From f53ca78e94fa7ef443bb5157cc73f990e9009fac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Thu, 23 Apr 2026 10:56:24 +0200
Subject: [PATCH 1/6] Fine tune packages

---
 .fpm                         |  1 +
 freebsd/defguard-proxy       | 11 +++++------
 linux/defguard-proxy.service |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.fpm b/.fpm
index 607e163..01dbdfd 100644
--- a/.fpm
+++ b/.fpm
@@ -3,3 +3,4 @@
 --description "Defguard Edge service"
 --url "https://defguard.net/"
 --maintainer "Defguard"
+--config-files /etc/defguard/proxy.toml
diff --git a/freebsd/defguard-proxy b/freebsd/defguard-proxy
index 6d54ff6..47b544b 100644
--- a/freebsd/defguard-proxy
+++ b/freebsd/defguard-proxy
@@ -6,15 +6,14 @@
 
 . /etc/rc.subr
 
-name="defguard"
-rcvar=defguard_enable
+name="defguard_proxy"
+rcvar=defguard_proxy_enable
 command="/usr/local/bin/defguard-proxy"
 config="/etc/defguard/proxy.toml"
-start_cmd="${name}_start"
+start_cmd="${name}_proxy_start"
 
-defguard_start()
-{
-  ${command} --config ${config} &
+defguard_proxy_start() {
+	${command} --config ${config} &
 }
 
 load_rc_config $name
diff --git a/linux/defguard-proxy.service b/linux/defguard-proxy.service
index ce614ee..3524e49 100644
--- a/linux/defguard-proxy.service
+++ b/linux/defguard-proxy.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=Defguard Edge service
-Documentation=https://defguard.gitbook.io/defguard/
+Documentation=https://docs.defguard.net/
 Wants=network-online.target
 After=network-online.target
 

From 6744827fb306ded15f3345211f7da6aede899086 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Thu, 23 Apr 2026 11:36:38 +0200
Subject: [PATCH 2/6] Update trivy action

---
 .github/workflows/build-docker.yml | 2 +-
 .github/workflows/sbom.yml         | 8 ++++----
 .github/workflows/test.yml         | 2 +-
 Cargo.lock                         | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
index c2b99e5..5926829 100644
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -69,7 +69,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           image-ref: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}"
           format: "table"
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 5afa8f4..e68afa4 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -33,7 +33,7 @@ jobs:
           submodules: recursive
 
       - name: Create SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           scan-type: 'fs'
           format: 'spdx-json'
@@ -43,7 +43,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create Docker image SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           image-ref: "ghcr.io/defguard/defguard-proxy:${{ steps.vars.outputs.VERSION }}"
           scan-type: 'image'
@@ -53,7 +53,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create security advisory file with Trivy
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           scan-type: 'fs'
           format: 'json'
@@ -63,7 +63,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create Docker image security advisory file with Trivy
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           image-ref: "ghcr.io/defguard/defguard-proxy:${{ steps.vars.outputs.VERSION }}"
           scan-type: 'image'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 9a63987..661d08f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -37,7 +37,7 @@ jobs:
           submodules: recursive
 
       - name: Scan code with Trivy
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@0.36.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
diff --git a/Cargo.lock b/Cargo.lock
index bf761b3..801c1d4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -3737,9 +3737,9 @@ dependencies = [
 
 [[package]]
 name = "rustls"
-version = "0.23.38"
+version = "0.23.39"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21"
+checksum = "7c2c118cb077cca2822033836dfb1b975355dfb784b5e8da48f7b6c5db74e60e"
 dependencies = [
  "aws-lc-rs",
  "log",

From 052664c7e48b738d658736062f625a6d719697c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Thu, 23 Apr 2026 11:39:18 +0200
Subject: [PATCH 3/6] .trivyignore.yaml

---
 .github/workflows/test.yml | 3 +++
 .trivyignore.yaml          | 4 ++++
 2 files changed, 7 insertions(+)
 create mode 100644 .trivyignore.yaml

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 661d08f..a3f863f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -38,6 +38,9 @@ jobs:
 
       - name: Scan code with Trivy
         uses: aquasecurity/trivy-action@0.36.0
+        env:
+          TRIVY_IGNOREFILE: ".trivyignore.yaml"
+          TRIVY_SHOW_SUPPRESSED: 1
         with:
           scan-type: 'fs'
           scan-ref: '.'
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
new file mode 100644
index 0000000..562d637
--- /dev/null
+++ b/.trivyignore.yaml
@@ -0,0 +1,4 @@
+vulnerabilities:
+  - id: GHSA-w5hq-g745-h8pq
+    expired_at: 2026-03-30
+    statement: "Not yet fixed in dependencies'

From e89a2c46b8a9940fe8199158698d832967f8d216 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Thu, 23 Apr 2026 11:42:00 +0200
Subject: [PATCH 4/6] trivy-action

---
 .github/workflows/build-docker.yml | 2 +-
 .github/workflows/sbom.yml         | 8 ++++----
 .github/workflows/test.yml         | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
index 5926829..c0fb5c0 100644
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@@ -69,7 +69,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@0.36.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.tag }}"
           format: "table"
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index e68afa4..030dc5e 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -33,7 +33,7 @@ jobs:
           submodules: recursive
 
       - name: Create SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.36.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           scan-type: 'fs'
           format: 'spdx-json'
@@ -43,7 +43,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create Docker image SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.36.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "ghcr.io/defguard/defguard-proxy:${{ steps.vars.outputs.VERSION }}"
           scan-type: 'image'
@@ -53,7 +53,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create security advisory file with Trivy
-        uses: aquasecurity/trivy-action@0.36.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           scan-type: 'fs'
           format: 'json'
@@ -63,7 +63,7 @@ jobs:
           scanners: "vuln"
 
       - name: Create Docker image security advisory file with Trivy
-        uses: aquasecurity/trivy-action@0.36.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: "ghcr.io/defguard/defguard-proxy:${{ steps.vars.outputs.VERSION }}"
           scan-type: 'image'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a3f863f..345db11 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -37,7 +37,7 @@ jobs:
           submodules: recursive
 
       - name: Scan code with Trivy
-        uses: aquasecurity/trivy-action@0.36.0
+        uses: aquasecurity/trivy-action@v0.36.0
         env:
           TRIVY_IGNOREFILE: ".trivyignore.yaml"
           TRIVY_SHOW_SUPPRESSED: 1

From 55cd97f829cd3fed48cae9d2b345dddc851adfc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Thu, 23 Apr 2026 11:58:59 +0200
Subject: [PATCH 5/6] trivy-action

---
 .trivyignore.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index 562d637..e709714 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -1,4 +1,4 @@
 vulnerabilities:
   - id: GHSA-w5hq-g745-h8pq
     expired_at: 2026-03-30
-    statement: "Not yet fixed in dependencies'
+    statement: 'Not yet fixed in dependencies'

From a2dacd9ebe2f18efc4b1b0f3b1cfcad5e369a8bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= <adam@defguard.net>
Date: Thu, 23 Apr 2026 12:03:37 +0200
Subject: [PATCH 6/6] .trivyignore.yaml

---
 .trivyignore.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.trivyignore.yaml b/.trivyignore.yaml
index e709714..473a01f 100644
--- a/.trivyignore.yaml
+++ b/.trivyignore.yaml
@@ -1,4 +1,4 @@
 vulnerabilities:
   - id: GHSA-w5hq-g745-h8pq
-    expired_at: 2026-03-30
+    expired_at: 2026-04-30
     statement: 'Not yet fixed in dependencies'