Skip to content

Releases: Rwx-G/DSPanel

v1.1.1

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 04 May 21:35
fca83b5

DSPanel v1.1.1

Release date : 2026-05-04
Type : Patch release (semver [1.1.0..1.1.1])
Compare : v1.1.0...v1.1.1

Highlights

A single user-visible regression is fixed in this patch : helper popovers introduced across the recent 1.x releases now follow the active DSPanel theme instead of being rendered as the OS-native tooltip (white-on-black).

Fixed

  • Helper popovers ignored the active theme. Many title= helpers were rendered by the user agent (white-on-black) and bypassed DSPanel's theme tokens. Migrated every native HTML title= occurrence to wrap the element in a new themed <Tooltip> component (31 sites across 33 source files). Component-prop title= on EmptyState, ExportToolbar, DialogShell, HygieneSection, ConfirmationDialog, DashboardCard, and PropertyRow stays as-is. Two redundant cases were dropped along the way : the Sidebar collapsed-mode title= was duplicating an existing themed sibling popover, and the AuditLog sort-toggle title= was duplicating the visible button label.

Added

  • Themed <Tooltip> and <InfoTooltip> shared components (src/components/common/Tooltip.tsx). The replacement for native HTML title= : floating card rendered through a portal so it escapes overflow ancestors (table cells, scroll containers), viewport-aware positioning that flips above when the bottom does not fit, and theme tokens (--color-surface-card, --color-border-default, --color-text-primary) so the popover follows the active theme. Tooltip wraps any element on hover or focus ; InfoTooltip exposes the HygieneSection "i" icon + click-to-open popover pattern as a reusable component for richer helper text. 12 vitest cases plus Storybook stories.

Not affected

  • No backend / Rust API changes.
  • No Tauri capability or allowlist change.
  • No Cargo dependency changes (Cargo.lock untouched apart from the dspanel package version).
  • No i18n key change.
  • No data model change. Cache and storage formats unchanged.

Upgrade path

Drop-in replacement. No migration steps. Existing settings, presets, and audit chain are preserved.

Test counts

  • Backend : 1733/1733 (1688 lib + 45 binary integration).
  • Frontend : 2221/2221 (144 files).

Known issues carried over

  • Multi-domain forest is not yet supported. Browse and search operate against a single AD partition (defaultNamingContext of the bound DC). Two related symptoms in multi-domain forests :

    • When DSPanel is launched as a "read-only" user from a child domain, the user list of the current domain may appear empty.
    • When DSPanel is launched as a "domain admin" from the root domain, child-domain objects are not browsed.

    Both are facets of the same single-partition assumption. Tracked for v1.2.0 / Epic 15 "Forest-aware directory access" (partition enumeration via CN=Partitions,CN=Configuration,... plus per-domain connection routing for reads and writes).

  • Security Audit workflow on main is currently red because of RUSTSEC-2026-0118 and RUSTSEC-2026-0119 (both on hickory-proto 0.25.2, advisories published 2026-05-01, four days after the 1.1.0 tag). Fix is an out-of-band patch independent of this release : cargo update -p hickory-proto --precise 0.26.1 for RUSTSEC-2026-0119, ignore with documented rationale for RUSTSEC-2026-0118 until a fixed upstream is available.

Verifying the build

# From the repo root
pnpm install --frozen-lockfile
pnpm tauri build

Expected output : a single native binary (~10 MB) under src-tauri/target/release/bundle/<installer-format>/ matching the host OS (*.msi on Windows, *.dmg on macOS, *.AppImage / *.deb on Linux).

v1.1.0

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 26 Apr 22:57
42256aa

DSPanel 1.1.0 - Security-Aware Admin

Release date: 2026-04-27

Highlights

DSPanel 1.1.0 turns the directory tool into a security-aware admin panel. Active Directory misconfigurations are now flagged inline at the moment you look at a user or computer, and the three most common findings ship with safe, audited 1-click remediations. This is the differentiator from read-only audit tools (PingCastle, BloodHound CE): detection plus in-place fix.

The release also lands a structural AuditSeverity field on every audit entry so SOC consumers can filter by severity instead of grepping action-name strings, a popover metadata enrichment in the lookup pages, and the security patches collected during the cycle.

