All Versions
160
Latest Version
Avg Release Cycle
28 days
Latest Release
658 days ago
Changelog History
Page 4
Changelog History
Page 4
-
v1.1.17 Changes
August 25, 2022๐ BUG FIXES:
- ๐ client/logmon: fixed a bug where logmon cannot find nomad executable [GH-14297]
- ๐ป ui: Fixed a bug that caused the allocation details page to display the stats bar chart even if the task was pending. [GH-14224]
- ๐ง vault: Fixed a bug where Vault clients were recreated when the server configuration was reloaded, even if there were no changes to the Vault configuration. [GH-14298]
- ๐ง vault: Fixed a bug where changing the Vault configuration
namespace
field was not detected as a change during server configuration reload. [GH-14298]
-
v1.1.16 Changes
August 05, 2022๐ BUG FIXES:
- ๐ acl: Fixed a bug where the timestamp for expiring one-time tokens was not deterministic between servers [GH-13737]
- ๐ deployments: Fixed a bug that prevented auto-approval if canaries were marked as unhealthy during deployment [GH-14001]
- ๐ namespaces: Fixed a bug that allowed deleting a namespace that contained a CSI volume [GH-13880]
- โช qemu: restore the monitor socket path when restoring a QEMU task. [GH-14000]
-
v1.1.15 Changes
July 13, 2022๐ BUG FIXES:
- โช api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
- ๐ cli: Fixed a bug in the names of the
node drain
andnode status
sub-commands [GH-13656] - client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
- ๐ cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
- โฑ core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
- ๐ core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision.
client.reserved.reserved_ports
is now merged into eachhost_network
's reserved ports instead of being treated as a collision. [GH-13651] - ๐ core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
- ๐ง csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable
health_timeout
field [GH-13340] - โฑ csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
- ๐ lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
- ๐ท ui: Allow running jobs from a namespace-limited token [GH-13659]
- ๐ป ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
- โก๏ธ volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]
-
v1.1.14 Changes
May 19, 2022๐ SECURITY:
- ๐ท A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]
-
v1.1.13 Changes
May 10, 2022๐ SECURITY:
- server: validate mTLS certificate names on agent to agent endpoints [GH-11956]
๐ IMPROVEMENTS:
- โก๏ธ api: Updated the CSI volumes list API to respect wildcard namespaces [GH-11724]
- โฌ๏ธ build: upgrade and speedup circleci configuration [GH-11889]
๐ BUG FIXES:
- ๐ Fixed a bug where successful poststart tasks were marked as unhealthy [GH-11945]
- api: Apply prefix filter when querying CSI volumes in all namespaces [GH-12184]
- cleanup: prevent leaks from time.After [GH-11983]
- ๐ client: Fixed a bug that could prevent a preempting alloc from ever starting. [GH-12779]
- ๐ client: Fixed a bug where clients that retry blocking queries would not reset the correct blocking duration [GH-12593]
- ๐ config: Fixed a bug where the
reservable_cores
setting was not respected [GH-12044] - ๐ท core: Fixed auto-promotion of canaries in jobs with at least one task group without canaries. [GH-11878]
- core: prevent malformed plans from crashing leader [GH-11944]
- ๐ csi: Fixed a bug where
plugin status
commands could choose the incorrect plugin if a plugin with a name that matched the same prefix existed. [GH-12194] - ๐ csi: Fixed a bug where
volume snapshot list
did not correctly filter by plugin IDs. The-plugin
parameter is required. [GH-12197] - โฑ csi: Fixed a bug where allocations with volume claims would fail their first placement after a reschedule [GH-12113]
- โช csi: Fixed a bug where allocations with volume claims would fail to restore after a client restart [GH-12113]
- ๐ csi: Fixed a bug where creating snapshots required a plugin ID instead of falling back to the volume's plugin ID [GH-12195]
- ๐ csi: Fixed a bug where fields were missing from the Read Volume API response [GH-12178]
- ๐ csi: Fixed a bug where garbage collected nodes would block releasing a volume [GH-12350]
- ๐ csi: Fixed a bug where per-alloc volumes used the incorrect ID when querying for
alloc status -verbose
[GH-12573] - โก๏ธ csi: Fixed a bug where plugin configuration updates were not considered destructive [GH-12774]
