Firezone

Recent Commits

• Thomas Eizinger (16 Jun 26)

  ci: upload Linux client deb/rpm to QA storage (#13736) Upload the Linux client `.deb` and `.rpm` to the QA artifacts storage account as `linux-gui-client/preview/<arch>.deb` and `linux-gui-client/preview/<arch>.rpm` (e.g. `linux-gui-client/preview/x86_64.deb`), mirroring the existing Windows MSI upload at `windows-gui-client/preview/<arch>`, so the upcoming Linux QA VMs can pull preview builds the same way the Windows clients do. Runs on the existing manual `workflow_dispatch` on `main` and reuses the `AZURE_QA_*` federated identity already used for the Windows upload — its federated credentials need to also trust this workflow on Linux runners. Related: firezone/infra#707 Co-authored-by: Claude <[email protected]>

• Thomas Eizinger (16 Jun 26)

  test(bufferpool): isolate metrics test from global meter (#13734) `buffer_pool_metrics` asserted on the process-global OpenTelemetry counter. Since `cargo test` runs a binary's tests concurrently in a single process, sibling tests' buffer pools recorded into that same counter under shared attributes, making the observed value non-deterministic and the test flaky. The test now records into its own meter provider through a new `BufferPool::with_meter` constructor, leaving `new` — and therefore all existing call-sites — on the global meter. --------- Co-authored-by: Claude <[email protected]>

• Thomas Eizinger (16 Jun 26)

  chore(gui-client): add AppStream metadata (#13730) Including AppStream metadata makes the page inside Gnome Software look nicer when people search for it. Unfortunately, it doesn't change the appearance when double-clicking the package on installing. --------- Signed-off-by: Thomas Eizinger <[email protected]> Co-authored-by: Jamil <[email protected]>

• Jamil (16 Jun 26)

  build(deps): bump vite and js-yaml (#13731) Fixes CVE-2026-53632 Fixes CVE-2026-53550 Fixes CVE-2026-53571

• dependabot[bot] (15 Jun 26)

  build(deps): bump phoenix_live_view from 1.1.31 to 1.1.32 in /elixir (#13699) Bumps [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) from 1.1.31 to 1.1.32. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_view/releases">phoenix_live_view's releases</a>.</em></p> <blockquote> <h2>v1.1.32</h2> <h3>Bug fixes</h3> <ul> <li>Fix stale events from the previous LiveView being sent to the new LiveView after a live redirect (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/4291">#4291</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.1.32/CHANGELOG.md">phoenix_live_view's changelog</a>.</em></p> <blockquote> <h2>v1.1.32 (2026-06-11)</h2> <h3>Bug fixes</h3> <ul> <li>Fix stale events from the previous LiveView being sent to the new LiveView after a live redirect (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/4291">#4291</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/2714408d495fc282ea0f71d2a4f2697826d89578"><code>2714408</code></a> Release v1.1.32</li> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/a9c01bdf660e49829819860bcb2a1f9f50371568"><code>a9c01bd</code></a> Update assets</li> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/0710c825e3f31ae433e0b8c1b6f44906f02a97b2"><code>0710c82</code></a> format</li> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/948e6f8581e0b880b9f6b20514d537edb7f1f2cf"><code>948e6f8</code></a> Run CI on Elixir 1.20 + OTP 29</li> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/9457c4888ffd31211b245135fddb08eb91d995d1"><code>9457c48</code></a> fix test from backport</li> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/cb5d43cc9e164207473180a37723844ca272c31a"><code>cb5d43c</code></a> Update assets</li> <li><a href="https://github.com/phoenixframework/phoenix_live_view/commit/f5e055bbdb4df337ad2b5acd3167ccf1d604d04d"><code>f5e055b</code></a> When navigating, prevent outdated events from reaching the new view (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/4291">#4291</a>)</li> <li>See full diff in <a href="https://github.com/phoenixframework/phoenix_live_view/compare/v1.1.31...v1.1.32">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (15 Jun 26)

