Releases: hashicorp/nomad
Releases · hashicorp/nomad
v1.1.17
1.1.17 (August 25, 2022)
BUG FIXES:
- client/logmon: fixed a bug where logmon cannot find nomad executable [GH-14297]
- ui: Fixed a bug that caused the allocation details page to display the stats bar chart even if the task was pending. [GH-14224]
- vault: Fixed a bug where Vault clients were recreated when the server configuration was reloaded, even if there were no changes to the Vault configuration. [GH-14298]
- vault: Fixed a bug where changing the Vault configuration
namespacefield was not detected as a change during server configuration reload. [GH-14298]
v1.3.3
1.3.3 (August 05, 2022)
IMPROVEMENTS:
- csi: Add
stage_publish_base_dirfield tocsi_pluginblock to support plugins that require a specific staging/publishing directory for mounts [GH-13919] - qemu: use shorter socket file names to reduce the chance of hitting the max path length [GH-13971]
- template: Expose consul-template configuration options at the client level for
nomad_retry. [GH-13907] - template: Templates support new uid/gid parameter pair [GH-13755]
- ui: Reorder and apply the same style to the Evaluations list page filters to match the Job list page. [GH-13866]
BUG FIXES:
- acl: Fixed a bug where the timestamp for expiring one-time tokens was not deterministic between servers [GH-13737]
- deployments: Fixed a bug that prevented auto-approval if canaries were marked as unhealthy during deployment [GH-14001]
- metrics: Fixed a bug where blocked evals with no class produced no dc:class scope metrics [GH-13786]
- namespaces: Fixed a bug that allowed deleting a namespace that contained a CSI volume [GH-13880]
- qemu: restore the monitor socket path when restoring a QEMU task. [GH-14000]
- servicedisco: Fixed a bug where non-unique services would escape job validation [GH-13869]
- ui: Add missing breadcrumb in the Evaluations page. [GH-13865]
- ui: Fixed a bug where task memory was reported as zero on systems using cgroups v2 [GH-13670]
v1.2.10
1.2.10 (August 05, 2022)
BUG FIXES:
- acl: Fixed a bug where the timestamp for expiring one-time tokens was not deterministic between servers [GH-13737]
- deployments: Fixed a bug that prevented auto-approval if canaries were marked as unhealthy during deployment [GH-14001]
- metrics: Fixed a bug where blocked evals with no class produced no dc:class scope metrics [GH-13786]
- namespaces: Fixed a bug that allowed deleting a namespace that contained a CSI volume [GH-13880]
- qemu: restore the monitor socket path when restoring a QEMU task. [GH-14000]
v1.1.16
1.1.16 (August 05, 2022)
BUG FIXES:
- acl: Fixed a bug where the timestamp for expiring one-time tokens was not deterministic between servers [GH-13737]
- deployments: Fixed a bug that prevented auto-approval if canaries were marked as unhealthy during deployment [GH-14001]
- namespaces: Fixed a bug that allowed deleting a namespace that contained a CSI volume [GH-13880]
- qemu: restore the monitor socket path when restoring a QEMU task. [GH-14000]
v1.3.2
1.3.2 (July 13, 2022)
IMPROVEMENTS:
- agent: Added delete support to the eval HTTP API [GH-13492]
- agent: emit a warning message if the agent starts with
bootstrap_expectset to an even number. [GH-12961] - agent: logs are no longer buffered at startup when logging in JSON format [GH-13076]
- api: enable setting
?chooseparameter when querying services [GH-12862] - api: refactor ACL check when using the all namespaces wildcard in the job and alloc list endpoints [GH-13608]
- api: support Authorization Bearer header in lieu of X-Nomad-Token header [GH-12534]
- bootstrap: Added option to allow for an operator generated bootstrap token to be passed to the
acl bootstrapcommand [GH-12520] - cli: Added
deletecommand to the eval CLI [GH-13492] - cli: Added
scheduler get-configandscheduler set-configcommands to the operator CLI [GH-13045] - cli: always display job ID and namespace in the
eval statuscommand [GH-13581] - cli: display namespace and node ID in the
eval listcommand and wheneval statusmatches multiple evals [GH-13581] - cli: update default redis and use nomad service discovery [GH-13044]
- client: added more fault tolerant defaults for template configuration [GH-13041]
- core: Added the ability to pause and un-pause the eval broker and blocked eval broker [GH-13045]
- core: On node updates skip creating evaluations for jobs not in the node's datacenter. [GH-12955]
- core: automatically mark clients with recurring plan rejections as ineligible [GH-13421]
- driver/docker: Eliminate excess Docker registry pulls for the
infra_imagewhen it already exists locally. [GH-13265] - fingerprint: add support for detecting kernel architecture of clients. (attribute:
kernel.arch) [GH-13182] - hcl: added support for using the
filebase64function in jobspecs [GH-11791] - metrics: emit
nomad.nomad.plan.rejection_tracker.node_scoremetric for the number of times a node had a plan rejection within the past time window [GH-13421] - qemu: add support for guest agent socket [GH-12800]
- ui: Namespace filter query paramters are now isolated by route [GH-13679]
BUG FIXES:
- api: Fix listing evaluations with the wildcard namespace and an ACL token [GH-13530]
- api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
- cli: Fixed a bug in the names of the
node drainandnode statussub-commands [GH-13656] - cli: Fixed a bug where job validate did not respect vault token or namespace [GH-13070]
- client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
- client: Fixed a bug where network.dns block was not interpolated [GH-12817]
- cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
- connect: Added missing ability of setting Connect upstream destination namespace [GH-13125]
- core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
- core: Fixed a bug where blocked eval resources were incorrectly computed [GH-13104]
- core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision.
