1.8.2 (July 16, 2024)
BREAKING CHANGES:
- docker: default to hyper-v isolation mode on Windows [GH-23452]
SECURITY:
- build: Updated Go to 1.22.5 to address CVE-2024-24791 [GH-23498]
- migration: Added a check for relative paths escaping the allocation directory when unpacking archive during migration, to harden clients against compromised peer clients sending malicious archives [GH-23319]
- security: Removed insecure TLS cipher suites:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA25
andTLS_RSA_WITH_AES_128_CBC_SHA256
. [GH-23551]
IMPROVEMENTS:
- client: add a preferred_address_family config to prefer ipv4 or ipv6 when deducing IP from network interface [GH-23389]
- cni: allow users to input CNI args in job specification [GH-23538]
- deps: Updated Consul API to 1.29.1. [GH-23436]
- deps: Updated consul-template to 0.39 to allow admin partition and sameness groups queries. [GH-23436]
- docker: Validate that unprivileged containers aren't running as ContainerAdmin on Windows [GH-23443]
- namespaces: Added warnings if deleting namespaces that have existing objects associated with them [GH-23499]
- quota (Enterprise): Allow CPU cores to be configured within a quota [GH-23543]
- scaling: Added
-check-index
support tojob scale
command [GH-23457] - ui: Allow users to create Global ACL tokens from the Administration UI [GH-23506]
- ui: Update headers in the Admin section to use the HashiCorp Design System [GH-23366]
- ui: allow for multiple namespaces in jobs index filters [GH-23468]
BUG FIXES:
- api: Fixed bug where newlines in JobSubmission vars weren't encoded correctly [GH-23560]
- cli: Fixed bug where the
plugin status
command would fail if the plugin ID was a prefix of another plugin ID [GH-23502] - cli: Fixed bug where the
quota status
andquota inspect
commands would fail if the quota name was a prefix of another quota name [GH-23502] - cli: Fixed bug where the
scaling policy info
command would fail if the policy ID was a prefix of another policy ID [GH-23502] - cli: Fixed bug where the
service info
command would fail if the service name was a prefix of another service name in the same namespace [GH-23502] - cli: Fixed bug where the
volume deregister
,volume detach
, andvolume status
commands would fail if the volume ID was a prefix of another volume ID in the same namespace [GH-23502] - consul: Fixed a bug where service registration and Envoy bootstrap would not wait for Consul ACL tokens and services to be replicated to the local agent [GH-23381]
- plugins: Fix panic on systems that don't support NUMA [GH-23399]
- qemu: Fixed a bug that prevented
qemu
tasks from running on Linux [GH-23466] - quota (Enterprise): Fixed a bug where a task's resource core count was not translated to CPU MHz and checked against its quota when performing a job plan [GH-18876]
- scheduler: Fix a bug where reserved resources are not calculated correctly [GH-23386]
- server: Fixed a bug where expiring heartbeats for garbage collected nodes could panic the server [GH-23383]
- template: Fix template rendering on Windows [GH-23432]
- ui: Actions run from jobs with explicit name properties now work from the web UI [GH-23553]
- ui: Dont show keyboard nav hints when taking a screenshot [GH-23365]
- ui: Fix an issue where a remotely purged job would prevent redirect from taking place in the web UI [GH-23492]
- ui: Fix an issue where access to Job Templates in the UI was restricted to variable.write access [GH-23458]
- ui: Fix the Upload Jobspec button on the Run Job page [GH-23548]
- ui: Fixed support for namespace parameter on job statuses API [GH-23456]
- ui: fix an issue where gateway timeouts would cause the jobs list to revert to null, gives users a Pause Fetch option [GH-23427]
- vault: Fixed a bug where requests to derive or renew tokens could be sent to the wrong namespace [GH-23491]