Releases: hashicorp/packer
Releases · hashicorp/packer
v1.8.2
1.8.2 (June 21, 2022)
NOTES:
The Packer plugin SDK includes the latest version of the go-getter library, which has been updated to address the vulnerabilities listed in HCSEC-2022-13.
The updated SDK contains changes that can be breaking for some plugins as the updated go-getter settings in the SDK prevent reading/writing through symlinks and to sub-directories that require upward path traversal (e.g /tmp/.../etc/hosts). The updates also includes a 30 minute maximum timeout for file downloading, which can be an issue for very large or slow downloads if they exceed more than 30 minutes to complete.
SECURITY:
- Bump packer-plugin-sdk to v0.3.0 to address reported vulnerabilities within
the go-getter library.
GH-11843 - Bump plugins relying on go-getter for downloading remote files to address
reported vulnerabilities within the go-getter library. See HCSEC-2022-13 for details.
GH-11844
FEATURES:
- Future Scaffolding: This release contains changes that allow Packer core to
validate that a newly built image is a direct child of a HCP Packer
registry source image. This feature is only available for HCP Packer
enabled builds using thehcp_packer_imagedata source for setting a
builder's source image.
GH-11832
PLUGINS:
External plugins have been pinned to the following versions. Please see their
respective changelogs for details on plugin specific bug fixes and
improvements.
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
IMPROVEMENTS:
- Add
pause_afterconfiguration argument to Powershell provisioner.
GH-11792 - HCP Packer data sources will now fail for revoked iterations to prevent building non-compliant images.
GH-11854
BUG FIXES:
- Add missing support for the
envconfiguration argument in remote shell
provisioners. GH-11819 - The preinst and postrm user scripts, including the service configuration
directives, have been removed from the Packer rpm installations packages,
as Packer does not require a service user in order to run.
GH-11831
v1.8.1
1.8.1 (May 27, 2022)
NOTES:
- All bundled plugins have been updated to their latest release to address any
open issues pertaining to the legacy SSH key algorithm fix made to the
Packer plugin SDK.
GH-11761
GH-11802 - This release contains the latest golang.org/x/crypto/ssh module which
implements client authentication support for signature algorithms based on
SHA-2 for use with existing RSA keys. Previously, a client would fail to
authenticate with RSA keys to servers that reject signature algorithms
based on SHA-1.
FEATURES:
- New Datasource HTTP datasource retrieves information from a HTTP
endpoint to be used during Packer builds.
GH-11658
PLUGINS:
External plugins have been pinned to the following versions. Please see their
respective changelogs for details on plugin specific bug fixes and
improvements.
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
- [email protected] - CHANGELOG
IMPROVEMENTS:
- Bump hcp-sdk-go to latest version.
GH-11763 - Plugins installed via the
packer plugins installcommand will now
automatically load for builds using HCL2 templates without a
required_plugins block.
GH-11712 - Plugins installed via the
packer plugins installcommand will now
automatically load for builds using JSON templates.
GH-11712
BUG FIXES:
v1.8.0
1.8.0 (March 4, 2022)
NOTES:
- Breaking Change: The
packer-plugin-check(github.com/hashicorp/packer/cmd/packer-plugins-check) has been replaced by thepacker-sdc plugin-checkcommand. Plugin maintainers who may be using the packer-plugin-check as part of their release pipeline are encouraged to move to the packer-sdc command. As an alternative, maintainers can continue to use the packer-plugin-check by pinning the command to Packer 1.7.10. GH-11317
FEATURES
IMPROVEMENTS
- core: Add a
envargument to provisioner blocks that allow for setting a
map of key/value pairs to inject prior to the execute_command. The env argument
is an alternative to using environment_vars for setting environment variables,
which has the added ability to read from Packer datasources. GH-11569 - core: Bump version of go-getter to allow for downloading ISOs with PGP signed
checksums. GH-11495 - core: Docker images are now available for all supported architectures that
the linux binaries are built for including arm, arm64, 386, and amd64
GH-11564
GH-11601
GH-11603 - core: Packer's linux package service configs and pre/post install scripts are
now available under .release/linux.
GH-11601
GH-11603 - core: Packer's linux packages are now available for all supported linux
architectures including arm, arm64, 386, and amd64
GH-11564
GH-11601
GH-11603 - core: The dockerfile that is used to build the packer docker image available
at hashicorp/packer now lives in the root of this repo. The README that
describes how to build the docker targets defined in the Dockerfile are
available under ./release/docker/README.md.
GH-11564
GH-11601
GH-11603 - core: The packer-plugin-check command has been removed. Plugin maintainers
should update their release configuration to use thepacker-sdc plugin- checkcommand. GH-11317
BUG FIXES
- core/hcl2: Fixes an issue preventing builds from pausing between provisioners when
the--debugargument has been passed.
GH-11537 - core/hcl2: Fixes a data loss issue when merging an empty-object map to a non-
empty map variable.
GH-11566 - core/hcl2: Fixes a regression where references to locals via the lookup
function were failing to find defined keys.
GH-11566 - core/hcl2: Fixes an issue where HCP Packer build labels from the first
completed build image were being copied to all images within the same
build. GH-11574
GH-11584 - core: HCP Packer datasources will no longer fail for iterations with
scheduled revocations.
GH-11619 - core: Packer darwin builds now use macOS system DNS resolver for resolving
hostnames.GH-9710
GH-11564
