Skip to content

v1.3.10 - 2022-08-08
Compare
Choose a tag to compare
@bryanculver bryanculver released this 09 Aug 00:35
· 3146 commits to develop since this release
v1.3.10
This tag was signed with the committer’s verified signature.
bryanculver Bryan Culver
GPG key ID: C3FAA78AC311F42B
Learn about vigilant mode.
83a0c9b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Added

  • #1226 - Added custom job intervals package management.
  • #2091 - Added remove_stale_scheduled_jobs management command which removes all stale scheduled jobs and also added has_sensitive_variables field to Job model which prevents the job's input parameters from being saved to the database.
  • #2073 - Added --local option to nautobot-server runjob command.
  • #2080 - Added --data parameter to nautobot-server runjob command.
  • #2143 - Scheduled Job detail view now includes details of any custom interval.

Changed

  • #2025 - Tweak Renovate config for automated package management.
  • #2114 - Home page now redirects to the login page when HIDE_RESTRICTED_UI is enabled and user is not authenticated.
  • #2115 - Patch updates to mkdocs, svgwrite.

Fixed

  • #1739 - Fixed paginator not enforcing max_page_size setting in web ui views.
  • #2060 - Fixed relationship peer_id filter non-existent error on relationship association page.
  • #2095 - Fixed health check failing with Redis Sentinel, TLS configuration.
  • #2119 - Fixed flaky integration test for cable connection UI.

Security

IMPORTANT
With introducing the has_sensitive_variables flag on Job classes and model (see: #2091), jobs can be prevented from storing their inputs in the database. Due to the nature of queuing or scheduling jobs, the desired inputs must be stored for future use.

New safe-default behavior will only permit jobs to be executed immediately, as has_sensitive_variables defaults to True. This value can be overridden by the Job class itself or the Job model edit page. Values entered for jobs executing immediately go straight to the Celery message bus and are cleaned up on completion of execution.

Scheduling jobs or requiring approval necessitates those values to be stored in the database until they have been sent to the Celery message bus for execution.

During installation of v1.3.10, a migration is applied to set the has_sensitive_variables value to True to all existing Jobs. However to maintain backwards-compatibility, past scheduled jobs are permitted to keep their schedule. New schedules cannot be made until an administrator has overridden the has_sensitive_variables for the desired Job.

A new management command exists (remove_stale_scheduled_jobs) which will aid in cleaning up schedules to past jobs which may still have sensitive data stored in the database. This command is not exhaustive nor intended to clean up sensitive values stored in the database. You should review the extras_scheduledjob table for any further cleanup.

Note: Leveraging the Secrets and Secret Groups features in Jobs does not need to be considered a sensitive variable. Secrets are retrieved by reference at run time, which means no secret value is stored directly in the database.

Contributors

New Contributors

Full Changelog: v1.3.9...v1.3.10

Contributors

itdependsnetworks, nniehoff, and 4 other contributors
Assets 4
Loading
0 Join discussion