📋 Tobogganing Release Notes¶

All notable changes to Tobogganing will be documented in this file. New releases will be prepended to this file.

🔧 v1.1.4 - "Build System Enhancement" (2025-08-22)¶

🎯 Major Improvements¶

🐳 Docker-Based GUI Builds - ✅ Reliable GUI Client Builds - Implemented Docker-based build system using Ubuntu containers - ✅ Cross-Platform Support - ARM64 and AMD64 builds via Docker Buildx and QEMU - ✅ Consistent Dependencies - All GUI libraries included: libayatana-appindicator3-dev, libgtk-3-dev, libgl1-mesa-dev - ✅ Production Ready - Eliminates environment-specific build issues

🔧 Fyne Framework Fixes - 🐛 Critical Type Declaration Fix - Resolved undefined: app.App error in GUI code - ✅ Correct Import Pattern - Fixed Fyne framework usage with proper fyne.App interface - ✅ Build Verification - Added GUI package compilation tests to catch issues early - ✅ Documentation - Complete troubleshooting guide for common Fyne issues

⚙️ Enhanced CI/CD Pipeline - 🚀 GitHub Actions Update - Enhanced workflows with Docker Buildx for Linux builds - ✅ Comprehensive Testing - Added golangci-lint and GUI compilation verification - ✅ Complete Multi-Platform Matrix - Full AMD64/ARM64 support across all OS platforms - ✅ Artifact Management - Proper binary extraction from Docker containers

🏗️ Complete Build Matrix Coverage - 🖥️ GUI Builds: macOS (AMD64/ARM64), Linux (AMD64/ARM64), Windows (AMD64/ARM64) - ⚡ Headless Builds: All major architectures plus embedded (ARMv6, ARMv7, MIPS) - 📦 Total: 14+ binary variants covering every major platform and architecture - 🎯 Universal Binaries: macOS Universal binaries for both GUI and headless variants

🛠️ Technical Details¶

Fixed Code Issues

// Before (broken):
import (
    "fyne.io/fyne/v2/app"
    "fyne.io/fyne/v2/widget"
)
type App struct {
    fyneApp app.App  // ❌ Wrong type
}

// After (correct):
import (
    "fyne.io/fyne/v2"
    "fyne.io/fyne/v2/app"
    "fyne.io/fyne/v2/widget"
)
type App struct {
    fyneApp fyne.App  // ✅ Correct interface
}

New Docker Build Process

# Reliable GUI build via Docker
docker build -f Dockerfile.gui-ubuntu -t gui-builder .
docker create --name temp gui-builder
docker cp temp:/src/tobogganing-client-gui ./client-gui
docker rm temp

# Cross-platform build support
docker buildx build --platform linux/arm64,linux/amd64 \
    -f Dockerfile.gui-ubuntu .

Enhanced GitHub Actions - Linux Builds: Architecture-specific Docker containers (Dockerfile.gui-amd64, Dockerfile.gui-arm64) - macOS Builds: Native runners (macos-13 for Intel, macos-latest for Apple Silicon) - Windows Builds: Added GUI compilation verification steps for both AMD64/ARM64 - ARM64 CGO Fix: Eliminates assembly errors by using appropriate native runners - Linting Integration: Matches local development workflow

Complete Build Matrix | Platform | GUI AMD64 | GUI ARM64 | Headless AMD64 | Headless ARM64 | Embedded | |----------|-----------|-----------|----------------|----------------|----------| | macOS | ✅ | ✅ | ✅ | ✅ | - | | Linux | ✅ | ✅ | ✅ | ✅ | ARMv6/v7, MIPS | | Windows | ✅ | ✅ | ✅ | ✅ | - |

📚 Documentation Updates¶

Comprehensive Build Guide - 🏗️ Docker-Based Approach - Complete documentation for reliable GUI builds - 🐛 Troubleshooting Section - Common errors and solutions - 🖥️ Platform-Specific Notes - macOS, Windows, and Linux considerations - ⚡ Quick Reference - Build commands for all scenarios

Build Process Documentation - ✅ Local testing procedures that match CI/CD workflows - ✅ Cross-platform build verification steps - ✅ Fyne framework best practices and common pitfalls - ✅ Docker container usage for ARM builds

