OnDemand 3.1 release

Hi. We’ve just made the Open OnDemand 3.1.0 release available. We’ve had it installed at OSC for just about a week and have not found any issues, though CSC has found one when using ssh_allow in batch connect applications.

Highlights for this release include:

See the full release notes here for more information. Thank you to everyone who contributed to this release!

https://osc.github.io/ood-documentation/latest/release-notes/v3.1-release-notes.html

1 Like

To be clear, the bug CSC found was pertains to this configuration ssh_allow.

https://osc.github.io/ood-documentation/latest/installation/cluster-config-schema.html?highlight=ssh_allow#batch-connect

3.1.1 has been released with the bugfix for centers that disable shell connections with ssh_allow.

3.1.4 is generally available with some bug fixes and a few security related fixes.

Fixed

  • The path_selector now responds to labels and can be hidden in in 3467.
  • Pinned app icons are now centered correctly in 3374.

Added

  • ood_core now sends heartbeats to noVNC connections to keep them alive in 3467.
  • Batch connect jobs now serialize completed_at attributes in 3467.

Security

  • The files app now uses ActionController::Live to support streaming large files in 3467 preventing out of memory exceptions.
  • The regular expression for mime types has been updated in 3482.
2 Likes

3.1.7 is now generally available with some bug fixes and at least 1 security related fix. Note that the security fix is around leaking secret environment variables so it’s very important to update.

Fixed

  • Logo Images no longer take 100% width.
  • Dynamic batch connect forms now accept fields with numbers like data-hide-gpus-num-v100
  • host_based_profiles now correctly route to the correct server alias

Added/Changed

  • ood_portal.yml now has http_redirect_host to specify the host to redirect to when redirecting from http to https (to support `host_based_profiles).
  • Passenger and Ngxinx have been updated to 6.0.20 and 1.24.0 respectively.
  • Nginx stage commands for cleaning PUNs use ps instead of lsof for performance in containerized environments.

Security

  • The dashboard and job composer now sanitize the environment before submitting jobs. This prevents leaking sensitive environment variables like SECRET_KEY_BASE to the job.

See here for the full changelog: Comparing v3.1.4...v3.1.7 · OSC/ondemand · GitHub

1 Like