Changes

• fixed #1497 - separate external host settings per protocol by @Eugeny in #1824

Fixes

• improvements(helm chart): fix setup job command line argument parsing failure due to trailing backslash and other improvements by @SachinMaharana in #1819
• fixed #1483 - apply SSH timeout settings to the SSH client as well by @Eugeny in #1813
• #1414 - parse warpgate_roles claim from the token itself if present by @Eugeny in #1811
• fixed #1785 - log queries fail on PostgreSQL by @Eugeny in #1807
• ci: add Helm chart publish workflow by @SachinMaharana in #1794

New Contributors

• @SachinMaharana made their first contribution in #1794

Full Changelog: v0.22.0-beta.2...v0.22.0-beta.3

Changes

• Polish some Kubernetes UI elements by @LarsSven in #1770
• Extend target search to include descriptions. Closes #1784 by @cvhariharan in #1791
• bump russh to 0.58 by @Eugeny in #1798
• Warpgate should use subdomain if subdomain binding is enabled by @SteezyCougar in #1777
• feat: Add HTTPRoute template to Helm chart by @solidassassin in #1756

Fixes

• Google sso role mapping fix by @SteezyCougar in #1712

New Contributors

• @cvhariharan made their first contribution in #1791
• @solidassassin made their first contribution in #1756

Full Changelog: v0.22.0-beta.1...v0.22.0-beta.2

Changes

• fixed #1499 - admin roles by @Eugeny in #1783

  • New "Admin roles" let you grant users granular permisssions to the admin UI, for example to manage targets/users/roles/tickets. These are separate from the existing "Access roles".
  • Migration notes:
    • The admin UI is no longer its own "target" but rather a link on the top of the Warpgate landing page
    • Any user with an admin role assigned to them is now able to access the admin UI - with the corresponding restrictions
    • Existing users that are assigned to the warpgate:admin role will have a warpgate:admin superuser admin role assigned to them, so that there is no change in access after the update.
    • You can delete the old warpgate:admin access role if you have never used it for anything other than admin UI access.

Misc

• OIDC integration tests by @Eugeny in #1766

Full Changelog: v0.21.1...v0.22.0-beta.1

What's Changed

• OIDC integration tests by @Eugeny in #1766
• fixed #1499 - admin roles by @Eugeny in #1783

Full Changelog: v0.21.1...v0.22.0-beta.1

Fixes

• #1755 fixed SSO login in #1762

Full Changelog: v0.21.0...v0.21.1

Kubernetes support

This release adds experimental support for Kubernetes targets.

Warpgate will proxy and record Kubernetes API protocol as well as attach/exec sessions.

Both token and certificate authentication is supported both between Warpgate and Kubernetes and Warpgate and the user, as well as web-based 2FA.

There is now an option to issue and revoke certificate credentials for users (currently for Kubernetes only).

Notes:

• Warpgate API tokens can be used on the client to authenticate against Kubernetes targets
• When using browser-based 2FA, there is no way for us to communicate the prompt to the user, so they need to log into the Warpgate UI separately to see it.

Changes

• Kubernetes target support - #1530
  • Experimental support for Kubernetes targets, with support for recordings, REST and Websocket Kubernetes APIs, kubectl and third-party clients
• fixed #1664 - offer API at an alternative /_warpgate/ URL - #1737
  • This allows using an alternative _warpgate return URL for Azure OIDC, which does not allow the @ character.
• Allow for minimizing the password login UI by @LarsSven in #1750
  • For SSO-first environments, this allows hiding the password login option by default

Full Changelog: v0.20.2...v0.21.0

Fixes

• #1678 downgrade Linux build image for older glibc compatibility
• Fixed LDAP query compatibility with lldap

Changes

• feat(ssh): add configurable client authentication methods by @liebermantodd in #1637
• Improve logging/messaging around SSH target authentication failure by @LarsSven in #1677
• feat(cli): add support for setting config path through env by @justinforlenza in #1650

Fixes

• fix: modify GEX parameters in SSH key exchange configuration so that it uses 2048 bits by @joseluisgonzalezca in #1659
• fix: generate SSO login return URL based on request host by @joseluisgonzalezca in #1661
• fixed LDAP server attribute saving by @Eugeny in #1662
• Correctly naturally sort all relevant lists in the UI by @LarsSven in #1656
• Correct PostreSQL connection string & Allow targets to customize default database name in connection examples by @SteezyCougar in #1577

New Contributors

• @justinforlenza made their first contribution in #1650
• @liebermantodd made their first contribution in #1637

Full Changelog: v0.19.1...v0.20.0

Fixes

• Undo API-incompatible TlsMode change by @LarsSven in #1648
• fixed #1647 - SSH keys admin UI page not working

Full Changelog: v0.19.0...v0.19.1

Changes

• Experimental LDAP user sync by @Eugeny in #1603
• Create the admin user by default even if unattended-setup not called by @MohammedNoureldin in #1620
• Add SCP example command to SSH targets by @LarsSven in #1612
• Add JSON log output format for easier log processing by @mrmm in #1609
• fixed #974 - make securing files optional by @Eugeny in #1636

Fixes

• remove dependency on the deprecated rustls-pemfile by @Eugeny in #1615
• fixed #1456 - added a clickable button to submit the OTP by @Eugeny in #1614
• Fix cross-domain cookie handling and domain rebinding by @SteezyCougar in #1553
• fixed #1632 - natural sort for targets by @Eugeny in #1645

New Contributors

• @MohammedNoureldin made their first contribution in #1620
• @mrmm made their first contribution in #1609

Full Changelog: v0.18.0...v0.19.0

Changes

• Add target groups by @alairock in #1518
• Add create-user CLI command by @LarsSven in #1549
• Add configurable idle timeout for PostgreSQL targets by @SteezyCougar in #1565

Fixes

• Use warpgate.yaml for Container Healthcheck by @micha-k in #1539
• Clean up ssh key generation and loading by @LarsSven in #1544

New Contributors

• @micha-k made their first contribution in #1539
• @alairock made their first contribution in #1518

Full Changelog: v0.17.0...v0.18.0