2021.1.0 - 2021-01-11 TUN-3670: Update Teamnet API gateway prefixes - 2021-01-13 TUN-3738: Consume UI events even when UI is disabled - 2021-01-06 TUN-3722: Teamnet API paths include /network - 2021-01-05 TUN-3688: Subcommand for users to check which route an IP proxies through - 2021-01-08 TUN-3691: Edit Teamnet help text - 2020-12-30 TUN-3706: Quit if any origin service fails to start - 2020-12-31 TUN-3708: Better info message about system root certpool on Windows - 2020-12-21 TUN-3669: Teamnet commands to add/show Teamnet routes. - 2020-12-29 TUN-3689: Delete routes via cloudflared CLI - 2020-12-28 TUN-3471: Add structured log context to logs - 2020-12-15 TUN-3650: Remove unused awsuploader package - 2020-12-03 Update to add deprecated version note (#271) - 2020-12-02 TUN-3472: Set up rolling logger with zerolog and lumberjack - 2020-12-08 TUN-3607: Set up single-file logger with zerolog - 2020-12-03 Update to add deprecated version note (#271) - 2020-11-25 TUN-3470: Replace in-house logger calls with zerolog 2020.12.0 - 2020-12-04 TUN-3599: improved delete if credentials isnt found. - 2020-12-04 TUN-3612: Upgrade to Go 1.15.6 - 2020-11-30 TUN-3593: /ready endpoint for k8s readiness. Move tunnel events out of UI package, into connection package. - 2020-11-27 TUN-3594: Log response status at debug level 2020.11.11 - 2020-11-20 TUN-3578: cloudflared tunnel route dns should allow wildcard subdomains - 2020-11-21 EDGEPLAT-2958 remove deb-compression, defaulting to gzip - 2020-11-23 TUN-3581: Tunnels can be run by name using only --credentials-file, no origin cert necessary. - 2020-11-15 TUN-3561: Unified logger configuration - 2020-11-08 AUTH-3221: Saves org token to disk and uses it to refresh the app token 2020.11.10 - 2020-11-20 TUN-3562: Fix panic when using bastion mode ingress rule - 2020-11-20 EDGEPLAT-2958 build cloudflared for Bullseye 2020.11.9 - 2020-11-18 TUN-3557: Detect SSE if content-type starts with text/event-stream - 2020-11-18 TUN-3559: Share response meta header with other packages - 2020-11-18 DEVTOOLS-7936: Remove redundant chgrp from publish - 2020-11-18 TUN-3558: cloudflared allows empty config files - 2020-11-18 TUN-3544: Upgrade to Go 1.15.5 2020.11.8 - 2020-11-17 TUN-3555: Single origin service should default to localhost:8080 2020.11.7 - 2020-11-13 TUN-3514: Stop setting --is-autoupdated flag after autoupdate because it can break named tunnel running in k8s - 2020-11-15 TUN-3548, TUN-3547: Bastion mode can be specified as a service, doesn't require URL. - 2020-11-16 TUN-3549: Use a separate handler for each websocket proxy 2020.11.6 - 2020-11-14 TUN-3546: Fix panic in tlsconfig.LoadOriginCA 2020.11.5 - 2020-11-12 TUN-3540: Better copy in ingress rules error messages - 2020-11-12 DEVTOOLS-7936: Set permissions on public packages - 2020-11-13 TUN-3543: ProxyAddress not using default in single-origin mode 2020.11.4 - 2020-11-11 TUN-3534: Specific error message when credentials file is a .pem not .json - 2020-11-02 TUN-3500: Integrate replace h2mux by http2 work with multiple origin support - 2020-11-09 TUN-3514: Transport logger write to UI when UI is enabled - 2020-10-30 TUN-3490: Make sure OriginClient implementation doesn't write after Proxy return - 2020-10-20 TUN-3403: Unit test for origin/proxy to test serving HTTP and Websocket - 2020-10-23 TUN-3480: Support SSE with http2 connection, and add SSE handler to hello-world server - 2020-10-27 TUN-3489: Add unit tests to cover proxy logic in connection package of cloudflared - 2020-10-16 TUN-3467: Serialize cf-cloudflared-response-meta during package initialization using jsoniter - 2020-10-14 TUN-3456: New protocol option auto to automatically select between http2 and h2mux - 2020-10-14 TUN-3458: Upgrade to http2 when available, fallback to h2mux when we reach max retries - 2020-10-08 TUN-3449: Use flag to select transport protocol implementation - 2020-10-08 TUN-3462: Refactor cloudflared to separate origin from connection - 2020-09-21 TUN-3406: Proxy websocket requests over Go http2 - 2020-09-25 TUN-3420: Establish control plane and send RPC over control plane - 2020-09-11 TUN-3400: Use Go HTTP2 library as transport to connect with the edge 2020.11.3 - 2020-11-11 TUN-3533: Set config for single origin ingress 2020.11.2 2020.11.1 - 2020-11-10 TUN-3527: More specific error for invalid YAML/JSON - 2020-11-06 Update README.md (#256) 2020.11.0 - 2020-11-04 TUN-3484: OriginService that responds with configured HTTP status - 2020-11-05 TUN-3505: Response body for status code origin returns EOF on Read - 2020-11-04 TUN-3503: Matching ingress rule should not take port into account - 2020-11-05 TUN-3506: OriginService needs to set request host and scheme for websocket requests - 2020-11-09 TUN-3516: Better error message when parsing invalid YAML config - 2020-11-09 TUN-3522: ingress validate checks that the config file exists - 2020-11-09 TUN-3524: Don't ignore errors from app-level action handler (#248) - 2020-11-09 TUN-3461: Show all origin services in the UI - 2020-10-30 TUN-3494: Proceed to create tunnel if at least one edge address can be resolved - 2020-10-30 TUN-3492: Refactor OriginService, shrink its interface - 2020-10-22 TUN-3478: Increase download timeout to 60s - 2020-10-15 TUN-2640: Users can configure per-origin config. Unify single-rule CLI flow with multi-rule config file code. 2020.10.2 - 2020-10-21 Release 2020.10.1 - 2020-10-21 AUTH-3185 fixed indention error - 2020-10-19 TUN-3459: Make service install on linux use named tunnels 2020.10.1 - 2020-10-20 Split out typed config from legacy command-line switches; refactor ingress commands and fix tests - 2020-10-20 Move raw ingress rules to config package - 2020-10-21 TUN-3476: Fix conversion to string and int slice - 2020-10-12 TUN-3441: Multiple-origin routing via ingress rules - 2020-10-15 TUN-3464: Newtype to wrap []ingress.Rule - 2020-10-15 TUN-3465: Use Go 1.15.3 - 2020-10-15 TUN-3463: Let users run a named tunnel via config file setting - 2020-10-19 TUN-3475: Unify config file handling with typed config for new fields - 2020-10-19 TUN-3459: Make service install on linux use named tunnels - 2020-10-06 AUTH-3148 fixed cloudflared copy and match all the files in the checksum upload - 2020-10-06 TUN-3436, TUN-3437: Parse ingress from YAML, ensure last rule catches everything - 2020-10-06 TUN-3446: Use go 1.15.2 and add a step to build cloudflared in the dev Dockerfile - 2020-10-07 TUN-3439: 'tunnel validate' command to check ingress rules - 2020-10-07 TUN-3440: 'tunnel rule' command to test ingress rules - 2020-10-08 TUN-3451: Cloudflared tunnel ingress command - 2020-10-09 TUN-3452: Fix loading of flags from config file for tunnel run subcommand. This change also cleans up building of tunnel subcommand list, hides deprecated subcommands and improves help. - 2020-10-08 TUN-3438: move ingress into own package, read into TunnelConfig 2020.10.0 - 2020-10-02 AUTH-2993 cleaned up worker service tests - 2020-10-02 TUN-3443: Decode as v4api response on non-200 status - 2020-09-24 TRAFFIC-448: allow the user to specify the proxy address and port to bind to, falling back to 127.0.0.1 and random port if not specified - 2020-09-28 TUN-3427: Define a struct that only implements RegistrationServer in tunnelpogs - 2020-09-29 TUN-3430: Copy flags to configure proxy to run subcommand, print relevant tunnel flags in help - 2020-08-12 AUTH-2993 added workers updater logic 2020.9.3 - 2020-09-22 TRAFFIC-448: build cloudflare for junos and publish to s3 - 2020-09-22 TUN-3410: Request the v1 Tunnelstore API - 2020-09-23 Release 2020.9.2 - 2020-09-17 updater service exit code should be 11 - 2020-09-18 AUTH-3109 upload the checksum to workers kv on github releases 2020.9.2 - 2020-09-22 TRAFFIC-448: build cloudflare for junos and publish to s3 - 2020-09-22 TUN-3410: Request the v1 Tunnelstore API - 2020-09-17 AUTH-3103 CI build fixes - 2020-09-18 AUTH-3110-use-cfsetup-precache - 2020-09-17 TUN-3295: Show route command results - 2020-09-16 TUN-3291: cloudflared tunnel run -h explains how to use flags from parent command - 2020-09-18 AUTH-3109 upload the checksum to workers kv on github releases - 2020-09-17 updater service exit code should be 11 - 2020-09-01 TUN-3216: UI improvements - 2020-08-25 Rebased and passed TunnelEventChan to LogServerInfo in new ReconnectTunnel function - 2020-08-25 TUN-3321: Add box around logs on UI - 2020-08-26 TUN-3328: Filter out free tunnel has started log from UI - 2020-08-27 TUN-3333: Add text to UI explaining how to exit - 2020-08-27 TUN-3335: Dynamically set connection table size for UI - 2020-08-10 TUN-3238: Update UI when connection re-connects - 2020-08-17 TUN-3261: Display connections on UI for free classic tunnels - 2020-07-24 TUN-3201: Create base cloudflared UI structure - 2020-07-29 TUN-3200: Add connection information to UI - 2020-07-24 TUN-3255: Update UI to display URL instead of hostname - 2020-07-29 TUN-3198: Handle errors while running tunnel UI 2020.9.1 - 2020-09-14 TUN-3395: Unhide named tunnel subcommands, tweak help - 2020-09-15 TUN-3395: Improve help for list command - 2020-09-14 TUN-3294: Perform basic validation on arguments of route command; remove default pool name which wasn't valid - 2020-09-15 TUN-3395: Improve help for list command - 2020-09-16 Use Go 1.15.2 2020.9.0 - 2020-09-11 TUN-3293: Try to use error information from the body of a failed tunnelstore reresponse if available - 2020-09-04 AUTH-2653 renabled signing - 2020-09-04 TUN-3377: Tunnel route should check dns/lb before checking tunnel ID - 2020-09-04 AUTH-2653 changed to proper file extension - 2020-09-04 AUTH-2653 handle duplicate key