Nebula v1.6.0 Release Notes

Release Date: 2022-06-30 // over 2 years ago
  • ➕ Added

    • 🔧 Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678)

    • 🔧 Configuration option to report manually specified ip:ports to lighthouses. (#650)

    • 🏁 Windows arm64 build. (#638)

    • 👍 punchy and most lighthouse config options now support hot reloading. (#649)

    🔄 Changed

    • 🏗 Build against go 1.18. (#656)

    • 👍 Promoted routines config from experimental to supported feature. (#702)

    • ⚡️ Dependencies updated. (#664)

    🛠 Fixed

    • 🍎 Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501)

    • 🏁 unsafe_route configuration will no longer crash on Windows. (#648)

    • A few panics that were introduced in 1.5.x. (#657, #658, #675)

    🔒 Security

    • You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670)

    ✂ Removed

    • 🚚 x509 config stanza support has been removed. (#685)

Previous changes from v1.5.2

  • ➕ Added

    • 🔧 Warn when a non lighthouse node does not have lighthouse hosts configured. (#587)

    🔄 Changed

    • No longer fatals if expired CA certificates are present in pki.ca, as long as 1 valid CA is present. (#599)

    • nebula-cert will now enforce ipv4 addresses. (#604)

    • 🍎 Warn on macOS if an unsafe route cannot be created due to a collision with an existing route. (#610)

    • 👍 Warn if you set a route MTU on platforms where we don't support it. (#611)

    🛠 Fixed

    • Rare race condition when tearing down a tunnel due to recv_error and sending packets on another thread. (#590)

    • 🐛 Bug in routes and unsafe_routes handling that was introduced in 1.5.0. (#595)

    • -test mode no longer results in a crash. (#602)

    ✂ Removed

    • x509.ca config alias for pki.ca. (#604)

    🔒 Security

    • ⬆️ Upgraded golang.org/x/crypto to address an issue which allowed unauthenticated clients to cause a panic in SSH servers. (#603)