What's new

Per-object security indicators

Eight new badges render inline on UserDetail / ComputerDetail next to the existing health badges:

  • User-side - Kerberoastable, PasswordNotRequired, PasswordNeverExpires, ReversibleEncryption, AsRepRoastable
  • Computer-side - UnconstrainedDelegation, ConstrainedDelegation, Rbcd

Severity automatically escalates from Warning to Critical for Kerberoastable and PasswordNeverExpires when the account is also AdminSDHolder-protected (adminCount=1).

The user / computer lookup pages render a compact aggregate shield dot per row, with a hover popover that lists every detected indicator. The popover now includes inline metadata: ConstrainedDelegation rows show the first 3 target SPNs, Rbcd rows show the first 3 allowed-principal SIDs, with a +N more truncation suffix when the list overflows. You no longer have to open the detail page just to see what a delegation is configured for.

Security indicator dot popover showing inline SPN metadata

Quick-fix actions

Three new 1-click remediations, each gated by permission level + MFA + an explicit operator acknowledgement dialog:

Action Permission What it does
Clear PASSWD_NOTREQD AccountOperator Clears the userAccountControl PASSWORD_NOT_REQUIRED bit (0x0020) on a user. The account will then be subject to the domain password policy at the next change.
Manage SPNs AccountOperator Removes selected servicePrincipalName values from a user. System SPNs (HOST/, ldap/, krbtgt/, etc., 12 prefixes) are protected even from Admin and shown read-only in the dialog. The system-SPN guard is enforced both client-side (UX) and server-side (defense in depth).
Disable Unconstrained Delegation Admin Clears the userAccountControl TRUSTED_FOR_DELEGATION bit (0x80000) on a computer. Higher permission bar than the user-side fixes because Kerberos double-hop services (SQL Server linked servers, IIS impersonation, SharePoint with Kerberos delegation) WILL break if the host needed unconstrained delegation - the dialog body explains this and recommends migrating to constrained delegation via msDS-AllowedToDelegateTo.

Every quick-fix captures an object snapshot before the LDAP write (rollback ready), records an audit entry on success or failure, and short-circuits cleanly on idempotent invocations (target bit already clear -> no snapshot, no audit, no LDAP traffic).

Structural AuditSeverity field

AuditEntry gains a typed severity field (Info / Warning / Critical) with matching log_success_with_severity / log_failure_with_severity methods on AuditService. Story 14.6 (disable_unconstrained_delegation) is the first consumer and emits both success and failure entries as Critical, so SOC dashboards can filter on severity instead of maintaining a per-action allowlist.

The change is migration-safe:

  • SQLite gains a severity TEXT NOT NULL DEFAULT 'info' column via auto-ALTER TABLE. Existing rows surface as Info.
  • Severity is intentionally excluded from the SHA-256 hash chain so the upgrade does not invalidate any existing chain. The chain protects audit truth (operator / action / target / result); severity is a SOC categorisation hint that may be re-tagged later without rewriting history.
  • log_success / log_failure keep their pre-1.1.0 signatures and produce Info entries.

Syslog forwarder

The RFC 5424 forwarder now maps AuditSeverity to the priority byte (Critical = 2, Warning = 4, Info = 6 success / 4 failure) and emits the value in the structured-data field. Existing UDP / TCP collectors keep parsing the same shape; SIEM rules that classify on priority should be updated to recognise priority 2 for Critical events.

Breaking changes

None. The release is a strict superset:

  • AuditEntry JSON adds an optional severity field. Consumers that don't set serde(default) should add a fallback to "info".
  • Syslog priority for Story 14.6 events shifts from 6/4 (info/warning) to 2 (critical). Update SIEM thresholds if relevant.
  • Frontend AuditEntry interface gains severity?: "info" | "warning" | "critical". Consumers that treat the type as exhaustive should add the field.

