path: root/cloudflare-warp-bin.changelog

cloudflare-warp (2024.9.346) unstable; urgency=medium
  Changes and improvements
  * Added list targets to the warp-cli to enhance the user experience with the Access for Infrastructure SSH solution.
  * Added the ability to customize PCAP options in the warp-cli.
  * Added a list of installed applications in warp-diag.
  * Added a tunnel reset mtu subcommand to the warp-cli.
  * Added the ability for warp-cli to use the team provided in the MDM file for initial registration.
  * Added a JSON output option to the warp-cli.
  * Added the ability to execute a pcap on multiple interfaces with warp-cli.
  * Added MASQUE tunnel protocol support for Consumer WARP.
  * Improved the performance of firewall operations when enforcing split tunnel configuration.
  * Fixed an issue where device posture certificate checks were unexpectedly failing.
  * Fixed an issue where the Linux GUI fails to open the browser login window when registering a new ZT organization.
  * Fixed an issue where clients using service tokens failed to retry after a network change.
  * Fixed an issue where the client, when switching between WireGuard and MASQUE protocols, sometimes required a manual tunnel key reset.
  * Fixed a known issue which required users to re-register when an older single configuration MDM file was deployed after deploying the newer, multiple configuration format.
  * Deprecated warp-cli commands have been removed. If you have any workflows that use the deprecated commands, please update to the new commands where necessary.

  Known issues
  * Using MASQUE as the tunnel protocol may be incompatible if your organization has Regional Services enabled.

 -- Tochukwu Nkemdilim <tochukwu@cloudflare.com>  Thu, 3 Oct 2024 16:55:48 -0400

cloudflare-warp (2024.6.497) unstable; urgency=medium
  New Features
  * The WARP client now supports operation on Ubuntu 24.04.
  * Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, see https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol. This feature will be rolled out to customers in stages over approximately the next month.
  * The Device Posture client certificate check has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = 123456.mycompany, where 123456 is the device serial number). Additional details can be found here:  https://developers.cloudflare.com/cloudflare-one/identity/devices/warp-client-checks/client-certificate/
  * TCP MSS clamping is now used where necessary to meet the MTU requirements of the tunnel interface. This will be especially helpful in docker use cases.

  Warnings
  * Ubuntu 16.04 and 18.04 are not supported by this version of the client.
  * This is the last GA release that will be supporting older, deprecated warp-cli commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of `warp-cli -h`.

  Known issues
  * There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
    * A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
    * Your account has Regional Services enabled.
  * The Linux client GUI does not yet support all GUI features found in the Windows and macOS clients. Future releases of the Linux client will be adding these GUI features.
  * ZT Org name not visible in GUI when upgrading from previous GA while under mdm control.
  * Sometimes the Icon will remain gray (disconnected state) while in dark mode.

 -- Shrey Amin <samin@cloudflare.com>  Thu, 15 Aug 2024 12:01:00 -0400

cloudflare-warp (2024.4.133) unstable; urgency=medium
  * Linux client downloads will now contain version numbers in the file name to allow easy identification.
  * Improved the re-connection logic to minimize impact to existing tunneled TCP sessions.
  * Increased the data collected by warp-diag to improve debugging capabilities.

  Known issues
  * The Linux client GUI does not yet support all GUI features found in the Windows and macOS clients. Future releases of the Linux client will be adding these GUI features.
  * ZT Org name not visible in GUI when upgrading from previous GA while under mdm control.
  * Sometimes the Icon will remain gray (disconnected state) while in dark mode.

