v0.6.0

New

• nanopush: new default APNs push provider: #78
• authproxy: MDM device identity authenticated HTTP requests: #80
  • Useful for Authentication: MDM type DDM asset HTTP requests.
• The -dsn command-line flag changed to -storage-dsn. The old switch should also still work: 67ef453 (also reported in #82, #84)
• Show expiration of APNs cert when uploading to web API: #79
  • In output JSON: "not_after": "2024-08-24T13:36:21Z"
• cmdr.py: command aliases for DeviceInformation command: 2142a7e
  • Can now just ./tools/cmdr.py DevInfo
• API: Add fallback certificate verifier and make verifiers context aware: #85
• API: Can now optionize logging of Mdm-Signature header check: #87

Fixed

• Fix HTTP body closing in webhook and likely more reliable body closing in DM handler: 3abd0dc
• Fix missing error return in MySQL deleter: 6d0d00b
• Remove PayloadScope=System from example enrollment profile: fa78f29
  • This effectively prevented macOS "MDM user" enrollment since Big Sur. See micromdm/micromdm#766.

Other

• Added bootstrap token to example enrollment profile: 7bb79f5
• Project dependency updates:
  • mysql: eabb9d3
  • pq: 07bc790
  • Switch to smallstep/pkcs7 from Mozilla's PKCS#7 library: #88
  • x/net: d21a6da
• GH action dependabot updates: 900349b, 84b7273, 50812de, c4ff9c9
• GH actions redux incl. Docker image building: 6ffb836
  • See project README for links to new Docker images
• Misc documentation improvements: 9c61dcd, 7e831f8, 0629095

v0.5.0

Thank you to our contributors for this release: @4e554c4c and @lucasmrod!

New

• Specify an intermediate certificate for validating MDM client certificates: 0ca17b4, a261f08
  • Use the new -intermediate flag

Fixed

• Prevent deadlock during command deletion in MySQL storage backend: #61
• Guard against an empty certificate in signature checker: 91f26b5
• No longer error when clients request a Bootstrap token they have not yet set: #63

Other

• SQL schema is now an exported Go constant: #55
• Added MySQL GH actions/CI for automated testing: #58
• Dependabot monthly checking: 17ddb0a
• Dependency updates: 71a6f62, #68, #69
• Remove SQL VIEW from MySQL backend: #59
  • See also this discussion for more.
• Minor refactor: ff8b7af

v0.4.0

Thank you to our contributors for this release: @sheshenia and @4e554c4c.

New Features/Capabilities

• PostgreSQL storage backend! #51
  • See the Operations Guide section on the pgsql storage backend
  • See the schema.sql file to setup your database.
• Logging updates:
  • Source code filename and line logging now included and the log timestamp is part of the logfmt: 5db6e34
  • Plist parsing errors are now specially handled to log the problematic plist: #54

Bug fixes

• Guard potential nil enrollment metadata: 6772a99

Other

• Documentation fixes/improvements: ea9ff80, 560ced9
• Better handle DDM URL concatenation: 3368d22
• Trace ID callback signature now passes in the request: 92c977e, 773ad3b

v0.3.0

NOTE: This release has MySQL storage backend schema changes. Please apply the schema.00008.sql file if you have an existing MySQL backend installation.

Thank you to our contributors for this release: @daemonsy, @leojh, @zwass, @chilcote, @discentem, @steviec.

New Features/Capabilities

• Declarative Device Management (DDM) "proxy." Use the -dm switch to extract and forward the Declarative Management protocol Endpoints to a specialized HTTP server. Check out last year's blog post about DDM for more info: #24
• Context (trace) logging: allows consistent logging of an MDM request through NanoMDM's components: #39, b1d46ad
• cmdr.py: Added ScheduleOSUpdate, ScheduleOSUpdateScan, AccountConfiguration, Settings, DeviceLock, EraseDevice commands: #37, #38, 6c4be9a, 6457764, #46, 46dc2e1, 2fb9eee
• MySQL backend now keeps track of the "last seen" timestamp for an enrollment: #42
• MySQL backend can now delete commands that have been responded to. Use the -storage-options delete=1 switch: #48.

Bug fixes

• Fix for ber2der error by updating pkcs7 library: #32
• Fix certificate signature verifier (not used by default) PEM loading: 0f72a64
• Update cmdr.py for Python compatibility: fbe081c
• Do not allow encrypted private keys to be uploaded to APNs push cert endpoint /v1/pushcert: 79dd081, 1796922
• Fix variable shadow bug in /v1/pushcert endpoint: 3faeabe

Other

• Added tests for the certauth service middle package: 60d4fc8
• Documentation fixes/improvements: #34, #35, #36, #45, #47, 68cbc1c, 5a0a160
• Updated plist library: e4210b8
• Various refactoring: 6463c28, fb69bf2, c1f8530, adc65ef, 3713821, a7654ff, 105d0df, ca03a50, 28f0e62, ca2dcc8, 2e67ef6
• Logging improvements to API endpoints: 2a46dfd, 014aec3, 9448647
• Use x_forwarded_for logger key instead of real_ip: 80a07d3
• Added tests for MySQL storage backend: cbda10f, 56c9b7e
• Push and enqueue API endpoints now respond with 200, 207, or 500 HTTP status: 1ce7077
• Changed release zip files to include both binaries and support files: 0d25a8d
• Move to go 1.17.x in actions: 35c54a6

v0.2.0

NOTE: This release has MySQL storage backend schema changes. Please apply the schema.00001.sql through schema.00007.sql files if you have a previous installation.

Thank you to our contributors for this release: @gmarnin, @daemonsy, @w0de, @leojh

New Features/Capabilities

• Added enrollment migration nano2nano tools: ability to migrate between NanoMDM storage backends: f99f83a
• Added new signature (only) certificate verifier (not enabled by default): fb68ac0
• Bootstrap Token support: #15
• Support basic UserAuthenticate enrollment: #8, 4a54502, 4d5561f
• TokenUpdate "tally": a simple counter for TokenUpdates per enrollment. Allows seeing which TokenUpdates are the first (and thus enroll-time) and is propagated to the webhook: #16
• Added Storage backend tests: af61878
• Support HTTP parameter pass-through to webhook: #17
• Better tracking of NotNow responses in MySQL backend: #13

Bug fixes

• Fixes to MySQL schema #22, #23, #25
• Use larger column type for commands and responses in MySQL storage backend: #26, 419b2ef
• Log server shutdown (previously silently ignoring): 5fe88c6
• Fix push expiration handling: f46dad5

Other

• Added Dockerfile (and Makefile support for Docker) 86b6188, 795cfc5
• -mdm switch is now called -disable-mdm 795cfc5
• Documentation fixes/improvements #19, #21, 8b4c39f, 7b0214d, 5d3d46b, 9516060, #28, #29
• Created GitHib actions: #9, 78a8930
• Added the NanoMDM Operations Guide: 71c41cf
• Various refactoring: 032aae1, 3c9a161, c03b3b8, d16aa2a, 84cf636, a841235, a9d0462, 3907f14, 970c5b3, 513d43e, 1406f5c, cb51bf0, 65fb96a
• More efficient multi-command targeting in MySQL storage backend: 52dd9ae
• Added OpenAPI docs: c4b8ada, 66ccbce
• Update to newer PKCS#7 dependency: 9b0010e

v0.1.0

Initial release.