This release contains a small number of bug fixes. More details in the
change log.

The release is fully compatible with 1.1.0 versions, so existing
clusters can be upgraded incrementally. When upgrading from 1.0.x,
note the compatibility information in the
Installation & Upgrading instructions for Weave 1.1.0.

bug fixes

• large multicast packets get dropped - we now lock the MTU on the multicast route to prevent Linux setting the DF flag #1507
• weave proxy unexpectedly closes the connection after /start request - this was a regression introduced in 1.1.1 #1514
• weaveproxy would give a strange response if you tried to inspect an unknown container #1523
• log message "dropping too big DF broadcast frame" has source and destination IP swapped #1507

testing

• smoke-test setup script needed updating for Go 1.5 (note this release is built with Go 1.4.2) #1543
• one smoke-test hardcoded the docker bridge IP, which changes in Docker 1.9 #1540

This release contains a number of bug fixes and minor enhancements. More details below and in the change log.

Follow the installation instructions to install this latest release of Weave. The release is fully compatible with 1.1.0 versions, so existing clusters can be upgraded
incrementally. When upgrading from 1.0.x, note the compatibility information in the Installation & Upgrading instructions for Weave 1.1.0.

bug fixes

• on kernel versions < 3.18, starting the proxy would prevent the
  weave network interfaces of existing containers from being
  fully removed when they terminated. This could cause traffic for
  subsequently started containers with the same IP to be
  mis-routed to these stale interfaces. #1455/#1476
• on kernel versions >= 4.2, weave reset could leave containers with dangling weave
  network interfaces. #1364/#1504
• cancellation of simultaneous IP allocation requests could crash
  weave. #1424/#1429
• cancelling a docker run against the proxy could result in a
  spurious "invalid CIDR address: Allocate" error
  message. #1418/#1425/#1426
• when dynamically attaching a container to additional subnets,
  visibility of the container in those subnets could be
  delayed. #1405/#1409/#1411
• the weave version had a stray v prefix in a few
  places. #1397/#1431
• weave launch-proxy would mis-report an already running
  proxy. #1413
• the error message about disabled IP address allocation had a
  typo. #1427
• the weave stop advice regarding weave env --restore had a
  typo. #1408
• a recent docker-machine change broke the weave build. #1466/1467
• one of the DNS tests had a data race. #1480/#1487

minor enhancements

• sanity check the size of gossip messages in order to help track down
  memory allocation errors seen in the wild. #1484/#1485
• link to release notes from "Weave latest" release. #1399
• update build & test VMs to Docker 1.8. #1428/#1435, #1433/#1454
• disable a spuriously failing test until we fix it. #1486
• simplify IP address allocation code in weave script. #1460

Highlights

• weave launch now launches all weave components, simplifying
  startup.
• weave status has been completely revamped, with a much improved
  presentation of the information, and the option to select and output
  data in JSON.
• weaveDNS has been rewritten and embedded in the router. The new
  implementation simplifies configuration, improves performance, and
  provides fault resilience for services.
• the weave Docker API proxy now provides an even more seamless user
  experience, and enables easier integration of weave with other
  systems such as kubernetes.
• many usability improvements
• a few minor bug fixes, including a couple of security
  vulnerabilities

More details below and in the change log.

Installation & Upgrading

Follow the installation instructions to install this latest release of weave.

If upgrading from weave 1.0.x, note that a cluster can be upgraded incrementally, with some caveats:

• Any installation using weaveDNS will experience a rolling partition
  of name resolution functionality, i.e. containers only see names
  belonging to containers on weave peers with the same version.

• weave launch now launches all weave components, including
  weaveDNS and the proxy.
  For weaveDNS, if the existing installation was

  • launching weaveDNS without any options, then no action is
    required, since the weave launch-dns and weave stop-dns
    commands still exist but are no-ops,
  • launching weaveDNS with options, then these need to be moved to
    the weave launch invocation,
  • not launching weaveDNS, then you may want to disable it with the
    --no-dns option to weave launch, though generally this should
    not be necessary.

  For the proxy, if the existing installation was

  • launching the proxy without any options, then remove the weave launch-proxy invocation and instead just invoke weave launch
  • launching the proxy with options, then you need to launch the router and proxy separately, supplying the proxy options to the latter, i.e. weave launch-router && weave launch-proxy <options>,
  • not launching the proxy, then you may want to only launch the router (and embedded weaveDNS) with weave launch-router, though typically running weave launch instead is fine, since launching the proxy is harmless.

• The default IP address allocation range has changed from
  10.128.0.0/10 to 10.32.0.0/12. If you are using weave's IP
  address allocator, and are not explicitly specifying a range (with
  -iprange), then you need to force weave
  to use the old range by specifying --ipalloc-range=10.128.0.0/10.

• weave proxy-env|proxy-config are deprecated in favour of weave env|config. The former still work but will display a deprecation
  warning when invoked, so you should update any scripts to use the
  new commands.

