Server Changelog

Changes to Banyan's Netagent & Connector

  • Updated on Apr 10, 2024

To stay informed about important updates to our product, subscribe to our monthly Release Notes. You may also review past release notes here and current limitations (and workarounds) of the Banyan Platform here.

April 10th 2024

v2.8.5

March 14th 2024

v2.8.4

February 14th 2024

v2.8.3

January 17th 2024

v2.8.2

  • new Enhanced Netagent performance (lowered CPU usage).

  • Download:

December 13th 2023

v2.8.1

  • fix Connection test was failing for hosted web services with capitalized Access Tier names.

  • Download:

November 15th 2023

v2.8.0

  • fix (Discover Public Resources) Accessing the same FQDN resource using a second Service Tunnel was not updating the tunnel information on the list page or in the “Last Reported” status.

  • Download:

October 11th 2023

v2.7.4
  • fix Improved support for private resource discovery

  • new /health API endpoint supports query parameters to filter results specific to a service or component

  • Download:

September 20th 2023

v2.7.3
  • fix Access Tiers were collecting stale certificates from outdated services.

  • new Support for non-standard websockets (like socket.io), enabled via Access Tier Local Config API.

  • Download:

August 9th 2023

v2.7.2

July 12th 2023

v2.7.1

June 14th 2023

v2.7.0
  • new Debugging interface now enabled by default (memprofile set to true).

  • fix Users were intermittently being disconnected from Infra Services and Service Tunnel; warnings were generated but error messages were not.

  • Download:

May 10th 2023

v2.6.0
  • fix ICMP admin prohibited packets are returned for rejected traffic.

  • Efficiency improvements in Service Tunnel L4 policy changes.

  • Download:

April 28th 2023

v2.5.1

April 12th 2023

v2.5.0
  • Improved Netagent reporting.

  • new StatsD support for monitoring Service Tunnels.

  • Download:

April 5th 2023

v2.4.2

  • fix FQDNs used in Tunnel-based policies were failing to resolve in some cases.

  • Download:

March 16th 2023

v2.4.1

  • fix Domain-based policies weren’t working as expected when FQDNs’ IP addresses were changed.

  • Download:

March 8th 2023

v2.4.0
  • new Support for new Domain-based Tunnel Policies.
  • Performance and stability improvements.

February 8th 2023

v2.3.0
  • fix When using intermediate CA certificates, the CA certificate format was incorrectly written, causing the Netagent to fail on start.
  • fix WireGuard kernel module, required for running kernel version in Amazon Linux 2, was missing.

  • Browser-based Error messages have been updated.

  • Download:

January 11th 2023

v2.2.0

  • fix Private domains (ipv6) were not resolving over Service Tunnel.

  • Download:

December 14th 2022

v2.1.1

December 13th 2022

v2.1.0
  • new Service Tunnel for Public Domains.

  • new Service Tunnel Discovery.

  • Download:

November 9th 2022

v2.0.0
  • Simplified the Access Tier installation process.

  • new Local configs (i.e., advanced configs) are done via API/UI instead of the config.yaml file.

  • Download:

October 13th 2022

v1.49.0
  • new Netagent logs will now report the TLS ciphers and versions for every connection.

  • new Access type Event Logs will now report Access Tier name along with its public address for every connection.

  • Download:

September 14th 2022

v1.48.0

August 25th 2022

v1.47.0

  • fix Netagent was unable to correctly handle websocket connections in case of OIDC exempt requests.

  • Download:

July 28th 2022

v1.46.0
  • fix Websocket connections were not being closed in certain conditions.

  • fix Netagent logs were not being collected through Netagent Support Bundle.

  • Download:

July 1st 2022

v1.45.1
  • fix Banyan’s Private DNS resolution was case-sensitive; DNS resolution is no longer case-sensitive.

  • fix Enhanced DNS routing was not resolving correctly for Windows.

