github ghostunnel/ghostunnel v1.11.0
Version 1.11.0

5 hours ago

Highlights

  • Native Windows Service Control Manager support. Ghostunnel can now run as
    a proper Windows service, with service install/uninstall/start/
    stop/status subcommands and Windows Event Log integration via the new
    --eventlog flag (#712, #713, #717, thanks to @bdudley-cw for #712 and
    #717).
  • TLS settings modernization. Dropped the explicit CurvePreferences
    setting so Ghostunnel inherits Go's defaults (which include the
    X25519MLKEM768 hybrid post-quantum key exchange), and added read/idle
    timeouts plus a bounded shutdown context on the status HTTP server (#761).
  • FreeBSD in CI. Integration tests now run on FreeBSD in GitHub Actions,
    with coverage uploaded to Codecov (#750).

New Features

  • Windows Service Control Manager. New service install, service uninstall, service start, service stop, and service status
    subcommands register Ghostunnel with the Windows SCM. The service starts
    automatically on boot, responds to stop/shutdown controls from the SCM, and
    reports start/failure status back through the SCM (#712, #717, thanks to
    @bdudley-cw). Non-Windows platforms are unaffected.
  • Windows Event Log. New --eventlog flag sends logs to the Windows
    Event Log instead of stdout (#713).
  • Generalized notify-ready. The systemd notify-ready code was generalized
    into a platform-independent helper and is now also used by the Windows SCM
    integration to signal readiness to the service manager.

Bug Fixes

  • PROXY protocol over UNIX socket listeners. Fixed an issue where PROXY
    protocol on a UNIX socket listener dropped every connection (#751).
  • Accept loop backoff. The accept loop no longer spins hot on persistent
    accept errors and instead backs off with a capped delay (#757).
  • Wildcard separator handling. wildcard.CompileWithSeparator now
    properly regex-quotes the separator, and trailing-separator handling plus
    bare ** behavior are now correct (#752, #754).
  • Shutdown handler. The /_shutdown handler can no longer block forever
    on repeated POSTs (#755).
  • Rego policy reload race. Fixed a data race on env.regoPolicy between
    startup and the timed-reload goroutine (#760).
  • Cipher-suite parsing. Deduplicated cipher-suite parsing logic so the
    client and server paths can no longer drift (#759).
  • Target and status flag validation. Server mode now correctly rejects
    --target systemd: and --target launchd: at startup instead of accepting
    them and failing to dial later (#758), other undialable --target networks
    are now rejected at flag validation, and --status https:// is now rejected
    on non-TCP listeners (#762).
  • ACME renewal under mTLS. Improved ACME certificate renewal when the
    listener is configured for mTLS (#743).
  • Landlock UNIX-socket FS rules. Fixed Landlock silently dropping
    filesystem rules for UNIX socket paths (#742).
  • Client mode UNIX socket unlink. Client mode no longer unlinks a UNIX
    socket that is managed by systemd or launchd socket activation (#745).
  • Workload API flag validation. --use-workload-api is now rejected
    when combined with file-based credential flags (#744).
  • Systemd socket activation. Fixed a bug where systemd socket activation
    could not be used for the listen and status sockets at the same time.

Code Quality Changes

  • Landlock upgrade. Switched to the Landlock V8 ABI and added
    IgnoreIsMissing handling so Ghostunnel logs cleanly and continues without
    sandboxing on older kernels (#735, #736).
  • Status HTTP server. Added ReadTimeout/IdleTimeout to the status
    HTTP server, dropped the now-counterproductive WriteTimeout, and bounded
    the shutdown context to 5s to avoid goroutine leaks (#761).
  • Go version source of truth. Builds now derive the Go toolchain version
    from go.mod rather than a separately pinned version (#737).

Testing Improvements

  • FreeBSD integration tests. Added a FreeBSD job to the GitHub Actions
    workflow running the full integration test suite, with coverage uploaded
    to Codecov (#750).
  • Windows SCM integration tests. Added integration tests for the new
    Windows service subcommands and improved the integration test harness's
    coverage handling. The integration harness can now also run from a
    configurable temp directory (#746).
  • ACME under mTLS regression test. Added integration and unit tests
    exercising ACME renewal under mTLS so the bug stays fixed (#743).
  • Additional unit and integration tests. Broader coverage for error
    paths, corner cases, and previously-untested helpers across multiple
    packages (#722, #749).

Other

  • Documentation pass. Proofread and corrected documentation across the
    site and repo, expanded the security/deployment docs, added Windows
    service docs, and expanded launchd docs with KeepAlive, reload, and
    shutdown notes (#734, #747).
  • Release workflow modernized. Releases are now built with the gh
    CLI instead of the deprecated GitHub release actions (#733).
  • Dependency upgrades. OPA upgraded to v1.17.0, plus various other Go
    and GitHub Actions dependency bumps via Dependabot (#731, #738, #739,
    #740, #741).

New Flags

Flag Description
--eventlog Send logs to Windows Event Log instead of stdout (Windows only)

New Subcommands

Subcommand Description
service install Install and start Ghostunnel as a Windows service
service uninstall Stop and remove the Ghostunnel Windows service
service start Start the Ghostunnel Windows service
service stop Stop the Ghostunnel Windows service
service status Show the status of the Ghostunnel Windows service

Don't miss a new ghostunnel release

NewReleases is sending notifications on new releases.