Spokes v1.5.6

Published at November 21, 2025 ·  3 min read

We’re excited to announce the release of Spokes v1.5.6. This version focused on minor improvements, bug fixes, and dependency updates to maintain security.

Get the Release!

You can download the RPM here. As always, our container images are available in both the Packetriot and Terrapin Labs repositories.

docker pull packetriot/spokes:1.5.6

# alternatively

docker pull terrapinlabs/spokes:1.5.6

Updated Tunnel Protocol

Our custom tunneling protocol is the backbone for moving traffic between Spokes and our client. Since the beginning, our protocol has used a fixed-length frame for relaying traffic. This was a choice to simplify its implementation in the earlier days, but it introduces some concerns:

• Wasted bandwidth for control messages, such as keepalives and connection initiations/closures.
• System calls like reading/writing from sockets spend more time on the CPU because we may be reading or writing padded bytes that don’t actually contain any data.

In this release, we’ve updated our tunneling protocol to support sparse frames. This means that each frame is populated to the maximum extent possible with the necessary data, not just to the maximum space available in the frame. This should introduce performance improvements for clients, particularly on slow networks like mobile ones. This will improve Spokes’ performance by reducing wasted bytes, allowing more time to process traffic with application data.

We will be releasing an update to our client that uses the updated tunneling protocol and supports sparse frames, so be on the lookout for that release (it should happen soon).

Built-In Cron Tasks

We’ve used cron to run several tasks daily and monthly, including rolling up metrics, cleaning up web sessions, resetting bandwidth counters, and performing other minor maintenance. In an effort to reduce the surface area of our container and reduce dependencies, we’ve moved these periodic tasks into Spokes.

Spokes now has a Tasks area, and the link to it is in the Server section of the dashboard menu. Visiting this new page lists all of the periodic tasks that Spokes performs.

We’re gradually reducing what is shipped alongside Spokes to reduce the amount we need to maintain from a dependency and security perspective.

Bug Fixes and Security Updates

We resolved vulnerabilities in external software dependencies used in Spokes and external programs we include in our container image. Docker Scout flagged these, and we took steps to fix them in this release.

A medium vulnerability was discovered in the Go package golang.org/x/crypto. We updated it to use a version that fixes this vulnerability. In addition, a vulnerability was recently discovered in curl, a program we include in our container. We decided to remove it since it was only used for debugging, and there is no resolution for this CVE yet.

We fixed a bug in the upstream application health checks for Services, the built-in HTTP and TCP reverse proxy in Spokes.

UI Improvements

We’ve harmonized some of the UI elements in the user management section of the Spokes dashboard. If you view or edit a user’s details, the UI boxes and forms now use the same design.

We have also added the ability to set and edit a user’s scope: admin or a basic user.

Thanks

As always, we want to thank our users for their valuable feedback and bug reports. Your input drives continuous improvements to Spokes. If you have ideas for features or enhancements, please don’t hesitate to reach out.

Cheers!