BREAKING CHANGES:
- docker: default to hyper-v isolation mode on Windows [GH-23452]
SECURITY:
- build: Updated Go to 1.22.5 to address CVE-2024-24791 [GH-23498]
- migration: Added a check for relative paths escaping the allocation directory when unpacking archive during migration, to harden clients against compromised peer clients sending malicious archives [GH-23319]
- security: Removed insecure TLS cipher suites:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA25
andTLS_RSA_WITH_AES_128_CBC_SHA256
. [GH-23551]
IMPROVEMENTS:
- deps: Updated Consul API to 1.29.1. [GH-23436]
- deps: Updated consul-template to 0.39 to allow admin partition and sameness groups queries. [GH-23436]
- docker: Validate that unprivileged containers aren't running as ContainerAdmin on Windows [GH-23443]
BUG FIXES:
- api: Fixed bug where newlines in JobSubmission vars weren't encoded correctly [GH-23560]
- cli: Fixed bug where the
plugin status
command would fail if the plugin ID was a prefix of another plugin ID [GH-23502] - cli: Fixed bug where the
quota status
andquota inspect
commands would fail if the quota name was a prefix of another quota name [GH-23502] - cli: Fixed bug where the
scaling policy info
command would fail if the policy ID was a prefix of another policy ID [GH-23502] - cli: Fixed bug where the
service info
command would fail if the service name was a prefix of another service name in the same namespace [GH-23502] - cli: Fixed bug where the
volume deregister
,volume detach
, andvolume status
commands would fail if the volume ID was a prefix of another volume ID in the same namespace [GH-23502] - consul: Fixed a bug where service registration and Envoy bootstrap would not wait for Consul ACL tokens and services to be replicated to the local agent [GH-23381]
- qemu: Fixed a bug that prevented
qemu
tasks from running on Linux [GH-23466] - quota (Enterprise): Fixed a bug where a task's resource core count was not translated to CPU MHz and checked against its quota when performing a job plan [GH-18876]
- scheduler: Fix a bug where reserved resources are not calculated correctly [GH-23386]
- server: Fixed a bug where expiring heartbeats for garbage collected nodes could panic the server [GH-23383]
- template: Fix template rendering on Windows [GH-23432]