🔐 Authgate™ | Private Auth, Licenses System 2025 ▷ authgate.shop ◁

## [v1.6.0] - 5 Oct, 2025

### New

- **Secure Request Signing** - Introducing a robust request signing system with signature verification and nonce management to prevent replay attacks.
- **SDKs with Built-In Signing** - C++ and Python SDKs now natively support signed requests, ensuring every integration is secure and fully trusted end to end.

## [v1.6.1] - 5 Oct, 2025

### Fixed

- Added missing database migration script for request_signing_key column

## [v1.6.2] - 12 Oct, 2025

### New

- **AES-GCM Encryption for Keys** - Application keys now use AES-GCM encryption for improved security.
- **Regenerate Request Signing Key** - Ability to regenerate request signing keys from the admin panel.

### Improvements

- Streamlined file and key encryption handling with removal of legacy methods
- Updated clients to new key schema with improved base64 handling

### Fixed

- Fixed downgrade path in database migration script 0007
- Fixed regeneration of application keys

## [v1.7.0] - 7 Nov, 2025

### New

- **Device Authentication** - Hardware ID-based device authentication for desktop apps. Bind user sessions to specific devices and manage registered devices from the admin panel.
- **Domain Events** - Internal event system for better decoupling and extensibility. Enables reactive workflows and cleaner architecture.

### Improvements

- Added device authentication toggle to application settings

## [v1.8.0] - 17 Nov, 2025

### New

- **Admin API** - Programmatic access to admin operations with dedicated API key authentication. Includes endpoints for user details, license details, active users, and device reset operations.
- **Response Signing** - Server responses are now cryptographically signed, ensuring integrity and authenticity of all data returned from your Authgate instance.
- **Documentation Site** - Comprehensive documentation with architecture overview, features, API reference, SDK guides, and more.

### Improvements

- Request signing now enabled by default
- Renamed DirectAuthStrategy to LegacyAuthStrategy in clients for clarity

### Fixed

- Fixed C++ client curl options to be set before retrying requests

## [v1.8.1] - 17 Nov, 2025

### Improvements

- Added safety check to prevent running update script from within the deployment directory
- Release archives now include top-level directory for cleaner extraction

### Fixed

- Various fixes in C++ client

## [v1.8.2] - 19 Nov, 2025

### Improvements

- Added optional HTTP and HTTPS port configuration for flexible deployment setups

### Fixed

- Fixed sign handling for adjustment minutes in membership timeline display
- Fixed C++ client header handling to properly clear and rebuild headers when refreshing authentication
- Standardized error message for inactive membership across all endpoints
- Changed status code for expired membership from 401 to 403
- Fixed lifetime membership session capping
- Added x-hardware-id to client-controlled headers for request signing

## [v1.9.0] - 5 Dec, 2025

### New

- **Automatic Ban System** - Intelligent cross-banning that automatically detects a banned user, IP, HWID, or license and blocks all related ones. Manage bans from the admin panel with full CRUD operations and reporting.
- **Known IP Addresses** - Track and display IP addresses associated with users, including last seen timestamps for better security visibility.
- **User Ban Status** - Ban status now visible in user management views with one-click ban/unban actions.

### Improvements

- Pagination support added to Form Data Tables component
- Added configurable maximum file upload size in nginx

## [v1.9.1] - 5 Dec, 2025

### Fixed

- Made IP address extraction more robust
- Fixed update script to preserve file storage during updates

## [v1.9.2] - 7 Dec, 2025

### Improvements

- Enhanced real IP detection for multi-tier reverse proxy setups in nginx configuration

### Fixed

- Fixed missing volume mount for file storage in Docker Compose

## [v1.6.0] - 5 Oct, 2025

### New

- **Secure Request Signing** - Introducing a robust request signing system with signature verification and nonce management to prevent replay attacks.
- **SDKs with Built-In Signing** - C++ and Python SDKs now natively support signed requests, ensuring every integration is secure and fully trusted end to end.

