Releases: DefGuard/proxy
v2.0.0-alpha2
🎉 Welcome to Defguard 2.0 Alpha 2 🎉
📖 A comprehensive list of the changes implemented since Alpha 1 is documented in detail here: https://defguard.net/blog/defguard-2-0-release-alpha-2/
🛠️ We also highly recommend reviewing our detailed technical overview of all changes and the comprehensive showcase of all features in this article.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
Detailed Changes
- Disable latest Docker tag in release workflow by @wojcik91 in #221
- Disable APT repository signing/upload by @jakub-tldr in #225
- Core certificate authority, part 1: Proxy by @t-aleksander in #223
- Multiproxy private cookies by @j-chmielewski in #229
- http healthcheck endpoints always respond by @j-chmielewski in #234
- Cookie key proto by @j-chmielewski in #235
- Implement proxy wizard by @t-aleksander in #233
- Implement remote MFA with new, separate RPC message by @j-chmielewski in #238
- Fix proxy healthceck endpoint availability when waiting for setup by @t-aleksander in #239
- include lsb_release in Docker image by @wojcik91 in #240
- bump version 2.0.0 by @wojcik91 in #248
- Crl by @j-chmielewski in #250
- Open desktop app page by @moubctez in #254
- More user friendly certificate permission denied errors by @t-aleksander in #256
- deprecate callback/redirect URL settings by @wojcik91 in #255
- Use proper file permission for certificates by @moubctez in #257
- Unadopted UI by @j-chmielewski in #259
- Prepare Alpha Two by @moubctez in #260
Full Changelog: v1.6.0...v2.0.0-alpha2
Contributors
Assets 7
v1.6.3
This is a patch for the major 1.6 release.
It includes dependency updates to resolve the following CVEs:
What's Changed
Other Changes
Full Changelog: v1.6.2...v1.6.3
Contributors
Assets 11
v2.0.0-alpha1
wojcik91
Maciek
🎉 Welcome to Defguard 2.0 Alpha 1 🎉
First of all, this is an actual alpha, not meant for production, but a technology preview of what’s to come, hopefully in a month, when the stable release should be ready.
2.0 is a major overhaul, featuring a completely redesigned UI/UX, secure reverse Core-to-Gateway communication with a built-in SSL certificate authority, automated deployment and session management, and initial high-availability support, laying a solid foundation for easier, safer, and more manageable on-premise deployments.
🛠️ We highly recommend that you get familiar with a detailed technical overview of all changes and a comprehensive showcase of all features in this blog post.
🚀Here you can find a quick tutorial on how to quickly launch 2.0α with Docker Compose.
We want to get as much feedback as possible, so we encourage you to:
💬 open a GitHub discussion
🪲 report any missing features or bugs as issues
What's Changed
- Disable latest Docker tag in release workflow by @wojcik91 in #221
- Disable APT repository signing/upload by @jakub-tldr in #225
- Core certificate authority, part 1: Proxy by @t-aleksander in #223
- Multiproxy private cookies by @j-chmielewski in #229
- http healthcheck endpoints always respond by @j-chmielewski in #234
- Cookie key proto by @j-chmielewski in #235
- Implement proxy wizard by @t-aleksander in #233
- Implement remote MFA with new, separate RPC message by @j-chmielewski in #238
- Fix proxy healthceck endpoint availability when waiting for setup by @t-aleksander in #239
- include lsb_release in Docker image by @wojcik91 in #240
- bump version 2.0.0 by @wojcik91 in #248
- binary build fix by @wojcik91 in #249
Full Changelog: v1.6.0...v2.0.0-alpha1
Contributors
Assets 7
v1.6.2
This is a patch for the major 1.6 release.
What's Changed
Other Changes
- Update APT repository on full release/pre-release by @jakub-tldr in #228
- add gh cli dependency by @jakub-tldr in #230
- add missing character by @jakub-tldr in #232
- update dependencies to resolve outstanding CVEs by @wojcik91 in #241
Full Changelog: v1.6.1...v1.6.2
Contributors
Assets 11
v1.6.1
This is a patch for the major 1.6 release.
What's Changed
Other Changes
- update dependencies & prepare 1.6.1 release by @wojcik91 in #226
- Disable APT repository signing/uploads by @jakub-tldr in #224
Full Changelog: v1.6.0...v1.6.1
Contributors
Assets 11
v1.6.0
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
🚗 Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - with native Wireguard networking based on WireguardNT. Please read the migration docs.
MacOS Desktop Client introduces native Swift/macOS VPN implementation and is published in Apple macOS Store officially.
🖥️ All desktop Clients now have a new MTU setting available.
🚦 Introducing Client Traffic Policy Selection. This lets administrators define whether VPN clients can choose their routing mode or are forced to use a specific traffic policy, such as routing all traffic through the VPN or only predefined traffic.
