🎉 Welcome to Defguard 2.0 🎉
It’s a significant step up from version 1.x, featuring:
🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.
More details with videos in this blogpost.
⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- Release 1.6 alpha merger by @wojcik91 in #1711
- Finialize moving most important DB models to a common crate by @wojcik91 in #1713
- Merge main->dev before 1.6 by @j-chmielewski in #1756
- Implement multiple proxy handling by @j-chmielewski in #1743
- Reverse gateway grpc take two merger by @moubctez in #1767
- Gateway REST by @moubctez in #1775
- Allow domain names location DNS by @moubctez in #1786
- Add MTU and FwMark to WireGuardNetwork by @moubctez in #1788
- Disable APT repository signing/uploads by @jakub-tldr in #1799
- Disable APT repository signing/uploads by @jakub-tldr in #1800
- Core certificate authority, part 1: Proxy by @t-aleksander in #1790
- UI table update by @filipslezaklab in #1808
- Update APT repository on full release/pre-release by @jakub-tldr in #1807
- Merge main -> dev after 1.6.1 release by @wojcik91 in #1844
- PUT for OpenIDProvider by @moubctez in #1801
- Multiproxy private cookies by @j-chmielewski in #1809
- components update 1 by @filipslezaklab in #1848
- OpenID tests by @jakub-tldr in #1852
- Add MTU and FwMark to web interface by @moubctez in #1849
- Core certificate authority, part 2: Gateway by @t-aleksander in #1846
- Extend OpenAPI docs with OpenID providers by @moubctez in #1860
- OpenID provider kind by @moubctez in #1871
- VPN client session manager pt2 by @wojcik91 in #1802
- Activity log streaming page by @jakub-tldr in #1876
- add VPN sessions & stats generator by @wojcik91 in #1885
- send cookie keys via protos by @j-chmielewski in #1881
- Log streaming page tweaks by @jakub-tldr in #1892
- VPN stats generator pt2 by @wojcik91 in #1891
- Destination, part 1 by @moubctez in #1895
- MTU and FwMark are not optional by @moubctez in #1907
- session manager VPN client events by @wojcik91 in #1911
- fix docker build by @wojcik91 in #1914
- Implement proxy wizard by @t-aleksander in #1910
- Implement remote MFA with new, separate RPC message by @j-chmielewski in #1912
- Include component version in support data by @jakub-tldr in #1920
- Gateway wizard by @t-aleksander in #1919
- handle multiple gateways in session manager by @wojcik91 in #1917
- Any for aliases by @moubctez in #1918
- Initiate self-enrolment from users list by @jakub-tldr in #1935
- Separate API for Alias and Destination by @moubctez in #1938
- Use functions for ApiResponse by @moubctez in #1942
- Activity log streaming certificate file upload by @jakub-tldr in #1941
- Edge edit form by @j-chmielewski in #1940
- Support VPN client MFA connect/disconnect process within the session manager by @wojcik91 in #1939
- periodic VPN session & stats purge by @wojcik91 in #1954
- Fetch AclAlias by kind by @moubctez in #1953
- drop legacy stats tables by @wojcik91 in #1957
- Edge delete by @j-chmielewski in #1960
- New instance setup wizard by @t-aleksander in #1961
- VPN sessions handling fixes by @wojcik91 in #1964
- Fix connecting to proxy after completing initial wizard by @t-aleksander in #1971
- Initial wizard fixes by @t-aleksander in #1987
- Fix wizard routing by @t-aleksander in #1991
- change from root guard to route specific guards by @filipslezaklab in #1993
- fix(mfa): preserve preshared key when creating new session by @j-chmielewski in #1995
- Edge list by @j-chmielewski in #1992
- Update ACL -> firewall rule translation to handle new toggles by @wojcik91 in #1994
- Restore init dev env by @t-aleksander in #2010
- Allow admins to delete a specific MFA method for a user by @jakub-tldr in #2012
- Block adding MFA for user as admin by @jakub-tldr in #2013
- pre-alpha ACL UI fixes by @wojcik91 in #2024
- fix acl queries by @filipslezaklab in #2032
- Persist initial setup wizard state by @t-aleksander in #2033
- fix querykey conflict by @filipslezaklab in #2039
- Restore minimal LDAP compose by @t-aleksander in #2043
- Crl by @j-chmielewski in #2041
- New mail templates by @moubctez in #1997
- Check limits when creating users / locations by @filipslezaklab in #2048
- New mail templates part 2 by @moubctez in #2053
- Lack of SMTP configuration information for user by @jakub-tldr in #2054
