RC
A Release Candidate (RC) is a near-final software version, stable but undergoing last tests before official release. It has all features and no known bugs.
- Users: Use cautiously due to potential undiscovered bugs. Not for critical systems unless prepared for issues. Report bugs.
- Developers/Testers: Perform crucial final validation and thorough testing, especially of recent changes, to catch last-minute major issues.
- Backup: Always back up data before installing an RC to allow rollback if problems arise.
- Feedback: Provide feedback; it's vital for a robust final release.
What's Changed
- Add port firewalling for Private Resources by @oschwartz10612 in #2087
- Add option to disable icmp packets over private resources by @oschwartz10612 in #2097
- Add option to pull client relay port from config by @oschwartz10612 in #2098
- Add option to make the 21820 port configurable by @oschwartz10612 in #2102
- Add wildcard alias resources by @oschwartz10612 in #2103
- Add OIDC authentication error response support by @buggystick in #2033
- Add login page customization by @Fredkiss3 in #1846
- Allow changing site on private resources by @oschwartz10612 in #2112
- Add ASN-based resource rule matching by @WildeTechSolutions in #2095
- Fix: filter dates evaluated at module load time by @depado in #2116
- Refactor: save button positionning by @Fredkiss3 in #1989
- Fix: Adding the blueprints list/get access via API by @huzky-v in #2104
- Refactor: Update
<DomainPicker />to accept default values by @Fredkiss3 in #2034 - Fix: Extend Basic Auth compatibility with browsers #1698 by @jln-brtn in #1951
- Add maintenance screen support by @oschwartz10612 in #2128
- Fix: Prevent cache memory leak with maxKeys limit and conditional caching by @djcrafts in #2133
- Fix: Support public-resources and private-resources in Docker blueprint labels by @djcrafts in #2132
- Fix: Add missing gnupg utility during Docker installation by @mgruszkiewicz in #2068
- ci: parallelize test workflow by @water-sucks in #2084
- feat(setup): allow declaring a server setup token through env variable by @water-sucks in #2080
- Small UI Improvements
New Contributors
- @mgruszkiewicz made their first contribution in #2068
- @buggystick made their first contribution in #2033
- @depado made their first contribution in #2116
- @huzky-v made their first contribution in #2104
- @WildeTechSolutions made their first contribution in #2095
- @djcrafts made their first contribution in #2133
Full Changelog: 1.13.1...1.14.0-rc.0
Recommended Versions
Pangolin is backward compatible with older versions of its components. However, access to new features requires that all components be updated to their latest versions. We strongly recommend keeping everything up to date to ensure you benefit from the newest functionality, improvements, and fixes.
- Pangolin 1.14.0+
- Badger 1.3.0+
- Gerbil 1.3.0+
- Olm 1.3.0+
- Newt 1.8.0+
How to Update
Important
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.
Badger Supports Real IP with Cloudflare Proxy
Badger 1.3.0 supports pulling the real IP when behind the Cloudflare Proxy. Support for this is enabled by default. Read more in the Badger release notes.
Port Firewalling and ICMP Ping Support in Private Resources
Private resources now support more granular access controls for ports and protocols. For TCP and UDP traffic, you can choose to allow all ports, block all ports, or define a specific set of allowed ports and port ranges.
In addition, private resources now support ICMP ping. Previously, ICMP traffic was always blocked, preventing you from using tools like ping to test connectivity. With this update, ICMP ping is enabled by default and can also be disabled at any time through the resource’s firewall settings.
Use Private DNS Servers with Pangolin Clients
Pangolin clients on Windows, macOS, and Linux now support routing DNS queries through the secure tunnel. This allows you to configure a self-hosted or private DNS server that the client will use whenever it is connected.
When this feature is enabled, all DNS resolution is performed over the tunnel instead of the local network. As long as you have a private resource configured that grants the client access to the DNS server, queries will be securely resolved within your private infrastructure.
To use this feature, please update your client to the latest available versions.