client.reserved.reserved_portsis now merged into eachhost_network's reserved ports instead of being treated as a collision. [GH-13651] - core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
- csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable
health_timeoutfield [GH-13340] - csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
- docker: Fixed a bug where cgroups-v1 parent was being set [GH-13058]
- lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
- state: Fix listing evaluations from all namespaces [GH-13551]
- ui: Allow running jobs from a namespace-limited token [GH-13659]
- ui: Fix a bug that prevented viewing the details of an evaluation in a non-default namespace [GH-13530]
- ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
- ui: Fixed an issue where editing or running a job with a namespace via the UI would throw a 404 on redirect. [GH-13588]
- ui: fixed a bug where links to jobs with "@" in their name would mis-identify namespace and 404 [GH-13012]
- volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]
v1.2.9
1.2.9 (July 13, 2022)
BUG FIXES:
- api: Fix listing evaluations with the wildcard namespace and an ACL token [GH-13552]
- api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
- cli: Fixed a bug in the names of the
node drainandnode statussub-commands [GH-13656] - client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
- client: Fixed a bug where network.dns block was not interpolated [GH-12817]
- cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
- connect: Added missing ability of setting Connect upstream destination namespace [GH-13125]
- core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
- core: Fixed a bug where blocked eval resources were incorrectly computed [GH-13104]
- core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision.
client.reserved.reserved_portsis now merged into eachhost_network's reserved ports instead of being treated as a collision. [GH-13651] - core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
- csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable
health_timeoutfield [GH-13340] - csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
- lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
- state: Fix listing evaluations from all namespaces [GH-13551]
- ui: Allow running jobs from a namespace-limited token [GH-13659]
- ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
- volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]
v1.1.15
1.1.15 (July 13, 2022)
BUG FIXES:
- api: Fixed a bug where Consul token was not respected for job revert API [GH-13065]
- cli: Fixed a bug in the names of the
node drainandnode statussub-commands [GH-13656] - client: Fixed a bug where max_kill_timeout client config was ignored [GH-13626]
- cni: Fixed a bug where loopback address was not set for all drivers [GH-13428]
- core: Fixed a bug where an evicted batch job would not be rescheduled [GH-13205]
- core: Fixed a bug where reserved ports on multiple node networks would be treated as a collision.
client.reserved.reserved_portsis now merged into eachhost_network's reserved ports instead of being treated as a collision. [GH-13651] - core: Fixed a bug where the plan applier could deadlock if leader's state lagged behind plan's creation index for more than 5 seconds. [GH-13407]
- csi: Fixed a regression where a timeout was introduced that prevented some plugins from running by marking them as unhealthy after 30s by introducing a configurable
health_timeoutfield [GH-13340] - csi: Fixed a scheduler bug where failed feasibility checks would return early and prevent processing additional nodes [GH-13274]
- lifecycle: fixed a bug where sidecar tasks were not being stopped last [GH-13055]
- ui: Allow running jobs from a namespace-limited token [GH-13659]
- ui: Fixed a bug that prevented the UI task exec functionality to work from behind a reverse proxy. [GH-12925]
- volumes: Fixed a bug where additions, updates, or removals of host volumes or CSI volumes were not treated as destructive updates [GH-13008]
v1.3.1
1.3.1 (May 19, 2022)
SECURITY:
- A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]
BUG FIXES:
- agent: fixed a panic on startup when the
server.protocol_versionconfig parameter was set [GH-12962]
v1.2.8
1.2.8 (May 19, 2022)
SECURITY:
- A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]
v1.1.14
1.1.14 (May 19, 2022)
SECURITY:
- A vulnerability was identified in the go-getter library that Nomad uses for its artifacts such that a specially crafted Nomad jobspec can be used for privilege escalation onto client agent hosts. CVE-2022-30324 [GH-13057]