pangolin

v1.18.4 Feature

This release adds 6 notable features for engineering teams evaluating rollout.

Published 21d VPN & Tunnels

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

identity-management iot nat-traversal oidc pam private-access

+10 more

proxy remote-access self-hosted single-sign-on ssh tunneling vpn zero-trust zero-trust-network-access ztna

Affected surfaces

breaking_upgrade crypto_tls

ReleasePort's take

Moderate signal

editorial:auto 13d

Pangolin 1.18.4 fixes email prefiling in invitations and domain selection in blueprints. The release adds 4 new logging and debugging features, plus native Traefik acme.json scraping.

Why it matters: Pangolin 1.18.4 fixes domain selection in blueprints and email prefiling in invitations. Routine maintenance release; no critical issues. Schedule upgrade during next maintenance window; test domain and link display fixes in dev.

Summary

AI summary

Fix email prefiling in invite and pick the most specific domain in blueprints.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Add allow editing self and owner user roles Add allow editing self and owner user roles Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Add s3 log streaming endpoint Add s3 log streaming endpoint Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Add client endpoint to network log Add client endpoint to network log Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Add streaming errors for debug Add streaming errors for debug Source: llm_adapter@2026-05-21 Confidence: high	—
Dependency	Medium	Server now scrapes certificates from Traefik's acme.json file Server now scrapes certificates from Traefik's acme.json file Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix
Bugfix	Medium	Fix email not prefiling in invite Fix email not prefiling in invite Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fix confirm delete of share links Fix confirm delete of share links Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fix pick the most specific domain in blueprints Fix pick the most specific domain in blueprints Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fix not including today in status history graph Fix not including today in status history graph Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fix pick up other domains in the sans field Fix pick up other domains in the sans field Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fix don't show link when wildcard Fix don't show link when wildcard Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Medium	Improve refer to SSL as TLS Improve refer to SSL as TLS Source: llm_adapter@2026-05-21 Confidence: low	—
Refactor	Low	Improve showing when a domain is config managed Improve showing when a domain is config managed Source: granite4.1:30b@2026-05-23-audit Confidence: low	—

Full changelog

Read the 1.18 Announcement

Read the full announcement with discussion of new features: Pangolin 1.18 - HTTPS Private Resources, Multi-Site Routing, and Alerting

What's Changed

Add allow editing self and owner user roles
Add s3 log streaming endpoint
Add client endpoint to network log
Add streaming errors for debug
Improve show when a domain is config managed
Improve refer to SSL as TLS by @AstralDestiny
Fix email not prefiling in invite
Fix confirm delete of share links
Fix pick the most specific domain in blueprints
Fix not including today in status history graph
Fix pick up other domains in the sans field
Fix dont show link when wildcard

Full Changelog: https://github.com/fosrl/pangolin/compare/1.18.3...1.18.4

How to Update

For Pangolin Enterprise: the server now scrapes in the certificates from Treafik's acme.json file. On default installs, this should work out of the box importing from config/letsencrypt/acme.json which is mounted into the container. If your Traefik acme.json file is not mounted into this default location update the config in privateConfig.yml

[!IMPORTANT]
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.

View documentation

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track pangolin

Get notified when new releases ship.

About pangolin

Identity-aware VPN and proxy for remote access to anything, anywhere.

All releases →