dependencies
- a logging change for OIDC
- n/a
- ziti-tunneler: v1.3.9
- ziti-sdk: 1.3.7
- tlsuv: v0.33.4[OpenSSL 3.3.1 4 Jun 2024]
dependencies
- n/a
- C SDK no longer applies
offline_accessscope - C SDK no longer fails OIDC auth when external url ends with /
- ziti-tunneler: v1.3.8
- ziti-sdk: 1.3.6
- tlsuv: v0.33.4[OpenSSL 3.3.1 4 Jun 2024]
- properly handle secondary auth by ext jwt
- n/a
- n/a
- ziti-tunneler: v1.3.7
- ziti-sdk: 1.3.5
- tlsuv: v0.33.2[OpenSSL 3.3.1 4 Jun 2024]
- nothing - bugfix
- dependency update
- none
- ziti-tunneler: v1.3.7
- ziti-sdk: 1.3.5
- tlsuv: v0.33.2[OpenSSL 3.3.1 4 Jun 2024]
- nothing - bugfix
- none
- ziti-tunneler: v1.3.5
- ziti-sdk: 1.3.4
- tlsuv: v0.33.1[OpenSSL 3.3.1 4 Jun 2024]
- nothing - bugfix
- none
- ziti-tunneler: v1.3.3
- ziti-sdk: 1.3.2
- tlsuv: v0.32.9[OpenSSL 3.3.1 4 Jun 2024]
- Lots of new stuff in this release!
- OIDC Auth Code Flow + PKCE
- Add Identity button now supports adding an identity by JWT or by URl
- JWT behavior remains the same
- support has been added for joining a network by 3rd party CA
- support added for joining an OpenZiti network v1.2+ by URL. Note, the URL must be preconfigured with trust from the OS trust store. Unverifiable URLs cannot be used.
- Keychain support is added! The OpenZiti C SDK uses the tlsuv library which as integrated with Windows "Cryptography API: Next Generation" to support storing private key material through OS API calls. While this can be disabled if necessary, it is enabled by default and should remain enabled unless you are sure that it shouldn't be.
If you are using an OpenZiti controller version 1.2 or higher, you are now able to use
an External JWT Signer to
authenticate to the overlay. When configured, you can join the network by using either the network
JWT (downloaded from the ZAC or extracted from the controller's /network-jwts endpoint)
If there are more than one ext-jwt-signers configured, new controls on the item details page will let the user configure a default external auth provider. When a default is configured, simply clicking the new "authorize IdP" icon.
- removed "add identity" button from the bottom of the screen
- pointers now change to indicate an element is a drag point
- tooltips added to 'Z' icon
- right click on the main screen 'Z' icon to reattach a window
- various UI presentation improvements
- the UI now knows if it's connected or disconnected and shows the label appropriately
- when disabling the UI the lower portion no longer looks truncated
- ziti-tunneler: v1.3.2
- ziti-sdk: 1.3.2
- tlsuv: v0.32.9[OpenSSL 3.3.1 4 Jun 2024]
- nothing - bugfix
- none
- Rolls back the TLS engine to mbedTLS for now, so identities can write a new CA bundle if needed
- ziti-tunneler: v1.1.4.2
- ziti-sdk: 1.0.9
- bugfix
- none
- issue 760 - stall detector operated too quickly. tamed to 60s from 15s and allowed for configuration
- ziti-tunneler: v1.3.2
- ziti-sdk: 1.3.2
- tlsuv: v0.32.9[OpenSSL 3.3.1 4 Jun 2024]
- installer no longer verifies internet connectivity
- none
- none
n/a
- nothing yet
- none
- none
ziti-tunneler: v1.2.5 ziti-sdk: 1.1.5 tlsuv: v0.32.6[OpenSSL 3.3.1 4 Jun 2024]
- nothing yet
- none
- none
- ziti-tunneler: v1.2.4
- ziti-sdk: 1.1.4
- tlsuv: v0.32.6[OpenSSL 3.3.1 4 Jun 2024]
- nothing yet
- none
- none
- ziti-tunneler: v1.2.3
- ziti-sdk: 1.1.3
- tlsuv: v0.32.6[OpenSSL 3.3.1 4 Jun 2024]
- OIDC enabled, implementation (coming soon)
- Keychain integration and TPM enablemed, implementation (coming soon)
- n/a
- n/a
ziti-tunneler: v2.0.0-alpha24.11 ziti-sdk: 2.0.0-alpha29 tlsuv: v0.32.2.1[OpenSSL 3.3.1 4 Jun 2024]
- n/a
- n/a
- logging was overly verbose due to new healthchecking
- fixed log level setting
ziti-edge-tunnel.exe version -v:
- *ziti-tunneler: v2.0.0-alpha24
- *ziti-sdk: 2.0.0-alpha23
