Releases: Rwx-G/DSPanel
Release list
v1.1.1
DSPanel v1.1.1
Release date : 2026-05-04
Type : Patch release (semver [1.1.0..1.1.1])
Compare : v1.1.0...v1.1.1
Highlights
A single user-visible regression is fixed in this patch : helper popovers introduced across the recent 1.x releases now follow the active DSPanel theme instead of being rendered as the OS-native tooltip (white-on-black).
Fixed
- Helper popovers ignored the active theme. Many
title=helpers were rendered by the user agent (white-on-black) and bypassed DSPanel's theme tokens. Migrated every native HTMLtitle=occurrence to wrap the element in a new themed<Tooltip>component (31 sites across 33 source files). Component-proptitle=onEmptyState,ExportToolbar,DialogShell,HygieneSection,ConfirmationDialog,DashboardCard, andPropertyRowstays as-is. Two redundant cases were dropped along the way : theSidebarcollapsed-modetitle=was duplicating an existing themed sibling popover, and theAuditLogsort-toggletitle=was duplicating the visible button label.
Added
- Themed
<Tooltip>and<InfoTooltip>shared components (src/components/common/Tooltip.tsx). The replacement for native HTMLtitle=: floating card rendered through a portal so it escapes overflow ancestors (table cells, scroll containers), viewport-aware positioning that flips above when the bottom does not fit, and theme tokens (--color-surface-card,--color-border-default,--color-text-primary) so the popover follows the active theme.Tooltipwraps any element on hover or focus ;InfoTooltipexposes theHygieneSection"i" icon + click-to-open popover pattern as a reusable component for richer helper text. 12 vitest cases plus Storybook stories.
Not affected
- No backend / Rust API changes.
- No Tauri capability or allowlist change.
- No Cargo dependency changes (Cargo.lock untouched apart from the
dspanelpackage version). - No i18n key change.
- No data model change. Cache and storage formats unchanged.
Upgrade path
Drop-in replacement. No migration steps. Existing settings, presets, and audit chain are preserved.
Test counts
- Backend : 1733/1733 (1688 lib + 45 binary integration).
- Frontend : 2221/2221 (144 files).
Known issues carried over
-
Multi-domain forest is not yet supported. Browse and search operate against a single AD partition (
defaultNamingContextof the bound DC). Two related symptoms in multi-domain forests :- When DSPanel is launched as a "read-only" user from a child domain, the user list of the current domain may appear empty.
- When DSPanel is launched as a "domain admin" from the root domain, child-domain objects are not browsed.
Both are facets of the same single-partition assumption. Tracked for v1.2.0 / Epic 15 "Forest-aware directory access" (partition enumeration via
CN=Partitions,CN=Configuration,...plus per-domain connection routing for reads and writes). -
Security Auditworkflow onmainis currently red because ofRUSTSEC-2026-0118andRUSTSEC-2026-0119(both onhickory-proto 0.25.2, advisories published 2026-05-01, four days after the 1.1.0 tag). Fix is an out-of-band patch independent of this release :cargo update -p hickory-proto --precise 0.26.1forRUSTSEC-2026-0119, ignore with documented rationale forRUSTSEC-2026-0118until a fixed upstream is available.
Verifying the build
# From the repo root
pnpm install --frozen-lockfile
pnpm tauri buildExpected output : a single native binary (~10 MB) under src-tauri/target/release/bundle/<installer-format>/ matching the host OS (*.msi on Windows, *.dmg on macOS, *.AppImage / *.deb on Linux).
v1.1.0
DSPanel 1.1.0 - Security-Aware Admin
Release date: 2026-04-27
Highlights
DSPanel 1.1.0 turns the directory tool into a security-aware admin panel. Active Directory misconfigurations are now flagged inline at the moment you look at a user or computer, and the three most common findings ship with safe, audited 1-click remediations. This is the differentiator from read-only audit tools (PingCastle, BloodHound CE): detection plus in-place fix.
The release also lands a structural AuditSeverity field on every audit entry so SOC consumers can filter by severity instead of grepping action-name strings, a popover metadata enrichment in the lookup pages, and the security patches collected during the cycle.
