diff --git a/releases/v1.10.0.md b/releases/v1.10.0.md new file mode 100644 index 0000000000..d4966cf1a7 --- /dev/null +++ b/releases/v1.10.0.md @@ -0,0 +1,48 @@ +--- +title: v1.10.0 +date: 2026-04-28 +prerelease: false +--- + +## New Features + +* **PROXY protocol v2 TLS metadata.** New `--proxy-protocol-mode` flag for + PROXY protocol v2 with optional TLS metadata TLVs (#705). Modes: `conn` + (connection info only, same as the existing `--proxy-protocol` flag), `tls` + (adds TLS version/ALPN/SNI), and `tls-full` (adds TLS metadata and client + certificate). + +## Code Quality Changes + +* **Native code correctness fixes.** Landed a number of fixes in the macOS + keychain and Windows certificate store code, identified through GitHub code + scanning (CodeQL, Copilot Autofix) and local AI development tools. These + include CFObject memory leaks in macOS CertificateChain, data races in macOS + keychain lazy initialization, a C string leak in `launchdSocket`, a C array + leak in `getProviderParam` on Windows, and incorrect certificate store search + order on Windows (#656, #694, #699, #704). +* **Certloader safety improvements.** Replaced `unsafe.Pointer` with + `atomic.Pointer[T]` in certloader (#677), extracted shared `baseCertificate` + struct to reduce duplication (#679), and improved error context in PKCS#11 + code paths (#690). +* **Dependency cleanup.** Removed the `certigo` dependency, switched to + `smallstep/pkcs7` (#664), and replaced `github.com/pkg/errors` with stdlib + `errors` and `fmt` (#684). Various dependency upgrades via Dependabot. + +## Testing Improvements + +* **Windows integration testing.** The integration test suite can now run on + Windows (#695), and we added a number of new unit and integration tests for + better coverage of features like platform keychain identities. +* **Faster & better integration test suite.** Parallelized integration tests with + dynamic port allocation and improved timeout handling, significantly reducing + test suite runtime (#662, #703). Skipped tests now report SKIP status with + a reason (#696). +* **New unit and integration tests.** Added unit and integration tests for + keychain handling, certstore reload paths, and edge cases across multiple + packages (#697, #700, #702). + +## Other + +* **Website.** Launched project website on ghostunnel.dev and made + comprehensive documentation improvements (#657, #659, #704, #707).