Spokes v1.5.9: Server Uptime Tracking, Certificate Reliability, and Security Fixes

Published at May 28, 2026 ·  3 min read

We’re releasing Spokes v1.5.9 with a set of reliability, observability, and security improvements.

This release adds availability and restart tracking for Spokes, fixes a certificate renewal issue caused by upstream state corruption, improves tunnel internals to reduce memory growth and tighten safety, and updates cryptography dependencies to address critical CVEs.

What’s new:

• Server uptime and restart tracking — rolling 30-day visibility into application restarts and availability
• Certificate renewal fix — updated certmagic to resolve JSON state corruption that could block automatic renewals
• Tunnel library improvements — reduced memory growth, fewer leaks, and tighter safety for long-running tunnels
• Security patches — updated golang.org/x/crypto to resolve critical CVEs

Get the Release

The latest software packages are now available on our downloads page and container image distributions. As always, we recommend upgrading to stay current with reliability improvements and security updates.

Our containers are updated as well.

docker pull packetriot/spokes:1.5.9

# alternatively

docker pull terrapinlabs/spokes:1.5.9

Server Availability

Spokes now tracks server uptime, availability, and application restarts over a rolling 30 day window. Spokes may restart due to the application crashing, and tunnels will normally reconnect on their own, which may obscure to admins that a restart even occurred.

This new visibility makes it easier to spot unhealthy patterns before they become bigger problems. If a restart was caused by a crash, memory pressure, or another unexpected condition, admins can now identify that it happened and inspect logs while the event is still recent. The result is better operational awareness for self-hosted deployments with very little added overhead.

Certificate Management

This release updates certmagic to the latest version to fix a bug reported by a customer. In some cases, a JSON configuration file maintained by certmagic could become corrupted, which would then cause certificate renewals to fail.

Keeping certificate automation dependable is important because renewal failures often only become visible once a certificate is close to expiring. With this update, certificate state handling is more reliable and the automatic HTTPS flow is less likely to be interrupted by bad renewal metadata. For most users, this change simply means fewer surprises and smoother long-term operation.

Tunnel Library

We updated the underlying tunnel library to improve code safety, reduce memory leaks and heap growth, and deliver some small speed improvements. These changes are mostly internal, but they matter most in long-running processes where even modest allocation and cleanup issues can add up over time.

In practice, this should make tunnel handling more stable under sustained use and reduce unnecessary memory growth in busy environments. The result is a cleaner runtime profile, less pressure on the garbage collector, and a more reliable foundation for reconnects and persistent traffic handling.

Security Updates

Spokes v1.5.9 also resolves critical CVEs in golang.org/x/crypto by updating to the latest version. We regularly pull in dependency and toolchain updates like this to make sure the client and server stay current with upstream security fixes.

There are no new settings or migration steps required here. Just upgrade to the latest release to pick up the fixes and keep your deployment on a supported and more secure dependency set.

Thanks

These improvements are part of our ongoing effort to make Packetriot’s software faster, simpler, and more reliable to operate.

We appreciate feedback, bug reports, and suggestions from our users. If there are features or improvements you’d like to see next, please let us know.!

Cheers!