Skip to content

Release history

defguard releases

Zero-Trust access management with true WireGuard® 2FA/MFA

Back to tool Latest release

All releases

8 shown

Upgrade now
v2.0.1 Breaking risk
Auth RBAC Dependencies

Security fixes for DG26 modules

Open
v2.0.0 Breaking risk
⚠ Upgrade required
  • Consult the migration documentation at https://docs.defguard.net/2.0/deployment-strategies/migrating-from-defguard-1.6-to-2.0 when upgrading from 1.x.
  • New one‑line install script available for quick testing.
Breaking changes
  • Minimum supported proxy and gateway versions increased (specific versions not stated in changelog).
Notable features
  • Completely redesigned UI
  • New easy deployment approach with component communication security
  • Major architectural changes including core certificate authority, multiproxy handling, MTU/FwMark support, VPN client session manager, activity log streaming, and wizard‑driven adoption
Full changelog

🎉 Welcome to Defguard 2.0 🎉

It’s a significant step up from version 1.x, featuring:

🎨 a completely redesigned UI,
📦 a new and easy deployment approach (and component communication security),
🛠️ and some other major architectural changes.

More details with videos in this blogpost.

⬆︎ If you will be upgrading from 1.x - here you can find relevant documentation about the upgrade.
🚅 If you would like to test Defguard - we offer a quick and easy One-line install script.

We want to get as much feedback as possible, so we encourage you to:

