Skip to main content

ZeroTierOne v1.16.0

ZeroTier Team
ZeroTier Team

Major release introducing significant licensing changes, network-specific relays, and enhanced security options.

License Changes

The licensing structure has been reorganized to better align with project goals:

  • Core and Service (node/, include/, service/, osdep/) now use the Mozilla Public License (MPL)
  • Network Controller (controller/) is now under a commercial source-available license
  • Default binary builds no longer include the controller component
  • Building with make ZT_NONFREE=1 includes non-MPL components and changes the executable license to proprietary commercial

New Features

Network-Specific Relays (Beta)

Nodes can now be designated as network-specific relays, used in preference to root servers for relayed traffic between network members. These relay nodes do not need to be members of the network they serve.

Note: Moons are now considered deprecated and should not be used in new deployments. Support for network-specific relays will be announced after additional testing and validation.

HELLO Packet Encryption

Optional encryption for HELLO packets is now available via the encryptedHelloEnabled setting in local.conf. While HELLO packets contain only public keys and basic protocol metadata, this option addresses compliance requirements in sensitive environments. Enabling this feature adds minimal CPU and bandwidth overhead during the HELLO sign-on process.

Improvements

  • Code reformatted using clang-format with repository .clang-format definition (run make clang-format to apply)
  • Bridges no longer count toward multicast limits and now receive all multicast traffic
  • Updated library versions for OIDC and other features
  • OpenTelemetry support added for Central Controllers
  • Custom control plane support for third-party device vendors
  • Docker: local.conf content can now be set via environment variable

Bug Fixes

  • Resolved flow designation issue in bridged traffic under multipath scenarios
  • Fixed active backup link selection in bonding
  • Corrected bond link selection method JSON field naming standardization
  • Fixed AuthInfo Provider initialization
  • Addressed Windows installer issues
  • Build fix for OpenBSD (issue #2397)
  • Removed compiler warnings by eliminating deprecated function usage on some platforms

Security Updates

  • Removed antiquated and unused software update code as a precautionary measure
  • Updated Rust dependencies including:
    • ring 0.17.8 → 0.17.13
    • rustls 0.23.15 → 0.23.18
    • openssl 0.10.68 → 0.10.72
    • tokio 1.42.0 → 1.43.1
    • crossbeam-channel 0.5.13 → 0.5.15

Breaking Changes

  • Default builds no longer include the network controller
  • Building controller components requires explicit make ZT_NONFREE=1 flag
  • Executables built with ZT_NONFREE=1 are under proprietary commercial license instead of MPL

Additional Information