- Wizard design tweaks by @t-aleksander in #2063
- Fix typos by @moubctez in #2066
- Gateway TLS verification by @j-chmielewski in #2049
- Use binary licence key by @moubctez in #2069
- Deleting a location cascade-deletes gateways by @j-chmielewski in #2075
- Static IP assignment from user list by @t-aleksander in #2077
- update location stats API to reflect new design by @wojcik91 in #2081
- Device IP management for single device by @t-aleksander in #2084
- "Add new device" option for admins by @jakub-tldr in #2079
- fix keepalive interval input by @j-chmielewski in #2099
- add gateway list page by @wojcik91 in #2100
- Add enabled to MailContext by @moubctez in #2107
- add edit gateway page by @wojcik91 in #2108
- Disabled SMTP badge in "Initiate self-enrollment" button by @jakub-tldr in #2114
- Fix welcome page by @moubctez in #2113
- Update ui submodule by @jakub-tldr in #2115
- Use Desktop deep-link for enrolment by @moubctez in #2122
- Block changing network address if devices are present, fix wizard by @t-aleksander in #2119
- add session manager test harness by @wojcik91 in #2128
- Change gateway port input type to number by @j-chmielewski in #2130
- handle public edge component URL in settings by @wojcik91 in #2118
- Cleanup certs by @moubctez in #2134
- use session timeout setting for cookies by @wojcik91 in #2143
- add location type, fwmark, mtu columns to locations table by @j-chmielewski in #2147
- Show business & enterprise features in edit/wizard forms by @jakub-tldr in #2137
- restore restrictions section in ACL create/edit form by @wojcik91 in #2133
- require destination in ACLs by @wojcik91 in #2146
- Gateway/Edge enabled/disabled by @moubctez in #2158
- display pending ACL updates in sidebar by @wojcik91 in #2164
- fix cache invalidation after adding and removing new gateway by @j-chmielewski in #2168
- Automated adoption wizard by @t-aleksander in #2165
- ACL form restrictions section fix by @wojcik91 in #2171
- Update dependencies by @moubctez in #2178
- Optimize IP's reassignement & tests by @jakub-tldr in #2160
- Deploy Edge component step in initial wizard by @jakub-tldr in #2184
- Allow entering empty secret in webhook config by @jakub-tldr in #2186
- Trim Gateways and Edges on licence expiration by @moubctez in #2169
- Delete Yubikey provision trigger event on webhook by @jakub-tldr in #2201
- Add migration wizard by @filipslezaklab in #2194
- Fix empty expand in table when removing last item by @filipslezaklab in #2205
- Fix OpenID label & Change LDAP labels by @jakub-tldr in #2206
- block used alias/destination delete by @wojcik91 in #2204
- LDAP case insensitive by @moubctez in #2195
- User-friendly settings by @j-chmielewski in #2210
- Periodiacally refresh Gateway status by @moubctez in #2212
- License check by @moubctez in #2230
- Fix stale gateway/edge connected status by @t-aleksander in #2232
- Hide "Device IP settings" option for non-admin users by @jakub-tldr in #2234
- Network devices UI fixes by @jakub-tldr in #2235
- Fix network device edit modal by @jakub-tldr in #2237
- Adoption core logs by @j-chmielewski in #2188
- Migrate locations by @filipslezaklab in #2245
- Network readdress by @moubctez in #2260
- Add more logs to automatic component adoption process by @t-aleksander in #2274
- share edge deploy wizard step component by @filipslezaklab in #2275
- use table edit cell by @filipslezaklab in #2276
- ACL UI fixes by @wojcik91 in #2222
- Fix MFA mail by @moubctez in #2281
- Tweak settings UI by @j-chmielewski in #2282
- update openid table page by @filipslezaklab in #2285
- Prepare for Alpha Two by @moubctez in #2284
- Default MFA option only for logged in user by @moubctez in #2286
- fix logout not removing cookies by @filipslezaklab in #2287
- Redirect to user profile page on 403 status code by @moubctez in #2288
- Add snackbars to all settings pages, fix form state in client behavio… by @j-chmielewski in #2290
- Adoption logs UI tweaks by @j-chmielewski in #2289
- Change icon to text & add sorting by @jakub-tldr in #2292
- Show error in form on incorrect current password by @jakub-tldr in #2293
- Remove placeholder, add variable to Webhook by @jakub-tldr in #2297
- Add network device & openid deletion confirmation modals by @jakub-tldr in #2296
- fix cache invalidation for client behavior settings page by @j-chmielewski in #2294