💬 open a GitHub discussion

🪲 report any missing features or bugs as issues

What's Changed

  • Release 1.6 alpha merger by @wojcik91 in https://github.com/DefGuard/defguard/pull/1711
  • Finialize moving most important DB models to a common crate by @wojcik91 in https://github.com/DefGuard/defguard/pull/1713
  • Merge main->dev before 1.6 by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1756
  • Implement multiple proxy handling by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1743
  • Reverse gateway grpc take two merger by @moubctez in https://github.com/DefGuard/defguard/pull/1767
  • Gateway REST by @moubctez in https://github.com/DefGuard/defguard/pull/1775
  • Allow domain names location DNS by @moubctez in https://github.com/DefGuard/defguard/pull/1786
  • Add MTU and FwMark to WireGuardNetwork by @moubctez in https://github.com/DefGuard/defguard/pull/1788
  • Disable APT repository signing/uploads by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1799
  • Disable APT repository signing/uploads by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1800
  • Core certificate authority, part 1: Proxy by @t-aleksander in https://github.com/DefGuard/defguard/pull/1790
  • UI table update by @filipslezaklab in https://github.com/DefGuard/defguard/pull/1808
  • Update APT repository on full release/pre-release by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1807
  • Merge main -> dev after 1.6.1 release by @wojcik91 in https://github.com/DefGuard/defguard/pull/1844
  • PUT for OpenIDProvider by @moubctez in https://github.com/DefGuard/defguard/pull/1801
  • Multiproxy private cookies by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1809
  • components update 1 by @filipslezaklab in https://github.com/DefGuard/defguard/pull/1848
  • OpenID tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1852
  • Add MTU and FwMark to web interface by @moubctez in https://github.com/DefGuard/defguard/pull/1849
  • Core certificate authority, part 2: Gateway by @t-aleksander in https://github.com/DefGuard/defguard/pull/1846
  • Extend OpenAPI docs with OpenID providers by @moubctez in https://github.com/DefGuard/defguard/pull/1860
  • OpenID provider kind by @moubctez in https://github.com/DefGuard/defguard/pull/1871
  • VPN client session manager pt2 by @wojcik91 in https://github.com/DefGuard/defguard/pull/1802
  • Activity log streaming page by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1876
  • add VPN sessions & stats generator by @wojcik91 in https://github.com/DefGuard/defguard/pull/1885
  • send cookie keys via protos by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1881
  • Log streaming page tweaks by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1892
  • VPN stats generator pt2 by @wojcik91 in https://github.com/DefGuard/defguard/pull/1891
  • Destination, part 1 by @moubctez in https://github.com/DefGuard/defguard/pull/1895
  • MTU and FwMark are not optional by @moubctez in https://github.com/DefGuard/defguard/pull/1907
  • session manager VPN client events by @wojcik91 in https://github.com/DefGuard/defguard/pull/1911
  • fix docker build by @wojcik91 in https://github.com/DefGuard/defguard/pull/1914
  • Implement proxy wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1910
  • Implement remote MFA with new, separate RPC message by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1912
  • Include component version in support data by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1920
  • Gateway wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1919
  • handle multiple gateways in session manager by @wojcik91 in https://github.com/DefGuard/defguard/pull/1917
  • Any for aliases by @moubctez in https://github.com/DefGuard/defguard/pull/1918
  • Initiate self-enrolment from users list by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1935
  • Separate API for Alias and Destination by @moubctez in https://github.com/DefGuard/defguard/pull/1938
  • Use functions for ApiResponse by @moubctez in https://github.com/DefGuard/defguard/pull/1942
  • Activity log streaming certificate file upload by @jakub-tldr in https://github.com/DefGuard/defguard/pull/1941
  • Edge edit form by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1940
  • Support VPN client MFA connect/disconnect process within the session manager by @wojcik91 in https://github.com/DefGuard/defguard/pull/1939
  • periodic VPN session & stats purge by @wojcik91 in https://github.com/DefGuard/defguard/pull/1954
  • Fetch AclAlias by kind by @moubctez in https://github.com/DefGuard/defguard/pull/1953
  • drop legacy stats tables by @wojcik91 in https://github.com/DefGuard/defguard/pull/1957
  • Edge delete by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1960
  • New instance setup wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1961
  • VPN sessions handling fixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/1964
  • Fix connecting to proxy after completing initial wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/1971
  • Initial wizard fixes by @t-aleksander in https://github.com/DefGuard/defguard/pull/1987
  • Fix wizard routing by @t-aleksander in https://github.com/DefGuard/defguard/pull/1991
  • change from root guard to route specific guards by @filipslezaklab in https://github.com/DefGuard/defguard/pull/1993
  • fix(mfa): preserve preshared key when creating new session by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1995
  • Edge list by @j-chmielewski in https://github.com/DefGuard/defguard/pull/1992
  • Update ACL -> firewall rule translation to handle new toggles by @wojcik91 in https://github.com/DefGuard/defguard/pull/1994
  • Restore init dev env by @t-aleksander in https://github.com/DefGuard/defguard/pull/2010
  • Allow admins to delete a specific MFA method for a user by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2012
