Skip to content

Releases: canonical/pebble

v1.4.2: require admin access for file pull API

03 Apr 03:43
Compare
Choose a tag to compare

This locks down the files "pull" API to require admin. Even though it's a read (GET), this meant any user could potentially read sensitive files.

Changelog since v1.4.1: v1.4.1...v1.4.2

v1.1.1: require admin access for file pull API

03 Apr 02:30
Compare
Choose a tag to compare

This locks down the files "pull" API to require admin. Even though it's a read (GET), this meant any user could potentially read sensitive files.

Note that this version number is prior to any other tagged release of Pebble (the first tagged release was v1.2.0).

This addresses CVE-2024-3250.

Changes from 5842ea68c9c7 (the version currently used by Juju 2.9).

v1.10.1: add missing client.ChangeUpdateNotice constant

28 Mar 04:39
Compare
Choose a tag to compare

This is a patch release that just adds the missing client.ChangeUpdateNotice constant.

v1.10.0: change-update

28 Mar 01:34
Compare
Choose a tag to compare

What's Changed

This release has one new feature (addition of the change-update notice type), as well as a host of bug fixes, minor doc improvements, and a significant refactoring of plan management.

Features

  • feat(state): record change-update notices on change status updates by @ZeyadYasser in #379

Bug fixes

  • fix: start process subreaper at top level to avoid shutdown hangs by @benhoyt in #380
  • fix: allow for the JSON overhead when reading log lines by @tonyandrewmeyer in #384
  • fix(client): make retry loop stop immediately when context is cancelled by @benhoyt in #386
  • enter: start default services before executing subcommand by @rebornplusplus in #257
  • fix(run): don't overwrite err on reaper.Stop() by @thp-canonical in #390
  • fix(cli): PEBBLE_COPY_ONCE on missing dir. by @hpidcock in #392
  • fix(client): use host from BaseURL for websockets by @thp-canonical in #393
  • fix(daemon): deduplicate user-provided notice types by @olivercalder in #399
  • fix(cli): pass PebbleDir and SocketPath through RunOptions/ParserOptions/CmdOptions by @thp-canonical in #388
  • fix(help): DefaultDir to personality, allow overriding header and footer by @thp-canonical in #397
  • fix(taskrunner): consistent, nicer formatting for task failed log by @benhoyt in #391
  • fix(daemon): improve health state lock test, remove LockCount by @benhoyt in #373

Refactoring

  • chore: remove deprecated functions now that we're on Go 1.16+ by @benhoyt in #375
  • refactor: remove maybeShellcheck from FakeCommand by @benhoyt in #381
  • feat(planstate): create a dedicated plan manager by @flotter in #387
  • feat(cli): add RunOptions to cli.Run, remove global variable by @thp-canonical in #383

Docs

  • docs: add comments to clarify that WaitNotices releases the state lock by @benhoyt in #378
  • docs: explicitly note that on-failure is not considered when starting or stopping a service by @tonyandrewmeyer in #382
  • feat(cli): new Info category for help, version by @thp-canonical in #400

New Contributors

Full Changelog: v1.9.0...v1.10.0

v1.9.1: make PEBBLE_COPY_ONCE not fail on missing dir

21 Mar 22:24
Compare
Choose a tag to compare

Adds #392, which makes the PEBBLE_COPY_ONCE feature not fail if the source directory is missing.

v1.7.3: fix: validate whole plan, rather than topmost two layers

05 Mar 23:29
Compare
Choose a tag to compare

v1.9.0: notices "select" to "users", health check state lock fix, validation fixes, and more

28 Feb 04:21
95b73bb
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v1.8.0...v1.9.0

v1.7.2: rename notices "select" to "users", avoid acquiring state lock in /v1/health

28 Feb 03:57
Compare
Choose a tag to compare

This patch release adds the following changes since v1.7.1:

  • #368: replace "select=all" with "users=all". Strictly speaking this is a breaking change, however, it was a design mistake and we want to fix it as soon as possible. It's almost certainly that no one is using this feature yet.
  • #369: avoid acquiring state lock in health check endpoint. This fixes (or is one aspect of the fix for) the issue described in https://bugs.launchpad.net/juju/+bug/2052517, so that the GET /v1/health endpoint returns much quicker even when under load.

v1.7.1: deadlock fix

20 Feb 02:15
Compare
Choose a tag to compare

This patch release includes a fix for the "Pebble is unresponsive" deadlock issue described in #314.

Commits compared to v1.7.0: v1.7.0...v1.7.1

v1.4.1: deadlock fix

20 Feb 00:26
Compare
Choose a tag to compare

This patch release includes a fix for the "Pebble is unresponsive" deadlock issue described in #314.

Commits compared to v1.4.0: v1.4.0...v1.4.1