windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]
IMPROVEMENTS:
api: emit JobDeregistered event when job is deregistered with purge [GH-19903]
BUG FIXES:
cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
client: Ensure the value for CPU shares are within the allowed range [GH-19935]
client: Prevent client from starting if cgroup initialization fails [GH-19915]
connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
v1.7.4
1.7.4 (February 08, 2024)
SECURITY:
deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]
windows: Remove LazyDLL calls for system modules to harden Nomad against attacks from the host [GH-19925]
IMPROVEMENTS:
api: emit JobDeregistered event when job is deregistered with purge [GH-19903]
BUG FIXES:
cli: Fix return code when nomad job run succeeds after a blocked eval [GH-19876]
cli: Fixed a bug where the nomad tls ca create command failed when the -domain was used without other values [GH-19892]
client: Ensure the value for CPU shares are within the allowed range [GH-19935]
client: Prevent client from starting if cgroup initialization fails [GH-19915]
connect: Fixed envoy sidecars being unable to restart after node reboots [GH-19787]
driver/java: Ensure the OOM killed response is populated when the task exits [GH-19818]
driver/qemu: Ensure the OOM killed response is populated when the task exits [GH-19830]
driver/rawexec: Ensure the OOM killed response is populated when the task exits [GH-19829]
exec: Fixed a bug in alloc exec where closing websocket streams could cause a panic [GH-19932]
scheduler: Fixed a bug that caused blocked evaluations due to port conflict to not have a reason explaining why the evaluation was blocked [GH-19933]
ui: Fix an issue where a same-named task from a different group could be selected when the user clicks Exec from a task group page where multiple allocations would be valid [GH-19878]
1.7.4 (February 08, 2024)
SECURITY:
deps: Updated runc to 1.1.12 to address CVE-2024-21626 [GH-19851]
migration: Fixed a bug where archives used for migration were not checked for symlinks that escaped the allocation directory [GH-19887]
template: Fixed a bug where symlinks could force templates to read and write to arbitrary locations (CVE-2024-1329) [GH-19888]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/hashicorp/nomad from 1.7.3 to 1.7.5.
Release notes
Sourced from github.com/hashicorp/nomad's releases.
Changelog
Sourced from github.com/hashicorp/nomad's changelog.
Commits
5f5d464
Generate files for 1.7.5 release96dc48d
Backport of vault: revert #18998 to fix potential deadlock into release/1.7.x...491db6c
backport of commit 61941d820448d1b83e16f726c51c14cab30986e1 (#19965)c74405e
Backport of [ui] Upgrades to build storybook on node v20 into release/1.7.x (...8cc4f25
Backport of CNI: fix deprecation warnings into release/1.7.x (#19957)eb799e6
Backport of alloc exec: fix panics after stream close into release/1.7.x (#19...ddb389e
Backport of state: fix state store corruption in plan apply into release/1.7....58ac685
backport of commit 4a8b01430b715dd73acd6d78d36ae3bdd7bc5055 (#19940)a3f1e1c
backport of commit e2bfdf0c103442af8da12c800a3a003c586cf01b (#19941)34fb04e
backport of commit b52a44717e4eadfd07f381346a6b612484f5df9f (#19936)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show