• The proxy now listens on a unix domain socket instead of TCP/IP if that is how the launching environment connects to the Docker daemon. This is reflected in weave env|config, so any local code/scripts using those to configure their connection to the proxy should be unaffected. However, if you have code/scripts that have the proxy's TCP/IP endpoint hard-coded, then you may need to force the proxy to listen on the TCP/IP, as it did previously, by launching it with weave launch-proxy -H tcp://0.0.0.0:12375. Note that this potentially opens a security vulnerability, which is why it is no longer the default behaviour. Consider a) switching to unix domain sockets, if you are connecting to the proxy locally, b) restricting the network interfaces/IP addresses by supplying something other than 0.0.0.0, or c) switching to TLS.

• weaveDNS has far fewer options than previously. The removed options do not make sense in the new implementation and are unlikely to have been used in many installations, but if they were, simply removing them should be safe in most setups.

• A number of options have been renamed. The old names still work but
  you should update any scripts to use the new ones.

Changes

Command Line Interface

• make weave launch launch the router, weaveDNS and the proxy. As a
  result weave startup is simpler than
  ever. In
  situations where special configuration of the proxy is required, the
  router and proxy can be launched separately with weave launch-router and weave launch-proxy. #382/#962/#1009/#1011/#1012, #1043/#1072
• completely revamp weave status.
  The main command now shows a much more concise and readable summary,
  which, for example, makes it easier to spot connectivity
  issues. Sub-commands provide additional information, which is better
  presented and more informative than was previously the case. And
  weave report produces a status report in JSON format, with the
  ability to select specific pieces of information with a
  template. #1025/#1141/#1027/#908/#1248, #1315, #1328/#1335, #1185/#1283
• improve consistency in command line option naming. Long options
  start with two hyphens, the --<option>= notation is supported, and
  multi-word options are hyphenated. Also, all DNS options now start
  with --dns-. All old option names have been retained for backward
  compatibility; their usage results in a deprecation warning in the
  logs. #602/#1084, #1087/#1096
• log a more helpful error when an invalid flag is specified in weave launch. #1321/#1324
• output weave usage message on stderr instead stdout, thus preventing
  odd behaviour for the likes of eval $(weave env) when the command
  is mistyped. #1082/#1092
• add --init-peer-count to usage output, from which it was
  missing. #1041/#1045.
• make weave --help|help work even when we cannot communicate with
  Docker. #1322/#1325
• reduce start-up time of weave launch. #992/#993
• introduce --log-level option for better control over log
  levels. #329/#1057
• improve Docker version compatibility checking, preventing misleading
  error messages. #576/#1297/#1298/#1326
• improve download times by re-arranging the layers of the weavexec
  image. #1170

Docker API proxy

• enable listening on a unix domain socket, and do so automatically if
  the launching environment connects to the Docker daemon that way. This
  simplifies configuration and also prevents weakening of Docker access security. #1003/#1026, #1055/#1099
• rename --no-default-ipam option to --no-default-ipalloc. The
  former still works but will log a deprecation warning. #1040/#1048
• remove -D option since it wasn't doing anything useful. #972/#978
• replace weave proxy-env|proxy-config with weave env|config. The former still work but will display a deprecation
  warning when invoked. #1014/#1080/#1081
• introduce weave env --restore,
  which restores the environment modified with weave env. This would
  typically be invoked just prior to weave stop|reset. #1288/#1327
• introduce rewriting of /etc/hosts so that hostname -i returns the weave IP
  instead of Docker IP. hostname -i, and its equivalent system call,
  is invoked by some clustered applications like cassandra and consul;
  this change gets them to operate over the weave
  network by default. The feature can be disabled with the
  --no-rewrite-hosts proxy
  option. #68/#1079, #1252/#1265, #1373/#1375
• add --rewrite-inspect
  flag to
  make docker inspect return the weave network settings (such as the
  container's weave IP address) instead of the Docker settings. This
  is useful for integration of weave with systems such as kubernetes
  that depend on the docker inspect output. #117/#212/#1199/#1222/#1376, #1390/#1391
• attach containers to the weave network by default unless they were started with
  --net=host or --net=container:.... In particular, containers
  started with --net=none now get attached. #1302/#1303
• permit (the equivalent of) --net=container:(another container with weave networking) to be specified at container start
  time. Previously this would hang. Note that specifying a network
  mode that way is a backward compatibility feature of the Docker
  Remote API; normally the mode is set during container creation. So
  this did not affect the Docker CLI and most other systems, but did
  cause problems when integrating weave with Kubernetes. #1258/#1314
• handle chunked responses correctly. Failure to do so was causing
  errors when some Docker API clients, though not the Docker CLI, were
  pointed at the proxy. #1103/#1110/#1112, #1257/#1259
• do not disable restart policies, or stomp on the --volume-driver
  option, of containers started via the proxy. #1209/#1314, #1378
• eliminate a very rare race condition that could cause container
  start to hang. #1300/#1314
• improve logging of errors and warnings. #1056/#1067, #1310

