Release LoadGen Api, Appliance and MCP Server: 1.0.0.11863

Updated

Release LoadGen Api, Appliance and MCP Server: 1.0.0.11863

LoadGen General

  • No general changes in this release.

LoadGen Api

  • [#8598] Added single sign-on (SSO) for federated authentication against any OpenID Connect (OIDC) compliant identity provider including Microsoft Entra ID, Okta, Google Workspace, Keycloak, Auth0, AWS Cognito, modern ADFS, and modern PingFederate. Administrators can register one or more providers from a new Admin UI; users see an IdP picker on the login page and are signed in via the standard authorization-code-with-PKCE flow. SSO-issued tokens are bit-identical to password-issued tokens, so every existing API endpoint, JWT, and integration keeps working unchanged. Local username/password login remains available alongside SSO as a break-glass path. Just-in-time user provisioning maps IdP group claims to LoadGen roles via an admin-configured table; users without a matching group default to the lowest-privilege "User" role rather than to administrator. Tenant pinning, single-use anti-CSRF state, single-use exchange codes (keeping JWTs out of browser history), encrypted client secrets at rest, and per-callback audit logs are all enforced. Note: SAML 2.0 is intentionally not part of this release.
  • [#8602] Added an enterprise CA Trust Store management surface for the appliance. Administrators can now upload one or more root or intermediate CA certificates (PEM, including multi-certificate bundles) and the appliance installs them into the system trust store so every outbound HTTPS call from the API, uptime workers, monitoring runners, and load/monitoring agents trusts them automatically. Uploads are strictly validated per certificate (parseable, CA-bit set, not expired) and rejected as a whole batch on any failure, so the trust store never reflects a partial bundle. Each entry exposes label, subject, issuer, validity window, and thumbprint via dedicated list, fetch, upload, and delete endpoints under /appliance/trust-store. The per-profile "Ignore Certificate Errors" toggle is deliberately untouched as the explicit escape hatch for known-broken targets you do not want to trust appliance-wide.
  • [#8613] Added "Test Connection" and "Send Test Email" capabilities for SMTP mail account configuration. Operators can now verify SMTP host, port, encryption, credentials, and From address before saving a mail account, with the test using whatever values are currently typed into the dialog (no need to save first). The connection probe classifies every failure category in operator-friendly terms — DNS lookup failure, connection refused or timeout, "host may not be an SMTP server", EHLO rejection, STARTTLS not advertised, TLS handshake failure, "AUTH not advertised", and authentication rejection with the username echoed — so misconfigurations against self-hosted servers like Mailcow are diagnosable in seconds. Implicit TLS on port 465 and STARTTLS upgrade on port 587 are both supported.
  • [#8615] Added "Send Test Message" for Twilio account configuration, covering both SMS and WhatsApp channels. Operators can verify Account SID, Auth Token, and From-number configuration directly from the Twilio Account dialog without first saving and without needing a fully wired alert trigger. Common Twilio errors (wrong Auth Token, unverified trial recipient, region not enabled for SMS, non-SMS-capable From number, malformed E.164) are surfaced verbatim from Twilio so the operator can act on them inline. In edit mode the API transparently falls back to the stored encrypted Auth Token when the field is left blank, so operators do not have to retype it just to run a test.
  • [#8617] Added support for operator-supplied request headers (including custom User-Agent) on HTTP-based uptime checks. This unblocks monitoring of bot-detecting sites such as Shopify storefronts that returned 403 against the default request. Custom headers compose cleanly with every authentication type — Basic Auth, Bearer Token, and API key — so an operator can send credentials and a browser User-Agent in the same probe. Default-off: existing checks with no custom headers configured produce byte-identical outgoing requests to today.
  • [#8591] Added per-user preferences storage backing the Settings -> Support tab. Each user can save a reporter email that is then forwarded to the upstream ticketing service when "Sync from LoadGen" rehydrates a user's ticket list — so a snapshot restore no longer silently drops the user-to-ticket association. Same-user-only authorization is enforced at the API: a user cannot read, write, or clear another user's preferences. Email values are normalised and validated before being persisted.
  • [#8568] Fixed the cross-feature Analytics dashboard rendering the "E2E Monitoring" tile as a greyed-out "No data" card even when schedules, profiles, and active sessions were configured. The Monitoring slot on the dashboard summary is now populated alongside API Testing and Uptime, computing success rate from session-state counts and average duration from completed sessions over the operator-selected window (default 7 days, clamped 1-90). The "Feature Health" breakdown likewise gains an "E2E Monitoring" entry that returns Inactive, Healthy, Degraded, or Unhealthy on the same 80% threshold used by API Testing. The Home page Monitoring KPI card (which is fixed to today's window) and the analytics card intentionally answer different questions on the same data and do not need to agree numerically.
  • [#8605] Fixed LoadGen Core Agent logging TCP connection errors on startup before successfully connecting. The transport no longer tears down its own in-flight TCP socket while the agent is still completing its first dial-back to the results listener, and the version/reset/ping endpoints return a fast 202 with Retry-After: 5 while the handshake is in progress so the Frontend's HTTP timeout no longer cascades into spurious cancellations.
  • [#8618] Fixed an error opening certain load profiles in the wizard with the message "An item with the same key has already been added. Key: 00000000-0000-0000-0000-000000000000". Legacy XML profile bundles migrated to JSON could carry agent-assignment rows with empty agent IDs. Empty-ID rows are now filtered and duplicate agent IDs collapsed on both read and save, so every API response immediately stops emitting junk rows and the bundle self-heals on disk on the first user edit.
  • [#8588] Fixed "Agent returned 400 (Bad Request)" being surfaced with no actionable detail when changing passwords or deleting non-default appliance users. The appliance-agent error extractor now also reads RFC 7807 ProblemDetails responses (title, detail, and the errors validation dictionary), so the underlying binding mismatch is shown to the operator instead of a generic placeholder. Messages are capped in length so a chatty error block cannot blow up log lines. Existing error envelopes are surfaced byte-identically.
  • [#8480] Fixed SMTP uptime checks failing at parse time with "TCP endpoint must be 'host:port'" when the operator entered a hostname only — even though the SMTP wizard documents that port 25 is assumed if omitted. The SMTP probe now correctly defaults to port 25 when no port is supplied; an explicit host:587 still routes to port 587 unchanged, and malformed inputs like host:abc still surface the existing format error.
  • [#8621] Fixed the "My Profile" modal failing with "Failed to save email preference. The appliance preferences API rejected the value." The user-preferences endpoint was both misrouted and restricted to GlobalAdmins; it now resolves correctly for every authenticated user, with same-user-only access still enforced. Structured request and refusal logging was added so future failures of this kind are diagnosable directly from the API log instead of inferred from the Frontend.

