github warp-tech/warpgate v0.23.0

latest release: v0.23.1
6 hours ago

Changes

  • #1499 - admin roles in #1783

    • New "Admin roles" let you grant users granular permisssions to the admin UI, for example to manage targets/users/roles/tickets. These are separate from the existing "Access roles".
    • Migration notes:
      • The admin UI is no longer its own "target" but rather a link on the top of the Warpgate landing page
      • Any user with an admin role assigned to them is now able to access the admin UI - with the corresponding restrictions
      • Existing users that are assigned to the warpgate:admin role will have a warpgate:admin superuser admin role assigned to them, so that there is no change in access after the update.
      • You can delete the old warpgate:admin access role if you have never used it for anything other than admin UI access.
Screenshot 2026-03-18 at 13 59 06
  • Added support for disabling the injected menu by @LarsSven in #1852

    • The new checkbox under Global Parameters lets you disable the injected session menu for HTTP targets. The users can still manually navigate back to /@warpgate to switch targets.
  • AWS IAM auth in #1859

    • Experimental support for AWS IAM role authentication for SSH (EC2), EKS (Kubernetes) and MySQL and Postgres (RDS) targets.
  • Automatically generate client certificate when using kubernetes targets by @LarsSven in #1795

    • The "Access instructions" dialog now offers a quick way to issue a new client certificate for Kubernetes targets as well as an option to store the certificate and the private key in the browser's storage. This allows the Warpgate frontend to generate a fully pre-configured kubeconfig file for the user, including the credentials.
  • Rich audit logs in #1832

    • Audit-relevant events (such as role or credential changes as well as session start/end) are logged into a separate "audit" log stream - the Log page now offers a filter to view only audit logs. The new audit_retention config option controls a separate retention period for these log entries (12 months default).
  • feat: add user role assignment expiry and history tracking by @mrmm in #1816

    • The new "edit" icon next to an active role assignment lets you add an expiry date.
  • Add support for allowed_ip_range for users by @LarsSven in #1846

  • fixed #1497 - separate external host settings per protocol in #1824

  • Polish some Kubernetes UI elements by @LarsSven in #1770

  • Extend target search to include descriptions. Closes #1784 by @cvhariharan in #1791

  • feat: Add HTTPRoute template to Helm chart by @solidassassin in #1756

Fixes

  • fixed #1087 - detect port knocking in #1862
  • fix(http): prioritize ?warpgate-target= query param over host-based domain binding by @aav in #1868
  • fixed #1835 - support kubectl logs and portforward in #1875
  • fix(ui): resolve config page layout regression caused by flex on main by @mrmm in #1851
  • streamline x-forwarded header checks in #1858
  • Use constant time comparison for admin tokens by @LarsSven in #1853
  • perf(ui): improve admin log page with virtualization, buffer cap, and calmer polling by @pandeysambhi in #1838
  • Send messages to SSH terminal synchronously by @LarsSven in #1830
  • update Ticket model to use ID relations to user and target in #1839
  • improvements(helm chart): fix setup job command line argument parsing failure due to trailing backslash and other improvements by @SachinMaharana in #1819
  • fixed #1483 - apply SSH timeout settings to the SSH client as well in #1813
  • #1414 - parse warpgate_roles claim from the token itself if present in #1811
  • fixed #1785 - log queries fail on PostgreSQL in #1807
  • Google sso role mapping fix by @SteezyCougar in #1712
  • Warpgate should use subdomain if subdomain binding is enabled by @SteezyCougar in #1777

Misc

  • OIDC integration tests in #1766
  • ci: add Helm chart publish workflow by @SachinMaharana in #1794
  • Dependency bumps & time crate migration in #1840
  • Add database migration compatibility tests for PostgreSQL and MySQL by @Copilot in #1863

New Contributors

Full Changelog: v0.22.1...v0.23.0

Don't miss a new warpgate release

NewReleases is sending notifications on new releases.