Router

• prevent repeated connection attempts from peers to themselves, which
  could result in a lot of log noise and some performance
  degradation. #1305/#1318
• weave attach|detach
  and weave expose|hide
  now output the IP addresses involved. #954/#968
• eliminate a DoS vector which could allow an attacker to trigger an
  out-of-memory crash by injecting certain mal-formed weave protocol
  packets. This is now no longer possible on encrypted weave networks
  without knowledge of the password. #912/#1098
• prevent exposure of potentially sensitive information to an attacker
  during the connection establishment on an encrypted weave
  network. Note that no sensitive information is exposed by existing
  versions of the weave protocol, so this is merely guarding against
  potential future vulnerability. #1029/#1098
• seed the random number generator properly. Lack of that could in
  some rare circumstances cause IP address allocation to take a long
  time. #1004/#1068
• replace gob with length-prefix encoding in the outermost protocol
  framing. This improves performance of the codec slightly. #1189

Naming and Discovery (weaveDNS)

• replace mDNS with gossip and embed weaveDNS in the router. This
  simplifies configuration since weaveDNS now has far fewer options and no longer needs to be
  launched separately and require an IP address/subnet. It also makes
  name resolution much more efficient and accurate (the
  addition/removal of entries is now visible near
  instantaneously). #826/#833/#840/#841/#842/#843/#741/#944/#1065, #1151/#1155, #1168/#1173, #1156/#1176, #1180, #1193, #1177/#1195, #1181/#1183, #1158/#1190/#1197, #1215/#1225, #1218, #1203/#1224, #1275/#1277, #1281/#1282, #1306/#1307, #1332/#1334/#1344/#1345/#1348, #1347/#1354, #1362/#1363, #1357/#1358
• name resolution now returns all matching
  records,
  in random order, instead of just a single randomly selected
  record. This provides basic fault resilience, allowing applications
  to iterate over the returned answers until they find an operational
  server. #338, #583, #733, #1245/#1256
• weave status dns now lists all DNS records, system-wide, not
  just the ones for local containers. #645
• resolve unqualified names in the weaveDNS domain, so on systems with
  broken DNS resolvers, such as those based on musl/busybox/alpine,
  ping foo now works (previously only ping foo.weave.local
  did). #987/#1050/#1133/#1065
• introduce fine-grained control over the automatic derivation of
  container hostnames from container
  names. This
  is especially useful in scenarios where the container name in turn
  is the result of some derivation, as for example happens in Amazon
  ECS and Kubernetes. #1018/#1126, #1381/#1384
• introduce weave dns-lookup
  for resolving names in weaveDNS from the host. This is useful for
  scripting application deployments and, in conjunction with weave expose, for accessing containers from the host. #1028/#1135
• permit invocation of weave dns-add|dns-remove
  without any IP address(es), which is useful for adding/removing
  extra names for a container. #1369/#1377/#1379
• permit weaveDNS to appear in the host's /etc/resolv.conf;
  previously this could result in query cycles and
  crashes. #1343/#1355
• warn when firewall rules - in particular those inserted by
  firewalld - will interfere with name resolution. #1266/#1349
• prevent potential message ID clashes when performing concurrent
  recursive queries, which could result in the answers to clients
  getting mixed up. #1113/#1142

IP Address Allocator

• The default IP address allocation range has been changed from
  10.128.0.0/10 to 10.32.0.0/12 to avoid clashes with subnets used
  by some cloud platforms like Digital Ocean and GCE. #1036/#1070
• The -iprange and -ipsubnet options have been renamed to
  --ipalloc-range and --ipalloc-default-subnet, to make their
  purpose clearer. The old names have been retained for backward
  compatibility; their usage results in a deprecation warning in the
  logs. #1035
• prevent weave launch from failing when weave expose had
  previously been run with automatic IP address
  allocation. #1076/#1249/#1090, #1320
• prevent delays of up to 30 seconds when first allocating an IP
  address in a partially connected weave network with intermediate
  peers that have IP allocation disabled. #1118/#1149
• cope with more situations of restarting weave when there are running
  containers with automatically allocated IP addresses. In particular
  stopping all peers and then restarting them in a different order now
  works. #1150/#1159, #1243/#1268
• permit manual allocation in the IP allocation
  range. This
  results in a warning if the chosen address has already been
  allocated. #687/#598/#1200, #1030/#1228/#1380, #1380
• improve a number of warning and error
  messages. #437/#480/#1053, #1034, #1128/#1174, #1317

Build & Test

• replace homegrown go testing library with
  testify. #358/#955
• produce coverage reports from integration tests, combine them with
  unit test coverage, and do all this automatically, in
  CircleCI. #673/#1105, #1115, #1220/#1221, #1154/#1230, #1146/#1198
• significantly reduce test execution time and resource
  usage. #1120, #1169/#1236, #1239/#1242/#1263, #1234/#1235, #1125/#1138/#1144, #1214, #1123, #1227, #1370
• add a number of integration tests, expanding test
  coverage. #1117, #1121, #1247, #1166
• add race detector to unit tests. #998
• pre-fetch Docker images required for testing, for earlier and more
  obvious reporting of fetch failures, and more consistent test
  execution times. #989
• fetch go test dependencies, preventing spurious test compilation
  failures. #1015
• fix some breakages in integration tests when run on OSX. #1069
• fetch go packages from github instead of google code, since the
  latter is going away. #1059/#1060
• increase flexibility of release script, supporting non-mainline
  releases. #880/#909/#1372, #1383/#1387
• miscellaneous improvements: #994, #999, #1240, #1250, #1246, #1075, #1331

Improvements "under the hood"

• replace homegrown go logging library with
  logrus, and direct all log
  messages to stderr. #664/#1039/#1044
• make container aliveness check part of the IPAM/DNS APIs rather than
  applying a heuristic. #971/#1073
• output json status based on 'Accept' header instead of requiring
  separate endpoint. #1063/#1077
• label weave infrastructure containers with
  works.weave.role=system. #1290
• apply some refactoring for simplification, extraction of common code
  and better readability. #997, #1016, #1095,#1289, #1101, #1219, #1254

This release contains minor fixes for improved stability and robustness in addition to a bug fix to weaveDNS.

