pangolin releases

What's Changed

• Add pagination to user and role dropdown to handle many users and roles
• Add link to http private resources on the member page
• Add translations to the member page
• Add clear certificates pangctl command
• Add flattened data fields from the {{data}} object in alert webhooks
• Add ENABLE_SQLITE_WAL_MODE env var to enable WAL mode for sqlite
• Fix midnight time of day issue with status history display
• Fix overlap alias addresses when creating more than one private resource in blueprints
• Fix memory leak issue with sqlite and drizzle
• Fix finding all json files when a directory is passed to acme_json_path
• Fix make sure the domain is defined on a http resource when creating it
• Fix alerting features and provisioning showing when disable_enterprise_features is set
• Fix exclude local/private/CGNAT IPs from COUNTRY=ALL and ASN=ALL/AS0 geo-blocking rules
• Enhance Helm install credentials and client flag handling
• Small UI improvements
• Small speed increases in a couple of places

New Contributors

• @Blacks-Army made their first contribution in https://github.com/fosrl/pangolin/pull/2843
• @Josh-Voyles made their first contribution in https://github.com/fosrl/pangolin/pull/2998

Full Changelog: https://github.com/fosrl/pangolin/compare/1.18.2...1.18.3

How to Update

For Pangolin Enterprise: the server now scrapes in the certificates from Treafik's acme.json file. On default installs, this should work out of the box importing from config/letsencrypt/acme.json which is mounted into the container. If your Traefik acme.json file is not mounted into this default location update the config in privateConfig.yml

[!IMPORTANT]
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.

View documentation

What's Changed

• Fix status history and status of resources not updating in CE
• Add support for customizing webhook body for alerts
• Support scraping multiple acme json files if directory provided in acme_json_path
• Support scraping in certificates from a HTTP endpoint using acme_http_endpoint
• Various other bug fixes and improvements

Full Changelog: https://github.com/fosrl/pangolin/compare/1.18.1...1.18.2

How to Update

For Pangolin Enterprise: the server now scrapes in the certificates from Treafik's acme.json file. On default installs, this should work out of the box importing from config/letsencrypt/acme.json which is mounted into the container. If your Traefik acme.json file is not mounted into this default location update the config in privateConfig.yml

[!IMPORTANT]
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.

View documentation

What's Changed

• Add cert status in public resources table
• Add cert status in private resources table
• Fix handle backward compatible siteId in site-resource API calls
• Fix handle sans in the acme.json
• Fix cert status failed when no EE license is present
• Fix migration to handle possible not null for TCP, UDP, and ICMP
• Fix broken underlined font rendering in FireFox browsers
• Fix migration to calculate actual resource status
• Fix health check input to only allow Newt sites
• Fix don't show site online status for local sites
• Fix scrape certs from ALL resolvers
• Other small visual fixes and improvements

Full Changelog: https://github.com/fosrl/pangolin/compare/1.18.0...1.18.1

How to Update

For Pangolin Enterprise: the server now scrapes in the certificates from Treafik's acme.json file. On default installs, this should work out of the box importing from config/letsencrypt/acme.json which is mounted into the container. If your Traefik acme.json file is not mounted into this default location update the config in privateConfig.yml

[!IMPORTANT]
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.

View documentation

Read the Announcement

Read the full announcement with discussion of new features: Pangolin 1.18 - HTTPS Private Resources, Multi-Site Routing, and Alerting

What's Changed

• Add HTTPS reverse proxy support for private resources
• Add high-availability and latency-based routing to private resources by defining more than one routing site
• Add uptime tracking to sites and resources
• Add arbitrary health checking (HTTP, TCP) that isn’t linked to a resource
• Add alert rules to automate notifications (emails, webhooks, and other integrations) for site, resource, and health check status
• Add support for wildcard resource *.my-resource.domain.com
• Add import and share an organization-only identity provider across more than one organization
• Add reject site to pending sites in site provisioning
• General UI improvements
• Various other bug fixes

New Contributors

• @sidd190 made their first contribution in https://github.com/fosrl/pangolin/pull/2873

How to Update

[!IMPORTANT]
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.

View documentation

Read the Announcement

Read the full announcement with discussion of new features: Pangolin 1.17 - Multiple roles per user, site provisioning keys, log streaming, and more

What's Changed

• Add multiple role assignment for users (full RBAC)
• Add improved role mapping handling during auto-provisioning for identity providers
• Add built-in templates for Google and Azure to global identity providers
• Add region blocking within the rulesets to restrict or allow traffic based on geographic location
• Add site provisioning keys to create sites on first start without pre-generating IDs/Secrets
• Add pending sites page, where new sites created with a provisioning key must be manually approved
• Add editing the identifier of private resources
• Add connection logging of every TCP and UDP session through private resources (requires Newt ^1.11.0)
• Add SSH sessions to access logs
• Add log/event streaming (SIEM)
• Add domain CRUD endpoints to integration API
• Add endpoint to reset bandwidth to integration API
• Improve persist user locale preference to database
• Fix display actual values for WireGuard site credentials
• General UI improvements
• Various other bug fixes

Full Changelog: https://github.com/fosrl/pangolin/compare/1.16.2...1.17.0

New Contributors

• @Fizza-Mukhtar made their first contribution in https://github.com/fosrl/pangolin/pull/2573
• @ChanningHe made their first contribution in https://github.com/fosrl/pangolin/pull/2432
• @shreyaspapi made their first contribution in https://github.com/fosrl/pangolin/pull/2524
• @noe-charmet made their first contribution in https://github.com/fosrl/pangolin/pull/2695
• @shleeable made their first contribution in https://github.com/fosrl/pangolin/pull/2653
• @infiniteWays made their first contribution in https://github.com/fosrl/pangolin/pull/2149
• @jaydeep-pipaliya made their first contribution in https://github.com/fosrl/pangolin/pull/2748

How to Update

[!IMPORTANT]
Always back up your config app-data before updating. This will allow you to easily roll back if the update breaks your configuration. You will not be able to easily downgrade otherwise.

View documentation