catalin/fukuops

Fork 1

chore(deps): update netbirdio/netbird docker tag to v0.64.1 - autoclosed #562

Closed

renovate-bot wants to merge 1 commit from renovate/netbirdio-netbird-0.x into main

renovate-bot commented

2026-01-22 03:01:45 +00:00

Collaborator

This PR contains the following updates:

Package	Update	Change
netbirdio/netbird	minor	`0.59.11` → `0.64.1`

Release Notes

netbirdio/netbird (netbirdio/netbird)

`v0.64.1`

Compare Source

Release Notes for v0.64.1

What's New

Client Improvements

Fixed RFC 4592 wildcard matching for existing domain names.
#5145
Extended the WireGuard watcher to also monitor ICE connections.
#5133
Added IPv6 support to userspace bind.
#5147
Fixed IPv4-only limitation in the bind proxy.
#5154
Improved DNS reliability by trying the next upstream on SERVFAIL / REFUSED responses.
#5163
Hid forwarding rules from status output when the count is zero.
#5149
Added CPU profiling to the debug bundle.
#4700
Fixed health result reporting in the debug bundle.
#5164
Changed the default Rosenpass log level.
#5137
Fixed exit node menu behavior on reconnect and removed tooltips in the GUI.
#5167

Management Enhancements

Fixed activity event initiator reporting for user group changes.
#5152
Ensured ephemeral peers are correctly added to the ephemeral list on login.
#5165
Moved activity store encryption into the shared crypt package.
#5111

Full Changelog: v0.64.0...v0.64.1

`v0.64.0`

Compare Source

Release Notes for v0.64.0

What's New

Debugging & Observability

Added the ability to trigger debug bundle generation directly from the API and Dashboard.
#4832

Client Improvements

Improved error handling by adjusting notifyDisconnected behavior on receiveJobRequest failures.
#5138
Added support for wildcard custom DNS records.
#5125
Fixed profile switching issues and repeated down / up command failures.
#5142
Fixed Rosenpass connectivity issues for Android peers.
#5044

Management Enhancements

Added support for local user password changes when using the embedded IdP.
#5132
Included missing activity events in management API responses.
#5140

Infrastructure

Added embedded STUN support to the getting-started setup to simplify initial deployments.
#5141

Full Changelog: v0.63.0...v0.64.0

`v0.63.0`

Compare Source

Release Notes for v0.63.0

What's New

Custom DNS Zones

NetBird now supports private DNS zones, allowing you to host DNS records directly within your network without external DNS servers.

Create zones like internal.company.io, add A, AAAA, or CNAME records, and distribute them to specific peer groups. Resolution happens locally on peers, and records propagate automatically when group membership
changes. With search domain support enabled, peers can query short names like api instead of the full api.internal.company.io.

Custom zones take precedence over nameserver configurations, giving you control over how specific domains resolve within your network. This works well with routed networks—map friendly names to private IPs behind
routing peers, and NetBird handles both DNS resolution and traffic routing. Your teams access postgres.internal instead of remembering 192.168.0.68.

Zone distribution is group-based, so different teams can see different records for the same zone, or have access to entirely separate zones.

Use Cases

Environment separation — Distinct zones for production, staging, and development, distributed only to relevant teams
Routed network resources — DNS names for services in data centers or cloud VPCs accessed through routing peers
Split-horizon DNS — Internal-only resolution for domains that resolve differently outside your network

Screenshots

Create a new Zone:

Create a new record:

View all records:

Learn more at:

Custom Zones
DNS Aliases for Routed Networks

DNS & Networking Improvements

Ensured musl compatibility by chasing CNAMEs in the local resolver.
#5046
Improved DNS resolution flow by falling through the DNS chain for custom DNS zones.
#5081
Changed priority between local and DNS route handlers for more predictable routing.
#5106
Fixed netstack upstream DNS handling and added WASM debug methods.
#4648

Client Improvements

Fixed WASM peer connections to lazy peers.
#5097
Added fallback handling for invalid loginuid in ui-post-install.sh.
#5099
Removed duplicate audience checks in the client.
#5117

Management Enhancements

Added Custom DNS zones support.
#4849
Added configuration compatibility checks during startup.
#5087
Optimized external cache access by fetching all users in a single request.
#5104
Adapted rate limiting behavior.
#5080
Fixed SSH server audience validation across management and client.
#5105
Skipped email_verified validation when not present in IdP responses.
#5118
Added IdP timeout configuration via environment variable.
#4647

Infrastructure & Security

Introduced embedded STUN support for relay and STUN components.
#5062
Added a Quickstart reverse proxy assistant to simplify initial setup.
#5100
Upgraded Alpine Linux from 3.22.2 to 3.23.2 for security hardening.
#5119

Other Changes

Added a hiring announcement with a link to careers.netbird.io.
#5095

New Contributors

@nsadeghi97 made their first contribution in #5095
@ressys1978 made their first contribution in #4647

Full Changelog: v0.62.2...v0.63.0

`v0.62.3`

Compare Source

What's Changed

[management] Check config compatibility by @braginini in #5087

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.62.2...v0.62.3

`v0.62.2`

Compare Source

What's Changed

[relay] Update GO version and QUIC version (… by @pappz in #5071
[client] Add non-root ICMP support to userspace firewall forwarder by @lixmal in #4792
[client] Reorder userspace ACL checks to fail faster for better performance by @lixmal in #4226
[management] fix the issue with duplicated peers with the same key by @crn4 in #5053
[management] Feature/resolve local jwks keys by @braginini in #5073
[management] Validate OIDC issuer when creating or updating by @braginini in #5074

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.62.1...v0.62.2

`v0.62.1`

Compare Source

What's Changed

[management] Fix role change in transaction and update readme by @braginini in #5060
[management] Fix race condition in experimental network map when deleting account by @bcmmbaga in #5064
[misc] add embedded provider support metrics by @mlsmaycon in #5065
[misc] add new getting started to release by @mlsmaycon in #5057
[infrastructure] fix: disable Caddy debug by @diegocn in #5067

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.62.0...v0.62.1

`v0.62.0`

Compare Source

Release Notes for v0.62.0

What's New

🔓 Simplified Identity Provider Management

Self-hosted NetBird no longer requires an external identity provider by default. Local users now work out of the box without any IdP dependency.

What's changed:

No IdP required - Create and manage users directly from the Dashboard
Multiple IdP support - Configure Pocket ID, Auth0, Google, Microsoft, Okta, or any OIDC provider directly from the Dashboard
New quickstart script - Simpler deployment with fewer containers

export NETBIRD_DOMAIN=netbird.example.com
curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started.sh | bash

This is available for new installations and is fully backward-compatible—existing setups will continue to work without changes. The previous Zitadel quickstart script remains available.

