Releases: DefGuard/proxy
v1.6.0-alpha2
wojcik91
Maciek
⚠️ This is a pre-release that requires Defguard Core min. v1.5.2 - please help us test and stabilize the release 🫡
This release upgrades the Enrollment Process with a completely new UI and UX, featuring a major redesign, the ability to download clients directly from the process, and several other improvements:
Additionally, we have deprecated the Enrollment Wizard (used for setting up passwords and adding a WireGuard® device) in the Proxy. The Enrollment Wizard is now only available on the Desktop Client, with plans to bring it to Mobile apps in the future.
Detailed changes
- Release 1.5 merger by @wojcik91 in #166
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #159
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #167
- Fix enrollment phone number validation by @j-chmielewski in #168
- Web next wip by @filipslezaklab in #170
- Merge main into dev after 1.5.1 release by @j-chmielewski in #172
- Create SBOM files by @j-chmielewski in #173
- CI: scan code with trivy by @j-chmielewski in #174
- Handle not found error by @moubctez in #175
- Periodic sbom regeneration by @j-chmielewski in #176
- ui update by @filipslezaklab in #177
- Merge SBOM CI pipelines into main by @j-chmielewski in #178
- handle openid callback by @filipslezaklab in #179
- webnext update by @filipslezaklab in #181
- Health check rename by @jakub-tldr in #182
- add favicon by @filipslezaklab in #183
- use update service api for client links by @filipslezaklab in #184
- footer update by @filipslezaklab in #185
- Always add x-powered-by HTTP header by @moubctez in #186
- handle update service fallback by @filipslezaklab in #187
- e2e webnext update by @filipslezaklab in #188
- Reorder pages by @filipslezaklab in #189
- add icon warning by @filipslezaklab in #190
- fix info banner by @filipslezaklab in #192
- ui as module by @filipslezaklab in #193
- add debian security repo for main packages by @filipslezaklab in #194
- webnext to web by @filipslezaklab in #195
- Main to dev by @filipslezaklab in #196
- UI 2.0 by @filipslezaklab in #197
- add missing openid routes by @filipslezaklab in #201
- Release/1.6 alpha by @wojcik91 in #202
New Contributors
- @jakub-tldr made their first contribution in #182
Full Changelog: v1.5.1...v1.6.0-alpha2
Contributors
Assets 7
v1.5.1
This patch for version 1.5 includes fixes for vulnerabilities identified during our latest penetration test. As a fully transparent organisation, Defguard publishes a Pentesting Security Report page where you can track the status of our vulnerability fixes.
This is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
💫Desktop Client now supports External SSO/IdP MFA
Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
Migration guide
Before updating please make sure to read the migration guide
What's Changed
- Handle admin device management flag by @wojcik91 in #116
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #119
- Allow binding to a specific address by @t-aleksander in #120
- Merge main -> dev post 1.4 release by @wojcik91 in #123
- add support for per location MFA settings by @wojcik91 in #124
- fix: openid mfa callback page rwd by @filipslezaklab in #126
- UI update by @filipslezaklab in #127
- Fix font files by @filipslezaklab in #129
- update routes on backend by @filipslezaklab in #132
- Add AMI building to the release pipeline by @t-aleksander in #130
- mobile mfa poc by @filipslezaklab in #134
- verify biometry register request data by @filipslezaklab in #135
- Add eu central region by @t-aleksander in #136
- sign Docker images using Cosign by @wojcik91 in #137
- Tonic 14 by @moubctez in #140
- Desktop MFA mobile approve by @filipslezaklab in #138
- Version exchange and logging by @j-chmielewski in #133
- Scan images with Trivy by @moubctez in #142
- add code based mfa setup by @filipslezaklab in #141
- Version check by @j-chmielewski in #143
- handle new enrollment configuration by @filipslezaklab in #145
- Fix version comparison by @j-chmielewski in #146
- Switch AMI base image to debian by @t-aleksander in #144
- Update dependencies by @moubctez in #147
- Update tracing_subscriber by @moubctez in #149
- add deep link to openid enroll by @filipslezaklab in #150
- Return defguard version (proxy, core) in http headers by @t-aleksander in #151
- Fix ami building by @t-aleksander in #152
- Better WebSocket handling and build with newer defguard_version by @moubctez in #154
- update messages in openid callback setup page by @filipslezaklab in #155
- Update defguard-version version by @t-aleksander in #156
- Ignore pre-release in version comparison by @j-chmielewski in #160
- update mobile app apple store link by @filipslezaklab in #161
- Return whether core is connected by @t-aleksander in #163
- chore(CI): update node version in release workflow by @wojcik91 in #165
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #159
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #167
- Fix enrollment phone number validation by @j-chmielewski in #168
Full Changelog: v1.5.0...v1.5.1
Contributors
Assets 11
v1.5.0
This is the biggest, most feature packed (and fixes) release we have ever done!
