cloudflare/cloudflared
Publicmirrored from https://github.com/cloudflare/cloudflaredAvailable
CHANGES.md
239lines · modecode
| 1 | **Experimental**: This is a new format for release notes. The format and availability is subject to change. |
| 2 | |
| 3 | ## 2021.12.2 |
| 4 | ### Bug Fixes |
| 5 | - Fix logging when `quic` transport is used and UDP traffic is proxied. |
| 6 | - FIPS compliant cloudflared binaries will now be released as separate artifacts. Recall that these are only for linux |
| 7 | and amd64. |
| 8 | |
| 9 | ## 2021.12.1 |
| 10 | ### Bug Fixes |
| 11 | - Fixes Github issue #530 where cloudflared 2021.12.0 could not reach origins that were HTTPS and using certain encryption |
| 12 | methods forbidden by FIPS compliance (such as Let's Encrypt certificates). To address this fix we have temporarily reverted |
| 13 | FIPS compliance from amd64 linux binaries that was recently introduced (or fixed actually as it was never working before). |
| 14 | |
| 15 | ## 2021.12.0 |
| 16 | ### New Features |
| 17 | - Cloudflared binary released for amd64 linux is now FIPS compliant. |
| 18 | |
| 19 | ### Improvements |
| 20 | - Logging about connectivity to Cloudflare edge now only yields `ERR` level logging if there are no connections to |
| 21 | Cloudflare edge that are active. Otherwise it logs `WARN` level. |
| 22 | |
| 23 | ### Bug Fixes |
| 24 | - Fixes Github issue #501. |
| 25 | |
| 26 | ## 2021.11.0 |
| 27 | ### Improvements |
| 28 | - Fallback from `protocol:quic` to `protocol:http2` immediately if UDP connectivity isn't available. This could be because of a firewall or |
| 29 | egress rule. |
| 30 | |
| 31 | ## 2021.10.4 |
| 32 | ### Improvements |
| 33 | - Collect quic transport metrics on RTT, packets and bytes transferred. |
| 34 | |
| 35 | ### Bug Fixes |
| 36 | - Fix race condition that was writing to the connection after the http2 handler returns. |
| 37 | |
| 38 | ## 2021.9.2 |
| 39 | |
| 40 | ### New features |
| 41 | - `cloudflared` can now run with `quic` as the underlying tunnel transport protocol. To try it, change or add "protocol: quic" to your config.yml file or |
| 42 | run cloudflared with the `--protocol quic` flag. e.g: |
| 43 | `cloudflared tunnel --protocol quic run <tunnel-name>` |
| 44 | |
| 45 | ### Bug Fixes |
| 46 | - Fixed some generic transport bugs in `quic` mode. It's advised to upgrade to at least this version (2021.9.2) when running `cloudflared` |
| 47 | with `quic` protocol. |
| 48 | - `cloudflared` docker images will now show version. |
| 49 | |
| 50 | |
| 51 | ## 2021.8.4 |
| 52 | ### Improvements |
| 53 | - Temporary tunnels (those hosted on trycloudflare.com that do not require a Cloudflare login) now run as Named Tunnels |
| 54 | underneath. We recall that these tunnels should not be relied upon for production usage as they come with no guarantee |
| 55 | of uptime. Previous cloudflared versions will soon be unable to run legacy temporary tunnels and will require an update |
| 56 | (to this version or more recent). |
| 57 | |
| 58 | ## 2021.8.2 |
| 59 | ### Improvements |
| 60 | - Because Equinox os shutting down, all cloudflared releases are now present [here](https://github.com/cloudflare/cloudflared/releases). |
| 61 | [Equinox](https://dl.equinox.io/cloudflare/cloudflared/stable) will no longer receive updates. |
| 62 | |
| 63 | ## 2021.8.0 |
| 64 | ### Bug fixes |
| 65 | - Prevents tunnel from accidentally running when only proxy-dns should run. |
| 66 | |
| 67 | ### Improvements |
| 68 | - If auto protocol transport lookup fails, we now default to a transport instead of not connecting. |
| 69 | |
| 70 | ## 2021.6.0 |
| 71 | ### Bug Fixes |
| 72 | - Fixes a http2 transport (the new default for Named Tunnels) to work with unix socket origins. |
| 73 | |
| 74 | |
| 75 | ## 2021.5.10 |
| 76 | ### Bug Fixes |
| 77 | - Fixes a memory leak in h2mux transport that connects cloudflared to Cloudflare edge. |
