Releases: hashicorp/nomad
Releases · hashicorp/nomad
v1.9.3
v1.9.2
WARNING
Nomad 1.9.2 and Nomad 1.9.2 Enterprise shipped with a critical bug in state store restoration. See #24411. Users should not upgrade to Nomad 1.9.2 or Nomad 1.9.2 Enterprise. A replacement release will ship shortly.
1.9.2 (November 08, 2024)
SECURITY:
- csi: Fixed a bug where a user with csi-write-volume permissions to one namespace can create volumes in another namespace (CVE-2024-10975) [GH-24396]
IMPROVEMENTS:
- api: new parameterized dispatch endpoint sends raw HTTP request body as Payload [GH-24312]
- connect: Able to accept go-sockaddr address for consul grpc address [GH-24280]
- consul: add support for service weight [GH-24186]
- drivers: Add work_dir config to exec/rawexec/java drivers for setting the working directory of processes in a task [GH-24249]
- drivers: Move executor process out of task cgroup after task starts on cgroups v1 [GH-24340]
- drivers: add posibility to restrict user and group for exec and rawexec [GH-20073]
- fingerprint gce: fingerprint preemptibility [GH-24169]
- getter: Added option to chown artifact(s) to task user [GH-24157]
- ui: Indicates prestart/poststart tasks by running/failed/pending status [GH-24133]
- ui: Show region in header when only one region exists, and set it immediately upon logging in with a token [GH-24320]
- ui: When your token expires, upon signing back in, redirect to your original route [GH-24374]
BUG FIXES:
- cli: Corrected an ordering mistake in job tag unset help text [GH-24272]
- connect: add validation to ensure that connect native services specify a port [GH-24329]
- deps: Fixed a bug where restarting Nomad could cause an unrelated process with the same PID as a failed executor to be killed [GH-24265]
- keyring: Fixed a panic on server startup when decrypting AEAD key data with empty RSA block [GH-24383]
- scheduler: fixed a bug where resource calculation did not account correctly for poststart tasks [GH-24297]
- state: Fixed setting GC threshold to more than 72hrs being ignored [GH-24112]
v1.8.7 (Enterprise)
1.8.7 Enterprise (November 8, 2024)
SECURITY:
- csi: Fixed a bug where a user with csi-write-volume permissions to one namespace can create volumes in another namespace (CVE-2024-10975) [GH-24396]
BUG FIXES:
v1.7.15 (Enterprise)
1.7.15 (November 8, 2024)
SECURITY:
- csi: Fixed a bug where a user with csi-write-volume permissions to one namespace can create volumes in another namespace (CVE-2024-10975) [GH-24396]
BUG FIXES:
- connect: add validation to ensure that connect native services specify a port [GH-24329]
- deps: Fixed a bug where restarting Nomad could cause an unrelated process with the same PID as a failed executor to be killed [GH-24265]
- scheduler: fixed a bug where resource calculation did not account correctly for poststart tasks [GH-24297]
v1.8.6 (Enterprise)
dc22560
This commit was signed with the committer’s verified signature.
Juanadelacuesta
Juana De La Cuesta
IMPROVEMENTS:
- cli: Added synopsis for
operator rootandoperator gossipcommand [GH-23671]
BUG FIXES:
- consul: Fixed a bug where broken Consul ACL tokens could block registration and deregistration of services and checks [GH-24166]
- consul: Fixed a bug where service deregistration could fail because Consul ACL tokens were revoked during allocation GC [GH-24166]
- deps: Fixed a bug where restarting Nomad could cause an unrelated process with the same PID as a failed executor to be killed [GH-24265]
- scheduler: fixes reconnecting allocations not getting picked correctly when replacements failed [GH-24165]
- windows: Fixed a bug where a crashed executor would orphan task processes [GH-24214]
v1.7.14 (Enterprise)
2252d5f
This commit was signed with the committer’s verified signature.