We’ve introduced 11 major features! and nearly 100 bugfixes.
Below you will find a short summary of the most important features. For full release notes, including screenshots and videos showcasing these and other updates, please click here.
📲Long awaited Mobile Clients (supporting External Multi-Factor Authentication and Internal Multi-Factor Authentication) are here!
💫Desktop Client now supports External SSO/IdP MFA
Our innovation: Multi-Factor Authentication for WireGuard® VPN on Desktop Client using Mobile client’s Biometry!
🤝Being a completely open company, we’ve introduced a number of public processes like the Architecture Decision Records and the public pentesting discoveries and fixes page prepared with our security team (as far as we know, we are the only VPN solution to do so).
🚩We’ve also explained in detail, why most WireGuard®-based solutions claiming to have MFA are highly misleading and potentially harmful to user security.
Migration guide
Before updating please make sure to read the migration guide
What's Changed
Other Changes
- Handle admin device management flag by @wojcik91 in #116
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #119
- Allow binding to a specific address by @t-aleksander in #120
- Merge main -> dev post 1.4 release by @wojcik91 in #123
- add support for per location MFA settings by @wojcik91 in #124
- fix: openid mfa callback page rwd by @filipslezaklab in #126
- UI update by @filipslezaklab in #127
- Fix font files by @filipslezaklab in #129
- update routes on backend by @filipslezaklab in #132
- Add AMI building to the release pipeline by @t-aleksander in #130
- mobile mfa poc by @filipslezaklab in #134
- verify biometry register request data by @filipslezaklab in #135
- Add eu central region by @t-aleksander in #136
- sign Docker images using Cosign by @wojcik91 in #137
- Tonic 14 by @moubctez in #140
- Desktop MFA mobile approve by @filipslezaklab in #138
- Version exchange and logging by @j-chmielewski in #133
- Scan images with Trivy by @moubctez in #142
- add code based mfa setup by @filipslezaklab in #141
- Version check by @j-chmielewski in #143
- handle new enrollment configuration by @filipslezaklab in #145
- Fix version comparison by @j-chmielewski in #146
- Switch AMI base image to debian by @t-aleksander in #144
- Update dependencies by @moubctez in #147
- Update tracing_subscriber by @moubctez in #149
- add deep link to openid enroll by @filipslezaklab in #150
- Return defguard version (proxy, core) in http headers by @t-aleksander in #151
- Fix ami building by @t-aleksander in #152
- Better WebSocket handling and build with newer defguard_version by @moubctez in #154
- update messages in openid callback setup page by @filipslezaklab in #155
- Update defguard-version version by @t-aleksander in #156
- Ignore pre-release in version comparison by @j-chmielewski in #160
- update mobile app apple store link by @filipslezaklab in #161
- Return whether core is connected by @t-aleksander in #163
- chore(CI): update node version in release workflow by @wojcik91 in #165
Full Changelog: v1.4.0...v1.5.0
Contributors
Assets 7
v1.5.0-rc3
t-aleksander
Aleksander
⚠️ This is a pre-release that requires Defguard Core v1.5.0-rc2 - please help us test and stabilize the release 🫡
What's Changed
Other Changes
- Return whether core is connected by @t-aleksander in #163
Full Changelog: v1.5.0-rc2...v1.5.0-rc3
Contributors
Assets 7
v1.5.0-rc2
What's Changed
- Handle admin device management flag by @wojcik91 in #116
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #119
- Allow binding to a specific address by @t-aleksander in #120
- Merge main -> dev post 1.4 release by @wojcik91 in #123
- add support for per location MFA settings by @wojcik91 in #124
- fix: openid mfa callback page rwd by @filipslezaklab in #126
- UI update by @filipslezaklab in #127
- Fix font files by @filipslezaklab in #129
- update routes on backend by @filipslezaklab in #132
- Add AMI building to the release pipeline by @t-aleksander in #130
- mobile mfa poc by @filipslezaklab in #134
- verify biometry register request data by @filipslezaklab in #135
- Add eu central region by @t-aleksander in #136
- sign Docker images using Cosign by @wojcik91 in #137
- Tonic 14 by @moubctez in #140
- Desktop MFA mobile approve by @filipslezaklab in #138
- Version exchange and logging by @j-chmielewski in #133
- Scan images with Trivy by @moubctez in #142
- add code based mfa setup by @filipslezaklab in #141
- Version check by @j-chmielewski in #143
- handle new enrollment configuration by @filipslezaklab in #145
- Fix version comparison by @j-chmielewski in #146