- *tlsuv: v0.31.4[OpenSSL 3.3.1 4 Jun 2024]
- n/a
- n/a
- logging was overly verbose due to new healthchecking
ziti-edge-tunnel.exe version -v:
- ziti-tunneler: v2.0.0-alpha22
- ziti-sdk: 2.0.0-alpha23
- tlsuv: v0.31.4[OpenSSL 3.3.1 4 Jun 2024]
- n/a
- n/a
- logging was broken
ziti-edge-tunnel.exe version -v:
- ziti-tunneler: v2.0.0-alpha21
- ziti-sdk: 2.0.0-alpha23
- tlsuv: v0.31.4[OpenSSL 3.3.1 4 Jun 2024]
- n/a
- n/a
- n/a
ziti-edge-tunnel.exe version -v:
- ziti-tunneler: v2.0.0-alpha20
- ziti-sdk: 2.0.0-alpha22
- tlsuv: v0.31.4[OpenSSL 3.3.1 4 Jun 2024]
-
Added stalled ziti-edge-tunnel detection. If the process doesn't respond for 15 seconds the monitor service will administratively terminate the process. Example log output shown below:
[2024-09-17T22:27:20.980Z] INFO ZitiUpdateService.UpdateService ziti-edge-tunnel aliveness check ends successfully [2024-09-17T22:27:35.974Z] WARN ZitiUpdateService.UpdateService ziti-edge-tunnel aliveness check appears blocked and has been for 1 times [2024-09-17T22:27:40.975Z] WARN ZitiUpdateService.UpdateService ziti-edge-tunnel aliveness check appears blocked and has been for 2 times [2024-09-17T22:27:45.975Z] WARN ZitiUpdateService.UpdateService ziti-edge-tunnel aliveness check appears blocked and has been for 3 times [2024-09-17T22:27:45.975Z] WARN ZitiUpdateService.UpdateService forcefully stopping ziti-edge-tunnel as it has been blocked for too long [2024-09-17T22:27:45.975Z] INFO ZitiUpdateService.UpdateService Closing the "data service [ziti]" process [2024-09-17T22:27:45.975Z] INFO ZitiUpdateService.UpdateService Killing: System.Diagnostics.Process (ziti-edge-tunnel)
- n/a
- n/a
ziti-edge-tunnel.exe version -v:
- ziti-tunneler: v2.0.0-alpha19
- *ziti-sdk: 2.0.0-alpha21
- *tlsuv: v0.31.4[OpenSSL 3.3.1 4 Jun 2024]
- none
- added debug option to show when the data channel closes unexpectedly
- n/a
- ziti-tunnel-sdk-c v2.0.0-alpha11/c sdk 2.0.0-alpha8
- updated c-sdk/tunneler to work with HA controllers
- none
- n/a
- ziti-tunnel-sdk-c v2.0.0-alpha10/c sdk 2.0.0-alpha8
- updated c-sdk/tunneler to work with HA controllers
- none
- n/a
- ziti-tunnel-sdk-c v2.0.0-alpha9/c sdk 2.0.0-alpha6
- nothing
- none
- none
- ziti-tunnel-sdk-c updated to v1.1.0/c sdk v1.0.7
- fixes tight loops that could happen when connectivity to the controller is lost
- nothing
ziti-monitorservice will now forcefully terminateziti-edge-tunnelif it doesn't respond within the timeout period (60s). If a timeout occurs, the process will be terminated, anyziti-tundevices will be removed (removing any routes along with it), and the NRPT will be cleaned up. This should fix issue 674.
- issue 674 -
ziti-edge-tunnelnever stops and the any attempts to stop the service fail.
- ziti-tunnel-sdk-c updated to v1.0.4/c sdk v1.0.5
- fixes file:/ handling in identity files
The automatic update process has changed! Prior to version 2.2.x, automatic upgrades were accomplished exclusively
through the ziti-monitor service making a REST request to the GitHub API url. With 2.2.x this process will change.
Now, users are able to define the endpoint which they want to pull releases from. One can always download and install
directly from the /releases page, however the release marked "latest" by GitHub will no longer be deployed to ZDEW
endpoints automatically.
Instead, the OpenZiti project will maintain two release streams:
The latest stream will always be the very latest build which consider a candidate to be moved to the stable branch. This branch is not to be considered "experimental", it is simply the latest candidate branch we have available. If there are other streams that are needed, we may publish other streams.
After a period of demonstrated stability and no critical bugs, the build will be promoted to the "stable" release stream.
