All Versions
160
Latest Version
Avg Release Cycle
28 days
Latest Release
513 days ago

Changelog History
Page 5

  • v1.1.7 Changes

    November 15, 2021

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ‘ cli: Improve debug namespace and region support [GH-11269]
    • ๐Ÿ”Œ client/plugins/drivermanager: log if there is an error in a driver event [GH-11280]
    • ๐ŸŒฒ core: Elevated rejected node plan log lines to help diagnose #9506 [GH-11416]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  agent: Fixed an issue that caused some non-JSON log output when log_json was enabled [GH-11291]
    • ๐Ÿ›  agent: Fixed an issue that could cause previous log lines to be overwritten [GH-11386]
    • ๐Ÿ“œ cli: Fix support for group.consul field in the HCLv1 parser [GH-11423]
    • 0๏ธโƒฃ client: Added NOMAD_LICENSE to default environment variable deny list. [GH-11215]
    • ๐Ÿ client: Fixed a bug where network speed fingerprint could fail on Windows [GH-11183]
    • ๐Ÿšš client: Removed spurious error log messages when tasks complete [GH-11273]
    • ๐Ÿ›  csi: Fixed a bug where the client would incorrectly set an empty capacity range for CSI volume creation requests. [GH-11238]
    • driver/exec: Set CPU resource limits when cgroup-v2 is enabled [GH-11287]
    • ๐Ÿ‘ท rpc: Set the job deregistration eval priority to the job priority [GH-11426]
    • ๐Ÿ‘ท rpc: Set the job scale eval priority to the job priority [GH-11429]
    • ๐Ÿ›ฐ server: Fixed a panic on arm64 platform when dispatching a job with a payload [GH-11396]
    • ๐Ÿ›  server: Fixed a panic that may occur when preempting multiple allocations on the same node [GH-11346]

  • v1.1.6 Changes

    October 05, 2021

    ๐Ÿ”’ SECURITY:

    • ๐Ÿ›  consul/connect: Fixed a bug causing the Nomad agent to panic if a mesh gateway was registered without a proxy block. [GH-11257]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โšก๏ธ build: Updated to Go 1.16.8 [GH-11253]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  client: Fixed a memory leak in log collector when tasks restart [GH-11261]
    • ๐Ÿ›  events: Fixed wildcard namespace handling [GH-10935]

  • v1.1.5 Changes

    September 20, 2021

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿณ client: Allow Docker hostnames to be configured and interpolated in bridged networking mode [GH-11173]
    • โšก๏ธ deps: Updated go-memdb to v1.3.2 [GH-11185]

    ๐Ÿ› BUG FIXES:

    • ๐ŸŒฒ audit (Enterprise): Don't timestamp active audit log file. [GH-11198]
    • cli: Display all possible scores in the allocation status table [GH-11128]
    • cli: Fixed a bug where the NOMAD_CLI_NO_COLOR environment variable was not always applied [GH-11168]
    • client: Task vars should take precedence over host vars when performing interpolation. [GH-11206]
    • 0๏ธโƒฃ ui: Fixed an issue that prevented periodic and dispatch jobs in a non-default namespace to be properly rendered [GH-11110]
    • 0๏ธโƒฃ ui: Fixed an issue when dispatching jobs from a non-default namespace [GH-11141]

  • v1.1.4 Changes

    August 26, 2021

    ๐Ÿ”’ SECURITY:

    • Restricted access to the Raft RPC layer, so only servers within the region can issue Raft RPC requests. Previously, local clients and federated servers can issue Raft RPC requests directly. CVE-2021-37218 [GH-11084]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โšก๏ธ build: Updated to Go 1.16.7 [GH-11083]
    • client: Speed up client startup time [GH-11005]
    • ๐ŸŒฒ consul/connect: Reduced the noise of log messages emitted for connect native tasks [GH-10951]
    • csi: add flag for providing secrets as a set of key/value pairs to list snapshots [GH-10848]
    • โšก๏ธ deps: Updated x/sys to 20210818153620-00dd8d7831e7 [GH-11065]
    • โฑ scheduler: Re-evaluate nodes for system jobs after attributes changes [GH-11007]
    • ๐Ÿ‘ท ui: Add header separator between a child job priority and its parent [GH-11020]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ‘ท core: Fixed a bug where system jobs with non-unique IDs may not be placed on new nodes [GH-11054]
    • ๐ŸŒฒ agent: Don't timestamp active log file. [GH-11070]
    • ๐Ÿš€ deployments: Fixed a bug where multi-group deployments don't get auto-promoted when one group has no canaries. [GH-11013]
    • ๐Ÿณ driver/docker: Fixed a bug in the authentication config where not all fields were set [GH-10929]
    • โšก๏ธ server: Fixed a bug where planning job update reports spurious in-place updates even if the update includes no changes [GH-10990]
    • ๐Ÿ’ป ui: Add ability to search across all namespaces [GH-10666]
    • ๐Ÿ‘ท ui: Fixed a bug where the "Dispatch Job" button was displayed for non-parameterized jobs [GH-11019]
    • ๐Ÿ‘ท ui: Fixed a bug where the job dispatch form is not displayed when the job doesn't have meta fields [GH-10934]