import errors - 2020-09-04 TUN-3345: tunnel run accepts name of tunnel as argument - 2020-09-08 AUTH-2653 disble error pipe to see what is failing - 2020-09-08 AUTH-2653 search for the certificate and not the identity - 2020-09-09 TUN-3284: Use cloudflared/ as user agent of tunnelstore client - 2020-09-09 TUN-3375: Upgrade x/text and gorilla websocket deps - 2020-09-09 TUN-3375: Upgrade coredns and prometheus dependencies - 2020-09-09 AUTH-2653 add notarization to mac build - 2020-09-08 TUN-3292: Mention cleanup in tunnel run help. - 2020-08-20 AUTH-2016 fixed variable fail - 2020-08-12 TUN-3352 extra debug logging for websockets 2020.8.2 - 2020-08-20 AUTH-3021 fixed the git version call by using the older flag - 2020-08-18 TUN-3268: Each connection has its own event digest to reconnect 2020.8.1 - 2020-08-14 AUTH-2975 don't check /etc on windows - 2020-08-14 AUTH-2977 log file protection - 2020-08-18 TUN-3286: Use either ID or name in Named Tunnel subcommands. - 2020-08-18 AUTH-2712 fixed the mac build script - 2020-08-19 AUTH-2653 disabling signing until we can get the keys - 2020-08-05 TUN-3233: List tunnels support filtering by deleted, name, existed at and id - 2020-08-05 TUN-3237: By default, don't show connections that are pending reconnect - 2020-08-06 TUN-3242: Build with go 1.14 - 2020-08-07 TUN-3243: Refactor tunnel subcommands to allow commands to compose better - 2020-08-07 AUTH-2864 - add macos build to github release - 2020-07-31 AUTH-2857 update homebrew script to use new url - 2020-07-30 TUN-3213: Create, route and run named tunnels in one command - 2020-07-07 AUTH-2712 added MSI build for a windows agent 2020.8.0 - 2020-07-30 TUN-3220: tunnel route reports created route - 2020-07-31 TUN-3221: ConnectionOptions tracks numPreviousAttempts. - 2020-07-20 TUN-3190: Initialize logger using command line flags in tunnels subcommands - 2020-07-21 TUN-3192: Use zone ID in tunnelstore request path; improve debug logging - 2020-07-23 TUN-3194: Don't render log output when level is not enabled - 2020-07-22 AUTH-2016 adds sha256 hashes to releases - 2020-07-27 Removes centos 6 build - 2020-07-27 TUN-3209: Add benchmark for header serialization - 2020-07-24 TUN-3209: improve performance and reduce allocations during user header serialization from h1 to h2 - 2020-07-26 TUN-3208: Add benchmark for large response write - 2020-07-27 TUN-3208: Reduce copies and allocations on h2mux write path. Pre-allocate 16KB write buffer on the first write if possible. Use explicit byte array for chunks on write thread to avoid copying through intermediate buffer due to io.CopyN. - 2020-07-28 AUTH-2714: Adds arm64 cloudflared build - 2020-07-29 AUTH-2927 run message update after all github builds are done - 2020-07-17 AUTH-2902 redirect with just the root host on curl commands 2020.7.4 - 2020-07-20 Build cloudflared for arm64 on native agents - 2020-07-10 TUN-3048: Handle error when user tries to delete active tunnel - 2020-07-14 AUTH-2890: adds error handler to cli actions - 2020-07-06 TUN-3156: Add route subcommand under tunnel 2020.7.3 - 2020-07-13 Change scp command to use file glob that matches both cloudflared rpms and debs 2020.7.2 - 2020-07-02 AUTH-2644: Change install location and add man page - 2020-07-02 TUN-3131: Allow user to specify tunnel credentials path, and remove it in tunnel delete command - 2020-07-03 TUN-3008: Implement cloudflared tunnel cleanup command - 2020-07-02 TUN-3150: cloudflared tunnel list's table should use intelligent column width - 2020-07-07 TUN-3169: Move on to the next address when edge returns duplicate connection. There's no point in trying to connect to the same address since it will be hashed to the same metal. Improve logging of errors from serve tunnel loop, hide useless context cancelled error. - 2020-07-08 beautify package meta information generated by fpm (#218) - 2020-07-06 AUTH-2871: fix rpm builds - 2020-07-08 AUTH-2858: Set file to disable autoupdate - 2020-07-09 AUTH-2872: Adds centos-6 build 2020.7.1 - 2020-07-02 DEVTOOLS-7321: Push GitHub homebrew updates to master - 2020-07-06 TUN-3161: Upgrade golang.org/x/ deps - 2020-06-30 AUTH-2854: Create cloudflared RPMs - 2020-06-26 AUTH-2850 log config file path 2020.7.0 - 2020-06-30 TUN-3140: Add timestamps to terminal log entries - 2020-06-30 AUTH-2860: Fix builds - 2020-06-25 TUN-3007: Implement named tunnel connection registration and unregistration. 