A frequent question is around the administration of the URL. At this time, the URL is in control of the end-user
entirely and not able to be centrally managed by the overlay network itself. It is the user's responsibility to update
the URL accordingly. The URL is controlled by the ZDEW UI, or by updating a file in the SYSTEM profile, by default
located at: %SystemRoot%\System32\config\systemprofile\AppData\Roaming\NetFoundry\ZitiUpdateService\settings.json
Example contents of the file are as follows. Modify this file as needed and restart the ziti-monitor service for the
changes to be effective, or use the UI to modify the file.
{
"AutomaticUpdatesDisabled": false,
"AutomaticUpdateURL": "https://get.openziti.io/zdew/latest.json"
}
The UI has been updated to contain a text box users can use to change the update url. If needed, users can reset the
update URL to the default (https://get.openziti.io/zdew/stable.json) by clicking the 'reset' button on that form.
Using the UI will cause a check to be performed which will validate the supplied URL. An incorrect URL will result in updates not being found/applied.
If a different URL is supplied, the URL must be available to the client or the save/commit will not succeed As has always been the case, the executable supplied via the update URL, MUST be a binary signed and produced by OpenZiti. Random binaries/executables will are not acceptable. Only binaries signed by the expected OpenZiti signing certificate will be considered as genuine, and able to trigger the automatic update. These downloads can be obtained from GitHub via the /releases URL produced by the OpenZiti ZDEW build infrastructure
- none
- none
- ziti-edge-tunnel updated to v0.22.28/c sdk v0.36.10 / tlsuv v0.28.4
- System.Security.Cryptography.Pkcs from 6.0.1 to 6.0.3
- none
- none
- none
- ziti-tunnel-sdk-c updated to v0.20.23/c sdk v0.31.4
- fixes packet buffer leaks when ziti_write fails
- fixes several memory leaks
- none
- TCP retransmissions from intercepted clients are now much less likely, thanks to TSDK changes that limit the number of pending written bytes (to the ziti connection) to 128k. TCP clients now experience back-pressure through the TCP receive window for proper flow control.
- TSDK bug 611 - Release packet buffers for unparsable dns queries. This bug would eventually result in "pbuf_alloc" failures, which prevented the tunneler from intercepting packets.
- CSDK PR 491 - Avoid crash when writing to closed ziti connections.
- Advanced Installer updated to 20.4.1
- ziti-tunnel-sdk-c updated to v0.20.22/c sdk v0.31.2
- Ziti Desktop Edge for Windows can now be installed in an air-gapped (offline) environment
- adds DNS flushing to tunneler
- none
- Advanced Installer updated to 20.3.1
- ziti-tunnel-sdk-c updated to v0.20.20/c sdk v0.31.0
- none
- none
- TSDK bug 585 - fix dns queries that contain '_', e.g. SRV lookups
- CSDK bug 478 - avoid disconnecting active channel due to latency timeout
- TSDK updated to 0.20.18 / CSDK 0.30.9
- uv-mbed updated to 0.14.12
- none
- none
- TSDK bug 585 - fix dns queries that contain '_', e.g. SRV lookups
- TSDK updated to 0.20.16 / CSDK 0.30.8
- none
- none
- TSDK bug 578 - interception for services with wildcard domain addresses could be connected to the wrong ziti service.
- TSDK updated to 0.20.14 / CSDK 0.30.8
- none
- none
- TSDK bug 566 - use case-insensitive comparision when looking up queried hostnames for DNS wildcard domains
- TSDK updated to 0.20.11 / CSDK 0.30.8
- none
- TSDK updated to 0.20.9 / CSDK 0.30.8
- none
- TSDK updated to 0.20.6 / CSDK 0.30.2
- none
- bug 571 - fix configuring automatic updates when no release is available
- TSDK updated to 0.19.9 / CSDK 0.29.4
- Automatic updates are now able to be disabled entirely. The user will still be notified updates exist
- TSDK updated to 0.19.9 / CSDK 0.29.4
-
DNS server IP has changed!!! If you expect the DNS server to be at 100.64.0.3 (or IP + 2) it will now be IP + 1. You can also find the DNS IP by going to Main Menu -> Advanced Settings -> Tunnel Configuration
-
It is no longer possible to have the DNS server overlap the IP assigned to the interface
- bug 560 - fix IP display on tunnel config page.
- bug 562 - fix mfa incorrectly reported when administratively deleted.