LoadGen Appliance

  • [#8580] Enabled automatic daily backups by default on freshly-provisioned appliances. A new appliance now seeds a daily 02:00 backup schedule on first boot, so even an operator who never opens the Backups tab still has a recovery point. The seed is strictly one-shot and idempotent: disabling scheduled backups in the UI does not re-arm them on the next restart. Upgraded appliances with an existing custom schedule keep that schedule verbatim — the seed only applies when no schedule is present. Retention continues to be governed by the existing count-based cleanup (default 10 backups).
  • [#8602] Added enterprise CA Trust Store management on the appliance agent. Uploaded CA certificates are installed into the Linux system trust store and the consolidated bundle is rebuilt so every outbound HTTPS client across the API, uptime workers, monitoring runners, and load/monitoring agent containers picks them up automatically. Validation is strict and atomic per upload (parseable, CA-bit set, not expired); list responses surface any orphan files under a non-fatal warnings array so the operator can clean them up without the listing endpoint failing wholesale. Delete removes both the certificate and its metadata and rebuilds the trust bundle from scratch.
  • [#8592] Fixed "Extend Filesystem" reporting success but the Disk Layout panel still showing the old size after a hypervisor-side live disk resize. The extend operation now rescans every SCSI block device before the partition and filesystem grow steps run, so a live-resized disk is visible to the kernel before the extend begins. Each successful rescan is recorded in the response for traceability, and per-device failures do not abort the extend.
  • [#8590] Fixed appliance host-user operations — toggle lock, change password, and delete user — failing with the generic "Agent returned 400 (Bad Request)" message. A request-binding flaw was silently short-circuiting every call from the Frontend Users tab; the affected endpoints now resolve their inputs explicitly. The list endpoint was unaffected and is left unchanged.
  • [#8585] Fixed the "Grant sudo privileges" checkbox appearing to be ignored when creating a new host user: the Host Users table showed no Sudo badge for newly created users even though the user really was in the sudo group. This was a display-only parsing flaw in how group membership was read; the badge now renders correctly regardless of where sudo appears in the group list. Sudo privilege itself was always assigned correctly at user creation.

LoadGen MCP Server

  • No MCP Server changes in this release.
Was this article helpful?
0 out of 0 found this helpful