Geo-scale, next-generation peer-to-peer sharing platform built on top of OpenZiti.
APACHE-2.0 License
Bot releases are visible (Hide)
FIX: Fix to the Node.js release process to properly support releasing on a tag.
Also includes v0.4.29
:
FIX: Backed out an incorrect change to support a FreeBSD port in progress.
And includes v0.4.28
:
FEATURE: Node.js support for the zrok SDK (https://github.com/openziti/zrok/issues/400)
FEATURE: A Docker Compose project for self-hosting a zrok instance and accompanying Docker guide for more information.
CHANGE: the container images run as "ziggy" (UID 2171) instead of the generic restricted user "nobody" (UID 65534). This reduces the risk of unexpected file permissions when binding the Docker host's filesystem to a zrok container.
CHANGE: the Docker sharing guides were simplified and expanded
Published by github-actions[bot] 6 months ago
(v0.4.29
is a re-run of v0.4.28
with a FreeBSD port-related modification removed)
FEATURE: Node.js support for the zrok SDK (https://github.com/openziti/zrok/issues/400)
FEATURE: A Docker Compose project for self-hosting a zrok instance and accompanying Docker guide for more information.
CHANGE: the container images run as "ziggy" (UID 2171) instead of the generic restricted user "nobody" (UID 65534). This reduces the risk of unexpected file permissions when binding the Docker host's filesystem to a zrok container.
CHANGE: the Docker sharing guides were simplified and expanded
Published by github-actions[bot] 6 months ago
FEATURE: New vpn
backend mode. Use sudo zrok share private --backend-mode vpn
on the VPN server host, then sudo zrok access private <token>
on VPN client machine. Works with reserved shares using zrok reserve private --backend-mode vpn
. Use <target>
parameter to override default VPN network settings zrok share private -b vpn 192.168.255.42/24
-- server IP is 192.168.255.42
and VPN netmask will be 192.168.255.0/24
. Client IPs are assigned automatically from netmask range.
CHANGE: Update to OpenZiti SDK (github.com/openziti/sdk-golang
) at v0.23.22
.
CHANGE: Added indexes to environments
, shares
, and frontends
tables to improve overall query performance on both PostgreSQL and Sqlite.
FIX: Also update the Python SDK to include the permission mode and access grants fields on the ShareRequest
(https://github.com/openziti/zrok/issues/432)
FIX: Add a way to find the username on Linux when /etc/passwd and stdlib can't resolve the UID (https://github.com/openziti/zrok/issues/454)
Published by github-actions[bot] 8 months ago
FEATURE: New permission modes available for shares. Open permission mode retains the behavior of previous zrok releases and is the default setting. Closed permission mode (--closed
) only allows a share to be accessed (zrok access
) by users who have been granted access with the --access-grant
flag. See the documentation at (https://docs.zrok.io/docs/guides/permission-modes/) (https://github.com/openziti/zrok/issues/432)
CHANGE: The target for a socks
share is automatically set to socks
to improve web console display.
CHANGE: Enhancements to the look and feel of the account actions tab in the web console. Textual improvements.
FIX: The regenerate account token dialog incorrectly specified the path ${HOME}/.zrok/environments.yml
. This, was corrected to be ${HOME}/.zrok/environments.json
.
FIX: Align zrok frontdoor examples and Linux package (zrok-share
) with the new OAuth email flag --oauth-email-address-patterns
introduced in v0.4.25.
FIX: Reloading the web console when logged in no longer provokes the user to the login page.
Published by github-actions[bot] 8 months ago
FEATURE: New action in the web console that allows changing the password of the logged-in account (https://github.com/openziti/zrok/issues/148)
FEATURE: The web console now supports revoking your current account token and generating a new one (https://github.com/openziti/zrok/issues/191)
CHANGE: When specifying OAuth configuration for public shares from the zrok share public
or zrok reserve
public commands, the flags and functionality for restricting the allowed email addresses of the authenticating users has changed. The old flag was --oauth-email-domains
, which took a string value that needed to be contained in the user's email address. The new flag is --oauth-email-address-patterns
, which accepts a glob-style filter, using https://github.com/gobwas/glob (https://github.com/openziti/zrok/issues/413)
CHANGE: Creating a reserved share checks for token collision and returns a more appropriate error message (https://github.com/openziti/zrok/issues/531)
CHANGE: Update UI to add a 'true' value on reserved
boolean (https://github.com/openziti/zrok/issues/443)
CHANGE: OpenZiti SDK (github.com/openziti/sdk-golang) updated to version v0.22.29
, which introduces changes to OpenZiti API session handling
FIX: Fixed bug where a second password reset request would for any account would fail (https://github.com/openziti/zrok/issues/452)
Published by github-actions[bot] 8 months ago
FEATURE: New socks
backend mode for use with private sharing. Use zrok share private --backend-mode socks
and then zrok access private
that share from somewhere else... very lightweight VPN-like functionality (https://github.com/openziti/zrok/issues/558)
FEATURE: New zrok admin create account
command that allows populating accounts directly into the underlying controller database (https://github.com/openziti/zrok/issues/551)
CHANGE: The zrok test loopback public
utility to report non-200
errors and also ensure that the listening side of the test is fully established before starting loopback testing.
