v0.11.2

FEATURES:

• Task dependencies UI: task lifecycle charts and details

IMPROVEMENTS:

• core: Added support for a per-group policy to stop tasks when a client is disconnected [GH-2185]
• core: Allow spreading allocations as an alternative to binpacking [GH-7810]
• client: Improve AWS CPU performance fingerprinting [GH-7681]
• csi: Added support for volume secrets [GH-7923]
• csi: Added periodic garbage collection of plugins and volume claims [GH-7825]
• csi: Improved performance of volume claim releases by moving work out of scheduler [GH-7794]
• driver/docker: Added support for custom runtimes [GH-7932]
• ui: Added ACL-checking to conditionally turn off exec button [GH-7919]
• ui: Added ACL-checking to conditionally turn off exec button [GH-7919]
• ui: CSI searchable volumes and plugins pages [GH-7895]
• ui: CSI plugins list and etail pages [GH-7872] [GH-7911]
• ui: CSI volume constraints table [GH-7872]

BUG FIXES:

• core: job scale status endpoint was returning incorrect counts [GH-7789]
• core: Fixed bugs related to periodic jobs scheduled during daylight saving transition periods [GH-7894]
• core: Fixed a bug where scores for allocations were biased toward nodes with resource reservations [GH-7730]
• api: api.ScalingEvent struct was missing .Count [GH-7915]
• api: validate scale count value is not negative [GH-7902]
• api: autoscaling policies should not be returned for stopped jobs [GH-7768]
• client: Fixed a bug where an multi-task allocation maybe considered unhealthy if some tasks are slow to start [GH-7944]
• csi: Fixed checking of volume validation responses from plugins [GH-7831]
• csi: Fixed counting of healthy and expected plugins after plugin job updates or stops [GH-7844]
• csi: Added checkpointing to volume claim release to avoid unreleased claims on plugin errors [GH-7782]
• driver/docker: Fixed a bug preventing garbage collecting unused docker images [GH-7947]
• jobspec: autoscaling policy block should return a parsing error multiple policy blocks are provided [GH-7716]
• ui: Fixed a bug where exec popup had incorrect URL for jobs where name ≠ id [GH-7814]
• ui: Fixed a timeout issue where if the log stream request to a client eventually returns but only after the timeout it never gets closed [GH-7820]
• ui: Setting a namespace on Volumes or Jobs persists that namespace choice when switching to another namespace-away page [GH-7896]
• ui: Fixed a bug where clicking stdout or stderr when already on that clicked view would pause log streaming [GH-7820]
• ui: Fixed a race condition that made swithing from stdout to stderr too quickly show an error [GH-7820]
• ui: Switching namespaces now redirects to Volumes instead of Jobs when on a Storage page [GH-7896]
• vault: Fixed a bug where nomad retries revoking tokens indefinitely [GH-7959]

v0.11.1

BUG FIXES:

• core: Fixed a bug that only ran a task shutdown_delay if the task had a registered service [GH-7663]
• core: Fixed a panic when garbage collecting a job with allocations spanning multiple versions [GH-7758]
• agent: Fixed a bug where http server logs did not honor json log formatting, and reduced http server logging level to Trace [GH-7748]
• connect: Fixed bugs where some connect parameters would be ignored [GH-7690] [GH-7684]
• connect: Fixed a bug where an absent connect sidecar_service stanza would trigger panic [GH-7683]
• connect: Fixed a bug where some connect proxy fields would be dropped from 'job inspect' output [GH-7397]
• csi: Fixed a panic when claiming a volume for an allocation that was already garbage collected [GH-7760]
• csi: Fixed a bug where CSI plugins with NODE_STAGE_VOLUME capabilities were receiving an incorrect volume ID [GH-7754]
• driver/docker: Fixed a bug where retrying failed docker creation may in rare cases trigger a panic [GH-7749]
• scheduler: Fixed a bug in managing allocated devices for a job allocation in in-place update scenarios [GH-7762]
• vault: Upgrade http2 library to fix Vault API calls that fail with http2: no cached connection was available [GH-7673]

v0.11.0

FEATURES:

• Container Storage Interface [beta]: Nomad has expanded support
  of stateful workloads through support for CSI plugins.
• Exec UI: an in-browser terminal for connecting to running allocations.
• Audit Logging (Enterprise): Audit logging support for Nomad
  Enterprise.
• Scaling APIs: new scaling policy API and job scaling APIs to support external autoscalers
• Task Dependencies: introduces lifecycle stanza with prestart and sidecar hooks for tasks within a task group

BACKWARDS INCOMPATIBILITIES:

• driver/rkt: The Rkt driver is no longer packaged with Nomad and is instead
  distributed separately as a driver plugin. Further, the Rkt driver codebase
  is now in a separate
  repository.