What's new
Per-object security indicators
Eight new badges render inline on UserDetail / ComputerDetail next to the existing health badges:
- User-side -
Kerberoastable,PasswordNotRequired,PasswordNeverExpires,ReversibleEncryption,AsRepRoastable - Computer-side -
UnconstrainedDelegation,ConstrainedDelegation,Rbcd
Severity automatically escalates from Warning to Critical for Kerberoastable and PasswordNeverExpires when the account is also AdminSDHolder-protected (adminCount=1).
The user / computer lookup pages render a compact aggregate shield dot per row, with a hover popover that lists every detected indicator. The popover now includes inline metadata: ConstrainedDelegation rows show the first 3 target SPNs, Rbcd rows show the first 3 allowed-principal SIDs, with a +N more truncation suffix when the list overflows. You no longer have to open the detail page just to see what a delegation is configured for.
Quick-fix actions
Three new 1-click remediations, each gated by permission level + MFA + an explicit operator acknowledgement dialog:
| Action | Permission | What it does |
|---|---|---|
| Clear PASSWD_NOTREQD | AccountOperator | Clears the userAccountControl PASSWORD_NOT_REQUIRED bit (0x0020) on a user. The account will then be subject to the domain password policy at the next change. |
| Manage SPNs | AccountOperator | Removes selected servicePrincipalName values from a user. System SPNs (HOST/, ldap/, krbtgt/, etc., 12 prefixes) are protected even from Admin and shown read-only in the dialog. The system-SPN guard is enforced both client-side (UX) and server-side (defense in depth). |
| Disable Unconstrained Delegation | Admin | Clears the userAccountControl TRUSTED_FOR_DELEGATION bit (0x80000) on a computer. Higher permission bar than the user-side fixes because Kerberos double-hop services (SQL Server linked servers, IIS impersonation, SharePoint with Kerberos delegation) WILL break if the host needed unconstrained delegation - the dialog body explains this and recommends migrating to constrained delegation via msDS-AllowedToDelegateTo. |
Every quick-fix captures an object snapshot before the LDAP write (rollback ready), records an audit entry on success or failure, and short-circuits cleanly on idempotent invocations (target bit already clear -> no snapshot, no audit, no LDAP traffic).
Structural AuditSeverity field
AuditEntry gains a typed severity field (Info / Warning / Critical) with matching log_success_with_severity / log_failure_with_severity methods on AuditService. Story 14.6 (disable_unconstrained_delegation) is the first consumer and emits both success and failure entries as Critical, so SOC dashboards can filter on severity instead of maintaining a per-action allowlist.
The change is migration-safe:
- SQLite gains a
severity TEXT NOT NULL DEFAULT 'info'column via auto-ALTER TABLE. Existing rows surface asInfo. - Severity is intentionally excluded from the SHA-256 hash chain so the upgrade does not invalidate any existing chain. The chain protects audit truth (operator / action / target / result); severity is a SOC categorisation hint that may be re-tagged later without rewriting history.
log_success/log_failurekeep their pre-1.1.0 signatures and produceInfoentries.
Syslog forwarder
The RFC 5424 forwarder now maps AuditSeverity to the priority byte (Critical = 2, Warning = 4, Info = 6 success / 4 failure) and emits the value in the structured-data field. Existing UDP / TCP collectors keep parsing the same shape; SIEM rules that classify on priority should be updated to recognise priority 2 for Critical events.
Breaking changes
None. The release is a strict superset:
AuditEntryJSON adds an optionalseverityfield. Consumers that don't setserde(default)should add a fallback to"info".- Syslog priority for Story 14.6 events shifts from 6/4 (info/warning) to 2 (critical). Update SIEM thresholds if relevant.
- Frontend
AuditEntryinterface gainsseverity?: "info" | "warning" | "critical". Consumers that treat the type as exhaustive should add the field.
Internal improvements
AcknowledgeQuickFixDialogshared React component encapsulates the Story 14.4 + 14.6 dialog shape, with a documented 8-key i18n contract.- Snapshot-on-no-op optimization for Stories 14.4 + 14.6 via the new
DirectoryProvider::get_user_account_controltrait method. tooltipParamsForfactored tosrc/types/securityIndicators.tssoSecurityIndicatorDotandComputerDetailshare one mapping.- 2 new CI policy checks (Linux runners): SPN-list parity (Rust <-> TS) and audit-action-name uniqueness with explicit allowlist.
