nomad-driver-nspawn icon indicating copy to clipboard operation
nomad-driver-nspawn copied to clipboard

Published 20 hours ago verified publisher icon JanMa

Bump github.com/hashicorp/nomad from 1.4.6 to 1.4.11

Open dependabot[bot] opened this issue 10 months ago • 0 comments

Bumps github.com/hashicorp/nomad from 1.4.6 to 1.4.11.

Release notes

Sourced from github.com/hashicorp/nomad's releases.

v1.4.11

1.4.11 (July 18, 2023)

SECURITY:

  • acl: Fixed a bug where a namespace ACL policy without label was applied to an unexpected namespace. CVE-2023-3072 [GH-17908]
  • search: Fixed a bug where ACL did not filter plugin and variable names in search endpoint. CVE-2023-3300 [GH-17906]
  • sentinel (Enterprise): Fixed a bug where ACL tokens could be exfiltrated via Sentinel logs CVE-2023-3299 [GH-17907]

IMPROVEMENTS:

  • cli: Add -quiet flag to nomad var init command [GH-17526]
  • cni: Ensure to setup CNI addresses in deterministic order [GH-17766]
  • deps: Updated Vault SDK to 0.9.0 [GH-17281]
  • deps: update docker to 23.0.3 [GH-16862]

BUG FIXES:

  • api: Fixed a bug that caused a panic when calling the Jobs().Plan() function with a job missing an ID [GH-17689]
  • api: add missing constant for unknown allocation status [GH-17726]
  • api: add missing field NetworkStatus for Allocation [GH-17280]
  • cgroups: Fixed a bug removing all DevicesSets when alloc is created/removed [GH-17535]
  • cli: Output error messages during deployment monitoring [GH-17348]
  • client: Fixed a bug where Nomad incorrectly wrote to memory swappiness cgroup on old kernels [GH-17625]
  • client: fixed a bug that prevented Nomad from fingerprinting Consul 1.13.8 correctly [GH-17349]
  • consul: Fixed a bug where Nomad would repeatedly try to revoke successfully revoked SI tokens [GH-17847]
  • core: Fix panic around client deregistration and pending heartbeats [GH-17316]
  • core: fixed a bug that caused job validation to fail when a task with kill_timeout was placed inside a group with update.progress_deadline set to 0 [GH-17342]
  • csi: Fixed a bug where CSI volumes would fail to restore during client restarts [GH-17840]
  • drivers/docker: Fixed a bug where long-running docker operations would incorrectly timeout [GH-17731]
  • identity: Fixed a bug where workload identities for periodic and dispatch jobs would not have access to their parent job's ACL policy [GH-17018]
  • replication: Fix a potential panic when a non-authoritative region is upgraded and a server with the new version becomes the leader. [GH-17476]
  • scheduler: Fixed a bug that could cause replacements for failed allocations to be placed in the wrong datacenter during a canary deployment [GH-17653]
  • scheduler: Fixed a panic when a node has only one configured dynamic port [GH-17619]
  • ui: dont show a service as healthy when its parent allocation stops running [GH-17465]

v1.4.10

1.4.10 (May 19, 2023)

IMPROVEMENTS:

  • core: Prevent task.kill_timeout being greater than update.progress_deadline [GH-16761]

BUG FIXES:

  • bug: Corrected status description and modification time for canceled evaluations [GH-17071]
  • client: Fixed a bug where restarting a terminal allocation turns it into a zombie where allocation and task hooks will run unexpectedly [GH-17175]
  • client: clean up resources upon failure to restore task during client restart [GH-17104]
  • scale: Fixed a bug where evals could be created with the wrong type [GH-17092]

... (truncated)

Changelog

Sourced from github.com/hashicorp/nomad's changelog.

