New Features
- Add support for systemd watchdog timer (@csstaub in #427). Ghostunnel can now be watched by systemd using the
WatchdogSecoption. If Ghostunnel fails to respond, systemd will automatically relaunch it. See docs/WATCHDOG.md for an example service file. - Implement landlock support to limit process privileges on Linux (@csstaub in #431). If started with the
--use-landlockflag, Ghostunnel will call upon landlock on Linux to limit access to files and sockets. This is an experimental feature, please give it a try and let us know if you run into any issues.
Bug Fixes
- Avoid use of deprecated SecTrustGetCertificateAtIndex (@csstaub in #426)
- Fix nil ptr deref on Windows/Linux when keychain flags are used (@csstaub in #448)
- Close files properly and remove refs to deprecated io/ioutil (@testwill in #453 and #454)
- Fix RSA-PSS for Windows platform keys (@csstaub in #459 and #469)
Other Changes
- Upgrade to Go 1.22 (@csstaub in #419)
- Upgrade go-jose to v4.0.1 (@mcpherrinm in #423)
- Upgrade go-spiffe (@mcpherrinm in #429)
- Various other dependency updates via @dependabot
Full Changelog: v1.7.3...v1.8.0