Releases: portainer/portainer
Release 2.1.0
2.1.0
The long awaited support for compose version > v2 on docker standalone is here (for LinuxAMD64 & WindowsAMD64). Compose > v2 with docker standalone on ARM is not quite ready, but progress can be tracked here
Known issues:
Windows standalone users should be aware of this issue
Docker:
- Introduced support for compose version > v2 on docker standalone environments (LinuxAMD64, WindowsAMD64 only): #3750
- Introduced support for compose version 3.8 on docker swarm environments: #3206
Kubernetes:
- Added advanced deployment panel to each resource list view: #4505
- Added a warning in the placement tab when an application can't be scheduled on the cluster: #4507
- Show access policy associated to the storage of a volume: #4402
- Prevent mixing protocols with load balancer: #4369
- Fixed issue where creating resources with a username longer that 63 chars fails: #4605
- Fixed issue where creating resources with a username containing special characters fails: #4608
- Fixed issue where you are unable to apply a note to a pod type application: #4607
- Fixed issue with advanced deployment failing on ARM: #4473
- Fixed issue where adding key an in-use configuration will throw an error when editing the application using it: #4548
- Fixed issue where created attribute of resource pool showed time viewing it and not time it was created: #4568
- Fixed issue with connectivity to kubernetes edge endpoints: #4487
Stacks:
- Fixed issue where stacks created via API are incorrectly marked as private with no owner: #3721
- Show created and updated information for stacks: #3889
Services:
- Fixed issue in service creation view where switching to bind mode with volume selected fills host field with [object Object]: #4615
Images:
- Show image labels in image details view: #3462
DB:
- Fixed issue where portainer is unable to start when UserSessionTimeout is not set in DB: #4523
UX:
- Improved kubernetes configurations UX/UI: #4604
- Changed location of create template button in stack details view: #4424
- Make it clear advanced mode does not work with private registries: #3493
- Rename restrict access to external network label to make its purpose clearer: #3521
- Improve readability of warnings in kubernetes application/create views: #4552
- Clarify ingress controller setting does not deploy ingress in cluster setup view: #4535
- Clarify what type of resource is created via sensitive configuration creation: #4534
- Hide/de-emphasize internal login when OAuth is enabled: #3065
- Removed unecessary whitespace in kubernetes stacks and storage datatables: #4501
- Fixed issue where version is not shown after update in sidebar until the user re-logs: #4283
Registries:
- Fixed issue where updating registry without changing password corrupted the credentials: #4632
Build:
- Fixed issue where incorrect arch was used when building some images: #4663
Project/Dependencies:
Release 2.0.1
2.0.1
This release focuses on key bugfixes and brings some small & much needed features.
UAC
- Fixed issue where owner of a resource is deleted even if deletion failed: #4463
Endpoints
- Added the ability to start Portainer without specifying an endpoint: #4404
- Added deployment instructions for windows to agent endpoint creation view: #4421
- Added deployment instructions for windows to edge agent endpoint creation view: #4420
Kubernetes
- Added the ability to see and manage 'naked pods': #4011
- Added confirmation when deleting applications or configurations: #4491
- Clarified create configuration from file button: #4504
- Clarified advanced deployment feature: #4533
- Enhanced the instance count UX in application create/edit views: #4489
- Fixed issue where updating a sensitive configuration marks it as external with no owner: #4502
- Fixed issue where refreshing the application details view with the YAML tab active incorrectly selected a different tab: #4488
- Fixed issue where system labels were not shown first in the node details view: #4390
- Fixed issue where the load balancer panel was incorrectly showing a dropdown with only 1 port exposed: #4490
- Fixed issue where configuration keys exposed over filesystem were not applied: #4547
- Fixed issue where accessing cluster config expanded the endpoint item in sidebar: #4492
- Fixed issue with invalid form validation in configuration creation view: #4553
- Fixed issue preventing creation of resources if a username is an email address: #4595
- Fixed issue with viewing the details of a configuration containing binary data: #4503
UX
- Added visual cues for BE specific features: #4558
- Fixed issue where editing a stack and clearing content incorrectly hid the tab: #4470
- Fixed issue where selecting container & filtering throws off selection count: #3741
Volumes
- Added confirmation modal when deleting volumes: #4563
- Added validation to prevent adding empty mount to an existing service: #3727
Configs
- Fixed issue with loading configs when one or more contains binary data: #4101
Logs
- Added ability to download service or container logs: #4269
MISC
- Fixed broken contribution link: #4581
Release 2.0.0
2.0
Kubernetes support has landed! You can now manage the deployment of applications atop Kubernetes clusters using the familiar Portainer UX. This release is a big one & introduces a total of 101 changes to Portainer, meaning it needs to be tested in your environment before upgrading your production instances of Portainer 1.xx to Portainer 2.0.
