1.8.2 (June 21, 2022)
NOTES:
The Packer plugin SDK includes the latest version of the go-getter library, which has been updated to address the vulnerabilities listed in HCSEC-2022-13.
The updated SDK contains changes that can be breaking for some plugins as the updated go-getter settings in the SDK prevent reading/writing through symlinks and to sub-directories that require upward path traversal (e.g /tmp/.../etc/hosts). The updates also includes a 30 minute maximum timeout for file downloading, which can be an issue for very large or slow downloads if they exceed more than 30 minutes to complete.
SECURITY:
- Bump packer-plugin-sdk to v0.3.0 to address reported vulnerabilities within
the go-getter library.
GH-11843 - Bump plugins relying on go-getter for downloading remote files to address
reported vulnerabilities within the go-getter library. See HCSEC-2022-13 for details.
GH-11844
FEATURES:
- Future Scaffolding: This release contains changes that allow Packer core to
validate that a newly built image is a direct child of a HCP Packer
registry source image. This feature is only available for HCP Packer
enabled builds using thehcp_packer_imagedata source for setting a
builder's source image.
GH-11832
PLUGINS:
External plugins have been pinned to the following versions. Please see their
respective changelogs for details on plugin specific bug fixes and
improvements.
- azure@v1.1.0 - CHANGELOG
- hyperv@v1.0.4 - CHANGELOG
- parallels@v1.0.3 - CHANGELOG
- proxmox@v1.0.8 - CHANGELOG
- qemu@v1.0.5 - CHANGELOG
- vagrant@v1.0.3 - CHANGELOG
- virtualbox@v1.0.4 - CHANGELOG
- vmware@v1.0.7 - CHANGELOG
- vsphere@v1.0.5 - CHANGELOG
IMPROVEMENTS:
- Add
pause_afterconfiguration argument to Powershell provisioner.
GH-11792 - HCP Packer data sources will now fail for revoked iterations to prevent building non-compliant images.
GH-11854
BUG FIXES:
- Add missing support for the
envconfiguration argument in remote shell
provisioners. GH-11819 - The preinst and postrm user scripts, including the service configuration
directives, have been removed from the Packer rpm installations packages,
as Packer does not require a service user in order to run.
GH-11831