Skip to content

API

Version 1.15.0

  • Release December 7, 2025

Added

  • Unregistered display calculation.
  • Rotate-now actions.

Changed

  • Updated defaults for SKA-P to use new SKA version 25.9 URLs and PaaS region.
  • Migrated SKA-related database table names to use "ska" prefix in place of "pqc".
  • Renamed SKA-related modules, logging, and URLs to use "ska" identifier in place of "pqc".
  • Upgraded from Erlang/OTP 28.1.1 to 28.2.
  • Upgraded from Elixir 1.19.2 to 1.19.4.

Fixed

  • Fixed restore-to-point action to fully recalculate SKA-related endpoint settings.

Version 1.14.0

  • Released November 13, 2025

Added

  • Controller action and integration with SKA-P to quarantine a device.
  • Controller action and integration with SKA-P to add and remove a device to and from security groups.
  • Controller action and integration with SKA-P to query for current list of security groups.
  • Controller action for deleting a host can now optionally also delete all of the connections to the host from other hosts.
  • Controller actions to cancel all pending changes or mark all pending changes as applied manually.
  • Controller action to restore a deleted user.

Changed

  • Deleted users are now filtered out of host members list; setting up a new agent for a host will no longer attempt to use a deleted user.
  • Peer identities that have been deleted through the web UI are no longer automatically restored when used by an agent.
  • Optimized queries for endpoint stats list & chart.
  • Optimized queries for IPs chart on dashboard.
  • Upgraded from Erlang/OTP 28.1 to 28.1.1.
  • Upgraded from Elixir 1.18.4 to 1.19.2.
  • New library for logging to syslog (syslogger instead of ex_syslogger).
  • Ubuntu install script now turns on option for better syslog integration by default.

Fixed

  • Fixed restore-to-point functionality to not attempt to restore old preshared keys or SKA-P device details.

Version 1.13.0

  • Released October 24, 2025

Changed

  • Changed canonical OCI image name from ghcr.io/crux-comms/cruxvpn-api to ghcr.io/siriuscomputer/cruxvpn-api.
  • Disabled cosign build signing temporarily (until other infrastructure pieces are moved into place).
  • Upgraded from Erlang/OTP 27.3.4.1 to 28.1

Version 1.12.0

  • Released September 29, 2025

Added

  • SKA-P per-tenant/organization device sync.
  • DB tables for saving tenant and device information.
  • Controller actions supporting SKA-P integration in web UI.
  • Change events pushed to agents from device sync.
  • Helper scripts for upgrading native install (in api/ops/upgrade directory of tarball).
  • Mkcert option (to generate test SSL cert) in install scripts.
  • Included full web UI webops directory in Docker image.
  • Enable downloads of full Agent, Android APK, API, and Web UI directories.

Changed

  • Replaced separate cruxvpn-api-generate-docker-compose and cruxvpn-api-update-geoip-data Docker images with the ability to run the ops/install/generate-docker-compose.sh and ops/geolite2/download-process-deploy.sh scripts directly from the main cruxvpn-api Docker image.

Removed

  • Removed SKA-P single-tenant audit-export polling.

Version 1.11.0

  • Released August 17, 2025

Added

  • Capture and log manual SKA-P deregister device events.
  • Controller action to help pick hub hosts.

Changed

  • Updated default SKA-P API URLs to match SKA-P 25.06 release.

Version 1.10.0

  • Released July 10, 2025

Added

  • Adds 3 new security-related headers to HTTP responses: 
    Content-Security-Policy: default-src 'none'; form-action 'none'; base-uri 'none'; frame-ancestors 'none'; sandbox
Strict-Transport-Security: max-age=7776000
X-Content-Type-Options: nosniff
    HSTS header is included only if its max age is specified via the HSTS_MAX_AGE env var; eg HSTS_MAX_AGE=90d for 90 days.
  • Optional S3 signed URLs for agent downloads. Enabled via DOWNLOADS_ACCESS_KEY_ID (and other DOWNLOADS_*) env vars.
  • Optional EULA acceptance tracking. Enabled via TERMS_LAST_UPDATED env var (eg TERMS_LAST_UPDATED=2025-07-01).
  • Mandatory seat-based license-key enforcement. License keys must be placed in directory specified by LICENSE_DIR env var (defaults to /etc/cruxvpn/license).

Changed

  • Upgraded from Erlang/OTP 27.2 to 27.3.4.1
  • Upgraded from Elixir 1.17.3 to 1.18.4

Removed

  • Removed preshared-key mismatch alert (which was incongruent with keys generated via SKA-P).

Version 1.9.2

Added

  • Support for Ubuntu 24.04 installations
  • New functionality to connect to Arqit API
  • New log entries based on changes pushed via Arqit API

Changed

  • Changes to registration flow based on Arqit device properties
  • Rearrange PSK logic in endpoint controller

Version 1.8.0

  • Initial Release