All Versions
160
Latest Version
Avg Release Cycle
28 days
Latest Release
851 days ago

Changelog History
Page 8

  • v0.12.12 Changes

    May 11, 2021

    πŸ”’ SECURITY:

    • drivers/docker+exec+java: Disable CAP_NET_RAW linux capability by default to prevent ARP spoofing. CVE-2021-32575 GH-10568

  • v0.12.11 Changes

    March 18, 2021

    πŸ› BUG FIXES:

    • server: Backport from v1.0.2 - Fixed a bug where new servers may bootstrap prematurely when configured with bootstrap_expect = 0 [GH-9672]

  • v0.12.10 Changes

    January 28, 2021

    πŸ”’ SECURITY:

    • drivers/exec+java: Modified exec-based drivers to run tasks in private PID/IPC namespaces. CVE-2021-3283 [GH-9911]

  • v0.12.9 Changes

    November 18, 2020

    πŸ› BUG FIXES:

    • client: Fixed a regression where NOMAD_{ALLOC,TASK,SECRETS}_DIR variables would cause an error when interpolated into template.source stanzas. [GH-9391]

  • v0.12.8 Changes

    November 10, 2020

    πŸš‘ Nomad 0.12.8, Nomad 0.11.7, and Nomad 0.10.8 were released with an important security fix and a critical bug fix:

    CVE-2020-28348 Nomad File Sandbox Escape via Container Volume Mount

    πŸš€ A vulnerability was discovered in Nomad and Nomad Enterprise (β€œNomad”) such that an operator with job submission capabilities can mount the host file system of a client agent and subvert the default Docker file sandbox feature when not explicitly disabled or when using a volume mount type. This vulnerability affects version 0.9.0 up to 0.12.7, and is fixed in the 0.12.8, 0.11.7, and 0.10.8 releases.

    🐳 Nomad disables host filesystem access by default in 0.12.0 and above to prevent job operators from accessing the client filesystem used to persistently store any required data on disk. The Docker task driver provides a volume mount type which can be used to access the client host filesystem from within a container, but clients must be configured to enable mounting directories outside an allocation’s path to prevent abuse from unprivileged operators.

    This issue is identified publicly as CVE-2020-28348.

    πŸš‘ Critical Bug During Upgrades from pre-0.9

    ⬆️ A bug was identified in all versions of Nomad after 0.9.2. If a client agent is upgraded from a pre-0.9 version of Nomad to 0.9.2 or later; then all exec-based tasks (including exec, raw_exec, java, qemu) will fail to recover, will be leaked, and then Nomad will start another task. The leaked pre-0.9 task will run un-interrupted and unmanaged until the client dies or the task is killed manually.

  • v0.12.7 Changes

    October 23, 2020

    πŸ› BUG FIXES:

    • artifact: Fixed a regression in 0.12.6 where if the artifact destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]
    • template: Fixed a regression in 0.12.6 where if the template destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]

  • v0.12.6 Changes

    October 21, 2020

    πŸ”’ SECURITY:

    • artifact: Fixed a bug where interpolation can be used in the artifact destination field to write artifact payloads outside the allocation directory. CVE-2020-27195 [GH-9129]
    • template: Fixed a bug where interpolation can be used in the template source and destination fields to read or write files outside the allocation directory even when disable_file_sandbox was set to false (the default). CVE-2020-27195 [GH-9129]
    • template: Fixed a bug where the disable_file_sandbox configuration was only respected for the template file function and not the template source and destination fields. CVE-2020-27195 [GH-9129]

  • v0.12.5 Changes

    September 17, 2020

    0.12.5 (September 17, 2020)

    πŸ› BUG FIXES:

    • πŸ‘· core: Fixed a panic on job submission when the job contains a service with expose = true set [GH-8882]
    • πŸ‘· core: Fixed a regression where stopping the sole job allocation result in two replacement allocations [GH-8867]
    • πŸ‘· core: Fixed a bug where an allocation may be left running expectedly despite promoting a new job version [GH-8886]
    • πŸ›  cli: Fixed the whitespace in nomad monitor help output [GH-8884]
    • ⚑️ cli: Updated job samples to avoid using deprecated task level networks and mbit syntax [GH-8911]
    • 🚦 cli: Fixed a bug where alloc signal fails if the CLI cannot contact the Nomad client directly [GH-8897]
    • πŸ›  cli: Fixed a bug where host volumes could cause nomad node status to panic when the -verbose flag was used. [GH-8902]
    • πŸ’» ui: Fixed ability to switch between tasks in alloc exec sessions [GH-8856]
    • πŸ”Š ui: Task log streaming will no longer suddenly flip to a different task's logs. [GH-8833]

  • v0.12.4 Changes

    September 09, 2020

    πŸ”‹ FEATURES:

