See RELEASE-NOTES.md for release notes.

VERSION 1.8.2

See RELEASE-NOTES.md

See RELEASE-NOTES.md for changes.

This is a patch release incorporating a mitigation against the security issue reported on September 20th, 2021. It's not absolutely required (as the issue was mitigated in our hosted roots) but is highly recommended for all users.

This version finally fixes the "coma" bug that some users have experienced in 1.6.

This version contains a likely fix for a "coma" issue that some users have reported in 1.6.2. Please report any recurrence of this issue with as much detail as possible.

2020-11-30 -- Version 1.6.2

• Fix an ARM hardware AES crypto issue (not an exploitable vulnerability).
• Fix a Linux network leave hang due to a mutex deadlock.

2020-11-24 -- Version 1.6.1

This release fixes some minor bugs and other issues in 1.6.0.

• Fixed a bug that caused IP addresses in the 203.0.0.0/8 block to be miscategorized as not being in global scope.
• Changed Linux builds to (hopefully) fix LXC and SELinux issues.
• Fixed unaligned memory access that caused crash on FreeBSD systems on the ARM architecture.
• Merged CLI options for controlling bonded devices into the beta multipath code.
• Updated Windows driver with Microsoft cross-signing to fix issues on some Windows systems.

Version 1.6.0 is a major release that incorporates back-ported features from the 2.0 branch, which is still under development. It also fixes a number of issues.

New features and improvements (including those listed under 1.5.0):

• Apple Silicon (MacOS ARM64) native support via universal binary. ZeroTier now requires the very latest Xcode to build.
• Linux performance improvements for up to 25% faster tun/tap I/O performance on multi-core systems.
• Multipath support with modes modeled after the Linux kernel's bonding driver. This includes active-passive and active-active modes with fast failover and load balancing. See section 2.1.5 of the manual.
• DNS configuration push from network controllers to end nodes, with locally configurable permissions for whether or not push is allowed.
• AES-GMAC-SIV encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.

Bug fixes:

• Managed route assignment fixes to eliminate missing routes on Linux and what we believe to be the source of sporadic high CPU usage on MacOS.
• Hang on shutdown issues should be fixed.
• Sporadic multicast outages should be fixed.

Known remaining issues:

• AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.