All Versions
160
Latest Version
Avg Release Cycle
28 days
Latest Release
513 days ago
Changelog History
Page 5
Changelog History
Page 5
-
v1.1.7 Changes
November 15, 2021๐ IMPROVEMENTS:
- ๐ cli: Improve debug namespace and region support [GH-11269]
- ๐ client/plugins/drivermanager: log if there is an error in a driver event [GH-11280]
- ๐ฒ core: Elevated rejected node plan log lines to help diagnose #9506 [GH-11416]
๐ BUG FIXES:
- ๐ agent: Fixed an issue that caused some non-JSON log output when
log_json
was enabled [GH-11291] - ๐ agent: Fixed an issue that could cause previous log lines to be overwritten [GH-11386]
- ๐ cli: Fix support for
group.consul
field in the HCLv1 parser [GH-11423] - 0๏ธโฃ client: Added
NOMAD_LICENSE
to default environment variable deny list. [GH-11215] - ๐ client: Fixed a bug where network speed fingerprint could fail on Windows [GH-11183]
- ๐ client: Removed spurious error log messages when tasks complete [GH-11273]
- ๐ csi: Fixed a bug where the client would incorrectly set an empty capacity range for CSI volume creation requests. [GH-11238]
- driver/exec: Set CPU resource limits when cgroup-v2 is enabled [GH-11287]
- ๐ท rpc: Set the job deregistration eval priority to the job priority [GH-11426]
- ๐ท rpc: Set the job scale eval priority to the job priority [GH-11429]
- ๐ฐ server: Fixed a panic on arm64 platform when dispatching a job with a payload [GH-11396]
- ๐ server: Fixed a panic that may occur when preempting multiple allocations on the same node [GH-11346]
-
v1.1.6 Changes
October 05, 2021 -
v1.1.5 Changes
September 20, 2021๐ IMPROVEMENTS:
- ๐ณ client: Allow Docker hostnames to be configured and interpolated in bridged networking mode [GH-11173]
- โก๏ธ deps: Updated
go-memdb
tov1.3.2
[GH-11185]
๐ BUG FIXES:
- ๐ฒ audit (Enterprise): Don't timestamp active audit log file. [GH-11198]
- cli: Display all possible scores in the allocation status table [GH-11128]
- cli: Fixed a bug where the NOMAD_CLI_NO_COLOR environment variable was not always applied [GH-11168]
- client: Task vars should take precedence over host vars when performing interpolation. [GH-11206]
- 0๏ธโฃ ui: Fixed an issue that prevented periodic and dispatch jobs in a non-default namespace to be properly rendered [GH-11110]
- 0๏ธโฃ ui: Fixed an issue when dispatching jobs from a non-default namespace [GH-11141]
-
v1.1.4 Changes
August 26, 2021๐ SECURITY:
- Restricted access to the Raft RPC layer, so only servers within the region can issue Raft RPC requests. Previously, local clients and federated servers can issue Raft RPC requests directly. CVE-2021-37218 [GH-11084]
๐ IMPROVEMENTS:
- โก๏ธ build: Updated to Go 1.16.7 [GH-11083]
- client: Speed up client startup time [GH-11005]
- ๐ฒ consul/connect: Reduced the noise of log messages emitted for connect native tasks [GH-10951]
- csi: add flag for providing secrets as a set of key/value pairs to list snapshots [GH-10848]
- โก๏ธ deps: Updated
x/sys
to20210818153620-00dd8d7831e7
[GH-11065] - โฑ scheduler: Re-evaluate nodes for system jobs after attributes changes [GH-11007]
- ๐ท ui: Add header separator between a child job priority and its parent [GH-11020]
๐ BUG FIXES:
- ๐ท core: Fixed a bug where system jobs with non-unique IDs may not be placed on new nodes [GH-11054]
- ๐ฒ agent: Don't timestamp active log file. [GH-11070]
- ๐ deployments: Fixed a bug where multi-group deployments don't get auto-promoted when one group has no canaries. [GH-11013]
- ๐ณ driver/docker: Fixed a bug in the authentication config where not all fields were set [GH-10929]
- โก๏ธ server: Fixed a bug where planning job update reports spurious in-place updates even if the update includes no changes [GH-10990]
- ๐ป ui: Add ability to search across all namespaces [GH-10666]
- ๐ท ui: Fixed a bug where the "Dispatch Job" button was displayed for non-parameterized jobs [GH-11019]
- ๐ท ui: Fixed a bug where the job dispatch form is not displayed when the job doesn't have meta fields [GH-10934]
-
