Nebula v1.6.0 Release Notes
Release Date: 2022-06-30 // over 2 years ago-
➕ Added
🔧 Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678)
🔧 Configuration option to report manually specified
ip:port
s to lighthouses. (#650)🏁 Windows arm64 build. (#638)
👍
punchy
and mostlighthouse
config options now support hot reloading. (#649)
🔄 Changed
🏗 Build against go 1.18. (#656)
👍 Promoted
routines
config from experimental to supported feature. (#702)⚡️ Dependencies updated. (#664)
🛠 Fixed
🍎 Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501)
🏁
unsafe_route
configuration will no longer crash on Windows. (#648)A few panics that were introduced in 1.5.x. (#657, #658, #675)
🔒 Security
- You can set
listen.send_recv_error
to control the conditions in whichrecv_error
messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670)
✂ Removed
- 🚚
x509
config stanza support has been removed. (#685)
Previous changes from v1.5.2
-
➕ Added
- 🔧 Warn when a non lighthouse node does not have lighthouse hosts configured. (#587)
🔄 Changed
No longer fatals if expired CA certificates are present in
pki.ca
, as long as 1 valid CA is present. (#599)nebula-cert
will now enforce ipv4 addresses. (#604)🍎 Warn on macOS if an unsafe route cannot be created due to a collision with an existing route. (#610)
👍 Warn if you set a route MTU on platforms where we don't support it. (#611)
🛠 Fixed
Rare race condition when tearing down a tunnel due to
recv_error
and sending packets on another thread. (#590)🐛 Bug in
routes
andunsafe_routes
handling that was introduced in 1.5.0. (#595)✅
-test
mode no longer results in a crash. (#602)
✂ Removed
x509.ca
config alias forpki.ca
. (#604)
🔒 Security
- ⬆️ Upgraded
golang.org/x/crypto
to address an issue which allowed unauthenticated clients to cause a panic in SSH servers. (#603)