore(gateway): Handle edge cases where gateway binary couldn't be downloaded @jamilbk (#4783)
- ci: use consistent binary dest path naming @jamilbk (#4772)
- ci: Bump versions and fix release overwrites @jamilbk (#4769)
- ci: bootstrap browser test harness if missing @jamilbk (#4767)
- Fix: Correct typo in Terraform links @mdp (#4768)
- build(deps): Bump tracing-panic from 0.1.1 to 0.1.2 in /rust @dependabot (#4811)
- build(deps): Bump tauri from 1.6.1 to 1.6.2 in /rust @dependabot (#4809)
- refactor(linux-client): package systemd unit for IPC service @ReactorScram (#4752)
- refactor: Remove multiqueue flag for tun on Linux @jamilbk (#4798)
- build(deps): Bump serde_json from 1.0.115 to 1.0.116 in /rust @dependabot (#4731)
- build(deps): Bump async-trait from 0.1.79 to 0.1.80 in /rust @dependabot (#4732)
- refactor(linux-client): remove FIREZONE_ID from example systemd file @ReactorScram (#4714)
- refactor: Make published artifact names consistent and use permalinks @ReactorScram (#4746)
📝 Documentation
1.0.0
✨ Features
- fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
- feat(website): Add battlecard to landing page @jamilbk (#4744)
- feat(connlib): smoothly migrate relayed connections @thomaseizinger (#4568)
- docs: Add common use cases @jamilbk (#4677)
- feat(docs): Add Cloudflare WARP known incompatibility issue @jamilbk (#4704)
- feat(portal): Broadcast relays presence to gateways and add invalidate_ice_candidates messages @AndrewDryga (#4685)
- ci: Only build debug images for
linux/amd64
@jamilbk (#4612) - ci: Enable client compatibility tests @jamilbk (#4610)
🐛 Bug Fixes
- fix(linux-client): forbid passing the token as a CLI arg @ReactorScram (#4683)
- fix(snownet): invalidate host candidates on reconnect @thomaseizinger (#4755)
- fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
- fix(portal): Hide API clients sidebar link in UI when feature disabled @bmanifold (#4747)
- fix(relay): clear channel bindings when allocation is deleted @thomaseizinger (#4705)
- fix(portal): Fix bug with preset values in policies dropdowns @AndrewDryga (#4693)
- fix(website): Add missing sidebar link @jamilbk (#4676)
- fix(linux-client): don't show the token in
--help
@ReactorScram (#4654) - fix(website): Fix broken links @jamilbk (#4645)
- fix(apple): Append to Swift logfile instead of overwriting each time @jamilbk (#4633)
- fix(windows-client): remove spurious "Connected to Firezone" notifications @ReactorScram (#4603)
- fix(windows): patch some DNS leaks @ReactorScram (#4530)
- fix(portal): remove typo in manual command var @jamilbk (#4614)
- fix(ci): Override release_drafter commitish since we run on PRs now @jamilbk (#4608)
- fix(ci): autolabeler to fix changelog drafting @jamilbk (#4591)
🧰 Maintenance
- chore(connlib): forward panics containing an owned string @thomaseizinger (#4760)
- chore: remove test lib bash sourcing from customer-run scripts @jamilbk (#4753)
- chore(snownet): free memory of allocation without valid credentials @thomaseizinger (#4720)
- chore(ip-packet): address PR feedback @thomaseizinger (#4721)
- revert: Revert removal of GitHub link in the navbar @jamilbk (#4734)
- chore(website): revert split-horizon DNS terming @jamilbk (#4703)
- ci: Don't run browser tests on release images @jamilbk (#4722)
- test(client): add reconnection tests from a client using a headless browser @conectado (#4569)
- chore(snownet): don't update remote socket from WG activity @thomaseizinger (#4615)
- chore(website): Publish macOS client @jamilbk (#4719)
- chore(docs): Update sizing recs for Gateways @jamilbk (#4708)
- chore(website): Use sales / sign up for CTA in navbar @jamilbk (#4711)
- chore(linux-client): allow custom token path @ReactorScram (#4666)
- chore: extract common
ip-packet
crate @thomaseizinger (#4702) - ci: remove setting of unused env variable @thomaseizinger (#4710)
