Meshr meshr
Changelog

What's new

Release notes and version history for the meshr platform.

v0.6.57

latest May 2026
  • fix macOS auto-update self-relaunch — fixed SingleInstanceLock race that left the app gone after update; goes through LaunchServices via `open` now so the new bundle gets proper Dock + signature registration
  • feature Tray icon as proper macOS menubar template — pure black silhouette, auto-tints for light/dark menubars instead of the previous metallic-on-white that read as a white square in dark menubars
  • feature Rounded-square app icon for Dock + Start Menu + Linux launcher + MSI installer — Apple HIG compliant; Wails build regenerates .icns + Windows resource ICO from the new master
  • feature New "M" brand mark across favicons (meshr.to, app.meshr.to, docs.meshr.to), tray icons, in-window header — PNG-embedded SVG to preserve the 3D metallic gradient
  • fix macOS DMG ship — signed + notarized + stapled releases for v0.6.54 through v0.6.57; fixes the "Update failed — DMG 404" stalled auto-update
  • feature Binary-only update fallback when the macOS DMG is missing — patches CLI + daemon in place via per-arch artifacts, atomic rename via sibling .tmp file
  • feature SSH connect gated on mesh-tunnel ready state — SSH icon + "Connect via SSH" CTA disabled with a tooltip while the tunnel is connecting; prevents the "ws dial timeout" confusion on first launch
  • fix WiX MSI build — dropped invalid Return="asyncNoWait" from WixShellExec custom actions; every package:windows-msi job since c700ee4 had been failing with WIX0038
  • fix Windows GitLab build pipeline thawed — pre-committed Wails bindings + -skipbindings flag works around a Windows-runner-only hang in `wails generate`; build:windows green again after months of 1h timeouts

v0.6.52

May 2026
  • feature SSH window status bar — live latency, bytes transferred, and cols×rows pulled from HealthMonitor + WG peer stats every 2s
  • feature STUN endpoint discovery — agent runs a 10-min STUN probe and reports its public WG socket on every heartbeat
  • feature Controlplane stores devices.public_endpoint — Phase 2 prep for direct peer-to-peer routing without dataplane relay
  • improvement Granular SHOW_* feature flags replace the all-or-nothing SHOW_WIP toggle in the SSH window UI

v0.6.51

May 2026
  • security SFTP jail-to-home — every file op now resolves under the SSH user's home dir; /etc/shadow style escapes blocked
  • security Documented Windows SYSTEM-level shell as a known limitation; per-session warning log added until S4U + CreateProcessAsUser fork lands
  • feature Windows ConPTY now prefers pwsh.exe → powershell.exe → cmd.exe so users get tab completion + colour by default
  • feature Live progress on SSH window Upload/Download — 250ms throttled events, "Sending… 47%" button label
  • improvement SFTP session cache per (host, login) — repeat transfers skip the 300-500ms cert-mint round-trip, retry-on-stale handles peer reboots
  • fix WireGuard PersistentKeepalive defaults to 25s when controlplane omits it — defends against silent NAT-mapping death on self-hosted setups
  • improvement SSH window WIP UI hidden behind feature flags (Forward port, Info, More, Split, key fingerprint) until each backing feature lands

v0.6.50

May 2026
  • feature In-app SSH terminal — xterm.js inside the meshr window with tab strip, theme tokens matching the design source, and per-session recording
  • feature SFTP-based Upload / Download buttons in the SSH window via direct mesh dial (port 2022) with cert auth — no controlplane WS proxy hop
  • feature Windows ConPTY support — real interactive shells with line editing, ANSI colour, and resize forwarding (replaces the no-PTY fallback that left typing dead)
  • improvement Settings adds an SSH client picker — "meshr built-in" vs "system terminal" so users on macOS / Linux can keep their existing iTerm / Terminal.app workflow
  • improvement Custom dark window header replaces the white macOS title bar — consistent with the main meshr panel
  • fix apt upgrade over SSH-via-mesh no longer breaks the dpkg session — daemon restart is detached via systemd-run
  • fix SSH session recordings no longer bloated by 0×0 bogus resize events from hidden tabs