  • Block adding MFA for user as admin by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2013
  • pre-alpha ACL UI fixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/2024
  • fix acl queries by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2032
  • Persist initial setup wizard state by @t-aleksander in https://github.com/DefGuard/defguard/pull/2033
  • fix querykey conflict by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2039
  • Restore minimal LDAP compose by @t-aleksander in https://github.com/DefGuard/defguard/pull/2043
  • Crl by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2041
  • New mail templates by @moubctez in https://github.com/DefGuard/defguard/pull/1997
  • Check limits when creating users / locations by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2048
  • New mail templates part 2 by @moubctez in https://github.com/DefGuard/defguard/pull/2053
  • Lack of SMTP configuration information for user by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2054
  • Wizard design tweaks by @t-aleksander in https://github.com/DefGuard/defguard/pull/2063
  • Fix typos by @moubctez in https://github.com/DefGuard/defguard/pull/2066
  • Gateway TLS verification by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2049
  • Use binary licence key by @moubctez in https://github.com/DefGuard/defguard/pull/2069
  • Deleting a location cascade-deletes gateways by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2075
  • Static IP assignment from user list by @t-aleksander in https://github.com/DefGuard/defguard/pull/2077
  • update location stats API to reflect new design by @wojcik91 in https://github.com/DefGuard/defguard/pull/2081
  • Device IP management for single device by @t-aleksander in https://github.com/DefGuard/defguard/pull/2084
  • "Add new device" option for admins by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2079
  • fix keepalive interval input by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2099
  • add gateway list page by @wojcik91 in https://github.com/DefGuard/defguard/pull/2100
  • Add enabled to MailContext by @moubctez in https://github.com/DefGuard/defguard/pull/2107
  • add edit gateway page by @wojcik91 in https://github.com/DefGuard/defguard/pull/2108
  • Disabled SMTP badge in "Initiate self-enrollment" button by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2114
  • Fix welcome page by @moubctez in https://github.com/DefGuard/defguard/pull/2113
  • Update ui submodule by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2115
  • Use Desktop deep-link for enrolment by @moubctez in https://github.com/DefGuard/defguard/pull/2122
  • Block changing network address if devices are present, fix wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2119
  • add session manager test harness by @wojcik91 in https://github.com/DefGuard/defguard/pull/2128
  • Change gateway port input type to number by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2130
  • handle public edge component URL in settings by @wojcik91 in https://github.com/DefGuard/defguard/pull/2118
  • Cleanup certs by @moubctez in https://github.com/DefGuard/defguard/pull/2134
  • use session timeout setting for cookies by @wojcik91 in https://github.com/DefGuard/defguard/pull/2143
  • add location type, fwmark, mtu columns to locations table by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2147
  • Show business & enterprise features in edit/wizard forms by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2137
  • restore restrictions section in ACL create/edit form by @wojcik91 in https://github.com/DefGuard/defguard/pull/2133
  • require destination in ACLs by @wojcik91 in https://github.com/DefGuard/defguard/pull/2146
  • Gateway/Edge enabled/disabled by @moubctez in https://github.com/DefGuard/defguard/pull/2158
  • display pending ACL updates in sidebar by @wojcik91 in https://github.com/DefGuard/defguard/pull/2164
  • fix cache invalidation after adding and removing new gateway by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2168
  • Automated adoption wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2165
  • ACL form restrictions section fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2171
  • Update dependencies by @moubctez in https://github.com/DefGuard/defguard/pull/2178
  • Optimize IP's reassignement & tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2160
  • Deploy Edge component step in initial wizard by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2184
  • Allow entering empty secret in webhook config by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2186
  • Trim Gateways and Edges on licence expiration by @moubctez in https://github.com/DefGuard/defguard/pull/2169
  • Delete Yubikey provision trigger event on webhook by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2201
  • Add migration wizard by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2194
  • Fix empty expand in table when removing last item by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2205
  • Fix OpenID label & Change LDAP labels by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2206
  • block used alias/destination delete by @wojcik91 in https://github.com/DefGuard/defguard/pull/2204
  • LDAP case insensitive by @moubctez in https://github.com/DefGuard/defguard/pull/2195
  • User-friendly settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2210
  • Periodiacally refresh Gateway status by @moubctez in https://github.com/DefGuard/defguard/pull/2212
  • License check by @moubctez in https://github.com/DefGuard/defguard/pull/2230
  • Fix stale gateway/edge connected status by @t-aleksander in https://github.com/DefGuard/defguard/pull/2232