v1.1.3 Changes
July 29, 2021BACKWARDS INCOMPATIBILITIES:
- ๐ท api: The Job Run and Plan APIs now use the
?namespace=
query parameter before the namespace from the job. This matches region's behavior. Users ofapi.Client
should ensure theirConfig.Namespace
is unset if they want to use the namespace in the job. [GH-10875]
๐ IMPROVEMENTS:
- ๐ท api: Added
NewSystemJob
helper function to create base system job object. [GH-10861] - ๐ง audit (Enterprise): allow configuring file mode for audit logs [GH-10916]
- ๐ build: no longer use vendor directory [GH-10898]
- ๐ฆ cli: Added a
-task
flag toalloc restart
andalloc signal
for consistent UX withalloc exec
andalloc logs
[GH-10859] - ๐ท cli: Support recent job spec construct in the HCLv1 parser [GH-10931]
- consul/connect: automatically set CONSUL_TLS_SERVER_NAME for connect native tasks [GH-10804]
- ๐ท dispatch jobs: Added optional idempotency token to
WriteOptions
which prevents Nomad from creating new dispatched jobs for retried requests. [GH-10806] - ๐ท ui: Added new screen to dispatch a parameterized batch job [GH-10675]
- ๐ป ui: Handle ACL token when running behind a reverse proxy [GH-10563]
๐ BUG FIXES:
- โช api: Reverted to using http/1 to fix a 1.1.2 regression in
alloc exec
sessions [GH-10958] - ๐ท cli: Fixed a bug where
-namespace
flag was not respected forjob run
andjob plan
commands. [GH-10875] - ๐ cli: Fixed a panic when deployment monitor is invoked in some CI environments [GH-10926]
- ๐ cli: Fixed system commands, so they correctly use passed flags [GH-10822]
- ๐ฆ cli: Fixed the help message for the
nomad alloc signal
command [GH-10917] - ๐ client: Fixed a bug where a restarted client may start an already completed tasks in rare conditions [GH-10907]
- ๐ client: Fixed bug where meta blocks were not interpolated with task environment [GH-10876]
- cni: Fixed a bug where fingerprinting of CNI configuration failed with default
cni_config_dir
andcni_path
[GH-10870] - ๐ consul/connect: Avoid assumption of parent service when syncing connect proxies [GH-10872]
- ๐ consul/connect: Fixed a bug causing high CPU with multiple connect sidecars in one group [GH-10883]
- ๐ consul/connect: Fixed a bug where service deregistered before connect sidecar [GH-10873]
- ๐ consul: Fixed a bug where services may incorrectly fail conflicting name validation [GH-10868]
- ๐ consul: avoid extra sync operations when no action required [GH-10865]
- ๐ consul: remove ineffective edge case handling on service deregistration [GH-10842]
- ๐ core: Fixed a bug where affinity memoization may cause planning problems [GH-10897]
- ๐ท core: Fixed a bug where internalized constraint strings broke job plan [GH-10896]
- โฌ๏ธ core: Fixed a panic that may arise when upgrading pre-1.1.0 cluster to 1.1.x and may cause cluster outage [GH-10952]
- ๐ csi: Fixed a bug where volume secrets were not used for creating snapshots. [GH-10840]
- ๐ csi: fixed a CLI panic when formatting
volume status
with-verbose
flag [GH-10818] - โก๏ธ deps: Update
hashicorp/consul-template
to v0.25.2 to fix panic reading Vault secrets [GH-10892] - ๐ณ driver/docker: Moved the generated
/etc/hosts
file's mount source to the allocation directory so that it can be shared between tasks of an allocation. [GH-10823] - ๐ drivers: Fixed bug where Nomad incorrectly reported tasks as recovered successfully even when they were not. [GH-10849]
- โก๏ธ scheduler: Fixed a bug where updates to the
datacenters
field were not destructive. [GH-10864] - ๐ป ui: Fixes bug where UI was not detecting namespace-specific capabilities. [GH-10893]
- volumes: Fix a bug where the HTTP server would crash if a
volume_mount
block was empty [GH-10855]
- ๐ท api: The Job Run and Plan APIs now use the
-
v1.1.2 Changes
June 22, 2021๐ IMPROVEMENTS:
- ๐ cli: Added
-monitor
flag todeployment status
command and automatically monitor deployments fromjob run
command. [GH-10661] - cli: Added remainder of available pprof profiles to
nomad operator debug
