Releases: openziti/zrok
v0.4.33
CHANGELOG
FIX: Fix for log message in Agent.CanAccessShare
("account '#%d' over frontends per share limit '%d'"
), which was not returning the correct limit value.
FIX: Properly set permission_mode
in frontends
when createing a private frontend using zrok access private
(#677)
CHANGE: Updated react-bootstrap
to version 2.10.2
(web console).
CHANGE: Updated @mui/material
to version 5.15.18
(web console).
CHANGE: Updated react
and react-dom
to version 18.3.1
(web console).
CHANGE: Updated recharts
to version 2.12.7
(web console).
CHANGE: Updated react-router-dom
to version 6.23.1
(web console).
CHANGE: Updated axios
to version 1.7.2
for (node SDK).
CHANGE: Updated @openziti/ziti-sdk-nodejs
to version 0.17.0
(node SDK).
v0.4.32
CHANGELOG
FEATURE: New permission mode support for public frontends. Open permission mode frontends are available to all users in the service instance. Closed permission mode frontends reference the new frontend_grants
table that can be used to control which accounts are allowed to create shares using that frontend. zrok admin create frontend
now supports --closed
flag to create closed permission mode frontends (#539)
FEATURE: New config defaultFrontend
that specifies the default frontend to be used for an environment. Provides the default --frontend
for zrok share public
and zrok reserve public
(#663)
FEATURE: Resource count limits now include share_frontends
to limit the number of frontends that are allowed to make connections to a share (#650)
CHANGE: The frontend selection flag used by zrok share public
and zrok reserve public
has been changed from --frontends
to --frontend
FIX: use controller config spec v4 in the Docker instance
v0.4.31
CHANGELOG
FEATURE: New "limits classes" limits implementation (#606). This new feature allows for extensive limits customization on a per-user basis, with fallback to the global defaults in the controller configuration.
CHANGE: The controller configuration version has been updated to version 4
(v: 4
) to support the new limits global configuration changes (#606).
CHANGE: A new ZROK_CTRL_CONFIG_VERSION
environment variable now exists to temporarily force the controller to assume a specific controller configuration version, regardless of what version exists in the file. This allows two different config versions to potentially be co-mingled in the same controller configuration file. Use with care (#648)
CHANGE: Log messages that said backend proxy endpoint
were clarified to say backend target
.
FIX: Correct the syntax for the Docker and Linux zrok-share "frontdoor" service that broke OAuth email address pattern matching.
v0.4.30
CHANGELOG
FIX: Fix to the Node.js release process to properly support releasing on a tag.
Also includes v0.4.29
:
FIX: Backed out an incorrect change to support a FreeBSD port in progress.
And includes v0.4.28
:
FEATURE: Node.js support for the zrok SDK (#400)
FEATURE: A Docker Compose project for self-hosting a zrok instance and accompanying Docker guide for more information.
CHANGE: the container images run as "ziggy" (UID 2171) instead of the generic restricted user "nobody" (UID 65534). This reduces the risk of unexpected file permissions when binding the Docker host's filesystem to a zrok container.
CHANGE: the Docker sharing guides were simplified and expanded
v0.4.29
CHANGELOG
(v0.4.29
is a re-run of v0.4.28
with a FreeBSD port-related modification removed)
FEATURE: Node.js support for the zrok SDK (#400)
FEATURE: A Docker Compose project for self-hosting a zrok instance and accompanying Docker guide for more information.
CHANGE: the container images run as "ziggy" (UID 2171) instead of the generic restricted user "nobody" (UID 65534). This reduces the risk of unexpected file permissions when binding the Docker host's filesystem to a zrok container.
CHANGE: the Docker sharing guides were simplified and expanded
v0.4.27
CHANGELOG
FEATURE: New vpn
backend mode. Use sudo zrok share private --backend-mode vpn
on the VPN server host, then sudo zrok access private <token>
on VPN client machine. Works with reserved shares using zrok reserve private --backend-mode vpn
. Use <target>
parameter to override default VPN network settings zrok share private -b vpn 192.168.255.42/24
-- server IP is 192.168.255.42
and VPN netmask will be 192.168.255.0/24
. Client IPs are assigned automatically from netmask range.
CHANGE: Update to OpenZiti SDK (github.com/openziti/sdk-golang
) at v0.23.22
.
CHANGE: Added indexes to environments
, shares
, and frontends
tables to improve overall query performance on both PostgreSQL and Sqlite.