## [v1.6.1] - 5 Oct, 2025

### Fixed

- Added missing database migration script for request_signing_key column

## [v1.6.2] - 12 Oct, 2025

### New

- **AES-GCM Encryption for Keys** - Application keys now use AES-GCM encryption for improved security.
- **Regenerate Request Signing Key** - Ability to regenerate request signing keys from the admin panel.

### Improvements

- Streamlined file and key encryption handling with removal of legacy methods
- Updated clients to new key schema with improved base64 handling

### Fixed

- Fixed downgrade path in database migration script 0007
- Fixed regeneration of application keys

## [v1.7.0] - 7 Nov, 2025

### New

- **Device Authentication** - Hardware ID-based device authentication for desktop apps. Bind user sessions to specific devices and manage registered devices from the admin panel.
- **Domain Events** - Internal event system for better decoupling and extensibility. Enables reactive workflows and cleaner architecture.

### Improvements

- Added device authentication toggle to application settings

## [v1.8.0] - 17 Nov, 2025

### New

- **Admin API** - Programmatic access to admin operations with dedicated API key authentication. Includes endpoints for user details, license details, active users, and device reset operations.
- **Response Signing** - Server responses are now cryptographically signed, ensuring integrity and authenticity of all data returned from your Authgate instance.
- **Documentation Site** - Comprehensive documentation with architecture overview, features, API reference, SDK guides, and more.

### Improvements

- Request signing now enabled by default
- Renamed DirectAuthStrategy to LegacyAuthStrategy in clients for clarity

### Fixed

- Fixed C++ client curl options to be set before retrying requests

## [v1.8.1] - 17 Nov, 2025

### Improvements

- Added safety check to prevent running update script from within the deployment directory
- Release archives now include top-level directory for cleaner extraction

### Fixed

- Various fixes in C++ client

## [v1.8.2] - 19 Nov, 2025

### Improvements

- Added optional HTTP and HTTPS port configuration for flexible deployment setups

### Fixed

- Fixed sign handling for adjustment minutes in membership timeline display
- Fixed C++ client header handling to properly clear and rebuild headers when refreshing authentication
- Standardized error message for inactive membership across all endpoints
- Changed status code for expired membership from 401 to 403
- Fixed lifetime membership session capping
- Added x-hardware-id to client-controlled headers for request signing

## [v1.9.0] - 5 Dec, 2025

### New

- **Automatic Ban System** - Intelligent cross-banning that automatically detects a banned user, IP, HWID, or license and blocks all related ones. Manage bans from the admin panel with full CRUD operations and reporting.
- **Known IP Addresses** - Track and display IP addresses associated with users, including last seen timestamps for better security visibility.
- **User Ban Status** - Ban status now visible in user management views with one-click ban/unban actions.

### Improvements

- Pagination support added to Form Data Tables component
- Added configurable maximum file upload size in nginx

## [v1.9.1] - 5 Dec, 2025

### Fixed

- Made IP address extraction more robust
- Fixed update script to preserve file storage during updates

## [v1.9.2] - 7 Dec, 2025

### Improvements

- Enhanced real IP detection for multi-tier reverse proxy setups in nginx configuration

### Fixed

- Fixed missing volume mount for file storage in Docker Compose

## [v1.9.3] - 18 Dec, 2025

### New

- **Bulk Delete Users** - Select and delete multiple users at once from the admin panel
- **Bulk Delete Licenses** - Select and delete multiple licenses at once from the admin panel
- **User Deletion** - Delete users with automatic credential anonymization
- **License Deletion** - Delete licenses with optional time revocation from associated users
- **Change User Password** - Admins can now change user passwords from the admin panel

## [v1.9.4] - 23 Dec, 2025

### New

- **User Variables** - Store and manage custom key-value data per user. Access user variables from the admin panel and through the Integration API and SDKs.
- **Bulk Delete Bans** - Select and delete multiple bans at once from the admin panel
- **Ban Deletion** - Delete individual bans from the admin panel