 -- Tochukwu Nkemdilim <tochukwu@cloudflare.com>  Thu, 11 Apr 2024 14:53:48 -0400

cloudflare-warp (2024.2.62) unstable; urgency=medium
  * Added support for the arm64 architecture.
  * Added the ability for administrators to allow their end users to temporarily obtain access to local network resources in the event their home IP space overlaps with traffic normally routed through the WARP tunnel. Users on Linux interact with this feature via the warp-cli.
  * Added the ability for administrators to specify multiple configurations in MDM files that users can toggle between. This allows users to more easily switch between production and test environments or for China users to switch between their override endpoints within the UI. Users on Linux interact with this feature via the warp-cli. Refer to the help text from "warp-cli mdm --help". GUI integration of this feature will be released in the future.
  * Added the collection of firewall log information and other data to warp-diag to provide additional information for troubleshooting.
  * Added support to run a DHCP server on the same machine as the client (useful in virtual machine scenarios).
  * Added support for os_version_extra on Linux to enhance the OS device posture check.
  * Fixed an issue with sleep notifications making the client more reactive to sleep/wake-up scenarios.
  * Fixed an issue to ensure DEX tests only run when the client is connected.
  * Fixed an issue where IPv6 being disabled at boot time was not detected, leading to errors when the client attempts to set IPv6 addresses.

  Known issues
  * The Linux client GUI does not yet support all GUI features found in the Windows and macOS clients. Future releases of the Linux client will be adding these GUI features.
  * ZT Org name not visible in GUI when upgrading from previous GA while under mdm control
  * Sometimes the Icon will remain gray (disconnected state) while in dark

 -- Keehun Nam <Keehun@cloudflare.com>  Wed, 14 Feb 2024 09:12:57 -0600

cloudflare-warp (2023.9.301) unstable; urgency=medium
  * Added initial implementation of Linux UI for Ubuntu with things like toggle switch, status, ability to switch vnets and better support for joining a Zero Trust organization
  * Added new posture type: Client certificate
  * Added support for IPv6 DEX Traceroute tests (previously only IPv4 addresses could be used)
  * Improved reliability and efficiency in configurating split tunnel rules. Most "error petting the dog" errors should now be gone and organizations with large split tunnel configuration should see reliability improvements
  * Fixed an issue with DEX traceroutes tests where not all hops were correctly reported
  * Fixed an issue where DEX tests would not properly run immediately after a device came out of sleep
  * Fixed an issue where DEX tests would execute simultaneously causing performance issues for accounts with a large number of tests configured
  * Fixed an issue where DoH requests could take too long to timeout causes DNS reliability issues
  * Fixed an issue where DNS could temporarily fail when DHCP updates were processed
  * Fixed an issue on initial device registration that could sometimes cause it to fail and try again
  * Fixed an issue where short DNS timeouts were causing issues with some captive portals (United in particular)
  * Fixed an issue where managed network detection could fail when our firewall rules were not correctly removed under certain disconnect scenarios
  * Fixed an issue with Managed Networks where if the managed endpoint overlapped with your exclude split tunnel configuration, the split tunnel would only be open for IP traffic destined to the same port as your managed TLS endpoint
  * Fixed an issue where IPv6 traffic could be incorrectly sent down the tunnel in exclude mode
  * Fixed an issue where root CA would not be installed if enabled by admin because we were missing ca-certificates dependency
  * Fixed an issue where the client could be stuck on connecting

  Known issues
  * Not all UI features are in place yet, more will be coming in future releases
  * ZT Org name not visible in GUI when upgrading from previous GA while under mdm control
  * Sometimes the Icon will remain gray (disconnected state) while in dark

 -- Naga Tripirineni <naga@cloudflare.com>  Fri, 29 Sep 2023 16:35:29 -0500

cloudflare-warp (2023.7.40) unstable; urgency=medium
  * Added support for "SWG without DNS Filtering" mode. All DNS functionality
    from the WARP client is disabled while in this service mode
  * Added support for distribution name and version to be used in OS Version device posture checks
  * Improved performance of the client when in "Proxy Only" service mode
  * Improved performance of domain-based split tunneling when the IP was already
    split tunneled (seen frequently with Zoom domains and IPs being used)
  * Modified warp-cli settings to show if the applied settings came from local (mdm)
    or network (warp settings profile) policy to make debugging profile issues easier
  * Fixed an issue that could result in increased latency when resolving queries
  * Optimized the performance of DNS queries to prevent minor memory leaks
  * Fixed an issue when service token information was removed from an mdm.xml file
    the client would not prompt for user authentication as expected
  * Fixed an issue where localhost DNS proxy could not be set properly in certain VPN and VM configuration
  * Fixed an issue where the client would attempt to connect even when the "AUTO CONNECT" setting
    was Disabled in WARP Settings or not specified either in an MDM file
  * Fixed an issue where the client would not correctly detect and apply alternate network configuration between network changes

