happy to announce a new Crossbar.io release: 17.3.1
Get it on PyPI
or directly from GitHub
Docker images will follow soonish. And we want to have snaps too.
This release brings a whole bunch of bug fixes and also a couple of new features:
Two of which I'd like to point out .. pls see below.
I want to also raise awareness of 1 change we did:
Crossbar.io from PyPI and in general will now use _pinned_ and hashed dependencies for everything:
This is a security, repeatable build (well, sort of) and trust thing.
It also means that you really should install Crossbar.io into its own, dedicated virtualenv (or use Docker or snaps once we have them).
We've done a lot of testing. But this has gotten quite complex and feature rich, so please let us know if you experience any issues ..
1) Subscriber black-/whitelisting based on authid/authrole
Development (done by meejah) of this feature was sponsored by RECORD.evolution (https://iot.record-evolution.com/)
Note: if you want a feature in Crossbar.io and get influence on our backlog priorization in exchange for some bucks, please get in touch! We'd love to move faster, but we need your support;)
2) Upcoming Tor support
We have the underlying infra for running WAMP transports over Tor (https://www.torproject.org/) now!
Credits go to meejah too here (he is a security addict very much like me, and the author of https://github.com/meejah/txtorcon).
This stuff gets me excited! Well, for the security/privacy geeks;)
Of course it prohibits MITM attacks too.
And finally, when you combine that with the end-to-end encryption capabilities of Crossbar.io (WAMP-cryptobox), you will get an unmatched level of security, privacy and anonymity:
Even a host administrator (with full root access) of the machine running Crossbar.io will NOT be able to read or fuzz with any app payload.
It also means the same Crossbar.io router can be used by different stakeholders NOT sharing trust!
When this moves out of alpha, we will have addressed an issue raised 3 years ago
by a guy who only ever filed this 1 issue on GitHub and then disappeared into nowhere.
I have some ideas what org he's working for;) Which would explain a lot .. in particular, the level of technical, security awareness/knowledge that shines through the question alone.
Anyway. We are now near at solving it. Even though it required some time (3 years).