Skip to content

Merge release/1.6 -> main#1744

Merged
wojcik91 merged 57 commits intomainfrom
release_1.6_merger
Dec 9, 2025
Merged

Merge release/1.6 -> main#1744
wojcik91 merged 57 commits intomainfrom
release_1.6_merger

Conversation

@wojcik91
Copy link
Copy Markdown
Contributor

@wojcik91 wojcik91 commented Dec 9, 2025

Merge release branch into main in preparation for 1.6 release

Related #1736

t-aleksander and others added 30 commits August 4, 2025 12:23
@t-aleksander
Merge pull request #1369 from DefGuard/release/1.5-alpha
141976b 
update dev from staging
@wojcik91
Merge branch 'main' into release_1.5_merger
b589d42
@wojcik91
Merge pull request #1577 from DefGuard/release_1.5_merger
1d7b18c 
Release 1.5 merger
@j-chmielewski @filipslezaklab
fix password reset grpc sending unparsed user agent (#1546)
e2a1f19 
Co-authored-by: Filip Ślęzak <fslezak@teonite.com>
@j-chmielewski
Fixes pentest issue DG25-10 from 2025-09-02 (#1579)
bdc6cab 
* validate phone number during enrollment
* also check phone numbers in core API endpoints
@moubctez
Do not display sensitive data from protos (#1580)
8f96c05
@j-chmielewski
Don't send empty strings when phone number is not provided (#1583)
99e451e 
* don't send empty strings when phone number is not providecleand
* use zod trim() instead of trimObjectStrings helper
@j-chmielewski
Fixes pentest issue DG25-17 from 2025-09-02 (#1581)
0910c8c 
* fix open redirect pentest issue
* add tests and handling of get requests, allow redirects if url is allowed for the client
* compare the whole url, not just domain
* cargo clippy fixes
* wip fix openid flow tests
* fix panic in the contains_redirect_url method
* cleanup eprintln statements
* bring back the other openid flow test
* state-based fallback url in openid test
@j-chmielewski
ensure openid client names don't contain HTML (#1587)
bf0db2b
@j-chmielewski
ensure login responses don't allow login enumeration (#1588)
56040c2
@moubctez
Fixes pentest issue DG25-24 from 2025-09-02 (#1585)
cd6e40c
@wojcik91
put mail handler into a separate crate (#1590)
858a17e 
* put random & secret modules into a common crate

* move DB setup code to common crate

* move version to common crate

* move id types to common crate

* move AuthCode model into common crate

* move auth key model

* move biometric auth model

* move device login model

* remove unnecessary feature flags

* move global value macro

* move model error

* move server config

* move hex module

* move protos to a separate crate

* put mailer into a separate crate

* update query data

* remove commented out code

* add new crates

* update flake inputs

* move AsCsv trait

* fix failing test

* move claims struct
@moubctez
Cleanup and revive OpenID login test (#1591)
ab48854
@wojcik91
use default subject as fallback (#1593)
5045ba1
@t-aleksander
Fixes pentest issue DG25-25 and DG25-20 from 2025-09-02 (#1574)
e351296
@j-chmielewski
Fixes pentest issue DG25-32 from 2025-09-02 (#1597)
5c54594 
* custom Debug implementation for Settings struct to avoid exposing license key in logs
* cargo update
@wojcik91
fix document links (#1599)
63ed61b 
* fix links in readme

* fix frontend links
@j-chmielewski
Merge branch 'main' into main-1.5.1-merger
3687ebd
@j-chmielewski
Merge pull request #1619 from DefGuard/main-1.5.1-merger
6b82273 
Merge main into dev after 1.5.1 release
@j-chmielewski
Create SBOM files (#1620)
7f339c0 
* implement & test sbom files creation during CI process

* add sbom workflow file

* strip 'v' from ref_name

* fix version stripping

* rename sbom file

* fix asset path

* spdx format

* uncomment build-binaries job

* run sbom on self-hosted workers

* use shogo82148/actions-upload-release-asset upload action
@j-chmielewski
CI: scan code with trivy (#1622)
fcb137a 
* CI: scan code with trivy

* update e2e pnpm deps

* update web dependencies

* configure trivy scan-ref

* include low severity vulns in sbom
@moubctez
Return NotFound to proxy for missing OpenID provider (#1626)
9d175b7
@j-chmielewski
Periodic sbom regeneration (#1627)
e8754c5 
* regenerate sboms and advisories periodically

* fix sbom file name

* remove branch push trigger
@moubctez
Switch to non-Alpine node:24 (#1628)
8be6d9d
@wojcik91
add missing error log messages (#1616)
29a2f75
@wojcik91
verify audit log events in API integration tests (#1624)
8b9c242 
* add base framework for validating events in API integration tests