2020.6.6 - 2020-06-23 AUTH-2685: Adds script to create release - 2020-06-25 AUTH-2652: Update cloudflare repo - 2020-06-26 AUTH-2718: Add target for publishing deb to pkg.cloudflare repo - 2020-06-26 AUTH-2849 all log output to stderr - 2020-06-17 TUN-3106: Pass NamedTunnel config to StartServer - 2020-06-18 TUN-3107: UnregisterConnection shouldn't wrap nil error as RPC error - 2020-06-17 AUTH-2652: Adds .docker-images to push images to docker hub - 2020-06-18 AUTH-2712 mac package build script and better config file handling when started as a service 2020.6.5 - 2020-06-16 DEVTOOLS-7321: Don't skip macOS builds based on tag - 2020-06-16 fix for a flaky test - 2020-06-16 AUTH-2815 flag check was wrong. stupid oversight - 2020-06-16 TUN-3101: Tunnel list command should only show non-deleted, by default - 2020-06-16 TUN-3066: Command line action for tunnel run - 2020-06-16 TUN-3100 make updater report the right text 2020.6.4 - 2020-06-11 TUN-3085: Pass connection authentication information using TunnelAuth struct - 2020-06-15 TUN-3084: Generate and store tunnel_secret value during tunnel creation - 2020-06-16 AUTH-2815 add the log file to support the config.yaml file - 2020-06-02 TUN-3015: Add a new cap'n'proto RPC interface for connection registration as well as matching client and server implementations. The old interface extends the new one for backward compatibility. 2020.6.3 - 2020-06-15 DEVTOOLS-7321: Add openssh-client pkg for missing ssh-keyscan - 2020-06-15 AUTH-2813 adds back a single file support a cloudflared log file 2020.6.2 - 2020-06-11 AUTH-2648 updated usage text - 2020-06-11 AUTH-2763 don't redirect from curl command - 2020-06-12 TUN-3090: Upgrade crypto dep - 2020-06-11 TUN-3038: Add connections to tunnel list table - 2020-06-12 AUTH-2810 added warn for backwards compatibility sake 2020.6.1 - 2020-06-09 AUTH-2796 fixed windows build 2020.6.0 - 2020-06-05 AUTH-2645 protect against user mistaken flag input - 2020-06-05 AUTH-2687 don't copy config unnecessarily - 2020-06-05 AUTH-2169 make access login page more generic - 2020-06-05 AUTH-2729 added log file and level to cmd flags to match config file settings - 2020-06-08 AUTH-2785 service token flag fix and logger fix - 2020-05-20 AUTH-2682: Create buster build - 2020-05-21 TUN-2928, TUN-2929, TUN-2930: Add tunnel subcommands to interact with tunnel store service - 2020-05-29 Adding support for multi-architecture images and binaries (#184) - 2020-05-29 TUN-3019: Remove declarative tunnel entry code - 2020-05-29 TUN-3020: Remove declarative tunnel related RPC code - 2020-05-13 AUTH-2505 added aliases - 2020-05-14 AUTH-2529 added deprecation text to db-connect command - 2020-05-18 AUTH-2686: Added error handling to tunnel subcommand - 2020-05-04 AUTH-2369: RDP Bastion prototype - 2020-04-29 AUTH-2596 added new logger package and replaced logrus - 2020-04-25 DEVTOOLS-7321: Use SSH key from env for pushing to GitHub - 2020-04-25 DEVTOOLS-7321: Push to a test branch instead of to master - 2020-03-30 DEVTOOLS-7321: Add scripts for macOS builds and homebrew uploads 2020.5.1 - 2020-05-07 TUN-2860: Enable quick reconnect feature by default - 2020-05-07 AUTH-2564: error handling and minor fixes - 2020-05-01 AUTH-2588 add DoH to service mode 2020.5.0 - 2020-05-01 TUN-2943: Copy certutil from edge into cloudflared - 2020-05-05 TUN-2955: Fix connection and goroutine leaks when tunnel conection is terminated on error. Only unregister tunnels that had connected successfully. Close edge connection used to unregister the tunnel. Use buffered channels for error channels where receiver may quit early on context cancellation. - 2020-04-30 TUN-2940: Added delay parameter to stdin reconnect command. - 2020-04-27 TUN-2921: Rework address selection logic to avoid corner cases - 2020-04-28 TUN-2872: Exit with non-0 status code when the binary is updated so launchd will restart the service - 2020-04-13 AUTH-2587 add config watcher and reload logic for access client forwarder 2020.4.0 - 2020-04-10 TUN-2881: Parameterize response meta information header name in the generating function - 2020-04-11 TUN-2894: ResponseMetaHeader should be public - 2020-04-09 TUN-2880: Return metadata about source of the response from cloudflared - 2020-04-04 ARES-899: Fixes DoH client as system resolver. Fixes #91 - 2020-03-31 AUTH-2394 added socks5 proxy - 2020-02-24 AUTH-2235 GetTokenIfExists now parses JWT payload for json expiry field to detect if the cached access token is expired 2020.3.2 - 2020-03-31 TUN-2854: Quick Reconnects should be an optional supported feature - 2020-03-30 TUN-2850: Tunnel stripping Cloudflare headers 2020.3.1 - 2020-03-27 TUN-2846: Trigger debug reconnects from stdin commands, not SIGUSR1 2020.3.0 - 2020-03-23 AUTH-2394 fixed header for websockets. Added TCP alias - 2020-03-10 TUN-2797: Fix panic in SetConnDigest by making mutexes values. - 2020-03-13 TUN-2807: cloudflared hello-world shouldn't assume it's my first tunnel - 2020-03-13 TUN-2756: Set connection digest after reconnect. - 2020-03-16 TUN-2812: Tunnel proxies and RPCs can share an edge address - 2020-03-18 TUN-2816: cloudflared metrics server should be more discoverable - 2020-03-19 TUN-2820: Serialized headers for Websockets - 