v1.0.0-rc4

CHANGELOG

WARNING: Do not attempt to use this build against the hosted zrok service at zrok.io, until the service has also been upgraded to v1.0.0! The URL https://api.zrok.io/api/v1/version will return the current version of the production zrok service.

FEATURE: Completely redesigned web interface ("API Console"). New implementation provides a dual-mode interface supporting an improved visual network navigator and also a "tabular" view, which provides a more traditional "data" view. New stack built using vite, React, and TypeScript (#724)

FEATURE: New "zrok Agent", a background manager process for your zrok environments, which allows you to easily manage and work with multiple zrok share and zrok access processes. New --subordinate flag added to zrok share [public|private|reserved] and zrok access private to operate in a mode that allows an Agent to manage shares and accesses (#463)

FEATURE: New "zrok Agent UI" a web-based user interface for the zrok Agent, which allows creating and releasing shares and accesses through a web browser. This is just an initial chunk of the new Agent UI, and is considered a "minimum viable" version of this interface (#221)

FEATURE: zrok share [public|private|reserved] and zrok access private now auto-detect if the zrok Agent is running in an environment and will automatically service share and access requests through the Agent, rather than in-process if the Agent is running. If the Agent is not running, operation remains as it was in v0.4.x and the share or access is handled in-process. New --force-agent and --force-local flags exist to skip Agent detection and manually select an operating mode (#751)

FEATURE zrok access private supports a new --auto mode, which can automatically find an available open address/port to bind the frontend listener on. Also includes --auto-address, --auto-start-port, and --auto-end-port features with sensible defaults. Supported by both the agent and local operating modes (#780)

FEATURE zrok rebase command allows "rebasing" an enabled environment onto a different API endpoint. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions (#869)

CHANGE: Refactored API implementation. Cleanup, lint removal, additional data elements added, unused data removed (#834)

CHANGE: Deprecated the passwords configuration stanza. The zrok controller and API console now use a hard-coded set of (what we believe to be) reasonable assumptions about password quality (#834)

CHANGE: The protocol for determining valid client versions has been changed. Previously a zrok client would do a GET against the /api/v1/version endpoint and do a local version string comparison (as a normal precondition to any API call) to see if the controller version matched. The protocol has been amended so that any out-of-date client using the old protocol will receive a version string indicating that they need to uprade their client. New clients will do a POST against the /api/v1/version endpoint, posting their client version, and the server will check for compatibility. Does not change the security posture in any significant way, but gives more flexibility on the server side for managing client compatibility. Provides a better, cleared out-of-date error message for old clients when accessing v1.0.0+ (#859)

v0.4.48

CHANGELOG

FEATURE: The controller configuration now supports a disable_auto_migration boolean in the store stanza. When set to true, the controller will not attempt to auto-migrate (or otherwise validate the migration state) of the underlying database. Leaving disable_auto_migration out, or setting it to false will retain the default behavior of auto-migrating when starting the zrok controller. The zrok admin migrate command will still perform a migration regardless of how this setting is configured in the controller configuration (#866)

FIX: the Python SDK erroneously assumed the enabled zrok environment contained a config.json file, and was changed to only load it if the file was present (#853)

v1.0.0-rc3

CHANGELOG

WARNING: Do not attempt to use this build against the hosted zrok service at zrok.io, until the service has also been upgraded to v1.0.0! The URL https://api.zrok.io/api/v1/version will return the current version of the production zrok service.

FEATURE: Completely redesigned web interface ("API Console"). New implementation provides a dual-mode interface supporting an improved visual network navigator and also a "tabular" view, which provides a more traditional "data" view. New stack built using vite, React, and TypeScript (#724)

FEATURE: New "zrok Agent", a background manager process for your zrok environments, which allows you to easily manage and work with multiple zrok share and zrok access processes. New --subordinate flag added to zrok share [public|private|reserved] and zrok access private to operate in a mode that allows an Agent to manage shares and accesses (#463)

FEATURE: New "zrok Agent UI" a web-based user interface for the zrok Agent, which allows creating and releasing shares and accesses through a web browser. This is just an initial chunk of the new Agent UI, and is considered a "minimum viable" version of this interface (#221)

FEATURE: zrok share [public|private|reserved] and zrok access private now auto-detect if the zrok Agent is running in an environment and will automatically service share and access requests through the Agent, rather than in-process if the Agent is running. If the Agent is not running, operation remains as it was in v0.4.x and the share or access is handled in-process. New --force-agent and --force-local flags exist to skip Agent detection and manually select an operating mode (#751)

FEATURE zrok access private supports a new --auto mode, which can automatically find an available open address/port to bind the frontend listener on. Also includes --auto-address, --auto-start-port, and --auto-end-port features with sensible defaults. Supported by both the agent and local operating modes (#780)

CHANGE: Refactored API implementation. Cleanup, lint removal, additional data elements added, unused data removed (#834)

CHANGE: Deprecated the passwords configuration stanza. The zrok controller and API console now use a hard-coded set of (what we believe to be) reasonable assumptions about password quality (#834)

v0.4.47

CHANGELOG

CHANGE: the Docker instance will wait for the ziti container healthy status (contribution from Ben Wong @bwong365 - #790)

CHANGE: Document solving the DNS propagation timeout for Docker instances that are using Caddy to manage the wildcard certificate.

CHANGE: Add usage hint in zrok config get --help to clarify how to list all valid configName and their current values by running zrok status.

CHANGE: The Python SDK's Overview() function was refactored as a class method (#846).

FEATURE: The Python SDK now includes a ProxyShare class providing an HTTP proxy for public and private shares and a
Jupyter notebook example (#847).

FIX: PyPi publishing was failing due to a CI issue (#849)

v0.4.46

CHANGELOG

FEATURE: Linux service template for systemd user units (#818)

FIX: Docker share examples had incorrect default path for zrok environment mountpoint

FIX: Clarify how to use DNS providers like Route53 with the zrok Docker instance sample.

CHANGE: Use port 80 for the default Ziti API endpoint in the zrok Docker instance sample (#793).

CHANGE: Clarify OS requirements for zrok VPN

CHANGE: Set the Windows executable search path in the Windows install guide.

CHANGE: bump macOS runner for Python module from macos-12 to macos-13

v0.4.45

CHANGELOG

FEATURE: Minimal support for "organizations". Site admin API endpoints provided to create, list, and delete "organizations". Site admin API endpoints provided to add, list, and remove "organization members" (zrok accounts) with the ability to mark accounts as a "organization admin". API endpoints provided for organization admins to list the members of their organizations, and to also see the overview (environments, shares, and accesses) for any account in their organization. API endpoint for end users to see which organizations their account is a member of (#537)

CHANGE: briefly mention the backend modes that apply to public and private share concepts

FIX: Update indirect dependency github.com/golang-jwt/jwt/v4 to version v4.5.1 (#794)

FIX: Document unique names

FIX: reduce Docker image sizes (#783)

FIX: Docker reserved private share startup error (#801)

FIX: Correct the download URL for the armv7 Linux release (#782)

v0.4.44

CHANGELOG

CHANGE: Update github.com/openziti/sdk-golang to version v0.23.44. Remove old github.com/openziti/fabric dependency, instead pulling in the modern github.com/openziti/ziti dependency.

FIX: Bypass interstitial page for HTTP OPTIONS method (#777)

FIX: Fix for goreleaser build action to align with changed ARM64 build path.

v0.4.42

CHANGELOG

CHANGE: Switch all Dial operations made into the OpenZiti overlay to use DialWithOptions(..., &ziti.DialOptions{ConnectTimeout: 30 * time.Second}), switching to a 30 second timeout from a 5 second default (#772)

FIX: Removed the --basic-auth flag from zrok share private as this was ignored... even if zrok access private honored the ziti.proxy.v1 config to ask for basic auth, it would still be easy to write a custom SDK client that ignored the basic auth and accessed the share directly; better to remove the option than to allow confusing usage (#770)

FIX: always append common options like --headless and conditionally append --verbose --insecure if their respective env vars are set to when running in a service manager like systemd or Docker and wrapping the zrok command with the zrok-share.bash shell script (https://openziti.discourse.group/t/question-about-reserved-public-vs-temp-public-shares/3169)

FIX: Correct registration page CSS to ensure that the entire form is visible

v0.4.41

CHANGELOG

FIX: Fixed crash when invoking zrok share reserved with no arguments (#740)

FIX: zrok-share.service on Linux failed to start with a private share in closed permission mode

FIX: Update gopkg.in/go-jose/go-jose.v2 to v2.6.3 to fix vulnerability around compressed data (#761)

v0.4.40

CHANGELOG

FEATURE: New endpoint for synchronizing grants for an account (#744). Useful for updating the zrok.proxy.v1 config objects containing interstitial setting when the skip_interstitial_grants table has been updated.

FIX: prune incorrect troubleshooting advice about listing Caddy's certificates