v0.9.7

BUG FIXES:

• core: Fixed server panic caused by a plan evicting and preempting allocs on a node [GH-6792]

v0.10.2-rc1

0.10.2 (November 22, 2019)

FEATURES:

• Nomad Monitor: New nomad monitor command allows remotely following
  the logs of any Nomad Agent (clients or servers). See
  https://nomadproject.io/docs/commands/monitor.html
• Docker Container Cleanup: Nomad will now automatically remove Docker
  containers for tasks leaked due to Nomad or Docker crashes or bugs.

IMPROVEMENTS:

• agent: Added support for running under Windows Service Manager [GH-6220]
• api: Added StartedAt field to Node.DrainStrategy [GH-6698]
• api: Added JSON representation of rules to policy endpoint response [GH-6017]
• api: Update policy endpoint to permit anonymous access [GH-6021]
• build: Updated to Go 1.12.13 [GH-6606]
• cli: Show full ID in node and alloc individual status views [GH-6425]
• client: Enable setting tags on Consul Connect sidecar service [GH-6448]
• client: Added support for downloading artifacts from Google Cloud Storage [GH-6692]
• command: Added -tls-server-name flag [GH-6370]
• command: Added nomad monitor command to stream logs at a specified level for debugging [GH-6499]
• quota: Added support for network bandwidth quota limits in Nomad enterprise

BUG FIXES:

• core: Ignore server config values if server is disabled [GH-6047]
• core: Added semver constraint for strict Semver 2.0 version comparisons [GH-6699]
• api: Return a 404 if endpoint not found instead of redirecting to /ui/ [GH-6658]
• api: Decompress web socket response body if gzipped on error responses [GH-6650]
• api: Fixed a bug where some FS/Allocation API endpoints didn't return error messages [GH-6427]
• api: Return 40X status code for failing ACL requests, rather than 500 [GH-6421]
• cli: Made scoring column orders consistent nomad alloc status [GH-6609]
• cli: Fixed a bug where nomad alloc exec fails if stdout is being redirected and not a TTY [GH-6684]
• cli: Fixed a bug where a cli user may fail to query FS/Allocation API endpoints if they lack node:read capability [GH-6423]
• client: client: Return empty values when host stats fail [GH-6349]
• client: Fixed a bug where a client may not restart dead internal processes upon client's restart on Windows [GH-6426]
• drivers: Fixed a bug where client may panic if a restored task failed to shutdown cleanly [GH-6763]
• driver/exec: Fixed a bug where exec tasks can spawn processes that live beyond task lifecycle [GH-6722]
• driver/docker: Added mechanism for detecting running unexpectedly running docker containers [GH-6325]
• nomad: Fixed registering multiple connect enabled services in the same task group [GH-6646]
• scheduler: Changes to devices in resource stanza should cause rescheduling [GH-6644]
• scheduler: Fixed a bug that allowed inplace updates after affinity or spread were changed [GH-6703]
• vault: Allow overriding implicit Vault version constraint [GH-6687]
• vault: Supported Vault auth role's new fields, token_period and token_explicit_max_ttl [GH-6574], [GH-6580]

v0.10.1

BUG FIXES:

• core: Fixed server panic when upgrading from 0.8 -> 0.10 and performing an
  inplace update of an allocation. [GH-6541]
• api: Fixed panic when submitting Connect-enabled job without using a bridge
  network [GH-6575]
• client: Fixed client panic when upgrading from 0.8 -> 0.10 and performing an
  inplace update of an allocation. [GH-6605]

v0.10.0

FEATURES:

• Consul Connect: Nomad may now register Consul Connect services and
  manages an Envoy proxy sidecar to provide secured service-to-service
  communication.
• Network Namespaces: Task Groups may now define a shared network
  namespace. Each allocation will receive its own network namespace and
  loopback interface. Ports may be forwarded from the host into the network
  namespace.
• Host Volumes: Nomad expanded support of stateful workloads through locally mounted storage volumes.
• UI Allocation File Explorer: Nomad UI enhanced operability with a visual file system explorer for allocations.