* add way to also test user context

* use queue clear helper

* add user login helper

* update some tests in user module

* update remaining tests in user module

* format docstring

* fix message formatting
@moubctez
Upgrade Debian packages to get latest security fixes (#1648)
d8b70a2
@jakub-tldr
APT uploading/signing workflow (#1655)
6083d31 
* workflow test

* ready to release

* delete comment

* add EOL

* Added ruby to path

* for loop

* typo 2

* refresh html
@jakub-tldr
List whole directory (#1664)
2834e11
@jakub-tldr
Properly validate IP address of endpoint in network wizard (#1667)
5cb6920
j-chmielewski and others added 21 commits November 3, 2025 09:48
@j-chmielewski
bump version to 1.6.0, bump dependencies
9e83248
@j-chmielewski
remove unnecessary cargo-deny ignores
37b76a6
@j-chmielewski
pnpm update
4c97cce
@j-chmielewski
allow use of deprecated generic_array imports - used by sha1 dependency
5c9c893
@j-chmielewski
use aws docker repository for e2e
fa273a4
@t-aleksander @moubctez
Basic client version reporting (#1688)
45496e4 
* client version checking 1

* Apply suggestions from code review

Co-authored-by: Adam <adam@defguard.net>

* Update client_version.rs

* tests

* fix

* update min version

* use encoded protos for passing platform

* fix

* Update proto

* fix tests

---------

Co-authored-by: Adam <adam@defguard.net>
@wojcik91 @t-aleksander
add option to pre-fetch OpenID directory users during sync (#1689)
e6a13da 
* add option to prefetch users to openid provider settings

* handle new option in frontend

* add base prefetch tests

* handle user creation during directory sync

* update log

* make mobile phone optional

* update tests

* hide checkbox for other providers

* Microsoft sync fixes

* adjust logs

* trigger ldap sync for created users

* linter fix

* username validation

* Update crates/defguard_core/src/enterprise/directory_sync/mod.rs

Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com>

* update query data

---------

Co-authored-by: Aleksander <170264518+t-aleksander@users.noreply.github.com>
@wojcik91
add option to configure enrollment token duration (#1698)
53eccb8 
* add option to specify enrollment token expiration time

* add test

* update dependencies
@wojcik91
fix(gRPC): improve handling device pubkey change (#1703)
465e5ae 
* reproduce issue in test

* don't throw errors if device is not found

* avoid showing private key in debug logs

* update test
@wojcik91
add invalid location address validation (#1707)
48a672d 
* don't allow 0 netmask in forms

* validate sizes of all used networks

* update dependencies

* add basic validation test

* improve backend address parsing

* update nix flake inputs

* update deps

* update test

* change approach

* return error when trying to add /0 subnet
@moubctez
Attempt to add depends to FreeBSD package (#1709)
4b7d523
@t-aleksander
remove ami (#1710)
ac35f5b
@j-chmielewski
Merge pull request #1706 from DefGuard/all-traffic-only
b338cc8 
Related issue: #880

Adds "force all traffic" option to enterprise settings. When selected, all clients are forced to route all traffic via the vpn.
@jakub-tldr
Filter MFA locations on network devices modal, block creating devices…
0659ae1 
… without name (#1719)

* filter mfa locations, validate ip/domain in wizard

* Reject device without name
@j-chmielewski
Fix traffic policy settings styling (#1720)
da226a8 
* fix client traffic policy helpers styling

* remove unused useMemo deps

* tweak the header
@jakub-tldr
Fix validator for ipv4 with port (#1723)
5aa68b2
@j-chmielewski
fix ipv4 validator (#1726)
3b3dc27
@jakub-tldr
RPM config fix (#1730)
2f1af6b
@jakub-tldr
Validator fix, Frontend unit testing (#1733)
283ba12 
* Fix validators

Created new patterns,
Moved validators to Validate.*
Fixed validators in Wizards,smtp configuration

* Unit testing for web, unit tests for validators

* Created Validate.any/all function. Removed logic from zod

* add licenses exceptions
@t-aleksander
Fix e2e test (#1742)
c15367f
@wojcik91
update protos submodule
94a6e2a
@wojcik91 wojcik91 self-assigned this Dec 9, 2025
@wojcik91 wojcik91 added the ignore-for-release Don't list PR in release notes label Dec 9, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 9, 2025
View reviewed changes
moubctez
moubctez previously approved these changes Dec 9, 2025
View reviewed changes
@wojcik91 @github-advanced-security
Potential fix for code scanning alert no. 60: Workflow does not conta…
a9cf75c 
…in permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@wojcik91 wojcik91 merged commit 1441bde into main Dec 9, 2025
8 checks passed
@wojcik91 wojcik91 deleted the release_1.6_merger branch December 9, 2025 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moubctez moubctez moubctez approved these changes

Assignees

@wojcik91 wojcik91

Labels

ignore-for-release Don't list PR in release notes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@wojcik91 @moubctez @github-advanced-security @t-aleksander @j-chmielewski @jakub-tldr