Skip to content

v0.17.0
Compare
Choose a tag to compare
@github-actions github-actions released this 26 Nov 11:07
· 638 commits to main since this release
v0.17.0
eb072a1

BREAKING

  • noise.private_key_path has been added and is required for the new noise protocol.
  • Log level option log_level was moved to a distinct log config section and renamed to level #768
  • Removed Alpine Linux container image #962

Important Changes

  • Added support for Tailscale TS2021 protocol #738
  • Add experimental support for SSH ACL (see docs for limitations) #847
    • Please note that this support should be considered partially implemented
    • SSH ACLs status:
      • Support accept and check (SSH can be enabled and used for connecting and authentication)
      • Rejecting connections are not supported, meaning that if you enable SSH, then assume that all ssh connections will be allowed.
      • If you decied to try this feature, please carefully managed permissions by blocking port 22 with regular ACLs or do not set --ssh on your clients.
      • We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
    • This feature should be considered dangerous and it is disabled by default. Enable by setting HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1.

Changes

  • Add ability to specify config location via env var HEADSCALE_CONFIG #674
  • Target Go 1.19 for Headscale #778
  • Target Tailscale v1.30.0 to build Headscale #780
  • Give a warning when running Headscale with reverse proxy improperly configured for WebSockets #788
  • Fix subnet routers with Primary Routes #811
  • Added support for JSON logs #653
  • Sanitise the node key passed to registration url #823
  • Add support for generating pre-auth keys with tags #767
  • Add support for evaluating autoApprovers ACL entries when a machine is registered #763
  • Add config flag to allow Headscale to start if OIDC provider is down #829
  • Fix prefix length comparison bug in AutoApprovers route evaluation #862
  • Random node DNS suffix only applied if names collide in namespace. #766
  • Remove ip_prefix configuration option and warning #899
  • Add dns_config.override_local_dns option #905
  • Fix some DNS config issues #660
  • Make it possible to disable TS2019 with build flag #928
  • Fix OIDC registration issues #960 and #971
  • Add support for specifying NextDNS DNS-over-HTTPS resolver #940
  • Make more sslmode available for postgresql connection #927

Commits

  • c28ca27 Add SSH ACL to changelog
  • 52a323b Add SSH capability advertisement
  • d4e3bf1 Add experimental flag to unit test
  • c6d3174 Add feature flag for SSH, and warning
  • cfaa36e Add method to expose container id
  • e28d308 Add negative tests
  • 36b8862 Add notes about current ssh status
  • 91ed6e2 Allow WithEnv to be passed multiple times
  • 8a79c2e Do not retry on permission denied in ssh
  • 22da5bf Enable SSH for tests
  • d207c30 Ensure we have ssh in container
  • 3695284 Make simple initial test case
  • d71aef3 Mark all tests with Parallel
  • c02e105 Mark the flag properly experimental
  • 519f22f SSH integration test setup
  • fd6d25b SSH: Lint and typos
  • f610be6 SSH: add test between namespaces
  • f34e7c3 Strip newline from hostname
  • eb072a1 mark some changes as more important
Assets 7
Loading