NOTE: There are a number of breaking changes, and changes to functionality that require analysis, specifically a re-engineering of the application templates feature, removal of support for VMWare VIC, and removal of support for externally defined endpoints.
IF YOU ARE RUNNING A "HISTORIC" VERSION OF PORTAINER (IE OLDER AND 1.23.X) PLEASE EITHER FIRST UPGRADE TO 1.24.1 AND/OR BACKUP YOUR PORTAINER.DB FILE BEFORE ATTEMPTING TO UPGRADE TO CE 2.0; THERE ARE REPORTED ISSUES OF DB CORRUPTION WHEN ATTEMPTING TO UPGRADE FROM SUCH AND OLD VERSION TO LATEST IN ONE STEP.
Breaking Changes:
- We have released CE 2.0 as
portainer/portainer-ceto ensure auto-updaters (like watchtower) don't expose users to risks by automatically updating on release. - Extensions have now been removed; there is now no ability to use RBAC, Registry Manager, or External Authentication extensions in CE 2.0 (Extension customers will be communicated directly with a free license for the upcoming Portainer Business Edition). EXTENSION USERS, DO NOT UPGRADE TO PORTAINER CE 2.0
- Port 8000 is now exposed by default. Reverse proxy configurations that don't specify a port for the load balancer will now likely need to do so: #3963
- The
--no-authflag was removed as part of support for setting a custom timeout: #3846 - Support for external endpoints has been removed along with the
--external-endpointsflag. WARNING: migrating to this version with external endpoints defined will render them un-manageable: #3832 - Support for VIC environments has been removed: #3834
- The
--no-snapshotflag has been removed, instances migrating with this flag will revert to default snapshot interval: #3804 - Host jobs are now an edge-exclusive feature: #3745
- The
--no-analyticsflag will be kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect. - Changed templates syntax to support versioning, a migration tool can be found here for your convenience: #3708
- The
--sync-intervalflag was removed as part of the removal of external endpoints: #3832 - Removed template management features & the
--templates-fileflag. NOTE: Users will no longer be able to create container templates via UI: #3707
Security:
- Enforced the security setting "disable the use of bind mounts" when set via API: #4106
- Disabled Container Capabilities for non-admins: #4105
- Enforce use of TLS 1.2 and recommended ciphers: #4070
- Prevent non-admin users from running containers using the host namespace PID: #4068
- Added a setting to disable the creation of stacks by non-admin users: #4067
- Added a setting to disable device mapping by non admin users: #4066
- Ensure users cannot create privileged containers via the API: #4065
- Disabled ability for a regular user to re-create/edit/duplicate containers if a related security setting is enabled: #4069
Kubernetes:
- Introduce support for Kubernetes: #1637
- Added the ability to apply taints and labels to nodes: #4005
- Added the ability to expose an application via ingress: #4004
- Added the ability to set placement constraints/preferences when deploying/editing an application: #4003
- Added the ability to set the auto-scale policy of an application: #4002
- Added the ability to use existing volumes when creating an application: #4001
- Added the ability to download application/stack logs: #3998
- Added support for multi-container pod applications: #4010
- Added a link to the kubernetes endpoint configuration in the sidebar: #4179
- Added checks when reducing the Quota assigned to a RP: #4144
- Added form validation for placement constraints: #4213
- Enhanced the used by column for volumes: #4012
- Allow an administrator user to see which node the API is running on: #3996
- Allow an administrator user to see which node hosts the leader components for
kube-schedulerandkube-controller-manager: #3995 - Allow an administrator user to see the status of the underlying cluster components: #3992
- Allow any user to see the provisioner associated to any volume: #3997
- Allow any user to inspect the tolerations and affinities associated to an application deployed inside or outside of Portainer: #3994
- Allow any user to see the underlying workload associated to an application: #3993
- Allow any user to see how an application (deployed inside or outside of Portainer) is exposed through an Ingress resource: #3991
