[PR #4346] Bump github.com/docker/docker from 26.1.5+incompatible to 28.0.0+incompatible #4209

New Issue

saavagebueno · 2025-11-20T08:07:56-05:00

saavagebueno commented

2025-11-20 08:07:56 -05:00

Original Pull Request: https://github.com/netbirdio/netbird/pull/4346

State: open
Merged: No

Bumps github.com/docker/docker from 26.1.5+incompatible to 28.0.0+incompatible.

Release notes

Sourced from github.com/docker/docker's releases.

v28.0.0

28.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

docker/cli, 28.0.0 milestone

moby/moby, 28.0.0 milestone

Deprecated and removed features, see Deprecated Features.

Changes to the Engine API, see API version history.

New

Add ability to mount an image inside a container via --mount type=image. moby/moby#48798

You can also specify --mount type=image,image-subpath=[subpath],... option to mount a specific path from the image. docker/cli#5755

docker images --tree now shows metadata badges. docker/cli#5744

docker load, docker save, and docker history now support a --platform flag allowing you to choose a specific platform for single-platform operations on multi-platform images. docker/cli#5331

Add OOMScoreAdj to docker service create and docker stack. docker/cli#5145

docker buildx prune now supports reserved-space, max-used-space, min-free-space and keep-bytes filters. moby/moby#48720

Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. moby/moby#47955

Networking

The docker-proxy binary has been updated, older versions will not work with the updated dockerd. moby/moby#48132

Close a window in which the userland proxy (docker-proxy) could accept TCP connections, that would then fail after iptables NAT rules were set up.

The executable rootlesskit-docker-proxy is no longer used, it has been removed from the build and distribution.

DNS nameservers read from the host's /etc/resolv.conf are now always accessed from the host's network namespace. moby/moby#48290

When the host's /etc/resolv.conf contains no nameservers and there are no --dns overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.

Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses. moby/moby#48808

Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.

IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.

The deprecated OCI prestart hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. moby/moby#47406

Add a new gw-priority option to docker run, docker container create, and docker network connect. This option will be used by the Engine to determine which network provides the default gateway for a container. On docker run, this option is only available through the extended --network syntax. docker/cli#5664

Add a new netlabel com.docker.network.endpoint.ifname to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. moby/moby#49155

When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example eth, the container might fail to start.

The recommended practice is to use a different prefix, for example en0, or a numerical suffix high enough to never collide, for example eth100.

This label can be specified on docker network connect via the --driver-opt flag, for example docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar ….

Or via the long-form --network flag on docker run, for example docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …

If a custom network driver reports capability GwAllocChecker then, before a network is created, it will get a GwAllocCheckerRequest with the network's options. The custom driver may then reply that no gateway IP address should be allocated. moby/moby#49372

Port publishing in bridge networks

dockerd now requires ipset support in the Linux kernel. moby/moby#48596

The iptables and ip6tables rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native nftables support in a future release. moby/moby#48815

If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use iptables -F and ip6tables -F to flush all existing iptables rules from the filter table before starting the older version of the daemon. When that is not possible, run the following commands as root:

iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER

If you were previously running with the iptables filter-FORWARD policy set to ACCEPT and need to restore access to unpublished ports, also delete per-bridge-network rules from the DOCKER chains. For example, iptables -D DOCKER ! -i docker0 -o docker0 -j DROP.

Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. moby/moby#49325

Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. moby/moby#49325

... (truncated)

Commits

af898ab Merge pull request #49495 from vvoland/update-buildkit
d67f035 vendor: github.com/moby/buildkit v0.20.0
00ab386 Merge pull request #49491 from vvoland/update-buildkit
1fde8c4 builder-next: fix cdi manager
cde9f07 vendor: github.com/moby/buildkit v0.20.0-rc3
89e1429 Merge pull request #49490 from thaJeztah/dockerfile_linting
b2b5590 Dockerfile: fix linting warnings
62bc597 Merge pull request #49480 from thaJeztah/docs_api_1.48
670cd81 Merge pull request #49485 from vvoland/c8d-list-panic
a3628f3 docs/api: add documentation for API v1.48
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