Internal improvements

  • AcknowledgeQuickFixDialog shared React component encapsulates the Story 14.4 + 14.6 dialog shape, with a documented 8-key i18n contract.
  • Snapshot-on-no-op optimization for Stories 14.4 + 14.6 via the new DirectoryProvider::get_user_account_control trait method.
  • tooltipParamsFor factored to src/types/securityIndicators.ts so SecurityIndicatorDot and ComputerDetail share one mapping.
  • 2 new CI policy checks (Linux runners): SPN-list parity (Rust <-> TS) and audit-action-name uniqueness with explicit allowlist.
  • Per-test mockPermissionLevel(level) helper replacing 10 ad-hoc vi.spyOn sites.

Security

  • Pin rustls-webpki >= 0.103.13 via Cargo.lock to patch RUSTSEC-2026-0098 / 0099 / 0104 (transitive through tonic / tauri).
  • Bump vite 7.3.1 -> 8.0.10, @vitejs/plugin-react 5.2.0 -> 6.0.1, typescript 5.9.3 -> 6.0.3 (with typescript-eslint -> 8.59.0) to clear 4 NPM advisories.
  • Add pnpm overrides for postcss<8.5.12 and @joshwooding/vite-plugin-react-docgen-typescript<0.7.0.

Compatibility

  • Windows 10/11, macOS 12+, Linux (x64) - same matrix as 1.0.x.
  • Active Directory: any DC version that exposes userAccountControl, servicePrincipalName, msDS-AllowedToDelegateTo, msDS-AllowedToActOnBehalfOfOtherIdentity, and nTSecurityDescriptor. All Microsoft AD versions support these; Samba 4 and OpenLDAP appliances also support them.
  • Existing 1.0.x audit DB upgraded automatically at first launch.

Stats

  • 8 new security indicator detectors
  • 3 new quick-fix Tauri commands
  • 1 new DirectoryProvider trait method (get_user_account_control)
  • 1 new SQLite column (audit_entries.severity, auto-migrated)
  • 1733 backend tests (1688 lib + 45 binary integration), 2209 frontend tests
  • 5 languages translated end to end (en / fr / de / it / es), 1780 i18n keys
  • 13 QA follow-up items resolved on the same branch
  • 66 commits, +19,064 / -361 lines across 85 files

Documentation

Acknowledgements

Author: Romain G.

Thanks to everyone who reported issues against 1.0.5 and the early adopters who exercised the Quick-Fix workflows in lab environments before the release.

v1.0.5

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 26 Apr 11:16
09d9bf6

DSPanel v1.0.5 - Audit-driven robustness pass

A focused robustness release closing 13 of 14 findings from a functional code audit comparing DSPanel against BloodHound CE and Adalanche. No new features, no breaking changes - the goal is to make existing functionality survive non-default Active Directory configurations: non-admin operators, multi-forest deployments, large domains, Read-Only DCs, hardened DCs requiring channel binding, and non-Microsoft LDAP backends.

What's new

Active Directory works for non-admin operators. Reads of nTSecurityDescriptor now include the SD_FLAGS LDAP control so the "User Cannot Change Password" check no longer returns a false negative for HelpDesk and Account Operator accounts that lack SeSecurityPrivilege.

Browse lists never lie about completeness. When the LDAP server hits its sizeLimitExceeded cap or DSPanel's own browse cap is reached with more pages available, the User, Computer, Group, Contact and Printer lookup pages render a yellow warning banner explaining that the list is partial. Previously the partial list was indistinguishable from a complete one - operators on large domains could conclude "the user does not exist" while the directory was just past the cap.

Multi-forest environments are visible. Members coming from trusted external domains (stored as Foreign Security Principals in AD) used to render as raw S-1-5-21-... SID strings in group member lists. They now carry a Foreign badge with the full SID on hover, so operators immediately understand they are looking at a cross-forest principal that DSPanel cannot resolve to a name.

Read-Only Domain Controllers are detected. When DSPanel binds against an RODC (typical for branch-office deployments where the LOGONSERVER resolution lands on a local read-only replica), the dashboard renders a warning banner explaining that write operations - password resets, group membership changes, account modifications - will be referred to a writable DC if available, otherwise rejected. No more silent write failures.

AdminSDHolder-protected accounts are visible. Domain Admins, Enterprise Admins and other accounts with adminCount=1 now show a Protected badge on the user detail page. A tooltip explains that AD's SDProp process runs every ~60 minutes and will overwrite any DACL change with the AdminSDHolder template - so operators no longer wonder why their DACL change "disappeared".

