v1.5.11

1.5.11 (December 07, 2023)

BREAKING CHANGES:

• core: Honor job's namespace when checking distinct_hosts feasibility [GH-19004]

SECURITY:

• build: Update to go1.21.5 to resolve Windows path validation CVE in Go [GH-19320]

BUG FIXES:

• agent: Correct websocket status code handling [GH-19172]
• api: Fix panic in Allocation.Stub method when Job is unset [GH-19115]
• cli: Fixed a panic when the nomad job restart command received an interrupt signal while waiting for an answer [GH-19154]
• cli: Fixed the nomad job restart command to create replacements for batch and system jobs and to prevent sysbatch jobs from being rescheduled since they never create replacements [GH-19147]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• core: Fix incorrect submit time for stopped jobs [GH-18967]
• ui: Fixed an issue where purging a job with a namespace did not process correctly [GH-19139]
• variables: Fixed a bug where poststop tasks were not allowed access to Variables [GH-19270]
• vault: Fixed a bug where poststop tasks would not get a Vault token [GH-19268]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.7.0-rc.1

FEATURES:

• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]
• core: Honor job's namespace when checking distinct_hosts feasibility [GH-19004]

SECURITY:

• build: Update to go1.21.4 to resolve Windows path validation CVE in Go [GH-19013]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added help text to acl bootstrap about reading the initial token from a file [GH-18961]
• cli: Added identities, networks, and volumes to the output of the operator client-state command [GH-18996]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• config: Add go-netaddrs support to server_join.retry_join [GH-18745]
• consul: constraint for minimum version of Consul increased to 1.8.0 [GH-19104]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• sso: Allow adding a token name format to auth methods which can be used to generate token names when signing in via SSO [GH-19135]
• ui: color-code node and server status cells [GH-18318]
• ui: for system and sysbatch jobs, now show client name on hover in job panel [GH-19051]
• ui: nicer comment styles in UI example jobs [GH-19037]
• ui: show plan output warnings alongside placement failures and dry-run info when running a job through the web ui [GH-19225]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

DEPRECATIONS:

• config: Loading plugins from plugin_dir without a plugin configuration block is deprecated [GH-19189]

BUG FIXES:

• agent: Correct websocket status code handling [GH-19172]
• api: Fix panic in Allocation.Stub method when Job is unset [GH-19115]
• cli: Fixed a bug that caused the nomad job restart command to miscount the allocations to restart [GH-19155]
• cli: Fixed a bug where the operator client-state command would crash if it reads an allocation without a task state [GH-18996]
• cli: Fixed a panic when the nomad job restart command received an interrupt signal while waiting for an answer [GH-19154]
• cli: Fixed the nomad job restart command to create replacements for batch and system jobs and to prevent sysbatch jobs from being rescheduled since they never create replacements [GH-19147]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• core: Fix incorrect submit time for stopped jobs [GH-18967]
• ui: Fixed an issue where purging a job with a namespace did not process correctly [GH-19139]
• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.7.0-beta.2

FEATURES:

• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]

SECURITY:

• build: Update to go1.21.4 to resolve Windows path validation CVE in Go [GH-19013]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added help text to acl bootstrap about reading the initial token from a file [GH-18961]
• cli: Added identities, networks, and volumes to the output of the operator client-state command [GH-18996]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• config: Add go-netaddrs support to server_join.retry_join [GH-18745]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• ui: color-code node and server status cells [GH-18318]
• ui: for system and sysbatch jobs, now show client name on hover in job panel [GH-19051]
• ui: nicer comment styles in UI example jobs [GH-19037]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

BUG FIXES:

• cli: Fixed a bug where the operator client-state command would crash if it reads an allocation without a task state [GH-18996]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.7.0-beta.1

FEATURES:

• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]
• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• ui: color-code node and server status cells [GH-18318]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

BUG FIXES:

• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]

v1.6.3

1.6.3 (October 30, 2023)

SECURITY:

• build: Update to Go 1.21.3 [GH-18717]

IMPROVEMENTS:

• agent: Added config option to enable file and line log detail [GH-18768]
• api: Added support for the log_include_location query parameter within the
  /v1/agent/monitor HTTP endpoint [GH-18795]
• cli: Add -prune flag to nomad operator force-leave command [GH-18463]
• cli: Added log-include-location flag to the monitor command [GH-18795]
• cli: Added log-include-location flag to the operator debug command [GH-18795]
• csi: add ability to expand the size of volumes for plugins that support it [GH-18359]
• template: reduce memory usage associated with communicating with the Nomad API [GH-18524]
• ui: observe a token's roles' rules in the UI and add an interface for managing tokens, roles, and policies [GH-17770]

BUG FIXES:

• build: Add timetzdata Go build tag on Windows binaries to embed time zone data so periodic jobs are able to specify a time zone value on Windows environments [GH-18676]
• cli: Fixed an unexpected behavior of the nomad acl token update command that could cause a management token to be downgraded to client on update [GH-18689]
• cli: Use same offset when following single or multiple alloc logs [GH-18604]
• cli: ensure HCL env vars are added to the job submission object in the job run command [GH-18832]
• client: ensure null dynamic node metadata values are removed from memory [GH-18664]
• client: prevent tasks from starting without the prestart hooks running [GH-18662]
• metrics: Fixed a bug where CPU counters could report errors for negative values [GH-18835]
• scaling: Unblock blocking queries to /v1/job/{job-id}/scale if the job goes away [GH-18637]
• scheduler (Enterprise): auto-unblock evals with associated quotas when node resources are freed up [GH-18838]
• scheduler: Ensure duplicate allocation IDs are tracked and fixed when performing job updates [GH-18873]
• server: Fixed a bug where Raft server configuration parameters were not correctly merged [GH-18494]
• services: use interpolated address when performing nomad service health checks [GH-18584]
• ui: using start/stop from the job page in the UI will no longer fail when the job lacks HCL submission data [GH-18621]

v1.5.10

1.5.10 (October 30, 2023)

SECURITY:

• build: Update to Go 1.21.3 [GH-18717]

BUG FIXES:

• build: Add timetzdata Go build tag on Windows binaries to embed time zone data so periodic jobs are able to specify a time zone value on Windows environments [GH-18676]
• cli: Fixed an unexpected behavior of the nomad acl token update command that could cause a management token to be downgraded to client on update [GH-18689]
• client: ensure null dynamic node metadata values are removed from memory [GH-18664]
• client: prevent tasks from starting without the prestart hooks running [GH-18662]
• csi: check controller plugin health early during volume register/create [GH-18570]
• metrics: Fixed a bug where CPU counters could report errors for negative values [GH-18835]
• scaling: Unblock blocking queries to /v1/job/{job-id}/scale if the job goes away [GH-18637]
• scheduler (Enterprise): auto-unblock evals with associated quotas when node resources are freed up [GH-18838]
• scheduler: Ensure duplicate allocation IDs are tracked and fixed when performing job updates [GH-18873]
• services: use interpolated address when performing nomad service health checks [GH-18584]

v1.4.14

1.4.14 (October 30, 2023)

SECURITY:

• build: Update to Go 1.21.3 [GH-18717]

BUG FIXES:

• build: Add timetzdata Go build tag on Windows binaries to embed time zone data so periodic jobs are able to specify a time zone value on Windows environments [GH-18676]
• cli: Fixed an unexpected behavior of the nomad acl token update command that could cause a management token to be downgraded to client on update [GH-18689]
• client: prevent tasks from starting without the prestart hooks running [GH-18662]
• csi: check controller plugin health early during volume register/create [GH-18570]
• metrics: Fixed a bug where CPU counters could report errors for negative values [GH-18835]
• scaling: Unblock blocking queries to /v1/job/{job-id}/scale if the job goes away [GH-18637]
• scheduler (Enterprise): auto-unblock evals with associated quotas when node resources are freed up [GH-18838]
• scheduler: Ensure duplicate allocation IDs are tracked and fixed when performing job updates [GH-18873]
• services: use interpolated address when performing nomad service health checks [GH-18584]

v1.6.2

1.6.2 (September 13, 2023)

IMPROVEMENTS:

• build: Update to Go 1.21.0 [GH-18184]
• cli: support wildcard namespaces in alloc subcommands when the -job flag is used [GH-18095]
• config: Added an option to configure how many historic versions of jobs are retained in the state store [GH-17939]
• consul/connect: Added support for DestinationPeer, DestinationType, LocalBindSocketPath, and LocalBindSocketMode in upstream block [GH-16745]
• jobspec: Add 'crons' field for multiple cron expressions [GH-17858]
• jobspec: Add new parameter render_templates for restart block to allow explicit re-render of templates on task restart. The default value is false and is fully backward compatible [GH-18054]
• jobspec: add node_pool as a valid field [GH-18366]
• raft: remove use of deprecated Leader func [GH-18352]
• status: go-getter failure reason now shown in alloc status [GH-18444]
• ui: Added configurable content security policy header [GH-18085]
• ui: adds a new Variables page to all job pages [GH-17964]
• ui: adds keyboard commands for pagination on lists using [[ and ]] [GH-18210]
• ui: sort variable key/values alphabetically by key when editing [GH-18051]
• ui: trim variable path names before saving [GH-18198]

BUG FIXES:

• acl: Fixed a bug where ACL tokens linked to ACL roles containing duplicate policies would cause erronous permission denined responses [GH-18419]
• cli: Add missing help message for the -consul-namespace flag in the nomad job run command [GH-18081]
• cli: Fix panic in alloc logs command when receiving empty stdout or stderr log frames [GH-17815]
• cli: Fixed a bug that prevented CSI volumes in namespaces other than default from being displayed in the nomad node status -verbose output [GH-17925]
• cli: Snapshot name is required in volume snapshot create command [GH-17958]
• client: Fixed a bug where the state of poststop tasks could be corrupted by client gc [GH-17971]
• client: Ignore stale server updates to prevent GCing allocations that should be running [GH-18269]
• client: return 404 instead of 500 when trying to access logs and files from allocations that have been garbage collected [GH-18232]
• core: Fixed a bug where exponential backoff could result in excessive CPU usage [GH-18200]
• csi: fixed a bug that could case a panic when deleting volumes [GH-18234]
• fingerprint: fix 'default' alias not being added to interface specified by network_interface [GH-18096]
• jobspec: Add diff for Task Group scaling block [GH-18332]
• migration: Fixed a bug where previous alloc logs were destroyed when migrating ephemeral_disk on the same client [GH-18108]
• scheduler: Fixed a bug where device IDs were not correctly filtered in constraints [GH-18141]
• services: Add validation message when tls_skip_verify is set to true on a Nomad service [GH-18333]
• ui: maintain HCL2 jobspec when using Start Job in the web ui [GH-18120]
• ui: search results are no longer overridden by sorting preferences on the jobs index page [GH-18053]

v1.5.9

1.5.9 (September 13, 2023)

IMPROVEMENTS:

• build: Update to Go 1.21.0 [GH-18184]
• raft: remove use of deprecated Leader func [GH-18352]

BUG FIXES:

• acl: Fixed a bug where ACL tokens linked to ACL roles containing duplicate policies would cause erronous permission denined responses [GH-18419]
• cli: Add missing help message for the -consul-namespace flag in the nomad job run command [GH-18081]
• cli: Fix panic in alloc logs command when receiving empty stdout or stderr log frames [GH-17815]
• cli: Fixed a bug that prevented CSI volumes in namespaces other than default from being displayed in the nomad node status -verbose output [GH-17925]
• cli: Snapshot name is required in volume snapshot create command [GH-17958]
• client: Fixed a bug where the state of poststop tasks could be corrupted by client gc [GH-17971]
• client: Ignore stale server updates to prevent GCing allocations that should be running [GH-18269]
• client: return 404 instead of 500 when trying to access logs and files from allocations that have been garbage collected [GH-18232]
• core: Fixed a bug where exponential backoff could result in excessive CPU usage [GH-18200]
• csi: fixed a bug that could case a panic when deleting volumes [GH-18234]
• fingerprint: fix 'default' alias not being added to interface specified by network_interface [GH-18096]
• jobspec: Add diff for Task Group scaling block [GH-18332]
• migration: Fixed a bug where previous alloc logs were destroyed when migrating ephemeral_disk on the same client [GH-18108]
• scheduler: Fixed a bug where device IDs were not correctly filtered in constraints [GH-18141]
• services: Add validation message when tls_skip_verify is set to true on a Nomad service [GH-18333]

v1.4.13

1.4.13 (September 13, 2023)

IMPROVEMENTS:

• build: Update to Go 1.21.0 [GH-18184]
• raft: remove use of deprecated Leader func [GH-18352]

BUG FIXES:

• acl: Fixed a bug where ACL tokens linked to ACL roles containing duplicate policies would cause erronous permission denined responses [GH-18419]
• cli: Add missing help message for the -consul-namespace flag in the nomad job run command [GH-18081]
• cli: Fixed a bug that prevented CSI volumes in namespaces other than default from being displayed in the nomad node status -verbose output [GH-17925]
• cli: Snapshot name is required in volume snapshot create command [GH-17958]
• client: Fixed a bug where the state of poststop tasks could be corrupted by client gc [GH-17971]
• client: Ignore stale server updates to prevent GCing allocations that should be running [GH-18269]
• client: return 404 instead of 500 when trying to access logs and files from allocations that have been garbage collected [GH-18232]
• core: Fixed a bug where exponential backoff could result in excessive CPU usage [GH-18200]
• csi: fixed a bug that could case a panic when deleting volumes [GH-18234]
• fingerprint: fix 'default' alias not being added to interface specified by network_interface [GH-18096]
• jobspec: Add diff for Task Group scaling block [GH-18332]
• migration: Fixed a bug where previous alloc logs were destroyed when migrating ephemeral_disk on the same client [GH-18108]
• scheduler: Fixed a bug where device IDs were not correctly filtered in constraints [GH-18141]
• services: Add validation message when tls_skip_verify is set to true on a Nomad service [GH-18333]