- Allow any user to inspect the auto-scaling policy (if any) associated to an application deployed inside or outside of Portainer.: #3989
- Allow any user to see which application is using a volume directly in the volume list view: #3988
- Allow any user to list all the storage used in their cluster with the total size used for each storage.: #3999
- Prevent resource assignment when editing a resource pool, if not permitted at creation time: #4206
- Prevent admins from making changes to "system" namespaces: #4145
- Prevent deployment/editing of resources inside a system namespace: #4000
- Prevent submitting invalid data via environment variables: #4045
- Fixed port mapping not showing in the port mapping datatable: #3990
- Fixed enabling auto-scaling policy on an application so as to default to the current instance count: #4183
- Fixed LDAP Auth not working with underscore Usernames: #4141
- Removed the kubernetes RC banner: #4204
Analytics:
- Replaced Google Analytics with our own custom telemetry leveraging Matomo: #3742
After careful consideration of GDPR rules and the GDPR compliance recommendations provided by Matomo (the telemetry tool we are using for analytics) it was determined we will use the opt-out data collection mechanism. The reason for this assessment is that we are not collecting ANY personally identifiable data (all data is anonymized), and the data we collect is solely for our Legitimate business interests, and is not sold or provided to any 3rd parties.
For the sake of clarity, we do not collect ANY user identifiable or personal information at any time, all statistics collected are anonymous and we have no way of identifying the Portainer instances reporting, nor the users using the application.
PLEASE ALSO NOTE: The --no-analytics flag will be kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.
For more information, please refer to our updated privacy policy
Authentication & UAC:
- Integrated the external authentication extension: #4150
- Ensure a unique identifier for volumes and UAC: #3869
- Add the ability to set a custom user session timeout: #3846
- Allow setting access on gitlab registries when there are multiple defined: #3839
- Remove the code snippet associated to authentication login retry: #3516
Home & Dashboard:
- Fixed error thrown when moving from app templates view to home view & endpoints not loaded: https://github.com/portainer/portainer...
Release 1.24.1
1.24.1
This release focuses on security, with multiple fixes as well as the introduction of new administrative security settings.
Security
- Disable the ability to re-create/edit/duplicate a container, if related security setting is enabled: #4032
- Add a setting to disable device mapping for non admin users: #3958
- Prevent non-admin users from running containers with host namespace pid: #3936
- Ensure users cannot create privileged containers via the API: #3931
- Add a setting to disable the creation of stacks for non-admin users: #3930
- Use TLS1.2 protocol when running Portainer with
--ssl: #2359
Deprecated features reminder
The following features are considered deprecated in 1.24.* versions, and will be removed in a future version of Portainer. They will no longer receive enhancements or support. Refer to our documentation for up-to-date removal information.
--external-endpoints--sync-interval--no-auth--templates-file--no-snapshot
Extensions
- Add the ability to update an expired license with a new valid license: #4080
Cookies
- Remove cookie usage to comply with upcoming sameSite change in FireFox: #3847
- Change filters from cookies to local storage to avoid sending large requests: #3190
Containers
- Fix table sort reverting to default setting: #3049
Registry Manager
- Correctly hide empty GitLab repositories after deleting them via RM extension: #3760
Release 1.24.0
1.24.0
Breaking changes
As a result of adding support for IPv6 (#957), and that a container will now likely have more than one IP, we have removed the container IP address column in the containers view. You now must click on the container name to get the IP addresses that have been assigned to it.
Deprecated features
The following features are considered deprecated in 1.24.* versions, and will be removed in a future version of Portainer. They will no longer receive enhancements or support. Refer to our documentation for up-to-date removal information.
--external-endpoints--sync-interval--no-auth--templates-file--no-snapshot
Deprecation notices added via: #3825
Security
- Prevent a non admin user from using the volume browsing feature while disabled: #3662
Edge
- Introduce Edge stacks, Edge Groups, and Edge Templates: #3731
Endpoints
- Enhanced UX for tag management: #3630
Containers
Services
- Prevent setting the replica count to less than 1 via input: #3652
Network
- IPv6 networking (bridge and macvlan drivers) for containers: #957
- Remove the ability to create a null/host network: #3754
Templates
- Fix an issue allowing a user to mount a volume without having access to it: #3848
Volumes
API
- Depreciated CLI options warnings: #3825
Stacks
Minor changes
Release 1.23.2
1.23.2
This release introduces the new support offerings & a few bug fixes.
Docker/Libcompose bugs that may affect you
In release testing, we discovered several bugs with Docker & the Libcompose library which will affect you if you wish to use Portainer/Portainer agent on Windows. You can read more about these in our blog post.
Authentication
- Fixed issue where LDAP user provisioning did not correctly apply permissions: #3532
Containers
- Fixed issue where containers in certain states are not shown: #3146
- Prevent error shown when creating a container on windows: #2681
Support
- Add new support offerings to the support view: #3607
Minor changes
Release 1.23.1
1.23.1
This release reduces the required API version of the software to revert the breaking changes with snapshots and web-hooks introduced in v1.23 and also brings changes to improve user experience.
Docker version backwards compatibility
- Reduced the required API version to support Docker versions > 18.03: #3457
Ownership
- Fixed an issue where non-admins could not manage resources associated to services they own: #3453
Authentication
- Bring support for Anonymous LDAP binding: #3443
Containers
- Introduce container healthcheck information to the home and dashboard views: #3488
- Add support for DNS declaration in container creation view: #2726
Templates
- Fixed minor issue with volume drop-down selector in template deployment: #3501
Configs
- Add support for unicode characters in configs: #3439
Improved User Experience
- Teams and users are now sorted alphabetically in drop-down selectors: #3385
- Fixed an issue with the services list where clicking a services check-box makes the related tasks show: #3063
- Disable/Hide elements in the UI that are not useful to Helpdesk or Readonly RBAC users: #3421
- Added a suggestion for git accounts with 2FA to use personal-access tokens in stack deploy view: #3464
- Corrected improper grammar in access control elements: #3525
- Removed redundant port declaration from edge-agent commands in UI: #3466
Minor Changes
- Add dependency management to the back-end of Portainer: #3413
Release 1.23.0
1.23.0
This release introduces a rework of ownership, several improvements to RBAC as well as an overhaul for the registry browse and push/pull functionality (including support for Gitlab registries).
Breaking Changes
-
Required Docker API version was incremented as part of the ownership rewrite, this is a breaking change of snapshots and offline mode for users who manage any endpoints with a Docker API version < 1.40. If you don't require snapshots & offline mode for any of the endpoints you manage, then it is recommended to upgrade for security improvements included in this release. More info in this issue: #3457
-
The push/pull rewrite introduces a potential breaking change of the registry management extension & push/pull functionality for users with a Docker API version < 1.28.
You can find which API version an endpoint has within the Swarm view (for swarm endpoints) or Host view (for non-swarm endpoints).
Known issues
If you are on an older API version and are running Portainer as a container, then Portainer may log an API version error each time a snapshot is run (default is every 5 minutes). A workaround is to increase the time between snapshots, this can be adjusted in Portainer settings.
