v0.35.1

What's Changed

• [client] Don't fail debug if log file is console by @lixmal in #3103
• [client] Fix inbound tracking in userspace firewall by @lixmal in #3111

Full Changelog: v0.35.0...v0.35.1

v0.35.0

Release notes

With this release, we are introducing a new concept in NetBird called Networks. This concept improves the administration of routed resources and provides greater visibility into what is shared with peers. Networks are configuration containers that map your on-premise or cloud networks in a logical set of configurations, making it easier to manage and share routes with your peers based on your infrastructure.

Support for Networks will be available for our cloud-hosted systems in the next few days.

You can find out more information about Networks here:
Concept
Routing traffic to multiple IP resources
Accessing restricted website domain resources
Accessing entire domains within networks

Some screenshots:
Unified view of your network resources:

Multiple resource types and new support for wildcard domains:

What's Changed

• [client] Add support for state manager on iOS by @pascal-fischer in #2996
• [client] Add peer conn init limit by @mlsmaycon in #3001
• [management] Remove peer needs login log message by @bcmmbaga in #3005
• [management] restructure api files by @pascal-fischer in #3013
• [Snyk] Security upgrade alpine from 3.20 to 3.21.0 by @mlsmaycon in #3019
• [client] Fix race condition with systray ready by @mohamed-essam in #2993
• [misc] split tests with management and rest by @mlsmaycon in #3051
• [misc] Handle dnf version 5 in install script by @mohamed-essam in #3026
• [client] fix: reformat IPv6 ICE addresses when hole punching by @jclds139 in #3050
• [misc] Upgrade x/crypto package by @mlsmaycon in #3055
• fix client unsupported h2 protocol when only 443 activated by @V-E-O in #3009
• [client] Avoid using iota on mixed const block by @mlsmaycon in #3057
• [client, management] Add new network concept by @lixmal in #3047
• [client] Do not start DNS forwarder on client side by @pappz in #3094
• [management] Fix duplicate resource routes when routing peer is part of the source group by @bcmmbaga in #3095
• [client] Reduce DNS handler chain lock contention by @lixmal in #3099
• [management] Run test sequential by @pascal-fischer in #3101
• [client] Add firewall rules to the debug bundle by @lixmal in #3089
• [client] Add stateful userspace firewall and remove egress filters by @lixmal in #3093

New Contributors

• @jclds139 made their first contribution in #3050
• @V-E-O made their first contribution in #3009

Full Changelog: v0.34.1...v0.35.0

v0.34.1

What's Changed

• [client] Cleanup status resources on engine stop by @mlsmaycon in #2981
• [client] Don't return error in rule removal if protocol is not supported by @lixmal in #2990
• [client] Init route selector early by @lixmal in #2989
• [client] Reduce max wait time to initialize peer connections by @mlsmaycon in #2984
• [management] Update account peers on login on meta change by @mohamed-essam in #2991
• [client] upgrade zcalusic/sysinfo to v1.1.3 (add serial support for ARM arch) by @EdouardVanbelle in #2954

New Contributors

• @mohamed-essam made their first contribution in #2991

Full Changelog: v0.34.0...v0.34.1

v0.34.0

Release notes

This release brings support to persistent network route selection across client restarts and fixes network access control policy rules to account for peers in source groups.

Enhancements:

Persistent network route selection

This feature is handy for users who want to maintain a specific network route selection across client restarts. The client will now remember the network routes selected before the restart and apply them after the restart.

Bug fixes:

Account different policy rules for route firewall rules

The network access control policy rules now account for peers in source groups. This fix ensures that the rules are correctly applied to the network routes.