 -- Logan Praneis <lpraneis@cloudflare.com>  Thu, 13 Jul 2023 08:55:29 -0500

cloudflare-warp (2023.3.398) unstable; urgency=medium
  * Added support for millisecond timestamps for use in Digital Experience Monitoring
  * Fixed an issue with Root CA installation feature

  -- Jeff Hiner <jhiner@cloudflare.com> Thu, 7 Apr 2023 09:51:00 -0700


cloudflare-warp (2023.3.258) unstable; urgency=medium
  * Improve timeouts with broken CNAME records that could result in very long load times for certain apps
  * Fixed issue where systems with significantly out of sync system clocks could fail registration
  * Improved user validation logic during manual ZT login
  * Fixed issue where the WARP daemon can crash and lose connectivity
  * Fixed issue where warp-diag could run traceroutes longer than expected.
    Traceroute tests will now timeout after 65 seconds.
  * Fixed issue where manually logging into a ZT org could fail if certificate authentication was used
  * Added support for Zero Trust Digital Experience Monitoring.
    More information coming soon for customers who signed up for the beta
  * Added new log message to help customers and support identify when a users local
    network IP space overlaps with a remote network configured to go through the tunnel
  * Added support for Zero Trust customers to opt in to having the WARP Client install the root CA
    for your organization if TLS Decryption is enabled.
    A new toggle switch will appear in the dashboard under Settings->WARP Client soon to enable this
  * Modified behavior of Managed networks tests to always happen outside the tunnel as per original intent
  * Improved logging of application posture checks to understand rationale behind
    statuses of application checks (file missing, process not found, etc.)
  * Added support for more detailed statuses in the output of warp-cli status
  * Modified initial connectivity check behavior to retry on errors

 -- Logan Praneis <lpraneis@cloudflare.com>  Wed, 22 Mar 2023 12:33:12 -0500


cloudflare-warp (2023.1.133) unstable; urgency=medium
  * Fixed an issue where clients could lose IPv4 connectivity
  * Fixed an issue where clients would attempt to configure DNS in posture-only or proxy modes.
  * Increased MDM check timeout to improve compatibility with certain management solutions.

  -- Logan Praneis <lpraneis@cloudflare.com> Thu, 18 Jan 2023 00:00:00 -0600

cloudflare-warp (2022.12.542) unstable; urgency=medium
  * Added support for network location aware for Zero Trust organizations
  * Improved captive portal handling for some captive portals
  * Fixes for several edge case issues with Zero Trust organizations
  * Turning on DNS logging no longer forces a disconnect and reconnect
  * Modified initial connectivity check behavior to now validate both IPv4 and
    IPv6 are working (previously we only checked IPv4). Test will pass if either
    connects successfully.
  * Fixed DNS issue where TXT records were not being correctly returned when at
    the end of a CNAME chain.
  * Addressed some edge case performance issues with certain NXDOMAIN returns

 -- Jeff Hiner <jhiner@cloudflare.com> Thu, 5 Jan 2023 09:51:00 -0700

cloudflare-warp (2022.10.116) unstable; urgency=medium
  * Modified behavior of warp-cli enable-dns-log to automatically turn off after
    7 days (this is the equivalent of manually running warp-cli disable-dns-log)
  * Fixed issue where device posture timers were paused while device was asleep.
    Posture tests are now immediately ran on device wakeup and all timers
    restarted.
  * Decreased warp-diag zip file sizes by 60-80%.
  * Fixed issue where mdm.xml file updates may have been missed.
  * Fixed issue where warp DNS servers were still set after WARP was turned off

