v0.11.0-beta1

FEATURES:

• Container Storage Interface [beta]: Nomad has expanded support
  of stateful workloads through support for CSI plugins.
• Exec UI [beta]: an in-browser terminal for connecting to running allocations.
• Audit Logging (Enterprise) [beta]: Audit logging support for Nomad
  Enterprise.
• Scaling APIs [beta]: new scaling policy API and job scaling APIs to support external autoscalers
• Task Dependencies: introduces lifecycle stanza with prestart and sidecar hooks for tasks within a task group

BACKWARDS INCOMPATIBILITIES:

• driver/rkt: The Rkt driver is no longer packaged with Nomad and is instead
  distributed separately as a driver plugin. Further, the Rkt driver codebase
  is now in a separate
  repository.

IMPROVEMENTS:

• core: Optimized streaming RPCs made between Nomad agents [GH-7044]
• build: Updated to Go 1.14.1 [GH-7431]
• consul: Added support for configuring enable_tag_override on service stanzas. [GH-2057]
• client: Updated consul-template library to v0.24.1 - added support for working with consul connect. Deprecated vault_grace [GH-7170]
• driver/exec: Added no_pivot_root option for ramdisk use [GH-7149]
• jobspec: Added task environment interpolation to volume_mount [GH-7364]
• jobspec: Added support for a per-task restart policy [GH-7288]
• server: Added minimum quorum check to Autopilot with minQuorum option [GH-7171]

BUG FIXES:

• core: Fixed a bug where group network mode changes were not honored [GH-7414]
• core: Optimized and fixed few bugs in underlying RPC handling [GH-7044] [GH-7045]
• api: Fixed a panic when canonicalizing a jobspec with an incorrect job type [GH-7207]
• api: Fixed a bug where calling the node GC or GcAlloc endpoints resulted in an error EOF return on successful requests [GH-5970]
• api: Fixed a bug where /client/allocations/... (e.g. allocation stats) requests may hang in special cases after a leader election [GH-7370]
• cli: Fixed a panic when displaying device plugins without stats [GH-7231]
• cli: Fixed a bug where alloc exec command in TLS environments may fail [GH-7274]
• client: Fixed a panic when running in Debian with /etc/debian_version is empty [GH-7350]
• client: Fixed a bug where a multi-task allocation maybe considered healthy despite a task restarting [GH-7383]

v0.10.5

SECURITY:

• server: Override content-type headers for unsafe content. CVE-2020-10944 [GH-7468]

v0.10.4

FEATURES:

• api: Nomad now supports ability to remotely request /debug/pprof endpoints from a remote agent. [GH-6841]
• consul/connect: Nomad may now register Consul Connect services when Consul is configured with ACLs enabled [GH-6701]
• jobspec: Add shutdown_delay to task groups so task groups can delay shutdown after deregistering from Consul [GH-6746]

IMPROVEMENTS:

• Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp cert. Windows users will no longer see a warning about an "unknown publisher" when running our software.
• build: Updated to Go 1.12.16 [GH-7009]
• cli: Included namespace in output when querying job status [GH-6912]
• cli: Added option to change the name of the file created by the nomad init command [GH-6520]
• client: Supported AWS EC2 Instance Metadata Service Version 2 (IMDSv2) [GH-6779]
• consul: Add support for service canary_meta [GH-6690]
• driver/docker: Added a disable_log_collection parameter to disable nomad log collection [GH-6820]
• server: Introduced a default_scheduler_config config parameter to seed initial preemption configuration. [GH-6935]
• scheduler: Removed penalty for allocation's previous node if the allocation did not fail. [GH-6781]
• scheduler: Reduced logging verbosity during preemption [GH-6849]
• ui: Updated Run Job button to be conditionally enabled according to ACLs [GH-5944]

BUG FIXES:

