aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '72e6ea8da0'
${ noResults }
boundary/website/content/docs/release-notes/v0_18_0.mdx

172 lines
6.5 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
layout: docs
page_title: v0.18.0
description: |-
Boundary release notes for v0.18.0
---
# Boundary 0.18.0 release notes
**GA date:** October 15, 2024
@include 'release-notes/intro.mdx'
## Important changes
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Change</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Role creation
</td>
<td style={{verticalAlign: 'middle'}}>
In a future version Boundary will no longer automatically create roles when new scopes are created. This was implemented prior to multi-scope grants to ensure administrators and users had default permissions in new scopes. Since Boundary 0.15, initial roles created for new clusters provide these permissions by default to all scopes using multi-scope grants.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Docker image no longer contains <code>curl</code>
</td>
<td style={{verticalAlign: 'middle'}}>
As of version 0.17.1 and later, the <code>curl</code> binary is no longer included in the published Docker container image for Boundary. The image now includes <code>wget</code>, which you can alternatively use to check the health endpoint for a worker. If your workflow depends on having <code>curl</code> in the image, you can dynamically install it using <code>apk</code>.
<br /><br />
Learn more:&nbsp; <a href="#known-issues-and-breaking-changes">Known issues and breaking changes </a>
</td>
</tr>
</tbody>
</table>
## New features
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Feature</th>
<th style={{verticalAlign: 'middle'}}>Update</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Transparent sessions
</td>
<td style={{verticalAlign: 'middle'}}>
BETA
</td>
<td style={{verticalAlign: 'middle'}}>
Transparent sessions allows users to eliminate steps in their current workflows using Boundarys Client Agent, a component that operates in the background to intercept network traffic and automatically route this traffic through a session if the user is authenticated and authorized.
<br /><br />
Platform teams and access management teams that administer Boundary can now build much faster, simpler secure remote access workflows that feel more intuitive and invisible to their developer customers.
<br /><br />
Learn more:&nbsp;<a href="/boundary/docs/concepts/transparent-sessions">Transparent sessions</a> and <a href="/boundary/docs/api-clients/client-agent">Client Agent</a>.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Backblaze B2 support for storage buckets
</td>
<td style={{verticalAlign: 'middle'}}>
GA
</td>
<td style={{verticalAlign: 'middle'}}>
Backblaze B2 is now supported as a storage provider for session recording storage buckets.
<br /><br />
Learn more:&nbsp;<a href="/boundary/docs/configuration/session-recording/storage-providers/configure-s3-compliant">Configure an S3-compliant storage provider</a>.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
AssumeRole support for AWS dynamic host catalogs
</td>
<td style={{verticalAlign: 'middle'}}>
GA
</td>
<td style={{verticalAlign: 'middle'}}>
AWS host plugins now support AssumeRole. AssumeRole returns a set of temporary security credentials that you can use to access AWS resources.
<br /><br />
Learn more:&nbsp;<a href="/boundary/docs/concepts/host-discovery/aws">AWS dynamic host catalogs</a>.
</td>
</tr>
</tbody>
</table>
## Known issues and breaking changes
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Version</th>
<th style={{verticalAlign: 'middle'}}>Issue</th>
<th style={{verticalAligh: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
0.13.0+
</td>
<td style={{verticalAlign: 'middle'}}>
Rotation of AWS access and secret keys during a session results in stale recordings
</td>
<td style={{verticalAlign: 'middle'}}>
In Boundary version 0.13.0+, when you rotate a storage bucket's secrets, any new sessions use the new credentials. However, previously established sessions continue to use the old credentials.
<br /><br />
As a best practice, administrators should rotate credentials in a phased manner, ensuring that all previously established sessions are completed before revoking the stale credentials.
Otherwise, you may end up with recordings that aren't stored in the remote storage bucket, and are unable to be played back.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
0.13.0+
</td>
<td style={{verticalAlign: 'middle'}}>
Unsupported recovery workflow during worker failure
</td>
<td style={{verticalAlign: 'middle'}}>
If a worker fails during a recording, there is no way to recover the recording. This could happen due to a network connectivity issue or because a worker is scaled down, for example.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/troubleshoot/troubleshoot-recorded-sessions#unsupported-recovery-workflow">Unsupported recovery workflow</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
0.17.1+
</td>
<td style={{verticalAlign: 'middle'}}>
Docker image no longer contains <code>curl</code>
</td>
<td style={{verticalAlign: 'middle'}}>
As of version 0.17.1 and later, the <code>curl</code> binary is no longer included in the published Docker container image for Boundary.
<br /><br />
The image now includes <code>wget</code>. You can use <code>wget</code> to check the health endpoint for workers.
<br /><br />
Learn more:&nbsp; <a href="/boundary/docs/operations/health#check-the-health-endpoint-using-wget">Check the health endpoint using <code>wget</code></a>
<br /><br />
If your workflow depends on having <code>curl</code> in the image, you can dynamically install it using <code>apk</code>. Refer to the following commands for examples of using <code>apk</code> to install <code>curl</code>:
<br /><br />
<code>&lt;CONTAINER-ID&gt; apk add curl</code>
<br /><br />
or
<br /><br />
<code>kubectl exec -ti &lt;NAME&gt; -- apk add curl</code>
</td>
</tr>
</tbody>
</table>
Reference in new issue View Git Blame Copy Permalink