What's Changed
- Release 1.5 merger by @wojcik91 in #166
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #159
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #167
- Fix enrollment phone number validation by @j-chmielewski in #168
- Web next wip by @filipslezaklab in #170
- Merge main into dev after 1.5.1 release by @j-chmielewski in #172
- Create SBOM files by @j-chmielewski in #173
- CI: scan code with trivy by @j-chmielewski in #174
- Handle not found error by @moubctez in #175
- Periodic sbom regeneration by @j-chmielewski in #176
- ui update by @filipslezaklab in #177
- Merge SBOM CI pipelines into main by @j-chmielewski in #178
- handle openid callback by @filipslezaklab in #179
- webnext update by @filipslezaklab in #181
- Health check rename by @jakub-tldr in #182
- add favicon by @filipslezaklab in #183
- use update service api for client links by @filipslezaklab in #184
- footer update by @filipslezaklab in #185
- Always add x-powered-by HTTP header by @moubctez in #186
- handle update service fallback by @filipslezaklab in #187
- e2e webnext update by @filipslezaklab in #188
- Reorder pages by @filipslezaklab in #189
- add icon warning by @filipslezaklab in #190
- fix info banner by @filipslezaklab in #192
- ui as module by @filipslezaklab in #193
- add debian security repo for main packages by @filipslezaklab in #194
- webnext to web by @filipslezaklab in #195
- Main to dev by @filipslezaklab in #196
- UI 2.0 by @filipslezaklab in #197
- add missing openid routes by @filipslezaklab in #201
- Release/1.6 alpha by @wojcik91 in #202
- APT uploading/signing workflow by @jakub-tldr in #200
- List apt directory by @jakub-tldr in #203
- List whole directory by @jakub-tldr in #206
- Service locations (Pre-logon, Always-on) by @t-aleksander in #207
- Merge main into dev before 1.6 release by @j-chmielewski in #208
- Basic client version reporting by @t-aleksander in #209
- Remove AMI building by @t-aleksander in #211
- Implement "force all traffic" enterprise setting by @j-chmielewski in #212
New Contributors
- @jakub-tldr made their first contribution in #182
Full Changelog: v1.5.1...v1.6.0
Contributors
Assets 11
v1.6.0-rc1
t-aleksander
Aleksander
⚠️ ⚠️ ⚠️ ⚠️ ⚠️ This is a release candidate which is not compatible with 1.5.x ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
What's Changed
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
🚗 Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - see the client 1.6 alpha releases with native Wireguard networking based on WireguardNT. Please read the migration docs.
MacOS Desktop Client introduces native Swift/macOS VPN implementation and will soon be published in Apple macOS Store officially. TestFlight URL: https://testflight.apple.com/join/d4MvaBgw.
🖥️ All desktop Clients now have a new MTU setting available.
Other Changes
- Remove AMI building by @t-aleksander in #211
- Implement "force all traffic" enterprise setting by @j-chmielewski in #212
Full Changelog: v1.6.0-alpha5...v1.6.0-rc1
Contributors
Assets 7
v1.6.0-alpha6
⚠️ This is a pre-release that requires Defguard Core min. v1.5.2 - please help us test and stabilize the release 🫡
This release upgrades the Enrollment Process with a completely new UI and UX, featuring a major redesign, the ability to download clients directly from the process, and several other improvements:
Additionally, we have deprecated the Enrollment Wizard (used for setting up passwords and adding a WireGuard® device) in the Proxy. The Enrollment Wizard is now only available on the Desktop Client, with plans to bring it to Mobile apps in the future.
Detailed changes
- Release 1.5 merger by @wojcik91 in #166
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #159
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #167
- Fix enrollment phone number validation by @j-chmielewski in #168
- Web next wip by @filipslezaklab in #170
- Merge main into dev after 1.5.1 release by @j-chmielewski in #172
- Create SBOM files by @j-chmielewski in #173
- CI: scan code with trivy by @j-chmielewski in #174
- Handle not found error by @moubctez in #175
- Periodic sbom regeneration by @j-chmielewski in #176
- ui update by @filipslezaklab in #177
- Merge SBOM CI pipelines into main by @j-chmielewski in #178
- handle openid callback by @filipslezaklab in #179
- webnext update by @filipslezaklab in #181
- Health check rename by @jakub-tldr in #182
- add favicon by @filipslezaklab in #183
- use update service api for client links by @filipslezaklab in #184
- footer update by @filipslezaklab in #185
- Always add x-powered-by HTTP header by @moubctez in #186
- handle update service fallback by @filipslezaklab in #187
- e2e webnext update by @filipslezaklab in #188
- Reorder pages by @filipslezaklab in #189
- add icon warning by @filipslezaklab in #190
- fix info banner by @filipslezaklab in #192
- ui as module by @filipslezaklab in #193
- add debian security repo for main packages by @filipslezaklab in #194
- webnext to web by @filipslezaklab in #195
- Main to dev by @filipslezaklab in #196
- UI 2.0 by @filipslezaklab in #197
- add missing openid routes by @filipslezaklab in #201
- Release/1.6 alpha by @wojcik91 in #202
- APT uploading/signing workflow by @jakub-tldr in #200
- List apt directory by @jakub-tldr in #203
- List whole directory by @jakub-tldr in #206
- Service locations (Pre-logon, Always-on) by @t-aleksander in #207
- Merge main into dev before 1.6 release by @j-chmielewski in #208
- Basic client version reporting by @t-aleksander in #209
- Remove AMI building by @t-aleksander in #211
- Implement "force all traffic" enterprise setting by @j-chmielewski in #212
Full Changelog: v1.5.1...v1.6.0-alpha6
Contributors
Assets 7
v1.6.0-alpha5
wojcik91
Maciek
⚠️ ⚠️ ⚠️ ⚠️ ⚠️ This is an alpha release which is not compatible with 1.5.x ⚠️ ⚠️ ⚠️ ⚠️ ⚠️ ⚠️
What's Changed
This release focuses on easy installation and automatic configuration of Desktop clients (for large environments/rollouts), including:
🛠️ Introducing service locations on Windows Desktop clients allowing users to connect to a location that, for example, provides access to a remote Active Directory before the computer’s login screen, enabling authentication against AD.
🚗 Introducing Desktop Client Auto Provisioning - on all platforms, additionally for Windows Client we introduced automated enrollment for Active Directory as well as EntraID enrollment.
🪟 Windows Desktop Client has finally an MSI package - see the client 1.6 alpha releases with native Wireguard networking based on WireguardNT. Please read the migration docs.
MacOS Desktop Client introduces native Swift/macOS VPN implementation and will soon be published in Apple macOS Store officially. TestFlight URL: https://testflight.apple.com/join/d4MvaBgw.
🖥️ All desktop Clients now have a new MTU setting available.
Other Changes
- APT uploading/signing workflow by @jakub-tldr in #200
- List apt directory by @jakub-tldr in #203
- List whole directory by @jakub-tldr in #206
- Service locations (Pre-logon, Always-on) by @t-aleksander in #207
- Merge main into dev before 1.6 release by @j-chmielewski in #208
- Basic client version reporting by @t-aleksander in #209
Full Changelog: v1.6.0-alpha2...v1.6.0-alpha5
Contributors
Assets 7
v1.6.0-alpha2
wojcik91
Maciek
⚠️ This is a pre-release that requires Defguard Core min. v1.5.2 - please help us test and stabilize the release 🫡
This release upgrades the Enrollment Process with a completely new UI and UX, featuring a major redesign, the ability to download clients directly from the process, and several other improvements:
Additionally, we have deprecated the Enrollment Wizard (used for setting up passwords and adding a WireGuard® device) in the Proxy. The Enrollment Wizard is now only available on the Desktop Client, with plans to bring it to Mobile apps in the future.
Detailed changes
- Release 1.5 merger by @wojcik91 in #166
- Fixes pentest issue DG25-16 from 2025-09-02 by @j-chmielewski in #159
- Fixes pentest issue DG25-14 from 2025-09-02 by @moubctez in #167
- Fix enrollment phone number validation by @j-chmielewski in #168
- Web next wip by @filipslezaklab in #170
- Merge main into dev after 1.5.1 release by @j-chmielewski in #172
- Create SBOM files by @j-chmielewski in #173
- CI: scan code with trivy by @j-chmielewski in #174
- Handle not found error by @moubctez in #175
- Periodic sbom regeneration by @j-chmielewski in #176
- ui update by @filipslezaklab in #177
- Merge SBOM CI pipelines into main by @j-chmielewski in #178
- handle openid callback by @filipslezaklab in #179
- webnext update by @filipslezaklab in #181
- Health check rename by @jakub-tldr in #182
- add favicon by @filipslezaklab in #183
- use update service api for client links by @filipslezaklab in #184
- footer update by @filipslezaklab in #185
- Always add x-powered-by HTTP header by @moubctez in #186
- handle update service fallback by @filipslezaklab in #187
- e2e webnext update by @filipslezaklab in #188
- Reorder pages by @filipslezaklab in #189
- add icon warning by @filipslezaklab in #190
- fix info banner by @filipslezaklab in #192
- ui as module by @filipslezaklab in #193
- add debian security repo for main packages by @filipslezaklab in #194
- webnext to web by @filipslezaklab in #195
- Main to dev by @filipslezaklab in #196
- UI 2.0 by @filipslezaklab in #197
- add missing openid routes by @filipslezaklab in #201
- Release/1.6 alpha by @wojcik91 in #202
New Contributors
- @jakub-tldr made their first contribution in #182
Full Changelog: v1.5.1...v1.6.0-alpha2