v0.34.1

What's Changed

• [client] Cleanup status resources on engine stop by @mlsmaycon in #2981
• [client] Don't return error in rule removal if protocol is not supported by @lixmal in #2990
• [client] Init route selector early by @lixmal in #2989
• [client] Reduce max wait time to initialize peer connections by @mlsmaycon in #2984
• [management] Update account peers on login on meta change by @mohamed-essam in #2991
• [client] upgrade zcalusic/sysinfo to v1.1.3 (add serial support for ARM arch) by @EdouardVanbelle in #2954

New Contributors

• @mohamed-essam made their first contribution in #2991

Full Changelog: v0.34.0...v0.34.1

v0.34.0

Release notes

This release brings support to persistent network route selection across client restarts and fixes network access control policy rules to account for peers in source groups.

Enhancements:

Persistent network route selection

This feature is handy for users who want to maintain a specific network route selection across client restarts. The client will now remember the network routes selected before the restart and apply them after the restart.

Bug fixes:

Account different policy rules for route firewall rules

The network access control policy rules now account for peers in source groups. This fix ensures that the rules are correctly applied to the network routes.

What's Changed

• [misc] Update Caddyfile and Docker Compose to support HTTP3 #2822
• [client] Refactor initial Relay connection #2800
• [client] Don't return error in userspace mode without firewall when setting legacy #2924
• [client] Test nftables for incompatible iptables rules #2948
• [client] Set up sysctl and routing table name only if routing rules are available #2933
• [client] Allow routing to fallback to exclusion routes if rules are not supported #2909
• [client] Code cleaning in net pkg #2932
• [client] Unspecified address: default NetworkTypeUDP4+NetworkTypeUDP6 #2804
• [client] Add pprof build tag #2964
• [client] Persist route selection #2810
• [client] Add state file to debug bundle #2969
• [client] Fix debug bundle state anonymization test #2976
• [client] Pass IP instead of net to Rosenpass #2975
• [client] Get static system info once #2965
• [client] Add netbird.err and netbird.out to debug bundle #2971
• [client] Add network map to debug bundle #2966
• [client] Don't choke on non-existent interface in route updates #2922
• [client] Add state handling cmdline options #2821
• [management] Refactor posture check to use store methods #2874
• [management] Refactor policy to use store methods #2878
• [management] Refactor DNS settings to use store methods #2883
• [management] Refactor nameserver groups to use store methods #2888
• [management] refactor to use account object instead of separate db calls for peer update #2957
• [management] Add performance test for login and sync calls #2960
• [management] Add guide when signing key is not found #2942
• [management] Account different policy rules for route firewall rules #2939
• [management] Add missing parentheses on iphone hostname generation condition #2977
• [management] merge update account peers in sync call #2978

Big thanks to our new Contributors

• @v1rusnl made their first contribution in #2822
• @victorserbu2709 made their first contribution in #2804
• @jnohlgard made their first contribution in #2977

v0.33.0

What's Changed

• [misc] Introducing NetBird Guru on Gurubase.io by @kursataktas in #2778
• [misc] use google domain for tests by @mlsmaycon in #2902
• [misc] Update signing pipeline version by @mlsmaycon in #2900
• [management] Add transaction metrics and exclude getAccount time from peers update by @pascal-fischer in #2904
• [client] Add NB_SKIP_SOCKET_MARK & fix crash instead of returing an error by @nazarewk in #2899
• [management] Fix process posture check evaluation on Sync by @pascal-fischer in #2911
• [management] Add metric for peer meta update by @pascal-fischer in #2913
• [management] Add activity events to group propagation flow by @pascal-fischer in #2916
• [client] Fix allow netbird rule verdict by @lixmal in #2925
• [management] Fix getSetupKey call by @pascal-fischer in #2927

New Contributors

• @kursataktas made their first contribution in #2778

Full Changelog: v0.32.0...v0.33.0

v0.32.0

Release Notes for v0.32.0

Highlights

This release fixes an issue with the client's state manager that could cause a deadlock on a system with high load or slower system operations like adding routes or configuring network interfaces. This could affect the recovery from sleep, causing unwanted client state.

