Highlights
- Native Windows Service Control Manager support. Ghostunnel can now run as
a proper Windows service, withservice install/uninstall/start/
stop/statussubcommands and Windows Event Log integration via the new
--eventlogflag (#712, #713, #717, thanks to @bdudley-cw for #712 and
#717). - TLS settings modernization. Dropped the explicit
CurvePreferences
setting so Ghostunnel inherits Go's defaults (which include the
X25519MLKEM768 hybrid post-quantum key exchange), and added read/idle
timeouts plus a bounded shutdown context on the status HTTP server (#761). - FreeBSD in CI. Integration tests now run on FreeBSD in GitHub Actions,
with coverage uploaded to Codecov (#750).
New Features
- Windows Service Control Manager. New
service install,service uninstall,service start,service stop, andservice status
subcommands register Ghostunnel with the Windows SCM. The service starts
automatically on boot, responds to stop/shutdown controls from the SCM, and
reports start/failure status back through the SCM (#712, #717, thanks to
@bdudley-cw). Non-Windows platforms are unaffected. - Windows Event Log. New
--eventlogflag sends logs to the Windows
Event Log instead of stdout (#713). - Generalized notify-ready. The systemd notify-ready code was generalized
into a platform-independent helper and is now also used by the Windows SCM
integration to signal readiness to the service manager.
Bug Fixes
- PROXY protocol over UNIX socket listeners. Fixed an issue where PROXY
protocol on a UNIX socket listener dropped every connection (#751). - Accept loop backoff. The accept loop no longer spins hot on persistent
accept errors and instead backs off with a capped delay (#757). - Wildcard separator handling.
wildcard.CompileWithSeparatornow
properly regex-quotes the separator, and trailing-separator handling plus
bare**behavior are now correct (#752, #754). - Shutdown handler. The
/_shutdownhandler can no longer block forever
on repeated POSTs (#755). - Rego policy reload race. Fixed a data race on
env.regoPolicybetween
startup and the timed-reload goroutine (#760). - Cipher-suite parsing. Deduplicated cipher-suite parsing logic so the
client and server paths can no longer drift (#759). - Target and status flag validation. Server mode now correctly rejects
--target systemd:and--target launchd:at startup instead of accepting
them and failing to dial later (#758), other undialable--targetnetworks
are now rejected at flag validation, and--status https://is now rejected
on non-TCP listeners (#762). - ACME renewal under mTLS. Improved ACME certificate renewal when the
listener is configured for mTLS (#743). - Landlock UNIX-socket FS rules. Fixed Landlock silently dropping
filesystem rules for UNIX socket paths (#742). - Client mode UNIX socket unlink. Client mode no longer unlinks a UNIX
socket that is managed by systemd or launchd socket activation (#745). - Workload API flag validation.
--use-workload-apiis now rejected
when combined with file-based credential flags (#744). - Systemd socket activation. Fixed a bug where systemd socket activation
could not be used for the listen and status sockets at the same time.
Code Quality Changes
- Landlock upgrade. Switched to the Landlock V8 ABI and added
IgnoreIsMissinghandling so Ghostunnel logs cleanly and continues without
sandboxing on older kernels (#735, #736). - Status HTTP server. Added
ReadTimeout/IdleTimeoutto the status
HTTP server, dropped the now-counterproductiveWriteTimeout, and bounded
the shutdown context to 5s to avoid goroutine leaks (#761). - Go version source of truth. Builds now derive the Go toolchain version
fromgo.modrather than a separately pinned version (#737).
Testing Improvements
- FreeBSD integration tests. Added a FreeBSD job to the GitHub Actions
workflow running the full integration test suite, with coverage uploaded
to Codecov (#750). - Windows SCM integration tests. Added integration tests for the new
Windows service subcommands and improved the integration test harness's
coverage handling. The integration harness can now also run from a
configurable temp directory (#746). - ACME under mTLS regression test. Added integration and unit tests
exercising ACME renewal under mTLS so the bug stays fixed (#743). - Additional unit and integration tests. Broader coverage for error
paths, corner cases, and previously-untested helpers across multiple
packages (#722, #749).
Other
- Documentation pass. Proofread and corrected documentation across the
site and repo, expanded the security/deployment docs, added Windows
service docs, and expanded launchd docs withKeepAlive, reload, and
shutdown notes (#734, #747). - Release workflow modernized. Releases are now built with the
gh
CLI instead of the deprecated GitHub release actions (#733). - Dependency upgrades. OPA upgraded to v1.17.0, plus various other Go
and GitHub Actions dependency bumps via Dependabot (#731, #738, #739,
#740, #741).
New Flags
| Flag | Description |
|---|---|
--eventlog
| Send logs to Windows Event Log instead of stdout (Windows only) |
New Subcommands
| Subcommand | Description |
|---|---|
service install
| Install and start Ghostunnel as a Windows service |
service uninstall
| Stop and remove the Ghostunnel Windows service |
service start
| Start the Ghostunnel Windows service |
service stop
| Stop the Ghostunnel Windows service |
service status
| Show the status of the Ghostunnel Windows service |