More details below and in the change log.

Follow the installation instructions to install this latest release of Weave. The release is fully compatible with other 1.0.x versions, so existing clusters can be upgraded
incrementally.

• weaveDNS now exposes a TCP listener as well as UDP to support large answers. #1333/#1319
• Compatibility with upstream changes to docker-py. #1366/#1367
• Improved router/IPAM stability. #1329/#1330
• Improved weave reset handling of error conditions. #1356/#1365
• Don't allocated oversized buffers. #1340
• Improved IPAM fuzz test robustness. #1336/#1342

This release fixes a number of bugs, including some security vulnerabilities in the Weave Docker API proxy, hangs and failures in address allocation, and sporadic failures in name resolution.

More details below and in the change log.

Follow the installation instructions to install this latest release of Weave. The release is fully compatible with other 1.0.x versions, so existing clusters can be upgraded incrementally.

Docker API proxy

• Application containers had access to portions of the host's
  filesystem, and had part of their own filesystem shadowed. The
  former allowed apps to access to and modify potentially privileged
  information and compromise the host. The latter could could cause
  application breakages. #1232/#1237/#1238, #1287/#1291
• Application containers could inject arbitrary code into containers
  subsequently started via the proxy, causing such code to be executed
  with the (potentially elevated) privileges of that
  container. #1201/#1206
• docker exec would fail for containers not attached to the weave
  network. #1143/#1271/#1152/#1153
• Starting a container in the host network namespace (--net=host)
  would still attempt to attach that container to the weave network,
  and pollute the host network namespace. #1157/#1165/#1167
• Containers started with weave run via the proxy could get an
  additional IP address. #1279/#1284
• When connecting to the proxy with TLS, and using streaming, as
  happens when running a container in the foreground or attaching to
  it, the stream would not terminate. #1182/#1187
• The absence of a command when running a container would not produce
  the expected "No command specified" error. #1241/#1253
• A chain of /w/w entrypoints, instead of a single one, could be
  created when containers were started based on images created by
  docker committing containers on the weave network. This does not
  materially affect behaviour but obscures the real application
  entrypoint in the likes of docker ps. #979/#980
• The proxy did not detect the presence of a custom docker bridge,
  specified with DOCKER_BRIDGE. #1109/#1136/#1137
• The proxy was mounting any specified TLS certificate files in
  read/write mode, which is unnecessary. #1293

Address allocation

• weave launch could hang when restarting a weave peer in a
  multi-node network when there were automatically allocated weave IP
  addresses associated with surviving local application container,
  weavedns, or weave expose. #700/#1083/#1104
• Container startup would fail if IP address allocation took more than
  20s. This timeout has now been removed. #1023/#1064
• IP address allocation could take a long time when the local peer had
  run out of space, and some other peers had recently left the weave
  network. This in turn could cause container startup to be delayed
  excessively, and fail with timeouts. #896/#1005/#1010
• When an IP address range specified with -iprange overlaps with a
  host route, no warning was issued. #1276/#1278

Naming and discovery

• Concurrent resolution of a name could fail temporarily. #1270/#1273
• Due to a bug in Docker 1.7.0 (only; not earlier or later versions),
  name resolution would sometimes fail, especially when there was a
  high churn of containers. #1171/#1192/#1229/#1231
• Resolution of names outside the weavedns domain could fail if the
  upstream DNS server returned a compressed response. #1306/#1313
• Container startup could fail with an obscure error for container
  with a long name, since, unless specified otherwise, weave derives
  hostnames from container names, and the former have a spec-based
  limit of 63 characters. Weave now suppresses the hostname derivation
  when this condition arises and reports a warning. #1006/#1062/#1038
• When weave run was invoked with --dns-search=<arg>, instead of
  --dns-search <arg>, the weavedns domain (typically weave.local)
  could be searched during name resolution even though it
  shouldn't. #1086/#1088/#1089

