Apoxy v0.17.0

This release introduces BFD-lite liveness detection for tunnel connections and comprehensive audit logging for the API server, alongside significant performance optimizations and Apple code signing for macOS binaries.

Features

• BFD-lite liveness detection: Add BFD-lite protocol for connection liveness monitoring between agent and tunnelproxy (1ad0b30)
• Graceful connection draining: Add support for graceful drain with BFD AdminDown and TCP connection tracking (e8283f8)
• Audit logging: Add audit logging options with policy file and log rotation support (c63e7d5)
• UID-scoped connection management: Add CloseConnectionsByUID method for tunnel connections (5b524ad)

Bug Fixes

• Echo amplification loop: Fix echo amplification loop between BFDL client and server (0da1bed)
• Audit log identity: Fix audit log identity headers and add version to user-agent (03c5ee8)
• Tunnel address reconciliation: Remove tunnel address writing from server reconciler (384f712)

Improvements

• Tunnel performance optimizations: Reduce hot-path allocations in packet processing pipeline and BFDL implementation (0f86e0f, e98a2b9, 0187328, 2bab37c)
• Endpoint probing efficiency: Cache endpoint selection to avoid re-probing on every reconcile and cancel remaining probes after first success (443068e, e456ea2)
• TUI traffic filtering: Filter out ping packets from TUI traffic view by default (6dd4b43)
• Documentation: Update CLI descriptions and regenerate command reference (eb7733d)

Infrastructure

• Apple code signing: Add Apple code signing and notarization to release pipeline for macOS binaries (a5e7d79, e93bb05, 964105a, 2a8f0f4, d128d38, 33a5dc1)
• CI improvements: Decouple GitHub release from image publish and pin edge-runtime to stable version (cbeac26, 2344672, d4f3dc7)

---

Full Changelog: https://github.com/apoxy-dev/apoxy/compare/v0.16.1...v0.17.0

---