- TSDK updated to 0.19.9 / CSDK 0.29.4
- nothing - bug fix release
- issue 545 incorrect reporting of app version
- issue 298 removed legacy code to remove legacy wintun installer
- issue 396 feedback.zip no longer tries to email itself
- TSDK updated to 0.19.7 / CSDK 0.29.4
- nothing - bug fix release
- none
- bug 551 address an issue where not every process was allowed to be enumerated
- TSDK updated to 0.19.2 / CSDK 0.29.2
- nothing - bug fix release
- none
- fixes a problem where the data service would crash on certain hosted services
- TSDK updated to 0.18.16 / CSDK 0.28.11
- nothing - bug fix release
- ZDEW no longer captures and tries to use "Primary Dns Suffix", "Primary Dns Suffix" and "Connection-specific DNS Suffix". All intercepts must be fully qualified now (they must contain a period. e.g. "myserver." or "myserver.ziti" not "myserver"
- Change the way NRPT rules test rules are counted to determine if NRPT is active
- TSDK updated to 0.18.15 / CSDK 0.28.9
- The data service which was go-based:
ziti-tunnel, has been totally replaced with the C-basedziti-edge-tunnel
- none
- Fix for the asynchronous calls
- #515 UI logs are GIGANTIC on 1.12.x branch
- #516 NUL chars passed to UI via ipc
- TSDK updated to 0.17.24 / CSDK 0.26.27
- none - this is a bugfix release
- none
- UDP intercepts fix seems to have somehow affected DNS for some. reverting
- TSDK updated to 0.15.25 / CSDK 0.26.26
- none - this is a bugfix release
- none
-
UDP intercepts would never release the port. This fix adds a 30s timer to UDP traffic. If no traffic arrives at the port after 30s it will be closed. This addresses this error:
unable to allocate UDP pcb - UDP connection limit is 512
- TSDK updated to 0.15.26 / CSDK 0.26.29
- none - this is a bugfix release
- none
- none
- TSDK updated to 0.15.25 / CSDK 0.26.26
- none - this is a bugfix release
- none
- none
- TSDK updated to 0.15.24 / CSDK 0.26.25
- supports reconfiguring an endpoint to point to a new controller address via ziti_api_event
- none
- none
- none
- none
- none
- none
- TSDK updated to 0.15.23 / CSDK 0.26.22
- The UI can now specify the api page size via the "Tunnel Configuration" page
- none
- none
- none
- updated dependencies per below to enable a new setting in the config file: ApiPageSize. ApiPageSize is used to determin how many results will be returned in pagination operations. Currently this is most useful for users who have many hundreds of services for any given identity. Default is set to 250.
- none
- none
- TSDK updated to 0.15.22 / CSDK 0.26.11
- none
- none
- none
- TSDK updated to 0.15.21
- none
- Whitelisting.md is added. The executables for ziti, have to be whitelisted in McAfee, so it will not mark the software as a thread. The steps are mentioned in the whitelisting.md file.
- #480 Clean up old adapters
- none
- none
- UI layout fix : set max size and fix margins for identity list on menu
- #476 WDE creates the tun adapter and fails, when the old one is in hung state. It should clean up the adaptors that failed to assign ip
- update t-sdk v0.15.20 and c-sdk 0.26.10
- none
- none
- none
- go mod tidy run - many dependency updates
- wintun updated from 0.14 to 0.14.1
- update t-sdk v0.15.19 and c-sdk 0.26.9
- none
- Notification Title correction
- #458 When user start tunnel and then immediately stop it, WDE crashes because of null value in the context
- #461 ZDEW crashes when controller/router certificate expires
- #464 nil reference issue in WDE when c-sdk sends the service events with nil data
- update t-sdk v0.15.18 and c-sdk 0.26.9
- none
- none
- #452 Send identity updated events after mfa verify, mfa auth and service events
- update t-sdk v0.15.17 and c-sdk 0.26.8
- none
- none
- #451 The Auth events were missing for the mfa enabled identity, when user put the laptop to sleep for more than 30 minutes. It is failing only for latest Network controllers.
- update t-sdk v0.15.16 and c-sdk 0.26.6
Services with multi factor authentication posture checks will give interface queues and windows notifications when the services are timing out for an identity. A timer icon will appear and a message when the services will be timing out under 20 minutes. Once a service times out, the value on the identity list will display the amount of services which are not available and the timer will turn to an actionable lock on the details page to signify that it is not available. A windows notification that can be clicked to re-authenticate, will let the user know when all of the services time out.
- #440 Send status after the wake or unlock
- #443 WDE should send 2 new controller events to UI to capture the controller state - connected and disconnected
- #446 Send MFA auth_challenge event when controller is waiting for MFA code. UI should handle the new event and show the MFA lock icon
- none
- update wintun to 0.13, update t-sdk v0.15.15 and c-sdk 0.26.5
- none
- #430 Send notification if WDE receives the service updates with timeout that is less than 5 minutes
- none
- none
- none
- #421 Calculate timeoutRemaining based on the service updates time or mfa auth time
- none
- updated c-sdk to v0.26.3, updated t-sdk to v0.15.14
- mfa timeout process. ZDE will prompt the user to enter MFA token, when the timeout set for the services is about to expire. Sends notification periodically until MFA token is entered
- #418 notification has to be sent based on timeout remaining field. When User enters auth Mfa, the timer will reset to original timeout field. timeout remaining field will also be reset to the value in timeout field
- #278 inform the user an update is available before automatically updating. So user can manually install the latest version anytime within 2 hours after the release is published. If a major/minor version has changed, then the auto installation will start immediately. If the user does not initiate manual installation within the given time, a warning will be displayed and after 2 hours the ZDE will auto update.
- #381 Open Ziti UI on startup.
- #415 The notification frequency should be between 5 and 20 minutes. ZDE accepts the requests to modify it (UI is not ready yet). 20 minutes before the timeout, it should start sending the notification to UI
- none
- updated c-sdk to v0.25.5, updated t-sdk to v0.15.10
- none
- none
- none
- tsdk is updated to v0.15.13, c-sdk 0.24.3
- none
- none
- #408 Toggling an identity ON (true) responds with Active:false
- #403 0 DNS questions in a Response causes crash
- wintun updated to 0.12
- none
- #387 DNS clean up and dns responses are delayed
- old signing certificate is removed, here forward 'old' clients cannot auto-update. they must uninstall/reinstall
- none
- tsdk is updated to v0.15.8, c-sdk 0.24.3
- none
- Signing process updates
- none
- none
- none
- none
- none
- tsdk is updated to v0.15.7, c-sdk 0.23.3
- #378 Cleanup old ziti network adapter profiles
- updated auto-installation config
- renewed signing cert
- added dns cache output back to feedback.zip
- set lower metric, if dns server property is set
- Detect power events
- none
- tsdk is updated to v0.15.6, c-sdk 0.22.5
- use wintun0.11
- none
- none
- #360 Display issue when no cidr is used
- #366 ZDE app does not prompt for the mfa token after starting the laptop from sleep
- #367 Refresh tun config when user updates them
- use wintun0.10.3
- tsdk is updated to v0.15.4, c-sdk 0.22.5
- none
- none
- #362 Update tun ip, mask and addDns flag
- #364 Add the test nrpt policy function in the startup method
- none
- Page Service List
- Sort Service on Identity Details Page
- Consistent UX for MFA Screens
- Service to UI interaction is now with one bulk update of services instead of one event per service update
- Added a configuration option to control if DNS is applied to the TUN. Some users are having issues with NRPT-only working. For now we'll add a boolean that allows the user to control if DNS should be added to the TUN
- none
- none
- #322 Ability to toggle identity, set loglevel and generate feedback zip file from cmd line
- none
- #346 Fixed the UI filtering of services on the Identity detail screen
- #348 IP addresses do not need to be added to the NRPT
- #349 Too many services can cause the NRPT update to fail
- none
- NRPT rules will be created matching all "Connection Specific Domains" discovered. This should allow for unqualified names to be properly resolved
- TUN will no longer have an assigned DNS server. This will prevent a large number of DNS requests from being sent to the ZitiTUN to be proxied. Now only DNS requests matching an NRPT rule will land at the ZitiTUN DNS Server
- After TUN creation the interface metric will be set to 255 to persuade Windows to send all DNS requests to an interface that is not the TUN first
- Removed dnscache.txt from feedback zip
- #332 Logs from csdk/tunneler are missing
- #340 auth mfa verify icon is missing at ZDE startup
- Fixed a bug where process posture checks were case sensitive
- Tunneler SDK to v0.15.1(CSDK 0.22.0)
- All go dependencies updated - numerous changes see commit log for details
- MFA functionality has been implemented and works with later versions of the Ziti Controller (18.5+). A brief overview is here
- UI: changed the icon to show the "white" icon when off, green when on.
- fixed a bug with the monitor service indicating it was using zulu time - when it was not
- Tunneler SDK to v0.14.0/CSDK 0.22.0
- none
- none
- Fixed a bug from the CSDK handling hosted services
- #330 Fixed issue intercepting connections when the configured IP is not exactly in 100.64.0.0/10
- #328 Print a warning when the configured IP is not in the carrier grade NAT range 100.64.0.0/10
- Tunneler SDK to v0.11.10/CSDK 0.20.22
- none
- none
- Fixed a bug from the CSDK handling posture checks
- Tunneler SDK to v0.11.9/CSDK 0.20.21
- #317 command line list function to fetch identities and services
- none
- none
- none
- DNS resolution has CHANGED. Users have had issues with the proxied DNS requests at times leading to an experience that was frustrating at time. Restarting the client fixed the problem but is also not what we want. Now the Ziti Desktop Edge for Windows will add NRPT rules and only send intercepted services to the resolver. The resolver will still proxy requests it does not know but fewer requests should need to be made to the internal DNS resolver.
