From f8a0cfd74435169909490cca97ed3698cdb68e84 Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Tue, 31 Mar 2026 20:01:57 +0530 Subject: [PATCH] v1.5.1: release notes (#3950) * v1.5.1: release notes * v1.5.1: release notes * v1.5.1: release notes * v1.5.1: release notes * v1.5.1: release notes * v1.5.1: update version tag * v1.5.1: update version tag --- .github/ISSUE_TEMPLATE/bug-report.yml | 1 + README.md | 2 +- compose/docker-compose.netclient.yml | 2 +- k8s/client/netclient-daemonset.yaml | 2 +- k8s/client/netclient.yaml | 2 +- k8s/server/netmaker-ui.yaml | 2 +- main.go | 4 +- release.md | 80 ++++++++++++++++++--------- scripts/nm-quick.sh | 2 +- swagger.yaml | 80 ++++++++++++++++++++++++++- 10 files changed, 142 insertions(+), 35 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 054c7642..cf173765 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -31,6 +31,7 @@ body: label: Version description: What version are you running? options: + - v1.5.1 - v1.5.0 - v1.4.0 - v1.2.0 diff --git a/README.md b/README.md index baee6147..665e8e92 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@

- + diff --git a/compose/docker-compose.netclient.yml b/compose/docker-compose.netclient.yml index 6d42d201..538f2ccd 100644 --- a/compose/docker-compose.netclient.yml +++ b/compose/docker-compose.netclient.yml @@ -3,7 +3,7 @@ version: "3.4" services: netclient: container_name: netclient - image: 'gravitl/netclient:v1.5.0' + image: 'gravitl/netclient:v1.5.1' hostname: netmaker-1 network_mode: host restart: on-failure diff --git a/k8s/client/netclient-daemonset.yaml b/k8s/client/netclient-daemonset.yaml index 0644f5f4..bde6ad87 100644 --- a/k8s/client/netclient-daemonset.yaml +++ b/k8s/client/netclient-daemonset.yaml @@ -16,7 +16,7 @@ spec: hostNetwork: true containers: - name: netclient - image: gravitl/netclient:v1.5.0 + image: gravitl/netclient:v1.5.1 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/client/netclient.yaml b/k8s/client/netclient.yaml index d9b7eb89..56ca523d 100644 --- a/k8s/client/netclient.yaml +++ b/k8s/client/netclient.yaml @@ -28,7 +28,7 @@ spec: # - "" containers: - name: netclient - image: gravitl/netclient:v1.5.0 + image: gravitl/netclient:v1.5.1 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/server/netmaker-ui.yaml b/k8s/server/netmaker-ui.yaml index 86cb844c..1d803efc 100644 --- a/k8s/server/netmaker-ui.yaml +++ b/k8s/server/netmaker-ui.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: netmaker-ui - image: gravitl/netmaker-ui:v1.5.0 + image: gravitl/netmaker-ui:v1.5.1 ports: - containerPort: 443 env: diff --git a/main.go b/main.go index 12393d89..08d98023 100644 --- a/main.go +++ b/main.go @@ -36,10 +36,10 @@ import ( "golang.org/x/exp/slog" ) -var version = "v1.5.0" +var version = "v1.5.1" // @title NetMaker -// @version 1.5.0 +// @version 1.5.1 // @description NetMaker API Docs // @tag.name APIUsage // @tag.description.markdown diff --git a/release.md b/release.md index ce70e8e1..fc0fdc4a 100644 --- a/release.md +++ b/release.md @@ -1,45 +1,73 @@ -## Netmaker v1.5.0 Release Notes πŸš€ +# Netmaker v1.5.1 Release Notes πŸš€ ## πŸš€ What’s New -### πŸ”“ Just-In-Time Access (beta) +### πŸ” Traffic Logs (Beta) -- Time-limited, on-demand network access: users request access, admins approve or deny, and grants expire automatically. +Traffic Logs have now moved into **Beta**. -- Request/approval workflow with configurable grant duration; admins retain full control over who accesses which networks and when. +- Traffic Logs are now enriched with relevant **domain tagging**, making network activity easier to audit and investigate. -### πŸ” Overlapping Egress Ranges (beta) - -- Virtual NAT mode enables multiple egress routers to share overlapping IP ranges by assigning each egress a virtual range from a configurable pool. -- Configurable per-network IPv4 pool and site prefix length for virtual range allocation. -- Eliminates routing conflicts when multiple sites need to egress the same destination CIDRs (e.g., multiple offices routing to the same cloud VPC). -- Supports both direct NAT and virtual NAT modes for flexible egress configurations. - -### 🌍 Gateway Monitoring - -- Desktop App connections automatically fail over to healthy gateway hubs when the primary becomes unavailable. -- Gateway health is monitored via connectivity checks and last-seen metrics; only online gateways are used for new connections. +--- ## 🧰 Improvements & Fixes -- **IP Detection Interval** User can now choose the Device Endpoint IP detection interval based on their requirements. +- **Scalability & Reliability Improvements** + Introduced a peer update debouncer that coalesces rapid-fire PublishPeerUpdate calls into a single broadcast β€” a 500ms resettable debounce window capped by a 3s max-wait deadline ensures back-to-back operations (bulk node updates, gateway changes, host deletions) produce one peer update instead of dozens, drastically reducing CPU and MQTT pressure on the control plane -- **User Migration:** Optimized user migration logic to reduce server startup time. + Pre-warms peer update caches after each debounced broadcast so pull requests from hosts are served instantly from cache instead of triggering expensive on-demand computation -- **DNS:** Use Global Nameservers only if no match-all nameservers are configured, added fallback nameserver configuration. + Batched metrics export to netmaker exporter via periodic ticker instead of publishing on every individual MQTT metrics message, reducing continuous CPU pressure