| 78 | |
| 79 | |
| 80 | ## 2021.5.9 |
| 81 | ### New Features |
| 82 | - Uses new Worker based login helper service to facilitate token exchange in cloudflared flows. |
| 83 | |
| 84 | ### Bug Fixes |
| 85 | - Fixes Centos-7 builds. |
| 86 | |
| 87 | ## 2021.5.8 |
| 88 | ### New Features |
| 89 | - When creating a DNS record to point a hostname at a tunnel, you can now use --overwrite-dns to overwrite any existing |
| 90 | DNS records with that hostname. This works both when using the CLI to provision DNS, as well as when starting an adhoc |
| 91 | named tunnel, e.g.: |
| 92 | - `cloudflared tunnel route dns --overwrite-dns foo-tunnel foo.example.com` |
| 93 | - `cloudflared tunnel --overwrite-dns --name foo-tunnel --hostname foo.example.com` |
| 94 | |
| 95 | ## 2021.5.7 |
| 96 | ### New Features |
| 97 | - Named Tunnels will automatically select the protocol to connect to Cloudflare's edge network. |
| 98 | |
| 99 | ## 2021.5.0 |
| 100 | |
| 101 | ### New Features |
| 102 | - It is now possible to run the same tunnel using more than one `cloudflared` instance. This is a server-side change and |
| 103 | is compatible with any client version that uses Named Tunnels. |
| 104 | |
| 105 | To get started, visit our [developer documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/deploy-cloudflared-replicas). |
| 106 | - `cloudflared tunnel ingress validate` will now warn about unused keys in your config file. This is helpful for |
| 107 | detecting typos in your config. |
| 108 | - If `cloudflared` detects it is running inside a Linux container, it will limit itself to use only the number of CPUs |
| 109 | the pod has been granted, instead of trying to use every CPU available. |
| 110 | |
| 111 | ## 2021.4.0 |
| 112 | |
| 113 | ### Bug Fixes |
| 114 | |
| 115 | - Fixed proxying of websocket requests to avoid possibility of losing initial frames that were sent in the same TCP |
| 116 | packet as response headers [#345](https://github.com/cloudflare/cloudflared/issues/345). |
| 117 | - `proxy-dns` option now works in conjunction with running a named tunnel [#346](https://github.com/cloudflare/cloudflared/issues/346). |
| 118 | |
| 119 | ## 2021.3.6 |
| 120 | |
| 121 | ### Bug Fixes |
| 122 | |
| 123 | - Reverted 2021.3.5 improvement to use HTTP/2 in a best-effort manner between cloudflared and origin services because |
| 124 | it was found to break in some cases. |
| 125 | |
| 126 | ## 2021.3.5 |
| 127 | |
| 128 | ### Improvements |
| 129 | |
| 130 | - HTTP/2 transport is now always chosen if origin server supports it and the service url scheme is HTTPS. |
| 131 | This was previously done in a best attempt manner. |
| 132 | |
| 133 | ### Bug Fixes |
| 134 | |
| 135 | - The MacOS binaries were not successfully released in 2021.3.3 and 2021.3.4. This release is aimed at addressing that. |
| 136 | |
| 137 | ## 2021.3.3 |
| 138 | |
| 139 | ### Improvements |
| 140 | |
| 141 | - Tunnel create command, as well as, running ad-hoc tunnels using `cloudflared tunnel -name NAME`, will not overwrite |
| 142 | existing files when writing tunnel credentials. |
| 143 | |
| 144 | ### Bug Fixes |
| 145 | |
| 146 | - Tunnel create and delete commands no longer use path to credentials from the configuration file. |
| 147 | If you need ot place tunnel credentials file at a specific location, you must use `--credentials-file` flag. |
| 148 | - Access ssh-gen creates properly named keys for SSH short lived certs. |
| 149 | |
| 150 | |
| 151 | ## 2021.3.2 |
| 152 | |
| 153 | ### New Features |
| 154 | |
| 155 | - It is now possible to obtain more detailed information about the cloudflared connectors to Cloudflare Edge via |
| 156 | `cloudflared tunnel info <name/uuid>`. It is possible to sort the output as well as output in different formats, |
| 157 | such as: `cloudflared tunnel info --sort-by version --invert-sort --output json <name/uuid>`. |
