v1.5.17

1.5.17 (April 16, 2024)

SECURITY:

• artifact: Updated go-getter dependency to v1.7.4 to address CVE-2024-3817 [GH-20391]

BUG FIXES:

• api: Fixed a bug where AllocDirStats field was missing from Read Stats client API [GH-20261]
• cli: Fixed a bug where operator debug did not respect the -pprof-interval flag and would take only one profile [GH-20206]
• cni: Fixed a regression where default DNS set by dockerd or other task drivers was not respected [GH-20189]
• config: Fixed a bug where IPv6 addresses were not accepted without ports for client.servers blocks [GH-20324]
• deployments: Fixed a goroutine leak when jobs are purged [GH-20348]
• deps: Updated consul-template dependency to 0.37.4 to fix a resource leak [GH-20234]
• drain: Fixed a bug where Workload Identity tokens could not be used to drain a node [GH-20317]
• state: Fixed a bug where restarting a server could fail if the Raft logs include a drain update that used a now-expired token [GH-20317]
• template: Fixed a bug where a partial client.template block would cause defaults for unspecified fields to be ignored [GH-20165]

v1.7.6

1.7.6 (March 12, 2024)

SECURITY:

• build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
• deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]

IMPROVEMENTS:

• cli: Added -json option on job status command [GH-18925]
• fingerprint: Added a fingerprint for Consul DNS address and port [GH-19969]

BUG FIXES:

• cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
• client: Fixed a bug where corrupt client state could panic the client [GH-19972]
• cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
• connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]
• server: Prevent NPE when service lacks identity [GH-19986]

v1.6.9

1.6.9 (March 12, 2024)

SECURITY:

• build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
• deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]

BUG FIXES:

• cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
• client: Fixed a bug where corrupt client state could panic the client [GH-19972]
• cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
• connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]

v1.5.16

1.5.16 (March 12, 2024)

SECURITY:

• build: Update to go1.22 to address Go standard library vulnerabilities CVE-2024-24783, CVE-2023-45290, and CVE-2024-24785. [GH-20066]
• deps: Upgrade protobuf library to 1.33.0 to avoid scan alerts for CVE-2024-24786, which Nomad is not vulnerable to [GH-20100]

BUG FIXES:

• cli: Fixed a bug where the nomad job restart command could crash if the job type was not present in a response from the server [GH-20049]
• client: Fixed a bug where corrupt client state could panic the client [GH-19972]
• cni: Fixed a bug where DNS set by CNI plugins was not provided to task drivers [GH-20007]
• connect: Fixed a bug where expose blocks would not appear in job plan diff output [GH-19990]

v1.7.5

1.7.5 (February 13, 2024)

SECURITY:

• windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]

IMPROVEMENTS:

• api: emit JobDeregistered event when job is deregistered with purge [GH-19903]

BUG FIXES:

• cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
• cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
• client: Ensure the value for CPU shares are within the allowed range [GH-19935]
• client: Prevent client from starting if cgroup initialization fails [GH-19915]
• connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
• driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
• driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
• driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
• exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
• scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
• ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]

v1.6.8

1.6.8 (February 13, 2024)

SECURITY:

• windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]

BUG FIXES:

• cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
• cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
• connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
• exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
• scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
• ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]

v1.5.15

1.5.15 (February 13, 2024)

SECURITY:

• windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]

BUG FIXES:

• cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
• connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
• exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
• scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
• ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]

v1.7.4

1.7.4 (February 08, 2024)

SECURITY:

• deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
• migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
• template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]

v1.6.7

1.6.7 (February 08, 2024)

SECURITY:

• deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
• migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
• template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]

v1.5.14

1.5.14 (February 08, 2024)

SECURITY:

• deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
• migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
• template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]