  • Hide "Device IP settings" option for non-admin users by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2234
  • Network devices UI fixes by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2235
  • Fix network device edit modal by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2237
  • Adoption core logs by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2188
  • Migrate locations by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2245
  • Network readdress by @moubctez in https://github.com/DefGuard/defguard/pull/2260
  • Add more logs to automatic component adoption process by @t-aleksander in https://github.com/DefGuard/defguard/pull/2274
  • share edge deploy wizard step component by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2275
  • use table edit cell by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2276
  • ACL UI fixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/2222
  • Fix MFA mail by @moubctez in https://github.com/DefGuard/defguard/pull/2281
  • Tweak settings UI by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2282
  • update openid table page by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2285
  • Prepare for Alpha Two by @moubctez in https://github.com/DefGuard/defguard/pull/2284
  • Default MFA option only for logged in user by @moubctez in https://github.com/DefGuard/defguard/pull/2286
  • fix logout not removing cookies by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2287
  • Redirect to user profile page on 403 status code by @moubctez in https://github.com/DefGuard/defguard/pull/2288
  • Add snackbars to all settings pages, fix form state in client behavio… by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2290
  • Adoption logs UI tweaks by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2289
  • Change icon to text & add sorting by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2292
  • Show error in form on incorrect current password by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2293
  • Remove placeholder, add variable to Webhook by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2297
  • Add network device & openid deletion confirmation modals by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2296
  • fix cache invalidation for client behavior settings page by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2294
  • Require current password for self-edit, skip for admin non-self edits by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2301
  • Allow admin for editing users credentials by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2302
  • Fix spacing on restrictions section by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2305
  • change FormInput to FormTextarea to handle \n by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2310
  • fix app crash when clicking initiate enrollment button by @wojcik91 in https://github.com/DefGuard/defguard/pull/2312
  • Change labels in migration one liner wizard by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2313
  • Implement UI fixes and improvements by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2315
  • Duplicate authentication keys / name checking by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2318
  • add confirm action modal by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2308
  • Add user device delete confirmation by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2322
  • Check for duplicate pubkey & check for duplicates during renaming auth keys by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2324
  • extend session manager test suite by @wojcik91 in https://github.com/DefGuard/defguard/pull/2325
  • tables update 3 by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2331
  • Remove unnecessary toggle by @wojcik91 in https://github.com/DefGuard/defguard/pull/2339
  • add missing images to license modals and welcome wizard screens by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2341
  • Allowed groups by @moubctez in https://github.com/DefGuard/defguard/pull/2332
  • Add more tests for initial/migration/auto-adoption wizards by @t-aleksander in https://github.com/DefGuard/defguard/pull/2340
  • Block adding device when there is no space in at least one subnet by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2338
  • Add missing variables to tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2344
  • Disable Submit when user has no devices to re-address by @moubctez in https://github.com/DefGuard/defguard/pull/2346
  • fix modal scroll by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2347
  • Remove rp id from settings and derive it from defguard_url by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2326
  • fix modals on profile general tab by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2349
  • restore Disable MFA action in users table by @wojcik91 in https://github.com/DefGuard/defguard/pull/2350
  • alias badge display fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2352
  • add missing actions for rules table by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2355
  • Require both parameters for auto adoption wizard (adopt-edge adopt-gateway) by @t-aleksander in https://github.com/DefGuard/defguard/pull/2354
  • Bug fixes by @moubctez in https://github.com/DefGuard/defguard/pull/2360
  • Fix initial wizard always redirecting to vpn overview by @t-aleksander in https://github.com/DefGuard/defguard/pull/2358
  • use qr-card component instead of plain qrcanvas by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2364
  • Info about licence limits by @moubctez in https://github.com/DefGuard/defguard/pull/2363
  • Block adding network device when there are no available locations by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2366
  • add missing disconnect threshold input by @wojcik91 in https://github.com/DefGuard/defguard/pull/2365
