Releases: hashicorp/nomad
v0.12.9
v0.11.8
v0.10.9
v0.11.7
Nomad 0.12.8, Nomad 0.11.7, and Nomad 0.10.8 were released with an important security fix and a critical bug fix:
CVE-2020-28348 Nomad File Sandbox Escape via Container Volume Mount
A vulnerability was discovered in Nomad and Nomad Enterprise (“Nomad”) such that an operator with job submission capabilities can mount the host file system of a client agent and subvert the default Docker file sandbox feature when not explicitly disabled or when using a volume mount type. This vulnerability affects version 0.9.0 up to 0.12.7, and is fixed in the 0.12.8, 0.11.7, and 0.10.8 releases.
Nomad disables host filesystem access by default in 0.12.0 and above to prevent job operators from accessing the client filesystem used to persistently store any required data on disk. The Docker task driver provides a volume mount type which can be used to access the client host filesystem from within a container, but clients must be configured to enable mounting directories outside an allocation’s path to prevent abuse from unprivileged operators.
This issue is identified publicly as CVE-2020-28348.
Critical Bug During Upgrades from pre-0.9
A bug was identified in all versions of Nomad after 0.9.2. If a client agent is upgraded from a pre-0.9 version of Nomad to 0.9.2 or later; then all exec-based tasks (including exec, raw_exec, java, qemu) will fail to recover, will be leaked, and then Nomad will start another task. The leaked pre-0.9 task will run un-interrupted and unmanaged until the client dies or the task is killed manually.
v0.10.8
Nomad 0.12.8, Nomad 0.11.7, and Nomad 0.10.8 were released with an important security fix and a critical bug fix:
CVE-2020-28348 Nomad File Sandbox Escape via Container Volume Mount
A vulnerability was discovered in Nomad and Nomad Enterprise (“Nomad”) such that an operator with job submission capabilities can mount the host file system of a client agent and subvert the default Docker file sandbox feature when not explicitly disabled or when using a volume mount type. This vulnerability affects version 0.9.0 up to 0.12.7, and is fixed in the 0.12.8, 0.11.7, and 0.10.8 releases.
Nomad disables host filesystem access by default in 0.12.0 and above to prevent job operators from accessing the client filesystem used to persistently store any required data on disk. The Docker task driver provides a volume mount type which can be used to access the client host filesystem from within a container, but clients must be configured to enable mounting directories outside an allocation’s path to prevent abuse from unprivileged operators.
This issue is identified publicly as CVE-2020-28348.
Critical Bug During Upgrades from pre-0.9
A bug was identified in all versions of Nomad after 0.9.2. If a client agent is upgraded from a pre-0.9 version of Nomad to 0.9.2 or later; then all exec-based tasks (including exec, raw_exec, java, qemu) will fail to recover, will be leaked, and then Nomad will start another task. The leaked pre-0.9 task will run un-interrupted and unmanaged until the client dies or the task is killed manually.
v0.12.8
Nomad 0.12.8, Nomad 0.11.7, and Nomad 0.10.8 were released with an important security fix and a critical bug fix:
CVE-2020-28348 Nomad File Sandbox Escape via Container Volume Mount
A vulnerability was discovered in Nomad and Nomad Enterprise (“Nomad”) such that an operator with job submission capabilities can mount the host file system of a client agent and subvert the default Docker file sandbox feature when not explicitly disabled or when using a volume mount type. This vulnerability affects version 0.9.0 up to 0.12.7, and is fixed in the 0.12.8, 0.11.7, and 0.10.8 releases.
Nomad disables host filesystem access by default in 0.12.0 and above to prevent job operators from accessing the client filesystem used to persistently store any required data on disk. The Docker task driver provides a volume mount type which can be used to access the client host filesystem from within a container, but clients must be configured to enable mounting directories outside an allocation’s path to prevent abuse from unprivileged operators.
This issue is identified publicly as CVE-2020-28348.
