warpgate

v0.24.0 Feature

This release adds 3 notable features for engineering teams evaluating rollout.

Published 2d Secrets & Credentials

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

bastion bastion-host https https-proxy infrastructure kubernetes

+9 more

mysql mysql-proxy pam postgresql-proxy privileged-access-management proxy rust ssh ssh-server

Affected surfaces

auth

Summary

AI summary

Added Web SSH access, default role auto‑assignment, and self‑serve ticket requests.

Changes in this release

Type	Severity	Summary	CVE
Feature
Feature	Medium	Adds Web SSH capability for browser terminal access with tabs and ZMODEM file transfer. Adds Web SSH capability for browser terminal access with tabs and ZMODEM file transfer. Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Medium	Adds default roles that auto‑assign to newly created users. Adds default roles that auto‑assign to newly created users. Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Medium	Adds self‑serve ticket request feature for users and admin approval workflow. Adds self‑serve ticket request feature for users and admin approval workflow. Source: llm_adapter@2026-06-01 Confidence: high	—
Feature	Medium	Adds `return_url_domain` SSO configuration option to control return URL domain. Adds `return_url_domain` SSO configuration option to control return URL domain. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix
Bugfix	Medium	Makes admin UI search filtering case‑insensitive across list and log endpoints. Makes admin UI search filtering case‑insensitive across list and log endpoints. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Fixes IPv6 hostname parsing issue. Fixes IPv6 hostname parsing issue. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Medium	Parses forwarded header lists correctly. Parses forwarded header lists correctly. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Low	Makes SCP recording optional via configuration. Makes SCP recording optional via configuration. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Low	Disables preprocess‑level sourcemap emission to fix Svelte source map line drift. Disables preprocess‑level sourcemap emission to fix Svelte source map line drift. Source: llm_adapter@2026-06-01 Confidence: high	—
Bugfix	Low	Displays security key and browser auth URL in the SSH terminal. Displays security key and browser auth URL in the SSH terminal. Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

Migrating

If you use domain binding with SSO and want to use the bound domain for the SSO return URL, you'll need to set the new return_url_domain option to host_header - see more at https://warpgate.null.page/sso/#domain-handling

New features

Web SSH #1943

Your users will now be able to connect to their SSH targets directly from the web browser. The terminal supports multiple tabs and single file transfers via ZMODEM.

Clicking an SSH target will open the terminal by default, but this can be changed under Config > Global parameters.

Default roles #1923

Roles can now be marked "default", which will auto-assign them to any newly created users.

Self-serve tickets #1818

by @SteezyCougar

If enabled under Config > Global parameters, users will be able to request ticket creation from their profile page. Admins will be able to see and approve/reject these requests on the Ticket admin page. Tickets for already allowed targets can be optionally auto-approved.

Changes

Sectioned forms for users and targets by @Eugeny in https://github.com/warp-tech/warpgate/pull/1961
fixed #1975, fixed #1976 - let admin choose the default target click action by @Eugeny in https://github.com/warp-tech/warpgate/pull/1983
Little/max api token duration by @SteezyCougar in https://github.com/warp-tech/warpgate/pull/1946
fixed #1945 - make SCP recording optional by @Eugeny in https://github.com/warp-tech/warpgate/pull/1978
fixed #1948 - add return_url_domain SSO config option by @Eugeny in https://github.com/warp-tech/warpgate/pull/1971

Fixes

Make admin UI search filtering case-insensitive across list and log endpoints by @Copilot in https://github.com/warp-tech/warpgate/pull/1922
Ipv6 hostname parse fix by @Eugeny in https://github.com/warp-tech/warpgate/pull/1936
Small cleanups by @LarsSven in https://github.com/warp-tech/warpgate/pull/1939
fix: parse forwarded header lists by @immanuwell in https://github.com/warp-tech/warpgate/pull/1944
Fix Svelte sourcemap line drift by disabling preprocess-level sourcemap emission by @Copilot in https://github.com/warp-tech/warpgate/pull/1959
fix: display security key and browser auth URL in SSH terminal (#1960) by @xTamasu in https://github.com/warp-tech/warpgate/pull/1970

New Contributors

@immanuwell made their first contribution in https://github.com/warp-tech/warpgate/pull/1944
@xTamasu made their first contribution in https://github.com/warp-tech/warpgate/pull/1970

Full Changelog: https://github.com/warp-tech/warpgate/compare/v0.23.4...v0.24.0

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track warpgate

Get notified when new releases ship.

About warpgate

Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software

All releases →