- chore(relay): restore request metadata for control messages @thomaseizinger (#4699)
- chore(relay): log all failed requests on warn @thomaseizinger (#4700)
- chore(connlib): remove MTU refreshing @thomaseizinger (#4698)
- test(linux-client): move linux-group test out of integration tests @ReactorScram (#4692)
- chore(snownet): assert that we can send ICMP packets through the tunnel @thomaseizinger (#4675)
- test(connlib): assert connection intents using property-based state machine test @thomaseizinger (#4597)
- ci: run assertions inside docker container @thomaseizinger (#4680)
- ci(fix): replace more invalid ref chars @jamilbk (#4687)
- test(linux-client): disable failing test @ReactorScram (#4689)
- chore(docs): fix FAQ link to architecture @jamilbk (#4684)
- test(linux-client): fix linux-group integration test @ReactorScram (#4671)
- chore(phoenix-channel): don't log message on deserialisation error @thomaseizinger (#4673)
- chore(relay): parse
init
message @thomaseizinger (#4672) - chore(linux-client): print resources with
tracing::debug
@ReactorScram (#4658) - test(linux-client): temporarily disable failing linux-group integration test @ReactorScram (#4670)
- chore(connlib): add unit test for deserializing
broadcast_ice_candidates
@thomaseizinger (#4646) - chore(linux): only allow IPC connections from members of the
firezone
group @ReactorScram (#4628) - test(linux-client): check if we can add the user to a group in a CI test @ReactorScram (#4600)
- chore(docs): formalize the rule for logging sensitive info @ReactorScram (#4663)
- chore(linux): ask systemd to limit our privileges @ReactorScram (#4630)
- chore(docs): Recommend 3 gateways @jamilbk (#4649)
- chore(website): update wireguard impl @jamilbk (#4648)
- chore(rust): fix local docker development @conectado (#4642)
- chore(ci): build docker dev images with
main
@jamilbk (#4643) - chore(ci): Use netstat instead of ss for release image tests @jamilbk (#4640)
- chore(devops): Fix GH overriding main branch statuses @AndrewDryga (#4639)
- chore(portal): Add one more test for relays lb @AndrewDryga (#4638)
- chore(portal): Change name and structure of relays presence event @AndrewDryga (#4623)
- chore(ci): .env not available in
with
shared workflow context @jamilbk (#4631) - ci: Add tag name to build-dev-images @jamilbk (#4629)
- chore(connlib): upsert relays from "init" message @thomaseizinger (#4567)
- test(linux-client): separate the token from the systemd unit file @ReactorScram (#4626)
- refactor(perf-tests): add prefixes 'base' and 'head' @ReactorScram (#4598)
- test(integration): remove redundant
integration-test-
prefix @ReactorScram (#4601) - feat(portal): Broadcast relays presence updates to the client and return them in init @AndrewDryga (#4596)
- docs(client): how to read logs with jq @ReactorScram (#4599)
- chore(relay): perform graceful shutdown upon receiving SIGTERM @thomaseizinger (#4552)
- chore(relay): connect to portal in the background during startup @thomaseizinger (#4594)
- chore(snownet): add unit-test for roaming networks @thomaseizinger (#4585)
- chore(portal): Try new LoggerJSON implementation @AndrewDryga (#4595)
- ci: reduce duplication in integration tests @thomaseizinger (#4583)
- chore(clients): Bump Apple to 1.0.2; Android 1.0.1 @jamilbk (#4590)
- fix(website): Add metadatas for site links to generate @jamilbk (#4593)
- build(deps): Bump rustls from 0.22.3 to 0.22.4 in /rust in the cargo group @dependabot (#4715)
- build(deps): Bump time from 0.3.34 to 0.3.36 in /rust @dependabot (#4730)
- refactor(connlib): remove
PacketTransform
abstraction @thomaseizinger (#4709) - refactor(docs): Refactor KbSideBar to more accurately reflect content @jamilbk (#4712)
- build(deps): Bump either from 1.10.0 to 1.11.0 in /rust @dependabot (#4621)
- refactor(portal): Allow concurrent updates to synced actor/actor identities during sync @AndrewDryga (#4409)