v0.6.46

April 2026
  • feature NAT mapping auto-recovery — HealthMonitor pings every 10s, majority-down triggers a full disconnect+connect cycle with 60s cooldown
  • improvement macOS UX polish — menubar absorption, traffic light inset for the new SSH window, BTM database recovery on uninstall
  • fix Windows update path — MSI uninstall hygiene + watchOwnExecutable self-relaunch on binary mtime change

v0.6.45

April 2026
  • feature Wails main window — native desktop panel replaces the tray-only UX; live WG telemetry, Diagnose modal, and in-app update flow
  • feature Mesh-SSH end-to-end — open SSH from the Devices list, runs through the controlplane WS proxy with cert auth, RBAC, and recording
  • feature CGNAT collision detection — refuses to bring up the tunnel when 100.78.0.0/16 conflicts with the host's existing range
  • feature Notification bridge — daemon emits update / connection events to the system notification center
  • fix TUN MTU reduced 1280 → 1200 to fix fragmentation behind certain GPON modems
  • fix NAT-NAT silent-drop fixed by routing all traffic through the relay until per-peer endpoints land in Phase 2
  • fix CLI 401 auto-refresh — `meshr ssh` now transparently refreshes stale access tokens before retrying
  • fix macOS controlplane proxy default switched to api.meshr.to; LAN traffic bypasses the tunnel by default

v0.5.25

April 2026
  • feature macOS DMG installer — drag-to-install, SMAppService daemon registration, notarized + signed
  • feature Signed Windows MSI — ARPNOMODIFY hygiene, Defender quietness via reputation submit, browser sign-in flow
  • feature Browser sign-in — controlplane redirects to a local agent callback so users authenticate in their existing browser session
  • feature In-tray sign-in dialog + log viewer — operators can paste a token or watch live daemon logs from the menubar
  • security Windows IPC named-pipe ACL — only the local user (or admin) can talk to the daemon via the `\\.\pipe\meshr` pipe
  • improvement sshserver shell resolution — picks /etc/passwd login shell first, falls back to /bin/bash → /bin/sh chain
  • fix WiX MajorUpgrade no longer fights ARPNOMODIFY — clean uninstall of older versions before the new one lands

v0.5.10

April 2026
  • feature Uninstall tracking — agent's preremove hook reports UninstalledAt + reason so the dashboard can group permanently-gone devices
  • fix 5-layer DNS chain fix — resolver upstream → systemd-resolved → meshr DNS → fallback chain now consistent across distros

v0.4.2

April 2026
  • feature Windows MSI installer — WiX v5, auto-creates service, PATH, firewall rule
  • feature Windows ARM64 support — native builds for ARM-based Windows devices
  • feature PowerShell install script — irm https://get.meshr.to/install.ps1 | iex
  • feature GDPR cookie consent banner — Accept/Decline with PostHog opt-in/opt-out
  • feature Cookie Policy page — transparent cookie and third-party documentation
  • feature Download redirect API — /download/windows-msi, /download/windows-zip with version auto-detection
  • feature Product Roadmap — public roadmap document with quarterly milestones
  • improvement Windows install page redesigned — dropdown with x64/ARM64 MSI/ZIP options
  • improvement iOS, Android, Docker tabs — "Coming Soon" with notify button
  • improvement CI/CD Windows pipeline — native shell runner, WiX MSI + ZIP packaging
  • improvement R2 publish — all release artifacts uploaded to Cloudflare R2 CDN
  • improvement Docs installation guide — expanded Windows section with MSI + PowerShell methods
  • improvement Footer updated — Cookie Policy link added to Legal section
  • fix Systemd service — removed namespace hardening for ARM kernel compatibility (OrangePi, Rockchip)
  • fix Systemd sleep path — /bin/sleep replaced with PATH-based sleep for cross-distro support
  • fix Windows CI GOPATH — fixed Linux path override on Windows shell runner

