2.12.2

Overview

This release updates several dependencies in the application template.

Changed

• Updated "cartridge" to 2.7.4 and "metrics" to 0.13.0 in application template.
  Note: in cartridge 2.7.4 bootstrap_vshard does not return an error if
  there is no sharding-config. Now you can call
  cartridge replicasets setup --bootstrap-vshard on a cluster with one router
  and it will not return an error.

2.12.1

Overview

This release updates naming strategy for application packages created with the
cartridge pack command.

Changed

• Loosed cartridge pack --version and --suffix verification,
  so it will log a warning instead of returning an error if non-valid string is passed
  (in terms or RPM/DEB standards)

Added

• Ability to explicitly set a full name of the bundle created by cartridge pack.
  (flag --filename)

Fixed

• Bug that caused a typed command not to be displayed on the terminal after
  exiting the "connect" console

2.12.0

Overview

This release changed the naming strategy for application packages created with the
cartridge pack command and fixed several vulnerabilities

Breaking changes

• Changed cartridge pack naming strategy:
  RPM: <app-name>-<version>[.<suffix>]-1.<arch>.rpm,
  DEB: <app-name>_<version>[.<suffix>]-1_<arch>.deb,
  TGZ: <app-name>-<version>[.<suffix>].<arch>.tar.gz.
  <version> is git describe --tags --long output transformed to X.Y.Z.N or non-transformed --version value.
  (Previously it was transformed to X.Y.Z-N-gHASH with ability to set X.Y.Z-N, X.Y.Z-gHASH with --version.)
• cartridge pack --version value is used as provided without transformation.
  (Previously it had the same restrictions and transformations as git describe --tags --long
  output.)
• cartridge pack --version and --suffix is validated
  after DEB/RPM conventions for corresponding type (see debian policy:
  https://www.debian.org/doc/debian-policy/ch-controlfields.html#version,
  https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_debian_package_file_names,
  rpm policy:
  http://ftp.rpm.org/max-rpm/ch-rpm-file-format.html).

Updates

• Bump Go requirement to 1.18.
• Replace vfsgen with embed for cartridge create template.

Fixed Security Vulnerabilities

• Updated containerd version to 1.5.10 to fix the vulnerability bugs:
  bug was found in containerd where containers launched through containerd’s
  CRI implementation with a specially-crafted image configuration could gain
  access to read-only copies of arbitrary files and directories on the host.
  This may bypass any policy-based enforcement on container setup (including
  a Kubernetes Pod Security Policy) and expose potentially sensitive
  information. Kubernetes and crictl can both be configured to use containerd’s
  CRI implementation.
  CVE ID: CVE-2022-23648
  GHSA ID: GHSA-crp2-qrr5-8pq7
• Updated golang.org/x/text version to 0.3.7 to fix the vulnerability bug:
  due to improper index calculation, an incorrectly formatted
  language tag can cause Parse to panic, due to an out of bounds read.
  If Parse is used to process untrusted user inputs, this may be used
  as a vector for a denial of service attack.
  CVE ID: CVE-2021-38561
• Updated golang.org/x/crypto version to 0.0.0-20211202192323-5770296d904e
  to fix the vulnerability bug:
  there's an input validation flaw in golang.org/x/crypto
readCipherPacket() function. An unauthenticated attacker who sends
  an empty plaintext packet to a program linked with golang.org/x/crypto/ssh
  could cause a panic, potentially leading to denial of service.
  CVE ID: CVE-2021-43565

2.11.0

Overview

This release introduces support of new Tarantool release policy. To use cartridge-cli with Tarantool 2.10.0-beta1 or greater, you must update to this version.

This release also introduces Tarantool benchmark tool (early alpha, API can be changed in the near future).

Breaking changes

Support of new Tarantool release policy do not break compatibility with previous versions of Tarantool (2.8 or older, 1.10 or older). This release introduce several additional version restrictions: we expect something like Tarantool 2.8.3-0-g01023dbc2 (additional flags are also supported), while short versions like Tarantool 2.8.3 are no longer supported. As far as we know, no relevant Tarantool release returns short version, but it may affect custom builds.

Since this release, we no longer publish packages for

• EL6 (CentOS 6.x, RHEL 6.x, CloudLinux 6.x),
• Fedora 29,
• Ubuntu 14.04 (Trusty),
• Debian 8 (Jessie).