IMPROVEMENTS:

• core: Optimized streaming RPCs made between Nomad agents [GH-7044]
• build: Updated to Go 1.14.1 [GH-7431]
• consul: Added support for configuring enable_tag_override on service stanzas. [GH-2057]
• client: Updated consul-template library to v0.24.1 - added support for working with consul connect. Deprecated vault_grace [GH-7170]
• driver/exec: Added no_pivot_root option for ramdisk use [GH-7149]
• jobspec: Added task environment interpolation to volume_mount [GH-7364]
• jobspec: Added support for a per-task restart policy [GH-7288]
• server: Added minimum quorum check to Autopilot with minQuorum option [GH-7171]
• connect: Added support for specifying Envoy expose path configurations [GH-7323] [GH-7396]
• connect: Added support for using Connect with TLS enabled Consul agents [GH-7602]

BUG FIXES:

• core: Fixed a bug where group network mode changes were not honored [GH-7414]
• core: Optimized and fixed few bugs in underlying RPC handling [GH-7044] [GH-7045]
• api: Fixed a panic when canonicalizing a jobspec with an incorrect job type [GH-7207]
• api: Fixed a bug where calling the node GC or GcAlloc endpoints resulted in an error EOF return on successful requests [GH-5970]
• api: Fixed a bug where /client/allocations/... (e.g. allocation stats) requests may hang in special cases after a leader election [GH-7370]
• cli: Fixed a bug where nomad agent -dev fails on Windows [GH-7534]
• cli: Fixed a panic when displaying device plugins without stats [GH-7231]
• cli: Fixed a bug where alloc exec command in TLS environments may fail [GH-7274]
• client: Fixed a panic when running in Debian with /etc/debian_version is empty [GH-7350]
• client: Fixed a bug affecting network detection in environments that mimic the EC2 Metadata API [GH-7509]
• client: Fixed a bug where a multi-task allocation maybe considered healthy despite a task restarting [GH-7383]
• consul: Fixed a bug where modified Consul service definitions would not be updated [GH-6459]
• connect: Fixed a bug where Connect enabled allocation would not stop after promotion [GH-7540]
• connect: Fixed a bug where restarting a client would prevent Connect enabled allocations from cleaning up properly [GH-7643]
• driver/docker: Fixed handling of seccomp security_opts option [GH-7554]
• driver/docker: Fixed a bug causing docker containers to use swap memory unexpectedly [GH-7550]
• scheduler: Fixed a bug where changes to task group shutdown_delay were not persisted or displayed in plan output [GH-7618]
• ui: Fixed handling of multi-byte unicode characters in allocation log view [GH-7470] [GH-7551]

Download binaries from https://releases.hashicorp.com/nomad/0.11.0/

v0.11.0-rc1

Changes since beta2:

• connect: Added support for using Connect with TLS enabled Consul agents [GH-7602]
• connect: Fixed a bug where restarting a client would prevent Connect enabled allocations from cleaning up properly [GH-7643]
• consul: Fixed a bug where service updating could sometimes fail [GH-7600]
• scheduler: Fixed a bug where changes to task group shutdown_delay were not persisted or displayed in plan output [GH-7618]
• A number of documentation updates and test improvements.

0.11.0-rc1 Binaries - https://releases.hashicorp.com/nomad/0.11.0-rc1/

v0.11.0-beta2

Since beta1:

• connect: Added support for specifying Envoy expose path configurations
• cli: Fixed a bug where nomad agent -dev fails on Windows
• client: Fixed a bug affecting network detection in environments that mimic the EC2 Metadata API
• driver/docker: Fixed handling of seccomp security_opts option
• driver/docker: Fixed a bug causing docker containers to use swap memory unexpectedly
• ui: Fixed handling of multi-byte unicode characters in allocation log view
• ui: Fixed exec outside test environment
• ui: Removed exec button for dead jobs
• ui: Added exec-specific loading template
• api: change to the /v1/job/:id/scale API [beta]

v0.11.0-beta1

FEATURES:

