github NHAS/wag v9.0.0
on GitHub

2 months ago

After several months work, wag version 9 is being released.
This release has a number of massive changes and improvements. As this is a major version change this may contain breaking changes, best effort has been made to port over data from 8.0.1 but as the internal structure for how groups are managed has changed this may break.

New Features:

  • Completely redesigned administrative and user mfa pages to use a more modern and reactive frame work (and it looks good!)
  • ACME
  • Support on all TLS enabled enpoints (management, registration and tunnel).
  • Support for DNS-01 challenge via Cloudflare token
  • MFA portal
    • Uses websockets to realtime update the user whether their account/device is locked
    • Notifications are now built in, a user can allow notifications to be prompted to re-authorise
    • Authorisation page now shows allowed/mfa routes and wag version
  • IPv6 has been partially enabled, routes now support IPv6
  • Cluster errors now give notifications on the administrative page
  • OIDC can now take custom scopes thanks to @mohgho
  • Registration tokens can now define a static ip to set as a device rather than dynamically determining new IP address

Changes:

  • Fonts are now included locally within the application as per #128
  • eBPF and specific kernel versions are no longer required as this has been moved entirely into golang userspace (bye ebpf 😢 )
  • Using githubs container registery the unstable branch is now available to administrators
  • The reload command has been removed as it is redundant per #143
  • Devices will now reauth automatically if a user moves quickly then supplies a challenge (fixes some roaming issues users have)
  • TLSManagerListenURL is no longer a required field, but not supplying it will mean setting up a cluster is not possible
  • Sqlite compatibility has now been removed entirely

Breaking changes:

  • OIDC callback has been changed from /authorise/oidc to /api/oidc/authorise/callback due to API redesign
  • /status on the tunnel has now been moved to /api/status
  • /routes on the tunnel has now been moved to /api/routes, this may be temporarily reverted as per #185 targetting 9.0.1

Security Fixes:

  • A number of third party libraries have been updated to remediate issues picked up by dependabot
  • OIDC now correctly associates the subject rather than the user email address as per #117

Full Changelog: v8.0.1...v9.0.0

Check out latest releases or
releases around NHAS/wag v9.0.0

Don't miss a new wag release

NewReleases is sending notifications on new releases.

Get notifications