Gophish just got better.

We're excited to announce the release of Gophish v0.12.1. This is a minor release that includes a couple of bug fixes and one great new feature.

Added Trusted Origins to CSRF Handler

We've added the ability to set trusted_origins in the config.json file. This allows you to add addresses that you expect incoming connections to come from, which is helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself. This has been a long discussed and requested feature so it's great to have! Thanks to @mcab and everyone else in this thread.

Updated Workflows

Our Continuous Integration workflow has been updated and is succeeding again. We've also updated the Release workflow, mitigating some security concerns and adapting it be able to build Windows releases again. These are (hopefully!) at the bottom of this post.

Minor fixes

Some JavaScript files hadn't been minified properly, causing problems with adding customer headers. A small bug was fixed where copying a campaign would not show [Deleted] in an edge case - see #2482. Thanks @29vivek.

Changelog

You can find the full changelog for this release here.

How to Upgrade

To upgrade, download the release for your platform, extract into a folder, and copy (remember to copy, not move so that you have a backup) your existing gophish.db file into the new directory. Then, run the new Gophish binary and you'll be good to go!

Now, one more thing:

We want to hear from you!

Have questions, comments, or feature ideas about Gophish? Let us know by filing an issue.

Enjoy