Commit Graph

29 Commits

Author SHA1 Message Date
Hillwood Yang 59d512a293 fix: CVE-2024-45337: cloudflared: golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass ingolang.org/x/crypto 2024-12-14 19:17:51 +08:00
João "Pisco" Fernandes 66efd3f2bb TUN-8407: Upgrade go to version 1.22.2 2024-05-07 16:58:57 +01:00
Devin Carr 687682120c TUN-8333: Bump go-jose dependency to v4 2024-04-10 09:49:40 -07:00
chungthuang 8e69f41833 TUN-7934: Update quic-go to a version that queues datagrams for better throughput and drops large datagram
Remove TestUnregisterUdpSession
2024-01-03 13:01:01 +00:00
Chung-Ting 12dd91ada1 TUN-8052: Update go to 1.21.5
Also update golang.org/x/net and google.golang.org/grpc to fix vulnerabilities,
although cloudflared is using them in a way that is not exposed to those risks
2023-12-15 12:17:21 +00:00
Devin Carr 81fe0bd12b TUN-7628: Correct Host parsing for Access
Will no longer provide full hostname with path from provided
`--hostname` flag for cloudflared access to the Host header field.
This addresses certain issues caught from a security fix in go
1.19.11 and 1.20.6 in the net/http URL parsing.
2023-07-25 09:33:11 -07:00
Devin Carr 1b0b6bf7a8 TUN-7589: Remove legacy golang.org/x/crypto/ssh/terminal package usage
Package has been moved to golang.org/x/term
2023-07-17 19:02:15 +00:00
Devin Carr 38cd455e4d TUN-7373: Streaming logs override for same actor
To help accommodate web browser interactions with websockets, when a
streaming logs session is requested for the same actor while already
serving a session for that user in a separate request, the original
request will be closed and the new request start streaming logs
instead. This should help with rogue sessions holding on for too long
with no client on the other side (before idle timeout or connection
close).
2023-04-21 11:54:37 -07:00
Devin Carr 207f4e2c8d TUN-7066: Bump coredns to v1.10.0
closes #857
2023-01-26 09:30:08 -08:00
Devin Carr 1fe4878264 TUN-6937: Bump golang.org/x/* packages to new release tags 2022-11-14 17:25:11 +00:00
Bas Westerbaan 11cbff4ff7 RTG-1339 Support post-quantum hybrid key exchange
Func spec: https://wiki.cfops.it/x/ZcBKHw
2022-09-07 19:32:53 +00:00
Nuno Diegues e8fe34773c TUN-6158: Update golang.org/x/crypto 2022-05-02 09:34:39 +01:00
cthuang 2ca4633f89 TUN-5286: Upgrade crypto/ssh package to fix CVE-2020-29652 2021-10-22 16:50:35 +00:00
Sudarsan Reddy ed024d0741 TUN-4597: Add a QUIC server skeleton
- Added a QUIC server to accept streams
- Unit test for this server also tests ALPN
- Temporary echo capability for HTTP ConnectionType
2021-08-03 10:03:47 +00:00
Igor Postelnik a8ae6de213 TUN-3924: Removed db-connect command. Added a placeholder handler for this command that informs users that command is no longer supported. 2021-02-17 20:13:51 -06:00
Adam Chalmers a99780ed9d TUN-3161: Upgrade golang.org/x/ deps 2020-07-06 16:42:48 +00:00
Adam Chalmers 6e761cb7ae TUN-3090: Upgrade crypto dep 2020-06-12 00:03:09 -05:00
Areg Harutyunyan 6624a24040 TUN-2748: Insecure randomness vulnerability in github.com/miekg/dns 2020-03-05 13:52:45 +00:00
Ashcon Partovi 759cd019be Add db-connect, a SQL over HTTPS server 2019-11-12 20:34:39 +00:00
Michael Borkenstein 91d9dca34e AUTH-2105: Adds support for local forwarding. Refactor auditlogger creation.
AUTH-2088: Adds dynamic destination routing
2019-10-10 15:25:03 -05:00
Adam Chalmers 4e1df1a211 TUN-2243: Revert "STOR-519: Add db-connect, a SQL over HTTPS server"
This reverts commit 5da2109811.
2019-08-26 16:50:12 -05:00
Ashcon Partovi 5da2109811 STOR-519: Add db-connect, a SQL over HTTPS server 2019-08-20 13:13:29 -05:00
Austin Cherry fa17b0200f AUTH-1557: Short Lived Certs 2019-05-07 11:21:11 -05:00
Areg Harutyunyan bab7583a97 TUN-1734: Pin packages at exact versions 2019-04-17 18:16:56 -05:00
Areg Harutyunyan ca9902a8d1 TUN-1099: Bring back changes in 2018.10.1 2018-10-08 14:20:28 -05:00
Areg Harutyunyan faeba02e57 TUN-1093: Revert cloudflared to 2018.8.0 2018-10-06 14:30:51 -05:00
Austin Cherry 4f04f35bd1 AUTH-910, AUTH-1049, AUTH-1068, AUTH-1056: Generate and store Access tokens with E2EE option, curl/cmd wrapper 2018-09-28 16:05:15 -05:00
Areg Harutyunyan 0468866626 TUN-813: Clean up cloudflared dependencies 2018-07-24 18:07:02 -05:00
Areg Harutyunyan d06fc520c7 TUN-528: Move cloudflared into a separate repo 2018-07-19 15:02:24 -05:00