v2023.2.2

Features

• pwsh: initial devolutions gateway updater tool (#472) (d1f5e2053f)

Improvements

• dgw: durations in seconds in ngrok config (#485)

  Previously, a Duration was deserialized from a string
  using the humantime_serde crate. With this patch, the duration
  is specified in seconds using an integer.

  In other words, this code:

  #[serde(default, skip_serializing_if = "Option::is_none", with = "humantime_serde")]
  pub heartbeat_interval: Option<Duration>,

  Is changed into this:

  #[serde(skip_serializing_if = "Option::is_none")]
  pub heartbeat_interval: Option<u64>,

• dgw: make Ngrok listeners appear in configuration diagnostic (#485)

Bug Fixes

• dgw: truncated payload after PCB reading (#483) (875967f15b) (DGW-97)

  Too many bytes are consumed when PCB string is missing the
  null-terminator.

  Indeed, until now the number of bytes to consume was found by computing
  the size of the previously decoded PCB when re-encoded.
  IronRDP will always encode PCB string with a null-terminator (just like
  mstcs client). This is generally correct, but will cause payload
  truncation when the received PCB string did not originally contain
  the null-terminator.

  This patch is changing this. The "cursor API" is used instead, and
  cursor position after reading the PCB can be used to find the number of
  bytes actually read (even if re-encoding the PDU would give a different
  result).

Continuous Integration

• SBOM cdxgen (#471) (08520cdbbb)

Build

• deps: bump tokio-rustls from 0.24.0 to 0.24.1 (#468) (5b86f4af33)

• deps: bump sysinfo from 0.29.0 to 0.29.2 (#467) (dfc3e533b5)

• deps: bump log from 0.4.18 to 0.4.19 (#475) (c7bd46cd66)

• deps: bump serde_json from 1.0.96 to 1.0.97 (#473) (ff301e7c2b)

• Dependency bump and maintainance (#476) (a0f8abc113)

• deps: bump hyper from 0.14.26 to 0.14.27 (#480) (3f8c6cac73)

v2023.2.1

Improvements

• jetsocat: JETSOCAT_LOG instead of RUST_LOG (db06a3d32)

Bug Fixes

• jetsocat / dgw: ignore case for hosts and schemes (6666623219)

  Case is irrelevant when comparing hostnames and schemes.
  Note: using eq_ignore_ascii_case is okay because we don’t
  really expect unicode in such context.

• dgw: KDC proxy auth using token in path (2173ecec4d) (DGW-94)

Build

• deps: bump ngrok from 0.12.1 to 0.12.2 (#455) (ae95b255c0)

• deps: bump url from 2.3.1 to 2.4.0 (#456) (e6c0e7da6a)

v2023.2.0

Features

• dgw: /jet/jrec endpoint for session recording (#404) (bbc0c41941) (DGW-64) (#408) (51355a1ac4) (#410) (8a28a44d5d) (#417) (56578f8785) (1816b9586f)

  Adds new JREC token type for session recording.
  Adds new jet_rft (recording file type) private claim.
  Handles /jet/jrec route for WSS to file streaming.

• dgw: /jet/heartbeat endpoint (#406) (605d3871de)

  The /jet/heartbeat endpoint requires a scope token for the
  "gateway.heartbeat.read" scope. It is very similar to /jet/health, but
  returns additional information that should not be publicly available
  such as the current number of running sessions.

• dgw: /jet/jrec/list endpoint (#412) (332c86fc5e)

• dgw: /jet/jrec/pull/{id}/{filename} endpoint (#416) (8187f8bb2e) (#431) (66dc4e3009)

  Recording files can be fetched using this new endpoint and a
  JREC token with the jet_rop operation set to pull.

• dgw: ngrok tunnel support (711164010a) (9e29a1d3ce)

• dgw: add ldap, ldaps application protocols (#432) (bdb34ef27e)

• dgw: add known application protocol "tunnel" (c3142870f2) (ARC-142)

  This is known as Devolutions Gateway Tunnel on RDM side.