What's Changed

• [misc] Update Caddyfile and Docker Compose to support HTTP3 #2822
• [client] Refactor initial Relay connection #2800
• [client] Don't return error in userspace mode without firewall when setting legacy #2924
• [client] Test nftables for incompatible iptables rules #2948
• [client] Set up sysctl and routing table name only if routing rules are available #2933
• [client] Allow routing to fallback to exclusion routes if rules are not supported #2909
• [client] Code cleaning in net pkg #2932
• [client] Unspecified address: default NetworkTypeUDP4+NetworkTypeUDP6 #2804
• [client] Add pprof build tag #2964
• [client] Persist route selection #2810
• [client] Add state file to debug bundle #2969
• [client] Fix debug bundle state anonymization test #2976
• [client] Pass IP instead of net to Rosenpass #2975
• [client] Get static system info once #2965
• [client] Add netbird.err and netbird.out to debug bundle #2971
• [client] Add network map to debug bundle #2966
• [client] Don't choke on non-existent interface in route updates #2922
• [client] Add state handling cmdline options #2821
• [management] Refactor posture check to use store methods #2874
• [management] Refactor policy to use store methods #2878
• [management] Refactor DNS settings to use store methods #2883
• [management] Refactor nameserver groups to use store methods #2888
• [management] refactor to use account object instead of separate db calls for peer update #2957
• [management] Add performance test for login and sync calls #2960
• [management] Add guide when signing key is not found #2942
• [management] Account different policy rules for route firewall rules #2939
• [management] Add missing parentheses on iphone hostname generation condition #2977
• [management] merge update account peers in sync call #2978

Big thanks to our new Contributors

• @v1rusnl made their first contribution in #2822
• @victorserbu2709 made their first contribution in #2804
• @jnohlgard made their first contribution in #2977

v0.33.0

What's Changed

• [misc] Introducing NetBird Guru on Gurubase.io by @kursataktas in #2778
• [misc] use google domain for tests by @mlsmaycon in #2902
• [misc] Update signing pipeline version by @mlsmaycon in #2900
• [management] Add transaction metrics and exclude getAccount time from peers update by @pascal-fischer in #2904
• [client] Add NB_SKIP_SOCKET_MARK & fix crash instead of returing an error by @nazarewk in #2899
• [management] Fix process posture check evaluation on Sync by @pascal-fischer in #2911
• [management] Add metric for peer meta update by @pascal-fischer in #2913
• [management] Add activity events to group propagation flow by @pascal-fischer in #2916
• [client] Fix allow netbird rule verdict by @lixmal in #2925
• [management] Fix getSetupKey call by @pascal-fischer in #2927

New Contributors

• @kursataktas made their first contribution in #2778

Full Changelog: v0.32.0...v0.33.0

v0.32.0

Release Notes for v0.32.0

Highlights

This release fixes an issue with the client's state manager that could cause a deadlock on a system with high load or slower system operations like adding routes or configuring network interfaces. This could affect the recovery from sleep, causing unwanted client state.

What's Changed

• [management] Refactor setup key to use store methods by @bcmmbaga in #2861
• [management] Add more logs to the peer update processes by @pascal-fischer in #2881
• [client] Improve state write timeout and abort work early on timeout by @lixmal in #2882
• [relay-server] Always close ws conn when work thread exit by @pappz in #2879
• [client] Update route calculation tests by @mlsmaycon in #2884
• [client] Handle panic on nil wg interface by @lixmal in #2891
• [management] Fix limited peer view groups by @pascal-fischer in #2894
• [client/management] add peer lock to peer meta update and fix isEqual func by @pascal-fischer in #2840
• [management] Limit the setup-key update operation by @pascal-fischer in #2841
• [management] Refactor group to use store methods by @bcmmbaga in #2867
• [management] Fix the Inactivity Expiration problem. by @ismail0234 in #2865
• [client] Fix state manager race conditions by @lixmal in #2890
• [client] Move state updates outside the refcounter by @lixmal in #2897
• [client] Fix error state race on mgmt connection error by @lixmal in #2892