  • Download:

June 30th 2022

v1.45.0
  • fix Updating the Access Tier tunnel configuration in Banyan’s Cloud Command Center was causing Netagent to bring down the WireGuard (wg) interface.

  • fix In some scenarios, enhanced DNS routing was not resolving correctly.

  • Download:

May 12th 2022

v1.44.0

  • new Option to disable Strict-Transport-Security HTTP Response Header within Netagent configuration.

  • Download:

March 24th 2022

v1.43.0
  • new Support for Service Accounts in the Cloud Command Center.
  • Admins can customize the SameSite cookie property of the bnn_trust cookie used by Hosted Websites.

  • fix Service Tunnel iptables rules were not deleting after the Access Tier was removed from the Service Tunnel.

  • Download:

February 3rd 2022

v1.42.2

  • fix Service Tunnel issues that were causing select TrustScores to be ignored.

  • Download:

v1.42.1

  • fix Service Tunnel users were experiencing packet loss when users were added or removed.

  • Download:

January 27th 2022

v1.42.0
  • new Admins can now easily define L7 rules within web policies through the Banyan console.

  • new Admins can now create network-level (L4) Service Tunnel policies.

  • Download:

January 6th 2022

v1.41.0
  • fix Netagent was stripping out invalid HTTP cookies. Now, it forwards invalid cookies.

  • fix macOS users now receive the correct IP address when they use Service Tunnel.

  • Download:

October 31st 2021

v1.40.0

September 30th 2021

v1.39.0
  • new Netagent now returns a connection test response when it receives a request from shield with * in the site name.

  • new The REST API server now reports for all access-tiers in a cluster.

  • Download:

September 2nd 2021

v1.38.0
  • Restored “Netagent Details” for hosted websites and infrastructure

  • Removed enforcement of “Site Domain Names” configuration parameter

  • Download:

July 7th 2021

v1.37.0
  • Metrics collection using statsd to send metrics to Datadog via Dogstatsd
  • Use Let’s Encrypt certificates for hosted websites

  • Frontend domain with upper case letters

  • Download:

May 12th 2021

v1.36.1

April 28th 2021

v1.36.0
  • Various improvements to Access events.
    • User and Device info for TCP service connection-level events.
    • Added reported_by field to display the specific Netagent sending the event.
    • For Access events, the correlation_id identifies the TCP connection.

  • Added Headers field under HTTP Settings in the Service Spec.

  • Download:

March 31st 2021

v1.35.0
  • Optimized standard config parameters down to only four values and updated defaults for many parameters to simplify common Netagent configurations. The following defaults have changed:
    • Shield Connectivity - secure_bootstrap = true
    • Access Tier - access_tier = true, site_domain_names = "*"
    • OIDC Services - code_flow = true, groups_by_userinfo = true, redirect_to_https = true
  • Miscellaneous Access event improvements.
    • Service Name shows Service ID.
    • HTTP_CONNECT mode now indicates backend address.
    • Increased the time interval for periodic events to 1 hour from 10 minutes.

  • (Bug fix) If a request had two Trust cookies – one that is valid and a second one which is not valid – then depending on the order in which they are getting processed by Netagent, the valid one could end up getting deleted, which would make the user have to re-authenticate. Now, in that scenario the valid cookie will not be deleted.

  • Download v1.35.0

March 12th 2021

v1.34.1

  • (Bug fix) Netagent v1.34.0 did not properly handle expired cookies, which caused end users’ browsers to get stuck in an endless redirect loop when attempting to access a web service.

  • Download:

March 3rd 2021

v1.34.0

January 27th 2021

v1.33.0

  • (Bug Fix) Valid short-lived certificates that were older than 24 hours were rejected. Now, short-lived certificates can be up to 72-hours old.

