Skip to content

Releases: openziti/ziti

v1.1.3

30 May 16:47
@github-actions github-actions
v1.1.3
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
82c4a71
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.3 Pre-release
Pre-release

Release 1.1.3

What's New

  • Sticky Terminator Selection
  • Linux and Docker deployments log formats no longer default to the simplified format option and now use logging library
    defaults: json for non-interactive, text for interactive.

NOTE: This release is the first since 1.0.0 to be marked promoted from pre-release. Be sure to check the release notes
for the rest of the post-1.0.0 releases to get the full set of changes.

Stick Terminator Strategy

This release introduces a new terminator selection strategy sticky. On every dial it will return a token to the
dialer, which represents the terminator used in the dial. This token maybe passed in on subsequent dials. If no token
is passed in, the strategy will work the same as the smartrouting strategy. If a token is passed in, and the
terminator is still valid, the same terminator will be used for the dial. A terminator will be consideder valid if
it still exists and there are no terminators with a higher precedence.

This is currently only supported in the Go SDK.

Go SDK Example

ziti edge create service test --terminator-strategy sticky

	conn := clientContext.Dial("test")
	token := conn.Conn.GetStickinessToken()
	_ = conn.Close()

	dialOptions := &ziti.DialOptions{
		ConnectTimeout:  time.Second,
		StickinessToken: token,
	}
	conn = clientContext.DialWithOptions("test", dialOptions))
	nextToken := conn.Conn.GetStickinessToken()
	_ = conn.Close()

Component Updates and Bug Fixes

Assets 8

v1.1.2

09 May 21:36
@github-actions github-actions
v1.1.2
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
d939996
This commit was signed with the committer’s verified signature.
andrewpmartinez Andrew
GPG key ID: 8FB844F819195D67
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.2 Pre-release
Pre-release

Release 1.1.2

What's New

  • Bug fixes and minor enhancements

Component Updates and Bug Fixes

  • github.com/openziti/sdk-golang: v0.23.32 -> v0.23.35
  • github.com/openziti/ziti: v1.1.1 -> v1.1.2
    • Issue #2032 - Auto CA Enrollment Fails w/ 400 Bad Request
    • Issue #2026 - Root Version Endpoint Handling 404s
    • Issue #2002 - JWKS endpoints may not refresh on new KID
    • Issue #2007 - Identities for edge routers with tunneling enabled sometimes show hasEdgeRouterConnection=false even though everything is OK
    • Issue #1983 - delete of non-existent entity causes panic when run on follower controller
Assets 8

v0.34.3

03 May 18:23
@github-actions github-actions
v0.34.3
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
0e231dc
This commit was signed with the committer’s verified signature.
plorenz Paul Lorenz
GPG key ID: 1A4AC953FAF6AD08
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.34.3 Pre-release
Pre-release

This is a re-release of v1.0.0 to address a bug in the autonomous docker image, which doesn't correct handle changes to the major version.

Assets 8

v1.1.1

25 Apr 17:46
@github-actions github-actions
v1.1.1
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
20abb02
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.1 Pre-release
Pre-release

Release 1.1.1

What's New

  • HA Alpha-3
  • Bug fixes and minor enhancements

HA Alpha 3

This release can be run in HA mode. The code is still alpha, as we're still finding and fixing bugs.

For more information:

New Contributors

Thanks to new contributors

Component Updates and Bug Fixes

Contributors

Vrashabh-Sontakke
Assets 8

v1.1.0

22 May 21:22
@github-actions github-actions
v1.1.0
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
f0a3c25
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0 Pre-release
Pre-release

Release 1.1.0

What's New

  • HA Alpha2
  • Deployments Alpha
    • Linux packages provide systemd services for controller and router. Both depend on existing package openziti which provides the ziti command line tool.
      • openziti-controller provides ziti-controller.service
      • openziti-router provides ziti-router.service
    • Container images for controller and router now share the bootstrapping logic with the packages, so they
      support the same configuration options.

HA Alpha2

This release can be run in HA mode. The code is still alpha, so there are still some bugs and missing features,
however basic functionality work with the exceptions noted. See the HA Documementation
for instructions on setting up an HA cluster.