- The internal DNS resolver no longer needs to be the primary DNS resolver on all interfaces due to the change mentioned above
- none
- none
- none
- none
- none
- #313 Add identity button missing
- none
- Stopping the data service (
ziti) using the big button no longer shows the old warning asking to start the service or exit the UI. Now the expected behavior is to see the button "off" which is used to turn the tunnel back "on"
- none
- #310 Restore identities moved by Windows after Windows system update
- Tunneler SDK to v0.8.21/CSDK 0.20.13
- a new DNS probe record was added to the DNS server to allow DNS-related testing
- ziti-monitor service now probes the DNS server for diagnostic reasons
- added code to check upgrade status - only useful when the ziti-monitor service is not running
- minor logging updates
- fixed an issue with hosting connections after channel failure CSDK #233
- fixed a UI issue when no identites existed
- Tunneler SDK to v0.8.17/CSDK 0.20.12
- nothing
- none
- fixed crash on udp message before dial completes
- Tunneler SDK to v0.8.15
- nothing
- none
- fixed crash on failed session
- Tunneler SDK to v0.8.12
- nothing
- none
- fixed crash on write when dial failed
- Tunneler SDK to v0.8.10
- nothing
- none
- double free in TSDK caused a crash
- Tunneler SDK to v0.8.10
- Additional card Main Menu -> Identities was added for situations when the UI scrolls off the top of the screen
- Feedback button continues to collect additional diagnostic data. Also invokes ziti_dump now and puts output into the logs folder
- none
- Some users were stuck with a TUN already created - rearranged the logic to try to always cleanup the TUN if needed
- Tunneler SDK to v0.8.9
- CSDK updated to 0.20.7
This is a substantial update. Some important stability fixes have been applied from the CSDK and Tunneler SDK. Wintun was upgraded to 0.10 removing the need for the OpenZitiWintunInstaller
- #276 Updates for new CDSK eventing api
- #279 DNS is now flushed on starting the
zitiservice to ensure dns cache is not a problem - #264
zitidata service no longer blocks waiting for identities to load - app now uses the ziti_set_app_info function to report app information to controller
- none
- DNS proxying would sometimes break depending on when and how a network outage occurred
- Wintun updated to 0.10.0
- Tunneler SDK to v0.8.3
- CSDK updated to 0.20.3
This is a substantial update. Some important stability fixes have been applied from the CSDK and Tunneler SDK. Wintun was upgraded to 0.10 removing the need for the OpenZitiWintunInstaller
- #276 Updates for new CDSK eventing api
- #279 DNS is now flushed on starting the
zitiservice to ensure dns cache is not a problem - #264
zitidata service no longer blocks waiting for identities to load - app now uses the ziti_set_app_info function to report app information to controller
- none
- DNS proxying would sometimes break depending on when and how a network outage occurred
- Wintun updated to 0.10.0
- Tunneler SDK to v0.8.3
- CSDK updated to 0.20.3
- ziti-monitor service set to "Automatic (Delayed Start)". Some users have noticed the monitor service does not start on boot. This is unexpected. To try to combat this problem the monitor service is going to be set to delayed start.
