v0.43.80

What's Changed

• fix(pam): keep session recording on upload failure (PAM-205) by @bernie-g in #199
• feat(gateway): direct-to-bucket session recording uploads with reconciliation by @x032205 in #200
• feat(gateway): add AWS authentication by @saifsmailbox98 in #202
• feat(pam): native RDP client support by @bernie-g in #191
• feat(pam-rdp): thread AD domain through RDP bridge by @bernie-g in #203
• chore: updated tar to new version by @akhilmhdh in #219

Full Changelog: v0.43.79...v0.43.80

Changelog

• 464682d Merge pull request #219 from Infisical/fix/tar
• d4374ce chore: updated tar to new version
• 37a5224 Merge pull request #203 from Infisical/feat/pam-rdp-ad-support
• 5f90606 Merge remote-tracking branch 'origin/main' into feat/pam-rdp-ad-support
• 82180bb Merge pull request #191 from Infisical/feat/pam-rdp-mvp
• 05b05ad Merge remote-tracking branch 'origin/main' into feat/pam-rdp-ad-support
• f2f4f99 fix(release): append windows artifacts to shared draft
• 98e076f chore(pam-rdp): drop unused /target-docker from .gitignore
• e0619d7 chore(pam-rdp): lowercase example account name in help text
• 92102e9 fix(pam-rdp): don't shut down proxy on per-connection gateway close
• 4e8d91e feat(gateway): add AWS authentication (#202)
• 54e921b Merge remote-tracking branch 'origin/main' into feat/pam-rdp-mvp
• ad8bcfc fix(release): make npm-release tolerate skipped validate-tag-branch
• e0a9157 refactor(pam-rdp): use target username for acceptor, autofill via metadata
• 8ffb72b refactor(pam-rdp): consolidate HandleConnection + cargo fmt
• e350e47 feat(pam-rdp): strip virtual channels from MCS Connect Initial
• c2b68da feat(pam-rdp): use account name as RDP acceptor username
• 8c758e2 Merge pull request #200 from Infisical/PAM-189
• 7675e95 feat(pam-rdp): use empty password for acceptor credentials
• 4f0e3e2 refactor(pam-rdp): rename bridge_cgo.go to bridge_cgo_unix.go
• c4ec7db drop haspendingchunks gate for loading secrets from disk
• ff7d648 remove chunk splitting
• e5d2acb docs(pam-rdp): add README for Rust bridge setup
• c292f74 reviews
• 4800b70 Split chunks
• 25e6421 deletePersistedOffset only if chunks cleared
• 3d92a88 move writePersistedOffset into loop
• 4c89708 Merge branch 'main' into PAM-189
• 764e44e Fixed Chunk Reconciliation And upload token persistence
• f501d51 Merge pull request #199 from Infisical/fix/pam-205-keep-recording-on-upload-failure
• 65ae9af address reviews
• 6916ff6 fix(pam-rdp): address PR review feedback
• b1ac506 feat(gateway): direct-to-bucket session recording uploads with reconciliation
• caf9444 fix(pam): tighten startup cleanup behavior
• 13a16d3 fix(pam): keep session recording on upload failure (PAM-205)
• 00d06b2 feat(pam-rdp): thread AD domain through bridge for NTLM CredSSP
• 85c23d2 fix(pam-rdp): address PR bot review comments
• ef74e90 chore(pam-rdp): remove bridge-test harness
• b375428 ci: shorten dry_run description in release workflow
• e22812a fix(pam-rdp): format Safety doc as proper heading for clippy
• 6f3ac49 ci(pam-rdp): build Rust bridge natively on windows-2022 runner
• 7511234 ci(pam-rdp): enable RDP in Windows Docker container images
• 57438fe ci: group goreleaser-windows into the create-release-draft column
• 3291a54 fix(ci): link libwinpthread for windows CGO
• 348de42 ci(pam-rdp): parallelize goreleaser + goreleaser-darwin via shared draft
• cf674f1 chore(pam-rdp): remove rdp-bridge-test dev binary
• 08f0809 ci(pam-rdp): ditch zig for darwin, use macos-latest runner instead
• 3887a5a fix(ci): stub libresolv.tbd for darwin cross-compile
• b15371b fix(pam-rdp): clean up .rdp file on session end + pin zig 0.14.0
• 50e29ce ci(pam-rdp): bump zig to 0.16.0
• 65aaa12 ci(pam-rdp): drop FreeBSD and NetBSD from RDP tier
• eb75047 chore(pam-rdp): strip redundant comments across the PR
• 2b2ccab ci(pam-rdp): build only the staticlib target in cross-compile jobs
• a515cbd ci(pam-rdp): drop windows/arm64 from RDP tier
• 8329f79 fix(pam-rdp): statically bundle zlib into the bridge archive
• 05fcb11 chore: remove accidentally committed local PAM session artifact
• b0aff6c ci(pam-rdp): expand RDP support from 5 to 11 targets (option 1)
• 0c9424d ci(pam-rdp): use zig cc for darwin cross-compile instead of osxcross
• 3bc0a78 Revert skip=docker change; keep only the mingw package name fix
• a3f4408 fix(ci): correct mingw apt package name and skip docker on dry-run
• 9beb635 feat(pam-rdp): wire --reason flag through to RDP access
• 7585478 Merge remote-tracking branch 'origin/main' into feat/pam-rdp-mvp
• 0611a97 ci(pam-rdp): wire RDP bridge static libs into goreleaser release
• 6ef384f feat(pam-rdp): add Windows CGo wrapper and extract shared bridge ops
• 83dc9ab ci(pam): cross-compile RDP bridge static libs across 11 targets
• 492f656 ci(pam): add dry-run option to release workflow
• 8a04e54 ci: retrigger
• 095b900 ci(pam): pin Rust toolchain + add RDP bridge smoke test
• 5e2e46b fix: add .vscode folder to gitignore
• afb0ec2 chore(pam): remove rdp native crate README
• 55ca651 chore(pam): rdp UX polish
• e84febf feat(pam): add rdp access CLI subcommand
• 39328fd feat(pam): wire rdp handler into gateway dispatch
• a91f967 feat(pam): add c abi + cgo wrapper for rdp bridge
• 013cab5 feat(pam): add rust rdp bridge with post-credssp passthrough

