v1.7.1

1.7.1 (December 08, 2023)

BUG FIXES:

• cli: Fixed a bug that caused the nomad agent command to ignore the VAULT_TOKEN and VAULT_NAMESPACE environment variables [GH-19349]
• client: remove incomplete allocation entries from client state database during client restarts [GH-16638]
• connect: Fixed a bug where deployments would not wait for Connect sidecar task health checks to pass [GH-19334]
• keyring: Fixed a bug where RSA keys were not replicated to followers [GH-19350]

v1.7.0

1.7.0 (December 07, 2023)

FEATURES:

• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]
• core: Honor job's namespace when checking distinct_hosts feasibility [GH-19004]

SECURITY:

• build: Update to go1.21.4 to resolve Windows path validation CVE in Go [GH-19013]
• build: Update to go1.21.5 to resolve Windows path validation CVE in Go [GH-19320]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added help text to acl bootstrap about reading the initial token from a file [GH-18961]
• cli: Added identities, networks, and volumes to the output of the operator client-state command [GH-18996]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• config: Add go-netaddrs support to server_join.retry_join [GH-18745]
• consul: constraint for minimum version of Consul increased to 1.8.0 [GH-19104]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• sso: Allow adding a token name format to auth methods which can be used to generate token names when signing in via SSO [GH-19135]
• ui: color-code node and server status cells [GH-18318]
• ui: for system and sysbatch jobs, now show client name on hover in job panel [GH-19051]
• ui: nicer comment styles in UI example jobs [GH-19037]
• ui: show plan output warnings alongside placement failures and dry-run info when running a job through the web ui [GH-19225]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

DEPRECATIONS:

• config: Loading plugins from plugin_dir without a plugin configuration block is deprecated [GH-19189]

BUG FIXES:

• agent: Correct websocket status code handling [GH-19172]
• api: Fix panic in Allocation.Stub method when Job is unset [GH-19115]
• cli: Fixed a bug that caused the nomad job restart command to miscount the allocations to restart [GH-19155]
• cli: Fixed a bug where the operator client-state command would crash if it reads an allocation without a task state [GH-18996]
• cli: Fixed a panic when the nomad job restart command received an interrupt signal while waiting for an answer [GH-19154]
• cli: Fixed the nomad job restart command to create replacements for batch and system jobs and to prevent sysbatch jobs from being rescheduled since they never create replacements [GH-19147]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• core: Fix incorrect submit time for stopped jobs [GH-18967]
• ui: Fixed an issue where purging a job with a namespace did not process correctly [GH-19139]
• ui: fix an issue where starting a stopped job with default-less variables would not retain those variables when done via the job page start button in the web ui [GH-19220]
• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]
• variables: Fixed a bug where poststop tasks were not allowed access to Variables [GH-18754]
• vault: Fixed a bug where poststop tasks would not get a Vault token [GH-19268]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.6.4

1.6.4 (December 07, 2023)

BREAKING CHANGES:

• core: Honor job's namespace when checking distinct_hosts feasibility [GH-19004]

SECURITY:

• build: Update to go1.21.4 to resolve Windows path validation CVE in Go [GH-19013]
• build: Update to go1.21.5 to resolve Windows path validation CVE in Go [GH-19320]

IMPROVEMENTS:

• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• ui: color-code node and server status cells [GH-18318]
• ui: show plan output warnings alongside placement failures and dry-run info when running a job through the web ui [GH-19225]

BUG FIXES:

• agent: Correct websocket status code handling [GH-19172]
• api: Fix panic in Allocation.Stub method when Job is unset [GH-19115]
• cli: Fixed a bug that caused the nomad job restart command to miscount the allocations to restart [GH-19155]
• cli: Fixed a panic when the nomad job restart command received an interrupt signal while waiting for an answer [GH-19154]
• cli: Fixed the nomad job restart command to create replacements for batch and system jobs and to prevent sysbatch jobs from being rescheduled since they never create replacements [GH-19147]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• core: Fix incorrect submit time for stopped jobs [GH-18967]
• ui: Fixed an issue where purging a job with a namespace did not process correctly [GH-19139]
• ui: fix an issue where starting a stopped job with default-less variables would not retain those variables when done via the job page start button in the web ui [GH-19220]
• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]
• variables: Fixed a bug where poststop tasks were not allowed access to Variables [GH-19270]
• vault: Fixed a bug where poststop tasks would not get a Vault token [GH-19268]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.5.11

1.5.11 (December 07, 2023)

BREAKING CHANGES:

• core: Honor job's namespace when checking distinct_hosts feasibility [GH-19004]

SECURITY:

• build: Update to go1.21.5 to resolve Windows path validation CVE in Go [GH-19320]

BUG FIXES:

• agent: Correct websocket status code handling [GH-19172]
• api: Fix panic in Allocation.Stub method when Job is unset [GH-19115]
• cli: Fixed a panic when the nomad job restart command received an interrupt signal while waiting for an answer [GH-19154]
• cli: Fixed the nomad job restart command to create replacements for batch and system jobs and to prevent sysbatch jobs from being rescheduled since they never create replacements [GH-19147]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• core: Fix incorrect submit time for stopped jobs [GH-18967]
• ui: Fixed an issue where purging a job with a namespace did not process correctly [GH-19139]
• variables: Fixed a bug where poststop tasks were not allowed access to Variables [GH-19270]
• vault: Fixed a bug where poststop tasks would not get a Vault token [GH-19268]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.7.0-rc.1

