Update ghcr.io/warp-tech/warpgate Docker tag to v0.26.1#146
Open
renovate[bot] wants to merge 1 commit into
Open
Update ghcr.io/warp-tech/warpgate Docker tag to v0.26.1#146renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
20b54af to
b0a7c8d
Compare
b0a7c8d to
e6afa61
Compare
e6afa61 to
5dc6605
Compare
5dc6605 to
77f0fbb
Compare
77f0fbb to
d569abd
Compare
d569abd to
53dcb72
Compare
53dcb72 to
e521650
Compare
e521650 to
db64346
Compare
db64346 to
ba677d7
Compare
ba677d7 to
d4ce7ac
Compare
d4ce7ac to
e2b08c2
Compare
e2b08c2 to
842903d
Compare
842903d to
3c71c03
Compare
3c71c03 to
d579761
Compare
d579761 to
cb7ffdc
Compare
cb7ffdc to
8bc5941
Compare
8bc5941 to
188ea82
Compare
188ea82 to
6ac5752
Compare
6ac5752 to
6af93c9
Compare
6af93c9 to
220f2bd
Compare
220f2bd to
8cc20ba
Compare
8cc20ba to
15dfbbd
Compare
15dfbbd to
eeb6f13
Compare
eeb6f13 to
ae3908b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.13.2→0.26.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
warp-tech/warpgate (ghcr.io/warp-tech/warpgate)
v0.26.1Compare Source
Fixes
9cb2e70907a10fFull Changelog: warp-tech/warpgate@v0.26.0...v0.26.1
v0.26.0Compare Source
New features
Brute-force protection with IP blocking and user lockout #1630
by @mrmm
Custom SSH banner #2125
The new parameter lets you set a custom banner to be displayed when users connect over SSH.
Global toggle for webSSH #2119
Added an option to disable WebSSH entirely
Option to disable password login #2128
Added an option to disable the password login form entirely, allowing only SSO authentication.
Changes
hmac-sha1MAC algorithm, which was previously never enabled.Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.25.6...v0.26.0-beta.1
v0.25.6Compare Source
Security fixes
GHSA-862h-v6cc-9757
In Websocket requests, a client could supply its own
X-Wargate-Usernameheader which would be appended to the upstream request, allowing the client to impersonate another user if the upstream relies on this header for authentication.GHSA-2q37-6vxr-26jr
Incorrect authorization handling allowed an authenticated user to eavesdrop on another user's SSH session if they are able to obtain the session UUID.
Full Changelog: warp-tech/warpgate@v0.25.5...v0.25.6
v0.25.5Compare Source
Security fixes
GHSA-3c3w-75j2-7h74
This is a high severity vulnerability. An attacker-crafted Warpgate login URL could lead a user to a redirect page that runs attacker-injected JS code
Features
mysql.advertised_versionlets you specify the MySQL server version that Warpgate will advertise to clients. Note that the previous hardcoded value of 8.0.0 now defaults to 8.0.3 which disables some ancient compatibility behaviours in various DB clients.Changes
Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.25.4...v0.25.5
v0.25.4Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.25.3...v0.25.4
v0.25.3Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.25.2...v0.25.3
v0.25.2Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.25.1...v0.25.2
What's Changed
Full Changelog: warp-tech/warpgate@v0.25.1...v0.25.2
v0.25.1Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.25.0...v0.25.1
v0.25.0Compare Source
New features
#1990 - SSH target selection menu
Users can now omit the target name when connecting to Warpgate's SSH port, which will trigger an interactive target selection menu in the terminal.
#1882 - Configurable password policy
Added password complexity rules, configurable under
Config>Global Parameters.by @kamilkrzeminski
#2013 - SSH jump host support
Added support for SSH targets that are only reachable behind another jump host. The jump host has itself to be defined as a separate SSH target, after which it becomes selectable in the new "Jump host" field in the SSH target configuration.
by @rjourdan04
#1985 - Audit logging improvements
Added audit logging for failed web logins, as well as details regarding credentials used, IPs, etc.
by @LarsSven
Changes
Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.24.0...v0.25.0
v0.24.1Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.24.0...v0.24.1
v0.24.0Compare Source
WebSSH update
This is a large feature release bringing a web-based SSH terminal and self-service ticket requests.
Migrating
If you use domain binding with SSO and want to use the bound domain for the SSO return URL, you'll need to set the new
return_url_domainoption tohost_header- see more at https://warpgate.null.page/sso/#domain-handlingNew features
Web SSH #1943
Your users will now be able to connect to their SSH targets directly from the web browser. The terminal supports multiple tabs and single file transfers via ZMODEM.
Clicking an SSH target will open the terminal by default, but this can be changed under
Config > Global parameters.Default roles #1923
Roles can now be marked "default", which will auto-assign them to any newly created users.