Other

• weave attach on a container that was started in the host network
  namespace (--net=host) would succeed - even though it shouldn't -
  and pollute the host network namespace. #1162/#1164
• Weave could deplete the OS random number generator's entropy pool
  when connections to a weave peer configured to use encryption were
  made at a high rate. This does not affect weave security but can
  cause other applications to block. We have mitigated this by
  introducing a more sophisticated connection rate limiting
  algorithm - instead of permitting a sustained connection rate of
  1kHz we now only permit 10Hz but allow short bursts of up to 100
  connections. For details, see the
  weave crypto docs. #1037/#1111/#1124
• An application container with multiple weave IP addresses could be
  inaccessible on all but the first for a while. #1261
• When weave detected that the UDP IP/port of a peer had changed, the
  resulting log message did not contain the original IP/port. #1106
• The gopacket package moved from Google Code to GitHub, which broke
  the build. #1071
• The details of failures in the docker-py integration test suite
  weren't being shown. #981
• Several race conditions in the unit and integration tests, and their
  infrastructure, could cause them to fail spuriously. #982/#1017/#1024, #1042/#1052/#1054, #1294/#1296

This is a bug fix release, addressing the following issue:

• executing docker run from a Docker 1.7 client against the weave
  proxy would report a no such image error when the requested image
  wasn't present on the Docker host, instead of downloading it. #967/#969

Highlights:

• It is now easier than ever to start containers and for them to communicate, across multiple hosts. Automatic IP address allocation, and name resolution via weaveDNS are now enabled by default, and the proxy has become more fully-featured. In short, once weave has been launched the following is possible:

    host1$ docker run --name=pingme -dti ubuntu
    host2$ docker run -ti ubuntu
    root@d11e9287f65b:/# ping pingme
  

• Containers can now be
  load-balanced
  easily.

• IP address allocation is now available across multiple
  subnets,
  and hence can be employed when running multiple, isolated
  applications.

• The proxy now supports TLS
  connections,
  enabling its deployment when the communication between docker
  clients and the server must be secured.

There are many other new features, plus the usual assortment of bug fixes and improvements under the hood. More detail below and in the change log.

NB: This release changes the weave protocol version. Therefore, when upgrading an existing installation, all hosts need to be upgraded in order to for them to be able to communicate and form a network.

new IP address allocation features

• enabled automatic IP address allocation by
  default,
  allocating in the range 10.128.0.0/10. #743/#870/#893/#905
• add ability to automatically allocate/free IP addresses in specific
  subnets
  by supplying net:<cidr> as the address. #675/#827
• let weave launch-dns get an automatically allocated IP address if
  none (or a subnet) is specified. #762/#900
• weave detach with no addresses now detaches the container from the
  default IP allocation subnet. #862/#827

new weaveDNS features

• add DNS-based load
  balancing
  for
  services. #226/#615/#739/#761, #737, #736/#775, #923/#924/#926/#929, #930/#933
• enable weaveDNS-based name resolution by
  default,
  without requiring any extra parameters
  • application containers are configured to use weaveDNS as their
    name resolver by default. #383/#898
  • resolvers are configured to search the weaveDNS domain
    (i.e. typically weave.local) by default, so names in that domain
    can be resolved without fully qualifying them. #749/#931
  • the container hostname is derived from the container name, for
    easy, automatic registration in weaveDNS. #750/#890, #922/#925
• make it possible to remove individual DNS
  records
  by providing an FQDN to weave dns-remove. #631/#706
• make weaveDNS
  TTL
  configurable. #711/#795, #941/#943

new proxy features

• support connecting to proxy with
  TLS. #506/#813/#814/#815
• enable automatic IP address allocation by default, unless --no-default-ipam is specified. #940/#947, #950/#952
• add weave proxy-env and weave proxy-config
  for easily obtaining the settings required to use the
  proxy. #753/#848, #939/#949
• add weave stop-proxy command. #754/#790
• add ability to specify the proxy listening
  address. #805/#810/#875
• add proxy to weave status
  output. #756/#800,#854,#876/#877/#878
• shorten proxy entrypoint, so that it doesn't obscure the application
  command in the likes of docker ps. #768/#769

new administrative features

• finer-grained control over peer
  topology
  • introduce weave connect --replace to replace command line peer
    addresses. #658/#794
  • permit invocation of weave connect/forget with multiple
    peers. #759/#697
  • add -nodisco option to weave launch to disable peer discovery
    and thus give complete control over peer topology. #847/#853
  • add command line peers to status output. #659/#764, #660/#764
• document recommendations on using a strong
  password. #641/#844
• more detailed documentation on -initpeercount. #758/#946
• improvements to weave and container startup
  • don't time out in weave launch/launch-dns/launch-proxy, since that
    can lead to spurios failures on busy machines. #666/#828
  • don't leave weave containers running when their network
    configuration failed on startup. #192/#831
  • reduce container startup time. #710/#785, #654/#706
  • more helpful error message when weave, weavedns or the proxy fail on startup. #958
• make weave status fail when weave isn't running, which is useful
  for scripted monitoring. #784/#789
• facilitate installation of weave from private docker registries, by
  supplying a custom DOCKERHUB_USER. #887