1.4.11 (July 18, 2023)

SECURITY:

  • acl: Fixed a bug where a namespace ACL policy without label was applied to an unexpected namespace. CVE-2023-3072 [GH-17908]
  • search: Fixed a bug where ACL did not filter plugin and variable names in search endpoint. CVE-2023-3300 [GH-17906]
  • sentinel (Enterprise): Fixed a bug where ACL tokens could be exfiltrated via Sentinel logs CVE-2023-3299 [GH-17907]

IMPROVEMENTS:

  • cli: Add -quiet flag to nomad var init command [GH-17526]
  • cni: Ensure to setup CNI addresses in deterministic order [GH-17766]
  • deps: Updated Vault SDK to 0.9.0 [GH-17281]
  • deps: update docker to 23.0.3 [GH-16862]

BUG FIXES:

  • api: Fixed a bug that caused a panic when calling the Jobs().Plan() function with a job missing an ID [GH-17689]
  • api: add missing constant for unknown allocation status [GH-17726]
  • api: add missing field NetworkStatus for Allocation [GH-17280]
  • cgroups: Fixed a bug removing all DevicesSets when alloc is created/removed [GH-17535]
  • cli: Output error messages during deployment monitoring [GH-17348]
  • client: Fixed a bug where Nomad incorrectly wrote to memory swappiness cgroup on old kernels [GH-17625]
  • client: fixed a bug that prevented Nomad from fingerprinting Consul 1.13.8 correctly [GH-17349]
  • consul: Fixed a bug where Nomad would repeatedly try to revoke successfully revoked SI tokens [GH-17847]
  • core: Fix panic around client deregistration and pending heartbeats [GH-17316]
  • core: fixed a bug that caused job validation to fail when a task with kill_timeout was placed inside a group with update.progress_deadline set to 0 [GH-17342]
  • csi: Fixed a bug where CSI volumes would fail to restore during client restarts [GH-17840]
  • drivers/docker: Fixed a bug where long-running docker operations would incorrectly timeout [GH-17731]
  • identity: Fixed a bug where workload identities for periodic and dispatch jobs would not have access to their parent job's ACL policy [GH-17018]
  • replication: Fix a potential panic when a non-authoritative region is upgraded and a server with the new version becomes the leader. [GH-17476]
  • scheduler: Fixed a bug that could cause replacements for failed allocations to be placed in the wrong datacenter during a canary deployment [GH-17653]
  • scheduler: Fixed a panic when a node has only one configured dynamic port [GH-17619]
  • ui: dont show a service as healthy when its parent allocation stops running [GH-17465]

1.4.10 (May 19, 2023)

IMPROVEMENTS:

  • core: Prevent task.kill_timeout being greater than update.progress_deadline [GH-16761]

BUG FIXES:

  • bug: Corrected status description and modification time for canceled evaluations [GH-17071]
  • client: Fixed a bug where restarting a terminal allocation turns it into a zombie where allocation and task hooks will run unexpectedly [GH-17175]
  • client: clean up resources upon failure to restore task during client restart [GH-17104]
  • scale: Fixed a bug where evals could be created with the wrong type [GH-17092]
  • scheduler: Fixed a bug where implicit spread targets were treated as separate targets for scoring [GH-17195]
  • scheduler: Fixed a bug where scores for spread scheduling could be -Inf [GH-17198]

... (truncated)

Commits
  • 4357607 Generate files for 1.4.11 release
  • 7eba8cf search: fix ACL filtering for plugins and variables
  • 9cad78f acl: fix parsing of policies with blocks w/o label
  • 1f17219 redact token before passing to sentinel
  • 56e5f17 backport of commit a9eecb457cef34ee856681a51af94fe0f6db4b21 (#17945)
  • 0368bf0 backport of commit 0cb728ed68165888245cf8bc72e4dece5123ef4f (#17916)
  • 54786ec backport of commit 3d5bce76d00dff29c42c37bb20e38e4bf1d2187d (#17902)
  • f8d2568 backport of commit aceafc8994c34bce4513226bf219e80ccb450539 (#17894)
  • 0c7fc12 backport of commit 2964886884962b25fb3d7618b453b6cf9d65c4b1 (#17885)
  • 11f2c3d CSI: persist previous mounts on client to restore during restart (#17840) (#1...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Apr 01 '24 18:04 dependabot[bot]