Termix

Added API keys, client tunnels, SSH tunnel session improvements, and major stability and performance fixes.

| Architecture | Windows | Linux | Mac | Android | iOS |
|------------------|------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|---------------------------------------------|-----------------------------------|
| x86-64 (64-bit) | EXE · MSI · Portable | AppImage · DEB · Portable | DMG | — | — |
| AArch64 (ARM64) | — | AppImage · DEB · Portable | DMG | APK (1.3.2) | IPA (1.3.2) |
| ARMv7 (32-bit) | — | AppImage · DEB · Portable | — | — | — |
| x86-32 (32-bit) | EXE · MSI · Portable | — | — | — | — |
| Universal | Chocolatey | Flatpak | DMG · App Store · Homebrew | — | — |

Update Log:

• API key management (create and manage API keys from admin settings)
• Client tunnel support (remote tunnels, bridge tunnels, and preset management)
• Folder tree view in the file manager with lazy-loading and animations
• SSH key passphrase prompt on use if none is saved
• Open file manager at the terminal's current working directory by clicking on the file manager icon on a terminal tab
• Read-only Docker container mode
• LOG_TIMESTAMP_FORMAT env var for 24h/ISO log timestamps
• OIDC_ALLOW_REGISTRATION env var to bypass allow_registration for OIDC users
• VNC token generation now supports an optional username parameter
• Improved lazy loading with loading spinners throughout the app
• Sessions preserved across restarts
• Upgraded runtime to Node 24
• Optimized frontend bundle splitting

Bug Fixes:

• SSH multi-factor auth with publickey + password now works correctly
• Browser crash when uploading large files (more than 100MB)
• WebSocket reconnect now reattaches to the existing SSH session instead of creating a new one
• Tab auto-closes on graceful SSH disconnect (exit/Ctrl+D)
• Editing a host folder no longer requires re-entering the password
• Reconnect overlay now shows when SSH server reboots mid-session
• Session no longer crashes when uploading to a permission-denied directory
• File manager reconnects automatically after disconnecting
• Stale frontend cache handling after upgrades
• Electron auth and cache handling after upgrades
• OIDC auth cookie readiness on startup
• Docker image platforms for Node 24
• Fetch password from API for Copy Password button
• Several security related patches

Added tmux integration, themes, and automation features with major security, stability, and bug fixes.

| Architecture | Windows | Linux | Mac | Android | iOS |
|------------------|------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|---------------------------------------------|-----------------------------------|
| x86-64 (64-bit) | EXE · MSI · Portable | AppImage · DEB · Portable | DMG | — | — |
| AArch64 (ARM64) | — | AppImage · DEB · Portable | DMG | APK (1.3.2) | IPA (1.3.2) |
| ARMv7 (32-bit) | — | AppImage · DEB · Portable | — | — | — |
| x86-32 (32-bit) | EXE · MSI · Portable | — | — | — | — |
| Universal | Chocolatey | Flatpak | DMG · App Store · Homebrew | — | — |

Update Log:

• Add reconnect button for disconnected SSH sessions
• Configurable log level in admin settings
• Inline OPKSSH provider selection in dialog
• Many new UI themes (Dracula, midnight espresso, etc.)
• Command history toggle in user profile
• Right click menu in terminal for copy/paste/open in file manager
• Tmux integration for terminals
• Snippet sharing with users/roles
• Export all hosts as JSON
• Wake on LAN support
• Port knocking for SSH connections
• Session timeout configuration in Admin Settings
• Add select all / deselect all buttons for snippet terminal selection
• Switch to adjacent tab when closing current tab
• Enhance WebSocket connection handling for embedded mode
• Implement SSH algo mapping and refactor cipher usage across SSH modules
• Enhance terminal theme preview and persistence
• Remove password requirement for database export/import
• Improved network handling for activity, metrics, and status (optimized fetching, less overall api requests and errors)

Bug Fixes:

• Reset TOTP sessions when its enabled
• OPKSSH proxy integration
• OPKSSH cert auth for ssh2
• Allow file:// origin in CORS middleware
• Desktop guac connection flow
• Restrict remaining postMessage targetOrigin from wildcard to origin
• Use carriage return for snippet execution for PowerShell support
• Missing stream error handling in Docker console
• Prevent file upload from crashing backend on permission denied
• Disable keyboard-interactive when host auth is set to None
• Await tunnel cleanup to prevent new connections from being killed
• Validate and fallback credentialId during JSON host bulk import
• Add clipboard fallback and toast feedback for Copy Password button
• Remove unneeded registration disabled toast on login page
• Desktop banner not showing for Electron app
• Prevent server status failure from blocking host list loading
• Add error toast for empty file download
• Persist OIDC JWT token to localStorage in Electron app
• Align OIDC login cookie maxAge with JWT expiration (24h)
• Validate containerId and timestamp params to prevent command injection
• Enable clipboard paste from host to RDP session
• Admin user list not reading OIDC and admin users status correctly
• Downgrade credential migration errors to warnings
• Default keyType to auto instead of blocking host update
• Remove plaintext credentials from internal host API responses
• Preserve original timestamps in SSH login stats
• Prevent long docker container names from overflowing card bounds
• Use cookie based auth for WebSocket instead of URL token
• Bind SSH sessions to userId and verify ownership on access
• Fallback to default layout when dashboard preferences lack cards
• Prevent file manager from showing stale directory contents
• Display file owner and group in file manager list view
• Remove sensitive data from log output
• Align cookie maxAge and JWT expiration to prevent early logout
• Skip metric collection for hosts with AuthType none or opkssh
• WebSocket reconnection and add connection lost overlay
• Add token to database export/import in Electron app
• Clipboard paste browser popup
• Isolate RDP keyboard input to active tab
• Revoke all sessions when password is changed/reset
• Prevent invalid SSH key from crashing stats polling loop
• Add collapse/expand all button for host manager folders
• Stats monitoring resolves SSH key from credential privateKey field
• Restrict postMessage targetOrigin to prevent JWT leakage
• Check connection state before fallback exec in file manager
• RDP audio output and dynamic session resize
• Sync snippet selected terminals count when tabs are closed
• Allow disabling password login when OIDC is configured via env vars
• Admin role toggle showing incorrect state after update
• Remove hardcoded version number from dashboard
• Pass JWT token via URL param for Electron/mobile OIDC callback
• Update Darwin platform identifier to OSX
• Shared private key with passphrase creating malformed error
• Many security related patches
• Massively shrunk docker image size
• Not null constraint error when trying to export database (made username optional in the case of VNC)
• DPI improperly being sent to remote desktop backend
• Guacamole keystoke sent to incorrect sessions
• Preserve remote file mode after SFTP write
• Admin page incorrectly showing admin status or failing to make users admin
• Windows client failing to connect to SSH servers after restart
• Snippets failing to reorder
• Admin page failing to load users
• Tightened docker desktop view layout so they shrink and scroll correctly