diff --git a/datacenter/ucp/2.0/guides/release-notes.md b/datacenter/ucp/2.0/guides/release-notes.md index 961bc77120..103ec79984 100644 --- a/datacenter/ucp/2.0/guides/release-notes.md +++ b/datacenter/ucp/2.0/guides/release-notes.md @@ -10,6 +10,78 @@ known issues for the latest UCP version. You can then use [the upgrade instructions](installation/upgrade.md), to upgrade your installation to the latest release. +## Version 2.0.2 + +(18 Jan 2017) + +**Security update** + +This patch contains the following security-related updates: + +* Fixed an issue by which a high number of ping requests could result in temporarily +unresponsive UCP services +* Fixed an issue by which non-admin users with "View-Only" permissions could use +the undocumented private API to restart/stop/delete containers. +* Only admins are now allowed to tag, save, and load images as UCP/DTR system images +* UCP will now warn admins during installation if there is an open TCP port which +could be used to perform unauthorized actions on the cluster + +These issues affect UCP version 2.0.1 and 2.0.0. THey were discovered by our +development team during internal testing. + +We've revised our guidelines on access control permissions as well. Read the +[permissions levels section](user-management/permission-levels.md) for more details. + +**Features** + +* Core + * Label-based access control now supported for volumes. + (NOTE: unlike other resources controlled via label-based access control, a + volume without a label is accessible by all UCP users with Restricted Control + or higher default permissions.) + * Authentication now supports LDAP servers that don't use `memberOf`. Instead + can look within LDAP groups and sync members in that group. + +* docker/ucp image + * Can now add input the text of a license file at install time with the flag + `--license "cat .lic"` + +* UI/UX + * Can now configure labels, drives, and other options when mounting volumes + while using Deploy Service wizard + * Task errors are now shown in each service's details page in the GUI + * Can now add individual container labels when using Deploy Service wizard + +**Bug Fixes** + +* Core + * Setting `network_mode=host` or `--net=host` no longer causes container + scheduling and websocket errors. + * Inspecting networks now correctly shows attached containers across the entire + cluster + * UCP now prompts you to rename overlay networks which have illegal characters + during an upgrade of the cluster + * HTTP Routing Mesh now correctly upgrades to latest version when UCP is upgraded + * UCP images now pulled correctly on worker nodes when using Docker for Azure template + + * UCP now correctly ensures that a non-admin user designated as an LDAP recovery + admin is promoted to admin status within the platform + + +* UI/UX + * Fixed an issue preventing non-admins from creating volumes in the GUI + * Fixed hyperlink in banner for upgrading UCP + * SANs added during installation with `--interactive` flag now appear correctly + in each manager node's details page in the GUI + * Clarified banner warning provided mid-upgrade when certain nodes are running + different versions of UCP + * Fixed an error where "Show System Services" toggle did not function correctly + * Users now prevented from using "Drain" option on manager nodes + +* docker/ucp image + * Fixed an issue preventing `stop` and `restart` commands from working correctly + * UCP install no longer occasionally stalls with error "failed to change temp password" + ## Version 2.0.1 (22 Nov 2016) @@ -57,8 +129,6 @@ will fail to attach to that network. As a workaround you can create the networks upfront and make them attachable, and change your compose file to use those networks. - - ## Version 2.0.0 (10 Nov 2016)