- #291 ziti-monitor now attempts to collect the external ip address when submitting troubleshooting information
- none
- none
- none
- Filtering is now available on the detail page of identities
- none
- #287 - access fileshare via UNC path in Windows explorer very slow
- updated TSDK/CSDK to v0.7.26.2
- updated .net logging to NLog 4.7.6
- fixes to c sdk to better handle when the controller is unavailable at startup
- none
- none
- updated TSDK/CSDK to v0.7.26/0.18.7
- fixes to c sdk to better handle when the controller is unavailable at startup
- none
- none
- updated TSDK/CSDK to v0.7.26/0.18.7
- fixes #274 - Added logging to all SC calls into the monitor service
- feedback now collects systeminfo and dnscache info
- added a "please wait" to the feedback option
- none
- stability fixes when the monitor service is down the UI should not crash when trying to access the monitor service
- stability fixes from tsdk/csdk
- updated TSDK/CSDK to v0.7.25/0.18.6
- fixes #274 - Added logging to all SC calls into the monitor service
- none
- none
- none
- none
- none
- fixes #268 - Fixed UI crash when using Feedback button to collect logs and .eml file type not mapped
- fixes #271 - Fixed UI crash when Monitor service was not running
- Fixed bug when "Service Logs" would also open the "Application Logs"
- none
- none
- none
- fixes #266 - Fixes a crash on Windows Server 2016
- Tunneler SDK C: v0.7.24
- This is a maintenance release. Generally the only changes are around stability changes to the automatic update functionality
- for developers a 'beta release' channel has been established allowing pre-releases to enter the release stream
- no specific bugs - some automatic updates would fail to shutdown the data service properly
- none
- none
- none
- stability updates via updated Tunneler SDK C
- Tunneler SDK C: v0.7.20
- none
- first time install bug - the NetFoundry folder would not exist after the logs were moved
- none
- upped version to 1.6.0 to represent log changes from 1.5.12
- none
- walked back some changes trying to fix stability that seemed to decrease stability
- C SDK-> 0.18.0
- Tunneler SDK C -> v0.7.18
- logs condensed into a single log file - only ziti-tunneler.log files remain (cziti.logs are removed)
- clicking "Service Logs" will open the latest service log file. if ".log" is not mapped to a program the
${installFolder}\logs\servicefolder will be opened - clicking "Application Logs" will open the latest UI log file. if ".log" is not mapped to a program the
${installFolder}\logs\UIfolder will be opened - closes #254 - logs relocated to easier accessed location: "%ProgramFiles(x86)%\NetFoundry, Inc\Ziti Desktop Edge\logs"
- collect-logs.ps1 has been removed in favor of logs being at a more accessible location and the 'feedback' button collecting logs anyway
- all logs now have valid timestamps
- fixes #251 - timestamp in UI and service logs has incorrect format
- C SDK updated to pick up log callback. unifies logs into one, fixes timestamp issue
- none
- none
- fixes #250 - setting the log level for the data service would not work
- none
- fixes #201 - Feedback menu item will collect all logs
- none
- fixes #245 - every identity misidentified as orphaned on startup
- none
The automatic update functionality works - however the termination of the UI is not functioning properly. Each update restart the UI to get the latest UI code
- closed #242 - orphaned identities returned to service/ui on startup
- none
- fixes #243 - problem during initial install might cause the whole network to be blocked
- update to ziti-tunnel-sdk-c v0.7.18 / ziti-sdk-c 0.17.20
- closed #234 - logs all now produced in UTC and formatted as time not delta from process start
- none
- fixes #222 - strange ipv6 response using nslookup
- fixes #239 - services marked duplicate erroneously
- update to ziti-tunnel-sdk-c v0.7.18 / ziti-sdk-c 0.17.20
- nothing
- none
- fixes #231 - overlapping hostnames do not receive a new ip
- fixes #219 - obtain more DNS information to use when resolving DNS requests that do not terminate with a period
- none
- none
- Another issue with auto-update resolved. The same version was set to update - same version should not update...
- nothing - this build exists just to verify the auto update functionality works again. it is exactly the same as version 1.5.4
- none
- none
- Another issue with auto-update resolved.
- identities disabled are now remembered when starting/stopping the service. the client can still see identities if id is disabled
- none
- NRE in ziti-monitor if no subscriptions exist
- nothing
- none
- bug found when comparing versions. e.g.: 1.5.0 was considered newer than 1.5.0.0
- nothing
- none
- fixes #226 - update check fails on second run due to NRE
- none
- closes #216 - The big change is that the big button now will send a message to the monitor service which will have the proper rights to stop and start the data service (
ziti).
- Changed the default mask to /10 as to not be different
- Changed the minimum allowable mask to be /16
- Migrate any masks > /16 to /16
- fixes #220 - Alphabetize the service list
- fixes #221 - Cleanup previous update files
- fixes #218 - 0 length config cause panic
- fixes #211 - segv on hosted service
- update to github.com/openziti/sdk-golang v0.14.12
(skipped 1.4.3 by mistake)
- none
- Crash related to ziti-sdk-c #171
- update to ziti-tunnel-sdk-c v0.7.12
- Changed the default mask to /16 from /24 to allow 65k services by default
- Windows server reporting the wrong version for posture checks
- update to github.com/openziti/sdk-golang v0.14.12
- nothing
- fixes a crash when services became unavailable
- update ziti-tunneler-sdk-c to 0.7.10
- Version bump to 1.4.0 to signify the inclusion of policy checks
- none
- update ziti-tunneler-sdk-c to 0.7.8
(1.3.11 was released only as a dev/test release)
- Posture checks have been added
- config file is now backed before each save
- cgo string leaks patched
- Tunneler SDK updated to v0.7.8
- Better logging in ziti-monitor. More logs at debug, a couple important ones at info
- clean up a warning or two
- none
- none
- none
- Disabling an identity with an IP intercept and re-enabling the identity would cause a crash
- Adding an identity when the controller was offline resulted in a UI error preventing the app from closing/continuing
- none
- When/if the service stops - all identities are removed from view and returned after the UI reconnects to the service
- #159 - Update UI if the detail page is open
- update ziti-tunneler-sdk-c to 0.7.4
- none
- #191 - Fix crash when controller is unavailable
- none
(Note 1.3.5 was not released due to 1.3.6 coming so quickly on the heels of 1.3.5)
- Automatic updates moved to 10 minutes by default (1.3.5)
- Toggling an identity on/off would crash the service (1.3.5)
- Toggling an identity on/off/on/off after fixing the issue above would intercept and point to the wrong ip
- none
skipped - 1.3.6 superseded this release
- UI: When identity detail card is open you can now drag the window similar to the main window
ziti-monitorlog level changed to info by default
- A bug with DNS resolution is fixed (no issue filed)
- none
* nothing
* [#186](https://github.com/openziti/desktop-edge-win/issues/186) - All intercepts marked as already mapped
* [#184](https://github.com/openziti/desktop-edge-win/issues/184) - Better logging. ziti-monitor logging can now be configured via file.
