This is an automated email from the ASF dual-hosted git repository. duncangrant pushed a commit to branch draft-release-notes.md in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
commit 38976261dd85b528fa33681960465fa5a0325b3e Author: Duncan Grant <duncan.gr...@cloudsoft.io> AuthorDate: Mon Jan 29 21:22:44 2024 +0000 Draft release notes for 1.1.0 --- guide/misc/release-notes.md | 171 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 143 insertions(+), 28 deletions(-) diff --git a/guide/misc/release-notes.md b/guide/misc/release-notes.md index bf8eeb0b..0cf3d7b6 100644 --- a/guide/misc/release-notes.md +++ b/guide/misc/release-notes.md @@ -14,36 +14,151 @@ to Brooklyn's commercial users for funding much of this development. ### New Features +#### Workflows + +Apache Brooklyn now has a powerful workflow engine and syntax for defining entities, effectors, sensors, and policies. +The syntax supports longhand, conditions, loops, error-handling, variables, a large set of built-in step types, and +the ability to define custom step types.md). + +```yaml +- type: some-entity + brooklyn.initializers: + - type: workflow-sensor + brooklyn.config: + sensor: count-how-often-other_sensor-is-published + triggers: + - other_sensor + steps: + - let integer x = ${entity.sensor.x} + 1 ?? 0 + - return ${x} +``` + +#### Workflow Enitity (workflow-entity) + +Brooklyn now supports a `workflow-entity` where `start` / `stop` are defined by workflow. + +#### Kubectl Task factory, Docker effector and Docker Sensor + +This is a practical and highly customizable way to externalize effectors and sensors to containers run on a Kubernetes cluster or docker container. + +```yaml +name: container-effector +services: + - type: 'org.apache.brooklyn.entity.stock.BasicStartable:1.1.0-SNAPSHOT' + brooklyn.initializers: + - type: org.apache.brooklyn.tasks.kubectl.ContainerEffector + brooklyn.config: + name: container-effector + description: Very simple container effector + shell.env: + hello: world-amp + image: perl + imagePullPolicy: IfNotPresent + args: + - echo + - hello +``` + +#### Logbook Viewer + +Logbook exposes through a new rest API endpoint the server logs. It’s packaged with two different logstore implementation: +- Static logfiles (default) +- A ElasticSearch instance + +Logs can be seen in the about page but also as part of each task execution, as each task has it’s own ID. As task can create new sub-task, is possible to see the logs of all the child-task when filtering by the creator. + + +#### Updated to Apache Karaf 4.3.6 + +Karaf updates: + +This release is an important release on the Karaf 4.3.x series containing: +- upgrade to Pax Logging 2.0.14 with log4j 2.17.1 (fixing CVE-2021-44832) +- prepare JDK 18 support +- fix deployment issue by upgrading to Apache Felix FileInstall 3.7.4 +- and much more! + +- The Release Notes are available here: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12351123 + +#### Groups Change Policy + +New policy for adding policies, enrichers, and initializers to entities as the join dynamic groups. + +#### Connection tag + +Inspired by the Terraform `connection` element and added a `connection` tag that encapsulates connection details. When declared on an entity, any SSH steps will use the details to establish a connection and execute + +#### Add support setup default initializers for all deployment + +This looks up a new configuration options called brooklyn.deployment.initializers (comma separated list). If specified on a Brooklyn instance, all deployments will load and execute these initializers. + +`brooklyn.deployment.initializers=org.apache.brooklyn.core.effector.AddDeploySensorsInitializer` + +#### Persistence import/export API + +Introducing an API for persistence import/export feature. +This is intended for file based persistence stores and as a parameter, it takes the location of root of the persistence store to be imported. + +Invoking the operation will merge the new data to the currently existing store. The process is as follows: +- new temporary management context is created with the persistence store to be imported +- memento of that persistence store is captured +- bundles from the persistence store are installed in the active management context - this deals with bundles/types in the catalog and locations +- contents of relevant directories (policies, enrichers, etc). are written to the active management context. These are used for the deployed applications +- rebind method adds the deployed applications to the active management context without having to reset the full management context/restart the server + +#### New ChildrenBatchEffector + +Adding a new effector to call a inner effector in all the children entities where the effector is inserted in batches of a parametrized size. + +#### add a Secret object which can be used to capture a secret + +This can be used wherever we need extra assurance that credentials are not accidentally logged or shown in ui + +### Security Fixes + +#### mitigate CVE-2023-1370 + +see: https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748 + +#### Prevent zip slip + +Avoid extracting zip files trying to extract files outside the provided path. +https://security.snyk.io/research/zip-slip-vulnerability + +#### Update xstream to 1.4.19 remediating CVE-2021-43859 + +#### Updated to json-smart 1.4.7 + +Mitigates [CVE-2021-27568 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568) cataloged by [Snyk](https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499) as **Critical** + +### Bump xstream to 1.4.18 due to high level vulnerabilities + +Snyk detected the next vulnerabilities on prev version: +``` + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Remote Code Execution (RCE) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Arbitrary Code Execution [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Server-Side Request Forgery (SSRF) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190] in com.thoughtworks.xstream:xstream@1.4.17 + ✗ Server-Side Request Forgery (SSRF) [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191] in com.thoughtworks.xstream:xstream@1.4.17 +``` + +#### Bumping org.freemaker due a high severity vulnerability + +Detected with snyk: +https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795 ### Backwards Compatibility -Changes since 0.12.0: - -1. BOM files that do not declare a version now give the version of the bundle to their entities, - rather than the default `0.0.0-SNAPSHOT` version. - When loading types, the version can now be specified as any Brooklyn-valid version string - equivalent to the OSGi version (e.g. `1-SNAPSHOT` or `1.0.0.SNAPSHOT`). - -1. Some catalog methods may return the same type multiple times, if contained in multiple bundles. - Previously only one of the bundle's definition of the type was returned. - Except for anonymous bundles it is no longer allowed to have give items with the same name and version. - (This is required to prevent Brooklyn from getting in to a state where it cannot rebind.) - -1. Value resolution is now supported for config default values. Previously these would be coerced but - not resolved beyond that -- i.e. TaskFactory values would not have tasks evaluated, and Map and - Collection values would not be deeply resolved with their internals coerced or evaluated. - This makes the semantics of default values consistent with explicit config values. - -1. Deep config resolution of nested items has changed to be consistent with when deep config applies. - Deep config applies to maps and collections, but previously any Iterable contained therein - would have a recursive deep config evaluation. Now this is limited to nested Collection types - (Lists, Sets, etc) and Maps; nested Iterable instances that are not also Collections are - no longer traversed and resolved recursively. This makes their nested resolution consistent - with when such instances are non-nested config value, as deep resolution was not applied there. - This mainly affects PortRange, where previously if set directly on a config key it would return - the PortRange value but if accessed in a map such as `shell.env` any non-default value would - be expanded as a list `[1, 2]` (but default values would not be expanded, as per previous point, - but now they are). +No changes since 1.0.0 should affect compatibility with 1.1.0 + For changes in prior versions, please refer to the release notes for -[0.12.0]({{ site.path.v | relative_url }}/0.12.0/misc/release-notes.html). +[1.0.0]({{ site.path.v | relative_url }}/1.0.0/misc/release-notes.html).