Improvements
- New Icons
- New Blocklist View
- Support for Override Lists
- Can now use blocklists to categorize domains
- Can now update wifi passwords on the edit device view
- New Icons Fixes
- Fix operating class for 5ghz channel selection
Fixes
- Support for DNS Configuration Updates incorrectly cleared plugin settings
- Fix Virtual nft rules bug
Improvements
- Introduces CNAME Support for DNS Overrides Fixes
- dns:family policy fix in UI
Improvements
- Emoji support for ssids in wifi uplink, dashboard
- Policy based DNS Selection for devices, for Family Friendly DNS
- DNS Blocklists can now categorize logs and optionally block Fixes
- Hardens conntrack #375. This prevents 1 hop attacak against conntrack for IP spoofing on externally exposed service ports
- #375 also prevents UDP spoofing across VLANs by moving the MAC filter before conntrack
- Packet_logs sometimes dropped messages with unsupported payload types
Improvements
- CI has Attestation with cosign, gh attest now for containers & isos
- Improved Link Settings UI with icons
- DB API now supports strict min/max and ordering asc/dsc
Fixes
- Fix default service port flush for lan interfaces
- Fix DB Locking
Improvements
- In the base container, removed xattr for ping, to increase kernel compatibility
Improvements
- Service healthcheck
- Events view with multiple event types
- Timeline view for events
- WiFi AP Widget now shows frequency Fixes
- OTP Code required for backups, feature setting
Fixes
- Various fixes for Setup
- Show up to date subnet info when restoring from backup
- Devices list will now only show authorized as green, and associated only as Yellow
- Have mesh sync back off while work is runing Improvements
- Show time in current browser's timezone
- Add docker service status API
- Add health check to home page
- Keep SSID on wifi config reset
- Fix for device expiries
- Switch to 24.04.1 base image
Changes
- PLUS users now use plus.supernetworks.org for git and registry Fixes
- WiFi selection bug with 149,165 on 80mhz has been fixed
- Setup improvements, enable HTTP setup again
- Embed docker gpg key in superd to fix github CI flakiness Improvements
- Add IP addresses to auth events
- Change setup ap name
Fixes
- Better setup
- Better Mesh UI
Improvements
- TLS support for mesh setup
- Improved setup flow UI
- Reduce logging on HTTP services
- H2E support in wifid
Fixes
- After applying BSSID randomization, always restart wifid
Fixes
- Security fix for OTP bypass on plugin update
- Clean up Plugin URI route
- Fix PFW Abort
- Clean up OTP handling
Fixes
- Address APNS memory consumption bug
- Ping API call was broken
- Undo shadowports mitigation as it breaks sitevpn use cases
Improvements
- API performance refactoring with the event bus & notifications channel
- Improved packet_logs performance with cached interface name lookups
Fixes
- Fix deadlock in API with Devices mutex
- Fix setup transitions, rework setup flow
Improvements
- Add wireguard hardening for shadow port attacks
- Add static public routes for plugins
- Support SPR WiFI6e hats by default in spr build images
- Support submodules for plugin code
Improvements
- New BSSID Randomization Feature
- New Setup flow for SPR
- New PI installer with qemu aarch64
- Improved TLS Support
- Reworked UI for more tabbed views where logical
Key Fixes
- Fix multicast proxy skipping AP interfaces incorrectly Improvements
- LAN Link under one view
- Device List UI improvements
- ACS support
- If something goes wrong with WiFi config/channels, load a failsafe
- Hostapd updated from upstream
Major change
- Image builder set to 24.04 base. Key Fixes
- Plugin events from superd introduced a problem with older versions of docker, causing restart issues. now fixed in dev branch
- Fixed incorrect UI redirect when no devices with a MAC address were left Improvements
- New Device view, faster, with sorting by IP, Time, Name, Tag & Group
- Rendered Devices are now clickable throughout the UI
- WiFi Channel selection fixed. It would hang on the wrong band when switching interfaces
- Moved version check into badge on top instead of popups
- Alerts view now categorizes by alert type and are searchable
- Simple field counts for the Alerts & Events views
- Container networking is now under a Containers Tab under System Info
- Arp under System Info -> Network Info Tab
- Supernetworks view is now "DHCP Settings"
- Revert wpa2 behavior for wpa3 devices for now
- Various bug fixes
- Stop applying wpa2 to wpa3 devices
- Improve e2e testing
- Add fixes for 'disabled' policy handling
- Fix policy handling for multiple container interface rules
- Alerting improvements
- Rename builtin groups as Policies, to clarify Group vs Tag vs Policy
- Merged dns rebinding and block plugin, added UI to turn off rebinding protection
- Changed cache behavior to no longer cache NXDomain, so permit override is instant
- Added iOS Push Notification Support
- Can now name router from UI
- Can now override MAC addresses for interfaces
- Fixed Scoped Token Paths to allow :r path to come first
- Fix regression with VPN only mode devices
- Alert view fixes & UI Fixes
- Catch auth:failure events by default
- Add device names as '.lan' domains
- Update base image to 23.10 mantic for pi5 support with the 6.5 kernel
- Support for 6-e channel calculation in API
- Add decorators to alert templates
- Fast Plugin install with URL & OTP
- For Pis, enable a Setup AP for easy access Key Fixes
- Multitude of UI/Gluestack fixes (see github issue tracker)
- New Alerts functionality
- New Events filters, Events UI Improvements
- Migrate notifications to new Alerts view
- Add OTP hardening for tokens, OTP support
- Add Easy Plugin install with OTP Check
- Add TLS during install, TLS on in UI
- Add Report Install/Auto Check for Updates flags Key Fixes
- Fix Mesh UI Display error
- Fix UI Tag, Group selection
- Fixed DB Compaction logic to store more events, increased fill limit
- Fix SrcPort
- Fixes for DNS Log date picker
- Add Domain info from recent lookups to TrafficList and the packet event log
- Add tag support and populating interfaces from Docker for Custom Interface rules
- Further simplify some dialogues in simple mode
- Fix reload of custom compose paths, without restarting superd
- Reduce UI load size by switching syntax highlighter for events
- Add 'api' group for Custom Interface firewall rules, to enable SPR API Access
- Custom Interface Rules now offer an optional route destination
- New DNS View filters and search
- Improved support for SPR Virtual mode and PLUS
- Reduce DNS-Block memory consumption with BoltDB
- Refactor www:auth events into auth:failure/ auth:success events
- Scrubbed PSKs from device events from API
- Keyboard shortcut for search on desktop: shift+/
- New API
/firewall/custom_interface
for joining new interfaces to the network, as if they were devices. Supports assigning device groups such aswan
,lan
,dns
and custom groups. - New container networks view for an overview of the docker containers on custom (non-default) networks.
- Firewall view has new
Custom Interface Access
rules for updatingcustom_interface
rules - Introduce "Simple" view for UI to reduce cognitive overload for new users
- Wireguard clients can now access LAN services again
- Add
base/configs/custom_compose_paths.json
support to superd, enabling loading of custom compose files from the UI - Pretty Events in Event Log
Fixes
- UI errors related to the gluestack migration (wifi uplink, PFW, misc)
- Fix tag and group list normalization to remove empty entries
- VPN Endpoint/Domain name add was broken