This is an automated email from the ASF dual-hosted git repository.
duncangrant pushed a commit to branch draft-release-notes.md
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
commit 38976261dd85b528fa33681960465fa5a0325b3e
Author: Duncan Grant <duncan.gr...@cloudsoft.io>
AuthorDate: Mon Jan 29 21:22:44 2024 +0000
Draft release notes for 1.1.0
---
guide/misc/release-notes.md | 171 ++++++++++++++++++++++++++++++++++++--------
1 file changed, 143 insertions(+), 28 deletions(-)
diff --git a/guide/misc/release-notes.md b/guide/misc/release-notes.md
index bf8eeb0b..0cf3d7b6 100644
--- a/guide/misc/release-notes.md
+++ b/guide/misc/release-notes.md
@@ -14,36 +14,151 @@ to Brooklyn's commercial users for funding much of this
development.
### New Features
+#### Workflows
+
+Apache Brooklyn now has a powerful workflow engine and syntax for defining
entities, effectors, sensors, and policies.
+The syntax supports longhand, conditions, loops, error-handling, variables, a
large set of built-in step types, and
+the ability to define custom step types.md).
+
+```yaml
+- type: some-entity
+ brooklyn.initializers:
+ - type: workflow-sensor
+ brooklyn.config:
+ sensor: count-how-often-other_sensor-is-published
+ triggers:
+ - other_sensor
+ steps:
+ - let integer x = ${entity.sensor.x} + 1 ?? 0
+ - return ${x}
+```
+
+#### Workflow Enitity (workflow-entity)
+
+Brooklyn now supports a `workflow-entity` where `start` / `stop` are defined
by workflow.
+
+#### Kubectl Task factory, Docker effector and Docker Sensor
+
+This is a practical and highly customizable way to externalize effectors and
sensors to containers run on a Kubernetes cluster or docker container.
+
+```yaml
+name: container-effector
+services:
+ - type: 'org.apache.brooklyn.entity.stock.BasicStartable:1.1.0-SNAPSHOT'
+ brooklyn.initializers:
+ - type: org.apache.brooklyn.tasks.kubectl.ContainerEffector
+ brooklyn.config:
+ name: container-effector
+ description: Very simple container effector
+ shell.env:
+ hello: world-amp
+ image: perl
+ imagePullPolicy: IfNotPresent
+ args:
+ - echo
+ - hello
+```
+
+#### Logbook Viewer
+
+Logbook exposes through a new rest API endpoint the server logs. It’s packaged
with two different logstore implementation:
+- Static logfiles (default)
+- A ElasticSearch instance
+
+Logs can be seen in the about page but also as part of each task execution, as
each task has it’s own ID. As task can create new sub-task, is possible to see
the logs of all the child-task when filtering by the creator.
+
+
+#### Updated to Apache Karaf 4.3.6
+
+Karaf updates:
+
+This release is an important release on the Karaf 4.3.x series containing:
+- upgrade to Pax Logging 2.0.14 with log4j 2.17.1 (fixing CVE-2021-44832)
+- prepare JDK 18 support
+- fix deployment issue by upgrading to Apache Felix FileInstall 3.7.4
+- and much more!
+
+- The Release Notes are available here:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311140&version=12351123
+
+#### Groups Change Policy
+
+New policy for adding policies, enrichers, and initializers to entities as the
join dynamic groups.
+
+#### Connection tag
+
+Inspired by the Terraform `connection` element and added a `connection` tag
that encapsulates connection details. When declared on an entity, any SSH steps
will use the details to establish a connection and execute
+
+#### Add support setup default initializers for all deployment
+
+This looks up a new configuration options called
brooklyn.deployment.initializers (comma separated list). If specified on a
Brooklyn instance, all deployments will load and execute these initializers.
+
+`brooklyn.deployment.initializers=org.apache.brooklyn.core.effector.AddDeploySensorsInitializer`
+
+#### Persistence import/export API
+
+Introducing an API for persistence import/export feature.
+This is intended for file based persistence stores and as a parameter, it
takes the location of root of the persistence store to be imported.
