diff --git a/ee/ucp/release-notes.md b/ee/ucp/release-notes.md index fd5bd9c2f3..ab3dbe55c4 100644 --- a/ee/ucp/release-notes.md +++ b/ee/ucp/release-notes.md @@ -24,6 +24,46 @@ upgrade your installation to the latest release. # Version 3.2 +## 3.2.4 +2019-11-14 + +### Known issues +* UCP currently turns on vulnerability information for images deployed within UCP by default for upgrades. This may cause clusters to fail due to performance issues. (ENGORC-2746) +* For Red Hat Enterprise Linux (RHEL) 8, if firewalld is running and `FirewallBackend=nftables` is set in `/etc/firewalld/firewalld.conf`, change this to `FirewallBackend=iptables`, or you can explicitly run the following commands to allow traffic to enter the default bridge (docker0) network: + + ``` + firewall-cmd --permanent --zone=trusted --add-interface=docker0 + firewall-cmd --reload + ``` + +### Platforms +* RHEL 8.0 is now supported. + +### Kubernetes +* Kubernetes has been upgraded to version 1.14.8 that fixes CVE-2019-11253. +* Added a feature that allows the user to enable SecureOverlay as an add-on on UCP via an install flag called `secure-overlay`. This flag enables IPSec Network Encryption in Kubernetes. + +### Security +* Upgraded Golang to 1.13.2. (ENGORC-2762) +* Fixed an issue that allowed a user with a "restricted control" role to obtain Admin access to UCP by starting a container with `docker run --volumes-from ucp-proxy`. (ENGORC-2781) + +### Bug fixes +* Fixed an issue where UCP 3.2 backup performs an append not overwrite when `--file` switch is used. (FIELD-2043) +* Fixed an issue where the Calico/latest image was missing from the UCP offline bundle. (FIELD-1584) +* Image scan result aggregation is now disabled by default for new UCP installations. This feature can be configured by a new `ImageScanAggregationEnabled` setting in the UCP tuning config. (ENGORC-2746) +* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser, +leading to a gap in permissions checks. (ENGORC-2781) + +### Components + +| Component | Version | +| --------------------- | ------- | +| UCP | 3.2.4 | +| Kubernetes | 1.14.8 | +| Calico | 3.8.2 | +| Interlock | 3.0.0 | +| Interlock NGINX proxy | 1.14.2 | + ## 3.2.3 2019-10-21 @@ -372,6 +412,29 @@ The workaround is to use a swarm service to deploy this change across the cluste # Version 3.1 +## 3.1.12 +2019-11-14 + +### Security +* Upgraded Golang to 1.12.12. + +### Kubernetes +* Kubernetes has been upgraded to fix CVE-2019-11253. + +### Bug fixes +* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser, +leading to a gap in permissions checks. (ENGORC-2781) + +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.1.12 | +| Kubernetes | 1.14.3 | +| Calico | 3.5.7 | +| Interlock | 2.4.0 | +| Interlock NGINX proxy | 1.14.2 | + ## 3.1.11 2019-10-08 @@ -404,7 +467,7 @@ The workaround is to use a swarm service to deploy this change across the cluste 2019-09-03 ### Kubernetes -* Kubernetes has been upgraded to version 1.11.10-docker-1, this has been built with Golang 1.12.9. +* Kubernetes has been upgraded to version 1.11.10-docker-1. This version was built with Golang 1.12.9. * Kubernetes DNS has been upgraded to 1.14.13 and is now deployed with more than one replica by default. ### Networking @@ -868,6 +931,28 @@ The following features are deprecated in UCP 3.1. # Version 3.0 +## 3.0.16 +2019-11-14 + +### Security +* Upgraded Golang to 1.12.12. + +### Kubernetes +* Kubernetes has been upgraded to fix CVE-2019-11253. + +### Bug fixes +* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser, +leading to a gap in permissions checks. (ENGORC-2781) + +### Components + +| Component | Version | +| ----------- | ----------- | +| UCP | 3.0.16 | +| Kubernetes | 1.11.2 | +| Calico | 3.2.3 | +| Interlock (NGINX) | 1.13.12 | + ## 3.0.15 2019-10-08 @@ -893,8 +978,7 @@ The following features are deprecated in UCP 3.1. 2019-09-03 ### Kubernetes -* Kubernetes has been upgraded to version 1.8.15-docker-7, this has been built - with Golang 1.12.9. +* Kubernetes has been upgraded to version 1.8.15-docker-7. This version was built with Golang 1.12.9.. * Kubernetes DNS has been upgraded to 1.14.13. ### Networking @@ -1433,6 +1517,16 @@ deprecated. Deploy your applications as Swarm services or Kubernetes workloads. # Version 2.2 +## Version 2.2.23 +2019-11-14 + +### Security +* Upgraded Golang to 1.12.12. + +### Bug fixes +* Adds authorization checks for the volumes referenced by the `VolumesFrom` Containers option. Previously, this field was ignored by the container create request parser, +leading to a gap in permissions checks. (ENGORC-2781) + ## Version 2.2.22 2019-10-08 @@ -1469,7 +1563,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.19 @@ -1493,7 +1587,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.18 @@ -1516,7 +1610,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.17 @@ -1541,7 +1635,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.16 @@ -1565,7 +1659,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.15 @@ -1593,7 +1687,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.14 @@ -1623,7 +1717,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.13 @@ -1650,7 +1744,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.12 @@ -1679,7 +1773,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.11 @@ -1720,7 +1814,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.10 @@ -1773,7 +1867,7 @@ instead of the correct image for the worker architecture. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.9 @@ -1809,7 +1903,7 @@ is always used, regardless of which one is actually the best match. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.7 @@ -1840,7 +1934,7 @@ is always used, regardless of which one is actually the best match. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.6 @@ -1910,7 +2004,7 @@ is always used, regardless of which one is actually the best match. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. @@ -1947,7 +2041,7 @@ for volumes. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.4 @@ -1992,7 +2086,7 @@ for volumes. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. -* You can't create a bridge network from the web interface. As a workaround use +* You can't create a bridge network from the web interface. As a workaround, use `/`. ## Version 2.2.3 @@ -2045,7 +2139,7 @@ for volumes. * Searching for images in the UCP images UI doesn't work. * Removing a stack may leave orphaned volumes. * Storage metrics are not available for Windows. - * You can't create a bridge network from the web interface. As a workaround use + * You can't create a bridge network from the web interface. As a workaround, use `/`. ## version 2.2.2 @@ -2177,7 +2271,7 @@ and the API is fully interactive within the UCP web interface. session timeout](https://docs.docker.com/datacenter/ucp/2.2/guides/admin/configure/external-auth/enable-ldap-config-file/). * docker/ucp * The `support` command does not currently produce a valid support dump. As a - workaround you can download a support dumps from the web interface. + workaround, you can download a support dumps from the web interface. * Windows issues * Disk related metrics do not display for Windows worker nodes. * If upgrading from an existing deployment, ensure that HRM is using a non-encrypted