Sign inRequest DemoTry for free

Updating Connectors

Keeping Connectors Current

Twingate publishes Connector updates on an approximately monthly cadence to address known CVEs (particularly in upstream packages bundled into our AWS AMIs), ship performance and reliability improvements, and introduce new features. We validate each release against multiple vulnerability scanners as part of our compliance posture.

We can’t always publish the specific vulnerabilities patched in any given release. The most reliable way to ensure your Connectors meet the security and compliance posture you expect is to stay on the most recently published version.

If you’re deploying into a Kubernetes environment, consider managing Connectors via the Twingate Kubernetes Operator, which provides automation to keep Connectors up to date without manual intervention. See the operator repository on GitHub for setup details.

Minimum Supported Version

Twingate does not publish a formal end-of-life policy for individual Connector versions. However, the Twingate Controller enforces a minimum supported version. The Controller rejects Connectors running below that threshold, and they cannot broker connections until you upgrade them.

The Connector changelog lists the current minimum supported version. If you are unsure whether a deployed Connector is current, the Admin Console will surface an upgrade prompt for any Connector that has an update available.

Update Best Practices

Twingate Connectors run either within a Docker container, in Kubernetes (including GKE, EKS, MicroK8s) using a Helm chart, or as a Linux systemd service. The process for updating Connectors varies based on the deployment platform, but the same principles apply in all cases:

  • Update one Connector at a time in a redundant pair. Updating a Connector requires you to temporarily disconnect it, so to avoid downtime for users, at least two Connectors should be deployed in each Remote network in your Twingate configuration to ensure redundancy. Multiple Connectors deployed within the same Remote network are automatically clustered for load balancing and failover. Update one Connector at a time to ensure that the Remote network remains accessible.

  • Maintain the same access and refresh tokens when upgrading a Connector. Connectors are uniquely identified by the tokens individually assigned to them. When updating a Connector, ensure that the same tokens are retained during the update process, otherwise new tokens will need to be provisioned.

  • Don’t let Connectors drift far behind the latest release. Skipping multiple monthly releases increases the size of the eventual upgrade and the window in which a known CVE may go unpatched. Where possible, treat Connector upgrades as routine maintenance rather than a project.

Deployment-specific Update Instructions

Depending on whether you have deployed Connectors as containers, using Helm or the native Linux systemd service, instructions can be found below:

Docker-deployed Connectors

Systemd-deployed Connectors

Helm-deployed Connectors

Automated Updates with the Kubernetes Operator

If you deploy Connectors into Kubernetes, the Twingate Kubernetes Operator can keep them current for you. The Operator includes a scheduled routine that periodically checks for new Connector image versions and applies them automatically, which is the most hands-off way to remain on the latest release.

For Docker and systemd deployments, you apply updates manually using the platform-specific instructions above.

Update Notifications

There are a few ways to learn when a new Connector version is available:

  • Admin email: When an update is available for any Connector in your environment, all users marked as admins will receive a notification email. This email is delivered weekly at 00:00 UTC on Mondays and includes the list of Connectors that can be updated.
  • Admin Console: The Admin Console surfaces an upgrade indicator on any Connector that has an update available.
  • Changelog: Browse the full Connector release history at twingate.com/changelog/connector.
  • RSS feed: Subscribe to https://twingate.com/changelog-connectors.rss.xml to receive new release notifications in your feed reader of choice.

Last updated 2 days ago