  build(deps): bump com.google.firebase:firebase-bom from 34.14.0 to 34.14.1 in /kotlin/android (#13707) Bumps com.google.firebase:firebase-bom from 34.14.0 to 34.14.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• dependabot[bot] (15 Jun 26)

  build(deps): bump gradle/actions from 6.1.1 to 6.2.0 in /.github/actions/setup-android (#13696) Bumps [gradle/actions](https://github.com/gradle/actions) from 6.1.1 to 6.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/gradle/actions/releases">gradle/actions's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2>Highlights</h2> <p>This release brings significant behaviour improvements to <strong>Enhanced caching</strong>, improvements to the generated Job Summary, and a number of correctness and security fixes.</p> <ol> <li><strong>Improved cache-cleanup mechanism.</strong> Cleanup of stale files from the Gradle User Home is now faster, and no longer depends on Gradle or a JVM. It works by inspecting the local file state directly, removing the Gradle invocation from the post-build step.</li> <li><strong>More granular, more stable caching.</strong> The local build cache is stored as a separate cache entry, so it can be restored and invalidated independently of the main Gradle User Home entry. Transient Gradle housekeeping files are excluded from the cache, reducing its size and improving stability.</li> <li><strong>Hide obsolete Job summaries in PR commments</strong>: When a new Job summary comment is added to a PR, previous outdated Job summaries are now hidden.</li> <li><strong>Improved caching report in the job summary.</strong> The cache report now uses a single, consistent layout across all cache states and providers. Provider information is integrated directly into the report, and per-entry details are available in an expandable section. (<a href="https://redirect.github.com/gradle/actions/issues/985">#985</a>)</li> <li><strong>Correctness and security fixes.</strong> A unique cache key is now used per run attempt, so re-runs no longer collide; the job summary shows the cache key string rather than an internal id; and bundled dependencies have been updated, including a ReDoS fix and a fast-xml CVE fix.</li> </ol> <h2>What's Changed</h2> <ul> <li>Remove unnecessary dependency overrides by <a href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/981">gradle/actions#981</a></li> <li>Scope CI-integ-test concurrency groups per-branch by <a href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/983">gradle/actions#983</a></li> <li>Improve typings by <a href="https://github.com/Vampire"><code>@​Vampire</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/938">gradle/actions#938</a></li> <li>Hide obsolete Job summaries by <a href="https://github.com/SimonMarquis"><code>@​SimonMarquis</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/902">gradle/actions#902</a></li> <li>CI: add requireable aggregate/no-op checks for branch protection by <a href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/984">gradle/actions#984</a></li> <li>Redesign the caching Job Summary by <a href="https://github.com/bigdaz"><code>@​bigdaz</code></a> in <a href="https://redirect.github.com/gradle/actions/pull/985">gradle/actions#985</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Vampire"><code>@​Vampire</code></a> made their first contribution in <a href="https://redirect.github.com/gradle/actions/pull/938">gradle/actions#938</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/gradle/actions/compare/v6.1.1...v6.2.0">https://github.com/gradle/actions/compare/v6.1.1...v6.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/gradle/actions/commit/3f131e8634966bd73d06cc69884922b02e6faf92"><code>3f131e8</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/97715a29bc75b4c8eeea944dee111d567bb582b5"><code>97715a2</code></a> Redesign the caching Job Summary (<a href="https://redirect.github.com/gradle/actions/issues/985">#985</a>)</li> <li><a href="https://github.com/gradle/actions/commit/8b6cdb5f580ff6b19af985e0fa90cd86daf1d3e1"><code>8b6cdb5</code></a> CI: add requireable aggregate/no-op checks for branch protection (<a href="https://redirect.github.com/gradle/actions/issues/984">#984</a>)</li> <li><a href="https://github.com/gradle/actions/commit/5852e0e5d82ffa89e04ed56eb37c14028a1ce459"><code>5852e0e</code></a> [bot] Update dist directory</li> <li><a href="https://github.com/gradle/actions/commit/318eed703815f0482a7498a267b758f78fe7bcb9"><code>318eed7</code></a> Hide obsolete Job summaries (<a href="https://redirect.github.com/gradle/actions/issues/902">#902</a>)</li> <li><a href="https://github.com/gradle/actions/commit/a7406612929c8997f724ceab900ed029936e3bf5"><code>a740661</code></a> Improve typings (<a href="https://redirect.github.com/gradle/actions/issues/938">#938</a>)</li> <li><a href="https://github.com/gradle/actions/commit/7ae0d0208cc8604463cd30cf64c54d08ac84d13f"><code>7ae0d02</code></a> Update gradle-actions-caching library to v0.6.0 (<a href="https://redirect.github.com/gradle/actions/issues/982">#982</a>)</li> <li><a href="https://github.com/gradle/actions/commit/e473973a5b07be6339cc6d3cf458bb1b30eb9b08"><code>e473973</code></a> Scope CI-integ-test concurrency groups per-branch</li> <li><a href="https://github.com/gradle/actions/commit/35a4a3f355e0599a8af664843f0d1a683e5b2230"><code>35a4a3f</code></a> Queue up integ-test runs</li> <li><a href="https://github.com/gradle/actions/commit/b6eebf33f1e928997bb7ff32e39933e3c015ccff"><code>b6eebf3</code></a> [bot] Update dist directory</li> <li>Additional commits viewable in <a href="https://github.com/gradle/actions/compare/5e2ebd065dc2488b7a6ad670704656cbbe1e8f60...3f131e8634966bd73d06cc69884922b02e6faf92">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Thomas Eizinger (15 Jun 26)