* [#184](https://github.com/openziti/desktop-edge-win/issues/184) - Auto update no longer tries to update when the versions are the same
-
What's New
- This release exists only for testing the auto-upgrade capability
-
What's New
- Ziti Desktop Edge for Windows will now montior and install updates
-
Bug Fixes
- none
-
Dependency Updates
- None
-
What's New
-
Bug Fixes
-
Dependency Updates
- Updated to v0.7.2 of ziti-tunneller-sdk-c
-
What's New
- #147 - Added "collect-logs.ps1" to the installer. This script can be run to collect the logs files from the service. Must be run as administrator.
-
Bug Fixes
-
Dependency Updates
- Updated to v0.6.11
-
What's New
- #135 - Support added for IPv4 intercepting. Services can now be created for any IPv4 address.
- #123 - Windows can add ConnectionSpecificDomains to DNS requests where no period (.) is in the DNS request such as "web-page" or "my-service". These requests would not resolve properly because they would be received as "web-page.myConnectionSpecificDomain". This now works correctly.
- #131 - Installer added to GitHub Actions build.
-
Bug Fixes
-
What's New
- adds support for Ziti-provided end to end encryption
- upgrades the Ziti Desktop Edge Service to version 0.0.30
- the log level can now be changed from the UI by going to Advanced Settings -> Set Logging Level
- the config file has been slimmed
- the name used to start/stop the Ziti Desktop Edge Service has been made much more convenient.
Now you can start and stop the service with:
net start|stop ziti(this is the change that necessitates removing and reinstalling the application during upgrade from previous versions)
-
What's New
- 'About' updated to reflect actual service version
- Added ability to set the log level of the service dynamically through Advanced Settings
-
Bug fixes
- #102 - DNS requests with "connection-specific local domain" would not resolve
-
What's New
- #94 - Added support for 'hosted' services
-
Bug fixes
- #102 - DNS requests with "connection-specific local domain" would not resolve
-
What's New
- Continually improved logging
- changed ip from 169.254.0.0/16 to 100.64.0.0/10
- #120 - Allow UI/client to get and set log level dynamically via ipc
-
Bug fixes
- #116 - Removes information from the config that wasn't needed in config.json
-
What's New
- Continually improved logging
- Add support for 'verbose' logging along with error, warn, info, debug, trace
-
Bug fixes
-
What's New
- Continually improved logging
- Better DNS removal when services are no longer available or when an identity is removed
-
Bug fixes
-
Bug fixes
- #119 - Service would not start when IPv6 was disabled via the Windows registry
-
What's New
- #94 - Added support for 'hosted' services
-
Bug fixes
- #102 - DNS requests with "connection-specific local domain" would not resolve
-
What's New
- Nothing yet
-
Bug fixes
- #85 - buffer DNS messages and panic/recover properly when network changes happen
-
What's New
- Nothing yet
-
Bug fixes
-
What's New
- #70 - Version added to api to report when model changes occur
-
Bug fixes
- #69 - reference counting for identities with access to the same service
-
What's New
-
Bug fixes
- #59 - too many services blocked service from accepting connections from the UI
- #61 - identity shutdown needs to be on the uv loop (issue with forgetting identities)
- #63 - when service restarts and UI reconnects clear identities and let the service repopulate the UI
- #67 - set the MTU based on the value reported from the interface
- tracking lost
-
What's New
-
Bug fixes
- #51 - cziti log would never roll over. now the cziti log rolls daily with a maximum of seven (7) log files
Changelog tracking began with 0.0.15 - all previous changes were not tracked. If interested please review the commit history.