All Versions
160
Latest Version
Avg Release Cycle
28 days
Latest Release
658 days ago

Changelog History
Page 4

  • v1.1.17 Changes

    August 25, 2022

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  client/logmon: fixed a bug where logmon cannot find nomad executable [GH-14297]
    • ๐Ÿ’ป ui: Fixed a bug that caused the allocation details page to display the stats bar chart even if the task was pending. [GH-14224]
    • ๐Ÿ”ง vault: Fixed a bug where Vault clients were recreated when the server configuration was reloaded, even if there were no changes to the Vault configuration. [GH-14298]
    • ๐Ÿ”ง vault: Fixed a bug where changing the Vault configuration namespace field was not detected as a change during server configuration reload. [GH-14298]
  • v1.1.16 Changes

    August 05, 2022

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  acl: Fixed a bug where the timestamp for expiring one-time tokens was not deterministic between servers [GH-13737]
    • ๐Ÿš€ deployments: Fixed a bug that prevented auto-approval if canaries were marked as unhealthy during deployment [GH-14001]
    • ๐Ÿ›  namespaces: Fixed a bug that allowed deleting a namespace that contained a CSI volume [GH-13880]
    • โช qemu: restore the monitor socket path when restoring a QEMU task. [GH-14000]
  • v1.1.15 Changes

    July 13, 2022

    ๐Ÿ› BUG FIXES:

    • โช api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
    • ๐Ÿ›  cli: Fixed a bug in the names of the node drain and node status sub-commands [GH-13656]
    • client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
    • ๐Ÿ›  cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
    • โฑ core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
    • ๐Ÿ”€ core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision. client.reserved.reserved_ports is now merged into each host_network's reserved ports instead of being treated as a collision. [GH-13651]
    • ๐Ÿ›  core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
    • ๐Ÿ”ง csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable health_timeout field [GH-13340]
    • โฑ csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
    • ๐Ÿ›  lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
    • ๐Ÿ‘ท ui: Allow running jobs from a namespace-limited token [GH-13659]
    • ๐Ÿ’ป ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
    • โšก๏ธ volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]
  • v1.1.14 Changes

    May 19, 2022

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ‘ท A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]
  • v1.1.13 Changes

    May 10, 2022

    ๐Ÿ”’ SECURITY:

    • server: validate mTLS certificate names on agent to agent endpoints [GH-11956]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โšก๏ธ api: Updated the CSI volumes list API to respect wildcard namespaces [GH-11724]
    • โฌ†๏ธ build: upgrade and speedup circleci configuration [GH-11889]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  Fixed a bug where successful poststart tasks were marked as unhealthy [GH-11945]
    • api: Apply prefix filter when querying CSI volumes in all namespaces [GH-12184]
    • cleanup: prevent leaks from time.After [GH-11983]
    • ๐Ÿ›  client: Fixed a bug that could prevent a preempting alloc from ever starting. [GH-12779]
    • ๐Ÿ›  client: Fixed a bug where clients that retry blocking queries would not reset the correct blocking duration [GH-12593]
    • ๐Ÿ›  config: Fixed a bug where the reservable_cores setting was not respected [GH-12044]
    • ๐Ÿ‘ท core: Fixed auto-promotion of canaries in jobs with at least one task group without canaries. [GH-11878]
    • core: prevent malformed plans from crashing leader [GH-11944]
    • ๐Ÿ”Œ csi: Fixed a bug where plugin status commands could choose the incorrect plugin if a plugin with a name that matched the same prefix existed. [GH-12194]
    • ๐Ÿ”Œ csi: Fixed a bug where volume snapshot list did not correctly filter by plugin IDs. The -plugin parameter is required. [GH-12197]
    • โฑ csi: Fixed a bug where allocations with volume claims would fail their first placement after a reschedule [GH-12113]
    • โช csi: Fixed a bug where allocations with volume claims would fail to restore after a client restart [GH-12113]
    • ๐Ÿ”Œ csi: Fixed a bug where creating snapshots required a plugin ID instead of falling back to the volume's plugin ID [GH-12195]
    • ๐Ÿ›  csi: Fixed a bug where fields were missing from the Read Volume API response [GH-12178]
    • ๐Ÿ›  csi: Fixed a bug where garbage collected nodes would block releasing a volume [GH-12350]
    • ๐Ÿ›  csi: Fixed a bug where per-alloc volumes used the incorrect ID when querying for alloc status -verbose [GH-12573]
    • โšก๏ธ csi: Fixed a bug where plugin configuration updates were not considered destructive [GH-12774]
    • ๐Ÿ”Œ csi: Fixed a bug where plugins would not restart if they failed any time after a client restart [GH-12752]
    • ๐Ÿ”Œ csi: Fixed a bug where plugins written in NodeJS could fail to fingerprint [GH-12359]
    • ๐Ÿ”Œ csi: Fixed a bug where purging a job with a missing plugin would fail [GH-12114]
    • ๐Ÿ›  csi: Fixed a bug where single-use access modes were not enforced during validation [GH-12337]
    • ๐Ÿ›  csi: Fixed a bug where the maximum number of volume claims was incorrectly enforced when an allocation claims a volume [GH-12112]
    • ๐Ÿ”Œ csi: Fixed a bug where the plugin instance manager would not retry the initial gRPC connection to plugins [GH-12057]
    • ๐Ÿ”Œ csi: Fixed a bug where the plugin supervisor would not restart the task if it failed to connect to the plugin [GH-12057]
    • ๐Ÿ›  csi: Fixed a bug where volume snapshot timestamps were always zero values [GH-12352]
    • ๐Ÿ”Œ csi: Fixed bug where accessing plugins was subject to a data race [GH-12553]
    • ๐Ÿ›  csi: fixed a bug where volume detach, volume deregister, and volume status commands did not accept an exact ID if multiple volumes matched the prefix [GH-12051]
    • ๐Ÿ”Œ csi: provide CSI_ENDPOINT environment variable to plugin tasks [GH-12050]
    • ๐Ÿ‘ท jobspec: Fixed a bug where connect sidecar resources were ignored when using HCL1 [GH-11927]
    • โšก๏ธ scheduler: fixed a bug where in-place updates on ineligible nodes would be ignored [GH-12264]
    • ๐Ÿ’ป ui: Fix the link target for CSI volumes on the task detail page [GH-11896]
    • ๐Ÿ’ป ui: fix the unit for the task row memory usage metric [GH-11980]
  • v1.1.12 Changes