  fix(apple): run SMAppService calls off the main thread (#13723) `SMAppService.status` and `register()` make a synchronous XPC round-trip to `smd` that can block the caller for seconds. Because approachable concurrency runs `nonisolated async` functions on the caller's executor, these calls ran on the MainActor (the callers in `Store` are `@MainActor`) and froze the UI. This moves the blocking calls onto a detached task so they run off the main thread, and drops the `pauseAppHangTracking` workaround that only hid the reports without preventing the freeze. --------- Co-authored-by: Claude <[email protected]>

• Jamil (15 Jun 26)

  fix(portal): workaround tlsv1.3 middlebox compat issue (#13721) Workaround for an apparent bug in the OTP ssl client codepath related to middlebox compat handling. Tested manually against our three main auth providers and also verified that is effectively a no-op in the TLS client case since we are not dealing connecting clients, only doing the connecting ourselves. --- Related: https://github.com/erlang/otp/issues/11237

• Brian Manifold (15 Jun 26)

  fix(portal): fix dark mode icon bg (#13680) This PR updates the auth/directory provider icons to make sure they are all visible in dark mode. This PR also refactors the provider_icon component to provide more unified usage of provider icons and make the provider icons look more uniform where ever they are used. Finally, this PR also refactored how custom OS and brand icons are stored and used in the codebase. Previously, some of the OS icons were being hard encoded in `icon` components. This PR moves them to their own individual SVG files and treats them similar to how we utilize the Remix icons. This will also give us a place to add any new icons we might need that aren't apart of the Remix icon pack. Fixes: #12999

• Thomas Eizinger (15 Jun 26)

  chore(bufferpool): warn when returned capacity deviates (#13720) The pool relies on all buffers being equal in size. Operations that reallocate a buffer (e.g. growing it past its capacity) silently break this invariant and grow memory. Log a warning when a buffer is returned to the pool with a capacity other than the one it was allocated with. We allow changing the capacity but the warning itself tells us we should investigate it. Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

