Skip to content

Releases: ghostunnel/ghostunnel

Version 1.5.0-rc.2

13 Aug 03:23
v1.5.0-rc.2
077e17d
Compare
Choose a tag to compare
Version 1.5.0-rc.2 Pre-release
Pre-release

Contains fixes a couple of bugs found in the previous release candidate, namely (1) a bug where running in client mode w/o a cert could panic if a cert was requested by the server and (2) a bug in the cipher suite flag validation logic.

Version 1.5.0-rc.1

04 Aug 18:25
v1.5.0-rc.1
7de4efb
Compare
Choose a tag to compare
Version 1.5.0-rc.1 Pre-release
Pre-release

Release candidate for 1.5.0, featuring support for the SPIFFE workload API, socket activation for systemd (Linux) and launchd (macOS), and a host of smaller changes.

Version 1.4.1

19 Apr 17:42
v1.4.1
b0ab870
Compare
Choose a tag to compare

Fixes a bug (#221) with the --disable-authentication flag in server mode, wherein a client that would send a client certificate despite authentication being disabled would get rejected (fixed in #222). We also added some examples to the man page in this release.

Version 1.4.0

08 Mar 00:29
v1.4.0
f196fcb
Compare
Choose a tag to compare

New features

  • Support signalling of transport connection information to the backend using the PROXY protocol (v2), just pass the --proxy-protocol flag on startup. Note that the backend must also support the PROXY protocol and must be configured to use it when setting this option.
  • Support silencing of specific types of log messages using the --quiet flag, such as --quiet=conns or --quiet=handshake-errs. You can pass this flag repeatedly if you want to silence multiple different kinds of log messages. In particular --quiet=handshake-errs is useful if you want to silence handshake errors caused by TCP health checks when running in Kubernetes.

Other

  • Added new flags --cert/--key to load certificate chain/private key from separate files.
  • Bumped build to Go 1.12, updated our dependencies, and added various new integration tests.

Version 1.3.1

21 Dec 21:32
v1.3.1
36b2ecf
Compare
Choose a tag to compare

Updates build to Go 1.11.4 and pulls in the latest version of kavu/go_reuseport to fix issue #200.

Version 1.3.0

08 Dec 00:11
v1.3.0
832548d
Compare
Choose a tag to compare

Notable changes

  • Added support for wildcards in the allow-uri and verify-uri access control flags. See ACCESS-FLAGS documentation for more information on how to use this. Cleaned up naming of access control flags.

Other

  • Added a docs folder with more detailed documentation explaining how to use features like access control and metrics better.
  • Migrated to using Go modules for managing dependencies. The vendor folder is still checked into git for now, though it may disappear in the future, once modules become the default in Go.

Update: Binaries for this release were rebuilt with Go 1.11.4 on Dec 14, 2018.

Version 1.2.2

06 Sep 18:18
v1.2.2
bd0f9e3
Compare
Choose a tag to compare

Notable changes

  • Added experimental support for the macOS keychain via certstore, requires the certstore build tag to be enabled to compile, off by default for now (#167).
  • Updated the Dockerfile to use multistage builds to reduce size of the image, as a result the squareup/ghostunnel Docker image will not contain the Go toolchain anymore (#160).
  • Added support (h/t @gouthamve) for the Prometheus metrics format in the /_metrics endpoint. A new format query param can be set to json or prometheus to select between the old or new format. The default remains the JSON format for now (#180).

Everything else

  • Modularized some parts of the code (#169, #170, #171), cleaned up some bits (#162, #163, #165), and updated the documentation to explain some features better (#161, #173).

Version 1.2.1

03 Apr 18:31
v1.2.1
f885a21
Compare
Choose a tag to compare

This release contains minor bug fixes and improvements. We've added some extra tests (#156) and defaulted to long help and improved some error messages (#157, #158). Due to an updated dependency, this release now also requires Go 1.10+ to compile (was Go 1.9+ previously).

Version 1.2.0

08 Mar 04:40
v1.2.0
Compare
Choose a tag to compare

Notable changes

  • Added support for Windows. Supports most major features as on UNIX platforms, with the exception of various UNIX-specific tidbits like SO_REUSEPORT or logging to syslog (#136, #139).
  • Added new access control flags. The --allow-uri-san and --verify-uri-san flags can be used verify peer certificates against a given URI SAN, e.g. for use with SPIFFE SVIDs (#128).
  • A new --disable-authentication flag can be used to disable client certificates in both client and server modes. Note that this disables all authentication and access controls (#150).
  • Parameters for loading private keys from a PKCS#11 module can now be specified via environment variables instead of flags if desired (PKCS11_MODULE, PKCS11_LABEL and PKCS11_PIN).

Bug fixes and others

  • Added a new metric to time handshakes, can be used to gather stats about average handshake latency through the status/metrics endpoint (#126).
  • Cleaned up internal flag handling, updated vendored dependencies, and added a new Makefile.dist to build cross-compiled release binaries for darwin/amd64, linux/amd64 and windows/{386,amd64}.

Version 1.2.0-rc.2

06 Mar 01:35
v1.2.0-rc.2
Compare
Choose a tag to compare
Version 1.2.0-rc.2 Pre-release
Pre-release

Added --disable-authentication flag, which disables client certificate authentication (#150).