Skip to content

[pull] master from ghostunnel:master #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 2 commits into from
Apr 29, 2026
Merged

[pull] master from ghostunnel:master #81

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4043f7f
Add release notes for v1.10.0
csstaub Apr 29, 2026
50ac22b
Merge pull request #719 from ghostunnel/cs/release
csstaub Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions releases/v1.10.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
---
title: v1.10.0
date: 2026-04-28
prerelease: false
---

## New Features

* **PROXY protocol v2 TLS metadata.** New `--proxy-protocol-mode` flag for
PROXY protocol v2 with optional TLS metadata TLVs (#705). Modes: `conn`
(connection info only, same as the existing `--proxy-protocol` flag), `tls`
(adds TLS version/ALPN/SNI), and `tls-full` (adds TLS metadata and client
certificate).

## Code Quality Changes

* **Native code correctness fixes.** Landed a number of fixes in the macOS
keychain and Windows certificate store code, identified through GitHub code
scanning (CodeQL, Copilot Autofix) and local AI development tools. These
include CFObject memory leaks in macOS CertificateChain, data races in macOS
keychain lazy initialization, a C string leak in `launchdSocket`, a C array
leak in `getProviderParam` on Windows, and incorrect certificate store search
order on Windows (#656, #694, #699, #704).
* **Certloader safety improvements.** Replaced `unsafe.Pointer` with
`atomic.Pointer[T]` in certloader (#677), extracted shared `baseCertificate`
struct to reduce duplication (#679), and improved error context in PKCS#11
code paths (#690).
* **Dependency cleanup.** Removed the `certigo` dependency, switched to
`smallstep/pkcs7` (#664), and replaced `github.com/pkg/errors` with stdlib
`errors` and `fmt` (#684). Various dependency upgrades via Dependabot.

## Testing Improvements

* **Windows integration testing.** The integration test suite can now run on
Windows (#695), and we added a number of new unit and integration tests for
better coverage of features like platform keychain identities.
* **Faster & better integration test suite.** Parallelized integration tests with
dynamic port allocation and improved timeout handling, significantly reducing
test suite runtime (#662, #703). Skipped tests now report SKIP status with
a reason (#696).
* **New unit and integration tests.** Added unit and integration tests for
keychain handling, certstore reload paths, and edge cases across multiple
packages (#697, #700, #702).

## Other

* **Website.** Launched project website on ghostunnel.dev and made
comprehensive documentation improvements (#657, #659, #704, #707).
Loading