 -- Matt Schulte <mschulte@cloudflare.com> Mon, 21 Nov 2022 11:00:00 -0400

cloudflare-warp (2022.9.591) unstable; urgency=medium
  * Fixed issue where device posture check results stopped sending after 24
    hours (or possibly even sooner)

 -- Matt Schulte <mschulte@cloudflare.com> Wed, 12 Oct 2022 07:00:00 -0700

cloudflare-warp (2022.9.505) unstable; urgency=medium
  * Improved connection time on slow network connections
  * Fixed bug where initial teams registration could take awhile to show up on
    client UI
  * Fixed bug that could cause Teams registration to fail (mostly server side
    but mentioning here as well) and handoff from the success page in the
    browser to the client
  * Fixed DNS fallback timeouts and related performance issues
  * Fixed issue where coming out of sleep on some systems could take an
    unreasonably long time to connect
  * Fixed InvalidPacket error in logs that indicated the client needed to reset
    its connection
  * Fixed issue where user experienced no network after boot
  * Fixed issue where warp-diag rotated daemon logs did not collect older logs

 -- Matt Schulte <mschulte@cloudflare.com> Thu, 6 Oct 2022 11:00:00 -0700

cloudflare-warp (2022.8.936) unstable; urgency=medium

  * Fixed issue where warp-cli set-custom-endpoint could be used by users
    without local admin rights as a way to bypass Gateway policies.
  * Fixed issue where warp-cli add-trusted-ssid worked in Zero Trust mode when
    it should not have.
  * Fixed issue where warp-cli teams-enroll would run even if already joined to
    an organization and users were not allowed to disconnect or leave.
  * Fixed issue that could result in connection issues coming out of certain
    sleep states (AddrInUse error or Multiple WARP Connections or
    NoCurrentSession).
  * Fixed issue that could result in connection flickering between
    connected/disconnected.
  * Fixed issue where connectivity test could report wrong status in logs when
    in Include Only split tunnel configuration.
  * Fixed issue where warp-cli could hang if service was in a bad state.
  * Fixed issue where sometimes Zero Trust device settings configured in the
    dash wouldn't take effect for machines in a disconnected state and asleep
    state.
  * Fixed issue where our DNS proxy wasn't correctly handling EDNS0 requests.
  * Fixed issue where the DNS Answer for records at the end of a CNAME chain
    would appear in the ADDITIONAL response section instead of the ANSWER
    section. This broke certain connectivity checks for Microsoft and Android
    studio in particular (probably other things). We now put the IP address
    found in the ANSWER section.
  * Fixed issue where multiple instances of the service could run at the same
    time.
  * Fixed issue that could occur during registration if the user clicks on on
    the Launch Cloudflare WARP button after already registering.
  * Fixed issue where the Zero Trust client was starting in connected mode when
    dash settings Switched Locked and Auto Connect were turned off/disabled. The
    client should only ever auto connect when these are enabled.
  * Fixed issue where DNS functionality may be in a broken state when device
    wakes from sleep
  * Improved performance of warp-diag to now collects logs in parallel and now
    collect additional routes to help with debugging.
  * Use desktop notifications for re-authentication notifications

 -- Matt Schulte <mschulte@cloudflare.com> Mon, 19 Sep 2022 15:00:00 -0700


cloudflare-warp (2022.7.472) unstable; urgency=medium

  * Fixed issue where OS version and device name may not update in ZT Dashboard
  * Prevent users from brute forcing admin override code
  * Prevent disable-on-wifi feature for ZT customers
  * Add support for environment variables in device posture files paths
  * Prevent flushing all nftable rulesets when WARP is disabled
  * Fix incorrect output in "include-only" mode
  * Fix routing issues when running microk8s
  * Fix issue with wildcard expansion on domain fallback and split tunnel rules
  * Fix issue with `warp-diag feedback` failing to upload
  * Prevent hangs and failures on network traffic when in proxy-mode
  * Prevent log files from growing too large
  * Add "Don't Fragment" bit to encapsulated traffic
  * Ensure our DNS servers stay set if another program tries to change them
  * Add ability to upload device state to API for ZT customers