- refactor(linux-client): rename
daemon
subcommand toipc-service
@ReactorScram (#4656) - refactor(portal): Refactor client login to use HTML meta refresh and cookie @bmanifold (#4617)
- refactor(test): use 'set -euox' instead of manual echos @ReactorScram (#4637)
- build(deps): Bump redis from 0.25.2 to 0.25.3 in /rust @dependabot (#4622)
- refactor(apple): Don't log error if calling stop on stopped tunnel @jamilbk (#4632)
- refactor: Discord -> Slack @jamilbk (#4616)
- refactor(headless-client): change CLI args for the IPC daemon @ReactorScram (#4604)
- build(deps): Bump hostname from 0.3.1 to 0.4.0 in /rust @dependabot (#4620)
- refactor(headless-client): use Tokio codec instead of hand-rolled length-delimited codec @ReactorScram (#4606)
- build(deps): Bump the windows group in /rust with 2 updates @dependabot (#4619)
📝 Documentation
1.0.0-pre.14
Features
- feat(docs): Add link to Terraform examples @jamilbk (#4508)
- feat(docs): Show page last updated at for each doc page @jamilbk (#4587)
- feat(website): GA updates @jamilbk (#3988)
- feat(portal): Allow completely deleting accounts @AndrewDryga (#4557)
🧰 Maintenance
- build(deps): Bump h2 from 0.3.25 to 0.3.26 in /rust @dependabot (#4525)
- build(deps): Bump quinn-udp from
a2a214b
tocc0d2e9
in /rust @dependabot (#4540) - build(deps): Bump swift-bridge from 0.1.52 to 0.1.53 in /rust @dependabot (#4541)
- build(deps): Bump swift-bridge-build from 0.1.52 to 0.1.53 in /rust @dependabot (#4434)
- build(deps): Bump reqwest from 0.12.1 to 0.12.2 in /rust @dependabot (#4436)
- build(deps): Bump chrono from 0.4.35 to 0.4.37 in /rust @dependabot (#4432)
- style(docs): Use simple <pre> for monospace blocks @jamilbk (#4582)
- chore(snownet): capture emitted events in test harness @thomaseizinger (#4584)
- chore(ci): Allow versioning components separately @jamilbk (#4493)
- test(ci): Remove e2e false start @jamilbk (#4580)
- refactor(connlib): add property-based tests for adding and removing of resources @thomaseizinger (#4503)
- refactor(docs): Docs polish iteration, add DoH known issue @jamilbk (#4579)
- refactor(linux-client): replace
client-tunnel
withheadless-client
which is the same thing @ReactorScram (#4516) - chore(snownet): add unit-test for relayed connection @thomaseizinger (#4570)
- chore(website): Add more feature popovers to pricing page and "Customize account slug" feature @jamilbk (#4574)
- chore(portal): Send metrics to Google Cloud Monitoring @AndrewDryga (#4564)
- chore(windows): bump Rust to handle CVE-2024-24576 @ReactorScram (#4576)
- chore(client-tunnel): hook up placeholder IPC server for Linux @ReactorScram (#4465)
- chore(portal): normal weight for helptext @jamilbk (#4572)
- chore(connlib): fix test deps for 'connlib-client-shared' @ReactorScram (#4518)
- chore(gateway): remove unused derives and messages @thomaseizinger (#4563)
- chore(ci): Configure relay with new IP on restart tests @jamilbk (#4571)
- build(deps): switch to released
tracing-stackdriver
@thomaseizinger (#4547) - build(deps): bump str0m dependency @thomaseizinger (#4555)
- chore(website): april update @jamilbk (#4565)
- refactor(snownet): remove allow-list of STUN and TURN servers @thomaseizinger (#4551)
- chore(relay): fail health-check with 400 on being partitioned for > 15min @thomaseizinger (#4553)
- chore(snownet): add required feature to dev-dependency @thomaseizinger (#4536)
- chore(connlib): remove stale code @thomaseizinger (#4562)
- chore(portal): Show support options on the billing page and remove features table @AndrewDryga (#4559)
- fix(portal): Show count of returned records instead of page size @AndrewDryga (#4558)
- chore(rust): activate more lints for redundant code @thomaseizinger (#4492)
- feat(portal): Add API Client UI @bmanifold (#4023)
- chore(relay): remove stale arg @thomaseizinger (#4554)