🔧 Build Verification¶

Tested Components - ✅ GUI Client (Docker) - Builds successfully on Ubuntu with all dependencies - ✅ Headless Client - Static compilation verified for embedded deployment - ✅ GitHub Actions - All workflow matrices tested and working - ✅ Cross-Platform - ARM64 builds verified via Docker Buildx

New Build Commands

# GUI client via Docker (recommended)
docker build -f Dockerfile.gui-ubuntu -t gui-builder .

# Test GUI package compilation  
go build -v ./internal/gui

# Lint verification (matches CI/CD)
golangci-lint run --timeout=10m

🚀 Developer Experience¶

Improved Local Development - 🔄 Consistent Environment - Docker eliminates "works on my machine" issues - ⚡ Faster Debugging - Clear error messages and troubleshooting steps - 📋 Standardized Process - Local builds match GitHub Actions exactly - 🔍 Better Testing - GUI package compilation verification

Enhanced CI/CD Reliability - 🎯 Predictable Builds - Docker containers ensure consistent dependencies - 🚀 Faster Iteration - Parallel builds with proper matrix configuration - 🔒 Security - Updated workflows with latest actions and best practices - 📊 Better Monitoring - Enhanced logging and verification steps

🎉 What This Means¶

For Developers - 🛠️ Reliable GUI Builds - No more environment-specific compilation issues - 📚 Clear Documentation - Complete guides for all build scenarios - ⚡ Faster Development - Consistent Docker-based approach - 🔍 Better Testing - Early detection of GUI framework issues

For Users - ✅ More Stable Releases - Enhanced build verification prevents broken binaries - 🚀 Faster Updates - Improved CI/CD pipeline reduces release time - 🌐 Better Platform Support - Reliable ARM64 builds for embedded devices - 🔒 Higher Quality - Comprehensive testing and linting integration

🔗 Upgrade Notes¶

• ✅ Fully Compatible - No breaking changes to existing functionality
• ✅ Drop-in Replacement - Existing configurations continue to work
• ✅ Enhanced Reliability - Build system improvements benefit all deployments
• ✅ Future Ready - Foundation for upcoming mobile and embedded features

🚀 v1.1.0 - "Enterprise Features" (2025-08-21)¶

🎉 Major New Features¶

Advanced Management Portal - 🎛️ Dynamic Port Configuration - Admin interface for configuring proxy listening ports - 🔥 Enhanced Firewall System - Domain, IP, protocol, and port-based access control with real-time testing - 🌐 VRF & OSPF Support - Enterprise network segmentation with FRR integration - 📊 Real-Time Analytics Dashboard - Interactive charts with Chart.js and historical data aggregation

Security & Monitoring - 🚨 Suricata IDS/IPS Integration - Traffic mirroring with VXLAN/GRE/ERSPAN protocols - 📝 Syslog Audit Logging - UDP syslog integration for compliance and security monitoring - 🔒 Advanced Authentication - Enhanced JWT management and session security

Database & Infrastructure - 🗄️ PyDAL Database Layer - MySQL/PostgreSQL/SQLite support with read replica capability - 💾 Database Backup System - Local and S3-compatible storage with encryption - 🔄 Redis Caching - Session management and firewall rule caching

Deployment & CI/CD - 🐳 Multi-Architecture Docker - ARM64 and AMD64 builds with GitHub Actions - 🏗️ Cross-Platform Binaries - Native builds for Windows, macOS, Linux, and embedded devices - 🔄 Complete CI/CD Pipeline - Automated testing, building, and releasing

📚 Documentation Updates¶

• 📖 Comprehensive API Documentation - Complete REST API reference with examples
• 🏗️ Updated Architecture Guide - Enhanced with all new components and features
• 🚀 Improved Quick Start - Step-by-step setup with all new services
• ✨ Feature Documentation - Detailed guides for all enterprise features

🔧 Technical Improvements¶

• Performance: Enhanced async processing and database connection pooling
• Security: Multi-layer authentication and real-time threat detection
• Scalability: Read replica support and horizontal scaling capabilities
• Monitoring: Prometheus metrics and Grafana dashboard integration

