Skip to content

Latest commit

 

History

History
381 lines (328 loc) · 17.5 KB

CHANGELOG.md

File metadata and controls

381 lines (328 loc) · 17.5 KB

CHANGELOG

2025-01-08 v1.10.7

The changelog has been replaced with the release notes and the file will be removed in future releases.

  • Bump github.com/gabriel-vasile/mimetype from 1.4.7 to 1.4.8 (#296)
  • Updated versions.go (#295)
  • Bumped golang.org/x/net to v0.33.0 (#294)
  • Bump github/codeql-action from 3.27.9 to 3.28.0 (#293)
  • Bump github.com/hashicorp/vault/sdk from 0.13.0 to 0.14.0 (#257)
  • Bump github.com/hashicorp/vault/api from 1.14.0 to 1.15.0 (#258)
  • Bump github/codeql-action from 3.27.5 to 3.27.9 (#290)
  • Bump actions/upload-artifact from 4.4.3 to 4.5.0 (#291)
  • Bump actions/setup-go from 5.1.0 to 5.2.0 (#287)
  • Bump golang.org/x/crypto from 0.29.0 to 0.31.0 (#288)
  • Bump github/codeql-action from 3.27.4 to 3.27.5 (#283)
  • Bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#284)
  • Bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.7 (#282)
  • Bump step-security/harden-runner from 2.10.1 to 2.10.2 (#281)
  • Bump github/codeql-action from 3.27.1 to 3.27.4 (#280)
  • Bump github/codeql-action from 3.27.0 to 3.27.1 (#278)
  • Bump github/codeql-action from 3.26.6 to 3.27.0 (#274)
  • Bump actions/setup-go from 5.0.2 to 5.1.0 (#276)
  • Bump actions/checkout from 4.1.7 to 4.2.2 (#275)
  • Bump actions/dependency-review-action from 4.3.4 to 4.4.0 (#277)
  • Bump actions/upload-artifact from 4.4.0 to 4.4.3 (#270)
  • Bump step-security/harden-runner from 2.9.1 to 2.10.1 (#259)
  • Bump step-security/harden-runner from 2.8.1 to 2.9.1 (#256)
  • Bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#255)
  • Bump github.com/docker/docker from 25.0.5+incompatible to 25.0.6+incompatible (#244)
  • Bump github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 (#233)
  • Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 (#242)
  • Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#232)
  • Bump actions/upload-artifact from 4.3.3 to 4.4.0 (#254)
  • Bump github/codeql-action from 3.25.8 to 3.26.6 (#253)
  • Bump actions/dependency-review-action from 4.3.3 to 4.3.4 (#237)
  • Bump actions/setup-go from 5.0.1 to 5.0.2 (#236)
  • Bump actions/checkout from 4.1.6 to 4.1.7 (#229)
  • Bump step-security/harden-runner from 2.8.0 to 2.8.1 (#228)
  • Bump actions/dependency-review-action from 4.3.2 to 4.3.3 (#227)
  • Bump github/codeql-action from 3.25.6 to 3.25.8 (#226)

2024-05-29 v1.10.6

  • Fixed config version constants (#224)
  • Bumped Go to 1.22 (#223)
  • Cleanup of go.sum (#222)
  • Bump github.com/hashicorp/vault/api from 1.13.0 to 1.14.0 (#220)
  • Bump github.com/hashicorp/vault/sdk from 0.12.0 to 0.13.0 (#219)
  • Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 (#221)
  • Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#214)
  • Bump actions/checkout from 4.1.5 to 4.1.6 (#216)
  • Bump github/codeql-action from 3.25.3 to 3.25.6 (#217)
  • Bump step-security/harden-runner from 2.7.1 to 2.8.0 (#218)
  • Bump actions/checkout from 4.1.4 to 4.1.5 (#212)
  • Bump actions/setup-go from 5.0.0 to 5.0.1 (#211)
  • Bump actions/dependency-review-action from 4.3.1 to 4.3.2 (#210)
  • Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0 (#203)
  • Bump github.com/hashicorp/vault/sdk from 0.11.1 to 0.12.0 (#197)
  • Bump actions/upload-artifact from 4.3.1 to 4.3.3 (#204)
  • Bump actions/checkout from 4.1.2 to 4.1.4 (#206)
  • Bump github/codeql-action from 3.24.10 to 3.25.3 (#207)
  • Bump actions/dependency-review-action from 4.2.5 to 4.3.1 (#208)
  • Bump step-security/harden-runner from 2.7.0 to 2.7.1 (#209)
  • Bump golang.org/x/net from 0.17.0 to 0.23.0 (#201)
  • Bump github/codeql-action from 3.24.9 to 3.24.10 (#196)
  • Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible (#191)
  • Bump github/codeql-action from 3.24.8 to 3.24.9 (#193)
  • Bump actions/dependency-review-action from 4.1.3 to 4.2.5 (#195)
  • Fixed missing versions in CHANGELOG

