Skip to content

Release v1.9.0
Compare
Choose a tag to compare
@github-actions github-actions released this 08 May 14:39
· 34 commits to master since this release
v1.9.0
This tag was signed with the committer’s verified signature.
wadey Wade Simmons
GPG key ID: E6A335D7C5B6971A
Learn about vigilant mode.
50b24c1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Deprecated

  • This release adds a new setting default_local_cidr_any that defaults to
    true to match previous behavior, but will default to false in the next
    release (1.10). When set to false, local_cidr is matched correctly for
    firewall rules on hosts acting as unsafe routers, and should be set for any
    firewall rules you want to allow unsafe route hosts to access. See the issue
    and example config for more details. (#1071, #1099)

Added

  • Nebula now has an official Docker image nebulaoss/nebula that is
    distroless and contains just the nebula and nebula-cert binaries. You
    can find it here: https://hub.docker.com/r/nebulaoss/nebula (#1037)

  • Experimental binaries for loong64 are now provided. (#1003)

  • Added example service script for OpenRC. (#711)

  • The SSH daemon now supports inlined host keys. (#1054)

  • The SSH daemon now supports certificates with sshd.trusted_cas. (#1098)

Changed

Removed

  • Support for the deprecated local_range option has been removed. Please
    change to preferred_ranges (which is also now reloadable). (#1043)

  • We are now building with go1.22, which means that for Windows you need at
    least Windows 10 or Windows Server 2016. This is because support for earlier
    versions was removed in Go 1.21. See https://go.dev/doc/go1.21#windows (#981)

  • Removed vagrant example, as it was unmaintained. (#1129)

  • Removed Fedora and Arch nebula.service files, as they are maintained in the
    upstream repos. (#1128, #1132)

  • Remove the TCP round trip tracking metrics, as they never had correct data
    and were an experiment to begin with. (#1114)

Fixed

  • Fixed a potential deadlock introduced in 1.8.1. (#1112)

  • Fixed support for Linux when IPv6 has been disabled at the OS level. (#787)

  • DNS will return NXDOMAIN now when there are no results. (#845)

  • Allow :: in lighthouse.dns.host. (#1115)

  • Capitalization of NotAfter fixed in DNS TXT response. (#1127)

  • Don't log invalid certificates. It is untrusted data and can cause a large
    volume of logs. (#1116)

Assets 26
Loading