v2024.3.3

Features

• pedm: add context menu icon resource (#990) (263de985cc)

• agent: devolutions-session bootstrap (#997) (f8b291d908)

• jetsocat: Windows named pipes and Unix sockets (#1022) (b13caba5b6)

• jetsocat: new doctor subcommand for diagnostics (#1030) (6ed8591b38)

Bug Fixes

• pwsh: trace more info when importing Certificate from PFX (#992) (5de155738a)

• dgw: set dwShareMode for recording files on Windows (#1007) (4df3c854ca)

  On Windows, the default default share_mode set when opening a new file
  is FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE.

  We now override the share_mode and set it to FILE_SHARE_READ.

  This makes the recording process more robust by ensuring no other
  process can write or delete the files while the Devolutions Gateway
  is actively writing it.

• jetsocat,dgw: add backpressure in JMUX proxy (41ea3ee3f0)

  The memory consumption of the JMUX proxy was unbounded because we used
  an unbounded mpsc channel for message passing.

  Here is a jetsocat-bench.nu run against master:

• player: start recording when tab is open (#1024) (6506b08ee2) (RDMW-16402)

v2024.3.2

Features

• agent: initial PEDM implementation (1ed573ae54)

Improvements

• dgw: log KDC domain when throwing the error (#963) (873217c804)

  We now print the name of the requested domain when the requested
  domain didn't match the authorized (expected) domain.

• dgw: accept subject name even if it does not match the hostname (1f40b45bae)

  Configurations where the certificate subject name does not match the
  hostname are now accepted.
  Instead, a few warning and debug log records are added to help
  discover configuration issues in case of problem.
  The problem with the strict approach we had previously is that we
  may reject valid configurations where the hostname was actually
  matched by one of the subject alternative names in the certificate.

Performance

• jetsocat: use a larger buffer for plain forwarding (#968) (6c18ff1fc1)

  By increasing the size of the intermediate buffer from 8k to 16k,
  performance of raw TCP forwarding is increased by ~19.4%.

  Performance was measured using iperf on local network.

• jetsocat,dgw: major throughput improvement for JMUX proxy (Devolutions Gateway Tunnel) (#973) (32de1d50de) (#975) (8ebfd2316d) (#976) (11efaa5cfe) (#977) (6b77a993ab) (DGW-202) (#980) (53af6fa7c7)

  See JMUX-proxy-performance.md.

Build

• dgw: update cryptography dependencies (787027cbf9)

  We keep using ring as our crypto provider for now.

v2024.3.1

Features

• dgw: dynamically load XMF native lib on startup (#939) (86dee2631a)

  The DGATEWAY_LIB_XMF_PATH environment variable can be used optionally to specify the path to
  the XMF native library.

• dgw: remux webm files when video recording ends (#943) (cc787ef691)

Bug Fixes

• dgw: fix recording player parsing problem (#937) (cdf08a3e2c) (DPS-11197)

  • Remove usage of btoa, it fails on different charset.

  • Add 1 millisecond if the time of previous event is the same at the next event.
    Otherwise, the player will throw an error.

• webapp: fix RDP connection form - set pre connection blob as not required (#950) (c684994fce)

• webapp: add tooltip ellipsis for long netscan service names (#946) (5e4b3080d6) (DGW-204)

• dgw: [breaking] jet_rec claim is now a string (#957) (59bb0af249)

  Possible values are:

  • none: No policy to enforce (recording is optional)

  • stream: An external application (e.g.: RDM) must push the
    recording stream via a separate websocket connection

  • proxy: Session must be recorded directly at Devolutions Gateway
    level (not implemented yet)

  Note: Up until now, Devolutions Gateway was rejecting sessions when this claim was found because it couldn’t upheld
  the policy. It’s effectively not breaking anything which wasn’t already broken previously.

2024.3.0

Features

• agent: Devolutions Gateway service updater (#889) (92f86bf51b)

• dgw: add API to trigger Devolutions Gateway update (#890) (799e518c15)

• dgw: support .cast terminal recording files (#900) (d1f7559a3e)

  The .cast extension is used for "asciicast" files, i.e.: asciinema cast files.
  This is a widely used terminal playback format.

Bug Fixes

• dgw: preserve DGW access URI base in recording player (#899) (92f87c8cea)

  This is notably important for DVLS side by side setups.

• dgw: fix cast file not working in recording player page (#904) (c6985152a2)

• dgw: enforce recording policy (#906) (13ed397eee) (DGW-86)

  When recording flag is set and recording stream is closed, the associated
  session is killed within 10 seconds.

• dgw: support for jet_rec claim in JMUX tokens (#909) (8b0c3eb80b)

• dgw: recording player now scales with the size of the window (#922) (4cb95a5e0c) (DGW-198)

v2024.2.3

Bug Fixes

• installer: fix parsing errors with configuration check (#893) (4f89688316)

• installer: package web player (#894) (bbee301682)

Continuous Integration

• Update macOS runner version (#892) (b0d81c66b2)

v2024.2.2

Features

• installer: add a basic configuration check (#888) (2c3877e802)

Bug Fixes

• dgw: IP restrictions fallback for ngrok TCP listeners (#881) (c2635ec6dc) (DGW-193)

  Now properly fallbacks to disabling IP restriction rules for TCP
  listeners as well.

• dgw: rework network interface DTO definition (#871) (bc2cb96f9d) (DGW-133)

v2024.2.1

Bug Fixes

• installer: use Win32 to set file permissions (#869) (813fc7f3bc)

v2024.2.0

Features

• webapp: allow ssh client to use encrypted ssh keys (#856) (6424c40ecb)

Improvements

• webapp: fix netscan result duplicate and performance improvement (#845) (f447381294) (DGW-184)

Bug Fixes

• webapp: new version button is available even when a more recent version is used (#846) (2b92c9ab3b) (DGW-182)

• webapp: fix misaligned "Fill form" buttons when the hostname is too long (#844) (1b8a6ebe9c) (DGW-180)

• webapp: fix force rescan button (#847) (a08dd3159e) (DGW-185)

• webapp: add tooltip to menu warning icon when session is closed (#852) (b4ed845695) (DGW-145)

• webapp: prevent suspicious "e" console logs (#851) (cbf9bd360e) (DGW-164)

  Downgrade the Primeng package as the log was introduced in version 16.5.0.

• webapp: connect session button stays grayed out intermittently (#855) (3fdce898e5) (DGW-183)

• dgw: write new JRL into a temporary file, and swap on success (#857) (d91f1cfb6a) (DGW-104)

  It’s preferable to proceed like this to avoid losing current JRL file
  if the file is truncated without being rewritten successfully immediately.

• pwsh: fix reading .pem files from PowerShell runspace (#859) (98437f6f4e)

• webapp: format the error backtrace to show line breaks (#860) (7e50a04dbd) (DGW-169)

• webapp: menu icon does not update on error for RDP, ARD, VNC (#861) (235e3a72f5) (DGW-168)

• webapp: tooltip for the selected protocol is always set to RDP (#862) (717d53e149) (DGW-187)

• dgw: prevent error traces caused by browser behavior (#864) (25b86ea1b3) (DGW-128)

  Since those are not actual errors, this was creating noise in the logs.

Performance

• dgw: keep HTTP connections open for 10 minutes (#863) (245e2cfb26)

  Most browsers will keep HTTP connections open to increase throughput
  when performing subsequent transactions.
  For simplicity, we don’t distinguish between idle and non-idle
  connections.

Build

• webapp: build using production profile (#853) (fbbcbbe96c)

v2024.1.6

Features

• webapp: add ssh key authentication (#796) (a884cbb8ff)

• dgw: add /jet/jrec/play endpoint (#806) (3e7aa30da7) (DGW-111)

• webapp: network scanning (#826) (1e4a18a23c) (DGW-119)

• dgw: return disk space available for recordings (#827) (c0776d43de) (DGW-100)

  The total and available space used for storing recordings is now
  returned inside the heartbeat response.

  If the system does not support this operation, the fields are
  excluded from the response.

• dgw: add /jet/jrec/delete/<ID> endpoint (#834) (0965f4e2a7) (DGW-96)

  This new endpoint is used for deleting recordings and allow the
  service provider (e.g.: DVLS) to delete them according to its
  policy.

• dgw: add recording_storage_is_writeable in heartbeat (#835) (a209dc6933) (DGW-175)

• dgw: WebM player for remote desktop recordings (#832) (58362b9c4a) (DGW-110)

  Adds a video and xterm player at the GET /jet/jrec/play endpoint which
  supports multiple videos and builds the page dynamically based on the
  type of recording.

Improvements

• webapp: update IronVNC to 0.2.2 (#808) (1fc0242eee) (DGW-138)

  • Improve MVS codec performance by about 60%
  • Re-enable MVS codec

• webapp: add analytics (#813) (55d3749e3f)

Bug Fixes

• dgw: error code on service startup failure (#816) (66e7ce2599) (DGW-174)

  Instead of panicking when failing to start the service, we instead
  attempt to log the error to the log file and return an error code.

• webapp: login screen not shown when opening /jet/webapp/client/ (#839) (b58b03832f) (DGW-176)

• installer: [breaking] install Gateway service as NetworkService (#838) (1c8a7d2e0a)

Performance

• dgw: use a buffer of 1k bytes for ARD VNC sessions (#809) (5697097561) (DGW-138)

  Apple ARD uses the so-called MVS video codec.
  It is a tricky codec: Apple didn't implement proper congestion control, so it's basically just TCP controlling the flow (not by much).
  Our MVS implementation for the web client is obviously not as fast as the native one, and can’t keep up when there are too much data in transit.
  To reduce the amount of data in transit, we reduced the size of the copy buffer when using web socket forwarding endpoint and if the application protocol of the session is set to ARD.

Build

• Bump Rust toolchain to 1.77.2 (#828) (8898dfcce4)

Continuous Integration

• Set content type on macOS jetsocat binary (#800) (6e878d8db0)

• Fix artifact upload conflicts (#801) (aa14227434)

• Restore deb package OneDrive upload in release (#805) (3cc7e9bb1b)

• Preserve Windows .pdb files (#817) (301c499936)

• Skip packaging in forks (#818) (fc851f2941)

• Don't run packaging in forked repo (#822) (abd1bbc687)

• artifactory: update the cache when a new version is published to NPM (5008ca89d9)

• artifactory: update name of env variable (c63f174e8e)

v2024.1.5

Bug Fixes

• installer: prevent possible prompt for firewall access in Windows installer (f9760f2a1b)

Continuous Integration

• Add linux package onedrive upload (#787) (b4d9f570ee)

• Fix packaging of web client (#789) (82b15c07e7)

• Package thin macOS binaries in nuget for PowerShell (#792) (51b83d27aa)

• Fix typo in nuget deployment (#793) (2627c52e15)

• Update remaining actions versions (#794) (01ee6f162f)

• Fix macOS nuget packaging for PowerShell (#795) (eecbdb05aa)

• Fix macOS nuget packaging for PowerShell (#797) (5dd1ff1c19)