- ci: assert that nothing busy loops after the perf tests @thomaseizinger (#4546)
- refactor(portal): Update actor group selection in portal @bmanifold (#4467)
- refactor(relay): favor
Instant
overSystemTime
@thomaseizinger (#4468) - chore: document DNS stub functions @ReactorScram (#4526)
- fix(snownet): invalidate allocation on invalid credentials @thomaseizinger (#4537)
- chore(website): Clarify billing cycle a bit more @jamilbk (#4544)
- chore(portal): Fix flaky tests @AndrewDryga (#4543)
- fix(website): fix billing FAQ for Team plan @jamilbk (#4542)
- chore(rust): enforce no wildcard matching @thomaseizinger (#4491)
- chore(nix): add Rust nightly dev-shell and
cargo-udeps
@thomaseizinger (#4474) - chore(ci): Add portal and relay downtime DNS resource tests @jamilbk (#4517)
- fix(portal): Ship hotfixes for various crash reports discovered in logs @AndrewDryga (#4538)
- chore(docs): Add Team plan badge to appropriate docs pages @jamilbk (#4533)
- chore(docs): macOS test flight link @jamilbk (#4534)
- chore(portal): Save MAU billing for a future feature update @jamilbk (#4414)
- chore(portal): Add Sign in from sign up form @jamilbk (#4529)
- docs: Mention signup in README and clarify self-hosting @jamilbk (#4528)
- chore(website): Use 'User' not 'Seat' when referring to pricing @jamilbk (#4524)
- chore(portal): Add users limit and use it as default limit for accounts @AndrewDryga (#4527)
- chore(devops): Change relay log level to match prod @jamilbk (#4520)
- chore(ci): Use target-specific cache when cross building @jamilbk (#4519)
- refactor(relay): remove heap-allocations from hotpath @thomaseizinger (#4457)
- chore(ci): scope cache by arch too @jamilbk (#4512)
- chore(ci): Scope GH rust cache per os type @jamilbk (#4504)
- chore(connlib): remove stale callback @thomaseizinger (#4501)
- refactor(apple): Collapse SwiftUI codepaths across platforms and remove dead code @jamilbk (#4417)
🔐 Security
1.0.0-pre.13
- fix(relay): don't busy-loop on
poll_timeout
@thomaseizinger (#4497) - fix(relay): always
continue
after ready events @thomaseizinger (#4494) - fix(relay): only unbind a channel if it is actually bound @thomaseizinger (#4495)
- fix(gateway): don't erroneously suspend eventloop @thomaseizinger (#4486)
1.0.0-pre.12
- chore(connlib): remove
Mutex
from windows TUN device @thomaseizinger (#4472) - chore(rust): remove unused dependencies @thomaseizinger (#4475)
- chore(rust): lint against redundant
async
@thomaseizinger (#4466) - fix(gateway): Publish all platforms for Gateway, not just
amd64
@jamilbk (#4459) - refactor(relay): replace
Command::Wake
withpoll_timeout
@thomaseizinger (#4455) - refactor(relay): reduce allocations during relaying @thomaseizinger (#4453)
- test(gui-client): unit test for Linux IPC @ReactorScram (#4277)
- refactor(linux-client): extract all code to
firezone-client-tunnel
@ReactorScram (#4448) - chore(portal): Send alert notifications to mobile channels @AndrewDryga (#4463)
- chore(portal): Fix flaky test @AndrewDryga (#4454)
- fix(docs): fix broken link to service accounts @jamilbk (#4456)
- chore(portal): Enable CDN and WAF @AndrewDryga (#4450)
- chore(relay): reduce instrumentation overhead @thomaseizinger (#4426)
- chore(relay): make profiling in release build possible @thomaseizinger (#4441)
- chore(relay): remove per-packet logs on debug level @thomaseizinger (#4439)
- chore(relay): apply log
target
consistently @thomaseizinger (#4440) - chore(deps): Don't create duplicate dependabot groups @jamilbk (#4443)
- chore(gui-client): support cargo-mutants @ReactorScram (#4387)
- feat(website): Add team plan @jamilbk (#4416)
- fix(portal): Correct Edit account page title and label @jamilbk (#4412)
- fix(gateway): Fix systemd gateway install script @jamilbk (#4407)
- build(rust): Use Rust base image and bump to 1.77 @jamilbk (#4401)
- build(apple): Strip unused symbols from apple lib @jamilbk (#4404)