• Thomas Eizinger (15 Jun 26)

  fix(connlib): size perf UDP recv buffers to GRO batch (#13719) The perf UDP socket pooled fixed 64 KiB (`u16::MAX`) receive buffers. On Linux/Android/Windows the kernel coalesces up to 64 datagrams via generic receive offload into a single buffer; a worst-case batch of full-size Firezone datagrams (64 * 1316 = 84224 bytes) exceeds 64 KiB and would be truncated, dropping segments. On Apple, which has no GRO, each buffer only ever holds one datagram, so 64 KiB wasted ~50x. Size buffers as `MAX_FZ_PAYLOAD * gro_segments()` instead, matching quinn's own receive-buffer invariant. Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>

• Thomas Eizinger (15 Jun 26)

  fix(rust): aggregate metrics before sending to Sentry (#13712) The `SentryMeterProvider` submitted one Sentry metric per measurement, bypassing all aggregation. Because data-plane instruments such as `system.network.packets` and `eventloop.poll.duration` are recorded per packet and per event-loop poll, a handful of gateways emitted gigabytes of metrics per hour once `stream_metrics` was enabled. This aggregates metrics in-memory and flushes them periodically instead. Counters and gauges fold to a single value per series. Distributions keep a fair, bounded random sample (reservoir sampling) plus the observed maximum, so Sentry's server-side percentiles stay accurate while the data volume is bounded by the reservoir size rather than the packet rate. Aggregating through the OpenTelemetry exporter was tried before and reverted because summarising histograms there destroyed percentile fidelity; sampling the raw values keeps p99 meaningful while still bounding volume. Once `opentelemetry` includes exemplars for histograms, we can retire our manual sampling approach and use that instead. Related: #13713 Related: #13557 Co-authored-by: Claude <[email protected]>

• Thomas Eizinger (15 Jun 26)

  ci: push release artifacts via OIDC not connection string (#13716) Authenticate the `firezoneartifacts` uploads (data-plane gateway/relay binaries, apt preview + index regeneration, release promotion) with the dedicated `github-actions-artifacts` OIDC identity via `azure/login` + `--auth-mode login`, replacing the shared account-key connection string. Related: firezone/infra#687 Co-authored-by: Claude <[email protected]>

• dependabot[bot] (15 Jun 26)

  build(deps): bump phoenix from 1.8.7 to 1.8.8 in /elixir (#13701) Bumps [phoenix](https://github.com/phoenixframework/phoenix) from 1.8.7 to 1.8.8. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix/blob/main/CHANGELOG.md">phoenix's changelog</a>.</em></p> <blockquote> <h2>1.8.8 (2026-06-10)</h2> <h3>Enhancements</h3> <ul> <li>[phx.new] Use LiveView 1.2.0</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/phoenixframework/phoenix/commit/99df0a99da13265cb8b5cd3a506a79b3de34339f"><code>99df0a9</code></a> Release v1.8.8</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/729f7810d51285d782625378230e9d1e05c18c54"><code>729f781</code></a> Generator changes for LiveView 1.2 (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6696">#6696</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/d453e379f047e923d96daaf79c0b45d8b4558d2d"><code>d453e37</code></a> Use Elixir's builtin consolidation from v1.19, closes <a href="https://redirect.github.com/phoenixframework/phoenix/issues/4951">#4951</a></li> <li><a href="https://github.com/phoenixframework/phoenix/commit/f30fa36abb64cc66ac94f213439f903aa5a62c34"><code>f30fa36</code></a> Clarify channel payloads can be any serializable value (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6695">#6695</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/e1e7912418dc243faddd71d1136bd743eb84835f"><code>e1e7912</code></a> Replace all hexdocs URLs with the subdomain format (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6693">#6693</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/cf9dd26f1ab9e19abdfeb094644a6a0d8158421f"><code>cf9dd26</code></a> Add README template for Phoenix umbrella (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6691">#6691</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/39eb5ddb328b0187712172bc75626c735192f62d"><code>39eb5dd</code></a> Refactor template override backward compatibility test (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6684">#6684</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/e1c3816c262f32b1556602d9fe717983a9b8bc5b"><code>e1c3816</code></a> chore: small typo fix in controllers.md (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6689">#6689</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/b6a4e31325197fae150096eadce93846dcfb58e5"><code>b6a4e31</code></a> Make websocket disconnect codes explicit (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6678">#6678</a>)</li> <li><a href="https://github.com/phoenixframework/phoenix/commit/eea489597e56a92ebb54be2cb0b7828d3d2e8494"><code>eea4895</code></a> Add eex suffix to phx.gen.auth template override test (<a href="https://redirect.github.com/phoenixframework/phoenix/issues/6680">#6680</a>)</li> <li>Additional commits viewable in <a href="https://github.com/phoenixframework/phoenix/compare/v1.8.7...v1.8.8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

• Thomas Eizinger (14 Jun 26)

  docs(rust): document the code, not the change (#13715) Comments should describe the code as it is, not the change that produced it — phrasing like "instead of …" or "now …" is meaningless to a reader who never saw the diff. The rationale for a change belongs in the commit message and PR description instead. Related: #13712 Co-authored-by: Claude <[email protected]>

• Thomas Eizinger (14 Jun 26)

  ci: push QA binaries to dedicated QA storage via OIDC (#13694) The QA-only loadtest binaries and the preview MSI consumed by the QA clients now go to a dedicated QA artifacts storage account, authenticated with GitHub OIDC. --------- Signed-off-by: Thomas Eizinger <[email protected]> Co-authored-by: Claude <[email protected]>

• Thomas Eizinger (14 Jun 26)

  fix(connlib): rewrite query IDs of upstream TCP DNS queries (#13664) All TCP DNS queries to a given upstream resolver are multiplexed over a single TCP connection. We currently forward the stub resolver's original query ID and refuse to send a query whose ID collides with one that is already in flight on that connection. Windows' stub resolver always uses query ID 1 for TCP queries, so concurrent TCP queries (e.g. A + AAAA for the same domain) fail with SERVFAIL. Rewrite query IDs to a locally-unique wire ID when sending upstream and translate responses back to the original ID, like other DNS forwarders do. This also closes a gap where a query ID that collided with an already *sent* (rather than pending) query would mis-associate responses. Co-authored-by: Claude <[email protected]>

• Firezone Bot (14 Jun 26)

  chore: publish android-client 1.5.11 (#13679)

• Thomas Eizinger (14 Jun 26)

  fix(connlib): retry TUN writes on ENOSPC and track drops (#13666) On MacOS / iOS, writing to the TUN device fails with `ENOSPC` ("No space left on device") when the utun queue is full, and we drop the packet after logging a warning. This is the TUN-device twin of the `ENOBUFS` condition we already handle on UDP sockets: transient, clears off-thread, and not observable via write-readiness. Apply the same spin-and-yield retry pattern to TUN writes before giving up. Retries and dropped packets are recorded as metrics so we can track how often the queue fills up. A drop after exhausted retries is logged on debug — like any congested network device, dropping at that point is by design. Co-authored-by: Claude <[email protected]>

• Thomas Eizinger (13 Jun 26)

  refactor(connlib): introduce otel-instruments crate for meters (#13695) Each OpenTelemetry instrument is identified by its name, kind and unit, so every call site recording to it must share one definition; data points differ only by attributes. The `connlib` meter's instruments were instead defined inline at each call site — `system.network.packets`, for example, was built in three separate places — and the `network.packet.dropped` / queue-length helpers lived in `telemetry`. This collects all of them into a dedicated `otel-instruments` crate that consumers depend on directly. No metrics change names, descriptions, units or attributes; this is a pure refactor. Co-authored-by: Claude <[email protected]>

• Jamil (13 Jun 26)

  fix(portal): use server_wal_start as lsn (#13692) The server_wal_start is the actual lsn of the record being decoded whereas the server_wal_end is the server's current position on disk and may in fact be duplicated across messages. In practice this is not likely or possible since pgoutput smooths this over but it would be good to be correct here. We also remove the `on_conflict` clause so that we crash if we unexpectedly get this wrong. Reference: https://raw.githubusercontent.com/postgres/postgres/master/src/backend/replication/walsender.c > Authoritatively confirmed: WalSndPrepareWrite sets both dataStart (server_wal_start) and walEnd (server_wal_end) to the same lsn. Let me confirm the one remaining load-bearing claim — that a multi-insert (COPY) record assigns the same LSN to every tuple's change — by checking the decoder.