What's Changed

• [management] Refactor setup key to use store methods by @bcmmbaga in #2861
• [management] Add more logs to the peer update processes by @pascal-fischer in #2881
• [client] Improve state write timeout and abort work early on timeout by @lixmal in #2882
• [relay-server] Always close ws conn when work thread exit by @pappz in #2879
• [client] Update route calculation tests by @mlsmaycon in #2884
• [client] Handle panic on nil wg interface by @lixmal in #2891
• [management] Fix limited peer view groups by @pascal-fischer in #2894
• [client/management] add peer lock to peer meta update and fix isEqual func by @pascal-fischer in #2840
• [management] Limit the setup-key update operation by @pascal-fischer in #2841
• [management] Refactor group to use store methods by @bcmmbaga in #2867
• [management] Fix the Inactivity Expiration problem. by @ismail0234 in #2865
• [client] Fix state manager race conditions by @lixmal in #2890
• [client] Move state updates outside the refcounter by @lixmal in #2897
• [client] Fix error state race on mgmt connection error by @lixmal in #2892

New Contributors

• @ismail0234 made their first contribution in #2865

Full Changelog: v0.31.1...v0.32.0

v0.31.1

What's Changed

• [management] Fix add peer all group network map update by @pascal-fischer in #2830
• [misc] Avoid failing all other matrix tests if one fails by @mlsmaycon in #2839
• [client] Fix cached device flow oauth by @mlsmaycon in #2833
• [management] Fix network map update on peer validation by @pascal-fischer in #2849
• [client] Use the prerouting chain to mark for masquerading to support older systems by @lixmal in #2808
• [relay-server] Use X-Real-IP in case of reverse proxy by @pappz in #2848
• [client] Exclude split default route ip addresses from anonymization by @lixmal in #2853
• [management] Enforce max conn of 1 for sqlite setups by @pascal-fischer in #2855
• [management] Fix potential panic on inactivity expiration log message by @pascal-fischer in #2854
• [management] Add benchmark tests to get account with claims by @mlsmaycon in #2761
• [client] Use offload in WireGuard bind receiver by @pappz in #2815
• [management] Remove context from database calls by @pascal-fischer in #2863
• [management] Add peer lock to grpc server by @pascal-fischer in #2859
• [management] Fix api error message typo peers_group by @lixmal in #2862
• [client] Remove loop after route calculation by @pappz in #2856
• [client] fix/proxy close by @pappz in #2873
• [client] Fix race conditions by @lixmal in #2869

Full Changelog: v0.31.0...v0.31.1

v0.31.0

Release Notes for v0.31.0

Highlights

[management] Setup key improvements #2775

• We added support to setup-key deletion, allowing account cleanup of revoked or expired keys.
• The max expiration time was removed, allowing users to define any date for key expiration.
• Setup-keys are now stored as hashs, improving security for systems.

Because of a database migration where the setup-keys are being hashed, a downgrade is no longer possible without restoring a backup. So, testing and making sure a backup is done before upgrading is highly recommended. See backup docs here: https://docs.netbird.io/selfhosted/selfhosted-guide#backup

Improvements

• [client] Make native firewall init fail firewall creation #2784
• [misc] Update Zitadel from v2.54.10 to v2.64.1 #2793
• [client] allow relay leader on iOS #2795
• [management] remove network map diff calculations #2820
• [management] Add DB access duration to logs for context cancel #2781
• [client] Log windows panics #2829

Bug fixes

• [client] Ignore route rules with no sources instead of erroring out #2786
• [client] Fix multiple peer name filtering in netbird status command #2798
• [client] Fix the broken dependency gvisor.dev/gvisor #2789
• [management] Fix peer meta isEqual #2807
• [client] Nil check on ICE remote conn #2806
• [client] Allocate new buffer for every package #2823
• [client] Fix unused servers cleanup #2826
• [client] Remove legacy forwarding rules in userspace mode #2782

New Contributors

• @Codixer made their first contribution in #2793
• @mgarces made their first contribution in #2798
• @milantracy made their first contribution in #2789

Full Changelog: v0.30.3...v0.31.0

v0.30.3

What's Changed

• [management] Fix domain information is up to date check by @mlsmaycon in #2754
• Fix decompress zip path by @mlsmaycon in #2755
• Update sign workflow version by @mlsmaycon in #2756
• Release global lock on early error by @mlsmaycon in #2760
• Replace suite tests with regular go tests by @mlsmaycon in #2762
• [management] Fix context cancellation with JWT group sync enabled by @bcmmbaga in #2767
• [client] Eliminate UDP proxy in user-space mode by @pappz in #2712
• [management] Optimize network map updates by @bcmmbaga in #2718
• [management] Fix session inactivity response by @pascal-fischer in #2770
• [relay-client] Log exposed address by @pappz in #2771
• [client] Cleanup dns and route states on startup by @lixmal in #2757
• [client] Fix controller re-connection by @pappz in #2758
• [client] Cleanup firewall state on startup by @lixmal in #2768