Security
- Fixed an invalid check with previous mitigation of security issue: #3224
- Avoid logging password hash when admin password is set: #2844
- Fixed issue where a non-admin creating volume with same name as an admin-only stack gives them ownership: #3273
Ownership, RBAC & Authentication
- Fixed issue where administrator stacks show as limited for RBAC users: #3348
- Fixed issue where permissions weren't updated on team deletion: #3298
- Fixed issue where an RBAC user removing a service makes related stack disappear for all RBAC users: #3351
- Fixed issue where endpoint-admins cannot manage resources restricted to other users: #3346
- Fixed issue where restricted stack shows assigned to administrators for other non-admin users: #3352
- Fixed issue where a user in a helpdesk team & standard team results in read-only: #3366
- Fixed issue where disabling the RBAC extension leaves users with previous role's abilities: #3344
- Fixed issue where endpoint admin & standard RBAC users can't attach to containers: #3347
- Fixed issue where RBAC users lose their abilities after a page refresh: #3338
- Fixed issue where RBAC doesn't assign permissions to newly autoprovisioned users: #3427
- Clean up browser cache on session expired: #3300
- Allow setting access control rules via service labels: #1257
Registries
- Overhaul of the registry push/pull feature: #3122
- Introduce debugging for registry management configuration: #3269
- Support Gitlab registry with registry manager extension: #2956
- Remove unneeded checkboxes in repositories list when using registry manager: #2836
- Performance improvement of the registry manager: #2958
- Fixed issue where Portainer was unable to fetch tags from a local registry: #2879
- Allow inspect of layers of images in a private registry: #2808
Extensions
- Introduce offline extension activation: #3080
- Automatically update Portainer extensions at startup: #3340
Improved User Experience
- Fixed issue where image auto suggest on multinode swarm suggests the same image multiple times: #3422
- Allow empty labels on containers: #2646
- Replace volume selector with type-ahead in container app-template form: #3370
- Render empty env vars correctly on duplicate/edit of a container: #2112
- Add edge key to edge agent commands in UI: #3117
- Make the recreate & duplicate/edit buttons unavailable when RBAC enabled: #3418
Networks
- Fixed issue where docker network aliases are not persisted on duplicate/edit: #2118
- Fixed issue where container name from container network not persisted on duplicate/edit: #2657
- Make system networks public to allow use by non-admins: #3364
Stacks
- Fixed issue where an invalid stack name results in 2 unusable stacks: #2020
- Fixed issue where concurrent stack creation allocated same ID for all stacks: #2633
Containers
- Prevent situation where user can try and recreate container that is set to auto-remove: #3247
- Allow a port range to be specified in container deployment: #734
- Fixed recreate issue with container image from GCR registry in Portainer: #1962
Minor Changes
Release 1.22.2
1.22.2
This release addresses a few issues preventing users from using Portainer correctly.
RBAC
- Fix an issue preventing non-administrator users to login: #3313
Containers
- Fix an issue preventing non-administrator users from starting a container: #3259
Stacks
- Fix an issue preventing non-administrator users from managing resources associated to a stack they own: #3259
Release 1.22.1
1.22.1
This release addresses multiple security issues in Portainer and aims to increase the stability of endpoints in Portainer, particularly agent enabled endpoints as discussed in this issue: #2535
Security
- Prevent non-admin management of admin only docker resources: #3224
- Prevent non-admin access to admin API endpoints: #3226
- Patched XSS vulnerability in the multi-select component: #3228
- Patched XSS vulnerability in the volume browser: #3229
- Prevent Bind-mount restriction bypass: #3231
- Prevent host filesystem management bypass: #3234
- Added admin setting to mitigate potential volume browse vulnerability: #3236
Endpoints
- Mark endpoint down, only when it is unreachable [Backend]: #2940
- Refresh the view after failing to connect to an endpoint: #3083
- Ping triggered by frontend now brings endpoint up when previously marked as down: #3088
Authentication
- Fixed issue where
--admin-password-filedoes not set up the admin user correctly: #2816 - Fixed issue where OKTA was not working with Portainer: #2957
- Fixed issue with large JWT breaking authentication when Portainer is behind a reverse proxy: #2960
- Fixed issue with private registry auth preventing setting access to users/teams: #3034
- Fixed panic with internal auth when Oauth enabled: #3171
Improved User Experience
- Introduced Portainer version update notification: #1649
- Display a single overlay network instead of one per host: #2021
- Show ENTRYPOINT in container details: #2924
- Improve the search functionality within Portainer: #3053
- Added error message for an agent already paired to another instance: #3098
- Update endpoint creation screen to reflect recommended deployment: #3147
Stack creation
- Fixed error preventing access to git repo with https: #1845
Services
- Add the service rollback feature to service details view: #3005
- Fixed issue where mounted volumes are not persisted in the UI: #3062
Containers
- Prevent MAC address collisions: #1645
- Prevent container table sort from reverting to default setting: #3049
Swarm Information
- Display node labels in Swarm Visualizer view: #1740
Workarounds
- Removed volume directive from Windows Dockerfile to workaround Docker deployment issue: #3132
Minor Changes
- Fix error when building Portainer locally with Yarn: #3007