• Jamil (11 Jun 26)

  fix(android): explicitly align to 16KB pages (#13677) Fixes an issue introduced in CI where the wrong NDK was being set, causing the default page alignment to drop back down to 4 KB. 16 KB page alignment is required for all Android apps targeting 15+.

• Jamil (11 Jun 26)

  refactor(portal): caveat dual ip stack (#13560) Will hopefully reduce support burden given the amount of times we have had issues here that cost substantial time.

• Jamil (11 Jun 26)

  fix(android): use appropriate log units (#13676) - Adjusts the log units appropriately depending on size so that we show `100 KB` instead of `0 MB` - Fixes the actual bug that #13674 intended to fix (that didn't work in release) - Removes the `SampleSessionView` from MainActivity so that it isn't the default view shown upon App launch from Android Studio

• Jamil (11 Jun 26)

  fix(android): don't lose input focus (#13674) - Fixes a minor issue that caused the settings inputs to lose focus immediately upon first tap causing an annoying issue where entering text didn't work until you re-tapped the input - Reduces size of the artifact using proguard / R8 and ensures crashlytics has proper line numbers to match up with traces --- Fixes #3901

• Jamil (11 Jun 26)

  fix(android): wire up rustls-platform-verifier (#13672) Fixes a regression introduced in #13150 where the rustls platform verified was not fully wired up for Android according to the [README's instructions](https://github.com/rustls/rustls-platform-verifier#android) resulting in PostHog and Sentry coms failing with: ``` 2026-06-11T03:55:32.137Z ERROR rustls_platform_verifier::verification::android: failed to verify TLS certificate: unexpected error: failed to call native verifier: Error ``` --- Related: #13150 --------- Co-authored-by: Claude Fable 5 <[email protected]>

• Jamil (11 Jun 26)

  fix(ci): run Android unit tests against debug variant (#13671) AGP 9 flipped android.onlyEnableUnitTestForTheTestedBuildType to true, so unit test components are only created for the debug build type and the release job failed with "Task 'testReleaseUnitTest' not found". There is no good reason to run unit tests on the release build instead of the debug build, so they've been moved. --- Related: https://github.com/firezone/firezone/actions/runs/27318728192 Co-authored-by: Claude Fable 5 <[email protected]>

• Jamil (11 Jun 26)

  chore(ci): notify firezone/website on publish (#13670) The website half of the release version bump (changelog entry and displayed version markers) moved to the firezone/website repo in #13635. This adds a `notify-website` job to `publish-release.yml` that sends a `repository_dispatch` event of type `publish` to firezone/website with the released component and version, using the same `tag_prefix` → `component` mapping as `open-version-bump-pr`. On the website side, a new `open-version-bump-pr` workflow (firezone/website `feat/publish` branch) receives the event, runs that repo's `scripts/bump-versions.sh <component> <version>`, and opens the changelog/version PR there as firezone-bot. Setup required before this works end-to-end: - [x] `RELEASE_PR_BOT_GITHUB_TOKEN` (firezone-bot's token) needs Contents: write and Pull requests: write on firezone/website — `repository_dispatch` requires Contents: write on the target repo. - [x] Add `RELEASE_PR_BOT_GITHUB_TOKEN` and `RELEASE_PR_BOT_GPG_KEY` secrets to firezone/website (same values as here). - [x] Merge the website-side workflow in firezone/website. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Signed-off-by: Jamil <[email protected]> Co-authored-by: Claude Fable 5 <[email protected]> Co-authored-by: Copilot Autofix powered by AI <[email protected]>

• Firezone Bot (11 Jun 26)

  chore: publish apple-client 1.5.17 (#13668)