🔒 v1.0.1 - "Security Patch" (2025-01-21)¶

🛡️ Critical Security Fixes¶

CVE Patches - 🔐 CVE-2024-24783 (HIGH) - Fixed panic when parsing invalid palette-color images in golang.org/x/image - Updated golang.org/x/image from v0.11.0 to v0.18.0 - Affected: Native client through Fyne GUI dependency chain - Impact: Prevents potential DoS attacks via malformed image files

• 🔐 CVE golang.org/x/oauth2 (HIGH) - Fixed improper validation of syntactic correctness in OAuth2 library
• Updated golang.org/x/oauth2 from v0.15.0 to v0.27.0
• Affected: Both headend proxy and native client
• Impact: Prevents authorization bypass vulnerabilities

Dependency Security - 🔍 Protestware Detection - Updated WireGuard dependencies to remove flagged gvisor.dev/gvisor package - Updated golang.zx2c4.com/wireguard to latest stable version - Enhanced dependency security scanning and validation - Improved supply chain security posture

🔧 Build & Compatibility Fixes¶

Native Client Improvements - ✅ Fixed missing headendPublicKey field in Client struct - ✅ Resolved deprecated systray.GetTooltip() API calls - ✅ Updated Go version to 1.23.1 with latest toolchain - ✅ Improved error handling in system tray notifications

Website Build Fixes - ✅ Fixed missing CircuitBoardIcon import in EmbeddedSolutions component - ✅ Replaced with valid CodeBracketIcon from Heroicons library - ✅ Resolved Next.js build failures in production deployment

📋 Component Updates¶

Headend Proxy - 🔄 Updated all crypto dependencies to latest secure versions - 🔄 Improved Go module dependency management - ✅ Verified production build compatibility

Native Client - 🔄 Headless client build confirmed working after updates - 🔄 Enhanced security posture with updated dependencies - ⚠️ GUI components require additional development environment setup

Dependencies Updated

golang.org/x/image: v0.11.0 → v0.18.0
golang.org/x/oauth2: v0.15.0 → v0.27.0  
golang.org/x/crypto: v0.31.0 → v0.37.0
golang.org/x/net: v0.21.0 → v0.39.0
golang.org/x/sync: v0.10.0 → v0.13.0
golang.org/x/sys: v0.28.0 → v0.32.0
golang.org/x/text: v0.21.0 → v0.24.0

🚨 Important Security Notes¶

Immediate Action Required - 🔴 High Priority: Update all Tobogganing deployments to v1.0.1 - 🔴 CVE Impact: Both patched vulnerabilities were rated HIGH severity - 🔴 Supply Chain: Enhanced dependency validation prevents future protestware risks

Upgrade Compatibility - ✅ Drop-in Replacement: v1.0.1 is fully compatible with v1.0.0 configurations - ✅ Zero Downtime: Rolling updates supported for production deployments - ✅ Backwards Compatible: No breaking changes to APIs or protocols

📦 Build Verification¶

Tested Components - ✅ Headend proxy builds and runs successfully - ✅ Native client headless version builds successfully
- ✅ Website builds and deploys to production - ✅ Docker containers build with updated dependencies - ✅ All critical security vulnerabilities resolved

Build Commands Verified

# Headend proxy
cd headend && go build -o headend-proxy ./proxy

# Native client (headless)  
cd clients/native && go build -o tobogganing-client-headless ./build-headless.go

# Website
cd website && npm install && npm run build

🔗 Related Resources¶

• Security Advisory: GitHub Security Advisory for detailed CVE information
• Upgrade Guide: See v1.0.0 → v1.0.1 migration notes in documentation
• Vulnerability Scanner: Use updated security scanning in CI/CD pipelines

🎉 v1.0.0 - "Genesis" (2024-08-20)¶

🚀 Major Features¶

🛡️ Zero Trust Architecture - ✅ Dual authentication system (X.509 certificates + JWT/SSO) - ✅ Never trust, always verify principle implementation - ✅ Certificate-based WireGuard authentication - ✅ Application-level JWT token validation

🏗️ Three-Tier Architecture - ✅ Manager Service - Python 3.12 with py4web framework - Central orchestration and coordination - X.509 certificate lifecycle management - JWT token management with Redis caching - Multi-datacenter support - Web-based administration interface - REST API for client management