capture. [GH-10748] - consul/connect: Validate Connect service upstream address uniqueness within task group [GH-7833]
- ๐ deps: Update gopsutil for multisocket cpuinfo detection performance fix [GH-10761]
- docker: Tasks using
network.mode = "bridge"
that don't set theirnetwork_mode
will receive a/etc/hosts
file that includes the pause container's hostname and anyextra_hosts
. [GH-10766]
๐ BUG FIXES:
- ๐ artifact: Fixed support for 5 part vhosted-style AWS S3 buckets. [GH-10778]
- 0๏ธโฃ artifact: HTTP requests made for artifacts will default to trying HTTP2 first. [GH-10778]
- ๐จ client/fingerprint/java: Fixed a bug where java fingerprinter would not detect some Java distributions [GH-10765]
- ๐ consul: Fixed a bug where consul check parameters missing in group services [GH-10764]
- ๐ consul/connect: Fixed an overly restrictive connect constraint [GH-10754]
- โก๏ธ consul/connect: Fixed a bug where Connect upstreams would not be updated in-place [GH-10776]
- ๐ deployments: Fixed a bug where unnecessary goroutines were spawned whenever deployments were updated. [GH-10756]
- ๐ quotas (Enterprise): Fixed a bug where quotas were evaluated before constraints, resulting in quota capacity being used up by filtered nodes. [GH-10753]
- ๐ cli: Added
-
v1.1.1 Changes
June 09, 2021๐ FEATURES:
- Connect Mesh Gateways: Adds built-in support for running Consul Connect Mesh Gateways [GH-10658]
๐ IMPROVEMENTS:
- โก๏ธ build: Updated to Go 1.16.5 [GH-10733]
- cli: Added success confirmation message for
nomad volume delete
andnomad volume deregister
. [GH-10591] - ๐ท cli: Cross-namespace
nomad job
commands will now select exact matches if the selection is unambiguous. [GH-10648] - ๐จ client/fingerprint: Consul fingerprinter probes for additional enterprise and connect related attributes [GH-10699]
- โฑ consul/connect: Only schedule connect tasks on nodes where connect is enabled in Consul [GH-10702]
- csi: Validate that
volume
blocks for CSI volumes include the requiredattachment_mode
andaccess_mode
fields. [GH-10651] - ๐ server: Make deployment rate limiting configurable for high volume loads [GH-10706]
๐ BUG FIXES:
- ๐ api: Fixed event stream connection initialization when there are no events to send [GH-10637]
- ๐ cli: Fixed a bug where
plugin status
did not validate the passedtype
flag correctly [GH-10712] - ๐ cli: Fixed a bug where
quota status
andnamespace status
commands may panic if the CLI targets a pre-1.1.0 cluster [GH-10620] - ๐ cli: Fixed a bug where
alloc exec
may fail with "unexpected EOF" without returning the exit code after a command [GH-10657] - ๐ consul: Fixed a bug where consul namespace API would be queried even when consul namespaces were not enabled [GH-10715]
- ๐ท consul: Fixed a bug where connect jobs would always fail job submission when allow_unauthenticated was set to false [GH-10718]
- ๐ csi: Fixed a bug where
mount_options
were not passed to CSI controller plugins for validation during volume creation and mounting. [GH-10643] - ๐ csi: Fixed a bug where
capability
blocks were not passed to CSI controller plugins for validation fornomad volume register
commands. [GH-10703] - ๐ client: Fixed a bug where
alloc exec
sessions may terminate abruptly after a few minutes [GH-10710] - drivers/exec: Fixed a bug where
exec
andjava
tasks inherit the Nomad agent'soom_score_adj
value [GH-10698] - ๐ณ drivers/docker: Fixed a bug where short lived docker tasks may fail with obscure cpuset cgroup errors [GH-10416]
- ๐ quotas (Enterprise): Fixed a bug where stopped allocations for a failed deployment can be double-credited to quota limits, resulting in a quota limit bypass. [GH-10694]
- ๐ป ui: Fixed a bug where exec would not work across regions. [GH-10539]
- ๐ป ui: Fixed global-search shortcut for non-english keyboards. [GH-10714]
-
v1.1.0 Changes
May 18, 2021๐ FEATURES:
- Memory oversubscription: Improve cluster efficiency by allowing applications, whether containerized or non-containerized, to use memory in excess of their scheduled amount.