    February 09, 2022

    BACKWARDS INCOMPATIBILITIES:

    • ๐Ÿ”’ ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability

    ๐Ÿ”’ SECURITY:

    • โž• Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
    • ๐Ÿ›  Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
    • Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
    • Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]
  • v1.1.11 Changes

    February 01, 2022

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
    • ๐Ÿ›  csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
    • ๐Ÿš€ csi: Fixed a bug where volume claim releases that were not fully processed before a leadership transition would be ignored [GH-11776]
    • csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]
  • v1.1.10 Changes

    January 18, 2022

    ๐Ÿ› BUG FIXES:

    • agent: Validate reserved_ports are valid to prevent unschedulable nodes. [GH-11830]
    • ๐Ÿ›  cli: Fixed a bug where the -stale flag was not respected by nomad operator debug [GH-11678]
    • client: Fixed a bug where clients would ignore the client_auto_join setting after losing connection with the servers, causing them to incorrectly fallback to Consul discovery if it was set to false. [GH-11585]
    • ๐Ÿ›  client: Fixed a memory and goroutine leak for batch tasks and any task that exits without being shut down from the server [GH-11741]
    • ๐Ÿ–จ client: Fixed host network reserved port fingerprinting [GH-11728]
    • core: Fix missing fields in Node.Copy() [GH-11744]
    • ๐Ÿ›  csi: Fixed a bug where deregistering volumes would attempt to deregister the wrong volume if the ID was a prefix of the intended volume [GH-11852]
    • ๐Ÿ›  drivers: Fixed a bug where the resolv.conf copied from the system was not readable to unprivileged processes within the task [GH-11856]
    • ๐Ÿ›  quotas (Enterprise): Fixed a bug quotas can be incorrectly calculated when nodes fail ranking. [GH-11848]
    • ๐Ÿ›  rpc: Fixed scaling policy get index response when the policy is found [GH-11579]
    • โฑ scheduler: detect, log, and emit nomad.nomad.plan.node_rejected metric when an unexpected port collision is detected [GH-11793]
    • ๐ŸŽ scheduler: Fixed a performance bug where spread and node affinity can cause a job to take longer than the nack timeout to be evaluated. [GH-11712]
    • โšก๏ธ template: Fixed a bug where templates did not receive an updated vault token if change_mode = "noop" was set in the job definition's vault stanza. [GH-11783]
  • v1.1.9 Changes

    December 13, 2021

    ๐Ÿ”’ SECURITY:

    • โšก๏ธ Updated to Go 1.16.12. Earlier versions of Go contained 2 CVEs. CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. CVE-2021-44716 could create unbounded memory growth in HTTP2 servers. Nomad servers do not use HTTP2. [GH-11662]
  • v1.1.8 Changes

    November 19, 2021

    ๐Ÿ”’ SECURITY: