netbird

What's Changed

🚨 Security Fix

• Management API authorization bypass (CWE-639) — A flaw in the management API auth middleware allowed an authenticated user to bypass account-membership checks and RBAC enforcement via a manipulated request parameter. In multi-account deployments this could enable cross-account access; in single-account deployments it could relax per-user authorization checks...

What's Changed

• [client] Add macOS default resolvers as fallback by @lixmal in https://github.com/netbirdio/netbird/pull/5201
• [client] Add block inbound option to the embed client by @lixmal in https://github.com/netbirdio/netbird/pull/5215
• [management] Disable local users for a smooth single-idp mode by @braginini in https://github.com/netbirdio/netbird/pull/5226 https://docs.netbird....

Release Notes for v0.64.3

What's New

Client Improvements

• Removed redundant square bracket trimming in USP endpoint parsing.
  #5197
• Refactored and optimized raw socket header handling for better performance.
  #5174
• Ensured **NetBird stops on firewall initializ...

Release Notes for v0.64.2

What's New

Client Improvements

• Consolidated authentication logic to improve maintainability and consistency.
  #5010
• Added IPv6 support to the UDP WireGuard proxy.
  #5169
• Fixed a flaky JWT SSH test to improve CI stability.
  [#...

Release Notes for v0.64.1

What's New

Client Improvements

• Fixed RFC 4592 wildcard matching for existing domain names.
  #5145
• Extended the WireGuard watcher to also monitor ICE connections.
  #5133
• Added IPv6 support to userspace bind.
  [#5147](https://g...