  • v1.1.3 Changes

    July 29, 2021

    BACKWARDS INCOMPATIBILITIES:

    • ๐Ÿ‘ท api: The Job Run and Plan APIs now use the ?namespace= query parameter before the namespace from the job. This matches region's behavior. Users of api.Client should ensure their Config.Namespace is unset if they want to use the namespace in the job. [GH-10875]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿ‘ท api: Added NewSystemJob helper function to create base system job object. [GH-10861]
    • ๐Ÿ”ง audit (Enterprise): allow configuring file mode for audit logs [GH-10916]
    • ๐Ÿ— build: no longer use vendor directory [GH-10898]
    • ๐Ÿšฆ cli: Added a -task flag to alloc restart and alloc signal for consistent UX with alloc exec and alloc logs [GH-10859]
    • ๐Ÿ‘ท cli: Support recent job spec construct in the HCLv1 parser [GH-10931]
    • consul/connect: automatically set CONSUL_TLS_SERVER_NAME for connect native tasks [GH-10804]
    • ๐Ÿ‘ท dispatch jobs: Added optional idempotency token to WriteOptions which prevents Nomad from creating new dispatched jobs for retried requests. [GH-10806]
    • ๐Ÿ‘ท ui: Added new screen to dispatch a parameterized batch job [GH-10675]
    • ๐Ÿ’ป ui: Handle ACL token when running behind a reverse proxy [GH-10563]

    ๐Ÿ› BUG FIXES:

    • โช api: Reverted to using http/1 to fix a 1.1.2 regression in alloc exec sessions [GH-10958]
    • ๐Ÿ‘ท cli: Fixed a bug where -namespace flag was not respected for job run and job plan commands. [GH-10875]
    • ๐Ÿš€ cli: Fixed a panic when deployment monitor is invoked in some CI environments [GH-10926]
    • ๐Ÿ›  cli: Fixed system commands, so they correctly use passed flags [GH-10822]
    • ๐Ÿšฆ cli: Fixed the help message for the nomad alloc signal command [GH-10917]
    • ๐Ÿ›  client: Fixed a bug where a restarted client may start an already completed tasks in rare conditions [GH-10907]
    • ๐Ÿ›  client: Fixed bug where meta blocks were not interpolated with task environment [GH-10876]
    • cni: Fixed a bug where fingerprinting of CNI configuration failed with default cni_config_dir and cni_path [GH-10870]
    • ๐Ÿ”€ consul/connect: Avoid assumption of parent service when syncing connect proxies [GH-10872]
    • ๐Ÿ›  consul/connect: Fixed a bug causing high CPU with multiple connect sidecars in one group [GH-10883]
    • ๐Ÿ›  consul/connect: Fixed a bug where service deregistered before connect sidecar [GH-10873]
    • ๐Ÿ›  consul: Fixed a bug where services may incorrectly fail conflicting name validation [GH-10868]
    • ๐Ÿ”€ consul: avoid extra sync operations when no action required [GH-10865]
    • ๐Ÿšš consul: remove ineffective edge case handling on service deregistration [GH-10842]
    • ๐Ÿ›  core: Fixed a bug where affinity memoization may cause planning problems [GH-10897]
    • ๐Ÿ‘ท core: Fixed a bug where internalized constraint strings broke job plan [GH-10896]
    • โฌ†๏ธ core: Fixed a panic that may arise when upgrading pre-1.1.0 cluster to 1.1.x and may cause cluster outage [GH-10952]
    • ๐Ÿ›  csi: Fixed a bug where volume secrets were not used for creating snapshots. [GH-10840]
    • ๐Ÿ›  csi: fixed a CLI panic when formatting volume status with -verbose flag [GH-10818]
    • โšก๏ธ deps: Update hashicorp/consul-template to v0.25.2 to fix panic reading Vault secrets [GH-10892]
    • ๐Ÿณ driver/docker: Moved the generated /etc/hosts file's mount source to the allocation directory so that it can be shared between tasks of an allocation. [GH-10823]
    • ๐Ÿ›  drivers: Fixed bug where Nomad incorrectly reported tasks as recovered successfully even when they were not. [GH-10849]
    • โšก๏ธ scheduler: Fixed a bug where updates to the datacenters field were not destructive. [GH-10864]
    • ๐Ÿ’ป ui: Fixes bug where UI was not detecting namespace-specific capabilities. [GH-10893]
    • volumes: Fix a bug where the HTTP server would crash if a volume_mount block was empty [GH-10855]

