Skip to content

Releases: hashicorp/nomad

v1.7.6

12 Mar 10:47
Compare
Choose a tag to compare

1.7.6 (March 12, 2024)

SECURITY:

IMPROVEMENTS:

  • cli: Added -json option on job status command [GH-18925]
  • fingerprint: Added a fingerprint for Consul DNS address and port [GH-19969]

BUG FIXES:

  • cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
  • client: Fixed a bug where corrupt client state could panic the client [GH-19972]
  • cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
  • connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]
  • server: Prevent NPE when service lacks identity [GH-19986]

v1.6.9

12 Mar 10:41
Compare
Choose a tag to compare

1.6.9 (March 12, 2024)

SECURITY:

BUG FIXES:

  • cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
  • client: Fixed a bug where corrupt client state could panic the client [GH-19972]
  • cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
  • connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]

v1.5.16

12 Mar 10:33
Compare
Choose a tag to compare

1.5.16 (March 12, 2024)

SECURITY:

BUG FIXES:

  • cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
  • client: Fixed a bug where corrupt client state could panic the client [GH-19972]
  • cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
  • connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]

v1.7.5

13 Feb 16:25
Compare
Choose a tag to compare

1.7.5 (February 13, 2024)

SECURITY:

  • windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]

IMPROVEMENTS:

  • api: emit JobDeregistered event when job is deregistered with purge [GH-19903]

BUG FIXES:

  • cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
  • cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
  • client: Ensure the value for CPU shares are within the allowed range [GH-19935]
  • client: Prevent client from starting if cgroup initialization fails [GH-19915]
  • connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
  • driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
  • driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
  • driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
  • exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
  • scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
  • ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]

v1.6.8

13 Feb 16:25
Compare
Choose a tag to compare

1.6.8 (February 13, 2024)

SECURITY:

  • windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]

BUG FIXES:

  • cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
  • cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
  • connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
  • exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
  • scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
  • ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]

v1.5.15

13 Feb 16:25
Compare
Choose a tag to compare

1.5.15 (February 13, 2024)

SECURITY:

  • windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]

BUG FIXES:

  • cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
  • connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
  • exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
  • scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
  • ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]

v1.7.4

08 Feb 15:29
Compare
Choose a tag to compare

1.7.4 (February 08, 2024)

SECURITY:

  • deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
  • migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
  • template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]

v1.6.7

08 Feb 15:29
Compare
Choose a tag to compare

1.6.7 (February 08, 2024)

SECURITY:

  • deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
  • migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
  • template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]

v1.5.14

08 Feb 15:29
Compare
Choose a tag to compare

1.5.14 (February 08, 2024)

SECURITY:

  • deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
  • migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
  • template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]

v1.7.3

15 Jan 20:37
Compare
Choose a tag to compare

1.7.3 (January 15, 2024)

IMPROVEMENTS:

  • build: update to go 1.21.6 [GH-19709]
  • cgroupslib: Consider CGroups OFF when essential controllers are missing [GH-19176]
  • cli: Add new option nomad setup vault -check to help cluster operators migrate to workload identities for Vault [GH-19720]
  • consul: Add fingerprint for Consul Enterprise admin partitions [GH-19485]
  • consul: Added support for Consul Enterprise admin partitions [GH-19665]
  • consul: Added support for failures_before_warning and failures_before_critical in Nomad agent services [GH-19336]
  • consul: Added support for failures_before_warning in Consul service checks [GH-19336]
  • drivers/exec: Added support for OOM detection in exec driver [GH-19563]
  • drivers: Enable configuring a raw_exec task to not have an upper memory limit [GH-19670]
  • identity: Added vault_role to JWT workload identity claims if specified in jobspec [GH-19535]
  • ui: Added group name to allocation tooltips on job status panel [GH-19601]
  • ui: Adds a warning message to pages in the Web UI when logs are disabled [GH-18823]
  • ui: Hide token secret upon successful login [GH-19529]
  • ui: when an Action has long output, anchor to the latest messages [GH-19452]
  • vault: Add allow_token_expiration field to allow Vault tokens to expire without renewal for short-lived tasks [GH-19691]
  • vault: Nomad clients will no longer attempt to renew Vault tokens that cannot be renewed [GH-19691]

BUG FIXES:

  • acl: Fixed a bug where 1.5 and 1.6 clients could not access Nomad Variables and Services via templates [GH-19578]
  • acl: Fixed auth method hashing which meant changing some fields would be silently ignored [GH-19677]
  • auth: Added new optional OIDCDisableUserInfo setting for OIDC auth provider [GH-19566]
  • client: Fixed a bug where where the environment variable / file for the Consul token weren't written. [GH-19490]
  • consul (Enterprise): Fixed a bug where the group/task Consul cluster was assigned "default" when unset instead of the namespace-governed value
  • core: Ensure job HCL submission data is persisted and restored during the FSM snapshot process [GH-19605]
  • namespaces: Failed delete calls no longer return success codes [GH-19483]
  • rawexec: Fixed a bug where oom_score_adj would be inherited from Nomad client [GH-19515]
  • server: Fix panic when validating non-service reschedule block [GH-19652]
  • server: Fix server not waiting for workers to submit nacks for dequeued evaluations before shutting down [GH-19560]
  • state: Fixed a bug where purged jobs would not get new deployments [GH-19609]
  • ui: Fix rendering of allocations table for jobs that don't have actions [GH-19505]
  • vault: Fixed a bug that could cause errors during leadership transition when migrating to the new JWT and workload identity authentication workflow [GH-19689]
  • vault: Fixed a bug where allow_unauthenticated was enforced when a default_identity was set [GH-19585]