✨ Features
- fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
- feat(website): Add battlecard to landing page @jamilbk (#4744)
- feat(connlib): smoothly migrate relayed connections @thomaseizinger (#4568)
- docs: Add common use cases @jamilbk (#4677)
- feat(docs): Add Cloudflare WARP known incompatibility issue @jamilbk (#4704)
- feat(portal): Broadcast relays presence to gateways and add invalidate_ice_candidates messages @AndrewDryga (#4685)
- ci: Only build debug images for
linux/amd64
@jamilbk (#4612) - ci: Enable client compatibility tests @jamilbk (#4610)
🐛 Bug Fixes
- fix(linux-client): forbid passing the token as a CLI arg @ReactorScram (#4683)
- fix(snownet): invalidate host candidates on reconnect @thomaseizinger (#4755)
- fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
- fix(portal): Hide API clients sidebar link in UI when feature disabled @bmanifold (#4747)
- fix(relay): clear channel bindings when allocation is deleted @thomaseizinger (#4705)
- fix(portal): Fix bug with preset values in policies dropdowns @AndrewDryga (#4693)
- fix(website): Add missing sidebar link @jamilbk (#4676)
- fix(linux-client): don't show the token in
--help
@ReactorScram (#4654) - fix(website): Fix broken links @jamilbk (#4645)
- fix(apple): Append to Swift logfile instead of overwriting each time @jamilbk (#4633)
- fix(windows-client): remove spurious "Connected to Firezone" notifications @ReactorScram (#4603)
- fix(windows): patch some DNS leaks @ReactorScram (#4530)
- fix(portal): remove typo in manual command var @jamilbk (#4614)
- fix(ci): Override release_drafter commitish since we run on PRs now @jamilbk (#4608)
- fix(ci): autolabeler to fix changelog drafting @jamilbk (#4591)
🧰 Maintenance
- chore(connlib): forward panics containing an owned string @thomaseizinger (#4760)
- chore: remove test lib bash sourcing from customer-run scripts @jamilbk (#4753)
- chore(snownet): free memory of allocation without valid credentials @thomaseizinger (#4720)
- chore(ip-packet): address PR feedback @thomaseizinger (#4721)
- revert: Revert removal of GitHub link in the navbar @jamilbk (#4734)
- chore(website): revert split-horizon DNS terming @jamilbk (#4703)
- ci: Don't run browser tests on release images @jamilbk (#4722)
- test(client): add reconnection tests from a client using a headless browser @conectado (#4569)
- chore(snownet): don't update remote socket from WG activity @thomaseizinger (#4615)
- chore(website): Publish macOS client @jamilbk (#4719)
- chore(docs): Update sizing recs for Gateways @jamilbk (#4708)
- chore(website): Use sales / sign up for CTA in navbar @jamilbk (#4711)
- chore(linux-client): allow custom token path @ReactorScram (#4666)
- chore: extract common
ip-packet
crate @thomaseizinger (#4702) - ci: remove setting of unused env variable @thomaseizinger (#4710)
- chore(relay): restore request metadata for control messages @thomaseizinger (#4699)
- chore(relay): log all failed requests on warn @thomaseizinger (#4700)
- chore(connlib): remove MTU refreshing @thomaseizinger (#4698)
- test(linux-client): move linux-group test out of integration tests @ReactorScram (#4692)
- chore(snownet): assert that we can send ICMP packets through the tunnel @thomaseizinger (#4675)
- test(connlib): assert connection intents using property-based state machine test @thomaseizinger (#4597)
- ci: run assertions inside docker container @thomaseizinger (#4680)
- ci(fix): replace more invalid ref chars @jamilbk (#4687)
- test(linux-client): disable failing test @ReactorScram (#4689)
- chore(docs): fix FAQ link to architecture @jamilbk (#4684)
- test(linux-client): fix linux-group integration test @ReactorScram (#4671)
- chore(phoenix-channel): don't log message on deserialisation error @thomaseizinger (#4673)
- chore(relay): parse
init
message @thomaseizinger (#4672) - chore(linux-client): print resources with
tracing::debug
@ReactorScram (#4658) - test(linux-client): temporarily disable failing linux-group integration test @ReactorScram (#4670)
- chore(connlib): add unit test for deserializing
broadcast_ice_candidates
@thomaseizinger (#4646) - chore(linux): only allow IPC connections from members of the
firezone
group @ReactorScram (#4628) - test(linux-client): check if we can add the user to a group in a CI test @ReactorScram (#4600)
- chore(docs): formalize the rule for logging sensitive info @ReactorScram (#4663)
- chore(linux): ask systemd to limit our privileges @ReactorScram (#4630)
- chore(docs): Recommend 3 gateways @jamilbk (#4649)
- chore(website): update wireguard impl @jamilbk (#4648)
- chore(rust): fix local docker development @conectado (#4642)
- chore(ci): build docker dev images with
main
@jamilbk (#4643) - chore(ci): Use netstat instead of ss for release image tests @jamilbk (#4640)
- chore(devops): Fix GH overriding main branch statuses @AndrewDryga (#4639)
- chore(portal): Add one more test for relays lb @AndrewDryga (#4638)
- chore(portal): Change name and structure of relays presence event @AndrewDryga (#4623)
- chore(ci): .env not available in
with
shared workflow context @jamilbk (#4631) - ci: Add tag name to build-dev-images @jamilbk (#4629)
- chore(connlib): upsert relays from "init" message @thomaseizinger (#4567)
- test(linux-client): separate the token from the systemd unit file @ReactorScram (#4626)
- refactor(perf-tests): add prefixes 'base' and 'head' @ReactorScram (#4598)
- test(integration): remove redundant
integration-test-
prefix @ReactorScram (#4601) - feat(portal): Broadcast relays presence updates to the client and return them in init @AndrewDryga (#4596)
- docs(client): how to read logs with jq @ReactorScram (#4599)
- chore(relay): perform graceful shutdown upon receiving SIGTERM @thomaseizinger (#4552)
- chore(relay): connect to portal in the background during startup @thomaseizinger (#4594)
- chore(snownet): add unit-test for roaming networks @thomaseizinger (#4585)
- chore(portal): Try new LoggerJSON implementation @AndrewDryga (#4595)
- ci: reduce duplication in integration tests @thomaseizinger (#4583)
- chore(clients): Bump Apple to 1.0.2; Android 1.0.1 @jamilbk (#4590)
- fix(website): Add metadatas for site links to generate @jamilbk (#4593)
- build(deps): Bump rustls from 0.22.3 to 0.22.4 in /rust in the cargo group @dependabot (#4715)
- build(deps): Bump time from 0.3.34 to 0.3.36 in /rust @dependabot (#4730)
- refactor(connlib): remove
PacketTransform
abstraction @thomaseizinger (#4709) - refactor(docs): Refactor KbSideBar to more accurately reflect content @jamilbk (#4712)
- build(deps): Bump either from 1.10.0 to 1.11.0 in /rust @dependabot (#4621)
- refactor(portal): Allow concurrent updates to synced actor/actor identities during sync @AndrewDryga (#4409)
- refactor(linux-client): rename
daemon
subcommand toipc-service
@ReactorScram (#4656) - refactor(portal): Refactor client login to use HTML meta refresh and cookie @bmanifold (#4617)
- refactor(test): use 'set -euox' instead of manual echos @ReactorScram (#4637)
- build(deps): Bump redis from 0.25.2 to 0.25.3 in /rust @dependabot (#4622)
- refactor(apple): Don't log error if calling stop on stopped tunnel @jamilbk (#4632)
- refactor: Discord -> Slack @jamilbk (#4616)
- refactor(headless-client): change CLI args for the IPC daemon @ReactorScram (#4604)
- build(deps): Bump hostname from 0.3.1 to 0.4.0 in /rust @dependabot (#4620)
- refactor(headless-client): use Tokio codec instead of hand-rolled length-delimited codec @ReactorScram (#4606)
- build(deps): Bump the windows group in /rust with 2 updates @dependabot (#4619)