github hashicorp/nomad v1.9.4
on GitHub

13 hours ago

1.9.4 (December 18, 2024)

SECURITY:

  • api: sanitize the SignedIdentities in allocations to prevent privilege escalation through unredacted workload identity token impersonation associated with ACL policies. [GH-24683]
  • security: Added more host environment variables to the default deny list for tasks [GH-24540]
  • security: Explicitly set 'Content-Type' header to mitigate XSS vulnerability [GH-24489]
  • security: add executeTemplate to default template function_denylist [GH-24541]

IMPROVEMENTS:

  • actions: Nomad Actions names now accept a wider range of names [GH-24642]
  • api: Sanitise hcl variables before storage on JobSubmission [GH-24423]
  • client: Emit telemetry from prerun and prestart hooks for monitoring and alerting [GH-24556]
  • cni: Add Nomad specific workload information to CNI_ARGS [GH-24319]
  • core: add the possibility to scale system jobs between 0 and 1 [GH-24363]
  • ui: Add an Edit From Version button as an option when reverting from an older job version [GH-24168]
  • ui: Adds metadata tables to Task Group and Task pages [GH-24594]

BUG FIXES:

  • agent: Fixed a bug where retry_join gave up after a single failure, rather than retrying until max attempts had been reached [GH-24561]
  • api: Fixed a bug where alloc exec/logs/fs APIs would return errors for non-global regions [GH-24644]
  • cli: Ensure the operator autopilot health command only outputs JSON when the json flag is supplied [GH-24655]
  • consul: Fixed a bug where failures when syncing Consul checks could panic the Nomad agent [GH-24513]
  • consul: Fixed a bug where non-root Nomad agents could not recreate a task's Consul token on task restart [GH-24410]
  • csi: Fixed a bug where drivers that emit multiple topology segments would cause placements to fail [GH-24522]
  • csi: Removed redundant namespace output from volume status command [GH-24432]
  • discovery: Fixed a bug where IPv6 addresses would not be accepted from cloud autojoin [GH-24649]
  • drivers: fix executor leak when drivers error starting tasks [GH-24495]
  • executor: validate executor on reattach to avoid possibility of killing non-Nomad processes [GH-24538]
  • keyring: Fixed a bug when decrypting aead with an empty RSA block on state upserts [GH-24442]
  • networking: use a tmpfs location for the state of CNI IPAM plugin used by bridge mode, to fix a bug where allocations would fail to restore after host reboot [GH-24650]
  • scheduler: Fix bug where forced garbage collection does not ignore GC thresholds [GH-24456]
  • scheduler: take all assigned cpu cores into account instead of only those part of the largest lifecycle [GH-24304]
  • ui: Fix a bug where namespaced jobs wouldn't show diffs on the versions page [GH-24466]
  • ui: Fix an issue where 2 parent jobs would see the others dispatches if it were otherwise empty [GH-24668]
  • ui: Fix an issue where cmd+click or ctrl+click would double-open a var [GH-24316]
  • ui: Fix an issue where system jobs with garbage-collected allocations were showing as Scaled Down [GH-24620]
  • ui: Fix an issue where volumes weren't navigable [GH-24542]
  • vault: Fixed a bug where expired secret leases were treated as non-fatal and retried [GH-24409]
  • windows: Restore process accounting logic from Nomad 1.6.x [GH-24494]
Check out latest releases or
releases around hashicorp/nomad v1.9.4

Don't miss a new nomad release

NewReleases is sending notifications on new releases.

Get notifications