[ZT] WARP changelog (#15397)

* macOS and Windows GA

* Update data/changelogs/warp.yaml

retrigger build

data/changelogs/warp.yaml

@@ -5,6 +5,57 @@ productLink: "/cloudflare-one/connections/connect-devices/warp/"
 productArea: Cloudflare One
 productAreaLink: /cloudflare-one/changelog/
 entries:
+- publish_date: '2024-06-28'
+  title: WARP client for macOS (version 2024.6.416.0)
+  description: |-
+    A new GA release for the macOS WARP client is now available in the [App Center](https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release). This release includes some exciting new features. It also includes additional fixes and minor improvements.
+
+    New features:
+      - Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to [Device tunnel protocol](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol). This feature will be rolled out to customers in stages over approximately the next month.
+      - The Device Posture [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = `123456.mycompany`, where 123456 is the device serial number).
+
+    Additional changes and improvements:
+      - Fixed a known issue where the certificate was not always properly left behind in `/Library/Application Support/Cloudflare/installed_cert.pem`.
+      - Fixed an issue where re-auth notifications were not cleared from the UI when the user switched configurations.
+      - Fixed a macOS firewall rule that allowed all UDP traffic to go outside the tunnel. Relates to TunnelVision ([CVE-2024-3661](https://nvd.nist.gov/vuln/detail/CVE-2024-3661)). 
+      - Fixed an issue that could cause the Cloudflare WARP menu bar application to disappear when switching configurations.
+
+    Warning:
+      - This is the last GA release that will be supporting older, deprecated `warp-cli` commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of `warp-cli -h`.
+
+    Known issues:
+      - If a user has an MDM file configured to support multiple profiles (for the [switch configurations](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/switch-organizations/) feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the `warp-cli registration delete` command to clear the registration, and then re-register the client.
+      - There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
+        - A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
+        - Your account has Regional Services enabled.
+
+- publish_date: '2024-06-28'
+  title: WARP client for Windows (version 2024.6.415.0)
+  description: |-
+    A new GA release for the macOS WARP client is now available in the [App Center](https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-macos-1/distribution_groups/release). This release includes some exciting new features. It also includes additional fixes and minor improvements.
+
+    New features:
+      - Admins can now elect to have ZT WARP clients connect using the MASQUE protocol; this setting is in Device Profiles. Note: before MASQUE can be used, the global setting for Override local interface IP must be enabled. For more detail, refer to [Device tunnel protocol](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#device-tunnel-protocol). This feature will be rolled out to customers in stages over approximately the next month.
+      - The ZT WARP client on Windows devices can now connect before the user completes their Windows login. This Windows pre-login capability allows for connecting to on-premise Active Directory and/or similar resources necessary to complete the Windows login.
+      - The Device Posture [client certificate check](/cloudflare-one/identity/devices/warp-client-checks/client-certificate/) has been substantially enhanced. The primary enhancement is the ability to check for client certificates that have unique common names, made unique by the inclusion of the device serial number or host name (for example, CN = `123456.mycompany`, where 123456 is the device serial number).
+
+    Additional changes and improvements:
+      - Added a new [Unable to Connect message](/cloudflare-one/connections/connect-devices/warp/troubleshooting/client-errors/#cf_failed_read_system_dns_config) to the UI to help in troubleshooting.
+      - The upgrade window now uses international date formats.
+      - Made a change to ensure DEX tests are not running when the tunnel is not up due to the device going to or waking from sleep. This is specific to devices using the S3 power model.
+      - Fixed a known issue where the certificate was not always properly left behind in `%ProgramData%\Cloudflare\installed_cert.pem`.
+      - Fixed an issue where ICMPv6 Neighbor Solicitation messages were being incorrectly sent on the WARP tunnel.
+      - Fixed an issue where a silent upgrade was causing certain files to be deleted if the target upgrade version is the same as the current version.
+
+    Warning:
+      - This is the last GA release that will be supporting older, deprecated `warp-cli` commands. There are two methods to identify these commands. One, when used in this release, the command will work but will also return a deprecation warning. And two, the deprecated commands do not appear in the output of `warp-cli -h`.
+
+    Known issues:
+      - If a user has an MDM file configured to support multiple profiles (for the [switch configurations](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/switch-organizations/) feature), and then changes to an MDM file configured for a single profile, the WARP client may not connect. The workaround is to use the `warp-cli registration delete` command to clear the registration, and then re-register the client.
+      - There are certain known limitations preventing the use of the MASQUE tunnel protocol in certain scenarios. Do not use the MASQUE tunnel protocol if:
+        - A Magic WAN integration is on the account and does not have the latest packet flow path for WARP traffic. Please check migration status with your account team.
+        - Your account has Regional Services enabled.
+
 - publish_date: '2024-05-22'
   title: WARP client for Windows (version 2024.5.310.1)
   description: |-