• ✅ Headend Server - Go 1.23 with concurrent architecture
• WireGuard VPN termination
• Multi-protocol proxy (HTTP/HTTPS, TCP, UDP)
• Traffic mirroring for IDS/IPS integration
• External IdP integration (SAML2/OAuth2)

• High-performance connection handling

• ✅ Client Applications - Multi-platform support

• Native Go applications for Mac, Windows, Linux
• React Native mobile apps for Android (iOS planned)
• Docker containerized client
• Embedded SDK for integration into other products
• Automatic configuration and health monitoring
• GUI, CLI, and mobile interfaces

🌐 Multi-Platform Support - ✅ macOS: Universal binary (Intel + Apple Silicon) - ✅ Windows: x64 native application - ✅ Linux: AMD64 and ARM64 binaries - ✅ Android: React Native mobile app (v1.0.0) - ✅ iOS: Planned for v1.1+ (React Native foundation ready) - ✅ Docker: Multi-architecture containers (AMD64/ARM64) - ✅ Embedded: SDK for integration into third-party products

☁️ Cloud Native & Deployment - ✅ Kubernetes: Production-ready manifests with auto-scaling - ✅ Docker Compose: Development and small production setups - ✅ Terraform: AWS cloud infrastructure as code - ✅ CI/CD: Comprehensive GitHub Actions pipelines

🔒 Security Features¶

• 🔐 Encryption: WireGuard with ChaCha20Poly1305
• 🔐 Certificates: ECC-based X.509 certificate management
• 🔐 Authentication: JWT with RSA signing and Redis caching
• 🔐 TLS: All API communications use TLS 1.3
• 🔐 Audit Logging: Comprehensive security event logging
• 🔐 Traffic Mirroring: VXLAN/GRE/ERSPAN support for IDS/IPS

📱 Mobile & Embedded Features¶

• 📱 React Native Mobile App: Native Android application with iOS foundation
• 🔐 Mobile Security: Biometric authentication and secure credential storage
• 📊 Real-time Monitoring: Connection statistics and health monitoring on mobile
• 🔔 Push Notifications: Connection status and security alerts
• 🔌 Embedded SDK: Software development kit for integrating SASE into third-party products
• 🛠️ Integration Support: APIs and documentation for product embedding
• 📚 Developer Resources: Comprehensive guides for embedded integration
• 🏢 Partner Program: Support for companies embedding Tobogganing
• 💰 Enterprise Pricing: Starting at $5/month/user with volume discounts
• 📞 Sales Contact: sales@penguintech.io for embedded and enterprise solutions

📊 Performance & Scalability¶

• ⚡ Async Python: High-throughput API server with asyncio
• ⚡ Concurrent Go: Multi-threaded proxy with goroutines
• ⚡ Redis Caching: Session and token caching for performance
• ⚡ Horizontal Scaling: Manager service supports multiple replicas
• ⚡ Auto-Scaling: Kubernetes HPA support
• ⚡ Multi-Datacenter: Built-in orchestration across regions

🛠️ Developer Experience¶

• 📚 Documentation: Comprehensive guides and API reference
• 🧪 Testing: Unit, integration, and security tests
• 🔍 Code Quality: Linting for Python, Go, and TypeScript
• 📦 Build System: Multi-platform automated builds
• 🐳 Containerization: Docker images for all services
• 🏗️ Infrastructure as Code: Complete deployment configurations

🌐 Website & Documentation¶

• 📱 Next.js Website: Modern marketing and documentation site
• ☁️ Cloudflare Pages: Edge-optimized deployment
• 📖 Documentation Portal: Interactive guides and examples
• 💾 Download Center: Binary releases and installation guides
• 👥 Community Hub: Links to support and contribution channels
• 🖼️ Professional Screenshots: App showcase with mobile and desktop interfaces
• 💰 Enterprise Pricing: Transparent pricing with volume discounts
• 🔌 Embedded Integration: SDK and documentation for third-party product integration

📋 Component Details¶

Manager Service (Python 3.12) - Framework: py4web with asyncio and multithreading - Database: SQLite (dev) / PostgreSQL (prod) support - Caching: Redis for sessions and JWT tokens - API: RESTful API with OpenAPI documentation - Auth: Support for SAML2, OAuth2, and local authentication - Certificates: Complete PKI infrastructure - Web UI: Administration interface

