Skip to content

CHANGELOG.md

Latest commit

 

History

History
343 lines (239 loc) · 15.6 KB

CHANGELOG.md

File metadata and controls

343 lines (239 loc) · 15.6 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.23.1] - 2026-03-23

Fixed

  • Migrate release pipeline from slsa-github-generator to actions/attest-build-provenance via org-wide reusable workflow — fixes release builds blocked by SHA-pinning ruleset (#542)

Security

  • Migrate go-viper/mapstructure v1 to v2.4.0 — fixes GO-2025-3787 and GO-2025-3900 (sensitive information leak in logs) (#544)

[0.23.0] - 2026-03-22

Added

  • env-file support: load environment variables from files for all job types, like Docker's --env-file (#540, closes #314)
  • env-from support: copy environment variables from a running Docker container at job execution time (#540, closes #336, #351)

Fixed

  • Environment variable substitutions containing # or ; were parsed as INI inline comments, truncating values like SMTP passwords (#539, fixes #538)
  • Environment variable expansion now works in webhook config values (secret, url, etc.) and section names (#539)
  • log-level config value now supports ${VAR} expansion in the pre-parse path (#539)

Security

  • SHA-pin all GitHub Actions and add Dependabot for actions updates (#536)

Dependencies

  • Bump the github-actions group with 20 updates (#537)

[0.22.0] - 2026-03-20

Added

  • Environment variable substitution in INI config files with ${VAR} and ${VAR:-default} syntax (#532, closes #362)

Dependencies

  • Bump aquasecurity/trivy-action from 0.28.0 to v0.35.0 (#532)
  • Bump step-security/harden-runner from v2.12.0 to v2.16.0 (#533)
  • Bump codecov/codecov-action from v5.5.2 to v5.5.3 (#533)
  • Bump go.opentelemetry.io/otel from v1.40.0 to v1.42.0 (#533)
  • Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from v1.38.0 to v1.42.0 (#533)
  • Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from v0.65.0 to v0.67.0 (#533)
  • Bump go.opentelemetry.io/proto/otlp from v1.9.0 to v1.10.0 (#533)
  • Bump google.golang.org/protobuf from v1.36.10 to v1.36.11 (#533)
  • Bump google.golang.org/grpc from v1.77.0 to v1.79.3 (#531)

[0.21.5] - 2026-03-18

Added

  • ofelia version command and --version flag (#528)
  • job-service-run now supports volume for mounting host directories and named volumes (#529, closes #527)

[0.21.4] - 2026-03-17

Fixed

  • Fix job-service-run network not attached to service (#525, closes #524)
    • convertToSwarmSpec now reads networks from both ServiceSpec.Networks and TaskTemplate.Networks
  • Complete convertFromSwarmService with missing field conversions: Mounts, RestartPolicy, Resources, Networks, Mode, Placement, LogDriver, EndpointSpec (#525)

Added

  • Swarm service adapter now converts Placement, LogDriver, and EndpointSpec in both directions (#525)
  • 13 round-trip tests for the service adapter conversion layer (#525)

[0.21.3] - 2026-03-15

Fixed

  • Wire missing container spec fields across job types (#520, closes #519)
    • job-service-run: add environment, hostname, dir support
    • job-run: add working-dir support, wire volumes-from (was in struct but unused)
    • job-exec: add privileged support
    • Fix misleading documentation claiming job-service-run inherits from RunJob

[0.21.2] - 2026-03-14

Security

  • Hide WebPasswordHash and WebSecretKey from /api/config endpoint (#511)
  • Remove CSRF bypass via X-Requested-With header (#511)
  • Implement rate limiter cleanup to prevent memory exhaustion DoS (#511)
  • Only trust X-Forwarded-For and X-Real-IP from trusted proxies to prevent IP spoofing (#511)
  • Make trusted proxies configurable via web-trusted-proxies (#511)

