Nebula v1.6.0 Release Notes

Release Date: 2022-06-30 // 9 months ago
  • โž• Added

    • ๐Ÿ”ง Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678)

    • ๐Ÿ”ง Configuration option to report manually specified ip:ports to lighthouses. (#650)

    • ๐Ÿ Windows arm64 build. (#638)

    • ๐Ÿ‘ punchy and most lighthouse config options now support hot reloading. (#649)

    ๐Ÿ”„ Changed

    • ๐Ÿ— Build against go 1.18. (#656)

    • ๐Ÿ‘ Promoted routines config from experimental to supported feature. (#702)

    • โšก๏ธ Dependencies updated. (#664)

    ๐Ÿ›  Fixed

    • ๐ŸŽ Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501)

    • ๐Ÿ unsafe_route configuration will no longer crash on Windows. (#648)

    • A few panics that were introduced in 1.5.x. (#657, #658, #675)

    ๐Ÿ”’ Security

    • You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670)

    โœ‚ Removed

    • ๐Ÿšš x509 config stanza support has been removed. (#685)

Previous changes from v1.5.2

  • โž• Added

    • ๐Ÿ”ง Warn when a non lighthouse node does not have lighthouse hosts configured. (#587)

    ๐Ÿ”„ Changed

    • No longer fatals if expired CA certificates are present in pki.ca, as long as 1 valid CA is present. (#599)

    • nebula-cert will now enforce ipv4 addresses. (#604)

    • ๐ŸŽ Warn on macOS if an unsafe route cannot be created due to a collision with an existing route. (#610)

    • ๐Ÿ‘ Warn if you set a route MTU on platforms where we don't support it. (#611)

    ๐Ÿ›  Fixed

    • Rare race condition when tearing down a tunnel due to recv_error and sending packets on another thread. (#590)

    • ๐Ÿ› Bug in routes and unsafe_routes handling that was introduced in 1.5.0. (#595)

    • โœ… -test mode no longer results in a crash. (#602)

    โœ‚ Removed

    • x509.ca config alias for pki.ca. (#604)

    ๐Ÿ”’ Security

    • โฌ†๏ธ Upgraded golang.org/x/crypto to address an issue which allowed unauthenticated clients to cause a panic in SSH servers. (#603)