2024-03-20 v1.10.5

  • Bump step-security/harden-runner from 2.6.1 to 2.7.0 (#170)
  • Bump github/codeql-action from 3.22.12 to 3.23.2 (#169)
  • Bump actions/upload-artifact from 4.0.0 to 4.3.0 (#167)
  • Bump actions/dependency-review-action from 3.1.5 to 4.0.0 (#165)
  • Bump github/codeql-action from 3.23.2 to 3.24.0 (#173)
  • Bump github.com/opencontainers/runc from 1.1.6 to 1.1.12 (#171)
  • Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0 (#168)
  • Bump actions/upload-artifact from 4.3.0 to 4.3.1 (#174)
  • Bump github/codeql-action from 3.24.0 to 3.24.5 (#183)
  • Bump actions/dependency-review-action from 4.0.0 to 4.1.3 (#181)
  • Bump github.com/hashicorp/vault/sdk from 0.10.2 to 0.11.0 (#176)
  • Bump github/codeql-action from 3.24.5 to 3.24.6 (#184)
  • Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#185)
  • Bump github.com/hashicorp/vault/sdk from 0.11.0 to 0.11.1 (#188)
  • Bump actions/checkout from 4.1.1 to 4.1.2 (#186)
  • Bump github/codeql-action from 3.24.6 to 3.24.8 (#189)
  • Bumped hashicorp/vault/api to v1.12.2 (#190)

2024-01-08 v1.10.4

  • Bump github.com/docker/docker (#126)
  • Updated go-version for workflow (#127)
  • Delete .github/workflows/push-go.yaml
  • [StepSecurity] Apply security best practices (#128)
  • Bump github.com/spf13/cobra from 1.4.0 to 1.7.0 (#137)
  • Bump actions/checkout from 2.7.0 to 4.1.1 (#129)
  • Bump ossf/scorecard-action from 2.0.6 to 2.3.1 (#132)
  • Bump github/codeql-action from 2.1.27 to 2.22.5 (#130)
  • Bump actions/upload-artifact from 3.1.0 to 3.1.3 (#134)
  • Bump actions/dependency-review-action from 2.5.1 to 3.1.0 (#136)
  • Bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (#135)
  • Bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 (#133)
  • Bump github.com/hashicorp/vault/sdk from 0.10.0 to 0.10.2 (#131)
  • Display Vault API and SDK versions (#138)
  • Create SECURITY.md (#139)
  • Bump actions/dependency-review-action from 3.1.0 to 3.1.1 (#141)
  • Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#140)
  • Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#147)
  • Updated golint version in workflow (#150)
  • Bump actions/dependency-review-action from 3.1.1 to 3.1.4 (#151)
  • Bump github/codeql-action from 2.22.5 to 2.22.8 (#148)
  • Bump step-security/harden-runner from 2.6.0 to 2.6.1 (#146)
  • Bump actions/upload-artifact from 3.1.3 to 4.0.0 (#156)
  • Bump github/codeql-action from 2.22.8 to 3.22.11 (#155)
  • Bump actions/setup-go from 4.1.0 to 5.0.0 (#152)
  • Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#157)
  • Bump github/codeql-action from 3.22.11 to 3.22.12 (#159)
  • Bump github.com/containerd/containerd from 1.7.0 to 1.7.11 (#158)
  • Bump actions/dependency-review-action from 3.1.4 to 3.1.5 (#160)
  • Updated PR workflow Go version (#161)

2023-10-24 v1.10.3

  • Bump golang.org/x/net from 0.15.0 to 0.17.0 (#124)

2023-10-02 v1.10.2

  • Speedup for tests by reducing to a single Vault node (#123)
  • Refactored unit tests to use containers (#121) The direct dependency on the main Vault package causes a number of issues, such as unnecessary Dependabot activity due to CVEs in code the is not used, etc. The SDK contains code that allows a test cluster to be created from code and thus allows a more specific set of dependencies and less maintenance. N.B. config.VaultVersion has been set to "vaultVersion.Version" due to Vault no longer being a dependency and it will be removed completely in due course, as it is only displayed in the verbose version command.
  • Bump github.com/hashicorp/vault from 1.14.0 to 1.14.1 (#119)