- Reserved CPU cores: Improve the performance of your applications by ensuring tasks have exclusive use of client CPUs.
- UI improvements: Enjoy a streamlined operator experience with fuzzy search, resource monitoring, and authentication improvements.
- CSI enhancements: Run stateful applications with improved volume management and support for Container Storage Interface (CSI) plugins such as Ceph.
- Readiness checks: Differentiate between application liveness and readiness with new options for task health checks.
- Remote task drivers (technical preview): Use Nomad to manage your workloads on more platforms, such as AWS Lambda or Amazon ECS.
- Consul namespace support (Enterprise): Run Nomad-defined services in their HashiCorp Consul namespaces more easily using Nomad Enterprise.
- License autoloading (Enterprise): Automatically load Nomad licenses when a Nomad server agent starts using Nomad Enterprise.
- Autoscaling improvements: Scale your applications more precisely with new strategies.
BACKWARDS INCOMPATIBILITIES:
- csi: The
attachment_mode
andaccess_mode
field are required forvolume
blocks in job specifications. Registering a volume requires at least onecapability
block with theattachment_mode
andaccess_mode
fields set. [GH-10330] - drivers/exec+java: Reduce set of linux capabilities enabled by default [GH-10600]
- licensing: Enterprise licenses are no longer stored in raft or synced between servers. Loading the Enterprise license from disk or environment is required. The
nomad license put
command has been removed. [GH-10458]
๐ SECURITY:
- drivers/docker+exec+java: Disable
CAP_NET_RAW
linux capability by default to prevent ARP spoofing. CVE-2021-32575 GH-10568
๐ IMPROVEMENTS:
- api: Added an API endpoint for fuzzy search queries [GH-10184]
- api: Removed unimplemented
CSIVolumes.PluginList
API. [GH-10158] - api: Added
namespace
field for the jobs list endpoint response [GH-10434] - build: Updated to Go 1.16.3 [GH-10483]
- cli: Update defaults for
nomad operator debug
flags-interval
and-server-id
to match common usage. [GH-10121] - cli: Support an optional file argument for
volume init
andquota init
commands [GH-10397] - client/config: Enable sockaddr templating for
network-interface
attribute. [GH-10404] - client/fingerprint: Added support multiple host network aliases for the same interface. [GH-10104]
- consul: Allow setting
body
field on service/check Consul health checks. [GH-10186] - consul/connect: Use exponential backoff for consul envoy bootstrap process [GH-10453]
- consul/connect: Enable setting
local_bind_address
field on connect upstreams [GH-6248] - consul/connect: Added job-submission validation for Connect sidecar service and group names [GH-10455]
- consul/connect: Automatically populate
CONSUL_HTTP_ADDR
for connect native tasks in host networking mode. [GH-10239] - consul/connect: Added
disable_default_tcp_check
field toconnect.sidecar_service
blocks to disable the default TCP listener check for Connect sidecar tasks. [GH-10531] - core: Persist metadata about most recent drain in Node.LastDrain [GH-10250]
- csi: Added support for jobs to request a unique volume ID per allocation. [GH-10136]
- driver/docker: Added support for optional extra container labels. [GH-9885]
- driver/docker: Added support for configuring default logger behavior in the client configuration. [GH-10156]
- metrics: Added blocked evaluation resources metrics [GH-10454]
- networking: Added support for user-defined iptables rules on the NOMAD-ADMIN chain. [GH-10181]
- networking: Added support for interpolating host network names with node attributes. [GH-10196]
- nomad/structs: Removed deprecated Node.Drain field, added API extensions to restore it [GH-10202]
- ui: Added a job reversion button [GH-10336]
- ui: Added memory maximum to task group ribbon [GH-10459]