Improvements

• dgw: [breaking] move jet/{tcp,tls} endpoints under /jet/fwd (#407)

  That is:

  • /jet/tcp → /jet/fwd/tcp
  • /jet/tls → /jet/fwd/tls

  This is a breaking change, but these routes were not yet used by any other Devolutions product
  until 2023.2.x releases, so it is safe to change this at this point.

• jetsocat: default port in WebSocket URLs (#413) (354e097d4e)

  With this change, port may be omitted from the WebSocket URL.
  In such case, the default port will be used (either 80 or 443).

• dgw: log version on start (#414) (7391114a4d)

  Useful when troubleshooting issues using user’s logs.

• dgw: improve HTTP error reporting (#415) (ad19a2fa7c)

• pwsh: use .NET 6 RSA APIs when available (#435) (974d8ee1da)

  Use .NET 6 RSA public/private key APIs when available.

• dgw: graceful shutdown (ef1d12d468)

• dgw: do not enforce scheme in /jet/fwd routes (#430) (54e467f803)

  This was inconsistent with other routes such as /jet/jmux where
  dst_hst will have the http or https scheme, but this is
  simply used as a filter policy and Devolutions Gateway will not
  wrap the stream further into an "https protocol layer".

  Instead, we rely on the requested URI to choose between plain TCP
  and TLS wrapping at proxy level (i.e.: /jet/fwd/tcp vs /jet/fwd/tls).

Performance

• dgw: re-use TLS client config (#433) (b6ebb01aad)

  As of rustls 0.21, it’s possible to disable the TLS resumption that is
  not supported by some services such as CredSSP.

  This allow us to reuse the same TLS client config and connector for
  all proxy-based TLS connections.
  (TlsConnector is just a wrapper around the config providing the
  connect method.)

  Making one of these can be expensive, and should be once per process
  rather than once per connection.

  source

Build

• deps: update dependencies (abf5b00d33)

• deps: bump serde from 1.0.162 to 1.0.163 (#437) (3f3127a178)

• deps: bump tokio from 1.28.0 to 1.28.1 (#439) (2fefafe529)

• deps: bump uuid from 1.3.2 to 1.3.3 (#438) (561c89d0f3)

• deps: update tokio-tungstenite version (c1e9f506e1)

• deps: bump x509-cert from 0.2.1 to 0.2.2 (#444) (6bb0b24ff9)

• deps: bump chrono from 0.4.24 to 0.4.25 (#447) (46cdb1e737)

• deps: bump proptest from 1.1.0 to 1.2.0 (#449) (b82e21ac93)

• deps: bump tokio from 1.28.1 to 1.28.2 (#448) (7de2a2fd64)

Continuous Integration

• Build and package jet-doctor and tokengen (#423) (564717fbe2)

• Enable dependabot pull requests (988921039e)

• Update Artifactory credentials (#440) (8a4ecc003b)

• Limit builds on forked PRs, optimize CI workflow (#441) (39d5f9a350)

v2023.1.3

Bug Fixes

• installer: fix command execution and add validation (#401) (456f802962) (DGW-84)

Features

• dgw: WebSocket-TCP endpoint (/jet/tcp) (#399) (265f0dbe3f) (DGW-82)

• dgw: WebSocket-TLS endpoint (/jet/tls) (#400) (46368f6d43) (DGW-83)

v2023.1.2

Improvements

• dgw: size-based log rotation (#393) (e3acafcfcd) (DGW-34)

  Set a maximum size of 3 MB for each file and a maximum of 10 log files.
  With this change, Devolutions Gateway should never consume more than 30 MB for its logs.

• pwsh: sort certification chain from leaf to root (#394) (f7ff93c6df) (DGW-80)

• installer: improved error handling in Windows installer (#397) (2766e5fffe) (DGW-78)

  PowerShell configuration commands are now executed as custom actions instead of WixSilentExec.
  Errors are tracked and, if the installer is running with UI, an appropriate error message is shown to the user.

  PowerShell command output is redirected to a temporary file; in the case of an error we provide the user the path to that file.
  A general command execution error will display a string error value.