- Per-test
mockPermissionLevel(level)helper replacing 10 ad-hocvi.spyOnsites.
Security
- Pin
rustls-webpki >= 0.103.13viaCargo.lockto patch RUSTSEC-2026-0098 / 0099 / 0104 (transitive throughtonic/tauri). - Bump
vite7.3.1 -> 8.0.10,@vitejs/plugin-react5.2.0 -> 6.0.1,typescript5.9.3 -> 6.0.3 (withtypescript-eslint-> 8.59.0) to clear 4 NPM advisories. - Add
pnpmoverrides forpostcss<8.5.12and@joshwooding/vite-plugin-react-docgen-typescript<0.7.0.
Compatibility
- Windows 10/11, macOS 12+, Linux (x64) - same matrix as 1.0.x.
- Active Directory: any DC version that exposes
userAccountControl,servicePrincipalName,msDS-AllowedToDelegateTo,msDS-AllowedToActOnBehalfOfOtherIdentity, andnTSecurityDescriptor. All Microsoft AD versions support these; Samba 4 and OpenLDAP appliances also support them. - Existing 1.0.x audit DB upgraded automatically at first launch.
Stats
- 8 new security indicator detectors
- 3 new quick-fix Tauri commands
- 1 new
DirectoryProvidertrait method (get_user_account_control) - 1 new SQLite column (
audit_entries.severity, auto-migrated) - 1733 backend tests (1688 lib + 45 binary integration), 2209 frontend tests
- 5 languages translated end to end (en / fr / de / it / es), 1780 i18n keys
- 13 QA follow-up items resolved on the same branch
- 66 commits, +19,064 / -361 lines across 85 files
Documentation
- Changelog - full per-section detail for 1.1.0
- Release smoke test checklist - the visual verification matrix used before tagging
- Architecture and PRD - tech stack, data models, epics
Acknowledgements
Author: Romain G.
Thanks to everyone who reported issues against 1.0.5 and the early adopters who exercised the Quick-Fix workflows in lab environments before the release.
v1.0.5
DSPanel v1.0.5 - Audit-driven robustness pass
A focused robustness release closing 13 of 14 findings from a functional code audit comparing DSPanel against BloodHound CE and Adalanche. No new features, no breaking changes - the goal is to make existing functionality survive non-default Active Directory configurations: non-admin operators, multi-forest deployments, large domains, Read-Only DCs, hardened DCs requiring channel binding, and non-Microsoft LDAP backends.
What's new
Active Directory works for non-admin operators. Reads of nTSecurityDescriptor now include the SD_FLAGS LDAP control so the "User Cannot Change Password" check no longer returns a false negative for HelpDesk and Account Operator accounts that lack SeSecurityPrivilege.
Browse lists never lie about completeness. When the LDAP server hits its sizeLimitExceeded cap or DSPanel's own browse cap is reached with more pages available, the User, Computer, Group, Contact and Printer lookup pages render a yellow warning banner explaining that the list is partial. Previously the partial list was indistinguishable from a complete one - operators on large domains could conclude "the user does not exist" while the directory was just past the cap.
Multi-forest environments are visible. Members coming from trusted external domains (stored as Foreign Security Principals in AD) used to render as raw S-1-5-21-... SID strings in group member lists. They now carry a Foreign badge with the full SID on hover, so operators immediately understand they are looking at a cross-forest principal that DSPanel cannot resolve to a name.
Read-Only Domain Controllers are detected. When DSPanel binds against an RODC (typical for branch-office deployments where the LOGONSERVER resolution lands on a local read-only replica), the dashboard renders a warning banner explaining that write operations - password resets, group membership changes, account modifications - will be referred to a writable DC if available, otherwise rejected. No more silent write failures.
AdminSDHolder-protected accounts are visible. Domain Admins, Enterprise Admins and other accounts with adminCount=1 now show a Protected badge on the user detail page. A tooltip explains that AD's SDProp process runs every ~60 minutes and will overwrite any DACL change with the AdminSDHolder template - so operators no longer wonder why their DACL change "disappeared".