2023-07-19 v1.10.1

  • Bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 (#118)
  • Bumped Vault version to v1.14.0 (#115)
  • Updated workflows for on-demand usage (#117)
  • Optional renewal warning (#114)

2023-06-23 v1.10.0

  • Add support for M1 ARM (#85)
  • Bump github.com/hashicorp/vault from 1.12.2 to 1.12.5 (#105)
  • Disable CGO for builds (#104) Avoid issues relating to GLIBC versions on older platforms.
  • Bumped to go 1.20 (#106)
  • Updated dev-vault helper to use hashicorp/vault (#107)
  • Added missing --namespace flag from connect (#109)
  • Tweaks to improve the dev-vault helper (#112)
  • Add support for KV v2 (#110) The KV version is determined based upon list responses, where an attempt is first made to list a secret path as if it is v1. If this fails then an attempt is made to list as if a secret path is v2. Secret paths can no longer end in /metadata

2023-03-09 v1.9.0

  • Bump golang.org/x/net from 0.0.0-20220909164309-bea034e7d591 to 0.7.0 (#102)
  • Added scorecard badge to README (#100)
  • Ugraded codeql-action to v2
  • Added OSSF scorecard
  • Update Vault to v1.12.2 (#99)
  • Improved dev-vault helper script (#98)
    • Updated prepare_vault to wait for Vault to become available (address:port test) before automatic login
    • Added additional secret paths for testing
    • Fixed lint issue, replacing cat with input redirection
    • Optimised vault_exists
    • Updated prepare_vault to wait for the container to be in a running state

2022-10-20 v1.8.0

  • Update Vault to v1.12.0 (#97)
  • Add support for multiple secret namespaces (#96)

2022-07-29: v1.7.1

  • Updated goutils to v1.1.1 (#93)
  • Updated Vault to 1.11.1 (#92)
  • Updated cobra@v1.4.0 (#91)
  • PR workflow improvements (#89)
  • Updated to Go 1.18 (#87)
  • Updated dependencies (#82)

2021-11-28: v1.7.0

  • Notify user when their token will soon expire (#81) To help avoid unexpected expiration of tokens, the user is provided with a warning when they use a renewable token and it is due to expire in less than 7 days (default). The threshold for notifying about renewing tokens, SSH_MS_RENEW_THRESHOLD can be defined for make build and make binaries.
  • Use only vault/api in application code (#80) To reduce size as well as simply issues arising from indirect dependencies, replacing the use of HashiCorp vault/command with the api in the helper code.
  • Add support for SendEnv (#76) In cases where the remote server supports environment variables being passed across, adding support for storing SendEnv in the connection's configuration
  • Updated dependencies (#75)
    • vault to v1.8.5
    • vault/sdk to v0.2.2-0.20211101151547-6654f4b913f9
    • mimetype to v1.4.0
    • logrus to v1.8.1
  • Fix incorrect conversion between integer types (#74) Updated NGINX and PMM ports to become uint16 and switched to strconv.ParseUint
  • Updated README Added the CodeQL badge and updated the recommended version of Vault
  • Adding CodeQL workflow
  • Upgraded Vault to 1.8.4 (#73)

2021-10-14: v1.6.0

  • Added cache management (#72) A new command, cache, has been created with subcommands for supported operations on the cache, which currently is limited to populating and purging. The purge command has been replaced by cache purge
  • Fix bad switch in cmd.inspectItem (#70)

2021-09-21: v1.5.0

  • Add option to view usable placeholders for User (#68) Adding an option for the user to list the available ones makes the use of templated users easier 
    $ ssh_ms inspect placeholders
  • Hash ControlPath socket names by default (#66) Currently, the dynamic ControlPath is done in such a way as to make it easy to determine its purpose. However, should long HostName fields exist then this could potentially exceed the maximum path length for a UNIX socket (UNIX_PATH_MAX). By switching to using a hash, similar to %C in ssh, we can restrict the length of the path
  • Moved go get golint to separate task

2021-09-06: v1.4.0

  • Upgrade Vault and Logrus (#64) Vault has been upgraded to v1.8.2 and Logrus to v1.7.0
  • Add support for ForwardAgent (#62) Whilst ForwardAgent is normally disabled for security reasons, there are certain circumstances where it is required. An example of required usage is where a third-party requires 2FA and a
    certificate and key are injected into the user’s ssh-agent upon successful authentication.
  • Adding PR workflow (#63)
  • Updated Vault to v1.8.1 (#61)
  • Added push workflow for Go source code (#60)
  • Remove warning during write (#59) When writing a new connection, an unnecessary warning appeared: 
    level=warning msg="Unable to find connection for: xxx"
    This is no longer shown.