Critical Bug During Upgrades from pre-0.9
A bug was identified in all versions of Nomad after 0.9.2. If a client agent is upgraded from a pre-0.9 version of Nomad to 0.9.2 or later; then all exec-based tasks (including exec, raw_exec, java, qemu) will fail to recover, will be leaked, and then Nomad will start another task. The leaked pre-0.9 task will run un-interrupted and unmanaged until the client dies or the task is killed manually.
v1.0.0-beta2
FEATURES:
- Event Stream: Subscribe to change events as they occur in real time. [GH-9013]
- Namespaces OSS: Namespaces are now available in open source Nomad. [GH-9135]
- Topology Visualization: See all of the clients and allocations in a cluster at once. [GH-9077]
BACKWARDS INCOMPATIBILITIES:
- core: null characters are prohibited in region, datacenter, job name/ID, task group name, and task name [GH-9020]
- csi: registering a CSI volume with a
block-deviceattachment mode andmount_optionsnow returns a validation error, instead of silently dropping themount_options. [GH-9044] - driver/docker: Tasks are now issued SIGTERM instead of SIGINT when stopping [GH-8932]
- telemetry: removed backwards compatible/untagged metrics deprecated in 0.7 [GH-9080]
IMPROVEMENTS:
- core: Improved job deregistration error logging. [GH-8745]
- api: Added support for cancellation contexts to HTTP API. [GH-8836]
- api: Job Register API now permits non-zero initial Version to accommodate multi-region deployments. [GH-9071]
- api: Added ?resources=true query parameter to /v1/nodes and /v1/allocations to include resource allocations in listings. [GH-9055]
- api: Added ?task_states=false query parameter to /v1/allocations to remove TaskStates from listings. Defaults to being included as before. [GH-9055]
- cli: Added
scaleandscaling-eventssubcommands to thejobcommand. [GH-9023] - cli: Added
scalingcommand for interaction with the scaling API endpoint. [GH-9025] - client: Batch state store writes to reduce disk IO. [GH-9093]
- client: Use ec2 CPU perf data from AWS API [GH-7830]
- client: Added support for Azure fingerprinting. [GH-8979]
- client: Added support for fingerprinting the client node's Consul segment. [GH-7214]
- client: Added
NOMAD_JOB_IDandNOMAD_PARENT_JOB_IDenvironment variables to those made available to jobs. [GH-8967] - client: Updated consul-template to v0.25.0 - config
function_blacklistdeprecated and replaced withfunction_denylist[GH-8988] - config: Deprecated terms
blacklistandwhitelistfrom configuration and replaced them withdenylistandallowlist. [GH-9019] - consul: Support Consul namespace (Consul Enterprise) in client configuration. [GH-8849]
- consul: Support advertising CNI and multi-host network addresses to consul [GH-8801]
- consul/connect: Dynamically select envoy sidecar at runtime [GH-8945]
- csi: Relaxed validation requirements when checking volume capabilities with controller plugins, to accommodate existing plugin behaviors. [GH-9049]
- driver/docker: Upgrade pause container and detect architecture [GH-8957]
- jobspec: Lowered minimum CPU allowed from 10 to 1. [GH-8996]
BUG FIXES:
- core: Fixed a bug where blocking queries would not include the query's maximum wait time when calculating whether it was safe to retry. [GH-8921]
- config (Enterprise): Fixed default enterprise config merging. [GH-9083]
- consul: Fixed a bug to correctly validate task when using script-checks in group-level services [GH-8952]
- consul: Fixed a bug where canary_meta was not being interpolated with environment variables [GH-9096]
- consul/connect: Fixed a bug to correctly trigger updates on jobspec changes [GH-9029]
- csi: Fixed a bug where multi-writer volumes were allowed only 1 write claim. [GH-9040]
- csi: Fixed a bug where
nomad volume detachwould not accept prefixes for the node ID parameter. [GH-9041] - driver/docker: Fixed a bug where the default
image_delayconfiguration was ignored if thegcconfiguration was not set. [GH-9101]
v0.11.6
BUG FIXES:
- artifact: Backport from v0.12.7 - Fixed a regression in 0.11.5 where if the artifact destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]
- template: Backport from v0.12.7 - Fixed a regression in 0.11.5 where if the template destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]
v0.10.7
BUG FIXES:
- artifact: Backport from v0.12.7 - Fixed a regression in 0.10.6 where if the artifact destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]
- template: Backport from v0.12.7 - Fixed a regression in 0.10.6 where if the template destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]
v0.12.7
BUG FIXES:
- artifact: Fixed a regression in 0.12.6 where if the artifact destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]
- template: Fixed a regression in 0.12.6 where if the template destination field is an absolute path it is not appended to the task working directory, breaking the use of NOMAD_SECRETS_DIR as part of the destination path. [GH-9148]