CHANGE: The OpenZiti SDK for golang (https://github.com/openziti/sdk-golang) has been updated to version v0.22.28
Published by github-actions[bot] 9 months ago
FEATURE: New CLI commands have been implemented for working with the drive
share backend mode (part of the "zrok Drives" functionality). These commands include zrok cp
, zrok mkdir
zrok mv
, zrok ls
, and zrok rm
. These are initial, minimal versions of these commands and very likely contain bugs and ergonomic annoyances. There is a guide available at https://docs.zrok.io/docs/guides/drives/cli/ that explains how to work with these tools in detail (https://github.com/openziti/zrok/issues/438)
FEATURE: Python SDK now has a decorator for integrating with various server side frameworks. See the http-server
example.
FEATURE: Python SDK share and access handling now supports context management.
FEATURE: TLS for zrok
controller and frontends. Add the tls:
stanza to your controller configuration (see etc/ctrl.yml
) to enable TLS support for the controller API. Add the tls:
stanza to your frontend configuration (see etc/frontend.yml
) to enable TLS support for frontends (be sure to check your public
frontend template) (https://github.com/openziti/zrok/issues/24)
CHANGE: Improved OpenZiti resource cleanup resilience. Previous resource cleanup would stop when an error was encountered at any stage of the cleanup process (serps, sps, config, service). New cleanup implementation logs errors but continues to clean up anything that it can (https://github.com/openziti/zrok/issues/533)
CHANGE: Instead of setting the ListenOptions.MaxConnections
property to 64
, use the default value of 3
. This property actually controls the number of terminators created on the underlying OpenZiti network. This property is actually getting renamed to ListenOptions.MaxTerminators
in an upcoming release of github.com/openziti/sdk-golang
(https://github.com/openziti/zrok/issues/535)
CHANGE: Versioning for the Python SDK has been updated to use versioneer for management.
CHANGE: Python SDK package name has been renamed to zrok
, dropping the -sdk
postfix. pypi.
Published by github-actions[bot] 9 months ago
NOTE v0.4.22
is a re-run of the v0.4.21
release. There was a hiccup with the release management process that required us to burn a version number to correct. Here are the changes since v0.4.20
:
FEATURE: The web console now supports deleting zrok access
frontends (https://github.com/openziti/zrok/issues/504)
CHANGE: The web console now displays the frontend token as the label for any zrok access
frontends throughout the user interface (https://github.com/openziti/zrok/issues/504)
CHANGE: Updated github.com/rubenv/sql-migrate
to v1.6.0
CHANGE: Updated github.com/openziti/sdk-golang
to v0.22.6
FIX: The migration sqlite3/015_v0_4_19_share_unique_name_constraint.sql
has been adjusted to delete the old shares_old
table as the last step of the migration process. Not sure exactly why, but SQLite is unhappy otherwise (https://github.com/openziti/zrok/issues/504)
FIX: Email addresses have been made case-insensitive. Please note that there is a migration included in this release (016_v0_4_21_lowercase_email.sql
) which will attempt to ensure that all email addresses in your existing database are stored in lowercase; if this migration fails you will need to manually remediate the duplicate account entries (https://github.com/openziti/zrok/issues/517)
FIX: Stop sending authentication cookies to non-authenticated shares (https://github.com/openziti/zrok/issues/512)
FIX: The goreleaser action is not updated to work with the latest golang build. Modifed go.mod
to comply with what goreleaser expects
Published by github-actions[bot] 10 months ago
CHANGE: OpenZiti SDK updated to v0.21.2
. All ziti.ListenOptions
listener options configured to use WaitForNEstablishedListeners: 1
. When a zrok share
client or an sdk.Share
client are connected to an OpenZiti router that supports "listener established" events, then listen calls will not return until the listener is fully established on the OpenZiti network. Previously a zrok share
client could report that it is fully operational and listening before the listener is fully established on the OpenZiti network; in practice this produced a very small window of time when the share would not be ready to accept requests. This change eliminates this window of time (https://github.com/openziti/zrok/issues/490)
FIX: Require the JWT in a zrok OAuth cookie to have an audience claim that matches the public share hostname. This prevents a cookie from one share from being use to log in to another share.