- Require current password for self-edit, skip for admin non-self edits by @jakub-tldr in #2301
- Allow admin for editing users credentials by @jakub-tldr in #2302
- Fix spacing on restrictions section by @jakub-tldr in #2305
- change FormInput to FormTextarea to handle \n by @jakub-tldr in #2310
- fix app crash when clicking initiate enrollment button by @wojcik91 in #2312
- Change labels in migration one liner wizard by @jakub-tldr in #2313
- Implement UI fixes and improvements by @filipslezaklab in #2315
- Duplicate authentication keys / name checking by @jakub-tldr in #2318
- add confirm action modal by @filipslezaklab in #2308
- Add user device delete confirmation by @jakub-tldr in #2322
- Check for duplicate pubkey & check for duplicates during renaming auth keys by @jakub-tldr in #2324
- extend session manager test suite by @wojcik91 in #2325
- tables update 3 by @filipslezaklab in #2331
- Remove unnecessary toggle by @wojcik91 in #2339
- add missing images to license modals and welcome wizard screens by @filipslezaklab in #2341
- Allowed groups by @moubctez in #2332
- Add more tests for initial/migration/auto-adoption wizards by @t-aleksander in #2340
- Block adding device when there is no space in at least one subnet by @jakub-tldr in #2338
- Add missing variables to tests by @jakub-tldr in #2344
- Disable Submit when user has no devices to re-address by @moubctez in #2346
- fix modal scroll by @filipslezaklab in #2347
- Remove rp id from settings and derive it from defguard_url by @j-chmielewski in #2326
- fix modals on profile general tab by @filipslezaklab in #2349
- restore Disable MFA action in users table by @wojcik91 in #2350
- alias badge display fix by @wojcik91 in #2352
- add missing actions for rules table by @filipslezaklab in #2355
- Require both parameters for auto adoption wizard (adopt-edge adopt-gateway) by @t-aleksander in #2354
- Bug fixes by @moubctez in #2360
- Fix initial wizard always redirecting to vpn overview by @t-aleksander in #2358
- use qr-card component instead of plain qrcanvas by @filipslezaklab in #2364
- Info about licence limits by @moubctez in #2363
- Block adding network device when there are no available locations by @jakub-tldr in #2366
- add missing disconnect threshold input by @wojcik91 in #2365
- Cache invalidation fixes by @j-chmielewski in #2370
- Migrate defguard_url from config by @j-chmielewski in #2369
- add theme switch to top bar element by @filipslezaklab in #2386
- Update migration UI by @filipslezaklab in #2385
- Fix ACL form validation errors by @j-chmielewski in #2378
- Validate location address by @moubctez in #2388
- Update deployment helps by @t-aleksander in #2383
- make IP optional in activity log by @wojcik91 in #2394
- add 404 and migration auth error pages by @filipslezaklab in #2397
- Fix cache invalidation after MFA method setup by @j-chmielewski in #2396
- fix missing MFA session events by @wojcik91 in #2371
- Change label when creating device in full network by @jakub-tldr in #2399
- Send Gateway reconnect email by @moubctez in #2398
- Add missing delete confirmations by @jakub-tldr in #2403
- Add missing disable confirmations by @jakub-tldr in #2404
- add preshared key to VPN session model by @wojcik91 in #2402
- add user & device "online" indicator by @wojcik91 in #2409
- adoption form default ports & helpers by @j-chmielewski in #2410
- Use new validators by @jakub-tldr in #2408
- License upsell section by @j-chmielewski in #2401
- activity log event order fix by @wojcik91 in #2413
- Pagination by @moubctez in #2406
- extend ACL test coverage for new flags by @wojcik91 in #2411
- Limited pagination by @moubctez in #2417
- Autoadoption logs by @j-chmielewski in #2416
- Frontend validators tests by @jakub-tldr in #2429
- Adjust E2E tests to the new initial wizard and fix existing tests by @jakub-tldr in #2428
- use secret_key field from Settings to generate JWTs by @wojcik91 in #2434
- restore core gRPC server tests & add testing framework for gateway handlers by @wojcik91 in #2381
- fix API tokens page license handling by @wojcik91 in #2431
- remove gRPC Auth service by @wojcik91 in #2437
- update ACL rules table columns by @wojcik91 in #2441
- Mail templates by @moubctez in #2430
- Ensure settings are initialized before running wizards by @j-chmielewski in #2447