**Original Pull Request:** https://github.com/netbirdio/netbird/pull/4346 **State:** open **Merged:** No --- Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.5+incompatible to 28.0.0+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v28.0.0</h2> <h1>28.0.0</h1> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A28.0.0">docker/cli, 28.0.0 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A28.0.0">moby/moby, 28.0.0 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v28.0.0/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v28.0.0/docs/api/version-history.md">API version history</a>.</li> </ul> <h2>New</h2> <ul> <li>Add ability to mount an image inside a container via <code>--mount type=image</code>. <a href="https://redirect.github.com/moby/moby/pull/48798">moby/moby#48798</a> <ul> <li>You can also specify <code>--mount type=image,image-subpath=[subpath],...</code> option to mount a specific path from the image. <a href="https://redirect.github.com/docker/cli/pull/5755">docker/cli#5755</a></li> </ul> </li> <li><code>docker images --tree</code> now shows metadata badges. <a href="https://redirect.github.com/docker/cli/pull/5744">docker/cli#5744</a></li> <li><code>docker load</code>, <code>docker save</code>, and <code>docker history</code> now support a <code>--platform</code> flag allowing you to choose a specific platform for single-platform operations on multi-platform images. <a href="https://redirect.github.com/docker/cli/pull/5331">docker/cli#5331</a></li> <li>Add <code>OOMScoreAdj</code> to <code>docker service create</code> and <code>docker stack</code>. <a href="https://redirect.github.com/docker/cli/pull/5145">docker/cli#5145</a></li> <li><code>docker buildx prune</code> now supports <code>reserved-space</code>, <code>max-used-space</code>, <code>min-free-space</code> and <code>keep-bytes</code> filters. <a href="https://redirect.github.com/moby/moby/pull/48720">moby/moby#48720</a></li> <li>Windows: Add support for running containerd as a child process of the daemon, instead of using a system-installed containerd. <a href="https://redirect.github.com/moby/moby/pull/47955">moby/moby#47955</a></li> </ul> <h2>Networking</h2> <ul> <li>The <code>docker-proxy</code> binary has been updated, older versions will not work with the updated <code>dockerd</code>. <a href="https://redirect.github.com/moby/moby/pull/48132">moby/moby#48132</a> <ul> <li>Close a window in which the userland proxy (<code>docker-proxy</code>) could accept TCP connections, that would then fail after <code>iptables</code> NAT rules were set up.</li> <li>The executable <code>rootlesskit-docker-proxy</code> is no longer used, it has been removed from the build and distribution.</li> </ul> </li> <li>DNS nameservers read from the host's <code>/etc/resolv.conf</code> are now always accessed from the host's network namespace. <a href="https://redirect.github.com/moby/moby/pull/48290">moby/moby#48290</a> <ul> <li>When the host's <code>/etc/resolv.conf</code> contains no nameservers and there are no <code>--dns</code> overrides, Google's DNS servers are no longer used, apart from by the default bridge network and in build containers.</li> </ul> </li> <li>Container interfaces in bridge and macvlan networks now use randomly generated MAC addresses. <a href="https://redirect.github.com/moby/moby/pull/48808">moby/moby#48808</a> <ul> <li>Gratuitous ARP / Neighbour Advertisement messages will be sent when the interfaces are started so that, when IP addresses are reused, they're associated with the newly generated MAC address.</li> <li>IPv6 addresses in the default bridge network are now IPAM-assigned, rather than being derived from the MAC address.</li> </ul> </li> <li>The deprecated OCI <code>prestart</code> hook is now only used by build containers. For other containers, network interfaces are added to the network namespace after task creation is complete, before the container task is started. <a href="https://redirect.github.com/moby/moby/pull/47406">moby/moby#47406</a></li> <li>Add a new <code>gw-priority</code> option to <code>docker run</code>, <code>docker container create</code>, and <code>docker network connect</code>. This option will be used by the Engine to determine which network provides the default gateway for a container. On <code>docker run</code>, this option is only available through the extended <code>--network</code> syntax. <a href="https://redirect.github.com/docker/cli/pull/5664">docker/cli#5664</a></li> <li>Add a new netlabel <code>com.docker.network.endpoint.ifname</code> to customize the interface name used when connecting a container to a network. It's supported by all built-in network drivers on Linux. <a href="https://redirect.github.com/moby/moby/pull/49155">moby/moby#49155</a> <ul> <li>When a container is created with multiple networks specified, there's no guarantee on the order networks will be connected to the container. So, if a custom interface name uses the same prefix as the auto-generated names, for example <code>eth</code>, the container might fail to start.</li> <li>The recommended practice is to use a different prefix, for example <code>en0</code>, or a numerical suffix high enough to never collide, for example <code>eth100</code>.</li> <li>This label can be specified on <code>docker network connect</code> via the <code>--driver-opt</code> flag, for example <code>docker network connect --driver-opt=com.docker.network.endpoint.ifname=foobar …</code>.