- build(connlib): Enable lto for release profile @jamilbk (#4398)
- fix(portal): Persist first user email to Stripe during account sign up @AndrewDryga (#4408)
- feat(android): UI notification for reauth @jasonboukheir (#3621)
- chore(portal): Increase page size to maximum when using MS Graph API @AndrewDryga (#4399)
- chore(apple): Add PrivacyManifest @jamilbk (#4400)
- chore(connlib): Remove atomicwrites and tokio::fs from apple compile path @jamilbk (#4395)
- refactor(portal): Move actor groups to own table in actor show page @bmanifold (#4392)
- fix(portal): Reuse code across sync jobs, only lock one row per job and fetch data asynchronously @AndrewDryga (#4396)
- chore(portal): Add billing.firezone.dev Stripe checkout domains @jamilbk (#4389)
- fix(connlib): Don't roll log files @jamilbk (#4390)
- Create everyone group on account sign up @AndrewDryga (#4388)
🧰 Maintenance
- refactor(gui-client): insert abstraction layer to put connlib behind IPC @ReactorScram (#4460)
- build(deps): Bump serde_json from 1.0.114 to 1.0.115 in /rust @dependabot (#4435)
- build(deps): Bump clap from 4.5.3 to 4.5.4 in /rust @dependabot (#4433)
- refactor(ci): move DNS control method up to docker-compose.yml @ReactorScram (#4341)
- build(deps): Bump flowbite-react from 0.7.2 to 0.7.8 in /website @dependabot (#4447)
- build(deps-dev): Bump tailwindcss from 3.4.1 to 3.4.3 in /rust/gui-client @dependabot (#4419)
- build(deps): Bump @types/react from 18.2.64 to 18.2.73 in /website @dependabot (#4431)
- build(deps): Bump @types/react-dom from 18.2.21 to 18.2.23 in /website @dependabot (#4428)
- build(deps): Bump @next/mdx from 14.1.3 to 14.1.4 in /website @dependabot (#4429)
- build(deps): Bump tailwindcss from 3.4.1 to 3.4.3 in /website @dependabot (#4430)
- build(deps-dev): Bump @types/node from 20.11.25 to 20.12.2 in /rust/gui-client @dependabot (#4418)
- build(deps-dev): Bump typescript from 5.4.2 to 5.4.3 in /rust/gui-client @dependabot (#4420)
- build(deps): Bump the retrofit group in /kotlin/android with 2 updates @dependabot (#4445)
- build(deps): Bump com.google.firebase:firebase-bom from 32.7.4 to 32.8.0 in /kotlin/android @dependabot (#4446)
- build(deps): Bump the hilt group in /kotlin/android with 3 updates @dependabot (#4444)
1.0.0-pre.11
- fix(portal): Serve static files with digests at root @AndrewDryga (#4386)
- fix(porta): Greatly improve HTTP 500 error page @AndrewDryga (#4382)
- fix(portal): Do not redact userpass virtual state (its a virtual field anyway) @AndrewDryga (#4370)
- fix(portal): Filter group actors by group id @AndrewDryga (#4369)
- fix(Windows client): fix "Tauri error" to "Firezone is already running" @ReactorScram (#4364)- feat(connlib): react to config updates @conectado (#4322)- fix(apple client): sign in crash, closes #4350 @ReactorScram (#4353)
- fix(portal): Fix bug in actor edit page preventing updates @bmanifold (#4347)
- fix(portal): Allow deleting synced actors after all identities are removed @AndrewDryga (#4346)
- fix(portal): Fix pagination issues with flows and activities, improve error handling around live tables @AndrewDryga (#4330)- fix(apple): sync tunnel configuration after saving @jamilbk (#4338)
- fix(connlib): only update the interface when setting dns if the effective dns changed @conectado (#4327)- fix(apple): Use keychain from the tunnel process *only* @jamilbk (#4335)
- fix(apple): Avoid getting stuck at the "load resources" view @jamilbk (#4336)
- fix(apple): Debounce sign in button @jamilbk (#4334)
- feat(apple): Handle network changes reliably on macOS and iOS @jamilbk (#4133)
- feat(phoenix-channel): fail on missing heartbeat after 5s @thomaseizinger (#4296)- fix(phoenix-channel): re-queue message upon send failure @thomaseizinger (#4294)- fix(portal): Fix online status on clients page @AndrewDryga (#4307)- fix(connlib): use quinn fork for quinn to work on ios @conectado (#4279)
