This is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
💫Desktop Client now supports External SSO/IdP MFA
Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
Migration guide
Before updating please make sure to read the migration guide
What's Changed
Other Changes
- Handle admin device management flag by @wojcik91 in #116
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #119
- Allow binding to a specific address by @t-aleksander in #120
- Merge main -> dev post 1.4 release by @wojcik91 in #123
- add support for per location MFA settings by @wojcik91 in #124
- fix: openid mfa callback page rwd by @filipslezaklab in #126
- UI update by @filipslezaklab in #127
- Fix font files by @filipslezaklab in #129
- update routes on backend by @filipslezaklab in #132
- Add AMI building to the release pipeline by @t-aleksander in #130
- mobile mfa poc by @filipslezaklab in #134
- verify biometry register request data by @filipslezaklab in #135
- Add eu central region by @t-aleksander in #136
- sign Docker images using Cosign by @wojcik91 in #137
- Tonic 14 by @moubctez in #140
- Desktop MFA mobile approve by @filipslezaklab in #138
- Version exchange and logging by @j-chmielewski in #133
- Scan images with Trivy by @moubctez in #142
- add code based mfa setup by @filipslezaklab in #141
- Version check by @j-chmielewski in #143
- handle new enrollment configuration by @filipslezaklab in #145
- Fix version comparison by @j-chmielewski in #146
- Switch AMI base image to debian by @t-aleksander in #144
- Update dependencies by @moubctez in #147
- Update tracing_subscriber by @moubctez in #149
- add deep link to openid enroll by @filipslezaklab in #150
- Return defguard version (proxy, core) in http headers by @t-aleksander in #151
- Fix ami building by @t-aleksander in #152
- Better WebSocket handling and build with newer defguard_version by @moubctez in #154
- update messages in openid callback setup page by @filipslezaklab in #155
- Update defguard-version version by @t-aleksander in #156
- Ignore pre-release in version comparison by @j-chmielewski in #160
- update mobile app apple store link by @filipslezaklab in #161
- Return whether core is connected by @t-aleksander in #163
- chore(CI): update node version in release workflow by @wojcik91 in #165
Full Changelog: v1.4.0...v1.5.0