All Versions
Latest Version
Avg Release Cycle
32 days
Latest Release
1468 days ago

Changelog History

  • v8.7.3 Changes

    June 09, 2020

    ๐Ÿ‘Œ Improvements

    ๐Ÿณ Docker images are now compiling via the go 1.13 toolchain.

    Agent Registration can now occur through chained load balancers,
    with standards-compliant comma-separated X-Forwarded-For
    headers. Why you would want to do this is beyond me, but ยฏ_(ใƒ„)_/ยฏ

    ๐Ÿ”Œ The metashield plugin now trusts system X.509 Root CAs if no
    specific CA is supplied.

    ๐Ÿ’ป Bootstrap restoration is simpler now, and the UI for init /
    ๐Ÿ‘€ restore is more streamlined. See #680.

  • v8.7.2 Changes

    April 23, 2020

    ๐Ÿ› Bug Fixes

    • SHIELD will now be able to properly authenticate to vault again.
  • v8.7.1 Changes

    April 20, 2020


    This version of SHIELD will be unable to perform backups if the core has ever been restarted. This does not cause any permanent damage, but this version will not be able to do backups.

    ๐Ÿ‘Œ Improvements

    ๐Ÿ”Œ The meta SHIELD plugin has two additional (optional) fields.
    The core CA certificate and skip ssl validation fields allow
    us to now properly handle tls.

    Properly Handle 301's from amazon during purge tasks

    Switching bespoke Vault for vaultkv

  • v8.7.0 Changes

    March 10, 2020

    ๐Ÿ†• New Features

    • ๐Ÿ”Œ SHIELD now features a new metashield plugin for backing up and restoring your shield core(s). This is a standardized way
      โช for SHIELD to backup/restore itself or another SHIELD instance.
  • v8.6.3 Changes

    January 03, 2020

    ๐Ÿ› Bug Fixes

    • ๐Ÿ’ป The Web UI, when sorting, is now case-insensitive.
    • ๐Ÿ–จ The data-system-specific storage footprint in the Web UI now no longer
      ๐Ÿ–จ counts purged archives against the storage footprint.
    • The core no longer leaks a SQL prepared statement when making requests
      to the SQLite3 backend, fixing an unbounded memory leak.
    • The migration to database schema v12 now reports errors more granularly.
  • v8.6.2 Changes

    December 05, 2019

    ๐Ÿš€ This release fixes issues with failed 8.5.0 โ†’ 8.6.0 migrations
    ๐Ÿ‘ท that left the interim jobs_new table around.

  • v8.6.1 Changes

    December 04, 2019

    ๐Ÿš€ This release chiefly introduces logic to existing and new database
    ๐Ÿš€ schema migrations to fix fallout from the 8.6.0 release, in which
    we mistakenly modified a historic migration to do something.

    โฌ†๏ธ All database upgrade paths, including pre-8.6.0 โ†’ present,
    ๐Ÿš€ (failing) 8.6.0 deployment โ†’ present, and brand new deployments,
    should all work now.

    ๐Ÿ‘Œ Improvements

    • 0๏ธโƒฃ The fs plugin is now quieter by default, and will only turn on
      ๐ŸŒฒ per-file debug logging if asked to do so via its own
      ๐Ÿ”ง configuration. This should greatly speed up backup operations
      ๐Ÿ”’ on busy SHIELDs, since it reduces the database lock contention.

    ๐Ÿ› Bug Fixes

    ๐Ÿ”ง The front-end configuration wizard now properly looks up
    ๐Ÿ”Œ plugin metadata for an agent. Previously, there was a
    Javascript variable shadowing bug that caused the front-end to
    ๐Ÿ“‡ return any arbitrary plugin metadata as the "correct" one.

    Task cancelation had a n inverted boolean assertion on global
    ๐Ÿ›  tenant-iness that has been fixed.

  • v8.6.0 Changes

    November 14, 2019

    โš  WARNING

    ๐Ÿš€ Do not use this version. This version has a database schema migration error that will be fixed in an upcoming patch release.

    ๐Ÿ†• New Features

    ๐Ÿณ Helm Support! This version of SHIELD ships with OCI Docker
    images that can be used in the new (Beta!) helm chart for
    ๐Ÿ‘€ SHIELD. See for more
    details, and to give it a spin yourself.

    ๐Ÿ”ง The SHIELD Core can now be configured almost entirely through
    ๐Ÿณ environment variables, for ease of configuration in Docker,
    Compose, and even Kubernetes.

    We have a new Prometheus-compatible metrics exporter, accessible
    at /metrics, and governed by a separate set of HTTP Basic Auth

    ๐Ÿ’ฅ Breaking Changes

    ๐Ÿ”ง The fabrics array in the configuration file has been replaced with
    the legacy-agents hash.

    ๐Ÿ”ง Previously, configuration for this would look like

    fabrics: - name: legacyssh-key: | -----BEGIN RSA PRIVATE KEY----- kEy -----END RSA PRIVATE KEY-----

    ๐Ÿ”ง Now, that should be configured like the following:

    legacy-agents: enabled: trueprivate-key: | -----BEGIN RSA PRIVATE KEY----- kEy -----END RSA PRIVATE KEY-----

    ๐Ÿ‘Œ Improvements

    Agent SSH is now constrained to a more secure set of message
    authentication codes (MACs). Specifically, we got rid of one
    embarassing 96-bit MAC algorithm. Ooof!

