Skip to content

API

Version 1.13.0

  • Released October 24, 2025

Changed

  • Changed canonical OCI image name from ghcr.io/crux-comms/cruxvpn-api to ghcr.io/siriuscomputer/cruxvpn-api.
  • Disabled cosign build signing temporarily (until other infrastructure pieces are moved into place).
  • Upgraded from Erlang/OTP 27.3.4.1 to 28.1

Version 1.12.0

  • Released September 29, 2025

Added

  • SKA-P per-tenant/organization device sync.
  • DB tables for saving tenant and device information.
  • Controller actions supporting SKA-P integration in web UI.
  • Change events pushed to agents from device sync.
  • Helper scripts for upgrading native install (in api/ops/upgrade directory of tarball).
  • Mkcert option (to generate test SSL cert) in install scripts.
  • Included full web UI webops directory in Docker image.
  • Enable downloads of full Agent, Android APK, API, and Web UI directories.

Changed

  • Replaced separate cruxvpn-api-generate-docker-compose and cruxvpn-api-update-geoip-data Docker images with the ability to run the ops/install/generate-docker-compose.sh and ops/geolite2/download-process-deploy.sh scripts directly from the main cruxvpn-api Docker image.

Removed

  • Removed SKA-P single-tenant audit-export polling.

Version 1.11.0

  • Released August 17, 2025

Added

  • Capture and log manual SKA-P deregister device events.
  • Controller action to help pick hub hosts.

Changed

  • Updated default SKA-P API URLs to match SKA-P 25.06 release.

Version 1.10.0

  • Released July 10, 2025

Added

  • Adds 3 new security-related headers to HTTP responses: 
    Content-Security-Policy: default-src 'none'; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; sandbox
Strict-Transport-Security: max-age=7776000
X-Content-Type-Options: nosniff
    HSTS header is included only if its max age is specified via the HSTS_MAX_AGE env var; eg HSTS_MAX_AGE=90d for 90 days.
  • Optional S3 signed URLs for agent downloads. Enabled via DOWNLOADS_ACCESS_KEY_ID (and other DOWNLOADS_*) env vars.
  • Optional EULA acceptance tracking. Enabled via TERMS_LAST_UPDATED env var (eg TERMS_LAST_UPDATED=2025-07-01).
  • Mandatory seat-based license-key enforcement. License keys must be placed in directory specified by LICENSE_DIR env var (defaults to /etc/cruxvpn/license).

Changed

  • Upgraded from Erlang/OTP 27.2 to 27.3.4.1
  • Upgraded from Elixir 1.17.3 to 1.18.4

Removed

  • Removed preshared-key mismatch alert (which was incongruent with keys generated via SKA-P).

Version 1.9.2

Added

  • Support for Ubuntu 24.04 installations
  • New functionality to connect to Arqit API
  • New log entries based on changes pushed via Arqit API

Changed

  • Changes to registration flow based on Arqit device properties
  • Rearrange PSK logic in endpoint controller

Version 1.8.0

  • Initial Release