João "Pisco" Fernandes

This commit **updates the documentation** for **Cloudflare One Tunnel** to reflect revised permission requirements for specific operations. It clarifies that the 'Load Balancer' permission is now an additional requirement for users to successfully perform `cloudflared login` and to route traffic to public hostnames. This **documentation update** ensures users are aware of the correct account-scoped roles needed, preventing potential configuration issues when setting up or managing `cloudflared` tunnels. The change is contained within the `src/content/partials/cloudflare-one/tunnel/account-scoped-roles.mdx` file.

This commit **updates several key Go dependencies**, specifically `go-oidc`, `sentry-go`, and `go-jose`, to newer versions as indicated in `go.mod`. This is a **security fix** primarily aimed at addressing known **CVEs** present in the older versions of these libraries. By upgrading these critical components, the commit enhances the overall **security posture** and **stability** of the application, mitigating potential vulnerabilities and ensuring continued reliability.

This commit performs general **maintenance** and **refactoring** across several components. It includes **documentation updates** in `CHANGES.md` and `README.md` to correct typos and update external links and instructions. Within the **`cfapi` client**, it **refactors** base URL trimming and standardizes error type definitions from `apiErr` to `apiError` in `cfapi/base_client.go`, specifically impacting functions like `NewRESTClient` and `checkErrors`. Additionally, it addresses minor **style fixes** by correcting typos in error messages within the **`packet` decoding logic** in `packet/decoder.go`, affecting `FindProtocol` and `decodeByVersion`. These changes enhance code consistency, readability, and documentation accuracy without altering core functionality.

This commit **improves the user experience** for the **`cloudflared` DNS proxy module** by enhancing its removal message. Specifically, the message displayed when the DNS proxy is no longer available, located in `cmd/cloudflared/proxydns/cmd.go`, now includes the deprecation version, a link to the changelog, and a recommendation for an alternative DNS-over-HTTPS client. This **maintenance update** provides users with crucial context and guidance, facilitating a smoother transition away from the deprecated functionality. Users attempting to utilize the removed DNS proxy will now receive more comprehensive information, helping them understand the change and find suitable alternatives.

This commit **updates the project documentation** by adding the **release notes for version 2026.2.0**. This essential **release preparation** step details significant changes within the new version, specifically highlighting **vulnerability fixes** and **feature removals**. The update to `RELEASE_NOTES` provides crucial information for users and developers, ensuring transparency regarding the contents and impact of the latest software release.

This commit **removes the entire DNS over HTTPS (DoH) proxy feature** from `cloudflared` due to identified security vulnerabilities (GO-2025-3942, GO-2026-4289). This **critical security-driven removal** impacts the `cloudflared` CLI by eliminating the `proxy-dns` command, related `tunnel` subcommand flags, and the underlying CoreDNS-based `tunneldns/` package. The **configuration model** and all associated **component tests** have also been updated to reflect this change. This is a **breaking change** for users, who must now migrate to alternative DoH solutions as the feature is no longer available.

This commit performs **maintenance** by updating the **release notes documentation** for version `2026.1.2`. It adds new entries detailing the changes included in this release, ensuring users have an accurate record of the latest software updates. Specifically, the `RELEASE_NOTES` file now documents the reverts for `TUN-9863` and `TUN-9886`, alongside the original entry for `TUN-9886`. This **documentation update** provides a comprehensive overview of the changes and fixes delivered in this release.

This commit **reverts** a prior change (TUN-9863) that updated the **Windows CI/CD pipeline configuration** to utilize a `cloudflared EV Certificate`. It specifically undoes the modification to the vault path for the key vault certificate within the `.ci/windows.gitlab-ci.yml` file. This **maintenance revert** ensures the Windows build process no longer attempts to use the specified EV certificate, effectively rolling back the certificate management strategy for this pipeline and impacting the **security and signing process** for Windows artifacts.

This commit **reverts** the implementation of macOS notarization for `cloudflared`, specifically **removing** the notarization and stapling steps from the `.ci/scripts/mac/build.sh` script. This **revert** impacts the **macOS build process** within the CI/CD pipeline, meaning `cloudflared` binaries will no longer be notarized by Apple. The change effectively disables a **security compliance** feature previously added for macOS distributions, potentially affecting how the binary is perceived or handled by macOS Gatekeeper.

This commit **updates the project documentation** by adding the **release notes for version 2026.1.1**. It details significant changes and improvements related to `boto3`, `wixl bundling`, and `rpm bundling` that are part of this new version. This **maintenance** task ensures users and developers are fully informed about the new capabilities, bug fixes, and other updates included in the latest **software release**.