Learn more:

Dashboard Enhancements

Added instance setup wizard for first-time user creation on new installations
Added user creation flow with password generation and copy functionality
Added Identity Providers settings tab for configuring external IdPs directly from the UI

Added IdP badges in user list showing each user's authentication source

Added embedded identity provider for self-hosted deployments netbird#5008
Configure Identity Providers in the UI dashboard#523

Client Enhancements

Fixed an issue where the client could get stuck in connecting state when api.netbird.io is unreachable.
#5033
Added port forwarding support to the SSH proxy.
#5031
Added support for disabling the eBPF WireGuard proxy via environment variable.
#5047
Fixed SSH UI flickering test instability.
#5036

Management Improvements

Refactored integrated peer validation and peer deletion logic for better consistency.
#5035, #5042
Incremented network serial on peer updates to ensure correct synchronization.
#5051
Fixed nil handling for extra settings in management.
#5049
Cached SSH authorized users in the network map for improved performance.
#5048

Identity & Infrastructure

Introduced Embedded IdP, simplifying identity provider management across management, infrastructure, and IdP components.
#5008

Shared & Tooling Improvements

Added support for setting a custom User-Agent in the REST client.
#5037
Fixed ui-post-install.sh to correctly use the full username.
#4809
Improved Nmap concurrency handling.
#5040

New Contributors

@devurandom made their first contribution in #4809
@markcst for feedback contribution and a great discussion

Full Changelog: v0.61.2...v0.62.0

`v0.61.2`

Compare Source

What's Changed

[client] Fix update download URL by @pappz in #5023

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.61.1...v0.61.2

`v0.61.1`

Compare Source

What's Changed

[client] add reset for management backoff by @gamerslouis in #4935
[client] Filter out own peer from remote peers list during peer updates. by @pappz in #4986
[client] Fix Advanced Settings not opening on Windows with Japanese locale (#4455) by @h6ah4i in #4637
[management] apply login filter only for setup key peers by @pascal-fischer in #4943
fix(router): nft tables limit number of peers source by @nhenneaux in #4852
[management] filter own peer when having a group to peer policy to themself by @pascal-fischer in #4956
Add DEX IdP Support by @braginini in #4949
Feat/add support for forcing device auth flow on ios by @shuuri-labs in #4944
[client] Fix UI stuck in "Connecting" state when daemon reports "Connected" by @pappz in #5014
[management] Fix/delete groups without lock by @pascal-fischer in #5012
[client] Fix semaphore slot leaks by @pappz in #5018
[client] add verbose flag for free ad tests by @mlsmaycon in #5021

New Contributors

@h6ah4i made their first contribution in #4637
@nhenneaux made their first contribution in #4852

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.61.0...v0.61.1

`v0.61.0`

Compare Source

Release Notes for v0.61.0

What's New

🔐 Fine-Grained SSH Access Control (Breaking Change)

NetBird introduces fine-grained SSH access control with support for explicit local OS users on target machines.
Administrators can now define which NetBird users or groups are allowed to connect as specific local system users, enabling safer, more predictable SSH access without relying on shared or implicit credentials.

⚠️ Breaking change for self-hosted deployments
Self-hosted installations must upgrade the Management server before upgrading their clients and enabling or using the new SSH access model.
Failing to upgrade may result in SSH access issues or unexpected behavior.

Learn more at: https://docs.netbird.io/manage/peers/ssh#fine-grained-access-control

🔄 Automatic Client Updates (Windows & macOS) - Beta

NetBird adds automatic client update support for Windows and macOS, helping users stay up to date with the latest fixes and features while maintaining full control over update behavior. This feature is currently in beta and administrators will be able to enable, disable, and configure a custom max version.

A few notes on the behavior:

Update check will happen on connection
Supported on Windows and macOS only
Disabled by default
Can be enabled via Settings → Client in the NetBird application. See image below:

Learn more at: https://docs.netbird.io/manage/peers/auto-update

Management Enhancements

Added fine-grained SSH access control across client and management.
#4969

Client Enhancements

Introduced auto-update support for the client to simplify upgrades.
#4732
Improved management domain lookup by adding an additional timeout.
#4983
Added Android profile switching for easier multi-profile usage.
#4884
Fixed Linux UI flickering during state updates.
#4886
Applied DNS host configuration only on changes to reduce unnecessary updates.
#4695

MISC

Added FreeBSD port release job to GitHub Actions.
#4916
Added conditional checks for FreeBSD diff file generation in CI.
#5001
Updated to new signing pipelines v0.1.0.
#4993
Fixed a broken image link in the README.
#4876
Preset signal port on templates #5004

New Contributors

@hey-august made their first contribution in #4876

Full Changelog: v0.60.8...v0.61.0

`v0.60.9`

Compare Source

What's Changed

[client] lookup for management domains using an additional timeout #4983

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.8...v0.60.9

`v0.60.8`

Compare Source

What's Changed

[client] Use setsid to avoid the parent process from being killed via HUP by login by @lixmal in #4900
[client] Fix DNS forwarder returning broken records on 4 to 6 mapped IP addresses by @lixmal in #4887
[management] cleanup logs by @pascal-fischer in #4933
[management] monitoring updates by @pascal-fischer in #4937
[management] Fix sync metrics by @pascal-fischer in #4939
[management] remove context from store methods by @pascal-fischer in #4940
[management] Approve all pending peers when peer approval is disabled by @bcmmbaga in #4806
[iOS] Add force relay connection on iOS by @doromaraujo in #4928
[relay-server] Add health-check agent recognition to avoid error logs by @pappz in #4917
[ci] Add local lint setup with pre-push hook to catch issues early by @pappz in #4925
[management] use xid as request id for logging by @pascal-fischer in #4955
[client] Add stack trace for bundle by @pappz in #4957
[client] Fix deadlock in delayed WG update function by @pappz in #4953

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.7...v0.60.8

`v0.60.7`

Compare Source

What's Changed

[client] Passthrough all non-NetBird chains to prevent them from dropping NetBird traffic by @lixmal in #4899
[client] Fix engine shutdown deadlock and sync-signal message handling races by @pappz in #4891
[client] Reorder subsystem shutdown so peer removal goes first by @mlsmaycon in #4914

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.6...v0.60.7

`v0.60.6`

Compare Source

What's Changed

[client,management] Remove OAuth select_account prompt by @bcmmbaga in #4912

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.5...v0.60.6

`v0.60.5`

Compare Source

What's Changed

[client] Fix UI already running check by @pappz in #4858
[client, management] Add OAuth select_account prompt support to PKCE flow by @pappz in #4880
[management] Feat/api enhancements by @fahrishih in #4831
[management] Add user created activity event by @bcmmbaga in #4893
[management] Refactor network map controller by @pascal-fischer in #4789
[management] update management integrations by @pascal-fischer in #4895
[client] Add conditional peer removal logic during shutdown by @mlsmaycon in #4897
[management] record pat usage metrics by @pascal-fischer in #4888
[client] Add sleep state tracking to handle wakeup/sleep events reliably by @mlsmaycon in #4894
[management] Add support to disable geolocation service by @bcmmbaga in #4901
[relay] Use instanceURL instead of Exposed address. by @pappz in #4905

New Contributors

@fahrishih made their first contribution in #4831

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.4...v0.60.5

`v0.60.4`

Compare Source

What's Changed

[client] Sleep detection on macOS by @pappz in #4859
[relay] use exposed address for healthcheck TLS validation by @shuuri-labs in #4872

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.3...v0.60.4

`v0.60.3`

Compare Source

What's Changed

[management] Remove TestBufferUpdateAccountPeers by @crn4 in #4839
[client, management, signal, relay] Update go.mod to use Go 1.24.10 and upgrade x/crypto dependencies by @mlsmaycon in #4828
[management] Fix SSH JWT issuer derivation for IDPs with path components by @sgtaziz in #4844
[management] Preserve validator settings on account settings update by @bcmmbaga in #4862
[client] Make mss clamping optional for nftables by @lixmal in #4843
[client] Allow selection/deselection of network resources on Android by @doromaraujo in #4607
[client] Support disable search domain for custom zones by @mlsmaycon in #4826
[client] feat: Add support for displaying device code (UserCode) on Android TV by @shuuri-labs in #4800
[client] Open browser for SSH automatically by @lixmal in #4838
[client] Add excluded port range handling for PKCE flow by @mlsmaycon in #4853

New Contributors

@sgtaziz made their first contribution in #4844
@shuuri-labs made their first contribution in #4800

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.2...v0.60.3

`v0.60.2`

Compare Source

What's Changed

[client] Increase ssh detection timeout by @lixmal in #4827

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.1...v0.60.2

`v0.60.1`

Compare Source

What's Changed

[management] Fix direct peer networks route by @pascal-fischer in #4802
[management] pass config to controller by @pascal-fischer in #4807
[management] Add native ssh port rule on 22 by @mlsmaycon in #4810

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.0...v0.60.1

`v0.60.0`

Compare Source

What's New

Native SSH Access & OpenSSH Integration

NetBird v0.60.0 ships a complete rewrite of SSH access. Every peer can now run a built-in SSH server, giving you identity-aware, private SSH access over your NetBird network — using either the netbird ssh command or your existing OpenSSH clients.

