Also note that there may be more patches released in the 2.0 series. Watch the Milestone for 2.0.x OOD2.0 Patch Release Milestone · GitHub for the upcoming updates to 2.0. You can also watch for releases on Github to get notifications of when releases are made!
Version 2.0.9 is now available and you should upgrade.
A critical bug was fixed in uploading directories. In 2.0.8 the first file uploaded turns into a directory with no executable permissions. The workaround is to chmod on the directory, move and rename the file - or just delete the file and re-upload it.
staged_root is now available in the submit.yml.erb context. So you can do something like this, separating stdout and stderr in the submit file:
We’ve found an issue in the file editor zeroing files. Sites with 2.0.x should disable the file-editor by changing permissions on the directory or this file. This will ensure your users don’t accidentally zero out their files when using the file-editor. We’re working on a fix and will post to this announcement once we have one ready.
It contains a security fix for kuberenetes & Open ID Connect users. kubectl commands ran as root logged to syslog and these entries contain OIDC tokens. If you run kubernetes with OIDC you should upgrade immediately.
It also fixes peer to peer app sharing and the new pinned apps features. Sites that run p2p app sharing will have to pin all the usr apps to have parity with a 1.8- dashboard landing page. App icons no longer show up by default.
Other items of note:
OOD_NAVBAR_TYPE correctly uses light
File previews now correctly show utf-8 characters
Sites can now disable ‘ssh to compute node’ on a per cluster basis (along with the site wide, global setting)
Similar to 1.8, 2.0 can now disable shell button in the files app, though the mechanism has changed. It’s no longer controlled through an environment variable, rather a yaml config in ondemand.d files.
Release notes have been updated for these items where they change.
2.0.17, a security release, is now publicly available.
Sites running 2.0.X should update as soon as they can. This does not affect versions 1.8 or below.
I’m terribly sorry to do this, but 2.0.17 released yesterday was only a partial fix for insecure svg files.
2.0.17 incorrectly previewed files with extension .SVG (all caps) or a mix of capitalization and lowercase (like .SvG). 2.0.18 now treats all svg extensions the same – forcing the browser to download the file instead of previewing it.
Sites should update to 2.0.18 to ensure their customers don’t open malicious svg files within their site’s context.
Again, this does not affect versions 1.8 or below.
Open OnDemand 2.0.29 is now available. The biggest change is around our NodeJS dependency. NodeJS 12 has come to end of life for all platforms, so it’s no longer receiving security patches. So we had to upgrade to NodeJS 14 at this time.
Instructions for upgrading are below and we’re updating our automation for the same.
The Job Composer now allows for job composer to copy environment. This will use --EXPORT=ALL instead of --EXPORT=NONE for Slurm (the default is NONE) schedulers to use srun during the jobs execution.
The job composer can now hide job arrays based on the OOD_HIDE_JOB_ARRAYS environment variable.
A new batch connect template - vnc_container has been added to support running batch connect applications in a container (documentation coming soon).
Dynamic batch connect settings for minimums and maximums can now apply to multiple items.
Dynanic batch connect settings can now use / in the names.
SSH to compute node buttons can be disabled when OOD_BC_SSH_TO_COMPUTE_NODE is set to false.
We had to upgrade to node js 14 because 12 is end of life on all platforms and will not receive security updates.
SHA1 hashes are used instead of MD5 for systems that have enabled FIPS.
The linux host adapter now correctly interacts with apptainer and singularity both. Previous versions do not account for apptainer’s updates and sites that have upgraded to apptainer and use the linux host adapter may find issues specifically around the ability to delete linux host adapter jobs.
Using 0s in data-min- or data-max- directives now works correctly.