Non-Microsoft directories work better. When the LDAP server rejects LDAP_MATCHING_RULE_IN_CHAIN (used by DSPanel to resolve nested group memberships in a single query), the client now falls back to a breadth-first walk of memberOf rather than failing the request. Affects Samba 4 deployments below 4.5 and certain LDAP appliances that emulate AD without the Microsoft-specific matching rule.
Hardened DCs that enforce channel binding now produce a clear diagnostic. DSPanel writes an explicit log line at INFO with channel_binding = "tls-server-end-point" when GSSAPI is bound over TLS, and a WARN with an "enable TLS" hint when GSSAPI is attempted on plain port 389. If the DC rejects the bind with SEC_E_BAD_BINDINGS (0x80090346), the new channel_binding_required error classification surfaces a localized hint on the dashboard explaining that LDAP channel binding enforcement (Microsoft hardening recommendation post-ADV190023) requires TLS.
Account creation no longer leaves half-created users behind. If the password reset or account enable step that follows create_user fails (typically because the chosen password does not match the AD password policy), the user object is now deleted automatically and the original error is propagated. No more orphan disabled accounts to clean up manually.
Syslog forwarding can use TCP. The remote syslog forwarder gains an opt-in TCP transport (RFC 6587 octet-counting framing) for SIEM integrations that need delivery guarantees. Default remains UDP for backward compatibility. TCP send failures surface at WARN level so a SIEM gap is observable rather than silent.
CN extraction handles escaped commas. The DN parser used to match permission-mapping group names is now RFC 4514 compliant. Previously an escaped comma in a CN (CN=Doe\, John,OU=Users) would silently misidentify the group; now matches correctly.
Translation completeness
All new UI strings (truncation banner, foreign badge, RODC banner, AdminSDHolder protection tooltip, channel binding hint) ship with English, French, German, Spanish and Italian translations.
Upgrade notes
Drop-in replacement. No configuration change required.
If you were collecting syslog audit entries via UDP, the existing setup keeps working unchanged. To switch to TCP, set transport: "tcp" in your syslog settings JSON; the corresponding port on your syslog daemon must accept TCP framing per RFC 6587 (rsyslog imtcp, syslog-ng tcp(), Splunk HEC syslog input, Datadog Agent).
If you were relying on the services::dpapi::protect / unprotect symbols outside Windows, that path is now a compile error. The functions were a misleading base64 fallback (no actual encryption); the only legitimate caller already routes through the OS keyring on non-Windows.
Also in this release
A follow-up audit comparing DSPanel against BloodHound CE and Adalanche identified one additional gap that is not addressed here: a "Security Posture" module enumerating dangerous DACL rights (DCSync replication, GMSA password readers, Shadow Credential writers, LAPS password readers). It is intentionally deferred because it represents a 2-3 week project requiring a generic DACL parser rather than a defensive patch. We will scope a possible 1.1.0 separately on whether DSPanel should ship this functionality natively or rely on dedicated security tools (BloodHound, Adalanche) running alongside.
Full changelog
See CHANGELOG.md.
Author: Romain G.
License: Apache-2.0
v1.0.4
DSPanel v1.0.4 - Multi-level domains and discoverable logs
A targeted patch release fixing two field-blocking issues uncovered while deploying 1.0.3 against a production-shaped Active Directory.
What's new
Active Directory connections work on multi-level domain names. 1.0.3 and earlier failed to bind via Kerberos when the AD domain had three or more DNS labels (e.g. INFORMADIS.LECLERC.DMI, common in larger and acquired environments). The dashboard would show Disconnected with the localized hint unknown_principal. The DC FQDN is now resolved via DNS SRV in every case rather than being short-circuited by a flawed dot-count heuristic, so the SPN sent to the DC matches the one that is actually registered and the bind succeeds.