  • Download v1.33.0

January 6th 2021

v1.32.0

October 28th 2020

v1.31.0

October 2nd 2020

v1.30.0

  • OIDC Services - Added ability to exempt specific Source IPs from Policies

  • Download v1.30.0

October 1st 2020

v1.29.1
  • OIDC Services - Add ability for Netagent to query TrustProvider’s userinfo endpoint to obtain a user’s group membership. This is especially useful for organizations where the end users belong to a large number of groups, which increases group information included in the TrustCookie and triggers browser limitations on cookie size.

  • (Bug Fix) OIDC Services - the bnn_return cookie logic used to return the end user to the original path they were attempting to access (for example, /foo) now also supports query parameters (such as, foo?bar=123).

  • Download v1.29.1

August 26th 2020

v1.28.0
  • Enriched information collected about a Netagent when generating a one-click support bundle. The bundle now collects additional Netagent configuration files and CIDR ranges as well as common commands support staff needs to better understand the Netagent environment.
  • Ability to create allow list of backends and ports (including CIDR ranges) when configuring services.

  • (Bug Fix) OIDC Services - Previously, when configuring CORS, the target parameter only supported a wildcard (*). Now, the target parameter supports actual domains.

  • Download v1.28.0

July 30th 2020

v1.27.1

  • Updated a shared-library dependency involving default values for the allow_user_override metadata tag, which (in some scenarios) reset admin-configurations and led to erroneous blocking of end user access.

  • Download v1.27.1

July 29th 2020

v1.27.0
  • Added HTTP_CONNECT mode for Backend routing; when set, Netagent will rely on an HTTP Connect request to derive the backend target address (i.e., ipaddress:port or fqdn:port).
  • (Bug Fix) Successful WebSocket closure statuses were returning incorrectly.

  • (Bug Fix) Netagent Service configurations were not properly updating.

  • Download v1.27.0

June 19th 2020

v1.25.1

  • (Bug Fix) Netagent v.1.25.0 introduced a regression for Cognito that passed an OAuth “scope” called “groups”, which Cognito does not support.

  • Download v1.25.1

June 17th 2020

v1.25.0

May 20th 2020

v1.23.0

May 6th 2020

v1.22.0

  • Fixed cookie logic for WebSockets and Multi-domain Services so that Banyan TrustCookies are removed from HTTP requests that are forwarded to upstream servers.

  • Download v1.22.0

The Banyan TrustCookie still can be forwarded by setting the forward_trust_cookie parameter to true. Banyan TrustCookie removal is performed both with and without the domain parameter to avoid a browser redirect loop scenario.

April 22nd 2020

v1.21.1
  • Added a configuration option redirect_to_https to redirect traffic from Port 80 (HTTP) to Port 443 (HTTPS).
  • Added a configuration option https_proxy to use an HTTP Connect Proxy to make outbound connections to Shield and TrustProvider
  • Added a configuration option forward_trust_cookie to not strip out the bnn_trust cookie before sending an HTTP request to the backend application

  • (Bug Fix) OIDC Services - Strip out the bnn_ cookies, that are used in OIDC authentication flows, before sending an HTTP request to the backend application. This enables Netagent to proxy traffic to applications that cannot tolerate additional cookies due to their max-http-header-size parameter.

  • Download v1.21.1

April 8th 2020

v1.20.0
  • Service configuration details are now reported from Netagent and displayed in the Banyan Command Center.
  • The service spec has a new exempted_paths field which allows specifying a list of HTTP paths that will be accessible without OpenID Connect authentication.
  • In the Service Spec, the oidc_settings.service_domain_name URL value can include a wildcard (*) in the first component of the domain name. Including the wildcard enables one Banyan service to permit a dynamic, non-fixed set of OpenID Connect redirect URLs. Please note: The OpenID Connect standard does not support wildcard redirect URLs, and so this feature should be used with care.
  • Added a configuration option code_flow for opt-in support for OpenID Connect Authorization Code flow. The default mechanism for OIDC authentication remains OpenID Connect Implicit Code flow.

