releases.shpreview
HashiCorp/Nomad/v1.8.3

v1.8.3

August 13, 2024NomadView original ↗
$npx -y @buildinternet/releases show rel_aKvkIshO8FrF7noHHbQY3

1.8.3 (August 13, 2024)

SECURITY:

  • security: Fix symlink escape during unarchiving by removing existing paths within the same allocdir. Compromising the Nomad client agent at the source allocation first is a prerequisite for leveraging this issue. [GH-23738]

IMPROVEMENTS:

  • acl: Submitting a policy with a leading / in a variable path will now return an error to prevent improperly working policies. [GH-23757]
  • cli: Added option to return original HCL in job inspect command [GH-23699]
  • cli: Added support for updating the roles for an ACL token [GH-18532]
  • cli: acl token create will now emit a warning if the token has a policy that does not yet exist [GH-16437]
  • keyring: Added support for encrypting the keyring via Vault transit or external KMS [GH-23580]
  • keyring: Added support for prepublishing keys [GH-23577]
  • metrics: Added client.tasks metrics to track task states [GH-23773]
  • resources: Added resources.secrets field to configure size of secrets directory on Linux [GH-23696]
  • tls: Allow setting the tls_min_version field to "tls13" [GH-23713]
  • ui: added a Pack badge to the jobs index page for jobs run via Nomad Pack [GH-23404]

BUG FIXES:

  • api: Fixed a bug where an api.Config targeting a unix domain socket could not be reused between clients [GH-23785]
  • cni: .conf and .json config files are now parsed properly [GH-23629]
  • cni: network.cni jobspec updates now replace allocs to apply the new network config [GH-23764]
  • docker: Fixed a bug where plugin SELinux labels would conflict with read-only volume options [GH-23750]
  • identity: Fixed a bug where a missing default task identity could panic the leader [GH-23763]
  • keyring: Fixed a bug where keys could be garbage collected before workload identities expire [GH-23577]
  • keyring: Fixed a bug where keys would never exit the "rekeying" state after a rotation with the -full flag [GH-23577]
  • keyring: Fixed a bug where periodic key rotation would not occur [GH-23577]
  • networking: The same static port can now be used more than once on host networks with multiple IPs [GH-23693]
  • scaling: Fixed a bug where state store corruption could occur when writing scaling events [GH-23673]
  • template: Fixed a bug where change_mode = "script" would not execute after a client restart [GH-23663]
  • ui: Fixed storage/plugin 404s by unescaping a slash character in the request URL [GH-23625]
  • windows: Fix bug with containers capabilities on Docker CE [GH-23599]

Fetched April 8, 2026