Skip to content

Releases: openziti/zrok

v0.4.45

12 Dec 16:37
f406c8c
Compare
Choose a tag to compare

CHANGELOG

FEATURE: Minimal support for "organizations". Site admin API endpoints provided to create, list, and delete "organizations". Site admin API endpoints provided to add, list, and remove "organization members" (zrok accounts) with the ability to mark accounts as a "organization admin". API endpoints provided for organization admins to list the members of their organizations, and to also see the overview (environments, shares, and accesses) for any account in their organization. API endpoint for end users to see which organizations their account is a member of (#537)

CHANGE: briefly mention the backend modes that apply to public and private share concepts

FIX: Update indirect dependency github.com/golang-jwt/jwt/v4 to version v4.5.1 (#794)

FIX: Document unique names

FIX: reduce Docker image sizes (#783)

FIX: Docker reserved private share startup error (#801)

FIX: Correct the download URL for the armv7 Linux release (#782)

v0.4.44

05 Nov 17:24
c527340
Compare
Choose a tag to compare

CHANGELOG

CHANGE: Update github.com/openziti/sdk-golang to version v0.23.44. Remove old github.com/openziti/fabric dependency, instead pulling in the modern github.com/openziti/ziti dependency.

FIX: Bypass interstitial page for HTTP OPTIONS method (#777)

FIX: Fix for goreleaser build action to align with changed ARM64 build path.

v0.4.42

18 Oct 16:47
ef1795f
Compare
Choose a tag to compare

CHANGELOG

CHANGE: Switch all Dial operations made into the OpenZiti overlay to use DialWithOptions(..., &ziti.DialOptions{ConnectTimeout: 30 * time.Second}), switching to a 30 second timeout from a 5 second default (#772)

FIX: Removed the --basic-auth flag from zrok share private as this was ignored... even if zrok access private honored the ziti.proxy.v1 config to ask for basic auth, it would still be easy to write a custom SDK client that ignored the basic auth and accessed the share directly; better to remove the option than to allow confusing usage (#770)

FIX: always append common options like --headless and conditionally append --verbose --insecure if their respective env vars are set to when running in a service manager like systemd or Docker and wrapping the zrok command with the zrok-share.bash shell script (https://openziti.discourse.group/t/question-about-reserved-public-vs-temp-public-shares/3169)

FIX: Correct registration page CSS to ensure that the entire form is visible

v0.4.41

03 Oct 16:47
d050fb9
Compare
Choose a tag to compare

CHANGELOG

FIX: Fixed crash when invoking zrok share reserved with no arguments (#740)

FIX: zrok-share.service on Linux failed to start with a private share in closed permission mode

FIX: Update gopkg.in/go-jose/go-jose.v2 to v2.6.3 to fix vulnerability around compressed data (#761)

v0.4.40

16 Sep 19:10
c110f86
Compare
Choose a tag to compare

CHANGELOG

FEATURE: New endpoint for synchronizing grants for an account (#744). Useful for updating the zrok.proxy.v1 config objects containing interstitial setting when the skip_interstitial_grants table has been updated.

FIX: prune incorrect troubleshooting advice about listing Caddy's certificates

v0.4.39

20 Aug 14:49
9dce9b7
Compare
Choose a tag to compare

CHANGELOG

FEATURE: New API endpoint allowing direct creation of accounts in the zrok database. Requires an admin token (specified in the controller configuration yaml) for authentication. See the OpenAPI spec for details of the API endpoint. The zrok admin create account CLI was also updated to call the API endpoint, rather than directly operating on the underlying database (#734). The Docker and Kubernetes zrok instance deployments were adapted to the new CLI parameter shape.

FEATURE: Support html_path directive in interstitial stanza of public frontend configuration to support using an external HTML file for the interstitial page (#716)

FEATURE: zrok access private now includes a --response-header flag to add headers to the response for HTTP-based backends. Add flag multiple times to add multiple headers to the response. Expects key:value header definitions in this format: --response-header "Access-Control-Allow-Origin: *" (#522)

CHANGE: Update github.com/openziti/sdk-golang (and related dependencies) to version v0.23.40.

CHANGE: upgrade to ziti v1.1.7 CLI in zrok container image

v0.4.38

31 Jul 18:25
bf7b8ec
Compare
Choose a tag to compare

CHANGELOG

FEATURE: Conditionally enable interstitial page based on User-Agent prefix list. See the frontend configuration template at etc/frontend.yml for details on the new configuration structure (#715)

CHANGE: The interstitial configuration has been modified from a simple interstitial: <bool> to a richer structure, but the config version has not been incremented; this feature has not been widely adopted yet. See the frontend configuration template at etc/frontend.yml for details on the new structure.

CHANGE: The registration page where a new user's password is set now includes a required checkbox, asking them to acknowledge the terms and conditions presented above the checkbox (#669)

FIX: The registration page where a new user's password is set now includes better styling of the error message <div/> to prevent the entire page from jumping when the message changes.

v0.4.37

29 Jul 18:59
ed09ab2
Compare
Choose a tag to compare

CHANGELOG

FIX: Fix for setting the zrok_interstitial cookie on Chrome-based browsers.

FIX: Fix for store.IsAccountGrantedSkipInterstitial to respect the deleted flag.

FIX: When an error occurs connecting to the proxied endpoint, the proxy backend should return HTTP status 502 (#703)

v0.4.36

26 Jul 19:27
ab4132c
Compare
Choose a tag to compare

CHANGELOG

FEATURE: New interstitial pages that can be enabled per-frontend, and disabled per-account (#704)

CHANGE: Enable "declaration": true in tsconfig.json for Node SDK.

FIX: target the 32bit build for armhf to fix the FPE issue and the missing link issue

CHANGE: add cross-build instructions (includes new snapshot build target armel)

v0.4.35

17 Jul 17:45
cee6186
Compare
Choose a tag to compare

CHANGELOG

FEATURE: Added import for github.com/greenpau/caddy-security to include that Caddy plugin to enable authentication, authorization, and credentials extensions for the caddy backend (#506)

FEATURE: Closed permission mode for Docker and Linux private shares

CHANGE: add example in ./etc/caddy to set X-Real-IP header to public share client IP

CHANGE: auto-update the ziti CLI version that is built in to the openziti/zrok container image

CHANGE: Docker examples set HOME to enable running CLI commands in the container

FIX: Fix for environment count inheritance when using a resource count class to override global environment count (#695)