Skip to content

v1.5.7
Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 19 Jul 07:23
v1.5.7
db3b99d

1.5.7 (July 18, 2023)

SECURITY:

  • acl: Fixed a bug where a namespace ACL policy without label was applied to an unexpected namespace. CVE-2023-3072 [GH-17908]
  • search: Fixed a bug where ACL did not filter plugin and variable names in search endpoint. CVE-2023-3300 [GH-17906]
  • sentinel (Enterprise): Fixed a bug where ACL tokens could be exfiltrated via Sentinel logs CVE-2023-3299 [GH-17907]

IMPROVEMENTS:

  • cli: Add -quiet flag to nomad var init command [GH-17526]
  • cli: Add check for missing host volume path in nomad config validate command [GH-17393]
  • client: check kernel module in /sys/module to help with WSL2 bridge networking [GH-17306]
  • cni: Ensure to setup CNI addresses in deterministic order [GH-17766]
  • deps: Updated Vault SDK to 0.9.0 [GH-17281]
  • deps: update docker to 23.0.3 [GH-16862]
  • docker: Add group_add configuration [GH-17313]
  • ui: adds keyboard nav for switching between regions by pressing "r 1", "r 2", etc. [GH-17169]

BUG FIXES:

  • api: Fixed a bug that caused a panic when calling the Jobs().Plan() function with a job missing an ID [GH-17689]
  • api: add missing constant for unknown allocation status [GH-17726]
  • api: add missing field NetworkStatus for Allocation [GH-17280]
  • cgroups: Fixed a bug removing all DevicesSets when alloc is created/removed [GH-17535]
  • cli: Fix a panic in the nomad job restart command when monitoring replacement allocations [GH-17346]
  • cli: Output error messages during deployment monitoring [GH-17348]
  • client: Fixed a bug where Nomad incorrectly wrote to memory swappiness cgroup on old kernels [GH-17625]
  • client: Fixed a bug where agent would panic during drain incurred by shutdown [GH-17450]
  • client: fixed a bug that prevented Nomad from fingerprinting Consul 1.13.8 correctly [GH-17349]
  • consul: Fixed a bug where Nomad would repeatedly try to revoke successfully revoked SI tokens [GH-17847]
  • core: Fix panic around client deregistration and pending heartbeats [GH-17316]
  • core: fixed a bug that caused job validation to fail when a task with kill_timeout was placed inside a group with update.progress_deadline set to 0 [GH-17342]
  • csi: Fixed a bug where CSI volumes would fail to restore during client restarts [GH-17840]
  • docker: Fixed a bug where network pause container would not be removed after node restart [GH-17455]
  • drivers/docker: Fixed a bug where long-running docker operations would incorrectly timeout [GH-17731]
  • identity: Fixed a bug where workload identities for periodic and dispatch jobs would not have access to their parent job's ACL policy [GH-17018]
  • replication: Fix a potential panic when a non-authoritative region is upgraded and a server with the new version becomes the leader. [GH-17476]
  • scheduler: Fixed a bug that could cause replacements for failed allocations to be placed in the wrong datacenter during a canary deployment [GH-17652]
  • scheduler: Fixed a panic when a node has only one configured dynamic port [GH-17619]
  • tls: Fixed a bug where the nomad tls cert command did not create certificates with the correct SANs for them to work with non default domain and region names. [GH-16959]
  • ui: dont show a service as healthy when its parent allocation stops running [GH-17465]
  • ui: fixed a handful of UX-related bugs during variable editing [GH-17319]
Assets 2
Loading