This patch for version 1.5 includes fixes for vulnerabilities identified during our latest penetration test. As a fully transparent organisation, Defguard publishes a Pentesting Security Report page where you can track the status of our vulnerability fixes.
This is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
💫Desktop Client now supports External SSO/IdP MFA
Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
What's Changed
- Update dependencies; move nix to workspace; better split() by @moubctez in #450
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #467
- Bump version to 1.5 by @t-aleksander in #468
- Merge main -> dev post 1.4 release by @wojcik91 in #472
- optimize DB access to avoid write locks by @wojcik91 in #479
- use unix socket for communicating with background service by @wojcik91 in #481
- Handle per-location MFA settings by @wojcik91 in #486
- handle multiple addresses by @wojcik91 in #489
- setup biome for frontend by @wojcik91 in #490
- handle multiple addresses pt2 by @wojcik91 in #491
- fix settings page icon fill by @wojcik91 in #492
- Fix CLI: assign multiple IP addresses and use one network interface name by @moubctez in #504
- Tauri v2 by @moubctez in #512
- Fix tray icon behaviour and close active connections on exit by @moubctez in #513
- Fix windows Quit by @moubctez in #516
- setup AWS CodeBuild for GitHub Actions by @wojcik91 in #517
- Fix deny.toml by @moubctez in #518
- Handle deep-links by @moubctez in #520
- Reflect connection state in system tray by @moubctez in #521
- mfa via mobile device by @filipslezaklab in #519
- Upgrade UI module by @filipslezaklab in #523
- Fix MFA from tray menu by @moubctez in #522
- Fix events by @moubctez in #524
- Fix version for tauri-action by @moubctez in #527
- register totp mfa during account enrollment by @filipslezaklab in #526
- update nix setup for tauri v2 by @wojcik91 in #534
- Build RPM and fix release workflow by @moubctez in #533
- handle token owner validation during instance update by @wojcik91 in #535
- Deep link take 2 by @moubctez in #532
- Make cargo-deny happy again by @moubctez in #536
- add email to enrollment mfa setup by @filipslezaklab in #538
- Tray: omit submenus for one instance by @moubctez in #540
- handle new enrollment configuration by @filipslezaklab in #539
- Fix show/hide by @moubctez in #542
- Deep link fix by @filipslezaklab in #543
- fix deep link reopen in dev mode by @filipslezaklab in #546
- Unminimize on macOS by @moubctez in #548
- Take pathname from deep link by @moubctez in #547
- limit toasts to 5 on screen by @filipslezaklab in #550
- Check version of core and proxy when polling config by @t-aleksander in #549
- fix clipboard hook by @filipslezaklab in #553
- Fixes pentest issue DG25-27 from 2025-09-02 by @wojcik91 in #552
- Inform users about mismatch of UUIDs by @t-aleksander in #556
- Autocorrect UUIDs & fix displaying information that the selected MFA error is not configured by @t-aleksander in #560
- Merge release/1.5-alpha to main by @t-aleksander in #557
- handle WebSocket connection error by @wojcik91 in #567
- Don't report version mismatch if core is not connected by @t-aleksander in #570
- add missing permissions by @filipslezaklab in #574
- Fix MFA connect from tray menu by @moubctez in #575
- Fix build and cargo dependencies by @moubctez in #580
- Fixes pentest issue DG25-28 from 2025-09-02 by @j-chmielewski in #578
- Fixes pentest issue DG25-29 from 2025-09-02 by @j-chmielewski in #582
Full Changelog: v1.5.0...v1.5.1