-
saavagebueno released this
2025-11-19 07:16:47 -05:00 | 310 commits to main since this release📅 Originally published on GitHub: Wed, 19 Nov 2025 14:22:53 GMT
🏷️ Git tag created: Wed, 19 Nov 2025 12:16:47 GMTWhat's Changed
- [management] Fix direct peer networks route by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4802
- [management] pass config to controller by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4807
- [management] Add native ssh port rule on 22 by @mlsmaycon in https://github.com/netbirdio/netbird/pull/4810
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.60.0...v0.60.1
Downloads
-
2025-11-18 06:41:17 -05:00 | 313 commits to main since this release📅 Originally published on GitHub: Tue, 18 Nov 2025 16:06:31 GMT
🏷️ Git tag created: Tue, 18 Nov 2025 11:41:17 GMTWhat's New
Native SSH Access & OpenSSH Integration
NetBird v0.60.0 ships a complete rewrite of SSH access. Every peer can now run a built-in SSH server, giving you identity-aware, private SSH access over your NetBird network — using either the
netbird sshcommand or your existing OpenSSH clients.Highlights
-
Built-in SSH server on every peer - Enable with
netbird up --allow-server-sshand get a native SSH endpoint without exposing port 22 to the internet. -
Identity-aware access with JWT - SSH sessions are authenticated via your IdP (OIDC/JWT) by default, so you know which user accessed which machine.
-
Works with
netbird sshand OpenSSH - Usenetbird ssh user@<peer-ip>or standardssh,sftp, andscpcommands; NetBird configures OpenSSH automatically via a drop-in99-netbird.conf. -
Port 22, transparently secured - NetBird listens on TCP 22022 and redirects NetBird-network port 22 traffic to it, so existing SSH workflows keep working without changing ports.
-
Advanced features when you need them - Optional SFTP, local and remote port forwarding, root login, and JWT token caching (
--ssh-jwt-cache-ttl) for fewer auth prompts. -
Machine identity mode (legacy behavior) - Prefer host-based trust? Disable JWT auth with
--disable-ssh-authand rely purely on network-level ACLs.
How it works
- Enable the SSH server on the target peer
netbird down # if already running netbird up --allow-server-sshAdd optional flags for SFTP, port forwarding, or root login as needed:
netbird up --allow-server-ssh \ --enable-ssh-local-port-forwarding \ --enable-ssh-remote-port-forwarding \ --enable-ssh-sftp \ --enable-ssh-root-
Create an ACL policy for SSH
Allow TCP port 22022 from your SSH client peers/groups to your SSH server peers/groups in Access Control. -
Enable SSH in the Dashboard
Open the target peer → enable SSH Access. -
Connect via CLI or OpenSSH
- NetBird CLI:
netbird ssh user@100.119.230.104- OpenSSH:
ssh user@100.119.230.104 sftp user@100.119.230.104 scp file.txt user@100.119.230.104:/path📖 Read more in the SSH documentation: https://docs.netbird.io/how-to/ssh
Client Improvements
- Updated the client login success page with an improved user experience.
#4797 - Reverted deprecated gRPC client code migration to restore expected behavior.
#4805
Management Improvements
- Fixed handling of port ranges in route firewall rules to ensure accurate rule application.
#4801
Upgrade & Compatibility Notes
-
⚠️ NetBird SSH in v0.60.0 is a breaking change:
- Server port changed from 44338 → 22022
- Authentication moved from machine public keys to JWT-based user identity
- Implicit firewall rules were removed - you now need an explicit ACL for port 22022
-
⚠️ Version compatibility: v0.60.0+ SSH is not backward compatible with older peers.
For self-hosted environments, we recommend updating in this order:- Management server
- Dashboard (for browser SSH, if used)
- SSH servers first (peers with
--allow-server-ssh) - SSH clients last (
netbird sshusers)
Full Changelog: v0.59.13...v0.60.0
Downloads
-
-
2025-11-13 18:25:00 -05:00 | 317 commits to main since this release📅 Originally published on GitHub: Thu, 13 Nov 2025 23:30:46 GMT
🏷️ Git tag created: Thu, 13 Nov 2025 23:25:00 GMTWhat's Changed
- [management] activity events on group updates by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4750
- Bump github.com/containerd/containerd from 1.7.27 to 1.7.29 by @dependabot[bot] in https://github.com/netbirdio/netbird/pull/4756
- [management] incremental network map builder by @crn4 in https://github.com/netbirdio/netbird/pull/4753
- [management] add pat rate limiting by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4741
- [management] remove toAll firewall rule by @crn4 in https://github.com/netbirdio/netbird/pull/4725
- [management] remove GLOBAL when disabling foreign keys on mysql by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4615
- [management ] remove timing logs by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4761
- [client] Create networkd.conf.d if it doesn't exist by @lixmal in https://github.com/netbirdio/netbird/pull/4764
- [management] fix pg db deadlock after app panic by @crn4 in https://github.com/netbirdio/netbird/pull/4772
- [client] Fix agent reference by @pappz in https://github.com/netbirdio/netbird/pull/4776
- [management] move network map logic into new design by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4774
- [management] Removed policy posture checks on original peer by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4779
- [client] Fix shutdown blocking on stuck ICE agent close by @lixmal in https://github.com/netbirdio/netbird/pull/4780
- [client] Add quick actions window by @doromaraujo in https://github.com/netbirdio/netbird/pull/4717
- [client] Use stdnet with a context to avoid DNS deadlocks by @lixmal in https://github.com/netbirdio/netbird/pull/4781
- [client] Replace ipset lib by @lixmal in https://github.com/netbirdio/netbird/pull/4777
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.12...v0.59.13
Downloads
-
2025-11-05 11:30:17 -05:00 | 333 commits to main since this release📅 Originally published on GitHub: Wed, 05 Nov 2025 18:38:05 GMT
🏷️ Git tag created: Wed, 05 Nov 2025 16:30:17 GMTWhat's Changed
- [client] Migrate deprecated grpc client code by @lixmal in https://github.com/netbirdio/netbird/pull/4687
- [client] Fix netstack dns forwarder by @lixmal in https://github.com/netbirdio/netbird/pull/4727
- [client] Extend Darwin network monitoring with wakeup detection (cleanup branch) by @pappz in https://github.com/netbirdio/netbird/pull/4723
- Bump github.com/quic-go/quic-go from 0.48.2 to 0.49.1 by @dependabot[bot] in https://github.com/netbirdio/netbird/pull/4621
- [management] update db connection lifecycle configuration by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4740
- [client] Set up networkd to ignore ip rules by @lixmal in https://github.com/netbirdio/netbird/pull/4730
- [client] Clamp MSS on outbound traffic by @lixmal in https://github.com/netbirdio/netbird/pull/4735
- [client] Allow INPUT traffic on the compat iptables filter table for nftables by @lixmal in https://github.com/netbirdio/netbird/pull/4742
- [client] Block on all subsystems on shutdown by @lixmal in https://github.com/netbirdio/netbird/pull/4709
- [client] Add login_hint to oidc flows by @lixmal in https://github.com/netbirdio/netbird/pull/4724
- [client] Add dns config to debug bundle by @lixmal in https://github.com/netbirdio/netbird/pull/4704
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.11...v0.59.12
Downloads
-
2025-10-29 12:27:18 -04:00 | 344 commits to main since this release📅 Originally published on GitHub: Wed, 29 Oct 2025 16:28:13 GMT
🏷️ Git tag created: Wed, 29 Oct 2025 16:27:18 GMTWhat's Changed
- [client] Fix UI panic when switching profiles by @lixmal in https://github.com/netbirdio/netbird/pull/4718
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.10...v0.59.11
Downloads
-
2025-10-28 17:58:43 -04:00 | 345 commits to main since this release📅 Originally published on GitHub: Tue, 28 Oct 2025 22:36:58 GMT
🏷️ Git tag created: Tue, 28 Oct 2025 21:58:43 GMTWhat's Changed
- [client] Fix Connect/Disconnect buttons being enabled or disabled at the same time by @lixmal in https://github.com/netbirdio/netbird/pull/4711