+
+Invoking the operation will merge the new data to the currently existing
store. The process is as follows:
+- new temporary management context is created with the persistence store to be
imported
+- memento of that persistence store is captured
+- bundles from the persistence store are installed in the active management
context - this deals with bundles/types in the catalog and locations
+- contents of relevant directories (policies, enrichers, etc). are written to
the active management context. These are used for the deployed applications
+- rebind method adds the deployed applications to the active management
context without having to reset the full management context/restart the server
+
+#### New ChildrenBatchEffector
+
+Adding a new effector to call a inner effector in all the children entities
where the effector is inserted in batches of a parametrized size.
+
+#### add a Secret object which can be used to capture a secret
+
+This can be used wherever we need extra assurance that credentials are not
accidentally logged or shown in ui
+
+### Security Fixes
+
+#### mitigate CVE-2023-1370
+
+see: https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-3369748
+
+#### Prevent zip slip
+
+Avoid extracting zip files trying to extract files outside the provided path.
+https://security.snyk.io/research/zip-slip-vulnerability
+
+#### Update xstream to 1.4.19 remediating CVE-2021-43859
+
+#### Updated to json-smart 1.4.7
+
+Mitigates [CVE-2021-27568
](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27568) cataloged by
[Snyk](https://security.snyk.io/vuln/SNYK-JAVA-NETMINIDEV-1078499) as
**Critical**
+
+### Bump xstream to 1.4.18 due to high level vulnerabilities
+
+Snyk detected the next vulnerabilities on prev version:
+```
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569176] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569177] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569178] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569179] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569180] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569181] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569182] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Remote Code Execution (RCE) [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569183] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569185] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569186] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Arbitrary Code Execution [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569187] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Server-Side Request Forgery (SSRF) [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569190] in
com.thoughtworks.xstream:xstream@1.4.17
+ ✗ Server-Side Request Forgery (SSRF) [High
Severity][https://snyk.io/vuln/SNYK-JAVA-COMTHOUGHTWORKSXSTREAM-1569191] in
com.thoughtworks.xstream:xstream@1.4.17
+```
+
+#### Bumping org.freemaker due a high severity vulnerability
+
+Detected with snyk:
+https://snyk.io/vuln/SNYK-JAVA-ORGFREEMARKER-1076795
### Backwards Compatibility
-Changes since 0.12.0:
-
-1. BOM files that do not declare a version now give the version of the bundle
to their entities,
- rather than the default `0.0.0-SNAPSHOT` version.
- When loading types, the version can now be specified as any Brooklyn-valid
version string
- equivalent to the OSGi version (e.g. `1-SNAPSHOT` or `1.0.0.SNAPSHOT`).
-
-1. Some catalog methods may return the same type multiple times, if contained
in multiple bundles.
- Previously only one of the bundle's definition of the type was returned.
- Except for anonymous bundles it is no longer allowed to have give items
with the same name and version.
- (This is required to prevent Brooklyn from getting in to a state where it
cannot rebind.)
-
-1. Value resolution is now supported for config default values. Previously
these would be coerced but
- not resolved beyond that -- i.e. TaskFactory values would not have tasks
evaluated, and Map and
- Collection values would not be deeply resolved with their internals coerced
or evaluated.
- This makes the semantics of default values consistent with explicit config
values.
-
-1. Deep config resolution of nested items has changed to be consistent with
when deep config applies.
- Deep config applies to maps and collections, but previously any Iterable
contained therein
- would have a recursive deep config evaluation. Now this is limited to
nested Collection types
- (Lists, Sets, etc) and Maps; nested Iterable instances that are not also
Collections are
- no longer traversed and resolved recursively. This makes their nested
resolution consistent
- with when such instances are non-nested config value, as deep resolution
was not applied there.
- This mainly affects PortRange, where previously if set directly on a config
key it would return
- the PortRange value but if accessed in a map such as `shell.env` any
non-default value would
- be expanded as a list `[1, 2]` (but default values would not be expanded,
as per previous point,
- but now they are).
+No changes since 1.0.0 should affect compatibility with 1.1.0
+
For changes in prior versions, please refer to the release notes for
-[0.12.0]({{ site.path.v | relative_url }}/0.12.0/misc/release-notes.html).
+[1.0.0]({{ site.path.v | relative_url }}/1.0.0/misc/release-notes.html).
