|
| 1 | +--- |
| 2 | +title: v1.10.0 |
| 3 | +date: 2026-04-28 |
| 4 | +prerelease: false |
| 5 | +--- |
| 6 | + |
| 7 | +## New Features |
| 8 | + |
| 9 | +* **PROXY protocol v2 TLS metadata.** New `--proxy-protocol-mode` flag for |
| 10 | + PROXY protocol v2 with optional TLS metadata TLVs (#705). Modes: `conn` |
| 11 | + (connection info only, same as the existing `--proxy-protocol` flag), `tls` |
| 12 | + (adds TLS version/ALPN/SNI), and `tls-full` (adds TLS metadata and client |
| 13 | + certificate). |
| 14 | + |
| 15 | +## Code Quality Changes |
| 16 | + |
| 17 | +* **Native code correctness fixes.** Landed a number of fixes in the macOS |
| 18 | + keychain and Windows certificate store code, identified through GitHub code |
| 19 | + scanning (CodeQL, Copilot Autofix) and local AI development tools. These |
| 20 | + include CFObject memory leaks in macOS CertificateChain, data races in macOS |
| 21 | + keychain lazy initialization, a C string leak in `launchdSocket`, a C array |
| 22 | + leak in `getProviderParam` on Windows, and incorrect certificate store search |
| 23 | + order on Windows (#656, #694, #699, #704). |
| 24 | +* **Certloader safety improvements.** Replaced `unsafe.Pointer` with |
| 25 | + `atomic.Pointer[T]` in certloader (#677), extracted shared `baseCertificate` |
| 26 | + struct to reduce duplication (#679), and improved error context in PKCS#11 |
| 27 | + code paths (#690). |
| 28 | +* **Dependency cleanup.** Removed the `certigo` dependency, switched to |
| 29 | + `smallstep/pkcs7` (#664), and replaced `github.com/pkg/errors` with stdlib |
| 30 | + `errors` and `fmt` (#684). Various dependency upgrades via Dependabot. |
| 31 | + |
| 32 | +## Testing Improvements |
| 33 | + |
| 34 | +* **Windows integration testing.** The integration test suite can now run on |
| 35 | + Windows (#695), and we added a number of new unit and integration tests for |
| 36 | + better coverage of features like platform keychain identities. |
| 37 | +* **Faster & better integration test suite.** Parallelized integration tests with |
| 38 | + dynamic port allocation and improved timeout handling, significantly reducing |
| 39 | + test suite runtime (#662, #703). Skipped tests now report SKIP status with |
| 40 | + a reason (#696). |
| 41 | +* **New unit and integration tests.** Added unit and integration tests for |
| 42 | + keychain handling, certstore reload paths, and edge cases across multiple |
| 43 | + packages (#697, #700, #702). |
| 44 | + |
| 45 | +## Other |
| 46 | + |
| 47 | +* **Website.** Launched project website on ghostunnel.dev and made |
| 48 | + comprehensive documentation improvements (#657, #659, #704, #707). |
0 commit comments