Highlights

Built-in SSH server on every peer - Enable with netbird up --allow-server-ssh and get a native SSH endpoint without exposing port 22 to the internet.
Identity-aware access with JWT - SSH sessions are authenticated via your IdP (OIDC/JWT) by default, so you know which user accessed which machine.
Works with netbird ssh and OpenSSH - Use netbird ssh user@<peer-ip> or standard ssh, sftp, and scp commands; NetBird configures OpenSSH automatically via a drop-in 99-netbird.conf.
Port 22, transparently secured - NetBird listens on TCP 22022 and redirects NetBird-network port 22 traffic to it, so existing SSH workflows keep working without changing ports.
Advanced features when you need them - Optional SFTP, local and remote port forwarding, root login, and JWT token caching (--ssh-jwt-cache-ttl) for fewer auth prompts.
Machine identity mode (legacy behavior) - Prefer host-based trust? Disable JWT auth with --disable-ssh-auth and rely purely on network-level ACLs.

How it works

Enable the SSH server on the target peer

netbird down  # if already running
netbird up --allow-server-ssh

Add optional flags for SFTP, port forwarding, or root login as needed:

netbird up --allow-server-ssh \
  --enable-ssh-local-port-forwarding \
  --enable-ssh-remote-port-forwarding \
  --enable-ssh-sftp \
  --enable-ssh-root

Create an ACL policy for SSH
Allow TCP port 22022 from your SSH client peers/groups to your SSH server peers/groups in Access Control.
Enable SSH in the Dashboard
Open the target peer → enable SSH Access.
Connect via CLI or OpenSSH

NetBird CLI:

netbird ssh user@100.119.230.104

OpenSSH:

ssh user@100.119.230.104
sftp user@100.119.230.104
scp file.txt user@100.119.230.104:/path

📖 Read more in the SSH documentation: https://docs.netbird.io/how-to/ssh

Client Improvements

Updated the client login success page with an improved user experience.
#4797
Reverted deprecated gRPC client code migration to restore expected behavior.
#4805

Management Improvements

Fixed handling of port ranges in route firewall rules to ensure accurate rule application.
#4801

Upgrade & Compatibility Notes

⚠️ NetBird SSH in v0.60.0 is a breaking change:
- Server port changed from 44338 → 22022
- Authentication moved from machine public keys to JWT-based user identity
- Implicit firewall rules were removed - you now need an explicit ACL for port 22022
⚠️ Version compatibility: v0.60.0+ SSH is not backward compatible with older peers.
For self-hosted environments, we recommend updating in this order:
1. Management server
2. Dashboard (for browser SSH, if used)
3. SSH servers first (peers with --allow-server-ssh)
4. SSH clients last (netbird ssh users)

Full Changelog: v0.59.13...v0.60.0

`v0.59.13`

Compare Source

What's Changed

[management] activity events on group updates by @pascal-fischer in #4750
Bump github.com/containerd/containerd from 1.7.27 to 1.7.29 by @dependabot[bot] in #4756
[management] incremental network map builder by @crn4 in #4753
[management] add pat rate limiting by @pascal-fischer in #4741
[management] remove toAll firewall rule by @crn4 in #4725
[management] remove GLOBAL when disabling foreign keys on mysql by @pascal-fischer in #4615
[management ] remove timing logs by @pascal-fischer in #4761
[client] Create networkd.conf.d if it doesn't exist by @lixmal in #4764
[management] fix pg db deadlock after app panic by @crn4 in #4772
[client] Fix agent reference by @pappz in #4776
[management] move network map logic into new design by @pascal-fischer in #4774
[management] Removed policy posture checks on original peer by @pascal-fischer in #4779
[client] Fix shutdown blocking on stuck ICE agent close by @lixmal in #4780
[client] Add quick actions window by @doromaraujo in #4717
[client] Use stdnet with a context to avoid DNS deadlocks by @lixmal in #4781
[client] Replace ipset lib by @lixmal in #4777

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.12...v0.59.13

`v0.59.12`

Compare Source

What's Changed

[client] Migrate deprecated grpc client code by @lixmal in #4687
[client] Fix netstack dns forwarder by @lixmal in #4727
[client] Extend Darwin network monitoring with wakeup detection (cleanup branch) by @pappz in #4723
Bump github.com/quic-go/quic-go from 0.48.2 to 0.49.1 by @dependabot[bot] in #4621
[management] update db connection lifecycle configuration by @pascal-fischer in #4740
[client] Set up networkd to ignore ip rules by @lixmal in #4730
[client] Clamp MSS on outbound traffic by @lixmal in #4735
[client] Allow INPUT traffic on the compat iptables filter table for nftables by @lixmal in #4742
[client] Block on all subsystems on shutdown by @lixmal in #4709
[client] Add login_hint to oidc flows by @lixmal in #4724
[client] Add dns config to debug bundle by @lixmal in #4704

Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.11...v0.59.12

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [netbirdio/netbird](https://github.com/netbirdio/netbird) | minor | `0.59.11` → `0.64.1` | --- ### Release Notes <details> <summary>netbirdio/netbird (netbirdio/netbird)</summary> ### [`v0.64.1`](https://github.com/netbirdio/netbird/releases/tag/v0.64.1) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.64.0...v0.64.1) #### Release Notes for v0.64.1 ##### What's New ##### Client Improvements - Fixed **RFC 4592 wildcard matching** for existing domain names.\ [#5145](https://github.com/netbirdio/netbird/pull/5145) - Extended the **WireGuard watcher** to also monitor ICE connections.\ [#5133](https://github.com/netbirdio/netbird/pull/5133) - Added **IPv6 support** to userspace bind.\ [#5147](https://github.com/netbirdio/netbird/pull/5147) - Fixed **IPv4-only limitation** in the bind proxy.\ [#5154](https://github.com/netbirdio/netbird/pull/5154) - Improved DNS reliability by **trying the next upstream** on `SERVFAIL` / `REFUSED` responses.\ [#5163](https://github.com/netbirdio/netbird/pull/5163) - Hid **forwarding rules** from status output when the count is zero.\ [#5149](https://github.com/netbirdio/netbird/pull/5149) - Added **CPU profiling** to the debug bundle.\ [#4700](https://github.com/netbirdio/netbird/pull/4700) - Fixed **health result reporting** in the debug bundle.\ [#5164](https://github.com/netbirdio/netbird/pull/5164) - Changed the default **Rosenpass log level**.\ [#5137](https://github.com/netbirdio/netbird/pull/5137) - Fixed **exit node menu behavior on reconnect** and removed tooltips in the GUI.\ [#5167](https://github.com/netbirdio/netbird/pull/5167) ##### Management Enhancements - Fixed **activity event initiator** reporting for user group changes.\ [#5152](https://github.com/netbirdio/netbird/pull/5152) - Ensured **ephemeral peers** are correctly added to the ephemeral list on login.\ [#5165](https://github.com/netbirdio/netbird/pull/5165) - Moved **activity store encryption** into the shared crypt package.\ [#5111](https://github.com/netbirdio/netbird/pull/5111) **Full Changelog**: [v0.64.0...v0.64.1](https://github.com/netbirdio/netbird/compare/v0.64.0...v0.64.1) ### [`v0.64.0`](https://github.com/netbirdio/netbird/releases/tag/v0.64.0) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.63.0...v0.64.0) #### Release Notes for v0.64.0 ##### What's New ##### Debugging & Observability - Added the ability to **trigger debug bundle generation** directly from the API and Dashboard.\ [#4832](https://github.com/netbirdio/netbird/pull/4832) ##### Client Improvements - Improved error handling by adjusting **notifyDisconnected behavior** on `receiveJobRequest` failures.\ [#5138](https://github.com/netbirdio/netbird/pull/5138) - Added support for **wildcard custom DNS records**.\ [#5125](https://github.com/netbirdio/netbird/pull/5125) - Fixed **profile switching issues** and repeated `down` / `up` command failures.\ [#5142](https://github.com/netbirdio/netbird/pull/5142) - Fixed **Rosenpass connectivity** issues for Android peers.\ [#5044](https://github.com/netbirdio/netbird/pull/5044) ##### Management Enhancements - Added support for **local user password changes** when using the embedded IdP.\ [#5132](https://github.com/netbirdio/netbird/pull/5132) - Included **missing activity events** in management API responses.\ [#5140](https://github.com/netbirdio/netbird/pull/5140) ##### Infrastructure - Added **embedded STUN** support to the getting-started setup to simplify initial deployments.\ [#5141](https://github.com/netbirdio/netbird/pull/5141) **Full Changelog**: [v0.63.0...v0.64.0](https://github.com/netbirdio/netbird/compare/v0.63.0...v0.64.0) ### [`v0.63.0`](https://github.com/netbirdio/netbird/releases/tag/v0.63.0) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.62.3...v0.63.0) #### Release Notes for v0.63.0 ##### What's New ##### Custom DNS Zones NetBird now supports private DNS zones, allowing you to host DNS records directly within your network without external DNS servers. Create zones like `internal.company.io`, add A, AAAA, or CNAME records, and distribute them to specific peer groups. Resolution happens locally on peers, and records propagate automatically when group membership changes. With search domain support enabled, peers can query short names like `api` instead of the full `api.internal.company.io`. Custom zones take precedence over nameserver configurations, giving you control over how specific domains resolve within your network. This works well with routed networks—map friendly names to private IPs behind routing peers, and NetBird handles both DNS resolution and traffic routing. Your teams access `postgres.internal` instead of remembering `192.168.0.68`. Zone distribution is group-based, so different teams can see different records for the same zone, or have access to entirely separate zones. ##### Use Cases - **Environment separation** — Distinct zones for production, staging, and development, distributed only to relevant teams - **Routed network resources** — DNS names for services in data centers or cloud VPCs accessed through routing peers - **Split-horizon DNS** — Internal-only resolution for domains that resolve differently outside your network ##### Screenshots Create a new Zone: <img width="400" height="400" alt="image" src="https://github.com/user-attachments/assets/7e222c9e-3048-4594-b94a-409fa356f53f" /> Create a new record: <img width="400" height="400" alt="image" src="https://github.com/user-attachments/assets/dd25db09-3420-4e52-8bc0-26e2c0844300" /> View all records: <img width="400" height="400" alt="image" src="https://github.com/user-attachments/assets/9fbdd978-98bf-4e49-9a4c-2a0f73513331" /> Learn more at: [Custom Zones](https://docs.netbird.io/manage/dns/custom-zones) [DNS Aliases for Routed Networks](https://docs.netbird.io/manage/dns/dns-aliases-for-routed-networks) ##### DNS & Networking Improvements - Ensured **musl compatibility** by chasing CNAMEs in the local resolver. [#5046](https://github.com/netbirdio/netbird/pull/5046) - Improved **DNS resolution flow** by falling through the DNS chain for custom DNS zones. [#5081](https://github.com/netbirdio/netbird/pull/5081) - Changed **priority between local and DNS route handlers** for more predictable routing. [#5106](https://github.com/netbirdio/netbird/pull/5106) - Fixed **netstack upstream DNS handling** and added **WASM debug methods**. [#4648](https://github.com/netbirdio/netbird/pull/4648) ##### Client Improvements - Fixed **WASM peer connections** to lazy peers. [#5097](https://github.com/netbirdio/netbird/pull/5097) - Added **fallback handling** for invalid `loginuid` in `ui-post-install.sh`. [#5099](https://github.com/netbirdio/netbird/pull/5099) - Removed **duplicate audience checks** in the client. [#5117](https://github.com/netbirdio/netbird/pull/5117) ##### Management Enhancements - Added **Custom DNS zones** support. [#4849](https://github.com/netbirdio/netbird/pull/4849) - Added **configuration compatibility checks** during startup. [#5087](https://github.com/netbirdio/netbird/pull/5087) - Optimized **external cache access** by fetching all users in a single request. [#5104](https://github.com/netbirdio/netbird/pull/5104) - Adapted **rate limiting** behavior. [#5080](https://github.com/netbirdio/netbird/pull/5080) - Fixed **SSH server audience validation** across management and client. [#5105](https://github.com/netbirdio/netbird/pull/5105) - Skipped `email_verified` validation when not present in IdP responses. [#5118](https://github.com/netbirdio/netbird/pull/5118) - Added **IdP timeout configuration** via environment variable. [#4647](https://github.com/netbirdio/netbird/pull/4647) ##### Infrastructure & Security - Introduced **embedded STUN** support for relay and STUN components. [#5062](https://github.com/netbirdio/netbird/pull/5062) - Added a **Quickstart reverse proxy assistant** to simplify initial setup. [#5100](https://github.com/netbirdio/netbird/pull/5100) - Upgraded **Alpine Linux** from 3.22.2 to 3.23.2 for security hardening. [#5119](https://github.com/netbirdio/netbird/pull/5119) ##### Other Changes - Added a **hiring announcement** with a link to careers.netbird.io. [#5095](https://github.com/netbirdio/netbird/pull/5095) ##### New Contributors - [@nsadeghi97](https://github.com/nsadeghi97) made their first contribution in [#5095](https://github.com/netbirdio/netbird/pull/5095) - [@ressys1978](https://github.com/ressys1978) made their first contribution in [#4647](https://github.com/netbirdio/netbird/pull/4647) **Full Changelog**: [v0.62.2...v0.63.0](https://github.com/netbirdio/netbird/compare/v0.62.2...v0.63.0) ### [`v0.62.3`](https://github.com/netbirdio/netbird/releases/tag/v0.62.3) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.62.2...v0.62.3) #### What's Changed - \[management] Check config compatibility by [@braginini](https://github.com/braginini) in [#5087](https://github.com/netbirdio/netbird/pull/5087) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.62.2...v0.62.3> ### [`v0.62.2`](https://github.com/netbirdio/netbird/releases/tag/v0.62.2) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.62.1...v0.62.2) #### What's Changed - \[relay] Update GO version and QUIC version (… by [@pappz](https://github.com/pappz) in [#5071](https://github.com/netbirdio/netbird/pull/5071) - \[client] Add non-root ICMP support to userspace firewall forwarder by [@lixmal](https://github.com/lixmal) in [#4792](https://github.com/netbirdio/netbird/pull/4792) - \[client] Reorder userspace ACL checks to fail faster for better performance by [@lixmal](https://github.com/lixmal) in [#4226](https://github.com/netbirdio/netbird/pull/4226) - \[management] fix the issue with duplicated peers with the same key by [@crn4](https://github.com/crn4) in [#5053](https://github.com/netbirdio/netbird/pull/5053) - \[management] Feature/resolve local jwks keys by [@braginini](https://github.com/braginini) in [#5073](https://github.com/netbirdio/netbird/pull/5073) - \[management] Validate