de07da02cd 
								
							 
						 
						
							
							
								
								TUN-6772: Add a JWT Validator as an ingress verifier  
							
							... 
							
							
							
							This adds a new verifier interface that can be attached to ingress.Rule.
This would act as a middleware layer that gets executed at the start of
proxy.ProxyHTTP.
A jwt validator implementation for this verifier is also provided. The
validator downloads the public key from the access teams endpoint and
uses it to verify the JWT sent to cloudflared with the audtag (clientID)
information provided in the config. 
							
						 
						
							2022-09-22 08:42:25 +00:00  
				
					
						
							
							
								 
						
							
								11cbff4ff7 
								
							 
						 
						
							
							
								
								RTG-1339 Support post-quantum hybrid key exchange  
							
							... 
							
							
							
							Func spec: https://wiki.cfops.it/x/ZcBKHw  
							
						 
						
							2022-09-07 19:32:53 +00:00  
				
					
						
							
							
								 
						
							
								bad2e8e812 
								
							 
						 
						
							
							
								
								TUN-6666: Define packet package  
							
							... 
							
							
							
							This package defines IP and ICMP packet, decoders, encoder and flow 
							
						 
						
							2022-08-24 11:36:57 +01:00  
				
					
						
							
							
								 
						
							
								065d8355c5 
								
							 
						 
						
							
							
								
								TUN-6637: Upgrade quic-go  
							
							
							
						 
						
							2022-08-10 14:13:19 +00:00  
				
					
						
							
							
								 
						
							
								046a30e3c7 
								
							 
						 
						
							
							
								
								TUN-6637: Upgrade go version and quic-go  
							
							
							
						 
						
							2022-08-08 15:49:10 +01:00  
				
					
						
							
							
								 
						
							
								2a177e0fc4 
								
							 
						 
						
							
							
								
								TUN-6583: Remove legacy --ui flag  
							
							
							
						 
						
							2022-07-20 16:17:29 -07:00  
				
					
						
							
							
								 
						
							
								475939a77f 
								
							 
						 
						
							
							
								
								TUN-6191: Update quic-go to v0.27.1 and with custom patch to allow keep alive period to be configurable  
							
							... 
							
							
							
							The idle period is set to 5sec.
We now also ping every second since last activity.
This makes the quic.Connection less prone to being closed with
no network activity, since we send multiple pings per idle
period, and thus a single packet loss cannot cause the problem. 
							
						 
						
							2022-06-07 12:25:18 +01:00  
				
					
						
							
							
								 
						
							
								5e6f606f4e 
								
							 
						 
						
							
							
								
								TUN-6293: Update yaml v3 to latest hotfix  
							
							... 
							
							
							
							This addresses https://security.snyk.io/vuln/SNYK-GOLANG-GOPKGINYAMLV3-2841557 
by updating yaml v3 to latest version.
It also stops using yaml v2 directly (we were using both v2 and v3 mixed).
We still rely on yaml v2 indirectly, via urfave cli, though.
Note that the security vulnerability does not affect v2. 
							
						 
						
							2022-05-30 17:38:55 +00:00  
				
					
						
							
							
								 
						
							
								def8f57dbc 
								
							 
						 
						
							
							
								
								TUN-5989: Add in-memory otlp exporter  
							
							
							
						 
						
							2022-04-11 19:38:01 +00:00  
				
					
						
							
							
								 
						
							
								b12272529f 
								
							 
						 
						
							
							
								
								TUN-5995: Update prometheus to 1.12.1 to avoid vulnerabilities  
							
							
							
						 
						
							2022-04-06 11:13:12 +00:00  
				
					
						
							
							
								 
						
							
								9422ea8ed8 
								
							 
						 
						
							
							
								
								CC-796: Remove dependency on unsupported version of go-oidc  
							
							
							
						 
						
							2022-03-18 18:16:10 +00:00  
				
					
						
							
							
								 
						
							
								05b903a32e 
								
							 
						 
						
							
							
								
								Revert "CC-796: Remove dependency on unsupported version of go-oidc"  
							
							... 
							
							
							
							This reverts commit 0899d6a136 
							
						 
						
							2022-03-18 10:03:58 +00:00  
				
					
						
							
							
								 
						
							
								0899d6a136 
								
							 
						 
						
							
							
								
								CC-796: Remove dependency on unsupported version of go-oidc  
							
							
							
						 
						
							2022-03-07 21:48:30 +00:00  
				
					
						
							
							
								 
						
							
								8a5343d0a5 
								
							 
						 
						
							
							
								
								TUN-5675: Remove github.com/dgrijalva/jwt-go dependency by upgrading coredns version  
							
							
							
						 
						
							2022-01-25 15:24:13 +00:00  
				
					
						
							
							
								 
						
							
								74556bcd7d 
								
							 
						 
						
							
							
								
								TUN-5547: Bump golang x/net package to fix http2 transport bugs  
							
							
							
						 
						
							2022-01-17 11:13:25 +00:00  
				
					
						