| 158 | You can obtain more information via `cloudflared tunnel info --help`. |
| 159 | |
| 160 | ### Bug Fixes |
| 161 | |
| 162 | - Don't look for configuration file in default paths when `--config FILE` flag is present after `tunnel` subcommand. |
| 163 | - cloudflared access token command now functions correctly with the new token-per-app change from 2021.3.0. |
| 164 | |
| 165 | |
| 166 | ## 2021.3.0 |
| 167 | |
| 168 | ### New Features |
| 169 | |
| 170 | - [Cloudflare One Routing](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) specific commands |
| 171 | now show up in the `cloudflared tunnel route --help` output. |
| 172 | - There is a new ingress type that allows cloudflared to proxy SOCKS5 as a bastion. You can use it with an ingress |
| 173 | rule by adding `service: socks-proxy`. Traffic is routed to any destination specified by the SOCKS5 packet but only |
| 174 | if allowed by a rule. In the following example we allow proxying to a certain CIDR but explicitly forbid one address |
| 175 | within it: |
| 176 | ``` |
| 177 | ingress: |
| 178 | - hostname: socks.example.com |
| 179 | service: socks-proxy |
| 180 | originRequest: |
| 181 | ipRules: |
| 182 | - prefix: 192.168.1.8/32 |
| 183 | allow: false |
| 184 | - prefix: 192.168.1.0/24 |
| 185 | ports: [80, 443] |
| 186 | allow: true |
| 187 | ``` |
| 188 | |
| 189 | |
| 190 | ### Improvements |
| 191 | |
| 192 | - Nested commands, such as `cloudflared tunnel run`, now consider CLI arguments even if they appear earlier on the |
| 193 | command. For instance, `cloudflared --config config.yaml tunnel run` will now behave the same as |
| 194 | `cloudflared tunnel --config config.yaml run` |
| 195 | - Warnings are now shown in the output logs whenever cloudflared is running without the most recent version and |
| 196 | `no-autoupdate` is `true`. |
| 197 | - Access tokens are now stored per Access App instead of per request path. This decreases the number of times that the |
| 198 | user is required to authenticate with an Access policy redundantly. |
| 199 | |
| 200 | ### Bug Fixes |
| 201 | |
| 202 | - GitHub [PR #317](https://github.com/cloudflare/cloudflared/issues/317) was broken in 2021.2.5 and is now fixed again. |
| 203 | |
| 204 | ## 2021.2.5 |
| 205 | |
| 206 | ### New Features |
| 207 | |
| 208 | - We introduce [Cloudflare One Routing](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) in |
| 209 | beta mode. Cloudflare customer can now connect users and private networks with RFC 1918 IP addresses via the |
| 210 | Cloudflare edge network. Users running Cloudflare WARP client in the same organization can connect to the services |
| 211 | made available by Argo Tunnel IP routes. Please share your feedback in the GitHub issue tracker. |
| 212 | |
| 213 | ## 2021.2.4 |
| 214 | |
| 215 | ### Bug Fixes |
| 216 | |
| 217 | - Reverts the Improvement released in 2021.2.3 for CLI arguments as it introduced a regression where cloudflared failed |
| 218 | to read URLs in configuration files. |
| 219 | - cloudflared now logs the reason for failed connections if the error is recoverable. |
| 220 | |
| 221 | ## 2021.2.3 |
| 222 | |
| 223 | ### Backward Incompatible Changes |
| 224 | |
| 225 | - Removes db-connect. The Cloudflare Workers product will continue to support db-connect implementations with versions |
| 226 | of cloudflared that predate this release and include support for db-connect. |
| 227 | |
| 228 | ### New Features |
| 229 | |
| 230 | - Introduces support for proxy configurations with websockets in arbitrary TCP connections (#318). |
| 231 | |
| 232 | ### Improvements |
| 233 | |
| 234 | - (reverted) Nested command line argument handling. |
| 235 | |
| 236 | ### Bug Fixes |
| 237 | |
| 238 | - The maximum number of upstream connections is now limited by default which should fix reported issues of cloudflared |
| 239 | exhausting CPU usage when faced with connectivity issues. |
| 240 | |