OIDC issuer when creating or updating by [@braginini](https://github.com/braginini) in [#5074](https://github.com/netbirdio/netbird/pull/5074) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.62.1...v0.62.2> ### [`v0.62.1`](https://github.com/netbirdio/netbird/releases/tag/v0.62.1) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.62.0...v0.62.1) #### What's Changed - \[management] Fix role change in transaction and update readme by [@braginini](https://github.com/braginini) in [#5060](https://github.com/netbirdio/netbird/pull/5060) - \[management] Fix race condition in experimental network map when deleting account by [@bcmmbaga](https://github.com/bcmmbaga) in [#5064](https://github.com/netbirdio/netbird/pull/5064) - \[misc] add embedded provider support metrics by [@mlsmaycon](https://github.com/mlsmaycon) in [#5065](https://github.com/netbirdio/netbird/pull/5065) - \[misc] add new getting started to release by [@mlsmaycon](https://github.com/mlsmaycon) in [#5057](https://github.com/netbirdio/netbird/pull/5057) - \[infrastructure] fix: disable Caddy debug by [@diegocn](https://github.com/diegocn) in [#5067](https://github.com/netbirdio/netbird/pull/5067) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.62.0...v0.62.1> ### [`v0.62.0`](https://github.com/netbirdio/netbird/releases/tag/v0.62.0) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.61.2...v0.62.0) #### Release Notes for v0.62.0 ##### What's New ##### 🔓 Simplified Identity Provider Management Self-hosted NetBird no longer requires an external identity provider by default. Local users now work out of the box without any IdP dependency. **What's changed:** - **No IdP required** - Create and manage users directly from the Dashboard - **Multiple IdP support** - Configure Pocket ID, Auth0, Google, Microsoft, Okta, or any OIDC provider directly from the Dashboard - **New quickstart script** - Simpler deployment with fewer containers ```bash export NETBIRD_DOMAIN=netbird.example.com curl -fsSL https://github.com/netbirdio/netbird/releases/latest/download/getting-started.sh | bash ``` This is available for new installations and is fully backward-compatible—existing setups will continue to work without changes. The previous Zitadel quickstart script remains available. Learn more: - [Quickstart Guide](https://docs.netbird.io/selfhosted/selfhosted-quickstart) - [Identity Providers & Local User Management](https://docs.netbird.io/selfhosted/identity-providers) ##### Dashboard Enhancements - Added **instance setup wizard** for first-time user creation on new installations <img width="300" height="300" alt="image" src="https://github.com/user-attachments/assets/4f05dfe9-06cb-4563-b452-a6cf8a783987" /> - Added **user creation flow** with password generation and copy functionality - Added **Identity Providers settings tab** for configuring external IdPs directly from the UI <img width="300" height="300" alt="image" src="https://github.com/user-attachments/assets/c0a879b4-00f3-4d54-83d2-c039974934c5" /> <img width="300" height="300" alt="image" src="https://github.com/user-attachments/assets/86c4e944-a132-4f80-a803-43e6553f1c71" /> - Added **IdP badges** in user list showing each user's authentication source <img width="500" height="500" alt="image" src="https://github.com/user-attachments/assets/54096978-56d1-4a17-b7f0-7173b79d7d1a" /> ##### Related PRs - Added embedded identity provider for self-hosted deployments [netbird#5008](https://github.com/netbirdio/netbird/pull/5008) - Configure Identity Providers in the UI [dashboard#523](https://github.com/netbirdio/dashboard/pull/523) ##### Client Enhancements - Fixed an issue where the client could get **stuck in connecting state** when `api.netbird.io` is unreachable.\ [#5033](https://github.com/netbirdio/netbird/pull/5033) - Added **port forwarding support** to the SSH proxy.\ [#5031](https://github.com/netbirdio/netbird/pull/5031) - Added support for **disabling the eBPF WireGuard proxy** via environment variable.\ [#5047](https://github.com/netbirdio/netbird/pull/5047) - Fixed **SSH UI flickering test** instability.\ [#5036](https://github.com/netbirdio/netbird/pull/5036) ##### Management Improvements - Refactored **integrated peer validation** and **peer deletion** logic for better consistency.\ [#5035](https://github.com/netbirdio/netbird/pull/5035), [#5042](https://github.com/netbirdio/netbird/pull/5042) - Incremented **network serial on peer updates** to ensure correct synchronization.\ [#5051](https://github.com/netbirdio/netbird/pull/5051) - Fixed **nil handling for extra settings** in management.\ [#5049](https://github.com/netbirdio/netbird/pull/5049) - Cached **SSH authorized users** in the network map for improved performance.\ [#5048](https://github.com/netbirdio/netbird/pull/5048) ##### Identity & Infrastructure - Introduced **Embedded IdP**, simplifying identity provider management across management, infrastructure, and IdP components.\ [#5008](https://github.com/netbirdio/netbird/pull/5008) ##### Shared & Tooling Improvements - Added support for setting a **custom User-Agent** in the REST client.\ [#5037](https://github.com/netbirdio/netbird/pull/5037) - Fixed **ui-post-install.sh** to correctly use the full username.\ [#4809](https://github.com/netbirdio/netbird/pull/4809) - Improved **Nmap concurrency handling**.\ [#5040](https://github.com/netbirdio/netbird/pull/5040) ##### New Contributors - [@devurandom](https://github.com/devurandom) made their first contribution in [#4809](https://github.com/netbirdio/netbird/pull/4809) - [@markcst](https://github.com/markcst) for feedback contribution and a great discussion **Full Changelog**: [v0.61.2...v0.62.0](https://github.com/netbirdio/netbird/compare/v0.61.2...v0.62.0) ### [`v0.61.2`](https://github.com/netbirdio/netbird/releases/tag/v0.61.2) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.61.1...v0.61.2) #### What's Changed - \[client] Fix update download URL by [@pappz](https://github.com/pappz) in [#5023](https://github.com/netbirdio/netbird/pull/5023) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.61.1...v0.61.2> ### [`v0.61.1`](https://github.com/netbirdio/netbird/releases/tag/v0.61.1) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.61.0...v0.61.1) #### What's Changed - \[client] add reset for management backoff by [@gamerslouis](https://github.com/gamerslouis) in [#4935](https://github.com/netbirdio/netbird/pull/4935) - \[client] Filter out own peer from remote peers list during peer updates. by [@pappz](https://github.com/pappz) in [#4986](https://github.com/netbirdio/netbird/pull/4986) - \[client] Fix Advanced Settings not opening on Windows with Japanese locale ([#4455](https://github.com/netbirdio/netbird/issues/4455)) by [@h6ah4i](https://github.com/h6ah4i) in [#4637](https://github.com/netbirdio/netbird/pull/4637) - \[management] apply login filter only for setup key peers by [@pascal-fischer](https://github.com/pascal-fischer) in [#4943](https://github.com/netbirdio/netbird/pull/4943) - fix(router): nft tables limit number of peers source by [@nhenneaux](https://github.com/nhenneaux) in [#4852](https://github.com/netbirdio/netbird/pull/4852) - \[management] filter own peer when having a group to peer policy to themself by [@pascal-fischer](https://github.com/pascal-fischer) in [#4956](https://github.com/netbirdio/netbird/pull/4956) - Add DEX IdP Support by [@braginini](https://github.com/braginini) in [#4949](https://github.com/netbirdio/netbird/pull/4949) - Feat/add support for forcing device auth flow on ios by [@shuuri-labs](https://github.com/shuuri-labs) in [#4944](https://github.com/netbirdio/netbird/pull/4944) - \[client] Fix UI stuck in "Connecting" state when daemon reports "Connected" by [@pappz](https://github.com/pappz) in [#5014](https://github.com/netbirdio/netbird/pull/5014) - \[management] Fix/delete groups without lock by [@pascal-fischer](https://github.com/pascal-fischer) in [#5012](https://github.com/netbirdio/netbird/pull/5012) - \[client] Fix semaphore slot leaks by [@pappz](https://github.com/pappz) in [#5018](https://github.com/netbirdio/netbird/pull/5018) - \[client] add verbose flag for free ad tests by [@mlsmaycon](https://github.com/mlsmaycon) in [#5021](https://github.com/netbirdio/netbird/pull/5021) #### New Contributors - [@h6ah4i](https://github.com/h6ah4i) made their first contribution in [#4637](https://github.com/netbirdio/netbird/pull/4637) - [@nhenneaux](https://github.com/nhenneaux) made their first contribution in [#4852](https://github.com/netbirdio/netbird/pull/4852) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.61.0...v0.61.1> ### [`v0.61.0`](https://github.com/netbirdio/netbird/releases/tag/v0.61.0) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.9...v0.61.0) #### Release Notes for v0.61.0 ##### What's New ##### 🔐 Fine-Grained SSH Access Control (Breaking Change) NetBird introduces **fine-grained SSH access control** with support for **explicit local OS users** on target machines.\ Administrators can now define which NetBird users or groups are allowed to connect **as specific local system users**, enabling safer, more predictable SSH access without relying on shared or implicit credentials. <img width="600" height="600" alt="image" src="https://github.com/user-attachments/assets/31a9b321-3da7-4c71-a598-e68fe633e9e8" /> ⚠️ **Breaking change for self-hosted deployments**\ Self-hosted installations **must upgrade the Management server** before upgrading their clients and enabling or using the new SSH access model.\ Failing to upgrade may result in SSH access issues or unexpected behavior. Learn more at: <https://docs.netbird.io/manage/peers/ssh#fine-grained-access-control> ##### 🔄 Automatic Client Updates (Windows & macOS) - Beta NetBird adds **automatic client update support** for **Windows and macOS**, helping users stay up to date with the latest fixes and features while maintaining full control over update behavior. This feature is currently in beta and administrators will be able to enable, disable, and configure a custom max version. A few notes on the behavior: - Update check will happen on connection - Supported on **Windows and macOS only** - **Disabled by default** - Can be enabled via **Settings → Client** in the NetBird application. See image below: <img width="600" height="600" alt="image" src="https://github.com/user-attachments/assets/117ba70a-f189-43c2-b648-7a6b71b49c9a" /> Learn more at: <https://docs.netbird.io/manage/peers/auto-update> ##### Management Enhancements - Added **fine-grained SSH access control** across client and management.