This commit primarily **fixes issues related to RPM package bundling** within the CI/CD pipeline. It **updates the Dockerfile** (`.ci/image/Dockerfile`) to correctly install the `fpm` gem and initialize the RPM database, which is essential for successful **RPM package generation**. Additionally, several **CI/CD shell scripts** (`.ci/scripts/*.sh`) have been enhanced for **improved robustness** by adding `set -u`, ensuring that unset variables are treated as errors. A minor **maintenance** update also adds `/artifacts` to `.gitignore` to prevent committing build outputs. These changes collectively ensure more reliable and robust **automated package building and CI processes**.

This commit performs a **critical compatibility fix** by **updating the `boto3` dependency** within the **CI/CD release target script** (`.ci/scripts/release-target.sh`). It upgrades `boto3` from version `1.22.9` to `1.42.30`, which is necessary to ensure the **release process** can successfully execute on the `trixie` environment. This **infrastructure maintenance** prevents potential issues with AWS interactions during releases, thereby safeguarding the stability and functionality of the project's **deployment pipeline**.

This commit **fixes the installation of the `wixl` bundling tool** within the project's **CI/CD build environment**, which is crucial for generating Windows MSI packages. It **updates the `.ci/image/Dockerfile`** to streamline the setup process by installing `wixl` directly from `apt-get`, eliminating a previous manual download and dependency installation step. This **bug fix** ensures the robust and reliable creation of **Windows MSI packages**, preventing build failures related to the bundling tool's availability or configuration. The change directly impacts the **build pipeline for Windows artifacts**, improving overall release stability and consistency.

This commit **documents the release** of version 2026.1.0 by updating the `RELEASE_NOTES` file. It provides a comprehensive overview of the changes, including significant updates to the **Go version**, migration to **Debian distroless base images**, adjustments to the **Jira URL**, and modifications to **CI/CD pipelines**. This **maintenance** task ensures that all users and contributors are informed about the new capabilities and underlying infrastructure changes introduced in this major release.

This commit performs a significant **maintenance upgrade** by updating the **Go runtime version** from 1.24.9 to 1.24.11 across all build and CI environments. Concurrently, it upgrades the **base Debian distroless images** from `debian12` to `debian13` for the final Docker artifacts and from `bookworm` to `trixie` for the CI build image. These changes affect the entire **build pipeline** and the **runtime environment** of the application, ensuring improved security, performance, and compatibility with the latest toolchains. A new vulnerability ID `GO-2026-4289` is also added to `.vulnignore`, likely related to the Go update.

This commit **fixes documentation** for **Cloudflare Tunnel** account limits, specifically clarifying the definition of route limits. It updates the description for 'Routes per tunnel' to 'Routes (CIDR routes + Hostname routes) per account' within the `src/content/docs/cloudflare-one/account-limits.mdx` file. This **documentation update** ensures users have accurate and comprehensive information regarding the scope of route limits, improving clarity for those managing their Cloudflare Tunnel configurations.

This commit **updates the Windows CI/CD pipeline configuration** to use a new vault path for the `KEY_VAULT_CERTIFICATE`. Specifically, it modifies `.ci/windows.gitlab-ci.yml` to enable the pipeline to retrieve and utilize the **Cloudflared EV Certificate**. This is a **maintenance update** ensuring that **Windows builds** correctly handle certificate management for signing or authentication processes.

This commit **migrates the internal APT package build and publishing process for `cloudflared` to GitLab CI**, significantly enhancing the project's **CI/CD capabilities**. It introduces a new `.ci/apt-internal.gitlab-ci.yml` configuration to manage these builds, including adding `gcc-aarch64-linux-gnu` and `libc6-dev-arm64-cross` to the CI Docker image for **ARM cross-compilation support**. Extensive **refactoring** of the main `.gitlab-ci.yml` and common CI rules (`.ci/commons.gitlab-ci.yml`, `.ci/release.gitlab-ci.yml`) integrates this new `release-internal` stage. Concurrently, obsolete build configurations are removed from `cfsetup.yaml` as their functionality is now handled by the new GitLab CI pipeline. This change centralizes and modernizes the internal package distribution pipeline, improving build consistency and expanding platform support.

This commit **updates the project's release documentation** by adding entries for version **2025.11.1**. It details the changes and improvements included in this new release, notably highlighting a **bug fix** related to the `docker hub push step`. This **maintenance** update ensures users have accurate and up-to-date information regarding the latest software version.

This commit **fixes the Docker Hub push step** within the **CI/CD pipeline** by updating the `.ci/release.gitlab-ci.yml` configuration. It introduces anchors to ensure **consistent Docker Hub credentials** are applied for both branch and production builds, resolving previous inconsistencies in image publishing. Concurrently, the **component tests** in `test_tunnel.py` are enhanced for robustness. The `send_request` function now accepts an expected status code, and a new `retry_if_result_none` helper function implements a **retry mechanism** for `send_request` to mitigate transient test failures and improve test reliability.