bug fixes

• various edge cases could cause leaked IP addresses or stale DNS records:
  • restarting weave when there are containers with automatically
    allocated IP addresses that subsequently die. #818/#823
  • death of container just as we are registering it in
    DNS. #821/#865/#904
  • death of container just after we requested automatic IP allocation
    for it. #819/#907
  • death of container that was started with weave start using a
    container name or short id. #881/#884
  • weave detaching an automatically allocated IP address. #861/#827
• some errors were being misreported:
  • network configuration errors during weave ... command execution
    were swallowed and misreported as container deaths. #829/#830
  • when starting application containers, a failure to obtain an
    automatically allocated IP address would be misreported, and leave
    the container running. #921/#889/#932
  • when a container started via the proxy terminates quickly that
    could be misreported as an unexpected container
    death. #812/#820/#824
  • weave run was terminating silently when weave got stopped during
    IP allocation. #916/#918
  • weave --local run, without further arguments, would show the
    weave usage instead of letting docker complain about the lack of
    arguments. #910
  • running weave --local ... on a system w/o nsenter would
    produce a hard to decipher error. #895
• miscellaneous fixes:
  • weave crypto could use the same nonce twice, which provided
    potential attack vectors. #927/#928
  • prevent access to the weaveDNS HTTP API from containers, which had
    made running weaveDNS in the same subnet as application containers
    more insecure than it should be. #899/#906
  • specifying any weave launch argument before -password, -port, or
    -iprange would result in the latter being ignored or not processed
    correctly. #816/#852
  • failed connection attempts between peers could be re-tried too
    quickly. #412/#832
  • fix a race condition in peer topology encoder, resulting from a
    missing lock. #883

build & tests bug fixes and improvements

• transient Alpine Linux repository issues during build could result
  in silently broken weaveexec image. #663
• fixed a number of race conditions that caused spurious failures in
  the unit tests for IPAM (#779/#793, #802/#822, #915/#919), DNS
  (#798/#836/#892/#917, #934/#937, #935), and topology gossip
  (#885/#886/#902)
• prevent port clashes. #720/#792
• fix occasional timeout for non-weave name resolution in
  tests. #347/#761
• shrink top level dir by moving exe/image sub-dirs. #420/#817
• run linter on travis. #765
• various fixes and improvements to CircleCI
  integration. #791/#796/#797
• introduce a mechanism to run individual smoke tests. #728

improvements "under the hood"

• switch to a new protocol header and version negotiation, which is
  flexible enough to permit radical changes with the possibility of
  retaining compatibility. #871/#920
• make it easier to change some aspects of the weave protocol w/o
  breaking compatibility. #911/#914
• limit acceptance rate on peer connections in order to guard against
  online dictionary attacks on the weave password. #837/#839.
• simplify UDP fragmentation check. #746/#888
• simplify proxy interceptor code. #879
• don't hash gossip channel names. #745/#748
• improve IPAM HTTP API to allow lookup of addresses allocated to a
  particular container. #825
• remove pointless DOCKER_HOST parsing for proxy. #807/#808
• restore the "--fallback" argument in WeaveDNS. #773
• introduce helper function to make status output more
  consistent. #863

Weaving Containers into Applications

This is a bug fix release, addressing the following issues:

• weave run did not respect DOCKER_CLIENT_ARGS. #855/#856/#857/#858
• WeaveDNS negative result cache did not expire if requeried within TTL. #845/#849

More details in the change log.

NB: This release does not change the weave protocol version.
Therefore, when upgrading an existing 0.11 installation incrementally,
connectivity between peers will be retained.

This is a bug fix release, addressing the following issues:

• The IP Allocator could crash in some relatively rare
  circumstances. #782/#783.
• When the proxy failed to attach a container to the weave network,
  there was no failure indication and descriptive error anywhere, and
  the application process would still start. Now an error is reported
  to the client (i.e. typically the Docker CLI), recorded in the proxy
  logs, and the container is terminated. #788/#799.
• weave launch-proxy --with-ipam failed to configure the entrypoint
  and DNS unless a (possibly blank) WEAVE_CIDR was
  specified. Affected containers could start the application process
  w/o the weave network interface being available, and without
  functioning name resolution for the weaveDNS domain. #744/#747/#751/#752
• The weave status output for the IP Allocator was misleadingly
  conveying a sense of brokenness when no IP allocation requests had
  been made yet. #787/#801
• When invoking weave launch-proxy twice, the second invocation
  would output a blank line and terminate with a success exit
  status. Now it reports that the proxy is already running and exits
  with a non-zero status. #767/#780
• weave launch-proxy was not respecting WEAVEPROXY_DOCKER_ARGS, so
  any user-supplied custom configuration for the weaveproxy container
  was ignored. #755/#780
• The proxy was not intercepting API calls to the unversioned (1.0)
  Docker Remote API. Hence none of the weave functionality was available
  when Docker clients were using that version of the
  API. #770/#774/#777,#809
• The proxy would crash when certain elements of the
  /containers/create JSON were missing. We are not aware of any
  Docker clients doing this, but it's been fixed regardless. #778/#777

More details in the change log.

NB: This release does not change the weave protocol version. Therefore, when upgrading an existing 0.11 installation incrementally, connectivity between peers will be retained.

Highlights:

• automatic IP Address Management
  (IPAM),
  which allows application containers to be started and attached to
  the weave network without needing to supply an IP address.
• proxy for
  automatically attaching containers started with ordinary docker run, or the Docker remote API, to the weave network.
• ability to add/remove extra DNS
  records.
• performance and scalability improvements
• fixes for a small number of bugs discovered during testing

More detail below and in the change log.