- ui: Updated global search to use fuzzy search API [GH-10412]
- ui: Changed displays of aggregate units to use larger suffixes when appropriate [GH-10257]
- ui: Added resource reservation indicators on client charts and task breakdowns on allocation charts [GH-10208]
๐ BUG FIXES:
- core (Enterprise): Update licensing library to v0.0.11 to include race condition fix. [GH-10253]
- agent: Only allow querying Prometheus formatted metrics if Prometheus is enabled within the config [GH-10140]
- api: Ensured that
api.LicenseGet
returned response meta data [GH-10276] - api: Added missing devices block to AllocatedTaskResources [GH-10064]
- api: Fixed a panic that may occur on concurrent access to an SDK client [GH-10302]
- cli: Fixed a bug where non-int proxy port would panic CLI [GH-10072]
- cli: Fixed a bug where
snapshot agent
command panics on launch [GH-10276] - cli: Remove extra linefeeds in monitor.log files written by
nomad operator debug
. [GH-10252] - cli: Fixed a bug where parsing HCLv2 may panic on some variable interpolation syntax [GH-10326] [GH-10419]
- cli: Fixed a bug where
nomad operator debug
incorrectly parsed https Consul API URLs. [GH-10082] - cli: Fixed a panic where
nomad job run
orplan
would crash when supplied with non-existent-var-file
files. [GH-10569] - client: Fixed log formatting when killing tasks. [GH-10135]
- client: Added handling for cgroup-v2 memory metrics [GH-10286]
- client: Only publish measured allocation memory metrics [GH-10376]
- client: Fixed a bug where small files would be assigned the wrong content type. [GH-10348]
- consul/connect: Fixed a bug where job plan always different when using expose checks. [GH-10492]
- consul/connect: Fixed a bug where HTTP ingress gateways could not use wildcard names. [GH-10457]
- cni: Fallback to an interface with an IP address if sandbox interface lacks one. [GH-9895]
- csi: Fixed a bug where volume with IDs that are a substring prefix of another volume could use the wrong volume for feasibility checking. [GH-10158]
- drivers/docker: Fixed a bug where Dockerfile
STOPSIGNAL
was not honored. [GH-10441] - drivers/raw_exec: Fixed a bug where exit codes could be dropped and return a spurious error. [GH-10494]
- scheduler: Fixed a bug where Nomad reports negative or incorrect running children counts for periodic jobs. [GH-10145]
- scheduler: Fixed a bug where jobs requesting multiple CSI volumes could be incorrectly scheduled if only one of the volumes passed feasibility checking. [GH-10143]
- service: Fixed a bug where new script checks would not be added on job updates. [GH-10403]
- server: Fixed a bug affecting periodic job summary counts [GH-10145]
- server: Fixed a bug where draining a node may fail to migrate its allocations [GH-10411]
- server: Fixed a bug where jobs may not run if submitted with ParentID field set [GH-10424]
- server: Fixed a panic that may arise on submission of jobs containing invalid service checks [GH-10154]
- ui: Fixed the rendering of interstitial components shown after processing a dynamic application sizing recommendation. [GH-10094]
-
v1.0.18 Changes
February 09, 2022BACKWARDS INCOMPATIBILITIES:
- ๐ ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability
๐ SECURITY:
- โ Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
- ๐ Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
- Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
- Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]
-
v1.0.17 Changes
February 01, 2022๐ BUG FIXES:
- ๐ csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
- ๐ csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
- ๐ csi: Fixed a bug where volume claim releases that were not fully processed before a leadership transition would be ignored [GH-11776]
- csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]