• Container Storage Interface [beta]: Nomad has expanded support
  of stateful workloads through support for CSI plugins.
• Exec UI [beta]: an in-browser terminal for connecting to running allocations.
• Audit Logging (Enterprise) [beta]: Audit logging support for Nomad
  Enterprise.
• Scaling APIs [beta]: new scaling policy API and job scaling APIs to support external autoscalers
• Task Dependencies: introduces lifecycle stanza with prestart and sidecar hooks for tasks within a task group

BACKWARDS INCOMPATIBILITIES:

• driver/rkt: The Rkt driver is no longer packaged with Nomad and is instead
  distributed separately as a driver plugin. Further, the Rkt driver codebase
  is now in a separate
  repository.

IMPROVEMENTS:

• core: Optimized streaming RPCs made between Nomad agents [GH-7044]
• build: Updated to Go 1.14.1 [GH-7431]
• consul: Added support for configuring enable_tag_override on service stanzas. [GH-2057]
• client: Updated consul-template library to v0.24.1 - added support for working with consul connect. Deprecated vault_grace [GH-7170]
• driver/exec: Added no_pivot_root option for ramdisk use [GH-7149]
• jobspec: Added task environment interpolation to volume_mount [GH-7364]
• jobspec: Added support for a per-task restart policy [GH-7288]
• server: Added minimum quorum check to Autopilot with minQuorum option [GH-7171]

BUG FIXES:

• core: Fixed a bug where group network mode changes were not honored [GH-7414]
• core: Optimized and fixed few bugs in underlying RPC handling [GH-7044] [GH-7045]
• api: Fixed a panic when canonicalizing a jobspec with an incorrect job type [GH-7207]
• api: Fixed a bug where calling the node GC or GcAlloc endpoints resulted in an error EOF return on successful requests [GH-5970]
• api: Fixed a bug where /client/allocations/... (e.g. allocation stats) requests may hang in special cases after a leader election [GH-7370]
• cli: Fixed a panic when displaying device plugins without stats [GH-7231]
• cli: Fixed a bug where alloc exec command in TLS environments may fail [GH-7274]
• client: Fixed a panic when running in Debian with /etc/debian_version is empty [GH-7350]
• client: Fixed a bug where a multi-task allocation maybe considered healthy despite a task restarting [GH-7383]

v0.10.5

SECURITY:

• server: Override content-type headers for unsafe content. CVE-2020-10944 [GH-7468]

v0.10.4

FEATURES:

• api: Nomad now supports ability to remotely request /debug/pprof endpoints from a remote agent. [GH-6841]
• consul/connect: Nomad may now register Consul Connect services when Consul is configured with ACLs enabled [GH-6701]
• jobspec: Add shutdown_delay to task groups so task groups can delay shutdown after deregistering from Consul [GH-6746]

IMPROVEMENTS:

• Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp cert. Windows users will no longer see a warning about an "unknown publisher" when running our software.
• build: Updated to Go 1.12.16 [GH-7009]
• cli: Included namespace in output when querying job status [GH-6912]
• cli: Added option to change the name of the file created by the nomad init command [GH-6520]
• client: Supported AWS EC2 Instance Metadata Service Version 2 (IMDSv2) [GH-6779]
• consul: Add support for service canary_meta [GH-6690]
• driver/docker: Added a disable_log_collection parameter to disable nomad log collection [GH-6820]
• server: Introduced a default_scheduler_config config parameter to seed initial preemption configuration. [GH-6935]
• scheduler: Removed penalty for allocation's previous node if the allocation did not fail. [GH-6781]
• scheduler: Reduced logging verbosity during preemption [GH-6849]
• ui: Updated Run Job button to be conditionally enabled according to ACLs [GH-5944]

BUG FIXES:

• agent: Fixed a panic when using nomad monitor on a client node [GH-7053]
• agent: Fixed race condition in logging when using nomad monitor command [GH-6872]
• agent: Fixed a bug where nomad monitor -server-id only work for a server's name instead of uuid or name [GH-7015]
• core: Addressed an inconsistency where allocations created prior to 0.9 had missing fields [GH-6922]
• cli: Fixed a bug where error messages appeared interleaved with help text inconsistently [GH-6865]
• cli: Fixed a bug where nomad monitor -node-id would cause a cli panic when no nodes where found [GH-6828]
• config: Fixed a bug where agent startup would fail if the consul.timeout configuration was set [GH-6907]
• consul: Fixed a bug where script-based health checks would fail if the service configuration included interpolation [GH-6916]
• consul/connect: Fixed a bug where Connect-enabled jobs failed to validate when service names used interpolation [GH-6855]
• drivers: Fixed a bug where exec, java, and raw_exec drivers collected and emited stats every second regardless of the telemetry config [GH-7043]
• driver/exec: Fixed a bug where systemd cgroup wasn't removed upon a task completion [GH-6839]
• server: Fixed a deadlock that may occur when server leadership flaps very quickly [GH-6977]
• scheduler: Fixed a bug that caused evicted allocs on a lost node to be stuck in running [GH-6902]
• scheduler: Fixed a bug where nomad job plan/apply returned errors instead of ignoring system job updates for ineligible nodes. [GH-6996]

SECURITY:

• client: Nomad will no longer pass through the CONSUL_HTTP_TOKEN environment variable when launching a task. [GH-7131]

v0.10.4-rc1

FEATURES:

• api: Nomad now supports ability to remotely request /debug/pprof endpoints from a remote agent. [GH-6841]
• consul/connect: Nomad may now register Consul Connect services when Consul is configured with ACLs enabled [GH-6701]
• jobspec: Add shutdown_delay to task groups so task groups can delay shutdown after deregistering from Consul [GH-6746]

IMPROVEMENTS:

• Our Windows 32-bit and 64-bit executables for this version and up will be signed with a HashiCorp cert. Windows users will no longer see a warning about an "unknown publisher" when running our software.
• build: Updated to Go 1.12.16 [GH-7009]
• cli: Included namespace in output when querying job status [GH-6912]
• cli: Added option to change the name of the file created by the nomad init command [GH-6520]
• client: Supported AWS EC2 Instance Metadata Service Version 2 (IMDSv2) [GH-6779]
• consul: Add support for service canary_meta [GH-6690]
• driver/docker: Added a disable_log_collection parameter to disable nomad log collection [GH-6820]
• server: Introduced a default_scheduler_config config parameter to seed initial preemption configuration. [GH-6935]
• scheduler: Removed penalty for allocation's previous node if the allocation did not fail. [GH-6781]
• scheduler: Reduced logging verbosity during preemption [GH-6849]
• ui: Updated Run Job button to be conditionally enabled according to ACLs [GH-5944]

BUG FIXES:

• agent: Fixed a panic when using nomad monitor on a client node [GH-7053]
• agent: Fixed race condition in logging when using nomad monitor command [GH-6872]
• agent: Fixed a bug where nomad monitor -server-id only work for a server's name instead of uuid or name [GH-7015]
• core: Addressed an inconsistency where allocations created prior to 0.9 had missing fields [GH-6922]
• cli: Fixed a bug where error messages appeared interleaved with help text inconsistently [GH-6865]
• cli: Fixed a bug where nomad monitor -node-id would cause a cli panic when no nodes where found [GH-6828]
• config: Fixed a bug where agent startup would fail if the consul.timeout configuration was set [GH-6907]
• consul: Fixed a bug where script-based health checks would fail if the service configuration included interpolation [GH-6916]
• consul/connect: Fixed a bug where Connect-enabled jobs failed to validate when service names used interpolation [GH-6855]
• drivers: Fixed a bug where exec, java, and raw_exec drivers collected and emited stats every second regardless of the telemetry config [GH-7043]
• driver/exec: Fixed a bug where systemd cgroup wasn't removed upon a task completion [GH-6839]
• server: Fixed a deadlock that may occur when server leadership flaps very quickly [GH-6977]
• scheduler: Fixed a bug that caused evicted allocs on a lost node to be stuck in running [GH-6902]
• scheduler: Fixed a bug where nomad job plan/apply returned errors instead of ignoring system job updates for ineligible nodes. [GH-6996]

SECURITY:

• client: Nomad will no longer pass through the CONSUL_HTTP_TOKEN environment variable when launching a task. [GH-7131]

v0.10.3

SECURITY:

• agent: Added unauthenticated connection timeouts and limits to prevent resource exhaustion. CVE-2020-7218 [GH-7002]
• server: Fixed insufficient validation for role and region for RPC connections when TLS enabled. CVE-2020-7956 [GH-7003]

IMPROVEMENTS:

• build: Updated to Go 1.12.16