NB: This release changes the weave protocol version. Therefore, when upgrading an existing installation, all hosts need to be upgraded in order to for them to be able to communicate and form a network.

bug fixes

• eliminate a deadlock in route calculation, which could be
  encountered when large numbers of peers join or leave the weave
  network near-simultaneously. #643/#644
• prevent certain stray UDP packets from stalling the entire UDP
  receiver loop when crypto is in use. #564/#617
• prevent weave expose from breaking container connectivity in other
  subnets. #605/#628
• prevent weave expose from breaking subnet isolation. #620/#704
• fix breakage when running weave inside a container that has
  $PROCFS set. #621/#622
• fix bug in weave launch-dns that could result in some existing
  containers not being recorded in weaveDNS if one of them got stopped
  and removed during the weaveDNS launch. #690
• fix a dormant bug in the peer connection shutdown logic. #731

new features

• introduce automatic IP Address Management
  (IPAM),
  which allows application containers to be started and attached to
  the weave network without needing to supply an IP address. IPAM can
  also automatically allocate IP addresses for weave expose. #22/#563,#485,#567,#670,#679/#685,#672/#686,#671/#689,#669/#691,#681,#677/#693,#695.#692/#696,#684/#701,#705/#719,#723/#724
• introduce a
  proxy for
  automatically attaching containers started with ordinary docker run, or the Docker remote API, to the weave network. The proxy
  ensures that the weave network interface is available to application
  processes immediately on startup. It also allows application
  containers to be started in the foreground, and automatically
  removed on termination (with
  --rm). #47,#230,#251,#400,#652,#655,#698,#702,#703,#708/#713,#709/#714,#707/#718,#657/#721,#738
• add ability to add/remove extra DNS
  records. #364/#627
• publish docs for all releases; the main
  documentation now contain the docs for the
  latest release instead of the current development snapshot. #604,#612,#642,#648,#650,#729,#668/#722
• allow user to supply args to Docker in DOCKER_CLIENT_ARGS env var,
  for weave remote execution, eg. in order to enable TLS. #626
• enable weave script debugging with WEAVE_DEBUG env var. #618

other improvements

• significantly simplify
  crypto
  implementation. #608
• simplify and significantly improve performance of topology gossip,
  as a result of which weave can cope much better with situations
  where are large number of peers join or leave near- simultaneously,
  e.g. on startup of large clusters, or in the event of a network
  partition. #519/#619
• better error handling in a weave launch failure edge case. #600/#603
• prevent misleading error when attempting to weave detach from an
  unattached container. #596/#613
• make weave version cope with missing Docker images. #597/#614
• report errors encountered when populating DNS in weave launch-dns. #393
• report more descriptive error when weave was compiled against too
  old a version of libpcap. #623/#625
• return NXDOMAIN instead of NOTIMP for query types not handled by
  WeaveDNS, which is the expected response. #588/#589
• bump minimum Docker version requirement for use of --with-dns from
  1.2.0 to 1.3.1, due to the former not setting container hostnames
  correctly. #587
• bump minimum Linux kernel version requirement for running Weave from
  3.5.0 to 3.8.0, due to some bugs in namespace support in the
  former that break Weave. #585/#616
• remove a layer from the weaveexec image, thus reducing download
  times. #665
• various documentation cleanups and improvements. #601,#640,#651,#653,#667,#648,#740

improvements to tests, and refactoring

• add more smoke tests, improve existing tests, and make them more
  robust. #590,#591/#594,#595,#592/#606,#683,#712
• automatically run smoke tests on
  CircleCI. #624,#634,#637,#638
• make top-level vagrant provision idempotent. #586
• use nsenter instead of ip netns exec. #458/#580
• internal changes for future support of multiple DNS responses. #559
• some code cleanup in DNS. #609,#610
• refactor signal handling in Weave and WeaveDNS. #633

Highlights:

• bug fixes, in particular eradicating several deadlocks that could
  cause peer connection failures and hangs.
• performance and scalability improvements to the weave control plane,
  as a result of which it is now possible to construct much larger
  weave networks than previously.
• improved installation and administration, particularly the
  introduction of remote execution of the weave script in a container,
  permitting fully containerised deployment of weave.
• improved diagnostics, such as the reporting of connection failures
  in weave status.
• new weaveDNS features, most notably the caching of
  DNS records for application containers, which makes finding container IP addresses via
  weaveDNS much faster.

More detail below and in the change log.