New Contributors

• @ismail0234 made their first contribution in #2865

Full Changelog: v0.31.1...v0.32.0

v0.31.1

What's Changed

• [management] Fix add peer all group network map update by @pascal-fischer in #2830
• [misc] Avoid failing all other matrix tests if one fails by @mlsmaycon in #2839
• [client] Fix cached device flow oauth by @mlsmaycon in #2833
• [management] Fix network map update on peer validation by @pascal-fischer in #2849
• [client] Use the prerouting chain to mark for masquerading to support older systems by @lixmal in #2808
• [relay-server] Use X-Real-IP in case of reverse proxy by @pappz in #2848
• [client] Exclude split default route ip addresses from anonymization by @lixmal in #2853
• [management] Enforce max conn of 1 for sqlite setups by @pascal-fischer in #2855
• [management] Fix potential panic on inactivity expiration log message by @pascal-fischer in #2854
• [management] Add benchmark tests to get account with claims by @mlsmaycon in #2761
• [client] Use offload in WireGuard bind receiver by @pappz in #2815
• [management] Remove context from database calls by @pascal-fischer in #2863
• [management] Add peer lock to grpc server by @pascal-fischer in #2859
• [management] Fix api error message typo peers_group by @lixmal in #2862
• [client] Remove loop after route calculation by @pappz in #2856
• [client] fix/proxy close by @pappz in #2873
• [client] Fix race conditions by @lixmal in #2869

Full Changelog: v0.31.0...v0.31.1

v0.31.0

Release Notes for v0.31.0

Highlights

[management] Setup key improvements #2775

• We added support to setup-key deletion, allowing account cleanup of revoked or expired keys.
• The max expiration time was removed, allowing users to define any date for key expiration.
• Setup-keys are now stored as hashs, improving security for systems.

Because of a database migration where the setup-keys are being hashed, a downgrade is no longer possible without restoring a backup. So, testing and making sure a backup is done before upgrading is highly recommended. See backup docs here: https://docs.netbird.io/selfhosted/selfhosted-guide#backup

Improvements

• [client] Make native firewall init fail firewall creation #2784
• [misc] Update Zitadel from v2.54.10 to v2.64.1 #2793
• [client] allow relay leader on iOS #2795
• [management] remove network map diff calculations #2820
• [management] Add DB access duration to logs for context cancel #2781
• [client] Log windows panics #2829

Bug fixes

• [client] Ignore route rules with no sources instead of erroring out #2786
• [client] Fix multiple peer name filtering in netbird status command #2798
• [client] Fix the broken dependency gvisor.dev/gvisor #2789
• [management] Fix peer meta isEqual #2807
• [client] Nil check on ICE remote conn #2806
• [client] Allocate new buffer for every package #2823
• [client] Fix unused servers cleanup #2826
• [client] Remove legacy forwarding rules in userspace mode #2782

New Contributors

• @Codixer made their first contribution in #2793
• @mgarces made their first contribution in #2798
• @milantracy made their first contribution in #2789

Full Changelog: v0.30.3...v0.31.0

v0.30.3

What's Changed

• [management] Fix domain information is up to date check by @mlsmaycon in #2754
• Fix decompress zip path by @mlsmaycon in #2755
• Update sign workflow version by @mlsmaycon in #2756
• Release global lock on early error by @mlsmaycon in #2760
• Replace suite tests with regular go tests by @mlsmaycon in #2762
• [management] Fix context cancellation with JWT group sync enabled by @bcmmbaga in #2767
• [client] Eliminate UDP proxy in user-space mode by @pappz in #2712
• [management] Optimize network map updates by @bcmmbaga in #2718
• [management] Fix session inactivity response by @pascal-fischer in #2770
• [relay-client] Log exposed address by @pappz in #2771
• [client] Cleanup dns and route states on startup by @lixmal in #2757
• [client] Fix controller re-connection by @pappz in #2758
• [client] Cleanup firewall state on startup by @lixmal in #2768

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

• [relay, client] Relay/fix/wg roaming by @pappz in #2691
• [management] Refactor getAccountIDWithAuthorizationClaims by @mlsmaycon in #2715
• [client] Add table filter rules using iptables by @lixmal in #2727
• [relay-server] Move the handshake logic to a separated struct by @pappz in #2648
• [management] Add session expire functionality based on inactivity by @ctrl-zzz in #2326
• [client] Add universal bin build and update sign workflow version by @mlsmaycon in #2738
• [client] Exclude loopback from NAT by @lixmal in #2747
• [misc] Update Zitadel version on quickstart script by @eoksum in #2744
• [management] Fix JSON function compatibility for SQLite and PostgreSQL by @bcmmbaga in #2746

New Contributors

• @eoksum made their first contribution in #2744

Full Changelog: v0.30.1...v0.30.2