  Custom actions are refactored slightly for consistency and readability:

  • Internal functions now only return void, BOOL, or HRESULT where possible. Errors are always handled as HRESULT and other results (e.g. Win32 error codes, LSTATUS, null references) are converted to HRESULT and handled with the different WiX macros (e.g. ExitOnWin32Error).
  • Consolidate on WixGetProperty instead of MsiGetProperty and be careful to release the resulting strings (ReleaseStr)
  • Consolidate on nullptr instead of NULL

• installer: rollback on error in Windows installer (#397) (2766e5fffe) (DGW-76)

  For first time installs, if the installation fails, files that may have been created by the configuration process are cleaned up.

v2023.1.1

Improvements

• dgw: better TLS leaf certificate public key extracting (#390) (a4dec08e23)

  Use x509-cert crate to extract the public key from the leaf
  TLS certificate. x509-cert supports more certificates.

Build

• Update dependencies (ef1e889bac)

• jetsocat: set execute permission in binary (#388) (e08fd2300c)

v2023.1.0

Features

• dgw: clean path PDU extension for RDP (3bc0643818) (ARC-109)

• installer: show *.cer when browsing for certificate files (#383) (2de4a3880d)

  .cer is another popular extension for certificate files.

• jetsocat: file-based pipes (#385) (62394d3b48)

  • write-file://<PATH>: write file at the specified location
  • read-file://<PATH>: read wile at the specified location

• dgw: add service version to health check JSON response (d9f5472120)

Bug Fixes

• jetsocat: use rustls-native-certs on macOS and Linux (#382) (7305ce42be)

  Let rustls use the platform’s native certificate store.

Build

• Update Rust toolchain to 1.67.0 (f581e9bdc7)

Continuous Integration

• jetsocat: enable hardened runtime on macOS (#378) (84b5c33b47)

• jetsocat: build the jetsocat nuget in package.yml (#380) (2e0d0eef4d)

  Build the jetsocat nuget package as part of the packaging workflow (instead of the old standalone workflow, which just took the latest release from GitHub).

  If running the package workflow manually, the version number of the package may be specified; else it defaults to the current date.

• jetsocat: add Linux binary to nuget package (#384) (8a74ff86ca)

v2022.3.4

Bug Fixes

• pwsh: nil UUID when creating an empty DGatewayConfig (#372) (370ed02947) (DGW-73)

  Without this patch, the nil UUID is used as the "missing" value instead of $null.

• installer: ensure default config on install, properly set access URI host (a506c871ee) (DGW-72)

  Ensures a default config is created using the Devolutions Gateway binary before applying "Configure now".

• installer: avoid Unicode char literals (#376) (8d94f94b81) (DGW-74)

  Unicode character literals in source files can be problematic, depending on the editor and encoding.
  Instead, avoid the issue by masking the character with an asterisk instead of a Unicode "bullet".

Build

• Update Rust toolchain to 1.66 (561dcbbc46)

Documentation

• pwsh: fix links in PowerShell module manifest (#369) (03e26cbbca)

Features

• dgw: add Telnet protocol variant (b89d553095) (DGW-70)

  This change is making possible to omit the port in the target host
  field. The Telnet default port will be inferred as appropriate.

v2022.3.3

Improvements

• dgw: set default TCP port to 8181 (#364) (9df3a0e) (DGW-66)

• Normalize file extensions (#367) (5d26d73) (DGW-67)

  By convention:

  • .pem -> public key
  • .key -> private key
  • .crt -> certificate

  Note that this is merely a convention, not a standard, and file openers
  should be able to select a .key file when choosing a public key (through
  the drop-down menu typically)

• installer: start the Gateway service at install time (#363) (b07ccd4)

Bug Fixes

• dgw: Accept header parsing in health route (#366) (136cfb0) (DGW-68)

v2022.3.2

Improvements

• installer: install service as "Local Service" again (fewer permissions) (#353, #354)
• jetsocat: automatically clean old log files (#346) (d032530)
• dgw: IPv6 support (#350) (d591085)
• dgw: support for full TLS certificate chain (#359) (ee1f560)

Features

• installer: enable configuration of Devolutions Gateway via installer UI on Windows (#348) (6392ed9)

Build

• dgw: disable sogar (#355) (90d57ac)