Known Issues

  • JWT Session exchange isn't working with Go SDK clients
    • This means Go clients will need to be restarted once their sessions expire
  • Service/service policy changes might not be reflected in routers
    • Changes to policy may not yet properly sync to the routers, causing unexpected behavior with ER/Ts running in HA mode

More information can be found on the HA Project Board

Component Updates and Bug Fixes

Assets 8

v1.0.0

10 Apr 19:48
@github-actions github-actions
v1.0.0
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
a318613
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0 Latest
Latest

Release 1.0.0

About 1.0

What does marking OpenZiti as 1.0 mean?

Backwards Compatibility

We've guaranteed API stability for SDK clients for years and worked hard to ensure that routers
and controllers would be backwards and forward compatible. However, we have had a variety of
management API changes and CLI changes. For post 1.0 releases we expect to make additions to the
APIs and CLI, but won't remove anything until it's been first marked as deprecated and then only
with a major version bump.

Stability and Scale

Recent releases have seen additional testing using chaos testing techniques. These tests involve
setting up relatively large scale environments, knocking out various components and then verifying
that the network is able to return to a stable state. These test are run for hours to try and
eliminate race conditions and distributed state machine problems.

OpenZiti is also being used as underlying infrastrcture for the zrok public service. Use of this
network has grown quickly and proven that it's possible to build ziti native apps that can scale
up.

Backward Incompatible Changes to pre-1.0 releases

Administrators no longer have access to dial/bind all services by default. See below for details.

What's New

  • Administrators no longer have access to dial/bind all services by default.
  • TLS Handshakes can now be rate limited in the controller
  • TLS Handshake timeouts can now be set on the controller when using ALPN
  • Bugfixes

DEFAULT Bind/Dial SERVICE PERMISSIONS FOR Admin IDENTITIES HAVE CHANGED

Admin identities were able to Dial and Bind all services regardless of the effective service policies
prior to this release. This could lead to a confusing situation where a tunneler that was assuming an Admin
identity would put itself into an infinite connect-loop when a service's host.v1 address overlapped with
any addresses in its intercept configuration.

Please create service policies to grant Bind or Dial permissions to Admin identities as needed.

TLS Handshake

A TLS handhshake rate limiter can be enabled. This is useful in cases where there's a flood of TLS requests and the
controller can't handle them all. It can get into a state where it can't respond to TLS handshakes quickly enough,
so the clients time out. They then retry, adding to the the load. The controller ends up wasting time doing work
that isn't use.

This uses the same rate limiting as the auth rate limiter.

Additionally the server side handshake timeout can now be configured.

Configuration:

tls: 
  handshakeTimeout: 15s

  rateLimiter:
    # if disabled, no tls handshake rate limiting with be enforced
    enabled: true
    # the smallest window size for tls handshakes
    minSize: 5
    # the largest allowed window size for tls handshakes
    maxSize: 5000
    # after how long to consider a handshake abandoned if neither success nor failure was reported
    timeout: 30s

New metrics:

  • tls_handshake_limiter.in_process - number of TLS handshakes in progress
  • tls_handshake_limiter.window_size - number of TLS handhshakes allowed concurrently
  • tls_handshake_limiter.work_timer - timer tracking how long TLS handshakes are taking

Component Updates and Bug Fixes

Assets 8

v0.34.2

08 Apr 16:51
@github-actions github-actions
v0.34.2
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
881b806
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.34.2

Release 0.34.2

What's New

  • The circuit id is now available in the SDK on the client and hosting side
    • Requires 0.34.2+ routers
    • Requests SDK support. Currently supported in the Go SDK 0.23.11+
  • Bug fixes

Component Updates and Bug Fixes

Assets 8

v0.34.1

26 Mar 00:24
@github-actions github-actions
v0.34.1
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
8149db5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.34.1

Release 0.34.1

What's New

  • Updates version of go to 1.22.x
    • As usual when updating the go version, this is the only change in this release
Assets 8

v0.34.0

25 Mar 19:43
@github-actions github-actions
v0.34.0
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
fe85ca9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.34.0

Release 0.34.0

What's New

  • Bug fixes and performance enhancements
  • Version number is bumped as a large chunk of HA was merged up. The next version bump is likely to bring HA to alpha status.

Component Updates and Bug Fixes

Assets 8

v0.33.1

13 Mar 23:59
@github-actions github-actions
v0.33.1
This tag was signed with the committer’s verified signature. The key has expired.
ziti-ci
GPG key ID: 18E57B781A7A94BB
Expired
Learn about vigilant mode.
6f295a4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.33.1

Release 0.33.1

What's New

  • Backward compatibility router <-> controller fix to address metrics parsing panic

Component Updates and Bug Fixes

Assets 8