Logs go to a discoverable, OS-standard location after install. Previously, the location depended on whatever working directory the Windows shortcut inherited from the installer, which often meant they ended up in Downloads/. From this release on, logs are written to:
- Windows:
%LOCALAPPDATA%\DSPanel\logs\(e.g.C:\Users\<you>\AppData\Local\DSPanel\logs\) - macOS:
~/Library/Logs/DSPanel/ - Linux:
~/.local/state/DSPanel/logs/(or$XDG_STATE_HOME/DSPanel/logs/)
The resolved path is also printed to stderr at startup so it shows up in the parent terminal when DSPanel is launched from one.
Upgrade notes
Drop-in replacement. No configuration change required.
If you were collecting logs from the previous (Downloads/) location for a SIEM or support workflow, update your collector path to the new OS-standard location.
Also in this release
A follow-up internal audit comparing DSPanel against the LDAP/AD layers of BloodHound CE and Adalanche surfaced several robustness gaps (notably the SD_FLAGS LDAP control on security descriptor reads, a missing fallback when the server does not support LDAP_MATCHING_RULE_IN_CHAIN, and silent truncation when a search hits the server-side size limit). Those gaps will be addressed in 1.0.5. They are non-regression items that do not affect the typical happy-path connection covered here.
Full changelog
See CHANGELOG.md.
Author: Romain G.
License: Apache-2.0
v1.0.3
DSPanel v1.0.3 - Kerberos diagnostics on the dashboard
This release makes failed Active Directory connections diagnosable without reading the log. When the dashboard card shows Disconnected, it now tells you why in a single localized sentence. On non-English Windows (French, German, Italian, Spanish) the cause is still identified thanks to cross-language matching of Microsoft's localized SSPI error messages.
What's new
Dashboard tells you the cause. Disconnected now comes with a short hint pointing at the real failure: clock skew with the DC, missing Kerberos ticket, DNS SRV lookup failure, LDAP signing requirement, TLS handshake, credentials refused, network unreachable, or workstation not domain-joined. A matching raw error chain is written to the application log at ERROR level so support can see the full SSPI message.
Operator-friendly default logs. GSSAPI bind diagnostics (resolved DC FQDN, computed ldap/<fqdn> SPN, LOGONSERVER) are now emitted at INFO level. You no longer need RUST_LOG=debug to see which server DSPanel tried to authenticate against and with what SPN.
Works on localized Windows. cross-krb5 surfaces SSPI errors in the OS UI language. The classifier now matches Microsoft's French / German / Italian / Spanish translations on top of English, so operators on fr-FR, de-DE, it-IT, es-ES workstations get the same precise hint as on en-US.
Upgrade notes
Drop-in replacement - no configuration or schema change. Existing simple-bind deployments keep their behavior; the new hint only appears when the connection actually fails.
The frontend gains one small IPC field (connection_error on DomainInfo), omitted from the JSON payload when the connection is healthy, so third-party integrations that read this command stay compatible.
Also in this release
- CI fixes for Rust 1.95 clippy lints promoted to errors (
unnecessary_sort_by,collapsible_match) - Account health tests now use timestamps relative to
Utc::now()so the suite does not drift into false warnings over time
Full changelog
See CHANGELOG.md.
Author: Rwx-G.
License: Apache-2.0
v1.0.2
Security-focused release following a comprehensive audit (Semgrep static analysis, cargo-audit, npm audit, supply chain risk assessment).
Security
- Use OS keychain (macOS Keychain / Linux Secret Service) for MFA secret storage on non-Windows platforms instead of unencrypted base64 file
- Add SHA-256 hash chain to audit log entries for tamper detection
- Add remote syslog forwarding (RFC 5424 UDP) for audit entries with configurable host/port
- Add verify_audit_chain IPC command (DomainAdmin) to verify audit log integrity
- Replace base32 crate with data-encoding (higher maintainer bus factor, actively maintained)
- Add cargo audit + pnpm audit CI workflow (weekly schedule + on every PR)
- Fix vulnerable npm transitive dependencies (flatted, picomatch, brace-expansion)
- Replace std::env::temp_dir() with tempfile::tempdir() in tests to prevent symlink race conditions
- Add weekly dependency health check for critical single-maintainer crates (ldap3, qrcode)
- Enforce pnpm install --frozen-lockfile in all CI workflows to prevent dependency drift
- Upgrade printpdf 0.3 to 0.9 to resolve 4 unmaintained transitive dependency warnings
- Migrate LDAP TLS from native-tls (platform-specific) to rustls (pure Rust, audited, memory-safe)
- Lower infrastructure, security monitoring, and recycle bin pages from DomainAdmin to Admin permission level
- Fix frontend/backend permission mismatch in GroupHygiene and BulkOperations
- Filter sidebar navigation based on user permission level (hide inaccessible pages)
See the https://github.com/Rwx-G/DSPanel/blob/main/CHANGELOG.md for full details.