- [client] Use management-provided dns forwarder port on the client side by @lixmal in https://github.com/netbirdio/netbird/pull/4712
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.9...v0.59.10
Downloads
-
2025-10-28 11:11:35 -04:00 | 347 commits to main since this release📅 Originally published on GitHub: Tue, 28 Oct 2025 15:18:19 GMT
🏷️ Git tag created: Tue, 28 Oct 2025 15:11:35 GMTWhat's Changed
- [management] Add peer disapproval reason by @bcmmbaga in https://github.com/netbirdio/netbird/pull/4468
- [client] Fix active profile name in debug bundle by @lixmal in https://github.com/netbirdio/netbird/pull/4689
- [signal] Fix HTTP/WebSocket proxy not using custom certificates by @bcmmbaga in https://github.com/netbirdio/netbird/pull/4644
- [client] Fix macOS state-based dns cleanup by @lixmal in https://github.com/netbirdio/netbird/pull/4701
- [client] Clean up bsd routes independently of the state file by @lixmal in https://github.com/netbirdio/netbird/pull/4688
- Include expired and routing peers in DNS record filtering by @bcmmbaga in https://github.com/netbirdio/netbird/pull/4708
- [management] rewire account manager to permissions manager by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4673
- [client] Redirect dns forwarder port 5353 to new listening port 22054 by @lixmal in https://github.com/netbirdio/netbird/pull/4707
- [client] The status cmd will not be blocked by the ICE probe by @pappz in https://github.com/netbirdio/netbird/pull/4597
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.8...v0.59.9
Downloads
-
2025-10-21 13:23:11 -04:00 | 356 commits to main since this release📅 Originally published on GitHub: Tue, 21 Oct 2025 17:36:04 GMT
🏷️ Git tag created: Tue, 21 Oct 2025 17:23:11 GMTWhat's Changed
- [Snyk] Security upgrade alpine from 3.22.0 to 3.22.2 by @mlsmaycon in https://github.com/netbirdio/netbird/pull/4618
- [management] Delete TURNConfig section from script by @braginini in https://github.com/netbirdio/netbird/pull/4639
- [client] Clean up match domain reg entries between config changes by @lixmal in https://github.com/netbirdio/netbird/pull/4676
- [misc] Update tag name extraction in install.sh by @mlsmaycon in https://github.com/netbirdio/netbird/pull/4677
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.7...v0.59.8
Downloads
-
2025-10-17 07:31:15 -04:00 | 360 commits to main since this release📅 Originally published on GitHub: Fri, 17 Oct 2025 17:29:15 GMT
🏷️ Git tag created: Fri, 17 Oct 2025 11:31:15 GMTWhat's Changed
- [management] feat: Basic PocketID IDP integration by @jfrconley in https://github.com/netbirdio/netbird/pull/4529
- [client] Fix missing flag values in profiles by @lixmal in https://github.com/netbirdio/netbird/pull/4650
- [client] Add bind activity listener to bypass udp sockets by @lixmal in https://github.com/netbirdio/netbird/pull/4646
- [client] Set default wireguard port for new profiles by @lixmal in https://github.com/netbirdio/netbird/pull/4651
- [client] Fix nil pointer when run debug bundle by @pappz in https://github.com/netbirdio/netbird/pull/4652
- [client] Remove rule squashing by @lixmal in https://github.com/netbirdio/netbird/pull/4653
- [client] Support BROWSER env for login by @lixmal in https://github.com/netbirdio/netbird/pull/4654
- [client] Fix status showing P2P without connection by @lixmal in https://github.com/netbirdio/netbird/pull/4661
New Contributors
- @jfrconley made their first contribution in https://github.com/netbirdio/netbird/pull/4529
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.6...v0.59.7
Downloads
-
2025-10-13 11:50:16 -04:00 | 368 commits to main since this release📅 Originally published on GitHub: Tue, 14 Oct 2025 13:56:34 GMT
🏷️ Git tag created: Mon, 13 Oct 2025 15:50:16 GMT
What's Changed
- [managament] sync all other peers on peer add/remove by @hakansa in https://github.com/netbirdio/netbird/pull/4614
- [client] Explicitly disable DNSOverTLS for systemd-resolved by @kleschenko in https://github.com/netbirdio/netbird/pull/4579
- [management] pass temporary flag to validator by @pascal-fischer in https://github.com/netbirdio/netbird/pull/4599
- [misc] Add service definition for netbird-signal by @mlsmaycon in https://github.com/netbirdio/netbird/pull/4620
- [client] Force TLS1.2 for RDP with Win11/Server2025 for CredSSP compatibility by @lixmal in https://github.com/netbirdio/netbird/pull/4617
New Contributors
- @kleschenko made their first contribution in https://github.com/netbirdio/netbird/pull/4579
Full Changelog: https://github.com/netbirdio/netbird/compare/v0.59.5...v0.59.6
Downloads
mirror of
https://github.com/netbirdio/netbird.git
synced 2026-03-31 06:34:19 -04:00