  • Cache invalidation fixes by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2370
  • Migrate defguard_url from config by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2369
  • add theme switch to top bar element by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2386
  • Update migration UI by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2385
  • Fix ACL form validation errors by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2378
  • Validate location address by @moubctez in https://github.com/DefGuard/defguard/pull/2388
  • Update deployment helps by @t-aleksander in https://github.com/DefGuard/defguard/pull/2383
  • make IP optional in activity log by @wojcik91 in https://github.com/DefGuard/defguard/pull/2394
  • add 404 and migration auth error pages by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2397
  • Fix cache invalidation after MFA method setup by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2396
  • fix missing MFA session events by @wojcik91 in https://github.com/DefGuard/defguard/pull/2371
  • Change label when creating device in full network by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2399
  • Send Gateway reconnect email by @moubctez in https://github.com/DefGuard/defguard/pull/2398
  • Add missing delete confirmations by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2403
  • Add missing disable confirmations by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2404
  • add preshared key to VPN session model by @wojcik91 in https://github.com/DefGuard/defguard/pull/2402
  • add user & device "online" indicator by @wojcik91 in https://github.com/DefGuard/defguard/pull/2409
  • adoption form default ports & helpers by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2410
  • Use new validators by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2408
  • License upsell section by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2401
  • activity log event order fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2413
  • Pagination by @moubctez in https://github.com/DefGuard/defguard/pull/2406
  • extend ACL test coverage for new flags by @wojcik91 in https://github.com/DefGuard/defguard/pull/2411
  • Limited pagination by @moubctez in https://github.com/DefGuard/defguard/pull/2417
  • Autoadoption logs by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2416
  • Frontend validators tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2429
  • Adjust E2E tests to the new initial wizard and fix existing tests by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2428
  • use secret_key field from Settings to generate JWTs by @wojcik91 in https://github.com/DefGuard/defguard/pull/2434
  • restore core gRPC server tests & add testing framework for gateway handlers by @wojcik91 in https://github.com/DefGuard/defguard/pull/2381
  • fix API tokens page license handling by @wojcik91 in https://github.com/DefGuard/defguard/pull/2431
  • remove gRPC Auth service by @wojcik91 in https://github.com/DefGuard/defguard/pull/2437
  • update ACL rules table columns by @wojcik91 in https://github.com/DefGuard/defguard/pull/2441
  • Mail templates by @moubctez in https://github.com/DefGuard/defguard/pull/2430
  • Ensure settings are initialized before running wizards by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2447
  • Prevent creating network which can't contain already existing devices & Hostname validator tweak by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2444
  • fix last connected IP column value in Users table by @wojcik91 in https://github.com/DefGuard/defguard/pull/2443
  • Plain text mail by @moubctez in https://github.com/DefGuard/defguard/pull/2451
  • Enrollment settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2433
  • New support page by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2452
  • Fix license upsell sections spacing by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2456
  • ACL rule generator by @moubctez in https://github.com/DefGuard/defguard/pull/2459
  • Squash migrations by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2229
  • New version notification by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2460
  • Change text in Support page / Make field nullable in LDAP form by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2472
  • Prevent setting gateway address to network or broadcast address by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2478
  • ACL rules table audit columns by @wojcik91 in https://github.com/DefGuard/defguard/pull/2474
  • Fix redirect after openid authorization by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2479
  • Fix padding on VPN overview page by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2480
  • Make wizard modals scrollable by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2481
  • Add tooltips on deploy edge/gateway step by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2482
  • add missing translation keys by @wojcik91 in https://github.com/DefGuard/defguard/pull/2477
  • Enrollment styling by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2486
  • show warning if editing a location could cause VPN sessions to disconnect by @wojcik91 in https://github.com/DefGuard/defguard/pull/2473
  • Add wizard dividers by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2492
  • update firewall rule labels by @wojcik91 in https://github.com/DefGuard/defguard/pull/2489
  • Redirect to app if user already logged in by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2490
  • add empty helper translation keys by @wojcik91 in https://github.com/DefGuard/defguard/pull/2494
  • location form all groups toggle fix by @wojcik91 in https://github.com/DefGuard/defguard/pull/2497
