⚠️ This is a pre-release that requires Defguard Core and Defguard Proxy v1.5.0-alpha5 - please help us test and stabilize the release 🫡
What's Changed
Other Changes
- Pass admin device management flag in enrollment start response by @wojcik91 in #1235
- Implement remaining activity-log event types by @j-chmielewski in #1243
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #1264
- Allow binding to a specific address by @t-aleksander in #1287
- Merge main -> dev post 1.4 release by @wojcik91 in #1292
- Add user SNAT bindings by @wojcik91 in #1273
- Allow admins to disable users' MFA by @wojcik91 in #1281
- Fix auth key delete endpoint by @j-chmielewski in #1299
- Enable Rust 2024 edition by @wojcik91 in #1280
- move migrations directory to workspace root by @wojcik91 in #1249
- fix SNAT API 404 errors by @wojcik91 in #1304
- Register mobile client by @filipslezaklab in #1306
- Add activity log event description by @wojcik91 in #1289
- Add device redesign by @filipslezaklab in #1311
- User groups events by @jakub-tldr in #1307
- Fix add network device modal by @filipslezaklab in #1313
- fix logout when disabled e2e test by @filipslezaklab in #1314
- OpenID external MFA e2e tests by @t-aleksander in #1315
- Fix TS type checking by @filipslezaklab in #1317
- Add location column in activity log by @wojcik91 in #1318
- Fix translation network device modal by @filipslezaklab in #1322
- Add per-location MFA settings by @wojcik91 in #1323
- Add per-location MFA settings pt2 by @wojcik91 in #1330
- Adjust network form MFA config layout by @wojcik91 in #1334
- network edit form fixes by @wojcik91 in #1336
- merge biome rules with proxy by @filipslezaklab in #1338
- update desktop client link style by @filipslezaklab in #1339
- fix VPN client name in MFA events by @wojcik91 in #1346
- Add AMI building to the release pipeline by @t-aleksander in #1343
- fix consent page style on desktop by @filipslezaklab in #1350
- add mobile links by @filipslezaklab in #1352
- fix error propagarion from axios provider by @filipslezaklab in #1355
- change default peer disconnect threshold to 300 by @t-aleksander in #1360
- biometric mfa poc by @filipslezaklab in #1368
- fix workflow permissions by @t-aleksander in #1379
- Change "Gateway address" field in VPN configuration by @moubctez in #1381
- add biometry enabled indicator in profile devices list by @filipslezaklab in #1383
- Avoid HTTP return code: 204 No Content by @moubctez in #1384
- fix overview stats period labels by @wojcik91 in #1393
- add tests for biometric auth by @filipslezaklab in #1392
- enrollment qr in enroll by admin modal by @filipslezaklab in #1397
- fix reserved ip form error not showing by @filipslezaklab in #1398
- sign Docker images using Cosign by @wojcik91 in #1373
- fix buttons clicks by @filipslezaklab in #1401
- fix external MFA select by @wojcik91 in #1408
- squash fixes by @filipslezaklab in #1411
- fix external OpenID status refresh by @wojcik91 in #1416
- Enterprise link is 404 by @SalehBorhani in #1337
- chore: backport security hotfix from main by @wojcik91 in #1421
- Tonic 14 by @moubctez in #1422
- Fix deny.toml by @moubctez in #1425
- Jumpcloud directory synchronization by @t-aleksander in #1426
- Desktop mfa via mobile device by @filipslezaklab in #1429
- Switch to newer Rust by @moubctez in #1431
- Version exchange and logging by @j-chmielewski in #1361
- Use Debian 13 and update depenedencies by @moubctez in #1432
- Drop handling of service reload; switch to std OnceLock by @moubctez in #1434
- Scan images with Trivy by @moubctez in #1435
- implement integration tests for gRPC server by @wojcik91 in #1437
- Speed up e2e by @jakub-tldr in #1439
- Fix available device IP validation by @wojcik91 in #1446
- Register mfa during enrollment by @filipslezaklab in #1436
- validate enrollment token & user device compatibility in instance info endpoint by @wojcik91 in #1447
- End-to-end tests: take 2 by @moubctez in #1448
- E2e fix take 3 by @jakub-tldr in #1450
- Implement network device license limits, always prompt for account selection on openid login by @t-aleksander in #1449
- Fix some providers not respecting OpenID parameters by @t-aleksander in #1458
- Version check by @j-chmielewski in #1441
- Switch AMI base image to debian by @t-aleksander in #1460
- update enrollment configuration response by @filipslezaklab in #1463
- Fix version comparison by @j-chmielewski in #1464
- Fix ldap attribute names case sensitive comparison by @t-aleksander in #1454
- Trim dependencies; update user agent regexes by @moubctez in #1471
- add desktop deep link into add device flow by @filipslezaklab in #1474
- Update tracing_subscriber by @moubctez in #1477
- add desktop deep links in emails by @filipslezaklab in #1476
- Return core version in http headers by @t-aleksander in #1479
- Fix ami building by @t-aleksander in #1481
- Swagger docs by @jakub-tldr in #1485
- Version mismatch report by @moubctez in #1483
- Prevent pre-shared keys from being sent when mfa is disabled by @t-aleksander in #1493
- add outdated components modal by @filipslezaklab in #1494
- Typos fix by @jakub-tldr in #1496
- Remove system header from HTTP by @t-aleksander in #1507
- Disable exaggerate tracing span; Fix proxy version info; Box::pin large futures by @moubctez in #1498
- Fixes pentest issue DG25-3 from 2025-09-02 by @wojcik91 in #1510
- Fixes pentest issue DG25-8: Server-Side Template Injection (SSTI) from 2025-09-02 by @moubctez in #1511
- Fixes pentest issue DG25-19: Clickjacking vulnerability from 2025-09-02 by @t-aleksander in #1514
- Add test for dg25-19 vulnerability by @t-aleksander in #1517
- Fix UUID being nil by @moubctez in #1521
- Fixes pentest issue DG25-9 from 2025-09-02 by @filipslezaklab in #1518
- Fixes pentest issue DG25-27 from 2025-09-02 by @wojcik91 in #1524
- Fixes pentest issue DG25-12 from 2025-09-02 by @wojcik91 in #1527
- add trim to string fields in zod schemas by @filipslezaklab in #1528
- Fixes pentest issue DG25-13 from 2025-09-02 by @wojcik91 in #1530
- fix network device edit form by @filipslezaklab in #1537
- Fixes pentest issue DG25-22 from 2025-09-02 by @t-aleksander in #1535
- Fixes pentest issue DG25-23 from 2025-09-02 by @t-aleksander in #1538
- Version notifications by @j-chmielewski in #1531
New Contributors
- @jakub-tldr made their first contribution in #1307
- @SalehBorhani made their first contribution in #1337
Full Changelog: v1.4.1...v1.5.0-rc1