Fixed

  • Propagate context to Docker API calls so cancellation and shutdown reach containers (#511)
  • Prevent double-close panic on daemon done channel (#511)
  • Add mutex to Config to prevent concurrent map access crash (#511)
  • Execute shutdown hooks in priority groups, not all concurrently (#511)
  • Enforce shutdown timeout even when hooks ignore context (#511)
  • Return NonZeroExitError for non-zero Swarm service exit codes (#511)

Dependencies

  • Bump golang.org/x/crypto from 0.48.0 to 0.49.0 (#512)
  • Bump github.com/netresearch/go-cron from 0.13.0 to 0.13.1 (#514)
  • Bump golang.org/x/time from 0.14.0 to 0.15.0 (#515)

[0.17.0] - 2025-12-22

Added

  • Secure Web Authentication (#408)

    • Complete bcrypt password hashing with HMAC session tokens
    • Secure cookie handling with HttpOnly, Secure, and SameSite flags
    • Support for reverse proxy HTTPS detection (X-Forwarded-Proto)
    • Password hashing utility: ofelia hashpw

  • Doctor Command Enhancements (#408)

    • Web authentication configuration checks in ofelia doctor
    • Validates password hash format and token secret strength

  • ntfy-token Preset (#409)

    • Bearer token authentication for self-hosted ntfy instances
    • Supports both ntfy.sh and self-hosted deployments with access tokens

  • Webhook Host Whitelist (#410)

    • New webhook-allowed-hosts configuration option
    • Default: * (allow all hosts) - consistent with local command trust model
    • Whitelist mode when specific hosts are configured
    • Supports domain wildcards (e.g., *.slack.com)

  • CronClock Interface (#412)

    • Testable time abstraction for scheduler testing
    • FakeClock implementation for instant, deterministic tests
    • go-cron compatible Timer interface

Security

  • Cookie Security Hardening (#411)

    • Secure, HttpOnly, and SameSite=Lax flags on all cookies
    • HTTPS detection for reverse proxy deployments
    • Security boundaries ADR documenting responsibility model

  • GitHub Actions Pinning (#411)

    • All workflow actions pinned to SHA for supply chain security
    • CodeQL updated to v3.31.9

Improved

  • Test Infrastructure (#412)

    • Complete gocheck to stdlib+testify migration
    • Eventually pattern replacing time.Sleep-based synchronization
    • Parallel test execution with t.Parallel()
    • Race condition fixes detected by -race flag

  • Performance (#412)

    • Sub-second scheduling for faster test execution
    • Optimized pre-commit and pre-push hooks
    • Test suite runtime reduced by ~80%

  • Linting (#413)

    • Comprehensive golangci-lint configuration audit
    • All linting issues resolved

Documentation

  • Security Boundaries ADR (#411)

    • ADR-002 documenting security responsibility model
    • Clear separation between Ofelia and infrastructure responsibilities

  • Webhook Documentation (#410)

    • Host whitelist configuration guide
    • Security model explanation

[0.16.0] - 2025-12-10

Fixed

  • Docker Socket HTTP/2 Compatibility
    • Fixed Docker client connection failures on non-TLS connections introduced in v0.11.0
    • OptimizedDockerClient now only enables HTTP/2 for HTTPS (TLS) connections
    • HTTP/2 is disabled for Unix sockets, tcp://, and http:// (Docker daemon only supports HTTP/2 over TLS with ALPN)
    • Resolves "protocol error" issues when connecting to /var/run/docker.sock or tcp://localhost:2375
    • HTTP/2 enabled only for https:// connections where Docker daemon supports ALPN negotiation
    • Added comprehensive unit tests covering all connection types (9 scenarios)
    • Technical details: Docker daemon does not implement h2c (HTTP/2 cleartext) - HTTP/2 requires TLS

[0.11.0] - 2025-11-21

Critical Fixes

  • Command Parsing in Swarm Services (#254)