v1.0.1
What's Changed
- fix: Kerberos GSSAPI, snapshot completeness, wevtutil attack detection (v1.0.1) by @Romain-Grosos in #19
Full Changelog: v1.0.0...v1.0.1
v1.0.0
DSPanel v1.0.0
The first stable release of DSPanel - an open source, cross-platform Active Directory administration tool.
Highlights
5 languages - Full localization in English, French, German, Italian, and Spanish (1709 translation keys). Runtime language switching in Settings.
Login prompt - Password can now be entered at startup instead of being stored in environment variables. Set DSPANEL_LDAP_SERVER and DSPANEL_LDAP_BIND_DN, and DSPanel will prompt for the password.
Security hardening - MFA bypass fix, TOTP replay protection, zeroized secrets in memory, permission re-detection before every critical write.
What's in the box
DSPanel v1.0.0 ships with 32 pages covering the full AD support chain:
| Category | Features |
|---|---|
| Directory | User/Computer Lookup, User Comparison, Group Management, Group Hygiene, Bulk Operations, Contact & Printer Management, NTFS Permissions Audit |
| Workflows | Onboarding/Offboarding Wizards, Preset Management, Automated Cleanup, AD Recycle Bin, Move Objects |
| Infrastructure | DC Health (7 checks), Replication Monitoring, DNS & Kerberos Validation, AD Topology, GPO Viewer, Workstation Monitoring |
| Security | Privileged Accounts Audit (12 checks), Domain Risk Score (9 factors, ~70 checks), Attack Detection (14 types, MITRE ATT&CK), Escalation Paths, Compliance Reports (9 frameworks), MFA Gate, Audit Trail |
| Exchange | On-prem (LDAP) and Online (Graph API) mailbox diagnostics |
New in v1.0.0
Added
- i18n: 5 languages with 37 namespaces, locale-aware formatting, bidirectional completeness tests
- Login prompt when password is not in environment variables
- Startup splash screen (theme-aware)
- Remote DC event log access with simple bind credentials
- DC FQDN resolution from rootDSE
dnsHostName - Risk score weight and attack detection threshold configuration in Settings
- Snapshot history export (CSV/Excel/PDF/HTML)
- Replication status enriched with USN, transport, and replica flags
Security
- DomainAdmin permission check on
purge_audit_entries - MFA bypass fix: IPC errors now deny access
zeroizecrate for LDAP passwords and TOTP secrets- TOTP replay protection (60-second code reuse cache)
- Audit writes are now backend-internal only
Fixed
- Language persistence (was calling non-existent Tauri command)
- Audit operator showing Windows username instead of AD identity in simple bind
- Cleanup tests writing to production audit.db
- Sidebar key mismatch for Bulk Operations
- Tab titles hardcoded in English across 6 pages
- Recycle bin date format (was raw LDAP generalized time)
Downloads
| Platform | File | Size |
|---|---|---|
| Windows (installer) | DSPanel_1.0.0_x64-setup.exe |
~7 MB |
| Windows (MSI) | DSPanel_1.0.0_x64_en-US.msi |
~10 MB |
| macOS | DSPanel_1.0.0_aarch64.dmg |
- |
| Linux | DSPanel_1.0.0_amd64.deb / .AppImage |
- |
Requirements
- Windows 10/11, macOS 12+, or Linux (x64)
- Network access to an Active Directory domain
- (Optional) Azure AD App Registration for Exchange Online
Test coverage
- 2089 frontend tests (87% line coverage)
- 1520 Rust unit tests (82% line coverage)
- 45 AD integration tests (validated manually, not in CI)
See the full CHANGELOG for details.