cloudflare-warp (2022.7.472) unstable; urgency=medium

  * Fixed issue where OS version and device name may not update in ZT Dashboard
  * Prevent users from brute forcing admin override code
  * Prevent disable-on-wifi feature for ZT customers
  * Add support for environment variables in device posture files paths
  * Prevent flushing all nftable rulesets when WARP is disabled
  * Fix incorrect output in "include-only" mode
  * Fix routing issues when running microk8s
  * Fix issue with wildcard expansion on domain fallback and split tunnel rules
  * Fix issue with `warp-diag feedback` failing to upload
  * Prevent hangs and failures on network traffic when in proxy-mode
  * Prevent log files from growing too large
  * Add "Don't Fragment" bit to encapsulated traffic
  * Ensure our DNS servers stay set if another program tries to change them
  * Add ability to upload device state to API for ZT customers

cloudflare-warp (2022.5.346) unstable; urgency=medium

  * Fixed issue where all nftables rulesets were flushed after warp-cli disconnect
  * Fixed false positives when attempting to detect a captive portal
  * Fixed issue where OS version would not be updated in dash after OS update
  * Added support for DNS over TCP
  * Fixed issue where updated posture checks might not take effect until restart
  * Fixed issue with warp-cli where enable/disable with wifi was allowed in Zero Trust mode
  * Fixed issue where too many DNS requests could result in the following error
    appearing in logs: WARN warp::dns: Shedding DNS load
  * Bug fixes and enhancements

 -- Matt Schulte <mschulte@cloudflare.com> Fri, 17 Jun 2022 15:00:00 -0700

cloudflare-warp (2022.4.235) unstable; urgency=medium

  * Removed periodic tunnel checks
  * Changed `warp-cli connect` to mimic 'warp-cli enable-always-on`
  * Changed `warp-cli disconnect` to mimic `warp-cli disable-always-on`
  * Added a simple taskbar icon to show status
  * Added virtual network switching support via warp-cli (`warp-cli
    get-virtual-networks` and `warp-cli set-virtual-network`).
  * Bug fixes and enhancements

 -- Matt Schulte <mschulte@cloudflare.com> Mon, 18 April 2022 12:00:00 -0700

cloudflare-warp (2022.3.253) unstable; urgency=medium

  * `warp-cli delete` run as root will remove the user for an organization
    even if "Allowed To Leave" is disabled in Zero Trust dashboard.
  * Added `warp-cli disable-connectivity-checks` and `warp-cli
    enabled-connectivity-checks` to control connectivity checks
  * Fixed issue with `warp-cli teams-enroll` on platforms where the default
    browser is installed with snap.
  * Added "Device Posture Only" support

 -- Matt Schulte <mschulte@cloudflare.com> Wed, 40 March 2022 15:30:00 -0700

cloudflare-warp (2022.2.288) unstable; urgency=medium

  * Fixed an issue where the organization name became case sensitive and could
    cause a device to lose registration

 -- Matt Schulte <mschulte@cloudflare.com> Thu, 24 Feb 2022 10:10:00 -0800

cloudflare-warp (2022.2.29) unstable; urgency=medium

  * Fixed issue with warp working on distros with v248 of systemd or newer
  * Fixed issue with device posture application checks detecting running
    processes
  * Now that settings exist in the Zero Trust Dashboard the Client UI should
    behave the same regardless of if you manually joined to a Team or if you
    were forced to by local mdm.xml policy
  * Fixed issue where the WARP Client might not get updated settings when it
    initial starts
  * Fixed issue where the Last Seen value was not updated properly in the Zero
    Trust Dashboard while in "doh" mode
  * Fixed issue where device name was not updated in the Zero trust Dashboard if
    the computer name changed after initial registration
  * Added the ability for daemon to parse mdm.xml file on Linux
  * Shows the Zero Trust Terms of Service when user joins an organization

 -- Matt Schulte <mschulte@cloudflare.com> Wed, 9 Feb 2022 14:07:00 -0800

cloudflare-warp (2021.12.0) unstable; urgency=high

  * Removes leaked signing key from apt key store
  * Fixed connectivity issue when attempting to reconnect to WARP
  * Add a background connectivity check
  * you can now specify specific DNS servers to use for domains in Local
    Domain fallback in the Teams Dashboard.