  • defguard_certs: do not depend on sqlx by @moubctez in https://github.com/DefGuard/defguard/pull/2501
  • Locate groups by ID instead of name by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2493
  • warn user before deleting edge which is disconnected by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2502
  • Fix error messages by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2506
  • Clear field on "any" option by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2509
  • Extend UserInfo by @moubctez in https://github.com/DefGuard/defguard/pull/2507
  • Faster cargo-deny by @moubctez in https://github.com/DefGuard/defguard/pull/2510
  • Change error message on welcome mail templates by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2513
  • Provision HTTPS certificates for Core and Proxy by @t-aleksander in https://github.com/DefGuard/defguard/pull/2464
  • add video support widget by @wojcik91 in https://github.com/DefGuard/defguard/pull/2496
  • Unify device configs by @moubctez in https://github.com/DefGuard/defguard/pull/2519
  • Fix MFA code label by @moubctez in https://github.com/DefGuard/defguard/pull/2524
  • Add support type to license proto and display it in license settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2498
  • Standardise welcome page dividers by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2580
  • properly validate ACL rules which use just Aliases to populate fields by @wojcik91 in https://github.com/DefGuard/defguard/pull/2577
  • add missing helper translation keys by @wojcik91 in https://github.com/DefGuard/defguard/pull/2578
  • Hide option in support page & Fix init-dev-env tool by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2583
  • Adjust private_key warning messages by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2585
  • Fix for network device config by @moubctez in https://github.com/DefGuard/defguard/pull/2587
  • Remove "back" option from adopt wizard + minor tweaks by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2590
  • Change ova download links by @t-aleksander in https://github.com/DefGuard/defguard/pull/2596
  • Set correct step after general configuration by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2592
  • Use DEFGUARD_PROXY_URL instead of DEFGUARD_ENROLLMENT_URL during migration wizard + sort locations by name by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2591
  • Fix show config for missing configs by @moubctez in https://github.com/DefGuard/defguard/pull/2598
  • Auto correct internal/public url by @t-aleksander in https://github.com/DefGuard/defguard/pull/2597
  • Change default CA common name, email address by @t-aleksander in https://github.com/DefGuard/defguard/pull/2601
  • bump min supported proxy & gateway versions by @wojcik91 in https://github.com/DefGuard/defguard/pull/2599
  • Fix proxy_url parsing by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2610
  • Change endpoint, validate network size when editing location by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2614
  • Proxy manager tests by @wojcik91 in https://github.com/DefGuard/defguard/pull/2594
  • Fix setting 2nd mfa method by @t-aleksander in https://github.com/DefGuard/defguard/pull/2619
  • fix MFA configured email subject by @wojcik91 in https://github.com/DefGuard/defguard/pull/2622
  • Fix setting default MFA by @t-aleksander in https://github.com/DefGuard/defguard/pull/2626
  • video tutorials modal by @wojcik91 in https://github.com/DefGuard/defguard/pull/2593
  • Remove mobile client info from enrollment email by @t-aleksander in https://github.com/DefGuard/defguard/pull/2634
  • Make LDAP auxiliary object classes nullable by @t-aleksander in https://github.com/DefGuard/defguard/pull/2641
  • Correct URL correction logic by @t-aleksander in https://github.com/DefGuard/defguard/pull/2646
  • Remove checkbox from certificate authority section by @t-aleksander in https://github.com/DefGuard/defguard/pull/2645
  • update login image by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2649
  • Change wizard wording by @t-aleksander in https://github.com/DefGuard/defguard/pull/2652
  • enable remote enrollment for LDAP users by @wojcik91 in https://github.com/DefGuard/defguard/pull/2609
  • Don't block dev builds by @t-aleksander in https://github.com/DefGuard/defguard/pull/2654
  • Certificate settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2500
  • support protobuf versioning by @wojcik91 in https://github.com/DefGuard/defguard/pull/2458
  • Reload settings after setup, guess cookie insecure if not provided by @t-aleksander in https://github.com/DefGuard/defguard/pull/2660
  • fix example gateway port in migration wizard by @wojcik91 in https://github.com/DefGuard/defguard/pull/2662
  • Email templates fixes by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2659
  • Reload config after wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2664
  • Inform the user to update urls after cert configuration by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2666
  • Handle GatewayHandler abort by @moubctez in https://github.com/DefGuard/defguard/pull/2667
  • Disable user device actions according to permissions by @moubctez in https://github.com/DefGuard/defguard/pull/2669
  • Display too many login attempts by @moubctez in https://github.com/DefGuard/defguard/pull/2671
  • Fix trivy by @t-aleksander in https://github.com/DefGuard/defguard/pull/2672
  • Better gRPC error handling by @moubctez in https://github.com/DefGuard/defguard/pull/2675
  • Migration wizard video guide by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2670
  • improve component adoption URL parsing by @wojcik91 in https://github.com/DefGuard/defguard/pull/2674
  • add workflow to tag image as latest on release publish by @wojcik91 in https://github.com/DefGuard/defguard/pull/2676