- fix(gateway): answer with empty list of addresses on DNS resolution failure @thomaseizinger (#4266)- feat(portal): Add styled errors pages (404, 422, 500) @bmanifold (#4231)
- feat(android): changing managed config restarts TunnelService @jasonboukheir (#4181)
- feat(snownet): minimize delay when roaming @thomaseizinger (#4246)- feat(android): use device serial for
deviceName
@jasonboukheir (#4180) - fix(phoenix-channel): queue
join
message before others @thomaseizinger (#4242) - feat(android): detect network and dns changes and send them to connlib @conectado (#4163)
- feat(portal): Sync accounts between stripe and portal @AndrewDryga (#4173)- fix(portal): Fix various issues with presence-triggered table reloads @AndrewDryga (#4228)
- fix(connlib): remove outdated assertion due to possibility of network changes @conectado (#4222)- feat(portal): Track protocol in activities @AndrewDryga (#4215)
- feat(gui-client): Tauri welcome screen @ReactorScram (#4013)
- feat(connlib): reduce packet drops @thomaseizinger (#4168)
- fix(connlib): exclude sentinel dns range for resources ips @conectado (#4200)
- feat(portal): Add sign up override in portal @bmanifold (#3739)- feat(portal): Filtering, Fulltext Search, Pagination, Preloads @AndrewDryga (#3751)- feat(connlib): introduce
Session::reconnect
@thomaseizinger (#4116) - feat(snownet): introduce
connection
span to capturestr0m
andboringtun
logs @thomaseizinger (#4144) - fix(android): send Cidr format instead of IpNetwork format @conectado (#4134)- fix(android): spawn dedicated thread for connlib @thomaseizinger (#4145)
- fix(apple): spawn new thread for runtime to prevent it from being taken down @conectado (#4141)
- feat(gateway): add HTTP health check @thomaseizinger (#4120)
- feat(connlib): reduce stack size usage @thomaseizinger (#3958)- fix(portal): Increase group name max length @AndrewDryga (#4128)
- feat(linux): make deep link auth work @ReactorScram (#4102)
- Fix typo in _deploy_production.yml @jamilbk (#4113)- feat(docs): Example Gateway terraform module for GCP @jamilbk (#4011)- fix(relay): actually expire channels which allows re-binding them @thomaseizinger (#4094)
- feat(relay): improve logs for expiry and deletion of channel bindings @thomaseizinger (#4089)- fix(portal): Prevent invalid characters when entering account slug at sign in @AndrewDryga (#3917)
- fix(connlib): ignore certain multicast addresses @thomaseizinger (#4062)
- feat(snownet): log duration since intent after WG handshake completes @thomaseizinger (#3991)- feat(connlib): decrease connection setup latency @thomaseizinger (#4022)
- feat(snownet): timeout connections if we don't receive a candidate within 10s @thomaseizinger (#3790)
- feat(linux-client): generate firezone-id (device ID) automatically if it's not provided at launch @ReactorScram (#3920)
- fix(apple): Ignore expired login status @roop (#4052)
- feat(apple): In resources list, tapping on a list item shows a 'Copy Address' menu @roop (#4050)
- fix(apple): Align fields in Advanced Settings @roop (#4025)
- fix: let Tauri know about hiDPI icons @ReactorScram (#4039)
- fix(portal): Fix broken link to DNS docs @jamilbk (#4036)
- feat(snownet): always force a handshake when we change the socket @thomaseizinger (#3985)
- feat(apple): UI notification for reauth @roop (#3684)
- feat(windows): code sign Windows client @jamilbk (#3891)
- fix(ipad): Allow NavigationView to occupy entire screen @jamilbk (#3908)
- fix(android): Handle empty strings for allowed and disallowed VPN apps @jamilbk (#3918)
- fix(android): Fix crash on start due to Hilt 2.51 @jamilbk (#3916)
- fix: use
atomicwrites
to back up/etc/resolv.conf
more robustly @ReactorScram (#3828) - feat(linux-client): load token from
/etc/dev.firezone.client
... @ReactorScram (#4328) - feat(windows): listen for DNS change events @ReactorScram (#4198)