<feed xmlns='http://www.w3.org/2005/Atom'>
<title>wireguard-windows/conf, branch master</title>
<subtitle>WireGuard client for Windows</subtitle>
<id>https://git.zx2c4.com/wireguard-windows/atom/conf?h=master</id>
<link rel='self' href='https://git.zx2c4.com/wireguard-windows/atom/conf?h=master'/>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/'/>
<updated>2026-05-19T15:37:20Z</updated>
<entry>
<title>conf: flush file buffers before atomically renaming into place</title>
<updated>2026-05-19T15:37:20Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-18T14:00:16Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=f9fccd8266d2116d7ed8f1fa73be155115cb050f'/>
<id>urn:sha1:f9fccd8266d2116d7ed8f1fa73be155115cb050f</id>
<content type='text'>
NTFS journals the rename's metadata change but does not journal user
data. Without an explicit flush a power loss between the cache
manager publishing the rename and writing back the file's pages can
leave the destination at its final name with zero or partial
contents, while the prior file is gone.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: keep retrying when the config-directory watcher fails to start</title>
<updated>2026-05-19T15:37:20Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-14T07:49:09Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=b1867964b43c760e5163ed54cd6e288ca6d6d387'/>
<id>urn:sha1:b1867964b43c760e5163ed54cd6e288ca6d6d387</id>
<content type='text'>
The watcher's setup is guarded by sync.Once, which is consumed the
moment the goroutine is spawned. If tunnelConfigurationsDirectory or
FindFirstChangeNotification fails on the first attempt the goroutine
exits, but every subsequent RegisterStoreChangeCallback sees the Once
already done and skips the spawn, so changes are silently never
reported again. Retry these initial failures on the existing
startover loop instead of bailing out.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: don't strip '#' from PreUp/PreDown/PostUp/PostDown values</title>
<updated>2026-05-19T15:37:20Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-18T07:33:05Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=138fc54288b54e13d657ff635f6592af304fc476'/>
<id>urn:sha1:138fc54288b54e13d657ff635f6592af304fc476</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: reject reserved names with any extension</title>
<updated>2026-05-19T15:37:20Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-18T13:56:17Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=7358663109ca3da16c1358a0bb0137a161b2a9ea'/>
<id>urn:sha1:7358663109ca3da16c1358a0bb0137a161b2a9ea</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: prevent directory traversal on bare tunnel names</title>
<updated>2026-05-03T19:06:48Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-05-03T19:06:21Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=b1b1bfee5dd393332976f2f200151838a3e242ef'/>
<id>urn:sha1:b1b1bfee5dd393332976f2f200151838a3e242ef</id>
<content type='text'>
Not really reachable, but still this seems wrong not to check.
DeleteName checks it.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>global: format code</title>
<updated>2026-04-16T14:21:33Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-13T01:34:48Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=9bc76016ccb54ebec3503d4a88017eec8ac2925a'/>
<id>urn:sha1:9bc76016ccb54ebec3503d4a88017eec8ac2925a</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: properly deduplicate peers</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-11T17:42:45Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=25a936475fa09aa714e13930cb57b5ef8f5b746a'/>
<id>urn:sha1:25a936475fa09aa714e13930cb57b5ef8f5b746a</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: reject tunnel names with leading or trailing dots</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-16T01:15:35Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=3bee7974fa7603b07e54862d721b004762298d5c'/>
<id>urn:sha1:3bee7974fa7603b07e54862d721b004762298d5c</id>
<content type='text'>
Windows is weird about these.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: redact scripts for limited operators</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-16T01:08:54Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=e932cce4f23fe66d89cf1ba32238cfd0b7bb47b8'/>
<id>urn:sha1:e932cce4f23fe66d89cf1ba32238cfd0b7bb47b8</id>
<content type='text'>
Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
<entry>
<title>conf: give redacted peers distinct public keys</title>
<updated>2026-04-16T13:26:26Z</updated>
<author>
<name>Jason A. Donenfeld</name>
<email>Jason@zx2c4.com</email>
</author>
<published>2026-04-11T22:53:47Z</published>
<link rel='alternate' type='text/html' href='https://git.zx2c4.com/wireguard-windows/commit/?id=d6796ab72c58a04676c2e7285d7adf56ff084799'/>
<id>urn:sha1:d6796ab72c58a04676c2e7285d7adf56ff084799</id>
<content type='text'>
ConfView keys its peer map by pubkey. Redact() zeros every peer's pubkey
for non-admin callers, so a multi-peer config got collapsed into a
single map entry, hiding all but one peer. Fix this by just encoding an
index into each redacted pubkey.

Signed-off-by: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt;
</content>
</entry>
</feed>