  • Rules & OpenID provider form fixes by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2680
  • Disable Back button after Edge adoption in migration wizard by @moubctez in https://github.com/DefGuard/defguard/pull/2678
  • Cleanup Wizard by @moubctez in https://github.com/DefGuard/defguard/pull/2677
  • Fix migrator login by @t-aleksander in https://github.com/DefGuard/defguard/pull/2688
  • actually store updated ip and port in migration wizard by @wojcik91 in https://github.com/DefGuard/defguard/pull/2692
  • Certificate settings tweaks by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2694
  • add missing non-default table sorting functions by @wojcik91 in https://github.com/DefGuard/defguard/pull/2693
  • Get rid of cross-rs by @moubctez in https://github.com/DefGuard/defguard/pull/2700
  • Fix E2E tests, make them 8x faster by @t-aleksander in https://github.com/DefGuard/defguard/pull/2722
  • Update core/edge url when changing cert configuration by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2725
  • Update environmental variables by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2721
  • Update dev instance when updating branch "release/**" by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2732
  • Make unit tests 8x faster by @t-aleksander in https://github.com/DefGuard/defguard/pull/2723
  • Use AWS ecr repo for e2e postgres image by @t-aleksander in https://github.com/DefGuard/defguard/pull/2738
  • Always restart defguard service by @moubctez in https://github.com/DefGuard/defguard/pull/2729
  • add missing API endpoint for fetching user device WireGuard configs by @wojcik91 in https://github.com/DefGuard/defguard/pull/2739
  • Bulk assign / users table empty state fix by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2747
  • Fix PersistentKeepalive in WireGuard config by @moubctez in https://github.com/DefGuard/defguard/pull/2750
  • validate duplicate Gateway/Edge names in forms by @wojcik91 in https://github.com/DefGuard/defguard/pull/2741
  • Save version after migration/wizard by @t-aleksander in https://github.com/DefGuard/defguard/pull/2734
  • Cert expiry by @moubctez in https://github.com/DefGuard/defguard/pull/2744
  • Automatic Letsencrypt certificate refresh by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2730
  • Preserve old package versions on APT repository by @jakub-tldr in https://github.com/DefGuard/defguard/pull/2761
  • Step-aware wizard video tutorial section by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2749
  • Rename migrations by @t-aleksander in https://github.com/DefGuard/defguard/pull/2763
  • Don’t fail for email errors during the enrolment by @moubctez in https://github.com/DefGuard/defguard/pull/2764
  • Render markdown in emails by @t-aleksander in https://github.com/DefGuard/defguard/pull/2760
  • add mTLS for gateway & proxy communication by @wojcik91 in https://github.com/DefGuard/defguard/pull/2726
  • Sanitize LDAP errors (2.0) by @t-aleksander in https://github.com/DefGuard/defguard/pull/2682
  • update final gw wizard step text according to the new design by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2769
  • LDAP: escape critical characters in DN by @moubctez in https://github.com/DefGuard/defguard/pull/2768
  • add missing handlers in wizard API by @wojcik91 in https://github.com/DefGuard/defguard/pull/2773
  • show contextual help on settings pages by @wojcik91 in https://github.com/DefGuard/defguard/pull/2766
  • New json schema by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2765
  • Use RSA keys for openid token signing by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2777
  • fix network capacity validator function by @wojcik91 in https://github.com/DefGuard/defguard/pull/2780
  • Fix cert settings by @j-chmielewski in https://github.com/DefGuard/defguard/pull/2784
  • improve baseline HTTP security for no-reverse proxy deployment scenarios by @wojcik91 in https://github.com/DefGuard/defguard/pull/2782
  • Remaining wizard e2e tests by @t-aleksander in https://github.com/DefGuard/defguard/pull/2776
  • Better package by @moubctez in https://github.com/DefGuard/defguard/pull/2783
  • adjust rate limiter config by @wojcik91 in https://github.com/DefGuard/defguard/pull/2787
  • make rate limiter opt-in by @wojcik91 in https://github.com/DefGuard/defguard/pull/2792
  • Test apt repo by @t-aleksander in https://github.com/DefGuard/defguard/pull/2797
  • Add tests that we can sign CSRs generated with a NIST P-256 key by @t-aleksander in https://github.com/DefGuard/defguard/pull/2767
  • Programatic adoption of Gateways by @t-aleksander in https://github.com/DefGuard/defguard/pull/2789
  • Expose all used ports in proxy deployment example by @t-aleksander in https://github.com/DefGuard/defguard/pull/2825
  • fix user profile form validation by @wojcik91 in https://github.com/DefGuard/defguard/pull/2826
  • Fix WireGuard config and LDAP saving bugs by @t-aleksander in https://github.com/DefGuard/defguard/pull/2827
  • Bugfix package by @t-aleksander in https://github.com/DefGuard/defguard/pull/2830
  • misc email-related bugfixes by @wojcik91 in https://github.com/DefGuard/defguard/pull/2832
  • 2.0 bugfix package by @t-aleksander in https://github.com/DefGuard/defguard/pull/2835
  • form fixes by @filipslezaklab in https://github.com/DefGuard/defguard/pull/2836
  • Change wording on some labels by @t-aleksander in https://github.com/DefGuard/defguard/pull/2837
  • Adjust auto adoption finish screens label to design by @t-aleksander in https://github.com/DefGuard/defguard/pull/2839
  • add dedicated APT repo for 2.0 packages by @wojcik91 in https://github.com/DefGuard/defguard/pull/2840
  • update dependencies in preparation for 2.0 release by @wojcik91 in https://github.com/DefGuard/defguard/pull/2841