Changelog

• 464682d Merge pull request #219 from Infisical/fix/tar
• d4374ce chore: updated tar to new version
• 37a5224 Merge pull request #203 from Infisical/feat/pam-rdp-ad-support
• 5f90606 Merge remote-tracking branch 'origin/main' into feat/pam-rdp-ad-support
• 82180bb Merge pull request #191 from Infisical/feat/pam-rdp-mvp
• 05b05ad Merge remote-tracking branch 'origin/main' into feat/pam-rdp-ad-support
• f2f4f99 fix(release): append windows artifacts to shared draft
• 98e076f chore(pam-rdp): drop unused /target-docker from .gitignore
• e0619d7 chore(pam-rdp): lowercase example account name in help text
• 92102e9 fix(pam-rdp): don't shut down proxy on per-connection gateway close
• 4e8d91e feat(gateway): add AWS authentication (#202)
• 54e921b Merge remote-tracking branch 'origin/main' into feat/pam-rdp-mvp
• ad8bcfc fix(release): make npm-release tolerate skipped validate-tag-branch
• e0a9157 refactor(pam-rdp): use target username for acceptor, autofill via metadata
• 8ffb72b refactor(pam-rdp): consolidate HandleConnection + cargo fmt
• e350e47 feat(pam-rdp): strip virtual channels from MCS Connect Initial
• c2b68da feat(pam-rdp): use account name as RDP acceptor username
• 8c758e2 Merge pull request #200 from Infisical/PAM-189
• 7675e95 feat(pam-rdp): use empty password for acceptor credentials
• 4f0e3e2 refactor(pam-rdp): rename bridge_cgo.go to bridge_cgo_unix.go
• c4ec7db drop haspendingchunks gate for loading secrets from disk
• ff7d648 remove chunk splitting
• e5d2acb docs(pam-rdp): add README for Rust bridge setup
• c292f74 reviews
• 4800b70 Split chunks
• 25e6421 deletePersistedOffset only if chunks cleared
• 3d92a88 move writePersistedOffset into loop
• 4c89708 Merge branch 'main' into PAM-189
• 764e44e Fixed Chunk Reconciliation And upload token persistence
• f501d51 Merge pull request #199 from Infisical/fix/pam-205-keep-recording-on-upload-failure
• 65ae9af address reviews
• 6916ff6 fix(pam-rdp): address PR review feedback
• b1ac506 feat(gateway): direct-to-bucket session recording uploads with reconciliation
• caf9444 fix(pam): tighten startup cleanup behavior
• 13a16d3 fix(pam): keep session recording on upload failure (PAM-205)
• 00d06b2 feat(pam-rdp): thread AD domain through bridge for NTLM CredSSP
• 85c23d2 fix(pam-rdp): address PR bot review comments
• ef74e90 chore(pam-rdp): remove bridge-test harness
• b375428 ci: shorten dry_run description in release workflow
• e22812a fix(pam-rdp): format Safety doc as proper heading for clippy
• 6f3ac49 ci(pam-rdp): build Rust bridge natively on windows-2022 runner
• 7511234 ci(pam-rdp): enable RDP in Windows Docker container images
• 57438fe ci: group goreleaser-windows into the create-release-draft column
• 3291a54 fix(ci): link libwinpthread for windows CGO
