Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prepare CHANGELOG for v1.9.0 #1137

Merged
merged 5 commits into from
May 8, 2024
Merged

prepare CHANGELOG for v1.9.0 #1137

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fddb8bf
prepare CHANGELOG for v1.9.0
wadey May 6, 2024
2e37a62
lots of CHANGELOG
wadey May 7, 2024
247a9ab
Update README.md
wadey May 7, 2024
288c261
move to Fixed
wadey May 7, 2024
49a35a9
note the next release
wadey May 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 70 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,74 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [1.9.0] - 2024-05-07

### Deprecated

- This release adds a new setting `default_local_cidr_any` that defaults to
true to match previous behavior, but will default to false in a future
release. When set to false, `local_cidr` is matched correctly for firewall
rules on hosts acting as unsafe routers, and should be set for any firewall
rules you want to allow unsafe route hosts to access. See the issue and
example config for more details. (#1071, #1099)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we pretty sure we'll switch the flag in the next release (v1.10.0)? Clarifying might be nice, to give people a heads up to test the new default sooner rather than later.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah lets do that


### Added

- Nebula now has an official Docker image `nebulaoss/nebula` that is
distroless and contains just the `nebula` and `nebula-cert` binaries. You
can find it here: https://hub.docker.com/r/nebulaoss/nebula (#1037)

- Experimental binaries for `loong64` are now provided. (#1003)

- Added example service script for OpenRC. (#711)

- The SSH daemon now supports inlined host keys. (#1054)

- The SSH daemon now supports certificates with `sshd.trusted_cas`. (#1098)

### Changed

- Config setting `tun.unsafe_routes` is now reloadable. (#1083)

- Allow `::` in `lighthouse.dns.host`. (#1115)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or "Fixed" since it was already allowed for listen and arguably [::] is not a host (but rather an IPv6 host component of an IP:port combo) but I think I am only nitpicking.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah I debated this! I think moving to Fixed is probably correct.


- Small documentation and internal improvements. (#1065, #1067, #1069, #1108,
#1109, #1111, #1135)

- Various dependency updates. (#1139, #1138, #1134, #1133, #1126, #1123, #1110,
#1094, #1092, #1087, #1086, #1085, #1072, #1063, #1059, #1055, #1053, #1047,
#1046, #1034, #1022)

### Removed

- Support for the deprecated `local_range` option has been removed. Please
change to `preferred_ranges` (which is also now reloadable). (#1043)

- We are now building with go1.22, which means that for Windows you need at
least Windows 10 or Windows Server 2016. This is because support for earlier
versions was removed in Go 1.21. See https://go.dev/doc/go1.21#windows (#981)

- Removed vagrant example, as it was unmaintained. (#1129)

- Removed Fedora and Arch nebula.service files, as they are maintained in the
upstream repos. (#1128, #1132)

- Remove the TCP round trip tracking metrics, as they never had correct data
and were an experiment to begin with. (#1114)

### Fixed

- Fixed a potential deadlock introduced in 1.8.1. (#1112)

- Fixed support for Linux when IPv6 has been disabled at the OS level. (#787)

- DNS will return NXDOMAIN now when there are no results. (#845)

- Capitalization of `NotAfter` fixed in DNS TXT response. (#1127)

- Don't log invalid certificates. It is untrusted data and can cause a large
volume of logs. (#1116)

## [1.8.2] - 2024-01-08

### Fixed
Expand Down Expand Up @@ -558,7 +626,8 @@ created.)

- Initial public release.

[Unreleased]: https://github.com/slackhq/nebula/compare/v1.8.2...HEAD
[Unreleased]: https://github.com/slackhq/nebula/compare/v1.9.0...HEAD
[1.9.0]: https://github.com/slackhq/nebula/releases/tag/v1.9.0
[1.8.2]: https://github.com/slackhq/nebula/releases/tag/v1.8.2
[1.8.1]: https://github.com/slackhq/nebula/releases/tag/v1.8.1
[1.8.0]: https://github.com/slackhq/nebula/releases/tag/v1.8.0
Expand Down
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,11 @@ Check the [releases](https://github.com/slackhq/nebula/releases/latest) page for
$ brew install nebula
```

- [Docker](https://hub.docker.com/r/nebulaoss/nebula)
```
$ docker run nebulaoss/nebula
wadey marked this conversation as resolved.
Show resolved Hide resolved
```

#### Mobile

- [iOS](https://apps.apple.com/us/app/mobile-nebula/id1509587936?itsct=apps_box&itscg=30200)
Expand Down
4 changes: 2 additions & 2 deletions examples/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,8 +167,7 @@ punchy:

# Preferred ranges is used to define a hint about the local network ranges, which speeds up discovering the fastest
# path to a network adjacent nebula node.
# NOTE: the previous option "local_range" only allowed definition of a single range
# and has been deprecated for "preferred_ranges"
# This setting is reloadable.
#preferred_ranges: ["172.16.0.0/24"]

# sshd can expose informational and administrative functions via ssh. This can expose informational and administrative
Expand Down Expand Up @@ -233,6 +232,7 @@ tun:
# `mtu`: will default to tun mtu if this option is not specified
# `metric`: will default to 0 if this option is not specified
# `install`: will default to true, controls whether this route is installed in the systems routing table.
# This setting is reloadable.
unsafe_routes:
#- route: 172.16.1.0/24
# via: 192.168.100.99
Expand Down