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

• [relay, client] Relay/fix/wg roaming by @pappz in #2691
• [management] Refactor getAccountIDWithAuthorizationClaims by @mlsmaycon in #2715
• [client] Add table filter rules using iptables by @lixmal in #2727
• [relay-server] Move the handshake logic to a separated struct by @pappz in #2648
• [management] Add session expire functionality based on inactivity by @ctrl-zzz in #2326
• [client] Add universal bin build and update sign workflow version by @mlsmaycon in #2738
• [client] Exclude loopback from NAT by @lixmal in #2747
• [misc] Update Zitadel version on quickstart script by @eoksum in #2744
• [management] Fix JSON function compatibility for SQLite and PostgreSQL by @bcmmbaga in #2746

New Contributors

• @eoksum made their first contribution in #2744

Full Changelog: v0.30.1...v0.30.2

v0.30.1

This release fixes a few issues with the network route access controls and a bug with Signal service.

What's Changed

• [management] Remove admin check on getAccountByID by @pascal-fischer in #2699
• [management] Validate peer ownership during login by @bcmmbaga in #2704
• [client] Limit P2P attempts and restart on specific events by @lixmal in #2657
• [management] Propagate error in store errors by @pascal-fischer in #2709
• [misc] Add Link to the Lawrence Systems video by @braginini in #2711
• [management] Make max open db conns configurable by @pascal-fischer in #2713
• [management] Add support to envsub go management configurations by @mlsmaycon in #2708
• [management] Move testdata to sql files by @pascal-fischer in #2693
• [client] Improve route acl by @lixmal in #2705
• [signal] new signal dispatcher version by @pascal-fischer in #2722

Full Changelog: v0.30.0...v0.30.1

v0.30.0

Release Notes for v0.30.0

What's New

Access Control for Network Routes

Starting with version 0.30.0, users can assign access control groups to network routes, offering improved security and traffic restrictions. Route access is now unidirectional, ensuring traffic complies with the specified policies before authorization. This feature enhances the flexibility of network management.

To configure this, follow the documentation: Configuring routes with access control.

Improvements

• Add Access Control for Network Routes: [management, client] Add access control support to network routes #2100
• Remove Redundant Account Token Calls: [management] Remove redundant get account calls in GetAccountFromToken #2615
• Refactor User JWT Group Synchronization: [management] Refactor User JWT group sync #2690

Bug Fixes

• Anonymize Relay Address in Peers View: [client] Anonymize relay address in status peers view #2640
• Check WireGuard Interface Instead of Engine Context: [client] Check wginterface instead of engine ctx #2676
• Close Remote Connection in Proxy: [client] Close the remote conn in proxy #2626
• Fix eBPF Close Function: [client] Fix ebpf close function #2672
• Fix Relay Disconnection Handling: [client] Fix Relay disconnection handling #2680
• Restrict Peer Access for Non-Admins: [management] Restrict accessible peers to user-owned peers for non-admins #2618

Other Changes

• Adjust Relay Worker Log Levels: [client] Adjust relay worker log level and message #2683
• Improve Error Count Formatting: [client] Fix error count formatting #2641
• Refactor Interface Package: [client] Refactor/iface pkg #2646
• Remove Custom Localhost Dialer: [client] Remove usage of custom dialer for localhost #2639
• Add Account Existence Check to AccountManager: [management] Add AccountExists to AccountManager #2694
• Add DB Retrieval Method: [management] Add get DB method to store #2650
• Fix Account Manager Mock Implementation: [management] Fix account manager mock #2695
• Propagate Management Metrics: [management] Propagate metrics #2667
• Remove File Store in Management: [management] Remove file store #2689
• Update Management Docker Image: [management] Update management base docker image #2687
• Improve ZITADEL IDP Error Handling: [management] improve zitadel idp error response detail #2634
• Add Log Setting to Caddy Container: [misc] Add log setting to Caddy container #2684
• Fix IP Range Posture Check Example: [misc] Fix ip range posture check example in API doc #2628
• Update to Goreleaser Version 2: [misc] Specify goreleaser version and update to 2 #2673
• Use Packages to Fetch Latest Version: [misc] Use the pkgs to get the latest version #2682
• Move Signal Message Handling into Dispatcher: [signal] Move dummy signal message handling into dispatcher #2686
• Propagate Signal Metrics: [signal] Propagate metrics #2668
• Add Context to Signal Dispatcher: [signal] add context to signal-dispatcher #2662

New Contributors

• @adasauce made their first contribution in #2634
• @simen64 made their first contribution in #2678

Full Changelog: v0.29.4...v0.30.0