\ [#4969](https://github.com/netbirdio/netbird/pull/4969) ##### Client Enhancements - Introduced **auto-update support** for the client to simplify upgrades.\ [#4732](https://github.com/netbirdio/netbird/pull/4732) - Improved **management domain lookup** by adding an additional timeout.\ [#4983](https://github.com/netbirdio/netbird/pull/4983) - Added **Android profile switching** for easier multi-profile usage.\ [#4884](https://github.com/netbirdio/netbird/pull/4884) - Fixed **Linux UI flickering** during state updates.\ [#4886](https://github.com/netbirdio/netbird/pull/4886) - Applied **DNS host configuration only on changes** to reduce unnecessary updates.\ [#4695](https://github.com/netbirdio/netbird/pull/4695) ##### MISC - Added **FreeBSD port release job** to GitHub Actions.\ [#4916](https://github.com/netbirdio/netbird/pull/4916) - Added **conditional checks for FreeBSD diff file generation** in CI.\ [#5001](https://github.com/netbirdio/netbird/pull/5001) - Updated to **new signing pipelines v0.1.0**.\ [#4993](https://github.com/netbirdio/netbird/pull/4993) - Fixed a **broken image link** in the README.\ [#4876](https://github.com/netbirdio/netbird/pull/4876) - Preset signal port on templates [#5004](https://github.com/netbirdio/netbird/pull/5004) ##### New Contributors - [@hey-august](https://github.com/hey-august) made their first contribution in [#4876](https://github.com/netbirdio/netbird/pull/4876) **Full Changelog**: [v0.60.8...v0.61.0](https://github.com/netbirdio/netbird/compare/v0.60.8...v0.61.0) ### [`v0.60.9`](https://github.com/netbirdio/netbird/releases/tag/v0.60.9) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.8...v0.60.9) #### What's Changed - \[client] lookup for management domains using an additional timeout [#4983](https://github.com/netbirdio/netbird/issues/4983) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.8...v0.60.9> ### [`v0.60.8`](https://github.com/netbirdio/netbird/releases/tag/v0.60.8) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.7...v0.60.8) #### What's Changed - \[client] Use setsid to avoid the parent process from being killed via HUP by login by [@lixmal](https://github.com/lixmal) in [#4900](https://github.com/netbirdio/netbird/pull/4900) - \[client] Fix DNS forwarder returning broken records on 4 to 6 mapped IP addresses by [@lixmal](https://github.com/lixmal) in [#4887](https://github.com/netbirdio/netbird/pull/4887) - \[management] cleanup logs by [@pascal-fischer](https://github.com/pascal-fischer) in [#4933](https://github.com/netbirdio/netbird/pull/4933) - \[management] monitoring updates by [@pascal-fischer](https://github.com/pascal-fischer) in [#4937](https://github.com/netbirdio/netbird/pull/4937) - \[management] Fix sync metrics by [@pascal-fischer](https://github.com/pascal-fischer) in [#4939](https://github.com/netbirdio/netbird/pull/4939) - \[management] remove context from store methods by [@pascal-fischer](https://github.com/pascal-fischer) in [#4940](https://github.com/netbirdio/netbird/pull/4940) - \[management] Approve all pending peers when peer approval is disabled by [@bcmmbaga](https://github.com/bcmmbaga) in [#4806](https://github.com/netbirdio/netbird/pull/4806) - \[iOS] Add force relay connection on iOS by [@doromaraujo](https://github.com/doromaraujo) in [#4928](https://github.com/netbirdio/netbird/pull/4928) - \[relay-server] Add health-check agent recognition to avoid error logs by [@pappz](https://github.com/pappz) in [#4917](https://github.com/netbirdio/netbird/pull/4917) - \[ci] Add local lint setup with pre-push hook to catch issues early by [@pappz](https://github.com/pappz) in [#4925](https://github.com/netbirdio/netbird/pull/4925) - \[management] use xid as request id for logging by [@pascal-fischer](https://github.com/pascal-fischer) in [#4955](https://github.com/netbirdio/netbird/pull/4955) - \[client] Add stack trace for bundle by [@pappz](https://github.com/pappz) in [#4957](https://github.com/netbirdio/netbird/pull/4957) - \[client] Fix deadlock in delayed WG update function by [@pappz](https://github.com/pappz) in [#4953](https://github.com/netbirdio/netbird/pull/4953) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.7...v0.60.8> ### [`v0.60.7`](https://github.com/netbirdio/netbird/releases/tag/v0.60.7) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.6...v0.60.7) #### What's Changed - \[client] Passthrough all non-NetBird chains to prevent them from dropping NetBird traffic by [@lixmal](https://github.com/lixmal) in [#4899](https://github.com/netbirdio/netbird/pull/4899) - \[client] Fix engine shutdown deadlock and sync-signal message handling races by [@pappz](https://github.com/pappz) in [#4891](https://github.com/netbirdio/netbird/pull/4891) - \[client] Reorder subsystem shutdown so peer removal goes first by [@mlsmaycon](https://github.com/mlsmaycon) in [#4914](https://github.com/netbirdio/netbird/pull/4914) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.6...v0.60.7> ### [`v0.60.6`](https://github.com/netbirdio/netbird/releases/tag/v0.60.6) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.5...v0.60.6) #### What's Changed - \[client,management] Remove OAuth select\_account prompt by [@bcmmbaga](https://github.com/bcmmbaga) in [#4912](https://github.com/netbirdio/netbird/pull/4912) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.5...v0.60.6> ### [`v0.60.5`](https://github.com/netbirdio/netbird/releases/tag/v0.60.5) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.4...v0.60.5) #### What's Changed - \[client] Fix UI already running check by [@pappz](https://github.com/pappz) in [#4858](https://github.com/netbirdio/netbird/pull/4858) - \[client, management] Add OAuth select\_account prompt support to PKCE flow by [@pappz](https://github.com/pappz) in [#4880](https://github.com/netbirdio/netbird/pull/4880) - \[management] Feat/api enhancements by [@fahrishih](https://github.com/fahrishih) in [#4831](https://github.com/netbirdio/netbird/pull/4831) - \[management] Add user created activity event by [@bcmmbaga](https://github.com/bcmmbaga) in [#4893](https://github.com/netbirdio/netbird/pull/4893) - \[management] Refactor network map controller by [@pascal-fischer](https://github.com/pascal-fischer) in [#4789](https://github.com/netbirdio/netbird/pull/4789) - \[management] update management integrations by [@pascal-fischer](https://github.com/pascal-fischer) in [#4895](https://github.com/netbirdio/netbird/pull/4895) - \[client] Add conditional peer removal logic during shutdown by [@mlsmaycon](https://github.com/mlsmaycon) in [#4897](https://github.com/netbirdio/netbird/pull/4897) - \[management] record pat usage metrics by [@pascal-fischer](https://github.com/pascal-fischer) in [#4888](https://github.com/netbirdio/netbird/pull/4888) - \[client] Add sleep state tracking to handle wakeup/sleep events reliably by [@mlsmaycon](https://github.com/mlsmaycon) in [#4894](https://github.com/netbirdio/netbird/pull/4894) - \[management] Add support to disable geolocation service by [@bcmmbaga](https://github.com/bcmmbaga) in [#4901](https://github.com/netbirdio/netbird/pull/4901) - \[relay] Use instanceURL instead of Exposed address. by [@pappz](https://github.com/pappz) in [#4905](https://github.com/netbirdio/netbird/pull/4905) #### New Contributors - [@fahrishih](https://github.com/fahrishih) made their first contribution in [#4831](https://github.com/netbirdio/netbird/pull/4831) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.4...v0.60.5> ### [`v0.60.4`](https://github.com/netbirdio/netbird/releases/tag/v0.60.4) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.3...v0.60.4) #### What's Changed - \[client] Sleep detection on macOS by [@pappz](https://github.com/pappz) in [#4859](https://github.com/netbirdio/netbird/pull/4859) - \[relay] use exposed address for healthcheck TLS validation by [@shuuri-labs](https://github.com/shuuri-labs) in [#4872](https://github.com/netbirdio/netbird/pull/4872) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.3...v0.60.4> ### [`v0.60.3`](https://github.com/netbirdio/netbird/releases/tag/v0.60.3) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.2...v0.60.3) #### What's Changed - \[management] Remove TestBufferUpdateAccountPeers by [@crn4](https://github.com/crn4) in [#4839](https://github.com/netbirdio/netbird/pull/4839) - \[client, management, signal, relay] Update go.mod to use Go 1.24.10 and upgrade x/crypto dependencies by [@mlsmaycon](https://github.com/mlsmaycon) in [#4828](https://github.com/netbirdio/netbird/pull/4828) - \[management] Fix SSH JWT issuer derivation for IDPs with path components by [@sgtaziz](https://github.com/sgtaziz) in [#4844](https://github.com/netbirdio/netbird/pull/4844) - \[management] Preserve validator settings on account settings update by [@bcmmbaga](https://github.com/bcmmbaga) in [#4862](https://github.com/netbirdio/netbird/pull/4862) - \[client] Make mss clamping optional for nftables by [@lixmal](https://github.com/lixmal) in [#4843](https://github.com/netbirdio/netbird/pull/4843) - \[client] Allow selection/deselection of network resources on Android by [@doromaraujo](https://github.com/doromaraujo) in [#4607](https://github.com/netbirdio/netbird/pull/4607) - \[client] Support disable search domain for custom zones by [@mlsmaycon](https://github.com/mlsmaycon) in [#4826](https://github.com/netbirdio/netbird/pull/4826) - \[client] feat: Add support for displaying device code (UserCode) on Android TV by [@shuuri-labs](https://github.com/shuuri-labs) in [#4800](https://github.com/netbirdio/netbird/pull/4800) - \[client] Open