- ๐ csi: Fixed a bug where plugins would not restart if they failed any time after a client restart [GH-12752]
- ๐ csi: Fixed a bug where plugins written in NodeJS could fail to fingerprint [GH-12359]
- ๐ csi: Fixed a bug where purging a job with a missing plugin would fail [GH-12114]
- ๐ csi: Fixed a bug where single-use access modes were not enforced during validation [GH-12337]
- ๐ csi: Fixed a bug where the maximum number of volume claims was incorrectly enforced when an allocation claims a volume [GH-12112]
- ๐ csi: Fixed a bug where the plugin instance manager would not retry the initial gRPC connection to plugins [GH-12057]
- ๐ csi: Fixed a bug where the plugin supervisor would not restart the task if it failed to connect to the plugin [GH-12057]
- ๐ csi: Fixed a bug where volume snapshot timestamps were always zero values [GH-12352]
- ๐ csi: Fixed bug where accessing plugins was subject to a data race [GH-12553]
- ๐ csi: fixed a bug where
volume detach
,volume deregister
, andvolume status
commands did not accept an exact ID if multiple volumes matched the prefix [GH-12051] - ๐ csi: provide
CSI_ENDPOINT
environment variable to plugin tasks [GH-12050] - ๐ท jobspec: Fixed a bug where connect sidecar resources were ignored when using HCL1 [GH-11927]
- โก๏ธ scheduler: fixed a bug where in-place updates on ineligible nodes would be ignored [GH-12264]
- ๐ป ui: Fix the link target for CSI volumes on the task detail page [GH-11896]
- ๐ป ui: fix the unit for the task row memory usage metric [GH-11980]
-
v1.1.12 Changes
February 09, 2022BACKWARDS INCOMPATIBILITIES:
- ๐ ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability
๐ SECURITY:
- โ Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
- ๐ Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
- Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
- Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]
-
v1.1.11 Changes
February 01, 2022๐ BUG FIXES:
- ๐ csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
- ๐ csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
- ๐ csi: Fixed a bug where volume claim releases that were not fully processed before a leadership transition would be ignored [GH-11776]
- csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]
-
v1.1.10 Changes
January 18, 2022๐ BUG FIXES:
- agent: Validate reserved_ports are valid to prevent unschedulable nodes. [GH-11830]
- ๐ cli: Fixed a bug where the
-stale
flag was not respected bynomad operator debug
[GH-11678] - client: Fixed a bug where clients would ignore the
client_auto_join
setting after losing connection with the servers, causing them to incorrectly fallback to Consul discovery if it was set tofalse
. [GH-11585] - ๐ client: Fixed a memory and goroutine leak for batch tasks and any task that exits without being shut down from the server [GH-11741]
- ๐จ client: Fixed host network reserved port fingerprinting [GH-11728]
- core: Fix missing fields in Node.Copy() [GH-11744]
- ๐ csi: Fixed a bug where deregistering volumes would attempt to deregister the wrong volume if the ID was a prefix of the intended volume [GH-11852]
- ๐ drivers: Fixed a bug where the
resolv.conf
copied from the system was not readable to unprivileged processes within the task [GH-11856] - ๐ quotas (Enterprise): Fixed a bug quotas can be incorrectly calculated when nodes fail ranking. [GH-11848]
- ๐ rpc: Fixed scaling policy get index response when the policy is found [GH-11579]
- โฑ scheduler: detect, log, and emit
nomad.nomad.plan.node_rejected
metric when an unexpected port collision is detected [GH-11793] - ๐ scheduler: Fixed a performance bug where
spread
and node affinity can cause a job to take longer than the nack timeout to be evaluated. [GH-11712] - โก๏ธ template: Fixed a bug where templates did not receive an updated vault token if
change_mode = "noop"
was set in the job definition'svault
stanza. [GH-11783]
-
v1.1.9 Changes
December 13, 2021๐ SECURITY:
- โก๏ธ Updated to Go 1.16.12. Earlier versions of Go contained 2 CVEs. CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. CVE-2021-44716 could create unbounded memory growth in HTTP2 servers. Nomad servers do not use HTTP2. [GH-11662]
-
v1.1.8 Changes
November 19, 2021๐ SECURITY:
- ๐ Allow limiting QEMU arguments to reduce access to host resources. CVE-2021-43415 [GH-11542]