2021-07-29: v1.3.0

  • Extra information for versionCmd (#56) The Go and Vault versions are now shown when using version --verbose
  • Update Vault dependencies (#55) Upgraded Vault to v1.8.0
  • Add option to check for the latest release (#52) The user is now able to check for the latest release with version --check
  • Enable cmd.TestCache (#50) Caching is now tested during cmd tests
  • Ignore misses for lock requests (#49) Due to the locking mechanism sharing code with standard requests, warning messages were always emitted during a request when the lock is absent (ideal state). These are now hidden based upon the lock prefix

2021-06-21: v1.2.2

  • Handle tilde in config.EnvBasePath (#47) The tilde from the build option is not being parsed before use

2021-06-15: v1.2.1

  • Ensure EnvBasePath exists (#45) Fixes the issue where the storage path is absent and is not automatically created

2021-06-15: v1.2.0

  • Added missing entries from the changelog (#43)
  • Fix override variables that aren't strings (#42) Some of the overrides were no longer working due to being defined in a way other than as an explicit string, which caused issues when building with overrides.
  • Added support for message of the day (#37) A "message of the day" can now be added to the stored configuration, allowing messages to be displayed during the connection phase, including whatever relevant information is necessary. This also allows the message to be managed without accessing an instance, which is where the motd would normally be set; on-host motd messaging is not affected by this feature
  • Updated Go-based tasks in Makefile (#36)
  • Added extra tests to Makefile (#35)
  • Added Vault tests (#34) Vault TestCluster has now been integrated into the test suits, allowing tests to run without access to a running Vault instance
  • Update log level for messages (#33) Changed levels for some getConnections messages

2020-05-08: v1.1.0

  • Updated README (#32)
  • Added dynamic ControlPath definition (#31): In order to solve the problem of unnecessary LocalForward definitions when creating multiple connections to the same host, a scenario that occurs when a control path is used, specifying the ControlPath dynamically allows detection of an active connection. When the first connection is created the ControlPath is generated by SSH and we save the ports in the cache directory. For the next connection, if the Controlpath is still in existence then we can specify identical LocalForward entries without an issue.
  • Added locking mechanism for write operations (#30): In multi-user environments it is possible that more than one user attempts to perform operations against the same key in Vault storage. The user's operation must now acquire a lock to be able to perform a write operation against the storage layer
  • Add connection search (#29): The user can now search the existing list of connection using partial patterns, or even regular expressions; partial expressions must still compile as a regex
  • Added argument checker for better UX (#28): Some basic argument checking is performed to help avoid common issues and aborting early on in the execution process.
  • Enhance caching (#27): Caching operations and updates now take part when performing write operations instead of only when requesting a connection for use. The normal cache expiry operations take part during this process.
  • Added support for representing the config in JSON format (#26): For use internally, the config can now be converted to JSON by calling the Settings.ToJSON function.
  • Added dev-vault to Makefile (#25): A test Vault container can be created and unlocked using make dev-vault
  • Partial updates (#24): The user can now apply an update to an existing connection by using update instead of write. An error will now occur when trying to use write with an existing entry, or trying to use update with a non-existent one.
  • Major refactor of code (#22): Extensive code rewrite to solve some problems that arose when adding new features and fixing some bugs.

Please see README.md for more details.

2021-01-25: v1.0.1

  • Makefile improvements (#17): Various improvements relating to build operations.
  • Enable comments to be applied to a rendered config (#15): Added --comment to enable users to add contextual information, useful when generating content for ~/.ssh/config, etc
  • Format port forwarding links to allow "open link" (#16): HTTP links are generated, which the user's terminal should interpret and allow them to open in their browser.
  • Force xz compression (#14): Use -f when compressing the binaries so as to be able to avoid extra calls to purge beforehand.
  • Added shell completion support (#13): Initial support for generating shell completion.
  • Improved builds via Makefile (#11): Support has been added to build both Linux and MacOS binaries and optionally rsync them to target destination for downloading.
  • Refactor vault.WriteSecret (#9): vault.WriteSecret is now aligned with the other helpers. It now accepts a preformatted path instead of just the key.
  • Add option to delete entries (#8): User may now remove entries without the need for direct use of the Vault client.

Please see README.md for more details.

2020-02-14: v1.0.0

First release version of ssh_ms, including the following features:

  • Connect to a remote host using a shared configuration from Vault
  • Writing SSH configuration to Vault
  • Listing existing configurations
  • Show a configuration to allow redirection to ~/.ssh/config, etc
  • Local caching of configurations (1w ttl)
  • Integration with vault login to use stored token

Please see README.md for more details.