From 9f84706eae2885f08e0c06912d8cafd1f38efc9a Mon Sep 17 00:00:00 2001 From: Nuno Diegues Date: Mon, 15 Mar 2021 10:08:04 +0000 Subject: [PATCH] Publish change log for 2021.3.0 --- CHANGES.md | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 0cfd67ae..51ec9411 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,15 +1,28 @@ **Experimental**: This is a new format for release notes. The format and availability is subject to change. -## UNRELEASED - -### Backward Incompatible Changes - -- none +## 2021.3.0 ### New Features - [Cloudflare One Routing](https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) specific commands now show up in the `cloudflared tunnel route --help` output. +- There is a new ingress type that allows cloudflared to proxy SOCKS5 as a bastion. You can use it with an ingress + rule by adding `service: socks-proxy`. Traffic is routed to any destination specified by the SOCKS5 packet but only + if allowed by a rule. In the following example we allow proxying to a certain CIDR but explicitly forbid one address + within it: +``` +ingress: + - hostname: socks.example.com + service: socks-proxy + originRequest: + ipRules: + - prefix: 192.168.1.8/32 + allow: false + - prefix: 192.168.1.0/24 + ports: [80, 443] + allow: true +``` + ### Improvements @@ -18,14 +31,13 @@ `cloudflared tunnel --config config.yaml run` - Warnings are now shown in the output logs whenever cloudflared is running without the most recent version and `no-autoupdate` is `true`. -- Access tokens are now stored per Access App instead of per request path. - +- Access tokens are now stored per Access App instead of per request path. This decreases the number of times that the + user is required to authenticate with an Access policy redundantly. ### Bug Fixes - GitHub [PR #317](https://github.com/cloudflare/cloudflared/issues/317) was broken in 2021.2.5 and is now fixed again. - ## 2021.2.5 ### New Features