Nomad v1.0.18 Release Notes
Release Date: 2022-02-09 // over 2 years ago-
BACKWARDS INCOMPATIBILITIES:
- 🔒 ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability
🔒 SECURITY:
- ➕ Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
- 🛠 Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
- Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
- Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]