Releases: hashicorp/nomad
Releases · hashicorp/nomad
v1.7.7
1.7.7 (April 16, 2024)
SECURITY:
- artifact: Updated
go-getterdependency to v1.7.4 to address CVE-2024-3817 [GH-20391]
IMPROVEMENTS:
- autopilot: add Enterprise health information to autopilot API [GH-20153]
- cli: Collect only one heap profile per
operator debuginterval [GH-20219] - consul/connect: Added support for TLS configuration, headers configuration, and request limit configuration to ingress service block [GH-16753]
- consul/connect: Added support for destination partition in
upstreamblock [GH-20167] - scheduler: Record exhausted node metrics for devices when preemption fails to find an allocation to evict [GH-20346]
- ui: When you re-bind keyboard shortcuts they now correctly show up in shift-held hints [GH-20235]
BUG FIXES:
- agent: allow configuration of in-memory telemetry sink [GH-20166]
- api: Fixed a bug where
AllocDirStatsfield was missing from Read Stats client API [GH-20261] - cli: Fixed a bug where
operator debugdid not respect the-pprof-intervalflag and would take only one profile [GH-20206] - cni: Fixed a regression where default DNS set by
dockerdor other task drivers was not respected [GH-20189] - config: Fixed a bug where IPv6 addresses were not accepted without ports for
client.serversblocks [GH-20324] - consul: Fixed a bug where services with interpolation would not get correctly signed Workload Identities [GH-20344]
- deployments: Fixed a goroutine leak when jobs are purged [GH-20348]
- deps: Updated consul-template dependency to 0.37.4 to fix a resource leak [GH-20234]
- docker: Fixed a bug where cpuset cgroup would not be updated on cgroup v1 systems [GH-20294]
- docker: Fixed a bug where cpuset would not be updated on cgroup v2 systems using cgroupfs [GH-20276]
- drain: Fixed a bug where Workload Identity tokens could not be used to drain a node [GH-20317]
- namespace/node pool: Fixed a bug where the
-regionflag would not be respected for namespace and node pool updates if ACLs were disabled [GH-20220] - state: Fixed a bug where restarting a server could fail if the Raft logs include a drain update that used a now-expired token [GH-20317]
- template: Fixed a bug where a partial
client.templateblock would cause defaults for unspecified fields to be ignored [GH-20165] - ui: Fix an issue where the job status box would error if an allocation had no task events [GH-20383]
v1.6.10
1.6.10 (April 16, 2024)
SECURITY:
- artifact: Updated
go-getterdependency to v1.7.4 to address CVE-2024-3817 [GH-20391]
BUG FIXES:
- api: Fixed a bug where
AllocDirStatsfield was missing from Read Stats client API [GH-20261] - cli: Fixed a bug where
operator debugdid not respect the-pprof-intervalflag and would take only one profile [GH-20206] - cni: Fixed a regression where default DNS set by
dockerdor other task drivers was not respected [GH-20189] - config: Fixed a bug where IPv6 addresses were not accepted without ports for
client.serversblocks [GH-20324] - deployments: Fixed a goroutine leak when jobs are purged [GH-20348]
- deps: Updated consul-template dependency to 0.37.4 to fix a resource leak [GH-20234]
- drain: Fixed a bug where Workload Identity tokens could not be used to drain a node [GH-20317]
- namespace/node pool: Fixed a bug where the
-regionflag would not be respected for namespace and node pool updates if ACLs were disabled [GH-20220] - state: Fixed a bug where restarting a server could fail if the Raft logs include a drain update that used a now-expired token [GH-20317]
- template: Fixed a bug where a partial
client.templateblock would cause defaults for unspecified fields to be ignored [GH-20165] - ui: Fix an issue where the job status box would error if an allocation had no task events [GH-20383]
v1.5.17
1.5.17 (April 16, 2024)
SECURITY:
- artifact: Updated
go-getterdependency to v1.7.4 to address CVE-2024-3817 [GH-20391]
BUG FIXES:
- api: Fixed a bug where
AllocDirStatsfield was missing from Read Stats client API [GH-20261] - cli: Fixed a bug where
operator debugdid not respect the-pprof-intervalflag and would take only one profile [GH-20206] - cni: Fixed a regression where default DNS set by
dockerdor other task drivers was not respected [GH-20189] - config: Fixed a bug where IPv6 addresses were not accepted without ports for
client.serversblocks [GH-20324] - deployments: Fixed a goroutine leak when jobs are purged [GH-20348]
- deps: Updated consul-template dependency to 0.37.4 to fix a resource leak [GH-20234]
- drain: Fixed a bug where Workload Identity tokens could not be used to drain a node [GH-20317]
- state: Fixed a bug where restarting a server could fail if the Raft logs include a drain update that used a now-expired token [GH-20317]
- template: Fixed a bug where a partial
client.templateblock would cause defaults for unspecified fields to be ignored [GH-20165]
v1.7.6
1.7.6 (March 12, 2024)
SECURITY:
- build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
- deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]
IMPROVEMENTS:
- cli: Added -json option on job status command [GH-18925]
- fingerprint: Added a fingerprint for Consul DNS address and port [GH-19969]
BUG FIXES:
- cli: Fixed a bug where the
nomad job restartcommand could crash if the job type was not present in a response from the server [GH-20049] - client: Fixed a bug where corrupt client state could panic the client [GH-19972]
- cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
- connect: Fixed a bug where
exposeblocks would not appear injob plandiff output [GH-19990] - server: Prevent NPE when service lacks identity [GH-19986]
v1.6.9
1.6.9 (March 12, 2024)
SECURITY:
- build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
- deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]
BUG FIXES:
- cli: Fixed a bug where the
nomad job restartcommand could crash if the job type was not present in a response from the server [GH-20049] - client: Fixed a bug where corrupt client state could panic the client [GH-19972]
- cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
- connect: Fixed a bug where
exposeblocks would not appear injob plandiff output [GH-19990]
v1.5.16
1.5.16 (March 12, 2024)
SECURITY:
- build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
- deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]
BUG FIXES:
- cli: Fixed a bug where the
nomad job restartcommand could crash if the job type was not present in a response from the server [GH-20049] - client: Fixed a bug where corrupt client state could panic the client [GH-19972]
- cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
- connect: Fixed a bug where
exposeblocks would not appear injob plandiff output [GH-19990]
v1.7.5
1.7.5 (February 13, 2024)
SECURITY:
- windows: Remove
LazyDLLcalls for system modules to harden Nomad against attacks from the host [GH-19925]
IMPROVEMENTS:
- api: emit
JobDeregisteredevent when job is deregistered withpurge[GH-19903]
BUG FIXES:
- cli: Fix return code when
nomad job runsucceeds after a blocked eval [GH-19876] - cli: Fixed a bug where the
nomad tls ca createcommand failed when the-domainwas used without other values [GH-19892] - client: Ensure the value for CPU shares are within the allowed range [GH-19935]
- client: Prevent client from starting if cgroup initialization fails [GH-19915]
- connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
- driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
- driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
- driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
- exec: Fixed a bug in
alloc execwhere closing websocket streams could cause a panic [GH-19932] - scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
- ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
v1.6.8
1.6.8 (February 13, 2024)
SECURITY:
- windows: Remove
LazyDLLcalls for system modules to harden Nomad against attacks from the host [GH-19925]
BUG FIXES:
- cli: Fix return code when
nomad job runsucceeds after a blocked eval [GH-19876] - cli: Fixed a bug where the
nomad tls ca createcommand failed when the-domainwas used without other values [GH-19892] - connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
- exec: Fixed a bug in
alloc execwhere closing websocket streams could cause a panic [GH-19932] - scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
- ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
v1.5.15
1.5.15 (February 13, 2024)
SECURITY:
- windows: Remove
LazyDLLcalls for system modules to harden Nomad against attacks from the host [GH-19925]
BUG FIXES:
- cli: Fix return code when
nomad job runsucceeds after a blocked eval [GH-19876] - connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
- exec: Fixed a bug in
alloc execwhere closing websocket streams could cause a panic [GH-19932] - scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
- ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
v1.7.4
1.7.4 (February 08, 2024)
SECURITY:
- deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
- migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
- template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]