							
							
								 
						
							
								6fa58aadba 
								
							 
						 
						
							
							
								
								TUN-5623: Configure quic max datagram frame size to 1350 bytes for none Windows platforms  
							
							
							
						 
						
							2022-01-11 14:55:43 +00:00  
				
					
						
							
							
								 
						
							
								e71b88fcaa 
								
							 
						 
						
							
							
								
								TUN-5408: Update quic package to v0.24.0  
							
							
							
						 
						
							2021-11-10 22:10:38 +00:00  
				
					
						
							
							
								 
						
							
								ff7c48568c 
								
							 
						 
						
							
							
								
								TUN-5261: Collect QUIC metrics about RTT, packets and bytes transfered and log events at tracing level  
							
							
							
						 
						
							2021-10-21 15:26:57 +01:00  
				
					
						
							
							
								 
						
							
								d54c8cc745 
								
							 
						 
						
							
							
								
								TUN-5129: Use go 1.17 and copy .git folder to docker build to compute version  
							
							
							
						 
						
							2021-09-21 15:50:35 +00:00  
				
					
						
							
							
								 
						
							
								414cb12f02 
								
							 
						 
						
							
							
								
								TUN-4961: Update quic-go to latest  
							
							... 
							
							
							
							- Updates fips-go to be the latest on cfsetup.yaml
- Updates sumtype's x/tools to be latest to avoid Internal: nil pkg
  errors with fips. 
							
						 
						
							2021-08-27 12:26:00 +01:00  
				
					
						
							
							
								 
						
							
								1082ac1c36 
								
							 
						 
						
							
							
								
								TUN-4922: Downgrade quic-go library to 0.20.0  
							
							
							
						 
						
							2021-08-13 15:45:13 +01:00  
				
					
						
							
							
								 
						
							
								ed024d0741 
								
							 
						 
						
							
							
								
								TUN-4597: Add a QUIC server skeleton  
							
							... 
							
							
							
							- Added a QUIC server to accept streams
- Unit test for this server also tests ALPN
- Temporary echo capability for HTTP ConnectionType 
							
						 
						
							2021-08-03 10:03:47 +00:00  
				
					
						
							
							
								 
						
							
								9018ee5d5e 
								
							 
						 
						
							
							
								
								TUN-4116: Ingore credentials-file setting in configuration file during tunnel create and delete opeations.  
							
							... 
							
							
							
							This change has two parts:
1. Update to newer version of the urfave/cli fork that correctly sets flag value along the context hierarchy while respecting config file overide behavior of the most specific instance of the flag.
2. Redefine --credentials-file flag so that create and delete subcommand don't use value from the config file. 
							
						 
						
							2021-03-24 08:15:36 -05:00  
				
					
						
							
							
								 
						
							
								6db934853d 
								
							 
						 
						
							
							
								
								TUN-3963: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands.  
							
							
							
						 
						
							2021-02-24 20:04:59 +00:00  
				
					
						
							
							
								 
						
							
								b4700a52e3 
								
							 
						 
						
							
							
								
								TUN-3725: Warp-routing is independent of ingress  
							
							... 
							
							
							
							- Changed warp-routing configuration to its own yaml.
    - Ingress Rules host matching is indepedent of warp-routing. 
							
						 
						
							2021-02-23 14:19:47 +00:00  
				
					
						
							
							
								 
						
							
								9d5bd256be 
								
							 
						 
						
							
							
								
								TUN-3964: Revert "TUN-3922: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands."  
							
							... 
							
							
							
							This reverts commit 1670ee87fb 
							
						 
						
							2021-02-23 12:32:07 +00:00  
				
					
						
							
							
								 
						
							
								1670ee87fb 
								
							 
						 
						
							
							
								
								TUN-3922: Repoint urfave/cli/v2 library at patched branch at github.com/ipostelnik/cli/v2@fixed which correctly handles reading flags declared at multiple levels of subcommands.  
							
							
							
						 
						
							2021-02-18 18:12:20 +00:00  
				
					
						
							
							
								 
						
							
								a8ae6de213 
								
							 
						 
						
							
							
								
								TUN-3924: Removed db-connect command. Added a placeholder handler for this command that informs users that command is no longer supported.  
							
							
							
						 
						
							2021-02-17 20:13:51 -06:00  
				
					
						
							
							
								 
						
							
								6852047ef1 
								
							 
						 
						
							
							
								
								TUN-3747: Fix logging in Windows  
							
							
							
						 
						
							2021-01-13 23:23:31 +00:00  
				
					
						
							
							
								 
						
							
								9bc1c0c70b 
								
							 
						 
						
							
							
								
								TUN-3472: Set up rolling logger with zerolog and lumberjack  
							
							
							
						 
						
							2020-12-23 14:15:37 -06:00  
				
					
						
							
							
								 
						
							
								870f5fa907 
								
							 
						 
						
							
							
								
								TUN-3470: Replace in-house logger calls with zerolog  
							
							
							
						 
						