  • Changed wildcard support in site_domain_names parameter in the config.yaml settings file, used when Netagent is run in Access Tier mode. Now, the wildcard (*) will match any prefix, not just the first component, of the SNI name. Previously, "*.example.com" in the service_domain_names parameter would match SNI “www.example.com” but not “alpha.beta.example.com”; now, it will match both.

  • Download v1.20.0

March 25th 2020

v1.19.0

  • (Bug Fix) OIDC Services - Fixed a race condition at the token validation stage that was causing sporadic hanging of connections to applications.

  • (Bug Fix) Fixed issue where Netagent stopped working if the underlying host was upgraded.

  • Download v1.19.0

March 12th 2020

v1.18.0

  • Performance and stability improvements.

  • Disconnect existing TCP connections (SSH, RDP, etc.) automatically if the device’s TrustScore drops below the level specified in the Policy condition.

  • Download v1.18.0

February 26th 2020

v1.17.0
  • Added name_delimiter field to backend target in Service spec

  • Performance and stability improvements

  • Download v1.17.0

February 12th 2020

v1.16.0
  • Configuration guardrails - Require site name, site address, or site domain name

  • (Bug Fix) Proxy WebSocket - Passing all headers for WebSocket request

  • Download v1.16.0

January 29th 2020

v1.15.0

December 18th 2019

v1.13.0
  • (Bug Fix) Workload identification - Improved handling when process or parent process has exited
  • (Bug Fix) Workload identification - Client cert issued to Unidentified container even if it has no roles

  • (Bug Fix) OIDC Services - robust deep-linking

  • Download v1.13.0

November 25th 2019

v1.11.1
  • Support for Services with mixed (user and workload) client types
  • OIDC Services - Trust cookie is a session cookie (auto-removed on browser shutdown)
  • (Bug Fix) OIDC Services - Obey Source IP Exceptions as long as Service is non-SNI

  • (Bug Fix) Workload Roles - Affix Roles even if workload is “Unidentified”

  • Download v1.11.1

October 23rd 2019

v1.9.0
  • Inactivity & max session timeouts
  • “BadActor” module for DoS prevention
  • Connection IDs in events & log files for easier troubleshooting

  • OIDC Services - deep-linking, HTTP Strict Transport Security (HSTS)

  • Download v1.9.0

September 25th 2019

v1.7.0
  • Support for proxying Websocket
  • Send complete cert chain on TLS handshake

  • Uninstall script

  • Download v1.7.0

July 19th 2019

v1.5.0

February 4th 2019

v0.7.1
  • Service definition via Web Console
  • CIDRs automatically installed from Service definition
  • OIDC workflows

  • HTTP authorization policies

  • Download v0.7.1

September 10th 2018

Netagent v0.6.13

April 2024

v1.17.0

March 2024

v1.16.0

November 2023

v1.15.0

October 11th 2023

v1.14.4

August 9th 2023

v1.14.2

July 12th 2023

v1.14.1

May 10th 2023

v1.13.0

March 8th 2023

v1.12.0

February 8th 2023

v1.11.0

January 11th 2023

v1.10.1

December 21st 2022

v1.9.1

December 13th 2022

v1.9.0

November 9th 2022

v1.8.0

October 13th 2022

v1.7.0

September 14th 2022

v1.6.0

August 25th 2022

v1.5.0

  • Connector will now include /etc/hosts when proxying DNS requests.

  • Download:

May 12th 2022

v1.4.0
  • Support for Service Tunnel.

  • Support for Connector deployment on M1.

  • Download:

October 14th 2021

v1.3.0

  • Support for users who want to install the Banyan Connector via Docker on a MacOS device.

  • Download:

August 4th 2021

v1.2.0

  • Configure Connectors from Command Center

  • CIDR-less support

  • Added example services

  • Download:

July 14th 2021

v1.1.0
  • Various bug fixes.

June 12th 2021

v1.0.0
  • Initial release
  • Semi-manual configuration

Can’t find what you’re looking for?

We’re happy to help. Contact our team.