IMPROVEMENTS:

• core: Added rolling deployments for service jobs by default and max_parallel=0 disables deployments [GH-6191]
• agent: Allowed the job GC interval to be configured [GH-5978]
• agent: Added log_level to be reloaded on SIGHUP [GH-5996]
• api: Added follow parameter to file streaming endpoint to support older browsers [GH-6049]
• client: Upgraded go-getter to support GCP links [GH-6215]
• client: Remove consul service stanza from job init --short jobspec [GH-6179]
• drivers: Exposed namespace as NOMAD_NAMESPACE environment variable in running tasks [GH-6192]
• metrics: Added job status (pending, running, dead) metrics [GH-6003]
• metrics: Added status and scheduling ability to client metrics [GH-6130]
• server: Added an option to configure job GC interval [GH-5978]
• ui: Added allocation filesystem explorer [GH-5871]
• ui: Added creation time to evaluations table [GH-6050]

BUG FIXES:

• cli: Fixed nomad run ... on Windows so it works with unprivileged accounts [GH-6009]
• client: Fixed a bug in client fingerprinting on 32-bit nodes [GH-6239]
• client: Fixed a bug where completed allocations may re-run after client restart [GH-6216]
• client: Fixed failure to start if another client is already running with the same data directory [GH-6348]
• devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
• drivers/docker: Set gc image_delay default to 3 minutes [GH-6078]
• ui: Fixed a bug where the allocation log viewer would render HTML or hide content that matched XML syntax [GH-6048]
• ui: Fixed a bug where allocation log viewer doesn't show all content in Firefox [GH-6466]
• ui: Fixed navigation via clicking recent allocation row [GH-6087]

Nomad 0.10.0-rc1

FEATURES:

• Consul Connect: Nomad may now register Consul Connect services and
  manages an Envoy proxy sidecar to provide secured service-to-service
  communication.
• Network Namespaces: Task Groups may now define a shared network
  namespace. Each allocation will receive its own network namespace and
  loopback interface. Ports may be forwarded from the host into the network
  namespace.
• Host Volumes: Nomad expanded support of stateful workloads through locally mounted storage volumes.
• UI Allocation File Explorer: Nomad UI enhanced operability with a visual file system explorer for allocations.

IMPROVEMENTS:

• core: Added rolling deployments for service jobs by default and max_parallel=0 disables deployments [GH-6191]
• agent: Allowed the job GC interval to be configured [GH-5978]
• agent: Added log_level to be reloaded on SIGHUP [GH-5996]
• api: Added follow parameter to file streaming endpoint to support older browsers [GH-6049]
• client: Upgraded go-getter to support GCP links [GH-6215]
• client: Remove consul service stanza from job init --short jobspec [GH-6179]
• drivers: Exposed namespace as NOMAD_NAMESPACE environment variable in running tasks [GH-6192]
• metrics: Added job status (pending, running, dead) metrics [GH-6003]
• metrics: Added status and scheduling ability to client metrics [GH-6130]
• server: Added an option to configure job GC interval [GH-5978]
• ui: Added allocation filesystem explorer [GH-5871]
• ui: Added creation time to evaluations table [GH-6050]

BUG FIXES:

• cli: Fixed nomad run ... on Windows so it works with unprivileged accounts [GH-6009]
• client: Fixed a bug in client fingerprinting on 32-bit nodes [GH-6239]
• client: Fixed a bug where completed allocations may re-run after client restart [GH-6216]
• client: Fixed failure to start if another client is already running with the same data directory [GH-6348]
• devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
• drivers/docker: Set gc image_delay default to 3 minutes [GH-6078]
• ui: Fixed navigation via clicking recent allocation row [GH-6087]

Nomad 0.9.6

SECURITY:

• core: Redacted replication token in agent/self API endpoint. The replication token is a management token that can be used for further privilege escalation. CVE-2019-12741 [GH-6430]
• core: Fixed a bug where a user may start raw_exec task on clients despite driver being disabled. CVE-2019-15928 [GH-6227] [GH-6431]
• enterprise/acl: Fix ACL access checks in Nomad Enterprise where users may query allocation information and perform lifecycle actions in namespaces they are not authorized to. CVE-2019-16742 [GH-6432]

IMPROVEMENTS:

• client: Reduced memory footprint of nomad logging and executor processes [GH-6341]

BUG FIXES:

• core: Fixed a bug where scheduler may schedule an allocation on a node without required drivers [GH-6227]
• client: Fixed a bug where completed allocations may re-run after client restart [GH-6216] [GH-6207]
• client: Fixed a panic that may occur when an nomad alloc exec is initiated while process is terminating [GH-6065]
• devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
• drivers: Fixed port mapping for docker and qemu drivers [GH-6251]
• drivers/docker: Fixed a case where a nomad alloc exec would never time out [GH-6144]
• ui: Fixed a bug where allocation log viewer doesn't show all content. [GH-6048]

Nomad 0.9.5

SECURITY:

client/template: Fix security vulnerabilities associated with task template rendering (CVE-2019-14802), introduced in Nomad 0.5.0 [GH-6055] [GH-6075]
client/artifact: Fix a privilege escalation in the exec driver exploitable by artifacts with setuid permissions (CVE-2019-14803) [GH-6176]

BACKWARDS INCOMPATIBILITIES:

client/template: When rendering a task template, only task environment variables are included by default. [GH-6055]
client/template: When rendering a task template, the plugin function is no longer permitted by default and will raise an error. [GH-6075]
client/template: When rendering a task template, path parameters for the file function will be restricted to the task directory by default. Relative paths or symlinks that point outside the task directory will raise an error. [GH-6075]

IMPROVEMENTS:

core: Added create and modify timestamps to evaluations [GH-5881]

BUG FIXES:

api: Fixed job region to default to client node region if none provided [GH-6064]
ui: Fixed links containing IPv6 addresses to include required square brackets [GH-6007]
vault: Fix deadlock when reloading server Vault configuration [GH-6082]

v0.9.4

IMPROVEMENTS:

• api: Inferred content type of file in alloc filesystem stat endpoint [GH-5907]
• api: Used region from job hcl when not provided as query parameter in job registration and plan endpoints [GH-5664]
• core: Deregister nodes in batches rather than one at a time [GH-5784]
• core: Removed deprecated upgrade path code pertaining to older versions of Nomad [GH-5894]
• core: System jobs that fail because of resource availability are retried when resources are freed [GH-5900]
• core: Support reloading log level in agent via SIGHUP [GH-5996]
• client: Improved task event display message to include kill time out [GH-5943]
• client: Removed extraneous information to improve formatting for hcl parsing error messages [GH-5972]
• driver/docker: Added logging defaults to use json-file log driver with log rotation [GH-5846]
• metrics: Added namespace label as appropriate to metrics [GH-5847]
• ui: Added page titles [GH-5924]
• ui: Added buttons to copy client and allocation UUIDs [GH-5926]
• ui: Moved client status, draining, and eligibility fields into single state column [GH-5789]

BUG FIXES:

• core: Ensure plans are evaluated against a new enough snapshot index [GH-5791]
• core: Handle error case when attempting to stop a non-existent allocation [GH-5865]
• core: Improved job spec parsing error messages for variable interpolation failures [GH-5844]
• core: Fixed a bug where nomad log and exec requests may time out or fail in tls enabled clusters [GH-5954].
• client: Fixed a bug where consul service health checks may flap on client restart [GH-5837]
• client: Fixed a bug where too many check-based restarts would deadlock the client [GH-5975]
• client: Fixed a bug where successfully completed tasks may restart on client restart [GH-5890]
• client: Fixed a bug where stats of external driver plugins aren't collected on plugin restart [GH-5948]
• client: Fixed an issue where an alloc remains in pending state if nomad fails to create alloc directory [GH-5905]
• client: Fixed an issue where client may kill running allocs if the client and the leader are restarting simultaneously [GH-5906]
• client: Fixed regression that prevented registering multiple services with the same name but different ports in Consul correctly [GH-5829]
• client: Fixed a race condition when performing local task restarts that would result in incorrect task not found errors on Windows [GH-5899]
• client: Reduce CPU usage on clients running many tasks on Linux [GH-5951]
• client: Updated consul-template dependency to address issue with anonymous requests [GH-5976]
• driver: Fixed an issue preventing local task restarts on Windows [GH-5864]
• driver: Fixed an issue preventing external driver plugins from launching executor process [GH-5726]
• driver/docker: Fixed a bug mounting relative paths on Windows [GH-5811]
• driver/exec: Upgraded libcontainer dependency to avoid zombie runc:[1:CHILD]] processes [GH-5851]
• metrics: Added metrics for raft and state store indexes. [GH-5841]
• metrics: Upgrade prometheus client to avoid label conflicts [GH-5850]
• ui: Fixed ability to click sort arrow to change sort direction [GH-5833]