Headend Server (Go 1.23) - WireGuard: Native integration with kernel module - Proxy: HTTP/HTTPS, TCP, UDP with authentication - Performance: Concurrent connection handling - Monitoring: Prometheus metrics and health endpoints - Security: Traffic mirroring and analysis - Configuration: Dynamic configuration from Manager API

Client Applications - Languages: Go for native clients, React Native for mobile, Docker for containers - Platforms: macOS (Universal), Windows (x64), Linux (AMD64/ARM64), Android, Embedded SDK - Features: Auto-configuration, health monitoring, system tray, mobile notifications - Interfaces: GUI, CLI, and touch-optimized mobile interfaces - Security: Biometric authentication support on mobile platforms - Updates: Automatic update checking and installation

🚢 Deployment Options¶

Development Environment - Docker Compose with development tools - Hot reloading and debugging support - Integrated Redis Commander and Adminer - Mock services for testing

Production Kubernetes - High availability with multiple replicas - Persistent storage with PVCs - Service mesh compatibility - Ingress controllers and load balancers - Monitoring with Prometheus and Grafana - Auto-scaling with HPA

Cloud Infrastructure (Terraform) - AWS EKS cluster with multi-AZ support - RDS for managed database - ElastiCache for Redis - Application and Network Load Balancers - Route53 DNS management - Security groups and IAM roles

🔧 Build & CI/CD¶

Comprehensive Testing - Python: pytest with coverage reporting - Go: race detection and benchmarks - Security: Trivy vulnerability scanning - Linting: pylint, golangci-lint, eslint - Integration: End-to-end testing

Multi-Architecture Builds - Docker images for AMD64 and ARM64 - Native binaries for all supported platforms - GitHub Container Registry publishing - Automated release packaging - Checksum generation and verification

Release Management - Semantic versioning - Automated changelog generation - Asset distribution with GitHub Releases - Example configurations included - Installation scripts for quick setup

📈 Compliance & Enterprise Features¶

Security Compliance - SOC 2 Type II compatible - ISO 27001 aligned - NIST Cybersecurity Framework - HIPAA considerations - GDPR compliance features

Enterprise Integration - LDAP/Active Directory support - SAML2 and OAuth2 SSO - External PKI integration - Audit logging and reporting - Role-based access controls

🔮 Future Roadmap Preview¶

Short Term (v1.1 - v1.5) - 📱 iOS mobile application completion - 📊 Enhanced analytics and reporting - 🔗 Service mesh integration - 🏢 Multi-tenant capabilities - 🔌 Enhanced embedded SDK and integration tools - 🏪 Mobile app store submissions

Medium Term (v2.0+) - 🤖 Machine learning threat detection - 🧠 Advanced policy engine with WASM - 🔗 Blockchain identity management - 🌐 Edge computing integration

📊 Project Statistics¶

• 📁 Total Files: 150+ across all components
• 💻 Lines of Code: 25,000+
• 🏗️ Components: 3 core services + website + infrastructure
• 🌍 Platforms: 6 supported deployment targets
• 🔧 Languages: Python, Go, TypeScript, YAML
• 📚 Documentation: 20+ guides and references

🙏 Acknowledgments¶

Core Development Team - Architecture and design - Security implementation - Performance optimization - Documentation and testing

Community Contributors - Beta testing and feedback - Bug reports and feature requests - Documentation improvements - Translation efforts

Technology Partners - WireGuard for VPN protocol - Kubernetes community - Cloud provider integrations - Open source ecosystem

📞 Support & Community¶

• 🐛 Bug Reports: GitHub Issues
• 💬 Community: Discord Server
• 📚 Documentation: docs.tobogganing.com
• 🔒 Security: security@tobogganing.com

🎯 What's Next?¶

Tobogganing v1.0.0 represents a complete, production-ready Open Source SASE solution. We're excited to see how the community adopts and contributes to the project!

Get Started Today: 1. 📥 Download from GitHub Releases 2. 📖 Follow the Quick Start Guide 3. 🚀 Deploy with our example configurations 4. 💬 Join our community discussions

Release notes format: New releases will be added above this line, maintaining chronological order with newest first.