 -- Matt Schulte <mschulte@cloudflare.com> Fri, 10 Dec 2021 14:34:00 -0700

cloudflare-warp (2021.10.0) unstable; urgency=medium

  * Client now supports include only split tunnel rules while in Teams mode
  * Improved overall reliability of DNS and general connectivity when in Teams
    modes
  * Improved logging and fixed bug where we got incomplete logs from warp-diag
  * Fixed connectivity issues some users experienced when coming out of sleep
  * Fixed occasional registration issues when trying to join Teams
    organization
  * Fixed bug in restoring previous DNS settings on crash
  * Fixed bug in Linux firewall blocking certain DNS requests
  * Fixed issues in handling SIGTERM/SIGINT

 -- Matt Schulte <mschulte@cloudflare.com>  Wed, 27 Oct 2021 10:13:15 -0700

cloudflare-warp (2021.8.1) unstable; urgency=low

  * Minor fixes to network changes while in proxy mode
  * Minor stability fixes and improvements

 -- Jeff Hiner <jhiner@cloudflare.com>  Fri, 13 Aug 2021 15:50:50 -0600

cloudflare-warp (2021.8.0) unstable; urgency=medium

  * Rewrite teams-client enrollment flow for Linux clients, including no-auth
  * Implement nftables support for Linux
  * Fix potential stack overflow errors in some clients
  * Fix an issue where the client would stop working properly after a suspend
  * Various stability improvements and other minor fixes

 -- Jeff Hiner <jhiner@cloudflare.com>  Thu, 12 Aug 2021 12:24:00 -0600

cloudflare-warp (2021.7.1) unstable; urgency=medium

  * Teams registration now correctly sends serial number
  * Added reset-settings command to CLI
  * Fixed an issue that could prevent Teams registration on some systems
  * Clarified behavior of host-based tunnel exclusion in Teams mode.
    (Not yet supported, but doesn't drop traffic.)
  * Minor bug fixes and improvements

 -- Jeff Hiner <jhiner@cloudflare.com>  Fri, 26 Jul 2021 12:11:01 -0600

cloudflare-warp (2021.7.0) unstable; urgency=medium

  * Logging into Teams can now be done automatically from the CLI.
  * The client can now collect requested device metadata and device posture
    information in Teams mode.
  * The client now sets system resolvers to better capture DNS traffic.
  * Logs have been move to /var/logs/cloudflare-warp.
  * Minor bug fixes and improvements.

 -- Brendan McMillion <brendan@cloudflare.com>  Fri, 9 Jul 2021 12:59:36 -0700

cloudflare-warp (2021.6.0) unstable; urgency=medium

  * warp-diag can now directly upload logs to Cloudflare.
  * Improves performance of DNS resolution.
  * Minor bug fixes and improvements.

 -- Brendan McMillion <brendan@cloudflare.com>  Thu, 10 Jun 2021 12:38:41 -0700

cloudflare-warp (2021.5.0) unstable; urgency=medium

  * No longer requires sudo to run warp-diag.
  * Fills in extended metadata when Zendesk tickets are submitted.
  * Minor bug fixes and improvements.

 -- Brendan McMillion <brendan@cloudflare.com>  Tue, 04 May 2021 08:47:32 -0700

cloudflare-warp (2021.4.1) unstable; urgency=medium

  * Initial release.

 -- Brendan McMillion <brendan@cloudflare.com>  Mon, 03 May 2021 18:13:12 -0700