2020-03-19 TUN-2819: cloudflared should close its connections when a signal is sent - 2020-03-19 TUN-2823: Bugfix. cloudflared would hang forever if error occurred. - 2020-03-10 TUN-2796: Implement HTTP2 CONTINUATION headers correctly - 2020-03-02 TUN-2779: update sample HTML pages - 2020-03-04 TUN-2785: Use reconnect token by default - 2020-03-05 TUN-2754: Add ConnDigest to cloudflared and its RPCs - 2020-03-06 TUN-2755: ReconnectTunnel RPC now transmits ConnectionDigest - 2020-03-06 TUN-2761: Use the new header management functions in cloudflared - 2020-03-06 TUN-2788: cloudflared should store one ConnDigest per HA connection - 2020-02-26 TUN-2767: Test for large headers - 2020-02-28 do not terminate tunnel if origin is not reachable on start-up (#177) - 2020-02-28 TUN-2776: Add header serialization feature in cloudflared - 2020-02-21 TUN-2748: Insecure randomness vulnerability in github.com/miekg/dns 2020.2.1 - 2020-02-20 TUN-2745: Rename existing header management functions - 2020-02-21 TUN-2746: Add the new header management functions - 2020-02-25 perf(cloudflared): reuse memory from buffer pool to get better throughput (#161) - 2020-02-25 Tweak HTTP host header. Fixes #107 (#168) - 2020-02-25 TUN-2765: Add list of features to tunnelrpc - 2020-02-19 TUN-2725: Specify in code that --edge is for internal testing only - 2020-02-19 TUN-2703: Muxer.Serve terminates when its context is Done - 2020-02-09 TUN-2717: Function to serialize/deserialize HTTP headers - 2020-02-05 TUN-2714: New edge discovery. Connections try to reconnect to the same edge IP. 2020.2.0 - 2020-01-30 TUN-2651: Fix panic in h2mux reader when a stream error is encountered - 2020-01-27 TUN-2645: Revert "TUN-2645: Turn on reconnect tokens" - 2020-01-28 TUN-2693: Metrics for ReconnectTunnel - 2020-01-28 TUN-2696: Add unknown registerRPCName - 2020-01-28 TUN-2699: Metrics for Authenticate RPCs - 2020-01-28 TUN-2690: cloudflared reconnect uses wrong context - 2020-01-29 TUN-2707: Inconsistent cardinality in tunnel error metrics - 2020-01-13 TUN-2645: Turn on reconnect tokens - 2019-12-23 TUN-2646: Make --edge flag work again for local development 2019.12.0 - 2019-12-11 TUN-2631: only notify that activeStreamMap is closed if ignoreNewStreams=true - 2019-12-17 bug(cloudflared): Set the MaxIdleConnsPerHost of http.Transport to proxy-keepalive-connections (#155) - 2019-12-17 refactor(docker): optimize Dockerfile (#126) - 2019-12-19 Fix timer scheduling for systemd update service (#159) - 2019-12-13 TUN-2637: Manage edge IPs in a region-aware manner - 2019-12-03 bug(cloudflared): nil pointer deference on h2DictWriter Close() (#154) - 2019-12-03 TUN-2608: h2mux.Muxer.Shutdown always returns a non-nil channel - 2019-12-04 TUN-2555: origin/supervisor.go calls Authenticate - 2019-12-06 TUN-2554: cloudflared calls ReconnectTunnel - 2019-11-20 TUN-2575: Constructors + simpler conversions for AuthOutcome - 2019-11-22 Fix Docker build failure (#149) - 2019-11-21 TUN-2573: Refactor TunnelRegistration into PermanentRegistrationError, RetryableRegistrationError and SuccessfulTunnelRegistration - 2019-11-22 TUN-2582: EventDigest field in tunnelrpc - 2019-11-22 Fix "happy eyeballs" not being disabled since Golang 1.12 upgrade * The Dialer.DualStack setting is now ignored and deprecated; RFC 6555 Fast Fallback ("Happy Eyeballs") is now enabled by default. To disable, set Dialer.FallbackDelay to a negative value. - 2019-11-25 TUN-2591: ReconnectTunnel now sends EventDigest - 2019-11-21 TUN-2606: add DialEdge helpers - 2019-11-21 TUN-2607: add RPC stream helpers 2019.11.3 - 2019-11-20 TUN-2562: Update Cloudflare Origin CA RSA root 2019.11.2 - 2019-11-18 TUN-2567: AuthOutcome can be turned back into AuthResponse - 2019-11-18 TUN-2563: Exposes config_version metrics 2019.11.1 - 2019-11-12 Add db-connect, a SQL over HTTPS server - 2019-11-12 TUN-2053: Add a /healthcheck endpoint to the metrics server - 2019-11-13 TUN-2178: public API to create new h2mux.MuxedStreamRequest - 2019-11-13 TUN-2490: respect original representation of HTTP request path - 2019-11-18 TUN-2547: TunnelRPC definitions for Authenticate flow - 2019-11-18 TUN-2551: TunnelRPC definitions for ReconnectTunnel flow - 2019-11-05 TUN-2506: Expose active streams metrics 2019.11.0 - 2019-11-04 TUN-2502: Switch to go modules - 2019-11-04 TUN-2500: Don't send client registration errors to Sentry - 2019-11-04 TUN-2489: Delete stream from activestreammap when read and write are both closed - 2019-11-05 TUN-2505: Terminate stream on receipt of RST_STREAM; MuxedStream.CloseWrite() should terminate the MuxedStream.Write() loop - 2019-10-30 TUN-2451: Log inavlid path - 2019-10-22 TUN-2425: Enable cloudflared to serve multiple Hello World servers by having each of them create its own ServeMux - 2019-10-22 AUTH-2173: Prepends access login url with