Full Changelog: https://github.com/DefGuard/defguard/compare/v1.6.1...v2.0.0

View release on GitHub
v1.6.6 Bug fix

Fixed Active Directory login and WireGuard config issues.

Full changelog

This is a patch for the major 1.6 release.

It fixes issues with AD login and PersistentKeepalive field in generated WireGuard configs.

What's Changed

Other Changes

  • Sanitize LDAP strings, fix issues with AD crashing during login, graceful activity log restart (1.6) in https://github.com/DefGuard/defguard/pull/2683
  • Fix PersistentKeepalive in WireGuard config in https://github.com/DefGuard/defguard/pull/2751

Full Changelog: https://github.com/DefGuard/defguard/compare/v1.6.5...v1.6.6

View release on GitHub
v1.6.5 Bug fix

Fixed ACL rule generation for destination aliases in dual-stack networks and restored support for component alias ranges that were being ignored.

View release on GitHub
v1.6.4 Security relevant
Security fixes
  • CVE-2026-25537
  • GHSA-7587-4wv6-m68m
  • GHSA-8h58-w33p-wq3g
View release on GitHub
v1.6.2 Bug fix
Notable features
  • IPv4/IPv6-only ACL translation fixes
  • 0.0.0.0/0 IP support
View release on GitHub

Beta — feedback welcome: [email protected]