FEATURES:

• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]
• core: Honor job's namespace when checking distinct_hosts feasibility [GH-19004]

SECURITY:

• build: Update to go1.21.4 to resolve Windows path validation CVE in Go [GH-19013]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added help text to acl bootstrap about reading the initial token from a file [GH-18961]
• cli: Added identities, networks, and volumes to the output of the operator client-state command [GH-18996]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• config: Add go-netaddrs support to server_join.retry_join [GH-18745]
• consul: constraint for minimum version of Consul increased to 1.8.0 [GH-19104]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• sso: Allow adding a token name format to auth methods which can be used to generate token names when signing in via SSO [GH-19135]
• ui: color-code node and server status cells [GH-18318]
• ui: for system and sysbatch jobs, now show client name on hover in job panel [GH-19051]
• ui: nicer comment styles in UI example jobs [GH-19037]
• ui: show plan output warnings alongside placement failures and dry-run info when running a job through the web ui [GH-19225]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

DEPRECATIONS:

• config: Loading plugins from plugin_dir without a plugin configuration block is deprecated [GH-19189]

BUG FIXES:

• agent: Correct websocket status code handling [GH-19172]
• api: Fix panic in Allocation.Stub method when Job is unset [GH-19115]
• cli: Fixed a bug that caused the nomad job restart command to miscount the allocations to restart [GH-19155]
• cli: Fixed a bug where the operator client-state command would crash if it reads an allocation without a task state [GH-18996]
• cli: Fixed a panic when the nomad job restart command received an interrupt signal while waiting for an answer [GH-19154]
• cli: Fixed the nomad job restart command to create replacements for batch and system jobs and to prevent sysbatch jobs from being rescheduled since they never create replacements [GH-19147]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• core: Fix incorrect submit time for stopped jobs [GH-18967]
• ui: Fixed an issue where purging a job with a namespace did not process correctly [GH-19139]
• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.7.0-beta.2

FEATURES:

• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]

SECURITY:

• build: Update to go1.21.4 to resolve Windows path validation CVE in Go [GH-19013]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added help text to acl bootstrap about reading the initial token from a file [GH-18961]
• cli: Added identities, networks, and volumes to the output of the operator client-state command [GH-18996]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• config: Add go-netaddrs support to server_join.retry_join [GH-18745]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• ui: color-code node and server status cells [GH-18318]
• ui: for system and sysbatch jobs, now show client name on hover in job panel [GH-19051]
• ui: nicer comment styles in UI example jobs [GH-19037]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

BUG FIXES:

• cli: Fixed a bug where the operator client-state command would crash if it reads an allocation without a task state [GH-18996]
• client: Fixed a bug where client API calls would fail incorrectly with permission denied errors when using ACL tokens with dangling policies [GH-18972]
• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]
• vault: Fixed an issue that could cause Nomad to attempt to renew a Vault token that is already expired [GH-18985]

v1.7.0-beta.1

FEATURES:

• NUMA aware scheduling: Nomad Enterprise now supports optimized scheduling on NUMA hardware [GH-18681]
• Multiple Vault and Consul Clusters: Nomad Enterprise can now use multiple Vault or Consul clusters. Each task or service can be registered with a different Consul cluster and each task can obtain secrets from a different Vault cluster. [GH-5311]
• Workload Identity IDP: Nomad's workload identities may now be used with third parties that support JWT or OIDC IDPs such as the AWS IAM OIDC Provider. [GH-18691]
• Workload Identity for Consul: Jobs can now use workload identity to authenticate to Consul. [GH-15618]
• Workload Identity for Vault: Jobs can now use workload identity to authenticate to Vault. [GH-15617]
• Job Actions: Introduces the action concept to jobspecs, the web UI, CLI and API. Operators can now define actions that Nomad users can execute against running allocations. [GH-18794]

BREAKING CHANGES:

• client/fingerprint: The cpu.numcores.power node attribute has been renamed to cpu.numcores.performance on Apple Silicon nodes [GH-18843]
• client: the unique.cgroup.mountpoint node attribute has been removed [GH-18371]
• client: the unique.cgroup.version node attribute has been renamed to os.cgroups.version [GH-18371]

IMPROVEMENTS:

• api: Add JWKS HTTP API endpoint [GH-18035]
• api: Added support for Unix domain sockets [GH-16872]
• build (Enterprise): Support building s390x binaries. [GH-18069]
• cli: Add file prediction for operator raft/snapshot commands [GH-18901]
• cli: Added support for prefix ID matching and wildcard namespaces to service info command [GH-18836]
• client: add support for NetBSD clients [GH-18562]
• client: enable detection of numa topology [GH-18146]
• deps: bumped shirou/gopsutil to v3.23.9 [GH-18562]
• fingerprint: clients now backoff after successfully fingerprinting Consul [GH-18426]
• identity: Add support for multiple workload identities [GH-18123]
• identity: Implement change_mode and change_signal for workload identities [GH-18943]
• identity: Support jwt expiration and rotation [GH-18262]
• identity: default to RS256 for new workload ids [GH-18882]
• sentinel (Enterprise): Add existing job information to Sentinel when available. [GH-18553]
• server: Added transfer-leadership API and CLI [GH-17383]
• ui: color-code node and server status cells [GH-18318]
• ui: simplify presentation of task event times (10m2.230948s bceomes 10m2s etc.) [GH-18595]
• vars: Added a locking feature for Nomad Variables [GH-18520]

BUG FIXES:

• ui: fix the job auto-linked variable path name when user lacks variable write permissions [GH-18598]

v1.6.3

1.6.3 (October 30, 2023)

SECURITY:

• build: Update to Go 1.21.3 [GH-18717]

IMPROVEMENTS:

• agent: Added config option to enable file and line log detail [GH-18768]
• api: Added support for the log_include_location query parameter within the
  /v1/agent/monitor HTTP endpoint [GH-18795]
• cli: Add -prune flag to nomad operator force-leave command [GH-18463]
• cli: Added log-include-location flag to the monitor command [GH-18795]
• cli: Added log-include-location flag to the operator debug command [GH-18795]
• csi: add ability to expand the size of volumes for plugins that support it [GH-18359]
• template: reduce memory usage associated with communicating with the Nomad API [GH-18524]
• ui: observe a token's roles' rules in the UI and add an interface for managing tokens, roles, and policies [GH-17770]

BUG FIXES:

• build: Add timetzdata Go build tag on Windows binaries to embed time zone data so periodic jobs are able to specify a time zone value on Windows environments [GH-18676]
• cli: Fixed an unexpected behavior of the nomad acl token update command that could cause a management token to be downgraded to client on update [GH-18689]
• cli: Use same offset when following single or multiple alloc logs [GH-18604]
• cli: ensure HCL env vars are added to the job submission object in the job run command [GH-18832]
• client: ensure null dynamic node metadata values are removed from memory [GH-18664]
• client: prevent tasks from starting without the prestart hooks running [GH-18662]
• metrics: Fixed a bug where CPU counters could report errors for negative values [GH-18835]
• scaling: Unblock blocking queries to /v1/job/{job-id}/scale if the job goes away [GH-18637]
• scheduler (Enterprise): auto-unblock evals with associated quotas when node resources are freed up [GH-18838]
• scheduler: Ensure duplicate allocation IDs are tracked and fixed when performing job updates [GH-18873]
• server: Fixed a bug where Raft server configuration parameters were not correctly merged [GH-18494]
• services: use interpolated address when performing nomad service health checks [GH-18584]
• ui: using start/stop from the job page in the UI will no longer fail when the job lacks HCL submission data [GH-18621]

v1.5.10

1.5.10 (October 30, 2023)

SECURITY:

• build: Update to Go 1.21.3 [GH-18717]

BUG FIXES:

• build: Add timetzdata Go build tag on Windows binaries to embed time zone data so periodic jobs are able to specify a time zone value on Windows environments [GH-18676]
• cli: Fixed an unexpected behavior of the nomad acl token update command that could cause a management token to be downgraded to client on update [GH-18689]
• client: ensure null dynamic node metadata values are removed from memory [GH-18664]
• client: prevent tasks from starting without the prestart hooks running [GH-18662]
• csi: check controller plugin health early during volume register/create [GH-18570]
• metrics: Fixed a bug where CPU counters could report errors for negative values [GH-18835]
• scaling: Unblock blocking queries to /v1/job/{job-id}/scale if the job goes away [GH-18637]
• scheduler (Enterprise): auto-unblock evals with associated quotas when node resources are freed up [GH-18838]
• scheduler: Ensure duplicate allocation IDs are tracked and fixed when performing job updates [GH-18873]
• services: use interpolated address when performing nomad service health checks [GH-18584]

v1.4.14

1.4.14 (October 30, 2023)

SECURITY:

• build: Update to Go 1.21.3 [GH-18717]

BUG FIXES:

• build: Add timetzdata Go build tag on Windows binaries to embed time zone data so periodic jobs are able to specify a time zone value on Windows environments [GH-18676]
• cli: Fixed an unexpected behavior of the nomad acl token update command that could cause a management token to be downgraded to client on update [GH-18689]
• client: prevent tasks from starting without the prestart hooks running [GH-18662]
• csi: check controller plugin health early during volume register/create [GH-18570]
• metrics: Fixed a bug where CPU counters could report errors for negative values [GH-18835]
• scaling: Unblock blocking queries to /v1/job/{job-id}/scale if the job goes away [GH-18637]
• scheduler (Enterprise): auto-unblock evals with associated quotas when node resources are freed up [GH-18838]
• scheduler: Ensure duplicate allocation IDs are tracked and fixed when performing job updates [GH-18873]
• services: use interpolated address when performing nomad service health checks [GH-18584]