from Prometheus scraping -- **Darwin:** Netclients on macOS can now use internet gateway. +- **Database Schema Migration** + Added schema migrations for the **Users, Groups, Roles, Networks, and Hosts** tables. -- **GeoLocation:** Consolidate IP location API usage with fallbacks +- **Deprecated Legacy ACLs** + Legacy ACLs have been **fully removed** as part of the platform’s transition to the updated access control model. +- **Paginated APIs** + Introduced pagination support for **Users** and **Hosts** APIs. -## Known Issues 🐞 +- **DNS** + Added **native Active Directory support**. -- netclients cannot auto-upgrade on ipv6-only machines. +- **Posture Checks** + Nodes can now **skip the auto-update check during join**, improving join reliability in controlled environments. -- Need to optimize multi-network netclient join with enrollment key +- **IDP Sync** + Improved identity provider sync behavior: + - Synced IDP groups are now **denied access by default** until explicitly granted. + - **Okta-specific settings** are now reset when an IDP integration is removed. -- On systems using systemd-resolved in uplink mode, the first 3 entries in resolv.conf are used and rest are ignored. So it might cause DNS issues. Stub mode is preferred. +- **HA Setup** + Streamlined **high availability (HA)** setup and operational workflows. -- When a Windows desktop app is connected to a Full Tunnel Gateway, and a Split Tunnel Gateway at the same time, - the gateway monitoring component would disconnect from the split tunnel gateway. +- **Install Script** + Added **on-demand Monitoring Stack installation** support via: + `./nm-quick.sh -m` + +- **Monitoring Stack** + Updated the monitoring stack to use the **official Prometheus and Grafana images**. + +- **HA Gateways** + Reset Auto Assigned gw when it is disconnected from the network. + +--- + +## 🐞 Known Issues + +- **IPv6-only machines** + Netclients cannot currently **auto-upgrade** on IPv6-only systems. + +- **Multi-network join performance** + Multi-network netclient joins using an **enrollment key** still require optimization. + +- **systemd-resolved DNS limitation** + On systems using **systemd-resolved in uplink mode**, only the **first 3 entries** in `resolv.conf` are honored; additional entries are ignored. This may cause DNS resolution issues. **Stub mode is recommended**. + +- **Windows Desktop App + mixed gateway modes** + When the Windows Desktop App is connected to both: + - a **Full Tunnel Gateway**, and + - a **Split Tunnel Gateway** + + the gateway monitoring component may disconnect from the **Split Tunnel Gateway**. \ No newline at end of file diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh index f12db0be..30b30ff2 100755 --- a/scripts/nm-quick.sh +++ b/scripts/nm-quick.sh @@ -12,7 +12,7 @@ fi CONFIG_PATH="$INSTALL_DIR/$CONFIG_FILE" NM_QUICK_VERSION="1.0.0" #LATEST=$(curl -s https://api.github.com/repos/gravitl/netmaker/releases/latest | grep "tag_name" | cut -d : -f 2,3 | tr -d [:space:],\") -LATEST=v1.5.0 +LATEST=v1.5.1 BRANCH=master if [ $(id -u) -ne 0 ]; then echo "This script must be run as root" diff --git a/swagger.yaml b/swagger.yaml index 5f3292f2..827ed941 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -158,6 +158,8 @@ definitions: properties: id: $ref: '#/definitions/models.AclGroupType' + name: + type: string value: type: string type: object @@ -2440,6 +2442,8 @@ definitions: type: boolean country_code: type: string + created_at: + type: string daemoninstalled: type: boolean debug: @@ -2520,6 +2524,8 @@ definitions: type: array turn_endpoint: $ref: '#/definitions/schema.AddrPort' + updated_at: + type: string verbosity: type: integer version: @@ -2892,7 +2898,7 @@ info: contact: {} description: NetMaker API Docs title: NetMaker - version: 1.5.0 + version: 1.5.1 paths: /api/dns: get: @@ -5911,6 +5917,10 @@ paths: type: string name: os type: array + - description: Search across fields + in: query + name: q + type: string - description: Page number in: query name: page @@ -7535,6 +7545,36 @@ paths: summary: List all user groups tags: - Users + /api/v1/users/groups/network: + get: + parameters: + - description: Network ID + in: query + name: network + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/schema.UserGroup' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/models.ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/models.ErrorResponse' + security: + - oauth: [] + summary: List user groups with access to a network + tags: + - Users /api/v1/users/invite: delete: parameters: @@ -7707,6 +7747,36 @@ paths: summary: Log out a user tags: - Users + /api/v1/users/network: + get: + parameters: + - description: Network ID + in: query + name: network + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + items: + $ref: '#/definitions/models.ReturnUser' + type: array + "400": + description: Bad Request + schema: + $ref: '#/definitions/models.ErrorResponse' + "500": + description: Internal Server Error + schema: + $ref: '#/definitions/models.ErrorResponse' + security: + - oauth: [] + summary: List users with access to a network + tags: + - Users /api/v1/users/network_ip: get: produces: @@ -7957,6 +8027,10 @@ paths: in: query name: auth_type type: string + - description: Search across fields + in: query + name: q + type: string - description: Page number in: query name: page @@ -7993,6 +8067,10 @@ paths: in: query name: default type: string + - description: Search across fields + in: query + name: q + type: string - description: Page number in: query name: page