Self-serve tickets #1818
by @SteezyCougar
If enabled under
Config > Global parameters, users will be able to request ticket creation from their profile page. Admins will be able to see and approve/reject these requests on theTicketadmin page. Tickets for already allowed targets can be optionally auto-approved.Changes
Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.23.4...v0.24.0
v0.23.4Compare Source
Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.23.3...v0.23.4
What's Changed
New Contributors
Full Changelog: warp-tech/warpgate@v0.23.3...v0.23.4
What's Changed
New Contributors
Full Changelog: warp-tech/warpgate@v0.23.3...v0.23.4
v0.23.3Compare Source
Security fixes
CVE-2026-44347
This vulnerability allowed an authorized Warpgate user A to share their SSO return link with another authorized Warpgate user B, potentially misleading B into getting logged in as A and subsequently sharing confidential information through user A's session.
Fixes
Full Changelog: warp-tech/warpgate@v0.23.2...v0.23.3
What's Changed
Full Changelog: warp-tech/warpgate@v0.23.2...v0.23.3
v0.23.2Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.23.1...v0.23.2
What's Changed
Full Changelog: warp-tech/warpgate@v0.23.1...v0.23.2
What's Changed
Full Changelog: warp-tech/warpgate@v0.23.1...v0.23.2
v0.23.1Compare Source
Security fixes
GHSA-f5v4-2wr6-hqmg
This DoS vulnerability allowed an unauthenticated user to trigger an out-of-memory condition on a Warpgate instance if keyboard-interactive authentication is enabled. A malicious authentication packet could trigger a multi-GB memory allocation likely leading to Warpgate to be killed by the OOM killer.
v0.23.0Compare Source
Changes
#1499 - admin roles in #1783
warpgate:adminrole will have awarpgate:adminsuperuser admin role assigned to them, so that there is no change in access after the update.warpgate:adminaccess role if you have never used it for anything other than admin UI access.Added support for disabling the injected menu by @LarsSven in #1852
/@​warpgateto switch targets.AWS IAM auth in #1859
Automatically generate client certificate when using kubernetes targets by @LarsSven in #1795
kubeconfigfile for the user, including the credentials.Rich audit logs in #1832
audit_retentionconfig option controls a separate retention period for these log entries (12 months default).feat: add user role assignment expiry and history tracking by @mrmm in #1816
Add support for allowed_ip_range for users by @LarsSven in #1846
fixed #1497 - separate external host settings per protocol in #1824
Polish some Kubernetes UI elements by @LarsSven in #1770
Extend target search to include descriptions. Closes #1784 by @cvhariharan in #1791
feat: Add HTTPRoute template to Helm chart by @solidassassin in #1756
Fixes
Misc
New Contributors
Full Changelog: warp-tech/warpgate@v0.22.1...v0.23.0
v0.21.1Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.21.0...v0.21.1
v0.21.0Compare Source
Kubernetes support
This release adds experimental support for Kubernetes targets.
Warpgate will proxy and record Kubernetes API protocol as well as
attach/execsessions.Both token and certificate authentication is supported both between Warpgate and Kubernetes and Warpgate and the user, as well as web-based 2FA.
There is now an option to issue and revoke certificate credentials for users (currently for Kubernetes only).
Notes:
Changes
_warpgatereturn URL for Azure OIDC, which does not allow the@character.Full Changelog: warp-tech/warpgate@v0.20.2...v0.21.0
v0.20.2Compare Source
Fixes
lldapv0.20.1Compare Source
v0.20.0Compare Source
Changes
Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.19.1...v0.20.0
v0.19.1Compare Source
Fixes
Full Changelog: warp-tech/warpgate@v0.19.0...v0.19.1
v0.19.0Compare Source
Changes
Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.18.0...v0.19.0
v0.18.0Compare Source
Changes
create-userCLI command by @LarsSven in #1549Fixes
New Contributors
Full Changelog: warp-tech/warpgate@v0.17.0...v0.18.0
v0.17.0Compare Source
Important changes
preferred_usernameis not available from an SSO provider when auto-creating new users - by @SteezyCougar in #1475Features
Fixes
ed25519hostkey by @fpfeifferik in #1473diffie-hellman-group-exchange-sha256to SSH key exchange list by @joseluisgonzalezca in #1493--debugCLI option by @kruton in #1526Docs
New Contributors
Full Changelog: warp-tech/warpgate@v0.16.0...v0.17.0
v0.16.0Compare Source
Security fixes
3c003fc- fixed CVE-2025-54804Major changes
1000instead of0. Depending on your setup, this might cause permission errors when trying to access the Warpgate data files, you might have tochmodthem. Run Docker with--uid 0to revert to the old, less safe behaviour.Changes
Fixes
fd6607b- fix channels losing unflushed data when closing4d5ebe4- fix SCP hangups05235d9- fixed incorrect relative path resolution in setup5a4b295- fixed #1424 - OOB UI fails with repeating charactersversionattribute is obsolete by @ulab in #14358ad6972- fixed #1442 - unnecessaryget_infoauth restrictionsNew Contributors
Full Changelog: warp-tech/warpgate@v0.15.0...v0.16.0
v0.15.0Compare Source
Features
direct-streamlocal(local UNIX socket forwarding) support in103a480Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.