    • Fixed critical bug where strings.Split broke quoted arguments in Docker Swarm service commands
    • Now uses args.GetArgs() to properly handle commands like sh -c "echo hello world"
    • Prevents command execution failures in complex shell commands

  • LocalJob Empty Command Panic (#254)

    • Fixed documented bug where empty commands caused runtime panic
    • Now returns proper error instead of crashing
    • Prevents service crashes from malformed job configurations

Security

  • API Security Validation (#254)

    • Added validation for LocalJob and ComposeJob API endpoints
    • Prevents command injection attacks via API
    • Validates file paths, service names, and command arguments

  • Privilege Escalation Logging (#244)

    • Enhanced logging for security monitoring
    • Better detection of privilege escalation attempts

  • Dependency Updates

    • Updated golang.org/x/crypto to v0.45.0 for CVE fixes

Performance

  • Enhanced Buffer Pool (#245)

    • Multi-tier adaptive pooling system
    • 99.97% memory usage reduction (2000 MB → 0.5 MB for 100 executions)
    • Automatic size adjustment and pool warmup

  • Optimized Docker Client (#245)

    • Connection pooling for reduced overhead
    • Thread-safe concurrent operations
    • Health monitoring and automatic recovery

  • Reduced Polling (#254)

    • Increased legacy polling interval from 500ms to 2s
    • 75% reduction in Docker API calls (200/min → 50/min per job)
    • Significant CPU and network usage improvement

  • Performance Metrics Framework (#245)

    • Comprehensive metrics for Docker operations
    • Memory, latency, and throughput tracking
    • Real-time performance monitoring

Added

  • Container Annotations

    • Support for custom annotations on RunJob and RunServiceJob
    • Default Ofelia annotations for job tracking
    • User-defined metadata for containers and services

  • WorkingDir for ExecJob

    • Support for setting working directory in exec jobs
    • Backward compatible with existing configurations

  • Opt-in Validation

    • New enable-strict-validation flag
    • Allows gradual migration to strict validation
    • Prevents breaking changes for existing users

  • Git Hooks with Lefthook

    • Go-native git hooks for better portability
    • Pre-commit, commit-msg, pre-push, post-checkout, post-merge hooks
    • Automated code quality checks and security scans

Documentation

  • Architecture Diagrams (#252)

    • System architecture overview
    • Component interaction diagrams
    • Data flow visualization

  • Complete Package Documentation (#247)

    • Comprehensive package-level documentation
    • Security guides and best practices
    • Practical usage guides

  • Docker Requirements

    • Documented minimum Docker version requirements
    • API compatibility notes

  • Exit Code Documentation (#254)

    • Clear documentation of Ofelia-specific exit codes
    • Swarm service error codes (-999, -998)

Fixed

  • Go Version Check (#251)
    • Corrected inverted logic in .envrc Go version check
    • Ensures correct Go version enforcement

Changed

  • Updated go-dockerclient to v1.12.2
  • Migrated from Husky to Lefthook for git hooks
  • Improved CI/CD pipeline with comprehensive security scanning

Internal

  • Removed AI assistant artifacts and outdated documentation (#246, #253)
  • Enhanced test suite with comprehensive integration tests
  • Improved code organization and maintainability

[0.10.2] - 2025-11-15

Previous release.

Migration Guide v0.10.x → v0.11.0

Breaking Changes

None - This release is backward compatible with v0.10.x

Recommended Actions

  1. Review API Usage: If you create jobs via API, ensure commands are properly validated
  2. Check Swarm Commands: Verify complex shell commands in service jobs work correctly
  3. Monitor Performance: Observe improved memory usage and reduced API calls
  4. Enable Metrics: Consider enabling the new metrics framework for monitoring

New Configuration Options

# Optional: Enable strict validation (default: false)
[global]
enable-strict-validation = true

# New: Container annotations
[job-run "example"]
annotations = com.example.key=value, app.version=1.0

Deprecations

None in this release.

For more information, see: