firezone/firezone 1.0.0

on GitHub

✨ Features

• fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
• feat(website): Add battlecard to landing page @jamilbk (#4744)
• feat(connlib): smoothly migrate relayed connections @thomaseizinger (#4568)
• docs: Add common use cases @jamilbk (#4677)
• feat(docs): Add Cloudflare WARP known incompatibility issue @jamilbk (#4704)
• feat(portal): Broadcast relays presence to gateways and add invalidate_ice_candidates messages @AndrewDryga (#4685)
• ci: Only build debug images for linux/amd64 @jamilbk (#4612)
• ci: Enable client compatibility tests @jamilbk (#4610)

🐛 Bug Fixes

• fix(linux-client): forbid passing the token as a CLI arg @ReactorScram (#4683)
• fix(snownet): invalidate host candidates on reconnect @thomaseizinger (#4755)
• fix(snownet): properly handle dual-stack relays @thomaseizinger (#4750)
• fix(portal): Hide API clients sidebar link in UI when feature disabled @bmanifold (#4747)
• fix(relay): clear channel bindings when allocation is deleted @thomaseizinger (#4705)
• fix(portal): Fix bug with preset values in policies dropdowns @AndrewDryga (#4693)
• fix(website): Add missing sidebar link @jamilbk (#4676)
• fix(linux-client): don't show the token in --help @ReactorScram (#4654)
• fix(website): Fix broken links @jamilbk (#4645)
• fix(apple): Append to Swift logfile instead of overwriting each time @jamilbk (#4633)
• fix(windows-client): remove spurious "Connected to Firezone" notifications @ReactorScram (#4603)
• fix(windows): patch some DNS leaks @ReactorScram (#4530)
• fix(portal): remove typo in manual command var @jamilbk (#4614)
• fix(ci): Override release_drafter commitish since we run on PRs now @jamilbk (#4608)
• fix(ci): autolabeler to fix changelog drafting @jamilbk (#4591)

🧰 Maintenance

• chore(connlib): forward panics containing an owned string @thomaseizinger (#4760)
• chore: remove test lib bash sourcing from customer-run scripts @jamilbk (#4753)
• chore(snownet): free memory of allocation without valid credentials @thomaseizinger (#4720)
• chore(ip-packet): address PR feedback @thomaseizinger (#4721)
• revert: Revert removal of GitHub link in the navbar @jamilbk (#4734)
• chore(website): revert split-horizon DNS terming @jamilbk (#4703)
• ci: Don't run browser tests on release images @jamilbk (#4722)
• test(client): add reconnection tests from a client using a headless browser @conectado (#4569)
• chore(snownet): don't update remote socket from WG activity @thomaseizinger (#4615)
• chore(website): Publish macOS client @jamilbk (#4719)
• chore(docs): Update sizing recs for Gateways @jamilbk (#4708)
• chore(website): Use sales / sign up for CTA in navbar @jamilbk (#4711)
• chore(linux-client): allow custom token path @ReactorScram (#4666)
• chore: extract common ip-packet crate @thomaseizinger (#4702)
• ci: remove setting of unused env variable @thomaseizinger (#4710)
• chore(relay): restore request metadata for control messages @thomaseizinger (#4699)
• chore(relay): log all failed requests on warn @thomaseizinger (#4700)
• chore(connlib): remove MTU refreshing @thomaseizinger (#4698)
• test(linux-client): move linux-group test out of integration tests @ReactorScram (#4692)
• chore(snownet): assert that we can send ICMP packets through the tunnel @thomaseizinger (#4675)
• test(connlib): assert connection intents using property-based state machine test @thomaseizinger (#4597)
• ci: run assertions inside docker container @thomaseizinger (#4680)
• ci(fix): replace more invalid ref chars @jamilbk (#4687)
• test(linux-client): disable failing test @ReactorScram (#4689)
• chore(docs): fix FAQ link to architecture @jamilbk (#4684)
• test(linux-client): fix linux-group integration test @ReactorScram (#4671)
• chore(phoenix-channel): don't log message on deserialisation error @thomaseizinger (#4673)
• chore(relay): parse init message @thomaseizinger (#4672)
• chore(linux-client): print resources with tracing::debug @ReactorScram (#4658)
• test(linux-client): temporarily disable failing linux-group integration test @ReactorScram (#4670)
• chore(connlib): add unit test for deserializing broadcast_ice_candidates @thomaseizinger (#4646)
• chore(linux): only allow IPC connections from members of the firezone group @ReactorScram (#4628)
• test(linux-client): check if we can add the user to a group in a CI test @ReactorScram (#4600)
• chore(docs): formalize the rule for logging sensitive info @ReactorScram (#4663)
• chore(linux): ask systemd to limit our privileges @ReactorScram (#4630)
• chore(docs): Recommend 3 gateways @jamilbk (#4649)
• chore(website): update wireguard impl @jamilbk (#4648)
• chore(rust): fix local docker development @conectado (#4642)
• chore(ci): build docker dev images with main @jamilbk (#4643)
• chore(ci): Use netstat instead of ss for release image tests @jamilbk (#4640)
• chore(devops): Fix GH overriding main branch statuses @AndrewDryga (#4639)
• chore(portal): Add one more test for relays lb @AndrewDryga (#4638)
• chore(portal): Change name and structure of relays presence event @AndrewDryga (#4623)
• chore(ci): .env not available in with shared workflow context @jamilbk (#4631)
• ci: Add tag name to build-dev-images @jamilbk (#4629)
• chore(connlib): upsert relays from "init" message @thomaseizinger (#4567)
• test(linux-client): separate the token from the systemd unit file @ReactorScram (#4626)
• refactor(perf-tests): add prefixes 'base' and 'head' @ReactorScram (#4598)
• test(integration): remove redundant integration-test- prefix @ReactorScram (#4601)
• feat(portal): Broadcast relays presence updates to the client and return them in init @AndrewDryga (#4596)
• docs(client): how to read logs with jq @ReactorScram (#4599)
• chore(relay): perform graceful shutdown upon receiving SIGTERM @thomaseizinger (#4552)
• chore(relay): connect to portal in the background during startup @thomaseizinger (#4594)
• chore(snownet): add unit-test for roaming networks @thomaseizinger (#4585)
• chore(portal): Try new LoggerJSON implementation @AndrewDryga (#4595)
• ci: reduce duplication in integration tests @thomaseizinger (#4583)
• chore(clients): Bump Apple to 1.0.2; Android 1.0.1 @jamilbk (#4590)
• fix(website): Add metadatas for site links to generate @jamilbk (#4593)
• build(deps): Bump rustls from 0.22.3 to 0.22.4 in /rust in the cargo group @dependabot (#4715)
• build(deps): Bump time from 0.3.34 to 0.3.36 in /rust @dependabot (#4730)
• refactor(connlib): remove PacketTransform abstraction @thomaseizinger (#4709)
• refactor(docs): Refactor KbSideBar to more accurately reflect content @jamilbk (#4712)
• build(deps): Bump either from 1.10.0 to 1.11.0 in /rust @dependabot (#4621)
• refactor(portal): Allow concurrent updates to synced actor/actor identities during sync @AndrewDryga (#4409)
• refactor(linux-client): rename daemon subcommand to ipc-service @ReactorScram (#4656)
• refactor(portal): Refactor client login to use HTML meta refresh and cookie @bmanifold (#4617)
• refactor(test): use 'set -euox' instead of manual echos @ReactorScram (#4637)
• build(deps): Bump redis from 0.25.2 to 0.25.3 in /rust @dependabot (#4622)
• refactor(apple): Don't log error if calling stop on stopped tunnel @jamilbk (#4632)
• refactor: Discord -> Slack @jamilbk (#4616)
• refactor(headless-client): change CLI args for the IPC daemon @ReactorScram (#4604)
• build(deps): Bump hostname from 0.3.1 to 0.4.0 in /rust @dependabot (#4620)
• refactor(headless-client): use Tokio codec instead of hand-rolled length-delimited codec @ReactorScram (#4606)
• build(deps): Bump the windows group in /rust with 2 updates @dependabot (#4619)

📝 Documentation

• docs: Fix a few typos / wording issues @jamilbk (#4735)
• docs: Add user/group limit info to Entra connector @jamilbk (#4725)
• docs: Adjust format size based on screen size @jamilbk (#4724)
• docs: Add common use cases @jamilbk (#4677)
• docs: Architecture @jamilbk (#4605)