This is a patch for the major 2.0 release. It includes security improvements identified through our regular penetration testing activities, as well as fixes for issues reported by early adopters.
Learn more about the latest penetration testing report on our website.
The 2.0 was a significant step up from version 1.x, featuring:
🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.
More details with videos in this blogpost.
⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.
⚠️ Business features require free registration.
Previously, these features were available without registration (within certain limits).
Starting from 2.0, a free Business license registration is required to use them.
👉 https://defguard.net/get-free-business/
Once registered, simply apply your license to your instance and enjoy access to Business functionality.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- DG26-4: Extending the number of locations by @jakub-tldr in #2849
- DG26-10: API key creation inconsistency by @jakub-tldr in #2850
- DG26-9: Activity log does not log misuse of recovery code by @jakub-tldr in #2851
- DG26-6: Incorrect scope parsing in oAuth applications by @wojcik91 in #2856
- DG26-11: Gateway setup - Lack of server-side data validation by @wojcik91 in #2857
- DG26-7: oAuth state parameter parsing violates RFC-6749 by @wojcik91 in #2886
- DG26-8: HTML Injection - API tokens by @jakub-tldr in #2887
- Update group endpoint OpenAPI documentation by @jakub-tldr in #2890
- Fix destination/aliases list by @jakub-tldr in #2895
- Better client IP address detection by @moubctez in #2897
- Migrate empty allowed groups from 1.6.x by @jakub-tldr in #2902
- Prevent deleting groups used in locations by @jakub-tldr in #2908
- update openssl crate by @wojcik91 in #2957
Full Changelog: v2.0.0...v2.0.1