v0.4.1

April 2026
  • feature Keycloak identity provider — Google, GitHub, Microsoft social login
  • feature Plan & quota system — Free, Pro, Team, Enterprise tiers with resource limits
  • feature Billing dashboard — plan management, usage tracking, upgrade flow
  • feature pricing.md — single source of truth for pricing across all frontends
  • feature Quota enforcement — HTTP 402 with upgrade prompt on limit exceeded
  • feature Trial management — 30-day free trial for Pro and Team plans
  • feature Audit retention cleanup — automatic per-plan retention policy
  • improvement Login & register pages redesigned — animated mesh background, glassmorphism
  • improvement Marketing site consolidated — 41 pages reduced to 34, duplicates removed
  • improvement CTA standardization — consistent "Get Early Access" across all pages
  • improvement Install script URLs fixed — all pointing to get.meshr.to
  • improvement Sidebar plan badge — shows current plan, trial countdown
  • improvement PostHog analytics — event tracking across marketing, dashboard, and docs
  • improvement CI/CD pipelines — Docker build + DO Registry push + SSH deploy for all services
  • improvement Proxy nginx — resolver-based lazy upstream resolution, independent startup
  • improvement Register form — company name and team size fields for lead qualification
  • improvement URL standardization — APT repo: pkgs.meshr.to, install: get.meshr.to
  • security SSO feature gate — SSO restricted to Team+ plans via quota service
  • fix Keycloak HTTPS requirement disabled for development mode
  • fix Docker deploy — --no-deps flag prevents dependency container conflicts

v0.4.0

March 2026
  • feature HTTP & TCP tunneling — expose local services through the mesh (ngrok-like)
  • feature Internal DNS server — access devices by name (device.meshr)
  • feature Zero Trust Network Access (ZTNA) — policy engine for every connection
  • feature Access Matrix — visual grid of who can access what
  • feature Policy simulator — test access rules before applying
  • feature Tunnel authentication — basic auth, bearer token, or custom headers
  • improvement Bandwidth tracking for tunnels and SSH sessions
  • improvement gRPC mTLS — encrypted agent-controlplane communication
  • security HMAC-signed recording URLs (no tokens exposed in URLs)
  • security Password hashing for tunnel auth (bcrypt + SHA-256)
  • security Security headers middleware (CSP, HSTS, X-Frame-Options)
  • security Rate limiting on authentication endpoints

v0.3.0

March 2026
  • feature Web-based SSH terminal with xterm.js
  • feature SSH session recording (asciicast v2) with encrypted playback
  • feature SSH Certificate Authority — per-organization User CA + Host CA
  • feature JIT privilege elevation with admin approval workflow
  • feature gRPC bidirectional SSH tunnel (controlplane ↔ agent)
  • improvement Terminal resize support (window-change forwarding)
  • improvement WebSocket keep-alive with ping/pong
  • fix SSH session duration tracking for terminated sessions
  • fix SSH cert serial overflow (uint64 compatibility)

v0.2.0

February 2026
  • feature Multi-tenant organization system with role-based access
  • feature Invite system — link-based and SMTP email invitations
  • feature Access Control Policies with direction control (ingress/egress/bidirectional)
  • feature Setup Keys — reusable, usage limits, ephemeral peers
  • feature Groups with user, peer, and resource assignment
  • improvement Architecture split: controlplane + dataplane
  • improvement gRPC migration for agent communication

v0.1.0

January 2026
  • feature SvelteKit dashboard with dark theme
  • feature Peers management with online/offline status
  • feature Network and DNS management pages
  • feature Audit event logging
  • feature Linux packaging (deb/rpm) with systemd service
  • improvement Cross-platform agent builds (Linux AMD64/ARM64, macOS, Windows)

v0.0.1

December 2025
  • feature Initial release — encrypted mesh VPN with relay
  • feature Go agent with CLI and daemon mode
  • feature Docker Compose deployment
  • feature JWT authentication with user management