New features

• Tarantool benchmark tool (early alpha, API can be changed in the near future).
• Ability to reverse search in cartridge enter and cartridge connect commands.
• Added support for functionality from Golang 1.17.
• Describe scenario of local test run.
• Publish releases for Fedora 31, 32, 33, 34, 35.
• Publish releases for Ubuntu 21.04 (Hirsute).
• Update dependencies in application template.

Bugfixes

• Added support for new Tarantool release policy (#619).
• Updated containerd version to 1.5.8 to fix vulnerability bugs (#663).
• Updated image-spec version to 1.0.2 to fix the vulnerability bug (#664).
• Cartridge errors in the replicasets command are now more readable (#599).
• Removed unnecessary flags (--rocks, --project-path) from cartridge help command (#623).
• Fixed project build with capital letters in the project name (#610).
• Fixed display of Docker image pull (cartridge pack command with --verbose flag) (#627).
• mage clean removes all generated code (#658).
• All mage test commands now depend on code generation step (#658).

2.10.0

Features

• Ability to specify pre and post install scripts for the RPM and DEB (command
  cartridge pack), using the --preinst and --postinst flags.
• cartridge pack generates VERSION.lua file with the current
  version of project.
• Ability to caching any paths specified in pack-cache-config.yml file
  when packaging application via cartridge pack command.
• Ability to specify fd limit in the systemd unit template
  (command cartridge pack) in the systemd-unit-params.yml file.
• cartridge pack now uses the VERSION file from the
  TARANTOOL_SDK_PATH environment variable on building in Docker
• Ability to specify in the systemd-unit-params.yml file arguments passing
  by env with systemd unit file.
• cartridge failover command to manage failover

Bug fixes

• Improved tests in cartridge create template:
  • Tests are reduced to the form corresponding to luatest documentation
  • before_suit now remove .xlog and .snap files
• Now stateboard: true specified in .cartridge.yml affects
  only cartridge start/stop/status/log/clean calls without
  arguments, e.g. cartridge stop router doesn't lead to
  stopping stateboard too, but cartridge stop stops all
  instances includes stateboard.
• Fixed incorrect error message when trying to
  cartridge replicasets bootstrap-vshard without a configured cluster

Changed

• Removed setting cluster_cookie on cartridge.cfg in application template
• Updated metrics to 0.9.0 in application template
• cartridge version and cartridge --version commands
  now show Cartridge CLI and Cartridge versions. Moreover, they
  can show version of the project rocks.

2.9.1

Bug fixes

• Allowed to pack RPM and DEB packages with cartridge pack
  command without default dependencies file.

2.9.0

Changes

• Updated cartridge to 2.6.0 in application template
• Updated metrics to 0.8.0 in application template

Features

• Ability to specify dependencies for the RPM and DEB (command
  cartridge pack), using the --deps and --deps-file flags.

Bug fixes

• Improved cartridge create template:
  • Removed extra http-endpoint metrics in app.roles.custom.lua.
  • Removed mix of spaces and tabs in .rockspec file.

2.8.0

Features

• --spec option for build and pack commands to specify a path to rockspec for current build.

Bug fixes

• It is possible to run an image generated with the cartridge pack docker
  command in an unprivileged Kubernetes container. It became possible, because
  tarantool user now always has UID = 1200 and GID = 1200.
• Correct display of insertion of multi-line code snippets
  in cartridge enter command.
• Improved responsiveness of the cartridge enter and cartridge enter
  commands. Requests that work with a large amount of data have become faster.
• Make pack type case insensitive.

2.7.2

Changes

• Updated cartridge to 2.5.1 in application template
• Updated metrics to 0.7.1 in application template
• Updated cartridge-cli-extensions to 1.1.1 in application template
• Variables TARANTOOL_WORKDIR, TARANTOOL_PID_FILE and
  TARANTOOL_CONSOLE_SOCK can be customized when packing in docker via
  cartridge pack command. Variables CARTRIDGE_RUN_DIR and
  CARTRIDGE_DATA_DIR have also been added.

2.7.1

Changes

• Updated cartridge to 2.5.0 in application template

Bug fixes

• Added interruption of an incomplete expression when pressing
  Ctrl-C in cartridge enter command.
• Packing applications that use cartridge 2.5.0 and higher