Nomad 1.2.3 released

10 views
Skip to first unread message

Tim Gross

unread,
Dec 13, 2021, 10:19:30 AM12/13/21
to hashicorp...@googlegroups.com

Nomad 1.2.3 Security Release


Nomad 1.2.3 has been released to upgrade to Go 1.17.5. All prior versions of Nomad were built with a version of Go that contained 2 CVEs:


  • CVE-2021-44717 could allow a task on a Unix system with exhausted file handles to misdirect I/O. 

  • CVE-2021-44716 could create unbounded memory growth in HTTP2 servers, but Nomad servers do not use HTTP2 and are unaffected.


Remediation

Users should upgrade Nomad agents to Nomad v1.2.3. Upgrading both servers and clients is recommended.


Backports

Nomad 1.1.9 and Nomad 1.0.15 have been released to upgrade the version of Go to 1.16.12 to remediate the vulnerabilities.


Links

1.2.3 Changelog - https://github.com/hashicorp/nomad/blob/v1.2.3/CHANGELOG.md 

1.2.3 Binaries - https://releases.hashicorp.com/nomad/1.2.3/

1.1.9 Changelog - https://github.com/hashicorp/nomad/blob/v1.1.9/CHANGELOG.md

1.1.9 Binaries - https://releases.hashicorp.com/nomad/1.1.9/

1.0.15 Changelog - https://github.com/hashicorp/nomad/blob/v1.0.15/CHANGELOG.md

1.0.15 Binaries - https://releases.hashicorp.com/nomad/1.0.15/



--
Tim Gross(he/him)
Sr. Software Engineer
tgr...@hashicorp.com

Reply all
Reply to author
Forward
0 new messages