-
Notifications
You must be signed in to change notification settings - Fork 10.7k
[WARP] Release notes #22401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
[WARP] Release notes #22401
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| releaseNotes: >- | ||
| This release contains two significant changes all customers should be aware | ||
| of: | ||
|
|
||
| 1. All DNS traffic now flows inside the WARP tunnel. Customers are no longer | ||
| required to configure their local Firewall rules to allow our DoH IP Address | ||
| or domains. | ||
|
|
||
| 2. When using MASQUE, the connection will fall back to HTTP/2 (TCP) when we | ||
| detect that HTTP/3 traffic is blocked. This allows for a much more reliable | ||
| connection on some public WiFi networks. | ||
|
|
||
|
|
||
| **Changes and improvements** | ||
|
|
||
| - Fixed an issue where the managed network policies could incorrectly report | ||
| network location beacons as missing. | ||
|
|
||
| - Improved DEX Test Error reporting. | ||
|
|
||
| - Fixed an issue causing client notifications to fail in IPv6 only | ||
| environments which prevented the client from receiving configuration changes | ||
| to settings like device profile. | ||
|
|
||
| - Added a TCP fallback for the MASQUE tunnel protocol to improve connectivity | ||
| on networks that block UDP or http/3 specifically. | ||
|
|
||
| - Added new IPs for Client Orchestration API for operations like tunnel | ||
| connectivity checks. If your organization uses a firewall or other policies | ||
| you will need to exempt these IPs. | ||
|
|
||
| - Fixed an issue where frequent network changes could cause WARP to become | ||
| unresponsive. | ||
|
|
||
| - DNS over HTTPS traffic is now included in the WARP tunnel by default. | ||
|
|
||
| - Improvement for WARP to check if tunnel connectivity fails or times out at | ||
| device wake before attempting to reconnect. | ||
|
|
||
| - Fixed an issue causing WARP connection disruptions after network changes. | ||
| version: 2025.4.929.0 | ||
| releaseDate: 2025-05-12T23:21:47.865Z | ||
| packageURL: https://downloads.cloudflareclient.com/v1/download/noble-intel/version/2025.4.929.0 | ||
| packageSize: 45528916 | ||
| platformName: Linux | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| releaseNotes: |- | ||
| This release contains two significant changes all customers should be aware of: | ||
| 1. All DNS traffic now flows inside the WARP tunnel. Customers are no longer required to configure their local Firewall rules to allow our [DoH IP Address or domains](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#doh-ip). | ||
| 2. When using MASQUE, the connection will fall back to HTTP/2 (TCP) when we detect that HTTP/3 traffic is blocked. This allows for a much more reliable connection on some public WiFi networks. | ||
|
|
||
|
|
||
| **Changes and improvements** | ||
| - Fixed an issue where the managed network policies could incorrectly report network location beacons as missing. | ||
| - Improved DEX Test Error reporting. | ||
| - Fixed an issue causing client notifications to fail in IPv6 only environments which prevented the client from receiving configuration changes to settings like device profile. | ||
| - Improved captive portal detection. | ||
| - Added a TCP fallback for the MASQUE tunnel protocol to improve connectivity on networks that block UDP or http/3 specifically. | ||
| - Added new [IPs for Client Orchestration API](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#connectivity-check) for operations like tunnel connectivity checks. If your organization uses a firewall or other policies you will need to exempt these IPs. | ||
| - DNS over HTTPS traffic is now included in the WARP tunnel by default. | ||
| - Improved the error message displayed in the client GUI when the rate limit for entering an incorrect admin override code is met. | ||
| - Added a [Collect Captive Portal Diag](https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/captive-portals/#get-captive-portal-logs) button in the client GUI to make it easier for users to collect captive portal debugging diagnostics. | ||
| - Improved handling of non-SLAAC IPv6 interface addresses for better connectivity in IPv6 only environments. | ||
| - Fixed an issue where frequent network changes could cause WARP to become unresponsive. | ||
| - Improvement for WARP to check if tunnel connectivity fails or times out at device wake before attempting to reconnect. | ||
| - Fixed an issue causing WARP connection disruptions after network changes. | ||
|
|
||
|
|
||
| **Known issues** | ||
| - macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.4 or later. | ||
| version: 2025.4.929.0 | ||
| releaseDate: 2025-05-12T23:20:27.810Z | ||
| packageURL: https://downloads.cloudflareclient.com/v1/download/macos/version/2025.4.929.0 | ||
| packageSize: 96424041 | ||
| platformName: macOS |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Ideally we'd always use either
>-or|-consistently. My personal preference goes to|-because it would require less line breaks in the YAML file. More info at https://stackoverflow.com/a/21699210.