• agent: Fixed a panic when using nomad monitor on a client node [GH-7053]
• agent: Fixed race condition in logging when using nomad monitor command [GH-6872]
• agent: Fixed a bug where nomad monitor -server-id only work for a server's name instead of uuid or name [GH-7015]
• core: Addressed an inconsistency where allocations created prior to 0.9 had missing fields [GH-6922]
• cli: Fixed a bug where error messages appeared interleaved with help text inconsistently [GH-6865]
• cli: Fixed a bug where nomad monitor -node-id would cause a cli panic when no nodes where found [GH-6828]
• config: Fixed a bug where agent startup would fail if the consul.timeout configuration was set [GH-6907]
• consul: Fixed a bug where script-based health checks would fail if the service configuration included interpolation [GH-6916]
• consul/connect: Fixed a bug where Connect-enabled jobs failed to validate when service names used interpolation [GH-6855]
• drivers: Fixed a bug where exec, java, and raw_exec drivers collected and emited stats every second regardless of the telemetry config [GH-7043]
• driver/exec: Fixed a bug where systemd cgroup wasn't removed upon a task completion [GH-6839]
• server: Fixed a deadlock that may occur when server leadership flaps very quickly [GH-6977]
• scheduler: Fixed a bug that caused evicted allocs on a lost node to be stuck in running [GH-6902]
• scheduler: Fixed a bug where nomad job plan/apply returned errors instead of ignoring system job updates for ineligible nodes. [GH-6996]

SECURITY:

• client: Nomad will no longer pass through the CONSUL_HTTP_TOKEN environment variable when launching a task. [GH-7131]

v0.10.4-rc1

FEATURES:

• api: Nomad now supports ability to remotely request /debug/pprof endpoints from a remote agent. [GH-6841]
• consul/connect: Nomad may now register Consul Connect services when Consul is configured with ACLs enabled [GH-6701]
• jobspec: Add shutdown_delay to task groups so task groups can delay shutdown after deregistering from Consul [GH-6746]

IMPROVEMENTS:

• Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp cert. Windows users will no longer see a warning about an "unknown publisher" when running our software.
• build: Updated to Go 1.12.16 [GH-7009]
• cli: Included namespace in output when querying job status [GH-6912]
• cli: Added option to change the name of the file created by the nomad init command [GH-6520]
• client: Supported AWS EC2 Instance Metadata Service Version 2 (IMDSv2) [GH-6779]
• consul: Add support for service canary_meta [GH-6690]
• driver/docker: Added a disable_log_collection parameter to disable nomad log collection [GH-6820]
• server: Introduced a default_scheduler_config config parameter to seed initial preemption configuration. [GH-6935]
• scheduler: Removed penalty for allocation's previous node if the allocation did not fail. [GH-6781]
• scheduler: Reduced logging verbosity during preemption [GH-6849]
• ui: Updated Run Job button to be conditionally enabled according to ACLs [GH-5944]

BUG FIXES:

• agent: Fixed a panic when using nomad monitor on a client node [GH-7053]
• agent: Fixed race condition in logging when using nomad monitor command [GH-6872]
• agent: Fixed a bug where nomad monitor -server-id only work for a server's name instead of uuid or name [GH-7015]
• core: Addressed an inconsistency where allocations created prior to 0.9 had missing fields [GH-6922]
• cli: Fixed a bug where error messages appeared interleaved with help text inconsistently [GH-6865]
• cli: Fixed a bug where nomad monitor -node-id would cause a cli panic when no nodes where found [GH-6828]
• config: Fixed a bug where agent startup would fail if the consul.timeout configuration was set [GH-6907]
• consul: Fixed a bug where script-based health checks would fail if the service configuration included interpolation [GH-6916]
• consul/connect: Fixed a bug where Connect-enabled jobs failed to validate when service names used interpolation [GH-6855]
• drivers: Fixed a bug where exec, java, and raw_exec drivers collected and emited stats every second regardless of the telemetry config [GH-7043]
• driver/exec: Fixed a bug where systemd cgroup wasn't removed upon a task completion [GH-6839]
• server: Fixed a deadlock that may occur when server leadership flaps very quickly [GH-6977]
• scheduler: Fixed a bug that caused evicted allocs on a lost node to be stuck in running [GH-6902]
• scheduler: Fixed a bug where nomad job plan/apply returned errors instead of ignoring system job updates for ineligible nodes. [GH-6996]

SECURITY:

• client: Nomad will no longer pass through the CONSUL_HTTP_TOKEN environment variable when launching a task. [GH-7131]

v0.10.3

SECURITY:

• agent: Added unauthenticated connection timeouts and limits to prevent resource exhaustion. CVE-2020-7218 [GH-7002]
• server: Fixed insufficient validation for role and region for RPC connections when TLS enabled. CVE-2020-7956 [GH-7003]

IMPROVEMENTS:

• build: Updated to Go 1.12.16

v0.10.2

FEATURES:

• Nomad Monitor: New nomad monitor command allows remotely following
  the logs of any Nomad Agent (clients or servers). See
  https://nomadproject.io/docs/commands/monitor.html
• Docker Container Cleanup: Nomad will now automatically remove Docker
  containers for tasks leaked due to Nomad or Docker crashes or bugs.