- Prevent creating network which can't contain already existing devices & Hostname validator tweak by @jakub-tldr in #2444
- fix last connected IP column value in Users table by @wojcik91 in #2443
- Plain text mail by @moubctez in #2451
- Enrollment settings by @j-chmielewski in #2433
- New support page by @jakub-tldr in #2452
- Fix license upsell sections spacing by @j-chmielewski in #2456
- ACL rule generator by @moubctez in #2459
- Squash migrations by @j-chmielewski in #2229
- New version notification by @jakub-tldr in #2460
- Change text in Support page / Make field nullable in LDAP form by @jakub-tldr in #2472
- Prevent setting gateway address to network or broadcast address by @jakub-tldr in #2478
- ACL rules table audit columns by @wojcik91 in #2474
- Fix redirect after openid authorization by @jakub-tldr in #2479
- Fix padding on VPN overview page by @jakub-tldr in #2480
- Make wizard modals scrollable by @jakub-tldr in #2481
- Add tooltips on deploy edge/gateway step by @jakub-tldr in #2482
- add missing translation keys by @wojcik91 in #2477
- Enrollment styling by @j-chmielewski in #2486
- show warning if editing a location could cause VPN sessions to disconnect by @wojcik91 in #2473
- Add wizard dividers by @jakub-tldr in #2492
- update firewall rule labels by @wojcik91 in #2489
- Redirect to app if user already logged in by @j-chmielewski in #2490
- add empty helper translation keys by @wojcik91 in #2494
- location form all groups toggle fix by @wojcik91 in #2497
- defguard_certs: do not depend on sqlx by @moubctez in #2501
- Locate groups by ID instead of name by @jakub-tldr in #2493
- warn user before deleting edge which is disconnected by @jakub-tldr in #2502
- Fix error messages by @jakub-tldr in #2506
- Clear field on "any" option by @jakub-tldr in #2509
- Extend UserInfo by @moubctez in #2507
- Faster cargo-deny by @moubctez in #2510
- Change error message on welcome mail templates by @jakub-tldr in #2513
- Provision HTTPS certificates for Core and Proxy by @t-aleksander in #2464
- add video support widget by @wojcik91 in #2496
- Unify device configs by @moubctez in #2519
- Fix MFA code label by @moubctez in #2524
- Add support type to license proto and display it in license settings by @j-chmielewski in #2498
- Standardise welcome page dividers by @jakub-tldr in #2580
- properly validate ACL rules which use just Aliases to populate fields by @wojcik91 in #2577
- add missing helper translation keys by @wojcik91 in #2578
- Hide option in support page & Fix init-dev-env tool by @jakub-tldr in #2583
- Adjust private_key warning messages by @jakub-tldr in #2585
- Fix for network device config by @moubctez in #2587
- Remove "back" option from adopt wizard + minor tweaks by @jakub-tldr in #2590
- Change ova download links by @t-aleksander in #2596
- Set correct step after general configuration by @jakub-tldr in #2592
- Use DEFGUARD_PROXY_URL instead of DEFGUARD_ENROLLMENT_URL during migration wizard + sort locations by name by @jakub-tldr in #2591
- Fix show config for missing configs by @moubctez in #2598
- Auto correct internal/public url by @t-aleksander in #2597
- Change default CA common name, email address by @t-aleksander in #2601
- bump min supported proxy & gateway versions by @wojcik91 in #2599
- Fix proxy_url parsing by @jakub-tldr in #2610
- Change endpoint, validate network size when editing location by @jakub-tldr in #2614
- Proxy manager tests by @wojcik91 in #2594
- Fix setting 2nd mfa method by @t-aleksander in #2619
- fix MFA configured email subject by @wojcik91 in #2622
- Fix setting default MFA by @t-aleksander in #2626
- video tutorials modal by @wojcik91 in #2593
- Remove mobile client info from enrollment email by @t-aleksander in #2634
- Make LDAP auxiliary object classes nullable by @t-aleksander in #2641
- Correct URL correction logic by @t-aleksander in #2646
- Remove checkbox from certificate authority section by @t-aleksander in #2645
- update login image by @filipslezaklab in #2649
- Change wizard wording by @t-aleksander in #2652
- enable remote enrollment for LDAP users by @wojcik91 in #2609
- Don't block dev builds by @t-aleksander in #2654
- Certificate settings by @j-chmielewski in #2500
- support protobuf versioning by @wojcik91 in #2458