NB: This release changes the Weave Docker image names. To upgrade from an older version, 1) stop all application containers, 2) run weave reset from the old version to remove all traces of weave, and only then 3) install the new version.

bug fixes

• eliminate several deadlocks during connection establishment,
  shutdown and topology gossip. These could lead to weave routers
  failing to connect to each other, existing connections timing out,
  weave status hanging, and general
  mayhem. #341,#411/#414,#418/#421,#415/#428,#445/#476,#464,#529/#530,#515/#565
• avoid excessive ARP caching. This prevented connectivity to
  containers which were restarted with the same IP or otherwise given
  an IP that was recently in use. Connectivity to weave exposeed
  addresses was similarly affected. #439/#441/#457
• prevent accidental injection of ICMP "fragmentation needed" packets
  with a broadcast/multicast source address. This contravened
  RFC1122 and also broke
  subsequent routing of broadcast/multicast packets from that
  address. #419/#433
• cope with linux kernels <3.8.0. #470/#504.
• exclude non-established connections from broadcast routing. This
  could lead to excessive loss of broadcast packets during connection
  establishment, as well as a lot of noise in the logs. #452/#453
• don't rely on docker for container aliveness check. This could cause
  a misreporting of a container death during weave launch, weave run and others as network configuration error. #522

performance and scalability improvements

• massively reduce the cost and complexity of topology gossip. This
  allows construction of substantially larger weave networks than
  hitherto possible, and copes much better with the sudden connection
  or disconnection of large numbers of peers. The default per-peer
  connection limit has been increased from 10
  to 30. #514/#516,#517/#521,#445/#476,#454/#461,#425
• tighten the conditions under which we attempt to connect to the
  remote addresses of inbound connections we learn about from other
  peers. Being rather lax here was resulting in excessive failed
  attempts, with the associated log noise, load, and spuriously
  exceeding the configured connection limit. #448/#451/#477,#478/#555
• [dns] cache container DNS records. This significantly reduces lookup time
  for IPs in the weaveDNS domain used by application
  containers. #225/#429,#473,#494/#501,#532

new administrative features

• containerised execution of the weave script, which enables remote
  execution (e.g. by setting DOCKER_HOST), and makes it possible to run weave purely through docker and without any shell access to the host. #312/#388,#379,#540/#542/#545,#507/#523/#546,#574/#575
• add weave forget <peer>
  command, for removal of decommissioned weave
  peers. #486/#488,#549/#550
• allow multiple CIDRs to be specified in weave commands. #467/#498,#568/#570
• accept a list of container names/ids in weave ps. #526
• make weave launch synchronous, which is useful for automation. #500/#509/#538
• make weave connect act immediately, instead of waiting for the
  expiry of any timeout from a previous connection attempt to the same
  destination. #499

new diagnostics features

• reporting of connection failure reasons in weave status. #552
• add weaveDNS status
  information,
  such as current container/IP/name mappings, to weave status. #237/#266/#465
• give peers a
  nickname
  for easier identification, defaulting to the
  hostname. #369/#407/#472
• improved logging of connection lifecycle events. #449,#560
• include weave exposed addresses in weave ps
  output. #385/#558

new weaveDNS features

• handle large responses over UDP and also support TCP fallback. This
  is especially needed when containers query external
  domains. #362/#392,#360/#361
• allow setting of domain name to something other than
  weave.local #366/#394,#573/#581
• add ability to name weave exposed
  addresses. #375/#566

build system improvements

• enable containerised
  build, making
  easier to get a weave development environment set up and contribute
  to weave. #370,#387
• Travis CI
  integration, including linting. #397,#503,#571,#491
• coverage reports and enable coveralls.io
  integration. #396,#505/#508,#557
• make smoke tests work with Docker 1.6. #579
• bump go version to 1.4.2. #490,#535/#536
• speed up tests. #547

miscellaneous improvements

• make weave commands interruptable with Ctrl-C. #391/#395
• stop weave more gracefully in weave stop/stop-dns/reset, by
  invoking docker stop instead of docker kill. #512
• add
  WEAVE_PORT
  env var for overriding default weave port. #531/#534,#551
• make weaveDNS container configurable by supplying docker parameters
  to in WEAVEDNS_DOCKER_ARGS. #484,#487
• detect UDP connectivity breakage, and recover from it if
  possible. #373/#413
• reduce likelihood of IP address clashes in tests and examples. #402
• add installation instructions for CoreOS. #434/#435

• Improve WeaveDNS to the point where it can act as the name server for containers in nearly all situations.
• Diagnose and report peer connectivity more comprehensively.
• Adapt to changes in topology - adding & removing of weave peers, disruption of connectivity - more rapidly.
• Cope with delays in downloading/running docker images/containers required for weave operation.

change log

• Align script and image version. When the weave script has a version number, i.e. it is part of an official release, it runs docker images matching that version. Thus the script and image versions are automatically aligned. Unversioned/unreleased weave scripts run the 'latest'-tagged image versions.
• Eliminate dependency on ethtool and conntrack. Instead of requiring these to be installed on the host, weave invokes them via a weavetools docker image that contains minimally packaged versions of these utilities.
• New weave setup command. This downloads all docker images used by weave. Invoking this is strictly optional; its main purpose is to facilitate automated installation of weave and preventing delays in subsequent weave command execution due to image downloading.

This is the first release assigned a version number.

When downloading weave you now have the following choices...

1. a specific version, e.g. https://github.com/zettio/weave/releases/download/v0.7.0/weave
2. latest released version: https://github.com/zettio/weave/releases/download/latest_release/weave
3. most recent 'master' commit: https://raw.githubusercontent.com/zettio/weave/master/weave

Previously the only documented download location was (3). We recommend
that any automated scripts using that be changed to either (1) or (2).