Releases: hashicorp/nomad
Releases · hashicorp/nomad
v1.9.1
1.9.1 (October 21, 2024)
IMPROVEMENTS:
- cli: Added synopsis for
operator rootandoperator gossipcommand [GH-23671] - cli: Updated example job specifications in nomad job init [GH-24232]
BUG FIXES:
- consul: Fixed a bug where broken Consul ACL tokens could block registration and deregistration of services and checks [GH-24166]
- consul: Fixed a bug where service deregistration could fail because Consul ACL tokens were revoked during allocation GC [GH-24166]
- docker: Always negotiate API version when initializing clients [GH-24237]
- docker: Fix incorrect auth parsing for private registries [GH-24215]
- docker: Fixed a bug where alloc exec could leak a goroutine [GH-24244]
- docker: Fixed a bug where alloc exec with stdin would hang [GH-24202]
- docker: Fixed a bug where task CPU stats were reported incorrectly [GH-24229]
- heartbeat: Fixed a bug where failed nodes would not be marked down [GH-24241]
- scheduler: fixes reconnecting allocations not getting picked correctly when replacements failed [GH-24165]
- ui: Fix an issue where a dropdown on the variables page would appear underneath table headers [GH-24162]
- ui: Put a max-width on token name so it doesn't collide with the search box in the top nav [GH-24240]
- windows: Fixed a bug where a crashed executor would orphan task processes [GH-24214]
v1.8.5 (Enterprise)
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
IMPROVEMENTS:
- cli: Increase default log level and duration when capturing logs with
operator debug[GH-23850]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- cli: Fixed a bug in job status command where -t would act as though -json was also set [GH-24054]
- licensing: Fixed a bug where environment variable to opt-out of reporting was not respected
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- task: adds node.pool attribute to interpretable values in task env [GH-24052]
- template: Fixed a panic on client restart when using change_mode=script [GH-24057]
v1.7.13 (Enterprise)
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- cli: Fixed a bug in job status command where -t would act as though -json was also set [GH-24054]
- licensing: Fixed a bug where environment variable to opt-out of reporting was not respected
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- template: Fixed a panic on client restart when using change_mode=script [GH-24057]
v1.9.0
1.9.0 (October 10, 2024)
BREAKING CHANGES:
- heartbeats: clients older than 1.6.0 will fail heartbeats to 1.9.0+ servers [GH-23838]
- jobspec: Removed support for HCLv1 [GH-23912]
- services: Clients older than 1.5.0 will fail to read Nomad native services via template blocks [GH-23910]
- tls: Removed deprecated
tls.prefer_server_cipher_suitesfield from agent configuration [GH-23712]
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
IMPROVEMENTS:
- cli: Added redaction options to operator snapshot commands [GH-24023]
- cli: Increase default log level and duration when capturing logs with
operator debug[GH-23850] - deps: Upgraded yamux to v0.1.2 to fix a bug where RPC connections could deadlock [GH-24058]
- docker: Use official docker SDK instead of a 3rd party client [GH-23966]
- identity: Added filepath parameter to identity block for persisting workload identities [GH-24038]
- jobs: Added Version Tags to job versions, to prevent them from being garbage collected and allow for diffs [GH-24055]
- keyring: Stored wrapped data encryption keys in Raft [GH-23977]
- metrics: introduce client config to include alloc metadata as part of the base labels [GH-23964]
- networking: Added an option to ignore static port collisions when scheduling, for programs that use the SO_REUSEPORT unix socket option [GH-23956]
- networking: IPv6 can now be enabled on the Nomad bridge network mode [GH-23882]
- quotas (Enterprise): Added the possibility to set device count limits [GH-23894]
- raft: Bump raft to v1.7.1 which includes pre-vote. This should make servers more stable after network partitions [GH-24029]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- cli: Fixed a bug in job status command where -t would act as though -json was also set [GH-24054]
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- task: adds node.pool attribute to interpretable values in task env [GH-24052]
- template: Fixed a panic on client restart when using change_mode=script [GH-24057]
- ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had wildcard namespace variable write permissions [GH-24073]
v1.9.0-beta.2
SECURITY:
- security: Fixed a bug in client FS API where the check to prevent reads from the secrets dir could be bypassed on case-insensitive file systems [GH-24125]
IMPROVEMENTS:
- metrics: introduce client config to include alloc metadata as part of the base labels [GH-23964]
BUG FIXES:
- bug: Allow client template config block to be parsed when using json config [GH-24007]
- scaling: Fixed a bug where scaling policies would not get created during job submission unless namespace field was set in jobspec [GH-24065]
- state: Fixed a bug where compatibility updates for node topology for nodes older than 1.7.0 were not being correctly applied [GH-24127]
- ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had wildcard namespace variable write permissions [GH-24073]
v1.9.0-beta.1
BREAKING CHANGES:
- heartbeats: clients older than 1.6.0 will fail heartbeats to 1.9.0+ servers [GH-23838]
- jobspec: Removed support for HCLv1 [GH-23912]
- services: Clients older than 1.5.0 will fail to read Nomad native services via template blocks [GH-23910]
- tls: Removed deprecated
tls.prefer_server_cipher_suitesfield from agent configuration [GH-23712]
IMPROVEMENTS:
- cli: Added redaction options to operator snapshot commands [GH-24023]
- cli: Increase default log level and duration when capturing logs with
operator debug[GH-23850] - deps: Upgraded yamux to v0.1.2 to fix a bug where RPC connections could deadlock [GH-24058]
- docker: Use official docker SDK instead of a 3rd party client [GH-23966]
- identity: Added filepath parameter to identity block for persisting workload identities [GH-24038]
- jobs: Added Version Tags to job versions, to prevent them from being garbage collected and allow for diffs (GH-24055)
- keyring: Stored wrapped data encryption keys in Raft [GH-23977]
- networking: Added an option to ignore static port collisions when scheduling, for programs that use the SO_REUSEPORT unix socket option [GH-23956]
- networking: IPv6 can now be enabled on the Nomad bridge network mode [GH-23882]
- quotas (Enterprise): Added the possibility to set device count limits [GH-23894]
- raft: Bump raft to v1.7.1 which includes pre-vote. This should make servers more stable after network partitions [GH-24029]
BUG FIXES:
v1.7.12 (Enterprise)
v1.6.15 (Enterprise)
BREAKING CHANGES:
- docker: The default infra_image for pause containers is now registry.k8s.io/pause [GH-23927]
IMPROVEMENTS:
- build: update to go1.22.6 [GH-23805]
- cli: Increase default log level and duration when capturing logs with
operator debug[GH-23850]
BUG FIXES:
- node: Fixed bug where sysbatch allocations were started prematurely [GH-23858]
v1.8.4
1.8.4 (September 17, 2024)
BREAKING CHANGES:
- docker: The default infra_image for pause containers is now registry.k8s.io/pause [GH-23927]
IMPROVEMENTS:
- build: update to go1.22.6 [GH-23805]
- cgroups: Allow clients with delegated cgroups check that required cgroup v2 controllers exist [GH-23803]
- docker: Disable cpuset management for non-root clients [GH-23804]
- identity: Added support for server-configured additional claims on the Vault default_identity block [GH-23675]
- namespaces: Allow enabling/disabling allowed network modes per namespace [GH-23813]
- ui: Badge added for Scaled Down jobs [GH-23829]
DEPRECATIONS:
- api: the JobParseRequest.HCLv1 field will be removed in Nomad 1.9.0 [GH-23913]
- jobspec: using the -hcl1 flag for HCLv1 job specifications will now emit a warning at the command line. This feature will be removed in Nomad 1.9.0 [GH-23913]
BUG FIXES:
- identity: Fixed a bug where dispatch and periodic jobs would have their job ID and not parent job ID used when creating the subject claim [GH-23902]
- identity: Fixed a bug where dispatch and periodic jobs would have their job ID and not parent job ID used when interpolating vault.default_identity.extra_claims [GH-23817]
- node: Fixed bug where sysbatch allocations were started prematurely [GH-23858]
- ui: Fix an issue where cmd+click or ctrl+click would double-open a job [GH-23832]
v1.8.3
1.8.3 (August 13, 2024)
SECURITY:
- security: Fix symlink escape during unarchiving by removing existing paths within the same allocdir. Compromising the Nomad client agent at the source allocation first is a prerequisite for leveraging this issue. [GH-23738]
IMPROVEMENTS:
- acl: Submitting a policy with a leading
/in a variable path will now return an error to prevent improperly working policies. [GH-23757] - cli: Added option to return original HCL in
job inspectcommand [GH-23699] - cli: Added support for updating the roles for an ACL token [GH-18532]
- cli:
acl token createwill now emit a warning if the token has a policy that does not yet exist [GH-16437] - keyring: Added support for encrypting the keyring via Vault transit or external KMS [GH-23580]
- keyring: Added support for prepublishing keys [GH-23577]
- metrics: Added
client.tasksmetrics to track task states [GH-23773] - resources: Added
resources.secretsfield to configure size of secrets directory on Linux [GH-23696] - tls: Allow setting the
tls_min_versionfield to"tls13"[GH-23713] - ui: added a Pack badge to the jobs index page for jobs run via Nomad Pack [GH-23404]
BUG FIXES:
- api: Fixed a bug where an
api.Configtargeting a unix domain socket could not be reused between clients [GH-23785] - cni: .conf and .json config files are now parsed properly [GH-23629]
- cni: network.cni jobspec updates now replace allocs to apply the new network config [GH-23764]
- docker: Fixed a bug where plugin SELinux labels would conflict with read-only
volumeoptions [GH-23750] - identity: Fixed a bug where a missing default task identity could panic the leader [GH-23763]
- keyring: Fixed a bug where keys could be garbage collected before workload identities expire [GH-23577]
- keyring: Fixed a bug where keys would never exit the "rekeying" state after a rotation with the
-fullflag [GH-23577] - keyring: Fixed a bug where periodic key rotation would not occur [GH-23577]
- networking: The same static port can now be used more than once on host networks with multiple IPs [GH-23693]
- scaling: Fixed a bug where state store corruption could occur when writing scaling events [GH-23673]
- template: Fixed a bug where change_mode = "script" would not execute after a client restart [GH-23663]
- ui: Fixed storage/plugin 404s by unescaping a slash character in the request URL [GH-23625]
- windows: Fix bug with containers capabilities on Docker CE [GH-23599]