v8.0.0 Clustering

This release finalises the clustering work that has been ongoing since Nov 7th 2023 and rolls up the beta versions into an actual release.

To summaries the changes:
Wag can now be deployed in a cluster using etcd as an event management system to deploy changes across multiple wag instances.

Features:

• The wireguard peer diagnostics page now shows number of bytes sent/received #94
• Webauthn keys will hopefully no longer prompt for pin code #89
• Add clustering admin UI page for adding wag nodes to cluster #24
• wag start now supports the -join flag for taking a cluster join token
• ServerPersistentKeepAlive now configures the keep-alives set by the server to the client to resolve #64
• Wag now has a notifications system for the admin UI that will now note errors, policy application failures and updates
• Adds new diagnostic tools to the admin user interface to check ACLs that are applied to a username and test firewall policy decision

v8.0.0-beta17 Clustering

Fix a bug that would cause 100% CPU consumption on websocket disconnection

v8.0.0-beta16 Clustering

Fixed a small issue with oidc that prevented websocket liveness check from working properly.

v8.0.0-beta15 Clustering

Fix an issue where the secure cookie handler was getting an invalid aes key size ( breaks oidc)

v8.0.0-beta14 Clustering

Bunch of improvements and changes.

Features:

• Member nodes now show version in membership page

Bug Fixes:

• Weaken node association requirements due to pain and suffering
• Add websocket liveness check to keep session alive #108

v8.0.0-beta13 Clustering

Small bug fix that results in an unusable oidc users.

v8.0.0-beta12 Clustering

This is a bug fix release for the upcoming v8.0.0 release, it fixes a rather serious issue where deny rules were not being inserted into the firewall, due to them not being added in the function which compiles ACLs. It also improves the wag API.

Bug Fixes:

• Remove iptables port 80 rule that was being left hanging on wag restarts thanks #75
• Fix Deny rules not being added during user acl determination
• Fix acls having duplicates

Changes:

• The wag unix socket api is now more complete, and contains most functionality found in the admin UI in case someone wants to create another one
• Improves deauthentication messages with reason for deauth

v8.0.0-beta11Clustering

Continuing the cleanup from the etcd work, this release closes a tiny issue that may effect users who have no membership information. Which can cause issues editing existing user groups

Bug Fix:

• In certain situations a user may not have populated the wag-membership-username key, causing group modifications to fail

v8.0.0-beta10 Clustering

Fixed a rather serious issue introduced in beta9 which would cause new devices to be unable to contact the wag authentication server.

Bug Fixes:

• Properly update peer association when wireguard peer endpoint becomes non-nil, rather than relying on previous map endpoint nil-ness

v8.0.0-beta9 Clustering

This issue fixes a potential security vulnerability when clients roam between different cluster members.

In brief, an attacker who exploits a race condition after stealing a wireguard configuration may be able to piggy back a valid authorization sesssion if balanced to another cluster node than the valid user.

Bug Fix:

• All devices now have an additional field that associates them with their last connected to cluster member