scheme if one doesnt exist - 2019-10-23 TUN-2460: Configure according to the ClientConfig recevied from a successful Connect - 2019-10-23 AUTH-2177: Reads and writes error streams 2019.10.4 - 2019-10-21 TUN-2450: Remove Brew publishing formula 2019.10.3 - 2019-10-18 Fix #129: Excessive memory usage streaming large files (#142) 2019.10.2 - 2019-10-17 AUTH-2167: Adds CLI option for host key directory 2019.10.1 - 2019-10-17 Adds variable to fix windows build 2019.10.0 - 2019-10-11 AUTH-2105: Dont require --destination arg - 2019-10-14 TUN-2344: log more details: http2.Framer.ErrorDetail() if available, connectionID - 2019-10-16 AUTH-2159: Moves shutdownC close into error handling AUTH-2161: Lowers size of preamble length AUTH-2160: Fixes url parsing logic - 2019-10-16 AUTH-2135: Adds support for IPv6 and tests - 2019-10-02 AUTH-2105: Adds support for local forwarding. Refactor auditlogger creation. AUTH-2088: Adds dynamic destination routing - 2019-10-09 AUTH-2114: Uses short lived cert auth for outgoing client connection - 2019-09-30 AUTH-2089: Revise ssh server to function as a proxy 2019.9.2 - 2019-09-26 TUN-2355: Roll back TUN-2276 2019.9.1 - 2019-09-23 TUN-2334: remove tlsConfig.ServerName special case - 2019-09-23 AUTH-2077: Quotes open browser command in windows - 2019-09-11 AUTH-2050: Adds time.sleep to temporarily avoid hitting tunnel muxer dealock issue - 2019-09-10 AUTH-2056: Writes stderr to its own stream for non-pty connections - 2019-09-16 TUN-2307: Capnp is the only serialization format used in tunnelpogs - 2019-09-18 TUN-2315: Replace Scope with IntentLabel - 2019-09-17 TUN-2309: Split ConnectResult into ConnectError and ConnectSuccess, each implementing its own capnp serialization logic - 2019-09-18 AUTH-2052: Adds tests for SSH server - 2019-09-18 AUTH-2067: Log commands correctly - 2019-09-19 AUTH-2055: Verifies token at edge on access login - 2019-09-04 TUN-2201: change SRV records used by cloudflared - 2019-09-06 TUN-2280: Revert "TUN-2260: add name/group to CapnpConnectParameters, remove Scope" - 2019-09-03 AUTH-1943 hooked up uploader to logger, added timestamp to session logs, add tests - 2019-09-04 AUTH-2036: Refactor user retrieval, shutdown after ssh server stops, add custom version string - 2019-09-06 AUTH-1942 added event log to ssh server - 2019-09-04 AUTH-2037: Adds support for ssh port forwarding - 2019-09-05 TUN-2276: Path encoding broken 2019.9.0 - 2019-09-05 TUN-2279: Revert path encoding fix - 2019-08-30 AUTH-2021 - check error for failing tests - 2019-08-29 AUTH-2030: Support both authorized_key and short lived cert authentication simultaniously without specifiying at start time - 2019-08-29 AUTH-2026: Adds support for non-pty sessions and inline command exec - 2019-08-26 AUTH-1943: Adds session logging - 2019-08-26 TUN-2162: Decomplect OpenStream to allow finer-grained timeouts - 2019-08-29 TUN-2260: add name/group to CapnpConnectParameters, remove Scope 2019.8.4 - 2019-08-30 Fix #111: Add support for specifying a specific HTTP Host: header on the origin. (#114) - 2019-08-22 TUN-2165: Add ClientConfig to tunnelrpc.ConnectResult - 2019-08-20 AUTH-2014: Checks users login shell - 2019-08-26 TUN-2243: Revert "STOR-519: Add db-connect, a SQL over HTTPS server" - 2019-08-27 TUN-2244: Add NO_AUTOUPDATE env var - 2019-08-22 AUTH-2018: Adds support for authorized keys and short lived certs - 2019-08-28 AUTH-2022: Adds ssh timeout configuration - 2019-08-28 TUN-1968: Gracefully diff StreamHandler.UpdateConfig - 2019-08-26 AUTH-2021 - s3 bucket uploading for SSH logs - 2019-08-19 AUTH-2004: Adds static host key support - 2019-07-18 AUTH-1941: Adds initial SSH server implementation 2019.8.3 - 2019-08-20 STOR-519: Add db-connect, a SQL over HTTPS server - 2019-08-20 Release 2019.8.2 - 2019-08-20 Revert "AUTH-1941: Adds initial SSH server implementation" - 2019-08-11 TUN-2163: Add GrapQLType method to Scope interface - 2019-08-06 TUN-2152: Requests with a query in the URL are erroneously escaped - 2019-07-18 AUTH-1941: Adds initial SSH server implementation 2019.8.1 - 2019-08-05 TUN-2111: Implement custom serialization logic for FallibleConfig and OriginConfig - 2019-08-06 Revert "TUN-1736: Missing headers when passing an invalid path" 2019.8.0 - 2019-07-11 TUN-1956: Go 1.12 update - 2019-07-24 TUN-1736: Missing headers when passing an invalid path - 2019-07-30 TUN-2117: read group/system-name from CLI, send it to edge - 2019-08-02 TUN-2125: Add PostgresType() to Scope - 2019-08-05 TUN-2147: Implemented ScopeUnmarshaler - 2019-07-31 TUN-2110: Implement custom deserialization logic for OriginConfig - 2019-07-31 AUTH-1972: Deletes token lock file if backoff retry attempts exceeded and intercepts signals until lock is released 2019.7.0 - 2019-05-28 TUN-1913: Define OriginService for each type of origin - 2019-04-29 Build a docker container - 2019-06-12 TUN-1952: Group ClientConfig fields by the component that uses the config, and return the part of the config that failed to be applied - 2019-06-05 TUN-1893: Proxy requests to the origin based on tunnel hostname - 2019-06-17 TUN-1961: Create EdgeConnectionManager to maintain outbound connections to the edge - 2019-06-18 TUN-1885: Reconfigure cloudflared on receiving new ClientConfig - 2019-06-19 TUN-1976: Pass tunnel hostname through header - 2019-06-20 TUN-1982: Load custom origin CA when OriginCAPool is specified - 2019-06-26 TUN-2005: Upgrade logrus - 2019-06-20 TUN-1981: Write response header & body on proxy error to notify eyeballs of failure category - 2019-06-20 TUN-1977: Validate OriginConfig has valid URL, and use scheme to determine if a HTTPOriginService is expecting HTTP or Unix - 2019-06-13 DoH: change the media type to application/dns-message - 2019-06-26 AUTH-1736: Better handling of token revocation 2019.6.0 - 2019-05-17 TUN-1828: Update declarative tunnel config struct - 2019-05-29 Handle exit code on err - 2019-05-29 AUTH-1802: Fixed ssh-config templating - 2019-05-30 TUN-1914: Conflate HTTP and Unix OriginConfig, and add TLS config to WebSocketOriginConfig - 2019-06-03 AUTH-1811: ssh-gen config fixes 2019.5.0 - 2019-04-25 TUN-1781: ServeStream should return early on error - 2019-04-30 TUN-1786: Remove low-level Windows service logging - 2019-05-03 TUN-1807: Send cloudflared version in Connect RPC - 2019-01-23 AUTH-1557: Short Lived Certs - 2019-05-13 TUN-1847: Log a distinct message when OpenStream fails while waiting for response headers - 2019-05-13 AUTH-1706: fixes and testing - 2019-05-22 TUN-1880: Save debug and warn level log to logfile - 2019-05-22 AUTH-1781: fixed race condition for short lived certs, doc required config 2019.4.1 - 2019-03-18 TUN-1626: Create new supervisor to establish connection with origintunneld - 2019-04-04 TUN-1619: Add flag to test declarative tunnels. - 2019-04-05 TUN-1577: decompose carrier.StartServer to make TestStartServer less flappy - 2019-03-29 TUN-1606: Define CloudflaredConfig RPC structure, interface for cloudflared's RPC server - 2019-04-02 TUN-1682: Add context to OpenStream to prevent it from blocking indefinitely. - 2019-04-16 TUN-1732: cloudflared metrics should track userHostnames - 2019-04-17 TUN-1734: Pin packages at exact versions - 2019-04-18 TUN-1669: Update license message in help text. Also fix test 2019.4.0 - 2019-03-28 TUN-1648: ConnectionID is now a UUID - 2019-04-01 TUN-1673: Conflate Hello and Connect RPCs 2019.3.2 - 2019-03-22 TUN-1637: Free tunnels shouldn't require cert.pem - 2019-03-18 TUN-1604: Define Connect RPC call 2019.3.1 - 2019-03-09 Add rdp as a supported protocol in URL validation (#76) - 2019-03-15 TUN-1613: improved cloudflared RegisterTunnel fail metrics - 2019-03-17 TUN-1615: revert miekg/dns to last known working revision 2019.3.0 - 2018-12-28 make http transport aware of proxy from envvar - 2019-02-28 TUN-1559: fix nil dereference in TunnelConfig.CloseConnOnce - 2019-03-04 TUN-1451: Make non-interactive, non-service execution possible on Windows - 2019-03-04 TUN-1562: Refactor connectedSignal to be safe to close multiple times - 2019-02-27 TUN-1550: Add validation timeout for non-responsive origins - 2019-03-06 AUTH-1531: Named flags for ssh service tokens - 2019-02-14 Support unix sockets. - 2019-03-08 TUN-1389: Non-scalar flags in a cloudflared config.yml don't get logged - 2019-03-07 TUN-1522: If we can't get SRV from default resolver, get them from 1.1.1.1 DoT 2019.2.1 - 2019-02-14 TUN-1381: should tell you if you're on the latest version rather than just exiting silently - 2019-02-15 TUN-1467: build with Go 1.11 - 2019-02-15 AUTH-1519: Added logging - 2019-02-19 TUN-1525: cloudflared metrics for registration success/fail - 2019-02-19 TUN-1510: Wrap the close() in sync.Once.Do 2019.2.0 - 2019-01-24 AUTH-1462: better curl arg parsing - 2019-02-01 TUN-1456: Only make one UUID - 2019-01-30 cloudflared/linux_service: Add missing /etc/init.d shebang - 2019-02-07 AUTH-1511: Add custom headers for ssh command - 2019-02-01 AUTH-1503: Added RDP support - 2019-02-01 AUTH-1403: Print the paths in the ssh-config instructions 2019.1.0 - 2018-12-10 TUN-1231: Horizontal overflow wrapping on the Hello page - 2018-12-17 TUN-1140: Show usage if invoked with no args or config - 2018-11-06 TUN-632 Filter out common network exceptions from going to Sentry on StartServer - 2019-01-07 TUN-1138: Install cloudflared service directory with 755 permissions - 2019-01-07 TUN-1265: Silent exit when failing to parse config - 2019-01-10 TUN-1350: Enhance error messages with cloudflarestatus.com link, if relevant - 2019-01-16 TUN-1358: Close readyList after Muxer.Serve() has stopped running - 2019-01-24 AUTH-1423: move from stdout to stderr - 2019-01-24 AUTH-1404: reauth if the token is about to expire within 15 minutes - 2019-01-24 AUTH-1459: improved ssh streaming error message - 2019-01-24 AUTH-1211: print all the versions - 2019-01-24 AUTH-1337: fix url path - 2019-01-28 TUN-1418: Rename ProtocolLogger to TransportLogger, and use TransportLogger to log RPC events. - 2019-01-28 TUN-1419: Identify request/response headers/content length with ray ID 2018.12.1 - 2018-12-11 TUN-1270: cloudflared panic (HA metrics missing label) 2018.12.0 - 2018-11-15 TUN-1196: Allow TLS config client CA and root CA to be constructed from multiple certificates - 2018-11-20 TUN-1209: TLS Config Certificates and GetCertificate can both be set - 2018-11-26 TUN-1212: Expose tunnel_id in metrics - 2018-11-30 TUN-1204: remove 'cloudflared hello' command - 2018-12-04 Fix license URL typo - 2018-12-07 TUN-1250: ValidateHTTPService shouldn't follow 302s 2018.11.0 - 2018-10-31 AUTH-1282: Fixed an issue where we were receiving as opposed sending on the channel. - 2018-11-06 TUN-1179: Fix log message in cmd/cloudflared/transfer.Run - 2018-11-13 AUTH-1308: get jwt even when you are already logged in - 2018-11-12 TUN-1190: check URL parse error when starting SSH proxy server - 2018-11-15 AUTH-1320: Fixed request issue and unhide the ssh command 2018.10.5 - 2018-10-18 TUN-968: Flow control for large requests/responses - 2018-10-26 TUN-1158: Windows: use process arguments rather than trivial service arguments - 2018-10-20 #30: Fix the Content-Length header for HTTP2->HTTP1 - 2018-10-29 TUN-1160: pass Host header during origin url validation 2018.10.4 - 2018-09-21 AUTH-1070: added SSH/protocol forwarding - 2018-10-19 AUTH-1235: fixed packaging of deb dev file - 2018-10-19 TUN-1097: Host missing from WebSocket request - 2018-10-19 AUTH-1188: UX Review and Changes for CLI SSH Access 2018.10.3 - 2018-10-08 TUN-1099: Bring back changes in 2018.10.1 - 2018-10-08 TUN-1098: removed deprecation error - 2018-10-08 TUN-1101: False negatives in Cloudflared error reporting 2018.10.2 - 2018-10-06 TUN-1093: Revert cloudflared to 2018.8.0 2018.10.1 - 2018-10-03 TUN-1012: Normalize config filename for Linux services - 2018-10-05 TUN-1081: cloudflared now generates UUIDs - 2018-10-05 TUN-1083: fixed incorrect help menu - 2018-10-05 TUN-1086: fixed config option 2018.10.0 - 2018-08-15 AUTH-910, AUTH-1049, AUTH-1068, AUTH-1056: Generate and store Access tokens with E2EE option, curl/cmd wrapper - 2018-09-11 TUN-890: To support free tunnels, hostname can now be "" - 2018-09-12 TUN-810: Cloudflared should open dash/argotunnel not dash/warp - 2018-09-12 TUN-985: Don't display tunnel ID if it's empty string - 2018-09-11 TUN-881: Display trial zone URL upon successful registration - 2018-09-11 TUN-868: HTTP/HTTPS mismatch should have a better error message - 2018-09-19 TUN-1028: Unhide cloudflared compression flag - 2018-09-20 AUTH-1139: refactored cloudflared help menu - 2018-09-20 TUN-1035: New text for cloudflared tunnel --help - 2018-09-18 AUTH-1136: addressing beta feedback - 2018-09-26 AUTH-1165: hide access command - 2018-09-26 TUN-1046: Document that delta compression is a beta feature - 2018-09-28 TUN-1056: Lint error broke build - 2018-09-27 TUN-1052: Origintunneld can send back an Origincert to Cloudflared - 2018-09-28 TUN-1052: Changing type of OriginCert to :Data - 2018-10-01 TUN-1062: Makefile target for regenerating Capn Proto definitions - 2018-10-02 TUN-1064: Revert OriginCert capnp changes in Cloudflared. Reverts commits a1ee2342e97 and 8c756c45785. - 2018-10-03 TUN-1076: Pin capnproto2 to version 2.17.1 - 2018-10-03 AUTH-1199: unhide access command, added beta label 2018.8.0 - 2018-05-01 Initial commit - 2018-05-03 TUN-595: Add License/Readme files to cloudflared - 2018-05-01 TUN-528: Move cloudflared into a separate repo - 2018-07-24 TUN-813: Clean up cloudflared dependencies - 2018-07-25 TUN-814: Handle error in CreateTLSListener before closing listener - 2018-07-24 TUN-804: create Makefile recipe to build cloudflared and run tests - 2018-07-26 TUN-817: Increase the log time precision - 2018-07-30 TUN-828: Added Connection: keep-alive header - 2018-07-30 TUN-829: prefer p256 curve - 2018-07-31 TUN-834: Enable tracing on cloudflared - 2018-08-07 TUN-820: Fix caddyfile gitignore - 2018-07-25 TUN-804: create make recipe for building deb package - 2018-08-07 TUN-861: Disable cloudflared tracing by default; preserve the latest tracefile - 2018-08-07 TUN-857: Pull the brotli-go dependency from Github - 2018-08-14 TUN-897: Bring back missing Brotli files - 2018-07-26 TUN-804: create makefile recipe to release cloudflared using equinox - 2018-08-15 TUN-901: makefile target for homebrew release - 2018-07-30 TUN-801: Rapid SQL Proxy - 2018-08-27 TUN-833: Don't log system root certificate loading failure on Windows