IMPROVEMENTS:

• agent: Added support for running under Windows Service Manager [GH-6220]
• api: Added StartedAt field to Node.DrainStrategy [GH-6698]
• api: Added JSON representation of rules to policy endpoint response [GH-6017]
• api: Update policy endpoint to permit anonymous access [GH-6021]
• build: Updated to Go 1.12.13 [GH-6606]
• cli: Show full ID in node and alloc individual status views [GH-6425]
• client: Enable setting tags on Consul Connect sidecar service [GH-6448]
• client: Added support for downloading artifacts from Google Cloud Storage [GH-6692]
• command: Added -tls-server-name flag [GH-6370]
• command: Added nomad monitor command to stream logs at a specified level for debugging [GH-6499]
• quota: Added support for network bandwidth quota limits in Nomad enterprise

BUG FIXES:

• core: Ignore server config values if server is disabled [GH-6047]
• core: Added semver constraint for strict Semver 2.0 version comparisons [GH-6699]
• core: Fixed server panic caused by a plan evicting and preempting allocs on a node [GH-6792]
• api: Return a 404 if endpoint not found instead of redirecting to /ui/ [GH-6658]
• api: Decompress web socket response body if gzipped on error responses [GH-6650]
• api: Fixed a bug where some FS/Allocation API endpoints didn't return error messages [GH-6427]
• api: Return 40X status code for failing ACL requests, rather than 500 [GH-6421]
• cli: Made scoring column orders consistent nomad alloc status [GH-6609]
• cli: Fixed a bug where nomad alloc exec fails if stdout is being redirected and not a TTY [GH-6684]
• cli: Fixed a bug where a cli user may fail to query FS/Allocation API endpoints if they lack node:read capability [GH-6423]
• client: client: Return empty values when host stats fail [GH-6349]
• client: Fixed a bug where a client may not restart dead internal processes upon client's restart on Windows [GH-6426]
• drivers: Fixed a bug where client may panic if a restored task failed to shutdown cleanly [GH-6763]
• driver/exec: Fixed a bug where exec tasks can spawn processes that live beyond task lifecycle [GH-6722]
• driver/docker: Added mechanism for detecting running unexpectedly running docker containers [GH-6325]
• nomad: Fixed registering multiple connect enabled services in the same task group [GH-6646]
• scheduler: Changes to devices in resource stanza should cause rescheduling [GH-6644]
• scheduler: Fixed a bug that allowed inplace updates after affinity or spread were changed [GH-6703]
• vault: Allow overriding implicit Vault version constraint [GH-6687]
• vault: Supported Vault auth role's new fields, token_period and token_explicit_max_ttl [GH-6574], [GH-6580]

v0.9.7

BUG FIXES:

• core: Fixed server panic caused by a plan evicting and preempting allocs on a node [GH-6792]

v0.10.2-rc1

0.10.2 (November 22, 2019)

FEATURES:

• Nomad Monitor: New nomad monitor command allows remotely following
  the logs of any Nomad Agent (clients or servers). See
  https://nomadproject.io/docs/commands/monitor.html
• Docker Container Cleanup: Nomad will now automatically remove Docker
  containers for tasks leaked due to Nomad or Docker crashes or bugs.

IMPROVEMENTS:

• agent: Added support for running under Windows Service Manager [GH-6220]
• api: Added StartedAt field to Node.DrainStrategy [GH-6698]
• api: Added JSON representation of rules to policy endpoint response [GH-6017]
• api: Update policy endpoint to permit anonymous access [GH-6021]
• build: Updated to Go 1.12.13 [GH-6606]
• cli: Show full ID in node and alloc individual status views [GH-6425]
• client: Enable setting tags on Consul Connect sidecar service [GH-6448]
• client: Added support for downloading artifacts from Google Cloud Storage [GH-6692]
• command: Added -tls-server-name flag [GH-6370]
• command: Added nomad monitor command to stream logs at a specified level for debugging [GH-6499]
• quota: Added support for network bandwidth quota limits in Nomad enterprise

BUG FIXES:

• core: Ignore server config values if server is disabled [GH-6047]
• core: Added semver constraint for strict Semver 2.0 version comparisons [GH-6699]
• api: Return a 404 if endpoint not found instead of redirecting to /ui/ [GH-6658]
• api: Decompress web socket response body if gzipped on error responses [GH-6650]
• api: Fixed a bug where some FS/Allocation API endpoints didn't return error messages [GH-6427]
• api: Return 40X status code for failing ACL requests, rather than 500 [GH-6421]
• cli: Made scoring column orders consistent nomad alloc status [GH-6609]
• cli: Fixed a bug where nomad alloc exec fails if stdout is being redirected and not a TTY [GH-6684]
• cli: Fixed a bug where a cli user may fail to query FS/Allocation API endpoints if they lack node:read capability [GH-6423]
• client: client: Return empty values when host stats fail [GH-6349]
• client: Fixed a bug where a client may not restart dead internal processes upon client's restart on Windows [GH-6426]
• drivers: Fixed a bug where client may panic if a restored task failed to shutdown cleanly [GH-6763]
• driver/exec: Fixed a bug where exec tasks can spawn processes that live beyond task lifecycle [GH-6722]
• driver/docker: Added mechanism for detecting running unexpectedly running docker containers [GH-6325]
• nomad: Fixed registering multiple connect enabled services in the same task group [GH-6646]
• scheduler: Changes to devices in resource stanza should cause rescheduling [GH-6644]
• scheduler: Fixed a bug that allowed inplace updates after affinity or spread were changed [GH-6703]
• vault: Allow overriding implicit Vault version constraint [GH-6687]
• vault: Supported Vault auth role's new fields, token_period and token_explicit_max_ttl [GH-6574], [GH-6580]

v0.10.1

BUG FIXES:

• core: Fixed server panic when upgrading from 0.8 -> 0.10 and performing an
  inplace update of an allocation. [GH-6541]
• api: Fixed panic when submitting Connect-enabled job without using a bridge
  network [GH-6575]
• client: Fixed client panic when upgrading from 0.8 -> 0.10 and performing an
  inplace update of an allocation. [GH-6605]

v0.10.0

FEATURES:

• Consul Connect: Nomad may now register Consul Connect services and
  manages an Envoy proxy sidecar to provide secured service-to-service
  communication.
• Network Namespaces: Task Groups may now define a shared network
  namespace. Each allocation will receive its own network namespace and
  loopback interface. Ports may be forwarded from the host into the network
  namespace.
• Host Volumes: Nomad expanded support of stateful workloads through locally mounted storage volumes.
• UI Allocation File Explorer: Nomad UI enhanced operability with a visual file system explorer for allocations.

IMPROVEMENTS:

• core: Added rolling deployments for service jobs by default and max_parallel=0 disables deployments [GH-6191]
• agent: Allowed the job GC interval to be configured [GH-5978]
• agent: Added log_level to be reloaded on SIGHUP [GH-5996]
• api: Added follow parameter to file streaming endpoint to support older browsers [GH-6049]
• client: Upgraded go-getter to support GCP links [GH-6215]
• client: Remove consul service stanza from job init --short jobspec [GH-6179]
• drivers: Exposed namespace as NOMAD_NAMESPACE environment variable in running tasks [GH-6192]
• metrics: Added job status (pending, running, dead) metrics [GH-6003]
• metrics: Added status and scheduling ability to client metrics [GH-6130]
• server: Added an option to configure job GC interval [GH-5978]
• ui: Added allocation filesystem explorer [GH-5871]
• ui: Added creation time to evaluations table [GH-6050]

BUG FIXES:

• cli: Fixed nomad run ... on Windows so it works with unprivileged accounts [GH-6009]
• client: Fixed a bug in client fingerprinting on 32-bit nodes [GH-6239]
• client: Fixed a bug where completed allocations may re-run after client restart [GH-6216]
• client: Fixed failure to start if another client is already running with the same data directory [GH-6348]
• devices: Fixed a bug causing CPU usage spike when a device is detected [GH-6201]
• drivers/docker: Set gc image_delay default to 3 minutes [GH-6078]
• ui: Fixed a bug where the allocation log viewer would render HTML or hide content that matched XML syntax [GH-6048]
• ui: Fixed a bug where allocation log viewer doesn't show all content in Firefox [GH-6466]
• ui: Fixed navigation via clicking recent allocation row [GH-6087]