cloudflare · ranbel · Sep 30, 2025 · Sep 30, 2025 · Sep 30, 2025 · Sep 30, 2025
@@ -191,8 +191,8 @@ Configures the protocol used to route IP traffic from the device to Cloudflare G
 
 **Value**:
 
-- **WireGuard**: (default) Establishes a [WireGuard](https://www.wireguard.com/) connection to Cloudflare. The WARP client will encrypt traffic using a non-FIPs compliant cipher suite, `TLS_CHACHA20_POLY1305_SHA256`. When switching from MASQUE to WireGuard, users may lose Internet connectivity if their Wi-Fi network blocks the [ports and IPs](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#warp-ingress-ip) required for WireGuard to function.
-- **MASQUE**: Establishes an HTTP/3 connection to Cloudflare. The WARP client will encrypt traffic using TLS 1.3 and a [FIPS 140-2](https://csrc.nist.gov/pubs/fips/140-2/upd2/final) compliant cipher suite, `TLS_AES_256_GCM_SHA384`. [Override local interface IP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#override-local-interface-ip) is enabled by default for devices with MASQUE enabled.
+- **WireGuard**: Establishes a [WireGuard](https://www.wireguard.com/) connection to Cloudflare. The WARP client will encrypt traffic using a non-FIPs compliant cipher suite, `TLS_CHACHA20_POLY1305_SHA256`. When switching from MASQUE to WireGuard, users may lose Internet connectivity if their Wi-Fi network blocks the [ports and IPs](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/#warp-ingress-ip) required for WireGuard to function.
+- **MASQUE**: (default) Establishes an HTTP/3 connection to Cloudflare. The WARP client will encrypt traffic using TLS 1.3 and a [FIPS 140-2](https://csrc.nist.gov/pubs/fips/140-2/upd2/final) compliant cipher suite, `TLS_AES_256_GCM_SHA384`. [Override local interface IP](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#override-local-interface-ip) is enabled by default for devices with MASQUE enabled.
 
 For more details on WireGuard versus MASQUE, refer to our [blog post](https://blog.cloudflare.com/zero-trust-warp-with-a-masque).
 

@@ -0,0 +1,37 @@
+releaseNotes: >-
+  This release contains minor fixes and improvements including an updated public key for Linux packages. The public key must be updated if it was installed before September 12, 2025 to ensure the repository remains functional after December 4, 2025. Instructions to make this update are available at [pkg.cloudflareclient.com](https://pkg.cloudflareclient.com/).
+
+
+  **Changes and improvements**
+
+  - MASQUE is now the default [tunnel protocol](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol) for all new WARP device profiles.
+
+  - Improvement to limit idle connections in [Gateway with DoH mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) to avoid unnecessary resource usage that can lead to DoH requests not resolving.
+
+  - Improvements to maintain [Global WARP override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-warp-override) settings when [switching between organizations](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/switch-organizations/#switch-organizations-in-warp).
+
+  - Improvements to maintain client connectivity during network changes.
+version: 2025.7.176.0
+releaseDate: 2025-09-30T20:20:30.460Z
+packageURL: https://downloads.cloudflareclient.com/v1/download/fedora35-arm/version/2025.7.176.0
+packageSize: 52703644
+platformName: Linux
+linuxPlatforms:
+  fedora35-arm: 52703644
+  bookworm-arm: 50093370
+  centos8-intel: 53702711
+  trixie-arm: 50322640
+  bookworm-intel: 51273268
+  fedora35-intel: 53802540
+  jammy-intel: 51280956
+  fedora34-intel: 54145207
+  focal-intel: 51596474
+  bullseye-intel: 51498276
+  centos8-arm: 52922972
+  fedora34-arm: 53139261
+  focal-arm: 50436792
+  bullseye-arm: 50352468
+  noble-intel: 51062672
+  jammy-arm: 50104666
+  trixie-intel: 51059448
+  noble-arm: 50502306
@@ -0,0 +1,20 @@
+releaseNotes: |-
+  This release contains minor fixes and improvements.
+
+  **Changes and improvements**
+  - Fixed a bug preventing the `warp-diag captive-portal` command from running successfully due to the client not parsing SSID on macOS.
+  - Improvements to maintain [Global WARP override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-warp-override) settings when [switching between organizations](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/switch-organizations/#switch-organizations-in-warp).
+  - MASQUE is now the default [tunnel protocol](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol) for all new WARP device profiles.
+  - Improvement to limit idle connections in [Gateway with DoH mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) to avoid unnecessary resource usage that can lead to DoH requests not resolving.
+  - Improvements to maintain client connectivity during network changes.
+  - The WARP client now supports macOS Tahoe (version 26.0).
+
+  **Known issues**
+  - macOS Sequoia: Due to changes Apple introduced in macOS 15.0.x, the WARP client may not behave as expected. Cloudflare recommends the use of macOS 15.4 or later.
+
+  - Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/#route-traffic-to-fallback-server).
+version: 2025.7.176.0
+releaseDate: 2025-09-30T20:43:08.412Z
+packageURL: https://downloads.cloudflareclient.com/v1/download/macos/version/2025.7.176.0
+packageSize: 108538272
+platformName: macOS
@@ -0,0 +1,28 @@
+releaseNotes: |-
+  This release contains minor fixes and improvements.
+
+  **Changes and improvements**
+  - MASQUE is now the default [tunnel protocol](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol) for all new WARP device profiles.
+  - Improvement to limit idle connections in [Gateway with DoH mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#gateway-with-doh) to avoid unnecessary resource usage that can lead to DoH requests not resolving.
+  - Improvement to maintain TCP connections to reduce interruptions in long-lived connections such as RDP or SSH.
+  - Improvements to maintain [Global WARP override](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#global-warp-override) settings when [switching between organizations](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/switch-organizations/#switch-organizations-in-warp).
+  - Improvements to maintain client connectivity during network changes.
+
+  **Known issues**
+  - For Windows 11 24H2 users, Microsoft has confirmed a regression that may lead to performance issues like mouse lag, audio cracking, or other slowdowns. Cloudflare recommends users experiencing these issues upgrade to a minimum [Windows 11 24H2 KB5062553](https://support.microsoft.com/en-us/topic/july-8-2025-kb5062553-os-build-26100-4652-523e69cb-051b-43c6-8376-6a76d6caeefd) or higher for resolution.
+
+  - Devices using WARP client 2025.4.929.0 and up may experience Local Domain Fallback failures if a fallback server has not been configured. To configure a fallback server, refer to [Route traffic to fallback server](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/#route-traffic-to-fallback-server).
+
+  - Devices with KB5055523 installed may receive a warning about `Win32/ClickFix.ABA` being present in the installer. To resolve this false positive, update Microsoft Security Intelligence to [version 1.429.19.0](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes?requestVersion=1.429.19.0) or later.
+
+  - DNS resolution may be broken when the following conditions are all true:
+    - WARP is in Secure Web Gateway without DNS filtering (tunnel-only) mode.
+    - A custom DNS server address is configured on the primary network adapter.
+    - The custom DNS server address on the primary network adapter is changed while WARP is connected.
+
+    To work around this issue, reconnect the WARP client by toggling off and back on.
+version: 2025.7.176.0
+releaseDate: 2025-09-30T20:43:09.303Z
+packageURL: https://downloads.cloudflareclient.com/v1/download/windows/version/2025.7.176.0
+packageSize: 134426624
+platformName: Windows