$npx -y @buildinternet/releases show rel_20i7RBUaLO9ML30pS18JT
SECURITY:
api: sanitize the SignedIdentities in allocations to prevent privilege escalation through unredacted workload identity token impersonation associated with ACL policies. [GH-24683]
security: Added more host environment variables to the default deny list for tasks [GH-24540]
security: Explicitly set 'Content-Type' header to mitigate XSS vulnerability [GH-24489]
security: add executeTemplate to default template function_denylist [GH-24541]
BUG FIXES:
agent: Fixed a bug where retry_join gave up after a single failure, rather than retrying until max attempts had been reached [GH-24561]
api: Fixed a bug where alloc exec/logs/fs APIs would return errors for non-global regions [GH-24644]
cli: Ensure the operator autopilot health command only outputs JSON when the json flag is supplied [GH-24655]
consul: Fixed a bug where failures when syncing Consul checks could panic the Nomad agent [GH-24513]
consul: Fixed a bug where non-root Nomad agents could not recreate a task's Consul token on task restart [GH-24410]
csi: Fixed a bug where drivers that emit multiple topology segments would cause placements to fail [GH-24522]
csi: Removed redundant namespace output from volume status command [GH-24432]
discovery: Fixed a bug where IPv6 addresses would not be accepted from cloud autojoin [GH-24649]
drivers: fix executor leak when drivers error starting tasks [GH-24495]
executor: validate executor on reattach to avoid possibility of killing non-Nomad processes [GH-24538]
fix: handles consul template re-renders on client restart [GH-24399]
networking: use a tmpfs location for the state of CNI IPAM plugin used by bridge mode, to fix a bug where allocations would fail to restore after host reboot [GH-24650]
scheduler: take all assigned cpu cores into account instead of only those part of the largest lifecycle [GH-24304]
vault: Fixed a bug where expired secret leases were treated as non-fatal and retried [GH-24409]