1.5.0 (1.6.0-beta1)

2020-10-05 -- Version 1.5.0 (actually 1.6.0-beta1)

Version 1.6.0 (1.5.0 is a beta!) is a significant release that incorporates a number of back-ported fixes and features from the ZeroTier 2.0 tree.

Major new features are:

• Multipath support with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
• DNS configuration push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
• AES-GMAC-SIV encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.

Known issues that are not yet fixed in this beta:

• Some Mac users have reported periods of 100% CPU in kernel_task and connection instability after leaving networks that have been joined for a period of time, or needing to kill ZeroTier and restart it to finish leaving a network. This doesn't appear to affect all users and we haven't diagnosed the root cause yet.
• The service sometimes hangs on shutdown requiring a kill -9. This also does not affect all systems or users.
• AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
• Some users have reported multicast/broadcast outages on networks lasting up to 30 seconds. Still investigating.

We're trying to fix all these issues before the 1.6.0 release. Stay tuned.

Version 1.4.6

2019-08-30 -- Version 1.4.6

• Update default root list to latest
• ARM32 platform build and flag fixes
• Add a clarification line to LICENSE.txt
• Fix license message in CLI
• Windows service now looks for service command line arguments
• Fixed a bug that could cause excessive queued multicasts

Version 1.4.4

• Change license from GPL3 to BSL 1.1, see LICENSE.txt
• Fix an issue with the "ipauth" rule and auto-generated unforgeable IPv6 addresses
• Fix socket/bind errors setting IPs and routes on Linux

1.4.2

 * Fix high CPU use bug on some platforms

 * Fix issues with PostgreSQL controller DB (only affects Central)
 * Restore backward compatibility with MacOS versions prior to 10.13

1.4.0.1

This version contains a fix for multicast and mDNS visibility on the Mac platform. This bug also caused some Mac hosts to be unreachable over IPv4. There are no changes for other platforms.

1.4.0

2019-07-29 -- Version 1.4.0

Major Changes

• Mac version no longer requires a kernel extension, instead making use of the [feth interfaces](https://apple.stackexc
• Added support for concurrent multipath (multiple paths at once) with traffic weighting by link quality and faster rec
• Added under-the-hood support for QoS (not yet exposed) that will eventually be configurable via our rules engine.

Minor Changes and Bug Fixes

• Experimental DB driver for LF to store network controller data (LFDB.cpp / LFDB.hpp
• Modified credential push and direct path push timings and algorithms to somewhat reduce "chattiness" of the protocol
• Removed our beta/half-baked integration of Central with the Windows UI. We're going to do a whole new UI of some kind
• Fixed stack overflow issues on Linux versions using musl libc.
• Fixed some alignment problems reported on ARM and ARM64, but some reports we could not reproduce so please report any
• Fixed numerous other small issues and bugs such as ARM alignment issues causing crashes on some devices.
• Windows now sets the adapter name such that it is consistent in both the Windows UI and command line utilities.

Version 1.2.12

2018-07-27 -- Version 1.2.12

 * Fixed a bug that caused exits to take a long time on Mac due to huge numbers of redundant attempts to delete managed routes.
 * Fixed a socket limit problem on Windows that caused the ZeroTier service to run out of sockets, causing the UI and CLI to be unable to access the API.
 * Fixed a threading bug in the ZeroTier Core, albeit one that never manifested on the regular ZeroTier One service/client.
 * Fixed a bug that could cause the service to crash if an authorized local client accessed an invalid URL via the control API. (Not exploitable since you needed admin access anyway.)

1.2.10

2018-05-08 -- Version 1.2.10

• Fix bug loading moons.d/ files for federated root operation.
• Fix compile problem with ZT_DEBUG on some versions of clang
• Fix slow network startup bug related to loading of networks.d/ cache files

1.2.8

2018-04-27 -- Version 1.2.8

Note: see 1.2.6 release notes as well if you are running 1.2.4. This is a minor release.

• Linux version once again builds with PIE (position independent executable) flags
• Fixed bug in zerotier-idtool file sign and verify
• Fixed minor OSX app typo
• Merged alpha NetBSD support (mostly untested, so YMMV)
• Merged several minor typo and one-liner bug fixes

1.2.6

2018-04-17 -- Version 1.2.6

• Features and Core Improvements
  • Path selection has been overhauled to improve path stability, simplify code, and prepare for multi-path and trunking in the next major release.
  • This version introduces remote tracing for remote diagnostics. Network controllers can set a node (usually the controller itself) to receive remote tracing events from all members of the network or from select members. Events are only sent if they pertain to a given network for security reasons.
  • Multicast replication can now be done by designated multicast replicators on a network (flagged as such at the controller) rather than by the sender. Most users won't want this, but it's useful for specialized use cases on hub-and-spoke networks and for low-power devices.
  • Cryptographic performance improvements on several platforms.
  • Multithreaded performance improvements throughout the code base, including the use of an inline lightweight spinlock for low-contention resources.
• Bugs fixed
  • Disappearing routes on Mac (GitHub issue #600)
  • Route flapping and path instability in some dual-stack V4/V6 networks
  • Blacklist (in local.conf) doesn't work reliably (GitHub issue #656)
  • Connection instabilities due to unsigned integer overflows in timing comparisons (use int64_t instead of uint64_t)
  • Binaries don't run on some older or lower-end 32-bit ARM chips (build problem)
  • ARM NEON crypto code crashes (build problem)
  • Fixed some lock ordering issues revealed by "valgrind" tool
  • The "zerotier-idtool" command could not be accessed from "zerotier-one" via command line switch
  • Leaking sockets on some platforms when uPnP/NAT-PMP is enabled
  • Fixed two very rare multithreading issues that were only observed on certain systems
• Platform-Specific Changes
  • MacOS
    • Installer now loads the kernel extension right away so that High Sierra users will see the prompt to authorize it. This is done in the "Security & Privacy" preference pane and must be done driectly on the console (not via remote desktop). On High Sierra and newer kexts must be authorized at the console via security settings system preferences pane.
  • Windows
    • The Windows installer should now install the driver without requiring a special prompt in most cases. This should make it easier for our packages to be accepted into and updated in the Chocolatey repository and should make it easier to perform remote installs across groups of machines using IT management and provisioning tools.
    • The Windows official packages are now signed with an EV certificate (with hardware key).
    • The Windows UI can now log into ZeroTier Central and join networks via the Central API.
    • The zerotier-idtool command should now work on Windows without ugly hacks.
    • Upgraded the installer version.
    • Made a few changes to hopefully fix sporadic "will not uninstall" problems, though we cannot duplicate these issues ourselves.
  • Linux
    • Device names are now generated deterministically based on network IDs for all newly joined networks.
  • Android
    • Multicast now works on Android in most cases! Android apps can send and receive multicast and subscribe to multicast group IPs. Note that in some cases the app must bind to the specific correct interface for this to work.
    • IPv6 can be disabled in UI for cases where it causes problems.