v8.5

Knocknoc 8.5  

Knocknoc 8.5 delivers key improvements in usability, integrations, and security, while paving the way for future growth. Security is enhanced through updated server components, Golang and library upgrades, and additional hardening measures, including disabling custom scripts on new Agents by default in line with our “default-deny” ethos. Accessibility has also been uplifted with WCAG 2.2 compliance, ensuring Knocknoc is easier to use for everyone.

This release introduces new features such as predefined IP-address granting, support for Sophos firewalls, and expanded Cisco integrations, alongside a range of usability enhancements. Enterprise customers now also benefit from an available SBOM.

Together, these updates make Knocknoc more reliable, more accessible, and ready for what’s next.

🌐 Smart Access & Admin Controls

• Grant access to pre-defined IP addresses
  We're all about granting authorized users (or machines) access, based on their IP address and sometimes more. But this release we've added the ability to grant access to a pre-defined set of IP addresses. Why? Sometimes a user needs to open-up access for systems to talk, use cases include opening up a subnet for outbound network access, to obtain patches during maintenance windows, with default-deny egress access applied after the Knocknoc user logs out. East/West traffic opened up on demand for a short period, inbound access to a machine enabled during a code pull or backup sync, the possibilities are endless, and many thanks to our customers collaborating on innovative ideas such as these.
• Auto-browse
  You can now auto-browse users to a Knoc. This uplifts the user experience by sending the authenticated user onwards automatically. This can be combined with protocol handlers, meaning tools like SAP or SFTP desktop clients automatically load depending on the client machine configuration.
• Multi-instance Agents
  Install and run multiple orchestration Agents on the same machine, without the need for containers. This helps for highly-available environments where multiple firewalls or devices require orchestration from a single location.
• Other fixes include the streamlining of API-key based user login creation, improved Agent logging and small UI bug fixes. 

🔐 Security boosters

• Custom Scripts - now disabled by default for Agents
  Not everyone uses custom-script execution, so we've disabled it by default on newly installed Agents. If you have Agents installed already the upgrade won't break anything, and you can harden these by enabling/disabling custom-scripts via the Agent config.
• Credential and API key control
  If anything changes with your settings, you'll need to re-enter API keys and credentials, just to tighten things up.
• Removing Knocs removes any live Grants
  If an Admin removes a Knoc, any related Grants in place will also now be removed automatically. 
• SBOM and enterprise transparency
  A Software Bill of Materials is now generated with every release and available to enterprise customers.
• Misc smaller fixes
  A number of lower impact issues were fixed, we recommend updating both Server and Agents.

🔗 Integrations & ecosystem

• Cisco, Sophos and more
  Expanded our firewall appliance integrations, including Cisco, Sophos (UTM and SFOS/XGS) all managed via the workflow experience. 
• Password-less Allowlists (EDLs)
  Older devices that can't provide credentials during EDL or Allowlist polling - are now supported. IP address restrictions have also been introduced to tighten up both password-less and credential-required Allowlist polling.
• Linux IPSet auto-expire
  Linux IPSets are managed automatically by the Knocknoc Agent, however an on-server automatic timeout tied to the users session period has been added for Linux IPSets. Belt and braces reliability!
• Proxy configuration
  The Agent proxy settings are now in the config file, making it simpler. 

✨End-user & UI polish

• WCAG certified
  The application is now WCAG 2.2 AA certified - this helps the vision impaired and is important for enabling access for everyone.
• Available update awareness
  Newer Server and Agent versions will now be shown to Admin users. Note: Knocknoc does not automatically update (this is intentional) nor download/apply these newer, available versions.
• Various UI improvements
  Minor dashboard and list improvements improve overall smoothness.

🛠 Bug Fixes & Quality of Life 

🔥 In short: KnocKnoc 8.5 gives admins more control, users a smoother ride, agents sharper teeth, and auditors the SBOM they’ve been waiting for. 

Database uplift, what it means for you

We're changing the Knocknoc server database technology, providing high-availability deployment options, horizontal scaling and distributed workloads, whilst improving performance and enabling the huge list of awesome features planned for future features.

For existing installations/deployments, an upgrade will not automatically migrate you to Postgres. This will be performed manually via a separate update, allowing you to benefit from the new features and fixes today, without disruption or change of database. 

New installations will however automatically use Postgres, with the default option within the setup script installing Postgres locally on the Knocknoc Server machine, if you're self-hosting. This can be modified to use an external Postgres database by editing the server configuration file and providing a database connection string, see here for more information. If you are restoring a system and need to utilize SQLite, this is also possible by adjusting the DB config setting.

Release date: 12th September 2025 

 

New to Knocknoc? Get started here!