- Switch AMI base image to debian by @t-aleksander in #144
- Update dependencies by @moubctez in #147
- Update tracing_subscriber by @moubctez in #149
- add deep link to openid enroll by @filipslezaklab in #150
- Return defguard version (proxy, core) in http headers by @t-aleksander in #151
- Fix ami building by @t-aleksander in #152
- Better WebSocket handling and build with newer defguard_version by @moubctez in #154
- update messages in openid callback setup page by @filipslezaklab in #155
- Update defguard-version version by @t-aleksander in #156
- Ignore pre-release in version comparison by @j-chmielewski in #160
Full Changelog: v1.4.0...v1.5.0-rc2
Contributors
Assets 7
v1.5.0-rc1
wojcik91
Maciek
What's Changed
Other Changes
- Handle admin device management flag by @wojcik91 in #116
- Use configured external OIDC Provider for 2FA in client by @t-aleksander in #119
- Allow binding to a specific address by @t-aleksander in #120
- Merge main -> dev post 1.4 release by @wojcik91 in #123
- add support for per location MFA settings by @wojcik91 in #124
- fix: openid mfa callback page rwd by @filipslezaklab in #126
- UI update by @filipslezaklab in #127
- Fix font files by @filipslezaklab in #129
- update routes on backend by @filipslezaklab in #132
- Add AMI building to the release pipeline by @t-aleksander in #130
- mobile mfa poc by @filipslezaklab in #134
- verify biometry register request data by @filipslezaklab in #135
- Add eu central region by @t-aleksander in #136
- sign Docker images using Cosign by @wojcik91 in #137
- Tonic 14 by @moubctez in #140
- Desktop MFA mobile approve by @filipslezaklab in #138
- Version exchange and logging by @j-chmielewski in #133
- Scan images with Trivy by @moubctez in #142
- add code based mfa setup by @filipslezaklab in #141
- Version check by @j-chmielewski in #143
- handle new enrollment configuration by @filipslezaklab in #145
- Fix version comparison by @j-chmielewski in #146
- Switch AMI base image to debian by @t-aleksander in #144
- Update dependencies by @moubctez in #147
- Update tracing_subscriber by @moubctez in #149
- add deep link to openid enroll by @filipslezaklab in #150
- Return defguard version (proxy, core) in http headers by @t-aleksander in #151
- Fix ami building by @t-aleksander in #152
- Better WebSocket handling and build with newer defguard_version by @moubctez in #154
- update messages in openid callback setup page by @filipslezaklab in #155
- Update defguard-version version by @t-aleksander in #156
Full Changelog: v1.4.0...v1.5.0-rc1
Contributors
Assets 7
v1.5.0-alpha5
t-aleksander
Aleksander
What's Changed
Other Changes
- Version check by @j-chmielewski in #143
- handle new enrollment configuration by @filipslezaklab in #145
- Fix version comparison by @j-chmielewski in #146
- Switch AMI base image to debian by @t-aleksander in #144
- Update dependencies by @moubctez in #147
- Update tracing_subscriber by @moubctez in #149
- add deep link to openid enroll by @filipslezaklab in #150
- Return defguard version (proxy, core) in http headers by @t-aleksander in #151
- Fix ami building by @t-aleksander in #152
Full Changelog: v1.5.0-alpha4...v1.5.0-alpha5
Contributors
Assets 7
v1.5.0-alpha4
t-aleksander
Aleksander
What's Changed
Other Changes
- add code based mfa setup by @filipslezaklab in #141
Full Changelog: v1.5.0-alpha3...v1.5.0-alpha4
Contributors
Assets 7
v1.5.0-alpha3
t-aleksander
Aleksander
What's Changed
Other Changes
- Add eu central region by @t-aleksander in #136
- sign Docker images using Cosign by @wojcik91 in #137
- Tonic 14 by @moubctez in #140
- Desktop MFA mobile approve by @filipslezaklab in #138
- Version exchange and logging by @j-chmielewski in #133
- Scan images with Trivy by @moubctez in #142
Full Changelog: v1.5.0-alpha2...v1.5.0-alpha3
Contributors
Assets 7
v1.5.0-alpha2
t-aleksander
Aleksander
🥳 New Features 🎉
📱Mobile Apps 🎉finally! mobile applications with Multi-Factor Authentication for VPNs are here for iOS and Android! 💪Please help us test them!
Alpha2 adds Mobile Apps Biometry (MFA with Biometry)! Please remove current alpha mobile apps and do a clean install and configuration.
🔑 Multi-Factor Authentication with External OIDC/SSO - now you can configure on each location separately which OIDC secures the MFA process: internal (with MFA configured in the user profile) or external like Google/Okta/Microsoft - please remember that only desktop clients 1.5 and new mobile clients support this feature.
🏁 Possibility for admin users to disable MFA in a user profile
🌐 Possibility to “bind” a user and all their devices with a selected public IP address by SNAT
Full Changelog: v1.4.0...v1.5.0-alpha2