Non-Microsoft directories work better. When the LDAP server rejects LDAP_MATCHING_RULE_IN_CHAIN (used by DSPanel to resolve nested group memberships in a single query), the client now falls back to a breadth-first walk of memberOf rather than failing the request. Affects Samba 4 deployments below 4.5 and certain LDAP appliances that emulate AD without the Microsoft-specific matching rule.

Hardened DCs that enforce channel binding now produce a clear diagnostic. DSPanel writes an explicit log line at INFO with channel_binding = "tls-server-end-point" when GSSAPI is bound over TLS, and a WARN with an "enable TLS" hint when GSSAPI is attempted on plain port 389. If the DC rejects the bind with SEC_E_BAD_BINDINGS (0x80090346), the new channel_binding_required error classification surfaces a localized hint on the dashboard explaining that LDAP channel binding enforcement (Microsoft hardening recommendation post-ADV190023) requires TLS.

Account creation no longer leaves half-created users behind. If the password reset or account enable step that follows create_user fails (typically because the chosen password does not match the AD password policy), the user object is now deleted automatically and the original error is propagated. No more orphan disabled accounts to clean up manually.

Syslog forwarding can use TCP. The remote syslog forwarder gains an opt-in TCP transport (RFC 6587 octet-counting framing) for SIEM integrations that need delivery guarantees. Default remains UDP for backward compatibility. TCP send failures surface at WARN level so a SIEM gap is observable rather than silent.

CN extraction handles escaped commas. The DN parser used to match permission-mapping group names is now RFC 4514 compliant. Previously an escaped comma in a CN (CN=Doe\, John,OU=Users) would silently misidentify the group; now matches correctly.

Translation completeness

All new UI strings (truncation banner, foreign badge, RODC banner, AdminSDHolder protection tooltip, channel binding hint) ship with English, French, German, Spanish and Italian translations.

Upgrade notes

Drop-in replacement. No configuration change required.

If you were collecting syslog audit entries via UDP, the existing setup keeps working unchanged. To switch to TCP, set transport: "tcp" in your syslog settings JSON; the corresponding port on your syslog daemon must accept TCP framing per RFC 6587 (rsyslog imtcp, syslog-ng tcp(), Splunk HEC syslog input, Datadog Agent).

If you were relying on the services::dpapi::protect / unprotect symbols outside Windows, that path is now a compile error. The functions were a misleading base64 fallback (no actual encryption); the only legitimate caller already routes through the OS keyring on non-Windows.

Also in this release

A follow-up audit comparing DSPanel against BloodHound CE and Adalanche identified one additional gap that is not addressed here: a "Security Posture" module enumerating dangerous DACL rights (DCSync replication, GMSA password readers, Shadow Credential writers, LAPS password readers). It is intentionally deferred because it represents a 2-3 week project requiring a generic DACL parser rather than a defensive patch. We will scope a possible 1.1.0 separately on whether DSPanel should ship this functionality natively or rely on dedicated security tools (BloodHound, Adalanche) running alongside.

Full changelog

See CHANGELOG.md.


Author: Romain G.
License: Apache-2.0

v1.0.4

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 26 Apr 09:17
31fcaec

DSPanel v1.0.4 - Multi-level domains and discoverable logs

A targeted patch release fixing two field-blocking issues uncovered while deploying 1.0.3 against a production-shaped Active Directory.

What's new

Active Directory connections work on multi-level domain names. 1.0.3 and earlier failed to bind via Kerberos when the AD domain had three or more DNS labels (e.g. INFORMADIS.LECLERC.DMI, common in larger and acquired environments). The dashboard would show Disconnected with the localized hint unknown_principal. The DC FQDN is now resolved via DNS SRV in every case rather than being short-circuited by a flawed dot-count heuristic, so the SPN sent to the DC matches the one that is actually registered and the bind succeeds.

Logs go to a discoverable, OS-standard location after install. Previously, the location depended on whatever working directory the Windows shortcut inherited from the installer, which often meant they ended up in Downloads/. From this release on, logs are written to:

  • Windows: %LOCALAPPDATA%\DSPanel\logs\ (e.g. C:\Users\<you>\AppData\Local\DSPanel\logs\)
  • macOS: ~/Library/Logs/DSPanel/
  • Linux: ~/.local/state/DSPanel/logs/ (or $XDG_STATE_HOME/DSPanel/logs/)

The resolved path is also printed to stderr at startup so it shows up in the parent terminal when DSPanel is launched from one.