</li> <li>Or via the long-form <code>--network</code> flag on <code>docker run</code>, for example <code>docker run --network=name=bridge,driver-opt=com.docker.network.endpoint.ifname=foobar …</code></li> </ul> </li> <li>If a custom network driver reports capability <code>GwAllocChecker</code> then, before a network is created, it will get a <code>GwAllocCheckerRequest</code> with the network's options. The custom driver may then reply that no gateway IP address should be allocated. <a href="https://redirect.github.com/moby/moby/pull/49372">moby/moby#49372</a></li> </ul> <h2>Port publishing in bridge networks</h2> <ul> <li><code>dockerd</code> now requires <code>ipset</code> support in the Linux kernel. <a href="https://redirect.github.com/moby/moby/pull/48596">moby/moby#48596</a> <ul> <li>The <code>iptables</code> and <code>ip6tables</code> rules used to implement port publishing and network isolation have been extensively modified. This enables some of the following functional changes, and is a first step in refactoring to enable native <code>nftables</code> support in a future release. <a href="https://redirect.github.com/moby/moby/issues/48815">moby/moby#48815</a></li> <li>If it becomes necessary to downgrade to an earlier version of the daemon, some manual cleanup of the new rules will be necessary. The simplest and surest approach is to reboot the host, or use <code>iptables -F</code> and <code>ip6tables -F</code> to flush all existing <code>iptables</code> rules from the <code>filter</code> table before starting the older version of the daemon. When that is not possible, run the following commands as root: <ul> <li><code>iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT</code></li> <li><code>iptables -D FORWARD -m set --match-set docker-ext-bridges-v4 dst -j DOCKER; ip6tables -D FORWARD -m set --match-set docker-ext-bridges-v6 dst -j DOCKER</code></li> <li>If you were previously running with the iptables filter-FORWARD policy set to <code>ACCEPT</code> and need to restore access to unpublished ports, also delete per-bridge-network rules from the <code>DOCKER</code> chains. For example, <code>iptables -D DOCKER ! -i docker0 -o docker0 -j DROP</code>.</li> </ul> </li> </ul> </li> <li>Fix a security issue that was allowing remote hosts to connect directly to a container on its published ports. <a href="https://redirect.github.com/moby/moby/pull/49325">moby/moby#49325</a></li> <li>Fix a security issue that was allowing neighbor hosts to connect to ports mapped on a loopback address. <a href="https://redirect.github.com/moby/moby/pull/49325">moby/moby#49325</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moby/moby/commit/af898abe44662d9554fb15ee4d4a7307f1b8e315"><code>af898ab</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49495">#49495</a> from vvoland/update-buildkit</li> <li><a href="https://github.com/moby/moby/commit/d67f035d31bab71be3ae7dcaacba41f5a98aad11"><code>d67f035</code></a> vendor: github.com/moby/buildkit v0.20.0</li> <li><a href="https://github.com/moby/moby/commit/00ab386b5a2ebcf85b6a03b800f593c3a140c6a8"><code>00ab386</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49491">#49491</a> from vvoland/update-buildkit</li> <li><a href="https://github.com/moby/moby/commit/1fde8c46159cb41f584c01551f83cc21ecf924d9"><code>1fde8c4</code></a> builder-next: fix cdi manager</li> <li><a href="https://github.com/moby/moby/commit/cde9f0752e9c9f63b459e0247ff7df0b35488af3"><code>cde9f07</code></a> vendor: github.com/moby/buildkit v0.20.0-rc3</li> <li><a href="https://github.com/moby/moby/commit/89e1429b65f194b25fe2e31088a4c4e69a651a47"><code>89e1429</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49490">#49490</a> from thaJeztah/dockerfile_linting</li> <li><a href="https://github.com/moby/moby/commit/b2b55903d0bb54e11bfe22204c1e0b73627943eb"><code>b2b5590</code></a> Dockerfile: fix linting warnings</li> <li><a href="https://github.com/moby/moby/commit/62bc5979908f152a8929ce44927cbdd929bf53ea"><code>62bc597</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49480">#49480</a> from thaJeztah/docs_api_1.48</li> <li><a href="https://github.com/moby/moby/commit/670cd81423932b3e9103f0893c5d5e63a079ae58"><code>670cd81</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/49485">#49485</a> from vvoland/c8d-list-panic</li> <li><a href="https://github.com/moby/moby/commit/a3628f3f8e806ede250e2c95f6757070c9fb56e4"><code>a3628f3</code></a> docs/api: add documentation for API v1.48</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v26.1.5...v28.0.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=26.1.5+incompatible&new-version=28.0.0+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/netbirdio/netbird/network/alerts). </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

saavagebueno added the pull-request label 2025-11-20 08:07:56 -05:00

Sign in to join this conversation.

Branches Tags

main

drop-candidateviaroutes-filter

ui-refactor

fix/rosenpass

ui-refactor-ui

e2e-windows-dns-combined

refactor-combined

wasm-websocket-dial

drop-dns-probes

feature/affected-peers

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

reduce-embed-wg-pool

windows-dns-firewall

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

wasm-js-func-release

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

vnc-server

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#4209