• 348de42 ci(pam-rdp): parallelize goreleaser + goreleaser-darwin via shared draft
• cf674f1 chore(pam-rdp): remove rdp-bridge-test dev binary
• 08f0809 ci(pam-rdp): ditch zig for darwin, use macos-latest runner instead
• 3887a5a fix(ci): stub libresolv.tbd for darwin cross-compile
• b15371b fix(pam-rdp): clean up .rdp file on session end + pin zig 0.14.0
• 50e29ce ci(pam-rdp): bump zig to 0.16.0
• 65aaa12 ci(pam-rdp): drop FreeBSD and NetBSD from RDP tier
• eb75047 chore(pam-rdp): strip redundant comments across the PR
• 2b2ccab ci(pam-rdp): build only the staticlib target in cross-compile jobs
• a515cbd ci(pam-rdp): drop windows/arm64 from RDP tier
• 8329f79 fix(pam-rdp): statically bundle zlib into the bridge archive
• 05fcb11 chore: remove accidentally committed local PAM session artifact
• b0aff6c ci(pam-rdp): expand RDP support from 5 to 11 targets (option 1)
• 0c9424d ci(pam-rdp): use zig cc for darwin cross-compile instead of osxcross
• 3bc0a78 Revert skip=docker change; keep only the mingw package name fix
• a3f4408 fix(ci): correct mingw apt package name and skip docker on dry-run
• 9beb635 feat(pam-rdp): wire --reason flag through to RDP access
• 7585478 Merge remote-tracking branch 'origin/main' into feat/pam-rdp-mvp
• 0611a97 ci(pam-rdp): wire RDP bridge static libs into goreleaser release
• 6ef384f feat(pam-rdp): add Windows CGo wrapper and extract shared bridge ops
• 83dc9ab ci(pam): cross-compile RDP bridge static libs across 11 targets
• 492f656 ci(pam): add dry-run option to release workflow
• 8a04e54 ci: retrigger
• 095b900 ci(pam): pin Rust toolchain + add RDP bridge smoke test
• 5e2e46b fix: add .vscode folde...

v0.43.79

Changelog

• d11ce4b Merge pull request #198 from Infisical/feat/PKI-188
• e477959 Address claude-bot comments
• 8afc37d Merge remote-tracking branch 'origin/main' into feat/PKI-188
• f028c0b Merge pull request #188 from Infisical/carlos/fix-cert-agent-slug-resolution-race
• fadeed2 Renamed imported certificate to just certificate
• e0ea7e8 feat(pam): add local dev stack for seeding PAM resources (#195)
• 9cc3dab Address claude-bot comments
• 73ebb0e Cert-agent: support fetching imported certificates
• d17e57b Address claude-bot comments
• 1089a2f Await profile slug resolution before certificate issuance

v0.43.78

Changelog

• 2e62c3b Merge pull request #194 from Infisical/chore/update-pgx-version
• bd51dbc chore: update pgx dependency to v5.9.0 in go.mod and go.sum
• 26af3b1 chore: update pgx dependency to v5.9.0 and improve logging in PostgresProxy by encoding secret key as hex
• 7de65a5 Merge pull request #189 from Infisical/feature/PAM-184
• 5cba6ad Minor fix on SSH reason
• 700752c Address PR comments
• 5e5cab9 Address Claude-bot comments
• d72335b Add a reason field before PAM account access

v0.43.77

Changelog

• 17a002b Merge pull request #134 from pangeran-bottor/main
• 4b94082 fix: return empty string when Windows install method is unknown
• 942eaf2 fix(ci): use Go 1.25.9 to match other workflows and go.mod
• 65da412 fix: detect install method from executable path for update instructions

v0.43.76

Changelog

• 9faea50 feat(pam): gateway auth for kubernetes (#186)
• fedaa27 feat(pam): add e2e tests for redis (#181)
• 04bf737 Merge pull request #183 from Infisical/feat/gateway-enrollment-tokens
• 32675c0 fix: pass relay name to systemd install, use correct operation name in CallConnectGateway
• feba1f7 fix: use access token for relay selection in enrollment flow
• 2730731 refactor: remove relay selection from enrollment, handled by connect
• 93160e9 feat: use V3 /connect for enrollment-flow gateways, add CallConnectGateway
• 625ec1c fix: use enrolled access token directly instead of re-reading via env var
• 856fc31 fix: check explicit CLI flags instead of env vars for hasExplicitCreds
• 72c78c3 fix: clean up per-gateway config directory on systemd uninstall
• d52b4f8 feat: use V3 token-auth/enroll endpoint for gateway enrollment
• d464016 refactor: rename enroll-method from 'static' to 'token'
• 62e520a feat: scope gateway config files by name for multi-gateway support
• 9b91827 fix: remove legacy auth method references from token flag descriptions
• 4d06796 refactor: use EnrollMethodStatic constant instead of magic string
• 239c865 fix: remove --name flag references from command descriptions and examples
• b602fff feat: idempotent enrollment command for gateway restarts
• 38fe5b8 fix: use 0700 permissions for gateway config directory
• ce33e87 fix: use Geteuid instead of Getuid for effective root check in conf path
• facc596 fix: skip stored token loading when explicit credentials are provided
• ea34f02 fix: persist effective domain during enrollment even without --domain flag
• fe2bc62 feat: gateway name as positional arg with --name deprecated
• bd45820 feat: gateway enrollment token flow

v0.43.75

Changelog

• e670230 feat(pam): add command blocking and session log masking via account policies (#174)

v0.43.74

Changelog

• 8149820 Merge pull request #187 from Infisical/daniel/fix-cli-release
• d8dc469 fix: cli release failing
• e822f03 Merge pull request #169 from Infisical/adilsitos/feat/ENG-4525
• 46b37a7 change flag name
• 807aa40 test: remove E2E test for sse reconnection (flaky)
• 5c181a2 add a get to trigger SSE
• cce6630 feat: try to recreate the SSE connection if the sse was defined
• 4ea7593 feat: add fallback to pooling approach
• 76eb2e9 fix: address naming comments
• eb3f282 added licensing to e2e tests
• 4f6ea97 change flag to use env to not allow secret retrieval by ps aux
• 07f73a3 fix SSE test
• d9b1abc add test for SSE into proxy
• 0670668 change sseEnabled if statement
• 7831859 change sseEnabled if statement
• 376dbee refactor: change resync commands creation
• 5c17550 add refresh token when SSE auth state is created and add ctx into requests
• 04ddb3c change to use httpclient
• 61b7473 change how the SSE request update the cache
• a960c57 remove log
• 40c6d53 feat: change how sse message keys are being stored on the cache.
• 3c91e78 add binary into gitignore
• 8ccd277 feat: change SSE to handle subscriptions for the entire project, not only specific envs
• bb6e357 feat: add sse support into proxy

v0.43.73

Changelog

• ef00ea3 Merge pull request #182 from Infisical/daniel/bump-go-version-2
• 6b65153 chore: bump go versions

v0.43.72

Changelog

• c6a4cf0 Merge pull request #172 from Infisical/fix-status-code
• b8e8d59 fix status code propagation

v0.43.71

Changelog

• 86c69cd Merge pull request #173 from Infisical/feat/pam-session-real-time-log-sync
• 5906e97 fix(pam): skip incremental flush when in legacy mode
• 89dcf0b fix(pam): restore debug logs accidentally removed from uploadSessionFile
• 56ced3b feat(pam): real-time session log sync via incremental batch uploads