    ๐Ÿ’ป Several quality-of-life improvements were made to the web UI
    and message bus / websocket implementations. In general, the
    ๐ŸŒ web interface is easier to use and more robust now.

    ๐Ÿšš Old task logs and purged archives will now be removed from the
    database after a minimum retention period has passed. If you've
    โšก๏ธ been with us since the 0.x days, this update is for you, and
    we're sorry it's taken us so long to do this type of cleanup.

    The SHIELD IP Address (which gets less and less relevant every
    ๐Ÿ’ป day) is no longer reported via the API / web UI.

    ๐Ÿ› Bug Fixes

    โช Uncompressed backups can now properly be restored.

    ๐Ÿ‘ท The healthy and paused fields of the Jobs table now no
    longer allows NULL values, landing us squarely back in the
    territory of booleanitude -- things are either true or false;
    there is no maybe.

    Negative daily storage increases now properly convert to kilo-,
    mega-, and giga- units, to help humans understand magnitude.

    โฑ The api.session.timeout value is now interpreted properly as
    seconds, not hours. This effectively means that sessions now
    expire when they ought to, not several orders of magnitude

  • v8.5.0 Changes

    September 13, 2019

    ๐Ÿ‘Œ Improvements

    The shield status command is twice as pretty and three times
    as useful.

    ๐ŸŒ Cloud Storage detail pages in the web interface now show a
    timeline similar to the one shown for Data Systems, so that
    SHIELD operators have an easier time of troubleshooting failing
    ๐Ÿ”ง storage configurations.

    ๐ŸŒฒ The SHIELD CLI now displays task+log data for the last
    โœ… test-store task of a given store (for shield store X and
    shield global-store Y), to assist in troubleshooting failing
    ๐Ÿ”ง storage configurations.

    ๐ŸŒ Operators now have a web interface and some CLI commands for
    inspecting the state of SHIELD Data Fixups, and re-running them
    (if / when necessary).

    ๐Ÿ”Œ The mongo target plugin can now have options applied
    โช individually to just mongodump or mongorestore.

    Passwords and RSA private keys are now properly obscured in
    ๐ŸŒ the web interface detail pages for both systems and cloud
    ๐Ÿ‘€ storage. People without rights to see such credentials will
    ๐Ÿ‘€ still see the "REDACTED" string instead; but people with the
    ๐Ÿ‘€ required privilege will instead see the blurred-out obscured
    text that they can hover over to reveal.

    The shield tasks command can now filter down to only tasks
    that involve a particular tenant or global cloud storage system.

    ๐Ÿ› Bug Fixes

    Data Fixups will now be properly skipped if they've already been
    applied. Additionally, names / dates / summaries will be
    updated every time the SHIELD Core boots up, to catch typos
    and mispellings there.

    ๐ŸŒ The Data System detail page in the web interface no longer has a
    ๐Ÿ”Œ race condition between the start of an AJAX call for the plugin
    ๐Ÿ”ง configuration details and a shield:navigate away from the
    page. Other such race conditions involving AJAX should now also
    ๐Ÿ›  be fixed.

    Switching between tenants (with differing levels of access) now
    properly re-renders the sidebar to show your new privileges.

    ๐Ÿ‘ท The shield job X command now populates the "Status" and
    "Agent" fields, using data in the API responses.

  • v8.4.1 Changes

    August 29, 2019

    ๐Ÿ‘Œ Improvements

    • โž• Added a /v2/mbus/status API endpoint that returns metrics about the state of
      the event message bus. This allows for some introspection into what websocket
      connections may be doing at that moment.
    • ๐Ÿ’ป The UI now has less wasted space when displaying a bunch of cards for data
    • ๐Ÿ”ง Implemented a configurable timeout when making SSH connections to agents. A
      0๏ธโƒฃ lower default now also keeps dead agents from taking up large amounts of
      โฑ scheduler worker time.
    • SHIELD now tracks when the last time an agent erred was.
    • ๐Ÿ’ป Hidden agents are now sorted under a separate header in the web UI.
    • Hiding, showing, and deleting agents can now be done from the CLI.

    ๐Ÿ› Bug Fixes

    • We no longer leak the file descriptors and goroutines for detached websocket
    • ๐Ÿ‘ท Workers can no longer be starved out when sending events to the message bus
      if the receiver of the message bus is misbehaving because these event sends
      are now asynchronous.
    • ๐Ÿ›  Fixed a bug where a worker could derefence a nil pointer when certain
      database selects returned no rows.
    • The database layer now has more stringent locking, which both avoids certain
      threads locking each other out in SQLite, and also makes certain series of
      database operations effectively atomic.
    • A couple of fixups would deadlock themselves out of the database and prevent
      ๐Ÿ›  fixups from actually running. Now they don't.
    • ๐Ÿ›  Fixups now only run once instead of on every startup, like nature intended.
    • โšก๏ธ The agent "Last Checked At" timestamp was being updated when the task was
      โฑ pulled off the scheduler, whether or not the agent was actually checked
      (due to other potential errors).
    • Named a fixup without a name.
    • Agents that failed their status checks are now once again marked as such.