diff --git a/website/content/docs/release-notes/v0_19_0.mdx b/website/content/docs/release-notes/v0_19_0.mdx new file mode 100644 index 0000000000..232d708ba6 --- /dev/null +++ b/website/content/docs/release-notes/v0_19_0.mdx @@ -0,0 +1,175 @@ +--- +layout: docs +page_title: v0.19.0 release notes +description: >- + Learn more about the new features included in the Boundary 0.19.0 release. Understand any deprecations, changes, and known issues. +--- + +# Boundary 0.19.0 release notes + +**GA date:** January 30, 2024 + +@include 'release-notes/intro.mdx' + +## Important changes + + + + + + + + + + + + + + + + + + + + + + + + + + +
ChangeDescription
+ Role creation + + In a future version Boundary will no longer automatically create roles when new scopes are created. This was implemented prior to multi-scope grants to ensure administrators and users had default permissions in new scopes. Since Boundary 0.15, initial roles created for new clusters provide these permissions by default to all scopes using multi-scope grants. +
+ Docker image no longer contains curl + + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary. The image now includes wget, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having curl in the image, you can dynamically install it using apk. +

+ Learn more:  Known issues and breaking changes +
+ Go version 1.23 TLS handshake behavior changes + + Boundary version 0.18.x uses Go version 1.23, which introduced a new TLS handshake behavior. Some VPN providers struggle with the TLS handshake being sent over 2 frames instead of 1, which can lead to Boundary version 0.18.x and later controllers, workers, or clients being unable to establish connections. As a workaround, you can revert back to the previous TLS handshake behavior. +

+ Learn more:  Known issues and breaking changes +
+ +## New features + + + + + + + + + + + + + + + + + + +
FeatureUpdateDescription
+ Dynamic host catalogs for GCP + + GA + + Boundary now supports dynamic host catalogs for GCP. +

+ When you configure dynamic host catalogs, Boundary securely queries infrastructure providers at runtime to discover and configure new services. You can define rules for whether you want Boundary to add any discovered hosts as members of the host set. +

+ Learn more: Host discovery and GCP dynamic hosts. +
+ +## Known issues and breaking changes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
VersionIssueDescription
+ 0.13.0+ + + Rotation of AWS access and secret keys during a session results in stale recordings + + In Boundary version 0.13.0+, when you rotate a storage bucket's secrets, any new sessions use the new credentials. However, previously established sessions continue to use the old credentials. +

+ As a best practice, administrators should rotate credentials in a phased manner, ensuring that all previously established sessions are completed before revoking the stale credentials. + Otherwise, you may end up with recordings that aren't stored in the remote storage bucket, and are unable to be played back. +
+ 0.13.0+ + + Unsupported recovery workflow during worker failure + + If a worker fails during a recording, there is no way to recover the recording. This could happen due to a network connectivity issue or because a worker is scaled down, for example. +

+ Learn more:  + Unsupported recovery workflow +
+ 0.17.1+ + + Docker image no longer contains curl + + As of version 0.17.1 and later, the curl binary is no longer included in the published Docker container image for Boundary. +

+ The image now includes wget. You can use wget to check the health endpoint for workers. +

+ Learn more:  Check the health endpoint using wget +

+ If your workflow depends on having curl in the image, you can dynamically install it using apk. Refer to the following commands for examples of using apk to install curl: +

+ <CONTAINER-ID> apk add curl +

+ or +

+ kubectl exec -ti <NAME> -- apk add curl +
+ 0.18.x+ + + Boundary version 0.18.x and later CLI is unable to establish connections using the boundary connect command + + Boundary version 0.18.x uses Go version 1.23, which introduced a new TLS handshake behavior. Some VPN providers struggle with the TLS handshake being sent over 2 frames instead of 1, which can lead to Boundary version 0.18.x and later controllers, workers, or clients being unable to establish connections. As a workaround, you can revert back to the previous TLS handshake behavior. +

+ To revert back to the previous TLS handshake behavior, add the tlskyber=0 parameters to the GODEBUG environment variable before the boundary connect command. For example: +

+ GODEBUG=tlskyber=0 boundary connect ssh -target-id <ID> +

+ Learn more: Go issue #70047 and Go 1.23 Release Notes +

+
\ No newline at end of file diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 3034749aec..1fd3d8050e 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -1817,6 +1817,10 @@ "title": "Overview", "path": "release-notes" }, + { + "title": "v0.19.0", + "path": "release-notes/v0_19_0" + }, { "title": "v0.18.0", "path": "release-notes/v0_18_0"