Release Notes for v0.69.0
What’s New
Reverse Proxy IP Reputation Integration
Now you can use CrowdSec to block malicious traffic based on IP reputation on your exposed service in the reverse proxy.
This feature requires self-hosted installations to add another container to their deployment. See instructions in the reverse proxy migration documentation.
For Cloud users, support is coming soon.
Learn more about here.
macOS p2p connectivity improvements
We’ve improved macOS p2p connectivity with a better routing exclusion mechanism to avoid loops. Now the client don’t add /32 routes per remote candidate addresses avoiding limitations on accessing remote peer’s local addresses via tunnel connections. Learn more about this change.
To use the old behavior run:
sudo netbird service reconfigure --service-env "NB_USE_LEGACY_ROUTING=true"
Client Improvements
- Added PCP support. This change adds support for the PCP protocol to the client to improve the rate of P2P connectivity.
[client] Add PCP support by lixmal · Pull Request #5219 · netbirdio/netbird · GitHub - Added –disable-networks flag to block network selection for users.
[client] Add --disable-networks flag to block network selection by lixmal · Pull Request #5896 · netbirdio/netbird · GitHub - Fixed clearing service env vars with --service-env “”.
[client] Fix clearing service env vars with --service-env "" by lixmal · Pull Request #5893 · netbirdio/netbird · GitHub - Guarded against container DNAT bypass of ACL rules in iptables.
[client] Guard against container DNAT bypass of ACL rules in iptables by lixmal · Pull Request #5697 · netbirdio/netbird · GitHub - Populated NetworkAddresses on iOS for posture checks.
[client] Populate NetworkAddresses on iOS for posture checks by MichaelUray · Pull Request #5900 · netbirdio/netbird · GitHub - Reconnected conntrack netlink listener on error.
[client] Reconnect conntrack netlink listener on error by lixmal · Pull Request #5885 · netbirdio/netbird · GitHub - Replaced exclusion routes with scoped default + IP_BOUND_IF on macOS.
[client] Replace exclusion routes with scoped default + IP_BOUND_IF on macOS by lixmal · Pull Request #5918 · netbirdio/netbird · GitHub - Fixed incorrect SSH client config combining Host and Match directives.
[client] Fix incorrect SSH client config combining Host and Match directives by lixmal · Pull Request #5903 · netbirdio/netbird · GitHub - Fixed WGIface.Close deadlock when DNS filter hook re-enters GetDevice.
[client] Fix WGIface.Close deadlock when DNS filter hook re-enters GetDevice by MichaelUray · Pull Request #5916 · netbirdio/netbird · GitHub
Management Improvements
- Enforced peer or peer groups requirement for network routers.
[management] Enforce peer or peer groups requirement for network routers by bcmmbaga · Pull Request #5894 · netbirdio/netbird · GitHub - Reused single cache store across all management server consumers.
[management] Reuse a single cache store across all management server consumers by mlsmaycon · Pull Request #5889 · netbirdio/netbird · GitHub - Fixed lint error on Google Workspace integration.
[management] chores: fix lint error on google workspace by jnfrati · Pull Request #5907 · netbirdio/netbird · GitHub
Proxy Enhancements
- Added CrowdSec IP reputation integration for reverse proxy.
https://github.com/netbirdio/netbird/pull/5722 - Added direct redirect to SSO.
[proxy] direct redirect to SSO by pascal-fischer · Pull Request #5874 · netbirdio/netbird · GitHub
Infrastructure Improvements
- Updated sign pipeline version to v0.1.2.
[infrastructure] Update sign pipeline version to v0.1.2 by lixmal · Pull Request #5884 · netbirdio/netbird · GitHub - Added CrowdSec LAPI container to self-hosted setup script.
[infrastructure] Add CrowdSec LAPI container to self-hosted setup script by lixmal · Pull Request #5880 · netbirdio/netbird · GitHub
New Contributors
- @MichaelUray made their first contribution in [client] Populate NetworkAddresses on iOS for posture checks by MichaelUray · Pull Request #5900 · netbirdio/netbird · GitHub
- @jnfrati made their first contribution in [management] chores: fix lint error on google workspace by jnfrati · Pull Request #5907 · netbirdio/netbird · GitHub
Full Changelog: Comparing v0.68.3...v0.69.0 · netbirdio/netbird · GitHub