    • Consul Ingress Gateways: Support for Consul Connect Ingress Gateways [GH-8709]

    πŸ‘Œ IMPROVEMENTS:

    • api: Added node purge SDK functionality. [GH-8142]
    • api: Added an option to stop multiregion jobs globally. [GH-8776]
    • core: Added poststart hook to task lifecycle [GH-8390]
    • csi: Improved the accuracy of plugin Expected allocation counts. [GH-8699]
    • driver/docker: Allow configurable image pull context timeout setting. [GH-5718]
    • ui: Added exec keepalive heartbeat. [GH-8759]

    πŸ› BUG FIXES:

    • core: Fixed a bug where unpromoted job versions are used when rescheduling failed allocations [GH-8691]
    • core: Fixed a bug where servers become unresponsive when cron jobs containing zero-padded months [GH-8804]
    • core: Fixed bugs where scaling policies could be matched against incorrect jobs with a similar prefix [GH-8753]
    • core: Fixed a bug where garbage collection evaluations that failed or spanned leader elections would be re-enqueued forever. [GH-8682]
    • core (Enterprise): Fixed a bug where enterprise servers may self-terminate as licenses are ignored after a Raft snapshot restore. [GH-8737]
    • cli (Enterprise): Fixed a panic in nomad operator snapshot agent if local path is not set [GH-8809]
    • client: Fixed a bug where nomad operator debug could cause a client agent to panic when the -node-id flag was used. [GH-8795]
    • csi: Fixed a bug where errors while connecting to plugins could cause a panic in the Nomad client. [GH-8825]
    • csi: Fixed a bug where querying CSI volumes would cause a panic if an allocation that claimed the volume had been garbage collected but the claim was not yet dropped. [GH-8735]
    • deployments (Enterprise): Fixed a bug where counts could not be changed in the web UI for multiregion jobs. [GH-8685]
    • deployments (Enterprise): Fixed a bug in multi-region deployments where a region that was dropped from the jobspec was not deregistered. [GH-8763]
    • docker: Fixed a bug where configuring DNS options in bridge or cni mode would prevent the container from being created. [GH-8600]
    • exec: Fixed a bug causing escape characters to be missed in special cases [GH-8798]
    • plan: Fixed a bug where plans always included a change for the NomadTokenID. [GH-8687]

  • v0.12.4-rc1 Changes

    September 03, 2020

    0.12.4 (September 2, 2020)

    πŸ”‹ FEATURES:

    • Consul Ingress Gateways : Support for Consul Connect Ingress Gateways [GH-8709]

    πŸ‘Œ IMPROVEMENTS:

    • api: Added node purge SDK functionality. [GH-8142]
    • πŸ‘· api: Added an option to stop multiregion jobs globally. [GH-8776]
    • core: Added poststart hook to task lifecycle [GH-8390]
    • πŸ”Œ csi: Improved the accuracy of plugin Expected allocation counts. [GH-8699]
    • 🐳 driver/docker: Allow configurable image pull context timeout setting. [GH-5718]
    • πŸ’» ui: Added exec keepalive heartbeat. [GH-8759]

    πŸ› BUG FIXES:

    • ⏱ core: Fixed a bug where unpromoted job versions are used when rescheduling failed allocations [GH-8691]
    • πŸ“± core: Fixed a bug where servers become unresponsive when cron jobs containing zero-padded months [GH-8804]
    • πŸ‘· core: Fixed bugs where scaling policies could be matched against incorrect jobs with a similar prefix [GH-8753]
    • πŸ›  core: Fixed a bug where garbage collection evaluations that failed or spanned leader elections would be re-enqueued forever. [GH-8682]
    • βͺ core (Enterprise): Fixed a bug where enterprise servers may self-terminate as licenses are ignored after a Raft snapshot restore. [GH-8737]
    • πŸ›  cli (Enterprise): Fixed a panic in nomad operator snapshot agent if local path is not set [GH-8809]
    • πŸ›  client: Fixed a bug where nomad operator debug could cause a client agent to panic when the -node-id flag was used. [GH-8795]
    • πŸ›  csi: Fixed a bug where querying CSI volumes would cause a panic if an allocation that claimed the volume had been garbage collected but the claim was not yet dropped. [GH-8735]
    • πŸš€ deployments (Enterprise): Fixed a bug where counts could not be changed in the web UI for multiregion jobs. [GH-8685]
    • πŸš€ deployments (Enterprise): Fixed a bug in multi-region deployments where a region that was dropped from the jobspec was not deregistered. [GH-8763]
    • πŸ›  exec: Fixed a bug causing escape characters to be missed in special cases [GH-8798]
    • πŸ›  plan: Fixed a bug where plans always included a change for the NomadTokenID. [GH-8687]