Published by github-actions[bot] 10 months ago
FEATURE: Reserved shares now support unique names ("vanity tokens"). This allows for the creation of reserved shares with identifiable names rather than generated share tokens. Includes basic support for profanity checking (https://github.com/openziti/zrok/issues/401)
CHANGE: The publicProxy
endpoint implementation used in the zrok access public
frontend has been updated to use the new RefreshService(serviceName)
call instead of RefreshServices()
. This should greatly improve the performance of requests against missing or non-responsive zrok shares (https://github.com/openziti/zrok/issues/487)
CHANGE: The Python SDK has been updated to properly support the "reserved" flag on the ShareRequest
passed to CreateShare
CHANGE: Dependency updates; github.com/openziti/[email protected]
; github.com/caddyserver/caddy/[email protected]
; indirect dependencies
Published by github-actions[bot] 11 months ago
FEATURE: Python SDK added. Can be found on pypi. pastebin
example illustrates basic SDK usage (see sdk/python/examples/README.md
for details) (https://github.com/openziti/zrok/issues/401)
CHANGE: Moved the golang zrok SDK into sdk/golang/sdk
to normalize location for future SDK's.
CHANGE: add restart policies to docker compose samples used by the guide docs, e.g., reserved public share should auto-start on boot, temp public share should not.
Published by github-actions[bot] 11 months ago
CHANGE: Replaced most in-line shell scripts in Docker Compose projects with installed scripts that are shared between the Docker and Linux service. This normalizes the operational configuration of both Docker shares and Linux service, i.e., to use the same env vars.
CHANGE: Upgrade to Docusaurus v3 for documentation.
FIX: Some Docker shares had broken env mountpoi
Published by github-actions[bot] 11 months ago
FEATURE: Publish Linux packages for zrok
CLI and a systemd service for running a reserved public share (zrok-share
).
Published by github-actions[bot] 12 months ago
CHANGE: Updated the code signing and notarization process for macos binaries. The previous release process used the gon
utility to handle both code signing and notarization. Apple changed the requirements and the gon
utility no longer properly functions as of 2023-11-01. The goreleaser
process has been adjusted to use the notarytool
utility that ships with XCode to sign and notarize the binary (https://github.com/openziti/zrok/issues/435)
Published by github-actions[bot] 12 months ago
FEATURE: zrok
Drives "Phase 1" (p1
) functionality included in this release. This includes new --backend-mode drive
, which accepts a folder path as a target. A drive
share can be mounted as a network drive on Windows, macOS, and Linux, allowing full read/write access from all applications on those systems (https://github.com/openziti/zrok/issues/218) Subsequent releases will address CLI use cases and provide further refinements to the overall approach.
FEATURE: Docker Compose project for a reserved public share in docker/compose/zrok-public-share-reserved/compose.yml is described in the public share guide.
Published by github-actions[bot] 12 months ago
FIX: The zrok reserve
command was not properly recording the reserved share status of the shares that it created, preventing the zrok release
command from properly releasing them (https://github.com/openziti/zrok/issues/427) If a user encounters reserved shares that cannot be released with the zrok release
command, they can be deleted through the web console.
Published by github-actions[bot] 12 months ago
FIX: The zrok reserve
command was not properly recording the reserved share status of the shares that it created, preventing the zrok release
command from properly releasing them (https://github.com/openziti/zrok/issues/427) If a user encounters reserved shares that cannot be released with the zrok release
command, they can be deleted through the web console.
Published by github-actions[bot] 12 months ago
FEATURE: The zrok reserve
command now incorporates the --json-output|-j
flag, which outputs the reservation details as JSON, rather than as human-consumable log messages. Other commands will produce similar output in the future (https://github.com/openziti/zrok/issues/422)
FIX: Include --oauth-provider
and associated flags for the zrok reserve
command, allowing reserved shares to specify OAuth authentication (https://github.com/openziti/zrok/issues/421)
Published by github-actions[bot] about 1 year ago
CHANGE: The public frontend configuration has been bumped from v: 2
to v: 3
. The redirect_host
, redirect_port
and redirect_http_only
parameters have been removed. These three configuration options have been replaced with bind_address
, redirect_url
and cookie_domain
. See the OAuth configuration guide at docs/guides/self-hosting/oauth/configuring-oauth.md
for more details (https://github.com/openziti/zrok/issues/411)
Published by github-actions[bot] about 1 year ago
FIX: Remove extraneous share token prepended to OAuth frontend redirect.