Releases: trailofbits/algo
Releases ยท trailofbits/algo
Release list
AlgoVPN 2.0.1
A maintenance release focused on Ansible 12 compatibility, cloud provider fixes, and dependency updates.
๐ง Bug Fixes
Ansible 12 Compatibility
- Fixed Ansible 12 boolean type checking (#14834) - Resolved deployments breaking due to stricter boolean handling
- Fixed Ansible 12 double-templating issues (#14836) - Corrected Jinja2 spacing issues causing template failures
- Fixed Ansible 12 compatibility issues (#14840) - General compatibility fixes for the Ansible 12.x series
- Fixed AWS EC2 and Lightsail deployment failures (#14861) - Resolved Ansible 12-specific API issues
- Fixed GCE deployment error (#14860) - Corrected JSON parsing issues with Ansible 12
Cloud Provider Fixes
- Fixed Vultr deployment issues (#14852, #14853) - Resolved regions string conversion bug and startup script JSON serialization
- Fixed Scaleway deployment (#14848) - Replaced broken organization_info module
- Fixed DigitalOcean API error handling (#14830) - Improved debugging for API errors
- Fixed update-users not working (#14859) - Resolved user management failures
Other Fixes
- Added missing ansible.utils collection (#14880) - Fixed 'No filter named ipmath' errors for ansible-core users
- Removed unused dependencies - Cleaned up pyopenssl and boto dependencies
โ ๏ธ Breaking Changes
- Removed Exoscale support (#14841) - CloudStack API has been deprecated by Exoscale
๐ Infrastructure Updates
- Updated Hetzner server type (#14874) - Changed from deprecated cpx11 to cpx22
- Added pre-commit hooks (#14831) - Comprehensive code quality checks
- Switched Dependabot to uv (#14862) - Improved dependency management
- Added Claude Code GitHub Actions (#14873) - Automated issue triage and PR reviews
๐ฆ Dependency Updates
- ansible 11.9.0 โ 12.2.0
- boto3 1.40.3 โ 1.41.5
- azure-identity 1.23.1 โ 1.25.1
- azure-mgmt-compute 35.0.0 โ 37.1.0
- hcloud 2.5.4 โ 2.11.1
- google-auth 2.40.3 โ 2.43.0
- linode-api4 5.33.1 โ 5.38.0
- openstacksdk 4.6.0 โ 4.8.0
- pyyaml 6.0.2 โ 6.0.3
- requests 2.32.4 โ 2.32.5
๐ Full Changelog
Algo VPN 2.0.0
A major release with comprehensive security improvements, performance optimizations, and modernized infrastructure.
๐ Security Enhancements
- Certificate Authority constraints (#14811) - Prevents certificate reuse across deployments with unique CA identifiers
- Refactored PKI management (#14809) - Replaced legacy OpenSSL scripts with Ansible crypto modules for better security and maintainability
- Prevented sensitive information logging (#14779) - Enhanced privacy by removing sensitive data from logs
- Modernized WireGuard key management (#14803) - Improved key generation and handling
- Security-hardened CI/CD (#14769) - Updated GitHub Actions with security best practices
- Jinja2 security update - Updated to ~3.1.6 for CVE-2025-27516 fix
๐ Performance Improvements
- 30-60% faster deployments - Comprehensive performance optimizations throughout the codebase
- Self-bootstrapping Python environment (#14814) - Automatic uv setup for faster, more reliable installations
- Optimized cloud-init templates - Reduced startup time for cloud deployments
- Improved DNS caching - Better performance for DNS queries
๐ Network and Routing Fixes
- Fixed multi-homed system routing (#14826) - Proper output interface specification for servers with multiple IPs
- Fixed iptables NAT rules (#14825) - Resolved VPN traffic routing issues
- IPv6 WireGuard endpoints (#14780) - Added support for IPv6 addresses in WireGuard configurations
- BSD IPv6 improvements (#14786) - Fixed address selection on BSD systems
- DigitalOcean multi-IP handling - Better support for droplets with both public and private IPs
โ๏ธ Cloud Provider Updates
- Vultr API v2 support (#14773) - Updated to latest Vultr API
- AWS Lightsail fixes (#14823) - Resolved boto3 parameter issues
- AWS credentials file support (#14778) - Can now use standard AWS credentials file
- Azure improvements (#14781, #14774) - Fixed requirements path, updated to collection v3.7.0
- DigitalOcean cloud-init (#14801) - Fixed compatibility and deprecation warnings
- Hetzner instance types (#14762) - Switched to globally available types
๐ Documentation Improvements
- New FAQ: Single cipher suite rationale (#14827, closes #231) - Explains security benefits of our cryptographic choices
- New FAQ: Censorship circumvention stance (#14827, closes #230) - Clarifies Algo's focus on privacy vs anonymity
- Windows client guide (#14787) - Comprehensive setup instructions
- Installation requirements (#14790) - Clarified sudo requirements
- Grammar and clarity (#14770) - Improved throughout documentation
๐ง Infrastructure and Testing
- Comprehensive test suite - Added 15+ new test files covering all major components
- Jinja2 expression validation (#14817) - Detects inline comments that break templates
- Stricter linting (#14789) - Enhanced code quality with ansible-lint
- Installation reliability (#14788) - Added timeouts and retry logic
- OpenSSL 3+ compatibility (#14772) - Fixed PKCS#12 mobileconfig generation
๐ฆ Dependency Updates
- Ansible 11.9.0 - Latest stable version
- GitHub Actions - All workflows updated to latest versions
- Python packaging - Modern setup with uv and pyproject.toml
- Removed legacy requirements.txt in favor of lockfile
๐ Bug Fixes
- Ubuntu 22.04 compatibility issues (#14824)
- Server selection in update-user script (#14727)
- SSH tunnel certificate naming (#14771)
- AWS CloudFormation warnings (#14782)
- POSIX shell compliance (#14789)
๐ Breaking Changes
- Python 3.11+ required - Older Python versions no longer supported
- Certificate constraints - CAs now include deployment-specific constraints
- Ansible crypto modules - Legacy OpenSSL command usage removed
๐ฏ Milestone Completion
This release closes the 2.0 milestone with all planned features implemented and tested.
๐ Upgrade Notes
- Existing Algo servers will continue to work but won't benefit from the new features
- To use new features, deploy a fresh Algo server (recommended approach)
- Python environment will self-bootstrap with uv on first run
Algo VPN continues to focus on security through simplicity, providing a personal VPN that "just works" while maintaining the highest security standards.
Special thanks to all contributors who helped make this release possible!