Release-v1.3.0

Highlights

Important changes in v1.3.0 include the following:

• Linux-compatible sock_addr bind hooks: Added BPF_CGROUP_INET4_BIND and BPF_CGROUP_INET6_BIND support so eBPF programs can authorize IPv4 and IPv6 bind operations using standard cgroup/bind4 and cgroup/bind6 sections.
• Broader sock_addr coverage: Expanded the socket-address model with connect-authorization and listen attach types, improving feature parity and enabling richer policy enforcement across socket lifecycle events.
• Stronger custom map provider support: Enhanced custom maps with a preferred post-delete callback model and clearer concurrency and IRQL guarantees for extension authors.
• IOCTL and runtime hardening: Added generated IOCTL protocol validation plus widespread overflow, bounds, and memory-safety fixes across API, runtime, verifier, map, and serialization paths.
• Shared extension infrastructure integration: Introduced ebpf-extension-common to consolidate common extension support such as tracelogging and rundown handling across kernel and user mode.
• Build and packaging improvements: Added the new ioctl_spec project, updated submodules and packaging flows, and cleaned up CI/pipeline behavior to improve maintainability and release reliability.

What's Changed

• Updated Main Version to 1.3.0 by @kumarvin123 in #5207
• Adding connect_redirect_tests.exe to vpack by @kumarvin123 in #5208
• Fix OneBranch signed-nupkg repack by @mikeagun in #5210
• Add tcp_udp_listener.exe to vpack by @kumarvin123 in #5211
• Add support for cgroup/connect_authorization4 and cgroup/connect_authorization6 by @Alan-Jowett in #4750
• Fix intermittent recv_accept hard permit test timeout (#4978) by @mikeagun in #5187
• Remove map level lock from custom map operations. by @saxena-anurag in #5186
• Add EverParse-based IOCTL message validation by @Alan-Jowett in #5081
• Fix connect_redirect test cascading failures and overlapped I/O leak by @mikeagun in #5095
• Remove standalone performance workflow by @Alan-Jowett in #5223
• [custom maps] bugfix: Update check for pre-free case by @saxena-anurag in #5224
• Update usersim by @Alan-Jowett in #5232
• Updating Procdump.zip Hash by @kumarvin123 in #5252
• Miscellaneous Bug Fixes for 26_05 by @kumarvin123 in #5229
• Updating ProcDump hash in Azure Pipelines by @kumarvin123 in #5263
• Consume ebpf-extension-common by @LakshK98 in #5075
• Update verifier submodule, fix breaking changes. by @saxena-anurag in #5216
• Add CONNECT_AUTHORIZATION readonly context test by @Alan-Jowett in #5230
• Use cxplat safe integer helpers by @Alan-Jowett in #5200
• Fix native PE parsing to support multiple eBPF programs sharing the same PE section by @saxena-anurag in #5280
• Exclude bpf2c expected files from clang-format by @mikeagun in #5282
• Fuzz CONNECT_AUTHORIZATION hook in netebpfext_fuzzer by @mikeagun in #5297
• Add mayfail tag to stress test cases by @shankarseal in #5277
• Add driver test binaries to onebranch build target by @matthewige in #5309
• Test infra: add listen error and socket family support to test framework by @mikeagun in #5267
• ebpf_program: Reject repeat_count == 0 in test run to prevent divide-by-zero by @Alan-Jowett in #5283
• Fix official_main artifact layout for ADO test pipeline by @matthewige in #5319
• Cherry-pick fixes to release/1.3 by @saxena-anurag in #5362
• [release/1.3] update spd file by @saxena-anurag in #5367

Full Changelog: v1.2.1...v1.3.0