cloudflare/cloudflared

Public

mirrored from https://github.com/cloudflare/cloudflaredAvailable

CodeCommitsIssuesPull requestsActionsInsightsSecurity
2021.12.4

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

CHANGES.md

239lines · modecode

1**Experimental**: This is a new format for release notes. The format and availability is subject to change.
2
3## 2021.12.2
4### Bug Fixes
5- Fix logging when `quic` transport is used and UDP traffic is proxied.
6- FIPS compliant cloudflared binaries will now be released as separate artifacts. Recall that these are only for linux
7and amd64.
8
9## 2021.12.1
10### Bug Fixes
11 - Fixes Github issue #530 where cloudflared 2021.12.0 could not reach origins that were HTTPS and using certain encryption
12methods forbidden by FIPS compliance (such as Let's Encrypt certificates). To address this fix we have temporarily reverted
13FIPS compliance from amd64 linux binaries that was recently introduced (or fixed actually as it was never working before).
14
15## 2021.12.0
16### New Features
17- Cloudflared binary released for amd64 linux is now FIPS compliant.
18
19### Improvements
20- Logging about connectivity to Cloudflare edge now only yields `ERR` level logging if there are no connections to
21Cloudflare edge that are active. Otherwise it logs `WARN` level.
22
23### Bug Fixes
24- Fixes Github issue #501.
25
26## 2021.11.0
27### Improvements
28- Fallback from `protocol:quic` to `protocol:http2` immediately if UDP connectivity isn't available. This could be because of a firewall or
29egress rule.
30
31## 2021.10.4
32### Improvements
33- Collect quic transport metrics on RTT, packets and bytes transferred.
34
35### Bug Fixes
36- Fix race condition that was writing to the connection after the http2 handler returns.
37
38## 2021.9.2
39
40### New features
41- `cloudflared` can now run with `quic` as the underlying tunnel transport protocol. To try it, change or add "protocol: quic" to your config.yml file or
42run cloudflared with the `--protocol quic` flag. e.g:
43 `cloudflared tunnel --protocol quic run <tunnel-name>`
44
45### Bug Fixes
46- Fixed some generic transport bugs in `quic` mode. It's advised to upgrade to at least this version (2021.9.2) when running `cloudflared`
47with `quic` protocol.
48- `cloudflared` docker images will now show version.
49
50
51## 2021.8.4
52### Improvements
53- Temporary tunnels (those hosted on trycloudflare.com that do not require a Cloudflare login) now run as Named Tunnels
54underneath. We recall that these tunnels should not be relied upon for production usage as they come with no guarantee
55of uptime. Previous cloudflared versions will soon be unable to run legacy temporary tunnels and will require an update
56(to this version or more recent).
57
58## 2021.8.2
59### Improvements
60- Because Equinox os shutting down, all cloudflared releases are now present [here](https://github.com/cloudflare/cloudflared/releases).
61[Equinox](https://dl.equinox.io/cloudflare/cloudflared/stable) will no longer receive updates.
62
63## 2021.8.0
64### Bug fixes
65- Prevents tunnel from accidentally running when only proxy-dns should run.
66
67### Improvements
68- If auto protocol transport lookup fails, we now default to a transport instead of not connecting.
69
70## 2021.6.0
71### Bug Fixes
72- Fixes a http2 transport (the new default for Named Tunnels) to work with unix socket origins.
73
74
75## 2021.5.10
76### Bug Fixes
77- Fixes a memory leak in h2mux transport that connects cloudflared to Cloudflare edge.
78
79
80## 2021.5.9
81### New Features
82- Uses new Worker based login helper service to facilitate token exchange in cloudflared flows.
83
84### Bug Fixes
85- Fixes Centos-7 builds.
86
87## 2021.5.8
88### New Features
89- When creating a DNS record to point a hostname at a tunnel, you can now use --overwrite-dns to overwrite any existing
90 DNS records with that hostname. This works both when using the CLI to provision DNS, as well as when starting an adhoc
91 named tunnel, e.g.:
92 - `cloudflared tunnel route dns --overwrite-dns foo-tunnel foo.example.com`
93 - `cloudflared tunnel --overwrite-dns --name foo-tunnel --hostname foo.example.com`
94
95## 2021.5.7
96### New Features
97- Named Tunnels will automatically select the protocol to connect to Cloudflare's edge network.
98
99## 2021.5.0
100
101### New Features
102- It is now possible to run the same tunnel using more than one `cloudflared` instance. This is a server-side change and
103 is compatible with any client version that uses Named Tunnels.
104
105 To get started, visit our [developer documentation](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/deploy-cloudflared-replicas).
106- `cloudflared tunnel ingress validate` will now warn about unused keys in your config file. This is helpful for
107 detecting typos in your config.
108- If `cloudflared` detects it is running inside a Linux container, it will limit itself to use only the number of CPUs
109 the pod has been granted, instead of trying to use every CPU available.
110
111## 2021.4.0
112
113### Bug Fixes
114
115- Fixed proxying of websocket requests to avoid possibility of losing initial frames that were sent in the same TCP