Juanadelacuesta
Juana De La Cuesta
IMPROVEMENTS:
- cli: Added synopsis for
operator rootandoperator gossipcommand [GH-23671]
BUG FIXES:
- consul: Fixed a bug where broken Consul ACL tokens could block registration and deregistration of services and checks [GH-24166]
- consul: Fixed a bug where service deregistration could fail because Consul ACL tokens were revoked during allocation GC [GH-24166]
- plugins: Fix panic on systems that don't support NUMA [GH-23399]
- scheduler: fixes reconnecting allocations not getting picked correctly when replacements failed [GH-24165]
- windows: Fixed a bug where a crashed executor would orphan task processes [GH-24214]
v1.9.1
1.9.1 (October 21, 2024)
IMPROVEMENTS:
- cli: Added synopsis for
operator rootandoperator gossipcommand [GH-23671] - cli: Updated example job specifications in nomad job init [GH-24232]
BUG FIXES:
- consul: Fixed a bug where broken Consul ACL tokens could block registration and deregistration of services and checks [GH-24166]
- consul: Fixed a bug where service deregistration could fail because Consul ACL tokens were revoked during allocation GC [GH-24166]
- docker: Always negotiate API version when initializing clients [GH-24237]
- docker: Fix incorrect auth parsing for private registries [GH-24215]
- docker: Fixed a bug where alloc exec could leak a goroutine [GH-24244]
- docker: Fixed a bug where alloc exec with stdin would hang [GH-24202]
- docker: Fixed a bug where task CPU stats were reported incorrectly [GH-24229]
- heartbeat: Fixed a bug where failed nodes would not be marked down [GH-24241]
- scheduler: fixes reconnecting allocations not getting picked correctly when replacements failed [GH-24165]
- ui: Fix an issue where a dropdown on the variables page would appear underneath table headers [GH-24162]
- ui: Put a max-width on token name so it doesn't collide with the search box in the top nav [GH-24240]
- windows: Fixed a bug where a crashed executor would orphan task processes [GH-24214]
v1.8.5 (Enterprise)
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
IMPROVEMENTS:
- cli: Increase default log level and duration when capturing logs with
operator debug[GH-23850]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- cli: Fixed a bug in job status command where -t would act as though -json was also set [GH-24054]
- licensing: Fixed a bug where environment variable to opt-out of reporting was not respected
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- task: adds node.pool attribute to interpretable values in task env [GH-24052]
- template: Fixed a panic on client restart when using change_mode=script [GH-24057]
v1.7.13 (Enterprise)
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- cli: Fixed a bug in job status command where -t would act as though -json was also set [GH-24054]
- licensing: Fixed a bug where environment variable to opt-out of reporting was not respected
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- template: Fixed a panic on client restart when using change_mode=script [GH-24057]
v1.9.0
1.9.0 (October 10, 2024)
BREAKING CHANGES:
- heartbeats: clients older than 1.6.0 will fail heartbeats to 1.9.0+ servers [GH-23838]
- jobspec: Removed support for HCLv1 [GH-23912]
- services: Clients older than 1.5.0 will fail to read Nomad native services via template blocks [GH-23910]
- tls: Removed deprecated
tls.prefer_server_cipher_suitesfield from agent configuration [GH-23712]
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
IMPROVEMENTS:
- cli: Added redaction options to operator snapshot commands [GH-24023]
- cli: Increase default log level and duration when capturing logs with
operator debug[GH-23850] - deps: Upgraded yamux to v0.1.2 to fix a bug where RPC connections could deadlock [GH-24058]
- docker: Use official docker SDK instead of a 3rd party client [GH-23966]
- identity: Added filepath parameter to identity block for persisting workload identities [GH-24038]
- jobs: Added Version Tags to job versions, to prevent them from being garbage collected and allow for diffs [GH-24055]
- keyring: Stored wrapped data encryption keys in Raft [GH-23977]
- metrics: introduce client config to include alloc metadata as part of the base labels [GH-23964]
- networking: Added an option to ignore static port collisions when scheduling, for programs that use the SO_REUSEPORT unix socket option [GH-23956]
- networking: IPv6 can now be enabled on the Nomad bridge network mode [GH-23882]
- quotas (Enterprise): Added the possibility to set device count limits [GH-23894]
- raft: Bump raft to v1.7.1 which includes pre-vote. This should make servers more stable after network partitions [GH-24029]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- cli: Fixed a bug in job status command where -t would act as though -json was also set [GH-24054]
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- task: adds node.pool attribute to interpretable values in task env [GH-24052]
- template: Fixed a panic on client restart when using change_mode=script [GH-24057]
- ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had wildcard namespace variable write permissions [GH-24073]