Upgrade notes

Drop-in replacement. No configuration change required.

If you were collecting logs from the previous (Downloads/) location for a SIEM or support workflow, update your collector path to the new OS-standard location.

Also in this release

A follow-up internal audit comparing DSPanel against the LDAP/AD layers of BloodHound CE and Adalanche surfaced several robustness gaps (notably the SD_FLAGS LDAP control on security descriptor reads, a missing fallback when the server does not support LDAP_MATCHING_RULE_IN_CHAIN, and silent truncation when a search hits the server-side size limit). Those gaps will be addressed in 1.0.5. They are non-regression items that do not affect the typical happy-path connection covered here.

Full changelog

See CHANGELOG.md.


Author: Romain G.
License: Apache-2.0

v1.0.3

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 23 Apr 21:19
008ab4f

DSPanel v1.0.3 - Kerberos diagnostics on the dashboard

This release makes failed Active Directory connections diagnosable without reading the log. When the dashboard card shows Disconnected, it now tells you why in a single localized sentence. On non-English Windows (French, German, Italian, Spanish) the cause is still identified thanks to cross-language matching of Microsoft's localized SSPI error messages.

What's new

Dashboard tells you the cause. Disconnected now comes with a short hint pointing at the real failure: clock skew with the DC, missing Kerberos ticket, DNS SRV lookup failure, LDAP signing requirement, TLS handshake, credentials refused, network unreachable, or workstation not domain-joined. A matching raw error chain is written to the application log at ERROR level so support can see the full SSPI message.

Operator-friendly default logs. GSSAPI bind diagnostics (resolved DC FQDN, computed ldap/<fqdn> SPN, LOGONSERVER) are now emitted at INFO level. You no longer need RUST_LOG=debug to see which server DSPanel tried to authenticate against and with what SPN.

Works on localized Windows. cross-krb5 surfaces SSPI errors in the OS UI language. The classifier now matches Microsoft's French / German / Italian / Spanish translations on top of English, so operators on fr-FR, de-DE, it-IT, es-ES workstations get the same precise hint as on en-US.

Upgrade notes

Drop-in replacement - no configuration or schema change. Existing simple-bind deployments keep their behavior; the new hint only appears when the connection actually fails.

The frontend gains one small IPC field (connection_error on DomainInfo), omitted from the JSON payload when the connection is healthy, so third-party integrations that read this command stay compatible.

Also in this release

  • CI fixes for Rust 1.95 clippy lints promoted to errors (unnecessary_sort_by, collapsible_match)
  • Account health tests now use timestamps relative to Utc::now() so the suite does not drift into false warnings over time

Full changelog

See CHANGELOG.md.


Author: Rwx-G.
License: Apache-2.0

v1.0.2

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 29 Mar 08:52
e432d6e

Security-focused release following a comprehensive audit (Semgrep static analysis, cargo-audit, npm audit, supply chain risk assessment).

Security

  • Use OS keychain (macOS Keychain / Linux Secret Service) for MFA secret storage on non-Windows platforms instead of unencrypted base64 file
  • Add SHA-256 hash chain to audit log entries for tamper detection
  • Add remote syslog forwarding (RFC 5424 UDP) for audit entries with configurable host/port
  • Add verify_audit_chain IPC command (DomainAdmin) to verify audit log integrity
  • Replace base32 crate with data-encoding (higher maintainer bus factor, actively maintained)
  • Add cargo audit + pnpm audit CI workflow (weekly schedule + on every PR)
  • Fix vulnerable npm transitive dependencies (flatted, picomatch, brace-expansion)
  • Replace std::env::temp_dir() with tempfile::tempdir() in tests to prevent symlink race conditions
  • Add weekly dependency health check for critical single-maintainer crates (ldap3, qrcode)
  • Enforce pnpm install --frozen-lockfile in all CI workflows to prevent dependency drift
  • Upgrade printpdf 0.3 to 0.9 to resolve 4 unmaintained transitive dependency warnings
  • Migrate LDAP TLS from native-tls (platform-specific) to rustls (pure Rust, audited, memory-safe)
  • Lower infrastructure, security monitoring, and recycle bin pages from DomainAdmin to Admin permission level
  • Fix frontend/backend permission mismatch in GroupHygiene and BulkOperations
  • Filter sidebar navigation based on user permission level (hide inaccessible pages)

See the https://github.com/Rwx-G/DSPanel/blob/main/CHANGELOG.md for full details.

v1.0.1

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 27 Mar 17:00
628000c

What's Changed

  • fix: Kerberos GSSAPI, snapshot completeness, wevtutil attack detection (v1.0.1) by @Romain-Grosos in #19

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Choose a tag to compare

@Romain-Grosos Romain-Grosos released this 27 Mar 09:20
cf46320

DSPanel v1.0.0

The first stable release of DSPanel - an open source, cross-platform Active Directory administration tool.

Highlights

5 languages - Full localization in English, French, German, Italian, and Spanish (1709 translation keys). Runtime language switching in Settings.

Login prompt - Password can now be entered at startup instead of being stored in environment variables. Set DSPANEL_LDAP_SERVER and DSPANEL_LDAP_BIND_DN, and DSPanel will prompt for the password.

Security hardening - MFA bypass fix, TOTP replay protection, zeroized secrets in memory, permission re-detection before every critical write.

What's in the box

DSPanel v1.0.0 ships with 32 pages covering the full AD support chain:

Category Features
Directory User/Computer Lookup, User Comparison, Group Management, Group Hygiene, Bulk Operations, Contact & Printer Management, NTFS Permissions Audit
Workflows Onboarding/Offboarding Wizards, Preset Management, Automated Cleanup, AD Recycle Bin, Move Objects
Infrastructure DC Health (7 checks), Replication Monitoring, DNS & Kerberos Validation, AD Topology, GPO Viewer, Workstation Monitoring
Security Privileged Accounts Audit (12 checks), Domain Risk Score (9 factors, ~70 checks), Attack Detection (14 types, MITRE ATT&CK), Escalation Paths, Compliance Reports (9 frameworks), MFA Gate, Audit Trail
Exchange On-prem (LDAP) and Online (Graph API) mailbox diagnostics

New in v1.0.0

Added

  • i18n: 5 languages with 37 namespaces, locale-aware formatting, bidirectional completeness tests
  • Login prompt when password is not in environment variables
  • Startup splash screen (theme-aware)
  • Remote DC event log access with simple bind credentials
  • DC FQDN resolution from rootDSE dnsHostName
  • Risk score weight and attack detection threshold configuration in Settings
  • Snapshot history export (CSV/Excel/PDF/HTML)
  • Replication status enriched with USN, transport, and replica flags

Security

  • DomainAdmin permission check on purge_audit_entries
  • MFA bypass fix: IPC errors now deny access
  • zeroize crate for LDAP passwords and TOTP secrets
  • TOTP replay protection (60-second code reuse cache)
  • Audit writes are now backend-internal only

Fixed

  • Language persistence (was calling non-existent Tauri command)
  • Audit operator showing Windows username instead of AD identity in simple bind
  • Cleanup tests writing to production audit.db
  • Sidebar key mismatch for Bulk Operations
  • Tab titles hardcoded in English across 6 pages
  • Recycle bin date format (was raw LDAP generalized time)

Downloads

Platform File Size
Windows (installer) DSPanel_1.0.0_x64-setup.exe ~7 MB
Windows (MSI) DSPanel_1.0.0_x64_en-US.msi ~10 MB
macOS DSPanel_1.0.0_aarch64.dmg -
Linux DSPanel_1.0.0_amd64.deb / .AppImage -

Requirements

  • Windows 10/11, macOS 12+, or Linux (x64)
  • Network access to an Active Directory domain
  • (Optional) Azure AD App Registration for Exchange Online

Test coverage

  • 2089 frontend tests (87% line coverage)
  • 1520 Rust unit tests (82% line coverage)
  • 45 AD integration tests (validated manually, not in CI)

See the full CHANGELOG for details.