FIX: Also update the Python SDK to include the permission mode and access grants fields on the ShareRequest
(#432)
FIX: Add a way to find the username on Linux when /etc/passwd and stdlib can't resolve the UID (#454)
v0.4.26
CHANGELOG
FEATURE: New permission modes available for shares. Open permission mode retains the behavior of previous zrok releases and is the default setting. Closed permission mode (--closed
) only allows a share to be accessed (zrok access
) by users who have been granted access with the --access-grant
flag. See the documentation at (https://docs.zrok.io/docs/guides/permission-modes/) (#432)
CHANGE: The target for a socks
share is automatically set to socks
to improve web console display.
CHANGE: Enhancements to the look and feel of the account actions tab in the web console. Textual improvements.
FIX: The regenerate account token dialog incorrectly specified the path ${HOME}/.zrok/environments.yml
. This, was corrected to be ${HOME}/.zrok/environments.json
.
FIX: Align zrok frontdoor examples and Linux package (zrok-share
) with the new OAuth email flag --oauth-email-address-patterns
introduced in v0.4.25.
FIX: Reloading the web console when logged in no longer provokes the user to the login page.
v0.4.25
CHANGELOG
FEATURE: New action in the web console that allows changing the password of the logged-in account (#148)
FEATURE: The web console now supports revoking your current account token and generating a new one (#191)
CHANGE: When specifying OAuth configuration for public shares from the zrok share public
or zrok reserve
public commands, the flags and functionality for restricting the allowed email addresses of the authenticating users has changed. The old flag was --oauth-email-domains
, which took a string value that needed to be contained in the user's email address. The new flag is --oauth-email-address-patterns
, which accepts a glob-style filter, using https://github.com/gobwas/glob (#413)
CHANGE: Creating a reserved share checks for token collision and returns a more appropriate error message (#531)
CHANGE: Update UI to add a 'true' value on reserved
boolean (#443)
CHANGE: OpenZiti SDK (github.com/openziti/sdk-golang) updated to version v0.22.29
, which introduces changes to OpenZiti API session handling
FIX: Fixed bug where a second password reset request would for any account would fail (#452)
v0.4.24
CHANGELOG
FEATURE: New socks
backend mode for use with private sharing. Use zrok share private --backend-mode socks
and then zrok access private
that share from somewhere else... very lightweight VPN-like functionality (#558)
FEATURE: New zrok admin create account
command that allows populating accounts directly into the underlying controller database (#551)
CHANGE: The zrok test loopback public
utility to report non-200
errors and also ensure that the listening side of the test is fully established before starting loopback testing.
CHANGE: The OpenZiti SDK for golang (https://github.com/openziti/sdk-golang) has been updated to version v0.22.28
v0.4.23
CHANGELOG
FEATURE: New CLI commands have been implemented for working with the drive
share backend mode (part of the "zrok Drives" functionality). These commands include zrok cp
, zrok mkdir
zrok mv
, zrok ls
, and zrok rm
. These are initial, minimal versions of these commands and very likely contain bugs and ergonomic annoyances. There is a guide available at https://docs.zrok.io/docs/guides/drives/cli/ that explains how to work with these tools in detail (#438)
FEATURE: Python SDK now has a decorator for integrating with various server side frameworks. See the http-server
example.
FEATURE: Python SDK share and access handling now supports context management.
FEATURE: TLS for zrok
controller and frontends. Add the tls:
stanza to your controller configuration (see etc/ctrl.yml
) to enable TLS support for the controller API. Add the tls:
stanza to your frontend configuration (see etc/frontend.yml
) to enable TLS support for frontends (be sure to check your public
frontend template) (#24)
CHANGE: Improved OpenZiti resource cleanup resilience. Previous resource cleanup would stop when an error was encountered at any stage of the cleanup process (serps, sps, config, service). New cleanup implementation logs errors but continues to clean up anything that it can (#533)
CHANGE: Instead of setting the ListenOptions.MaxConnections
property to 64
, use the default value of 3
. This property actually controls the number of terminators created on the underlying OpenZiti network. This property is actually getting renamed to ListenOptions.MaxTerminators
in an upcoming release of github.com/openziti/sdk-golang
(#535)
CHANGE: Versioning for the Python SDK has been updated to use versioneer for management.
CHANGE: Python SDK package name has been renamed to zrok
, dropping the -sdk
postfix. pypi.