- Reload settings after setup, guess cookie insecure if not provided by @t-aleksander in #2660
- fix example gateway port in migration wizard by @wojcik91 in #2662
- Email templates fixes by @jakub-tldr in #2659
- Reload config after wizard by @t-aleksander in #2664
- Inform the user to update urls after cert configuration by @j-chmielewski in #2666
- Handle GatewayHandler abort by @moubctez in #2667
- Disable user device actions according to permissions by @moubctez in #2669
- Display too many login attempts by @moubctez in #2671
- Fix trivy by @t-aleksander in #2672
- Better gRPC error handling by @moubctez in #2675
- Migration wizard video guide by @j-chmielewski in #2670
- improve component adoption URL parsing by @wojcik91 in #2674
- add workflow to tag image as latest on release publish by @wojcik91 in #2676
- Rules & OpenID provider form fixes by @jakub-tldr in #2680
- Disable Back button after Edge adoption in migration wizard by @moubctez in #2678
- Cleanup Wizard by @moubctez in #2677
- Fix migrator login by @t-aleksander in #2688
- actually store updated ip and port in migration wizard by @wojcik91 in #2692
- Certificate settings tweaks by @j-chmielewski in #2694
- add missing non-default table sorting functions by @wojcik91 in #2693
- Get rid of cross-rs by @moubctez in #2700
- Fix E2E tests, make them 8x faster by @t-aleksander in #2722
- Update core/edge url when changing cert configuration by @j-chmielewski in #2725
- Update environmental variables by @jakub-tldr in #2721
- Update dev instance when updating branch "release/**" by @jakub-tldr in #2732
- Make unit tests 8x faster by @t-aleksander in #2723
- Use AWS ecr repo for e2e postgres image by @t-aleksander in #2738
- Always restart defguard service by @moubctez in #2729
- add missing API endpoint for fetching user device WireGuard configs by @wojcik91 in #2739
- Bulk assign / users table empty state fix by @jakub-tldr in #2747
- Fix PersistentKeepalive in WireGuard config by @moubctez in #2750
- validate duplicate Gateway/Edge names in forms by @wojcik91 in #2741
- Save version after migration/wizard by @t-aleksander in #2734
- Cert expiry by @moubctez in #2744
- Automatic Letsencrypt certificate refresh by @j-chmielewski in #2730
- Preserve old package versions on APT repository by @jakub-tldr in #2761
- Step-aware wizard video tutorial section by @j-chmielewski in #2749
- Rename migrations by @t-aleksander in #2763
- Don’t fail for email errors during the enrolment by @moubctez in #2764
- Render markdown in emails by @t-aleksander in #2760
- add mTLS for gateway & proxy communication by @wojcik91 in #2726
- Sanitize LDAP errors (2.0) by @t-aleksander in #2682
- update final gw wizard step text according to the new design by @filipslezaklab in #2769
- LDAP: escape critical characters in DN by @moubctez in #2768
- add missing handlers in wizard API by @wojcik91 in #2773
- show contextual help on settings pages by @wojcik91 in #2766
- New json schema by @j-chmielewski in #2765
- Use RSA keys for openid token signing by @j-chmielewski in #2777
- fix network capacity validator function by @wojcik91 in #2780
- Fix cert settings by @j-chmielewski in #2784
- improve baseline HTTP security for no-reverse proxy deployment scenarios by @wojcik91 in #2782
- Remaining wizard e2e tests by @t-aleksander in #2776
- Better package by @moubctez in #2783
- adjust rate limiter config by @wojcik91 in #2787
- make rate limiter opt-in by @wojcik91 in #2792
- Test apt repo by @t-aleksander in #2797
- Add tests that we can sign CSRs generated with a NIST P-256 key by @t-aleksander in #2767
- Programatic adoption of Gateways by @t-aleksander in #2789
- Expose all used ports in proxy deployment example by @t-aleksander in #2825
- fix user profile form validation by @wojcik91 in #2826
- Fix WireGuard config and LDAP saving bugs by @t-aleksander in #2827
- Bugfix package by @t-aleksander in #2830
- misc email-related bugfixes by @wojcik91 in #2832
- 2.0 bugfix package by @t-aleksander in #2835
- form fixes by @filipslezaklab in #2836
- Change wording on some labels by @t-aleksander in #2837
- Adjust auto adoption finish screens label to design by @t-aleksander in #2839
- add dedicated APT repo for 2.0 packages by @wojcik91 in #2840
- update dependencies in preparation for 2.0 release by @wojcik91 in #2841
Full Changelog: v1.6.1...v2.0.0