116 packet as response headers [#345](https://github.com/cloudflare/cloudflared/issues/345).
117- `proxy-dns` option now works in conjunction with running a named tunnel [#346](https://github.com/cloudflare/cloudflared/issues/346).
118
119## 2021.3.6
120
121### Bug Fixes
122
123- Reverted 2021.3.5 improvement to use HTTP/2 in a best-effort manner between cloudflared and origin services because
124 it was found to break in some cases.
125
126## 2021.3.5
127
128### Improvements
129
130 - HTTP/2 transport is now always chosen if origin server supports it and the service url scheme is HTTPS.
131 This was previously done in a best attempt manner.
132
133### Bug Fixes
134
135 - The MacOS binaries were not successfully released in 2021.3.3 and 2021.3.4. This release is aimed at addressing that.
136
137## 2021.3.3
138
139### Improvements
140
141- Tunnel create command, as well as, running ad-hoc tunnels using `cloudflared tunnel -name NAME`, will not overwrite
142 existing files when writing tunnel credentials.
143
144### Bug Fixes
145
146- Tunnel create and delete commands no longer use path to credentials from the configuration file.
147 If you need ot place tunnel credentials file at a specific location, you must use `--credentials-file` flag.
148- Access ssh-gen creates properly named keys for SSH short lived certs.
149
150
151## 2021.3.2
152
153### New Features
154
155- It is now possible to obtain more detailed information about the cloudflared connectors to Cloudflare Edge via
156 `cloudflared tunnel info <name/uuid>`. It is possible to sort the output as well as output in different formats,
157 such as: `cloudflared tunnel info --sort-by version --invert-sort --output json <name/uuid>`.
158 You can obtain more information via `cloudflared tunnel info --help`.
159
160### Bug Fixes
161
162- Don't look for configuration file in default paths when `--config FILE` flag is present after `tunnel` subcommand.
163- cloudflared access token command now functions correctly with the new token-per-app change from 2021.3.0.
164
165
166## 2021.3.0
167
168### New Features
169
170- [Cloudflare One Routing](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) specific commands
171 now show up in the `cloudflared tunnel route --help` output.
172- There is a new ingress type that allows cloudflared to proxy SOCKS5 as a bastion. You can use it with an ingress
173 rule by adding `service: socks-proxy`. Traffic is routed to any destination specified by the SOCKS5 packet but only
174 if allowed by a rule. In the following example we allow proxying to a certain CIDR but explicitly forbid one address
175 within it:
176```
177ingress:
178 - hostname: socks.example.com
179 service: socks-proxy
180 originRequest:
181 ipRules:
182 - prefix: 192.168.1.8/32
183 allow: false
184 - prefix: 192.168.1.0/24
185 ports: [80, 443]
186 allow: true
187```
188
189
190### Improvements
191
192- Nested commands, such as `cloudflared tunnel run`, now consider CLI arguments even if they appear earlier on the
193 command. For instance, `cloudflared --config config.yaml tunnel run` will now behave the same as
194 `cloudflared tunnel --config config.yaml run`
195- Warnings are now shown in the output logs whenever cloudflared is running without the most recent version and
196 `no-autoupdate` is `true`.
197- Access tokens are now stored per Access App instead of per request path. This decreases the number of times that the
198 user is required to authenticate with an Access policy redundantly.
199
200### Bug Fixes
201
202- GitHub [PR #317](https://github.com/cloudflare/cloudflared/issues/317) was broken in 2021.2.5 and is now fixed again.
203
204## 2021.2.5
205
206### New Features
207
208- We introduce [Cloudflare One Routing](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) in
209 beta mode. Cloudflare customer can now connect users and private networks with RFC 1918 IP addresses via the
210 Cloudflare edge network. Users running Cloudflare WARP client in the same organization can connect to the services
211 made available by Argo Tunnel IP routes. Please share your feedback in the GitHub issue tracker.
212
213## 2021.2.4
214
215### Bug Fixes
216
217- Reverts the Improvement released in 2021.2.3 for CLI arguments as it introduced a regression where cloudflared failed
218 to read URLs in configuration files.
219- cloudflared now logs the reason for failed connections if the error is recoverable.
220
221## 2021.2.3
222
223### Backward Incompatible Changes
224
225- Removes db-connect. The Cloudflare Workers product will continue to support db-connect implementations with versions
226 of cloudflared that predate this release and include support for db-connect.
227
228### New Features
229
230- Introduces support for proxy configurations with websockets in arbitrary TCP connections (#318).
231
232### Improvements
233
234- (reverted) Nested command line argument handling.
235
236### Bug Fixes
237
238- The maximum number of upstream connections is now limited by default which should fix reported issues of cloudflared
239 exhausting CPU usage when faced with connectivity issues.
240