browser for SSH automatically by [@lixmal](https://github.com/lixmal) in [#4838](https://github.com/netbirdio/netbird/pull/4838) - \[client] Add excluded port range handling for PKCE flow by [@mlsmaycon](https://github.com/mlsmaycon) in [#4853](https://github.com/netbirdio/netbird/pull/4853) #### New Contributors - [@sgtaziz](https://github.com/sgtaziz) made their first contribution in [#4844](https://github.com/netbirdio/netbird/pull/4844) - [@shuuri-labs](https://github.com/shuuri-labs) made their first contribution in [#4800](https://github.com/netbirdio/netbird/pull/4800) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.2...v0.60.3> ### [`v0.60.2`](https://github.com/netbirdio/netbird/releases/tag/v0.60.2) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.1...v0.60.2) #### What's Changed - \[client] Increase ssh detection timeout by [@lixmal](https://github.com/lixmal) in [#4827](https://github.com/netbirdio/netbird/pull/4827) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.1...v0.60.2> ### [`v0.60.1`](https://github.com/netbirdio/netbird/releases/tag/v0.60.1) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.60.0...v0.60.1) #### What's Changed - \[management] Fix direct peer networks route by [@pascal-fischer](https://github.com/pascal-fischer) in [#4802](https://github.com/netbirdio/netbird/pull/4802) - \[management] pass config to controller by [@pascal-fischer](https://github.com/pascal-fischer) in [#4807](https://github.com/netbirdio/netbird/pull/4807) - \[management] Add native ssh port rule on 22 by [@mlsmaycon](https://github.com/mlsmaycon) in [#4810](https://github.com/netbirdio/netbird/pull/4810) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.60.0...v0.60.1> ### [`v0.60.0`](https://github.com/netbirdio/netbird/releases/tag/v0.60.0) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.59.13...v0.60.0) ##### What's New **Native SSH Access & OpenSSH Integration** NetBird v0.60.0 ships a complete rewrite of SSH access. Every peer can now run a built-in SSH server, giving you identity-aware, private SSH access over your NetBird network — using either the `netbird ssh` command or your existing OpenSSH clients. **Highlights** - **Built-in SSH server on every peer** - Enable with `netbird up --allow-server-ssh` and get a native SSH endpoint without exposing port 22 to the internet. - **Identity-aware access with JWT** - SSH sessions are authenticated via your IdP (OIDC/JWT) by default, so you know *which user* accessed *which machine*. - **Works with `netbird ssh` and OpenSSH** - Use `netbird ssh user@<peer-ip>` or standard `ssh`, `sftp`, and `scp` commands; NetBird configures OpenSSH automatically via a drop-in `99-netbird.conf`. - **Port 22, transparently secured** - NetBird listens on TCP 22022 and redirects NetBird-network port 22 traffic to it, so existing SSH workflows keep working without changing ports. - **Advanced features when you need them** - Optional SFTP, local and remote port forwarding, root login, and JWT token caching (`--ssh-jwt-cache-ttl`) for fewer auth prompts. - **Machine identity mode (legacy behavior)** - Prefer host-based trust? Disable JWT auth with `--disable-ssh-auth` and rely purely on network-level ACLs. **How it works** 1. **Enable the SSH server on the target peer** ```bash netbird down # if already running netbird up --allow-server-ssh ``` Add optional flags for SFTP, port forwarding, or root login as needed: ```bash netbird up --allow-server-ssh \ --enable-ssh-local-port-forwarding \ --enable-ssh-remote-port-forwarding \ --enable-ssh-sftp \ --enable-ssh-root ``` 2. **Create an ACL policy for SSH**\ Allow TCP port **22022** from your SSH client peers/groups to your SSH server peers/groups in **Access Control**. 3. **Enable SSH in the Dashboard**\ Open the target peer → enable **SSH Access**. 4. **Connect via CLI or OpenSSH** - NetBird CLI: ```bash netbird ssh user@100.119.230.104 ``` - OpenSSH: ```bash ssh user@100.119.230.104 sftp user@100.119.230.104 scp file.txt user@100.119.230.104:/path ``` 📖 Read more in the SSH documentation: <https://docs.netbird.io/how-to/ssh> *** ##### Client Improvements - Updated the ****client login success page**** with an improved user experience. [#4797](https://github.com/netbirdio/netbird/pull/4797) - Reverted deprecated ****gRPC client code migration**** to restore expected behavior. [#4805](https://github.com/netbirdio/netbird/pull/4805) *** ##### Management Improvements - Fixed handling of ****port ranges in route firewall rules**** to ensure accurate rule application. [#4801](https://github.com/netbirdio/netbird/pull/4801) *** ##### Upgrade & Compatibility Notes - ⚠️ NetBird SSH in **v0.60.0 is a breaking change**: - Server port changed from **44338 → 22022** - Authentication moved from machine public keys to **JWT-based user identity** - Implicit firewall rules were removed - you now need an explicit ACL for port **22022** - ⚠️ **Version compatibility:** v0.60.0+ SSH is **not backward compatible** with older peers.\ For self-hosted environments, we recommend updating in this order: 1. Management server 2. Dashboard (for browser SSH, if used) 3. **SSH servers first** (peers with `--allow-server-ssh`) 4. SSH clients last (`netbird ssh` users) **Full Changelog**: [v0.59.13...v0.60.0](https://github.com/netbirdio/netbird/compare/v0.59.13...v0.60.0) ### [`v0.59.13`](https://github.com/netbirdio/netbird/releases/tag/v0.59.13) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.59.12...v0.59.13) #### What's Changed - \[management] activity events on group updates by [@pascal-fischer](https://github.com/pascal-fischer) in [#4750](https://github.com/netbirdio/netbird/pull/4750) - Bump github.com/containerd/containerd from 1.7.27 to 1.7.29 by [@dependabot](https://github.com/dependabot)\[bot] in [#4756](https://github.com/netbirdio/netbird/pull/4756) - \[management] incremental network map builder by [@crn4](https://github.com/crn4) in [#4753](https://github.com/netbirdio/netbird/pull/4753) - \[management] add pat rate limiting by [@pascal-fischer](https://github.com/pascal-fischer) in [#4741](https://github.com/netbirdio/netbird/pull/4741) - \[management] remove toAll firewall rule by [@crn4](https://github.com/crn4) in [#4725](https://github.com/netbirdio/netbird/pull/4725) - \[management] remove GLOBAL when disabling foreign keys on mysql by [@pascal-fischer](https://github.com/pascal-fischer) in [#4615](https://github.com/netbirdio/netbird/pull/4615) - \[management ] remove timing logs by [@pascal-fischer](https://github.com/pascal-fischer) in [#4761](https://github.com/netbirdio/netbird/pull/4761) - \[client] Create networkd.conf.d if it doesn't exist by [@lixmal](https://github.com/lixmal) in [#4764](https://github.com/netbirdio/netbird/pull/4764) - \[management] fix pg db deadlock after app panic by [@crn4](https://github.com/crn4) in [#4772](https://github.com/netbirdio/netbird/pull/4772) - \[client] Fix agent reference by [@pappz](https://github.com/pappz) in [#4776](https://github.com/netbirdio/netbird/pull/4776) - \[management] move network map logic into new design by [@pascal-fischer](https://github.com/pascal-fischer) in [#4774](https://github.com/netbirdio/netbird/pull/4774) - \[management] Removed policy posture checks on original peer by [@pascal-fischer](https://github.com/pascal-fischer) in [#4779](https://github.com/netbirdio/netbird/pull/4779) - \[client] Fix shutdown blocking on stuck ICE agent close by [@lixmal](https://github.com/lixmal) in [#4780](https://github.com/netbirdio/netbird/pull/4780) - \[client] Add quick actions window by [@doromaraujo](https://github.com/doromaraujo) in [#4717](https://github.com/netbirdio/netbird/pull/4717) - \[client] Use stdnet with a context to avoid DNS deadlocks by [@lixmal](https://github.com/lixmal) in [#4781](https://github.com/netbirdio/netbird/pull/4781) - \[client] Replace ipset lib by [@lixmal](https://github.com/lixmal) in [#4777](https://github.com/netbirdio/netbird/pull/4777) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.59.12...v0.59.13> ### [`v0.59.12`](https://github.com/netbirdio/netbird/releases/tag/v0.59.12) [Compare Source](https://github.com/netbirdio/netbird/compare/v0.59.11...v0.59.12) #### What's Changed - \[client] Migrate deprecated grpc client code by [@lixmal](https://github.com/lixmal) in [#4687](https://github.com/netbirdio/netbird/pull/4687) - \[client] Fix netstack dns forwarder by [@lixmal](https://github.com/lixmal) in [#4727](https://github.com/netbirdio/netbird/pull/4727) - \[client] Extend Darwin network monitoring with wakeup detection (cleanup branch) by [@pappz](https://github.com/pappz) in [#4723](https://github.com/netbirdio/netbird/pull/4723) - Bump github.com/quic-go/quic-go from 0.48.2 to 0.49.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#4621](https://github.com/netbirdio/netbird/pull/4621) - \[management] update db connection lifecycle configuration by [@pascal-fischer](https://github.com/pascal-fischer) in [#4740](https://github.com/netbirdio/netbird/pull/4740) - \[client] Set up networkd to ignore ip rules by [@lixmal](https://github.com/lixmal) in [#4730](https://github.com/netbirdio/netbird/pull/4730) - \[client] Clamp MSS on outbound traffic by [@lixmal](https://github.com/lixmal) in [#4735](https://github.com/netbirdio/netbird/pull/4735) - \[client] Allow INPUT traffic on the compat iptables filter table for nftables by [@lixmal](https://github.com/lixmal) in [#4742](https://github.com/netbirdio/netbird/pull/4742) - \[client] Block on all subsystems on shutdown by [@lixmal](https://github.com/lixmal) in [#4709](https://github.com/netbirdio/netbird/pull/4709) - \[client] Add login\_hint to oidc flows by [@lixmal](https://github.com/lixmal) in [#4724](https://github.com/netbirdio/netbird/pull/4724) - \[client] Add dns config to debug bundle by [@lixmal](https://github.com/lixmal) in [#4704](https://github.com/netbirdio/netbird/pull/4704) **Full Changelog**: <https://github.com/netbirdio/netbird/compare/v0.59.11...v0.59.12> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit

2026-01-22 03:01:48 +00:00

chore(deps): update netbirdio/netbird docker tag to v0.64.0

checks / pre-commit (push) Has been cancelled

Details

checks / k8s (push) Has been cancelled

Details

checks / tflint (push) Has been cancelled

Details

be12b64bf1

renovate-bot force-pushed renovate/netbirdio-netbird-0.x from be12b64bf1

checks / pre-commit (push) Has been cancelled

Details

checks / k8s (push) Has been cancelled

Details

checks / tflint (push) Has been cancelled

Details

to 6a9585e3cb

checks / pre-commit (push) Has been cancelled

Details

checks / k8s (push) Has been cancelled

Details

checks / tflint (push) Has been cancelled

Details

2026-01-24 03:00:45 +00:00

Compare

renovate-bot changed title from ~~chore(deps): update netbirdio/netbird docker tag to v0.64.0~~ to chore(deps): update netbirdio/netbird docker tag to v0.64.1

2026-01-24 03:00:53 +00:00

renovate-bot changed title from ~~chore(deps): update netbirdio/netbird docker tag to v0.64.1~~ to chore(deps): update netbirdio/netbird docker tag to v0.64.1 - autoclosed

2026-01-27 03:28:12 +00:00

renovate-bot closed this pull request

2026-01-27 03:28:12 +00:00

checks / pre-commit (push) Has been cancelled

Details

checks / k8s (push) Has been cancelled

Details

checks / tflint (push) Has been cancelled

Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

catalin/fukuops!562

No description provided.

Rows
Columns