Nomad - v1.2.6
Security
1.2.6 (February 9, 2022)
BACKWARDS INCOMPATIBILITIES:
- ACL authentication is now required for the Nomad API job parse endpoint to address a potential security vulnerability
SECURITY:
- Add ACL requirement and HCL validation to the job parse API endpoint to prevent excessive CPU usage. CVE-2022-24685 [GH-12038]
- Fix race condition in use of go-getter that could cause a client agent to download the wrong artifact into the wrong destination. CVE-2022-24686 [GH-12036]
- Prevent panic in spread iterator during allocation stop. CVE-2022-24684 [GH-12039]
- Resolve symlinks to prevent unauthorized access to files outside the allocation directory. CVE-2022-24683 [GH-12037]
Details
date
Feb. 10, 2022, 8:21 p.m.
name
v1.2.6
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Nomad releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!