							2020-12-23 14:15:17 -06:00  
				
					
						
							
							
								 
						
							
								06404bf3e8 
								
							 
						 
						
							
							
								
								TUN-3650: Remove unused awsuploader package  
							
							
							
						 
						
							2020-12-15 18:02:17 +01:00  
				
					
						
							
							
								 
						
							
								6b86f81c4a 
								
							 
						 
						
							
							
								
								TUN-3403: Unit test for origin/proxy to test serving HTTP and Websocket  
							
							
							
						 
						
							2020-11-11 15:12:15 +00:00  
				
					
						
							
							
								 
						
							
								6886e5f90a 
								
							 
						 
						
							
							
								
								TUN-3467: Serialize cf-cloudflared-response-meta during package initialization using jsoniter  
							
							
							
						 
						
							2020-11-11 15:11:42 +00:00  
				
					
						
							
							
								 
						
							
								d8ebde37ca 
								
							 
						 
						
							
							
								
								TUN-3201: Create base cloudflared UI structure  
							
							
							
						 
						
							2020-09-17 11:52:07 +04:00  
				
					
						
							
							
								 
						
							
								741cd66c9e 
								
							 
						 
						
							
							
								
								TUN-3375: Upgrade coredns and prometheus dependencies  
							
							
							
						 
						
							2020-09-09 13:14:38 -05:00  
				
					
						
							
							
								 
						
							
								7acea1ac99 
								
							 
						 
						
							
							
								
								TUN-3375: Upgrade x/text and gorilla websocket deps  
							
							
							
						 
						
							2020-09-09 12:07:35 -05:00  
				
					
						
							
							
								 
						
							
								a7562dff68 
								
							 
						 
						
							
							
								
								TUN-3233: List tunnels support filtering by deleted, name, existed at and id  
							
							
							
						 
						
							2020-08-07 10:09:26 +01:00  
				
					
						
							
							
								 
						
							
								046be63253 
								
							 
						 
						
							
							
								
								AUTH-2596 added new logger package and replaced logrus  
							
							
							
						 
						
							2020-05-27 17:07:19 -05:00  
				
					
						
							
							
								 
						
							
								2cf327ba01 
								
							 
						 
						
							
							
								
								TUN-2943: Copy certutil from edge into cloudflared  
							
							
							
						 
						
							2020-05-04 17:37:29 -05:00  
				
					
						
							
							
								 
						
							
								41c358147c 
								
							 
						 
						
							
							
								
								AUTH-2587 add config watcher and reload logic for access client forwarder  
							
							
							
						 
						
							2020-04-29 11:07:35 -05:00  
				
					
						
							
							
								 
						
							
								6624a24040 
								
							 
						 
						
							
							
								
								TUN-2748: Insecure randomness vulnerability in github.com/miekg/dns  
							
							
							
						 
						
							2020-03-05 13:52:45 +00:00  
				
					
						
							
							
								 
						
							
								759cd019be 
								
							 
						 
						
							
							
								
								Add db-connect, a SQL over HTTPS server  
							
							
							
						 
						
							2019-11-12 20:34:39 +00:00  
				
					
						
							
							
								 
						
							
								13bf65ce4e 
								
							 
						 
						
							
							
								
								TUN-2506: Expose active streams metrics  
							
							
							
						 
						
							2019-11-07 14:09:31 -06:00  
				
					
						
							
							
								 
						
							
								e5335b6c1b 
								
							 
						 
						
							
							
								
								TUN-2502: Switch to go modules  
							
							
							
						 
						
							2019-11-04 15:05:02 -06:00  
				
					
						
							
							
								 
						
							
								91d9dca34e 
								
							 
						 
						
							
							
								
								AUTH-2105: Adds support for local forwarding. Refactor auditlogger creation.  
							
							... 
							
							
							
							AUTH-2088: Adds dynamic destination routing 
							
						 
						
							2019-10-10 15:25:03 -05:00  
				
					
						
							
							
								 
						
							
								f130e6d4d7 
								
							 
						 
						
							
							
								
								AUTH-2021 - s3 bucket uploading for SSH logs  
							
							
							
						 
						
							2019-08-29 16:54:54 -05:00  
				
					
						
							
							
								 
						
							
								baec3e289e 
								
							 
						 
						
							
							
								
								AUTH-2018: Adds support for authorized keys and short lived certs  
							
							
							
						 
						
							2019-08-28 09:58:42 -05:00  
				
					
						
							
							
								 
						
							
								4e1df1a211 
								
							 
						 
						
							
							
								
								TUN-2243: Revert "STOR-519: Add db-connect, a SQL over HTTPS server"  
							
							... 
							
							
							
							This reverts commit 5da2109811 
							
						 
						
							2019-08-26 16:50:12 -05:00  
				
					
						
							
							
								 
						
							
								30c9e2af9b 
								
							 
						 
						
							
							
								
								AUTH-1941: Adds initial SSH server implementation  
							
							
							
						 
						
							2019-08-21 15:49:03 -05:00