aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf3900a906'
${ noResults }
boundary/website/content/docs/release-notes/v0_14_0.mdx

222 lines
8.3 KiB
Raw Blame History

---
layout: docs
page_title: v0.14.0
description: |-
Boundary release notes for v0.14.0
---
# Boundary 0.14.0 release notes
**GA date:** October 11, 2023
@include 'release-notes/intro.mdx'
## New features
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Feature</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
Boundary Desktop embedded terminal
</td>
<td style={{verticalAlign: 'middle'}}>
An embedded terminal has been added to the Boundary Desktop client for convenience. Now you can use the CLI directly from within Boundary Desktop.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/tutorials/oss-getting-started/oss-getting-started-desktop-app">Install Boundary Desktop tutorial</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
LDAP authorization method
</td>
<td style={{verticalAlign: 'middle'}}>
The LDAP auth method is no longer in beta, it is now fully supported. Administrators can now create, manage, and delete LDAP auth methods along with managed groups and accounts using the admin console UI.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/concepts/domain-model/auth-methods">Auth methods</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Dynamic credential support for storage buckets <sup>HCP/ENT</sup>
</td>
<td style={{verticalAlign: 'middle'}}>
You can now configure dynamic credentials for AWS S3 storage buckets using the Amazon Web Services (AWS) <code>AssumeRole</code> API. We recommend that you configure credentials using <code>AssumeRole</code> instead of access keys when possible.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/configuration/session-recording/create-storage-bucket">Create a storage bucket</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Remote pass-through commands for SSH
</td>
<td style={{verticalAlign: 'middle'}}>
A new SSH flag, <code>remote-command</code> was introduced to the <a href="/boundary/docs/commands/connect/ssh">boundary connect ssh helper</a>. It lets you run the specified commands on the remote-machine using pass-through arguments.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/commands/connect/ssh">connect ssh command</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
New worker health metric
</td>
<td style={{verticalAlign: 'middle'}}>
A new metric was added to the health endpoint to check the connection state of the worker and whether it can connect to an upstream controller. The result is automatically included in the response when you run the health endpoint.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/operations/health">Boundary health endpoints</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Improved telemetry
</td>
<td style={{verticalAlign: 'middle'}}>
Improved telemetry was added to Boundary. You can enable telemetry to gather information about your Boundary cluster.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/configuration/events">events stanza</a>
</td>
</tr>
</tbody>
</table>
## Known issues and breaking changes
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>Version</th>
<th style={{verticalAlign: 'middle'}}>Issue</th>
<th style={{verticalAligh: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
0.13.0+
</td>
<td style={{verticalAlign: 'middle'}}>
Rotation of AWS access and secret keys during a session results in stale recordings
</td>
<td style={{verticalAlign: 'middle'}}>
In Boundary version 0.13.0+, when you rotate a storage bucket's secrets, any new sessions use the new credentials. However, previously established sessions continue to use the old credentials.
<br /><br />
As a best practice, administrators should rotate credentials in a phased manner, ensuring that all previously established sessions are completed before revoking the stale credentials.
Otherwise, you may end up with recordings that aren't stored in the remote storage bucket, and are unable to be played back.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
0.13.0+
</td>
<td style={{verticalAlign: 'middle'}}>
Unsupported recovery workflow during worker failure
</td>
<td style={{verticalAlign: 'middle'}}>
If a worker fails during a recording, there is no way to recover the recording. This could happen due to a network connectivity issue or because a worker is scaled down, for example.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/troubleshoot/troubleshoot-recorded-sessions#unsupported-recovery-workflow">Unsupported recovery workflow</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
0.14.0
<br /><br />
(Fixed in 0.14.1)
</td>
<td style={{verticalAlign: 'middle'}}>
Go CVE-2023-39325
</td>
<td style={{verticalAlign: 'middle'}}>
The version of Go that was used in Boundary release 0.14.0 contained a CVE. The issue was fixed in Go versions 1.21.3 and 1.20. Boundary was updated to use the new Go versions in release 0.14.1, and the issue is resolved.
<br /><br />
Learn more:&nbsp;
<a href="https://github.com/advisories/GHSA-4374-p667-p6c8">HTTP/2 rapid reset can cause excessive work in net/http</a>
<br /><br />
<a href="/boundary/tutorials/self-managed-deployment/upgrade-version">Upgrade to the latest version of Boundary</a>
</td>
</tr>
</tbody>
</table>
## Feature deprecations and EOL
<table>
<thead>
<tr>
<th style={{verticalAlign: 'middle'}}>EOL</th>
<th style={{verticalAlign: 'middle'}}>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style={{verticalAlign: 'middle'}}>
<code>vault</code> credential library subtype
</td>
<td style={{verticalAlign: 'middle'}}>
As noted in the <a href="/boundary/docs/release-notes/v0_12_0#deprecations-and-changes">v0.12.0 release notes</a>, the <code>vault</code> credential library subtype was renamed to <code>vault-generic</code>. The <code>vault</code> subtype is removed in this release, you must use <code>vault-generic</code> now.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/concepts/domain-model/credential-libraries">Credential libraries</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
<code>status</code> field
</td>
<td style={{verticalAlign: 'middle'}}>
As noted in the <a href="https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md#deprecationschanges-3">v0.12.0 changelog</a>, using the <code>-format=json</code> option with the CLI produced inconsistent results. The <code>status</code> field is removed in this release. The <code>status_code</code> field is now used for both successful requests and errors.
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Default port value
</td>
<td style={{verticalAlign: 'middle'}}>
As noted in the <a href="/boundary/docs/release-notes/v0_12_0#deprecations-and-changes">v0.12.0 release notes</a>, targets now require a default port value. Previously, any ports that you defined as part of a host address were ignored, but allowed as part of the target definition. From this version on, if you define a port on a host address it results in an error.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/concepts/domain-model/targets">Targets</a>
</td>
</tr>
<tr>
<td style={{verticalAlign: 'middle'}}>
Application credentials parameter
</td>
<td style={{verticalAlign: 'middle'}}>
As noted in the <a href="https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md#deprecationschanges-6">v0.10.0 changelog</a>, the <code>target</code> subcommands for application credentials were renamed to brokered credentials. The application credentials subcommands are removed in this release. You must use the brokered credential subcommands instead.
<br /><br />
Learn more:&nbsp;
<a href="/boundary/docs/commands/targets">targets</a>
</td>
</tr>
</tbody>
</table>
Reference in new issue View Git Blame Copy Permalink