  • v1.1.2 Changes

    June 22, 2021

    ๐Ÿ‘Œ IMPROVEMENTS:

    • ๐Ÿš€ cli: Added -monitor flag to deployment status command and automatically monitor deployments from job run command. [GH-10661]
    • cli: Added remainder of available pprof profiles to nomad operator debug capture. [GH-10748]
    • consul/connect: Validate Connect service upstream address uniqueness within task group [GH-7833]
    • ๐ŸŽ deps: Update gopsutil for multisocket cpuinfo detection performance fix [GH-10761]
    • docker: Tasks using network.mode = "bridge" that don't set their network_mode will receive a /etc/hosts file that includes the pause container's hostname and any extra_hosts. [GH-10766]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ’… artifact: Fixed support for 5 part vhosted-style AWS S3 buckets. [GH-10778]
    • 0๏ธโƒฃ artifact: HTTP requests made for artifacts will default to trying HTTP2 first. [GH-10778]
    • ๐Ÿ–จ client/fingerprint/java: Fixed a bug where java fingerprinter would not detect some Java distributions [GH-10765]
    • ๐Ÿ›  consul: Fixed a bug where consul check parameters missing in group services [GH-10764]
    • ๐Ÿ›  consul/connect: Fixed an overly restrictive connect constraint [GH-10754]
    • โšก๏ธ consul/connect: Fixed a bug where Connect upstreams would not be updated in-place [GH-10776]
    • ๐Ÿš€ deployments: Fixed a bug where unnecessary goroutines were spawned whenever deployments were updated. [GH-10756]
    • ๐Ÿ›  quotas (Enterprise): Fixed a bug where quotas were evaluated before constraints, resulting in quota capacity being used up by filtered nodes. [GH-10753]

  • v1.1.1 Changes

    June 09, 2021

    ๐Ÿ”‹ FEATURES:

    • Connect Mesh Gateways: Adds built-in support for running Consul Connect Mesh Gateways [GH-10658]

    ๐Ÿ‘Œ IMPROVEMENTS:

    • โšก๏ธ build: Updated to Go 1.16.5 [GH-10733]
    • cli: Added success confirmation message for nomad volume delete and nomad volume deregister. [GH-10591]
    • ๐Ÿ‘ท cli: Cross-namespace nomad job commands will now select exact matches if the selection is unambiguous. [GH-10648]
    • ๐Ÿ–จ client/fingerprint: Consul fingerprinter probes for additional enterprise and connect related attributes [GH-10699]
    • โฑ consul/connect: Only schedule connect tasks on nodes where connect is enabled in Consul [GH-10702]
    • csi: Validate that volume blocks for CSI volumes include the required attachment_mode and access_mode fields. [GH-10651]
    • ๐Ÿš€ server: Make deployment rate limiting configurable for high volume loads [GH-10706]

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  api: Fixed event stream connection initialization when there are no events to send [GH-10637]
    • ๐Ÿ”Œ cli: Fixed a bug where plugin status did not validate the passed type flag correctly [GH-10712]
    • ๐Ÿ›  cli: Fixed a bug where quota status and namespace status commands may panic if the CLI targets a pre-1.1.0 cluster [GH-10620]
    • ๐Ÿ›  cli: Fixed a bug where alloc exec may fail with "unexpected EOF" without returning the exit code after a command [GH-10657]
    • ๐Ÿ›  consul: Fixed a bug where consul namespace API would be queried even when consul namespaces were not enabled [GH-10715]
    • ๐Ÿ‘ท consul: Fixed a bug where connect jobs would always fail job submission when allow_unauthenticated was set to false [GH-10718]
    • ๐Ÿ”Œ csi: Fixed a bug where mount_options were not passed to CSI controller plugins for validation during volume creation and mounting. [GH-10643]
    • ๐Ÿ”Œ csi: Fixed a bug where capability blocks were not passed to CSI controller plugins for validation for nomad volume register commands. [GH-10703]
    • ๐Ÿ›  client: Fixed a bug where alloc exec sessions may terminate abruptly after a few minutes [GH-10710]
    • drivers/exec: Fixed a bug where exec and java tasks inherit the Nomad agent's oom_score_adj value [GH-10698]
    • ๐Ÿณ drivers/docker: Fixed a bug where short lived docker tasks may fail with obscure cpuset cgroup errors [GH-10416]
    • ๐Ÿš€ quotas (Enterprise): Fixed a bug where stopped allocations for a failed deployment can be double-credited to quota limits, resulting in a quota limit bypass. [GH-10694]
    • ๐Ÿ’ป ui: Fixed a bug where exec would not work across regions. [GH-10539]
    • ๐Ÿ’ป ui: Fixed global-search shortcut for non-english keyboards. [GH-10714]

  • v1.1.0 Changes

    May 18, 2021

    ๐Ÿ”‹ FEATURES:

    • Memory oversubscription: Improve cluster efficiency by allowing applications, whether containerized or non-containerized, to use memory in excess of their scheduled amount.
    • Reserved CPU cores: Improve the performance of your applications by ensuring tasks have exclusive use of client CPUs.
    • UI improvements: Enjoy a streamlined operator experience with fuzzy search, resource monitoring, and authentication improvements.
    • CSI enhancements: Run stateful applications with improved volume management and support for Container Storage Interface (CSI) plugins such as Ceph.
    • Readiness checks: Differentiate between application liveness and readiness with new options for task health checks.
    • Remote task drivers (technical preview): Use Nomad to manage your workloads on more platforms, such as AWS Lambda or Amazon ECS.
    • Consul namespace support (Enterprise): Run Nomad-defined services in their HashiCorp Consul namespaces more easily using Nomad Enterprise.
    • License autoloading (Enterprise): Automatically load Nomad licenses when a Nomad server agent starts using Nomad Enterprise.
    • Autoscaling improvements: Scale your applications more precisely with new strategies.

    BACKWARDS INCOMPATIBILITIES:

    • csi: The attachment_mode and access_mode field are required for volume blocks in job specifications. Registering a volume requires at least one capability block with the attachment_mode and access_mode fields set. [GH-10330]
    • drivers/exec+java: Reduce set of linux capabilities enabled by default [GH-10600]
    • licensing: Enterprise licenses are no longer stored in raft or synced between servers. Loading the Enterprise license from disk or environment is required. The nomad license put command has been removed. [GH-10458]

    ๐Ÿ”’ SECURITY:

    • drivers/docker+exec+java: Disable CAP_NET_RAW linux capability by default to prevent ARP spoofing. CVE-2021-32575 GH-10568

    ๐Ÿ‘Œ IMPROVEMENTS:

    • api: Added an API endpoint for fuzzy search queries [GH-10184]
    • api: Removed unimplemented CSIVolumes.PluginList API. [GH-10158]
    • api: Added namespace field for the jobs list endpoint response [GH-10434]
    • build: Updated to Go 1.16.3 [GH-10483]
    • cli: Update defaults for nomad operator debug flags -interval and -server-id to match common usage. [GH-10121]
    • cli: Support an optional file argument for volume init and quota init commands [GH-10397]
    • client/config: Enable sockaddr templating for network-interface attribute. [GH-10404]
    • client/fingerprint: Added support multiple host network aliases for the same interface. [GH-10104]
    • consul: Allow setting body field on service/check Consul health checks. [GH-10186]
    • consul/connect: Use exponential backoff for consul envoy bootstrap process [GH-10453]
    • consul/connect: Enable setting local_bind_address field on connect upstreams [GH-6248]
    • consul/connect: Added job-submission validation for Connect sidecar service and group names [GH-10455]
    • consul/connect: Automatically populate CONSUL_HTTP_ADDR for connect native tasks in host networking mode. [GH-10239]
    • consul/connect: Added disable_default_tcp_check field to connect.sidecar_service blocks to disable the default TCP listener check for Connect sidecar tasks. [GH-10531]
    • core: Persist metadata about most recent drain in Node.LastDrain [GH-10250]
    • csi: Added support for jobs to request a unique volume ID per allocation. [GH-10136]
    • driver/docker: Added support for optional extra container labels. [GH-9885]
    • driver/docker: Added support for configuring default logger behavior in the client configuration. [GH-10156]
    • metrics: Added blocked evaluation resources metrics [GH-10454]
    • networking: Added support for user-defined iptables rules on the NOMAD-ADMIN chain. [GH-10181]
    • networking: Added support for interpolating host network names with node attributes. [GH-10196]
    • nomad/structs: Removed deprecated Node.Drain field, added API extensions to restore it [GH-10202]
    • ui: Added a job reversion button [GH-10336]
    • ui: Added memory maximum to task group ribbon [GH-10459]
    • ui: Updated global search to use fuzzy search API [GH-10412]
    • ui: Changed displays of aggregate units to use larger suffixes when appropriate [GH-10257]
    • ui: Added resource reservation indicators on client charts and task breakdowns on allocation charts [GH-10208]

    ๐Ÿ› BUG FIXES:

    • core (Enterprise): Update licensing library to v0.0.11 to include race condition fix. [GH-10253]
    • agent: Only allow querying Prometheus formatted metrics if Prometheus is enabled within the config [GH-10140]
    • api: Ensured that api.LicenseGet returned response meta data [GH-10276]
    • api: Added missing devices block to AllocatedTaskResources [GH-10064]
    • api: Fixed a panic that may occur on concurrent access to an SDK client [GH-10302]
    • cli: Fixed a bug where non-int proxy port would panic CLI [GH-10072]
    • cli: Fixed a bug where snapshot agent command panics on launch [GH-10276]
    • cli: Remove extra linefeeds in monitor.log files written by nomad operator debug. [GH-10252]
    • cli: Fixed a bug where parsing HCLv2 may panic on some variable interpolation syntax [GH-10326] [GH-10419]
    • cli: Fixed a bug where nomad operator debug incorrectly parsed https Consul API URLs. [GH-10082]
    • cli: Fixed a panic where nomad job run or plan would crash when supplied with non-existent -var-file files. [GH-10569]
    • client: Fixed log formatting when killing tasks. [GH-10135]
    • client: Added handling for cgroup-v2 memory metrics [GH-10286]
    • client: Only publish measured allocation memory metrics [GH-10376]
    • client: Fixed a bug where small files would be assigned the wrong content type. [GH-10348]
    • consul/connect: Fixed a bug where job plan always different when using expose checks. [GH-10492]
    • consul/connect: Fixed a bug where HTTP ingress gateways could not use wildcard names. [GH-10457]
    • cni: Fallback to an interface with an IP address if sandbox interface lacks one. [GH-9895]
    • csi: Fixed a bug where volume with IDs that are a substring prefix of another volume could use the wrong volume for feasibility checking. [GH-10158]
    • drivers/docker: Fixed a bug where Dockerfile STOPSIGNAL was not honored. [GH-10441]
    • drivers/raw_exec: Fixed a bug where exit codes could be dropped and return a spurious error. [GH-10494]
    • scheduler: Fixed a bug where Nomad reports negative or incorrect running children counts for periodic jobs. [GH-10145]
    • scheduler: Fixed a bug where jobs requesting multiple CSI volumes could be incorrectly scheduled if only one of the volumes passed feasibility checking. [GH-10143]
    • service: Fixed a bug where new script checks would not be added on job updates. [GH-10403]
    • server: Fixed a bug affecting periodic job summary counts [GH-10145]
    • server: Fixed a bug where draining a node may fail to migrate its allocations [GH-10411]
    • server: Fixed a bug where jobs may not run if submitted with ParentID field set [GH-10424]
    • server: Fixed a panic that may arise on submission of jobs containing invalid service checks [GH-10154]
    • ui: Fixed the rendering of interstitial components shown after processing a dynamic application sizing recommendation. [GH-10094]

  • v1.0.18 Changes

    February 09, 2022

    BACKWARDS INCOMPATIBILITIES:

    • ๐Ÿ”’ ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability

    ๐Ÿ”’ SECURITY:

    • โž• Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
    • ๐Ÿ›  Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
    • Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
    • Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]

  • v1.0.17 Changes

    February 01, 2022

    ๐Ÿ› BUG FIXES:

    • ๐Ÿ›  csi: Fixed a bug where garbage collected allocations could block new claims on a volume [GH-11890]
    • ๐Ÿ›  csi: Fixed a bug where releasing volume claims would fail with ACL errors after leadership transitions. [GH-11891]
    • ๐Ÿš€ csi: Fixed a bug where volume claim releases that were not fully processed before a leadership transition would be ignored [GH-11776]
    • csi: Unmount volumes from the client before sending unpublish RPC [GH-11892]