Release Notes

1.3

Migration Guide

For a step-by-step guide migrating from Grey Matter 1.2 to 1.3, follow the 1.3 Migration Guide.

Artifacts

Grey Matter 1.3 GA artifacts are now available. Artifacts can be found in the staging repositories:

Server versions

Fabric

  • gm-proxy:1.5.1

  • gm-control:1.5.3

  • gm-control-api:1.5.4

  • gm-jwt-security:1.2.0

  • gm-jwt-security-gov:1.2.0

  • greymatter:2.0.1 (CLI)

Sense

  • gm-catalog:1.2.2

  • gm-dashboard:4.0.2

  • gm-slo:1.2.0

Platform Services

  • gm-data:1.1.5

  • gm-apier:2.0.4

Tooling

Added

Fixed

  • gm-proxy now properly parses Base64 encoded certificates

  • gm-proxy does not segfault when using the oidc-validation filter and the userInfo block is not configured

  • gm-proxy can set more than one header via filters

  • gm-proxy memory leaks

  • gm-jwt-security creates path for users.json if it doesn't exist

  • gm-jwt-security-gov will not assert on blank attributes

  • gm-control AWS ECS plugin support for different network modes

  • gm-control continues polling failed namespaces

  • gm-control trims whitespace when specifying multiple namespaces for k8s service discovery

  • gm-control re-enables Prometheus stats backend via the GM_CONTROL_STATS_BACKENDS environment variable

  • gm-catalog sends Allow header with 405 response codes

  • gm-catalog bug causing main thread to block when updating an existing xDS server configuration

  • gm-control-api now allows PUT on the /zone route

  • gm-control-api rejects duplicate Proxy objects with the same name fields

  • gm-control-api ensures a Proxy object name only matches one sidecar

  • gm-control-api Domain redirects now allow users to perform port rewrites

  • gm-control-api Route level redirects work

  • gm-dashboard misc bug fixes and browser support

  • gm-dashboard moved selected listener to URL state and ensured consistent ordering of listeners in the control panel

  • gm-data filehandle leaks

  • gm-data security hole where users with update privileges but no delete or purge privileges on a file could update the file to add delete and purge privileges

  • gm-data bug when misspelling function names in object-policy, creating a nil pointer crash

  • gm-data bug in plaintext serialization of custom attributes

  • gm-data bug fix when using literal paths in parentoid. If you had multiple matching home directories, you might get the message 'the update requires jwt field Name to match object field' even though it is misspelled. Now there is the ability to set parentoids literally, e.g. parentoid:"1/world/[email protected]/documents" for name:"plans.doc". It should create all intermediate directories if they do not already exist.

  • gm-data allows the kv pair to look in a JWT for blobkey permissions to be configurable, so it is possible for bots to read from AWS CLI

Changed

  • gm-proxy JWT Security filter sets better defaults for timeouts and caching

  • gm-proxy base build updated to Envoy v1.15

  • gm-control Consul plugin now supports an ACL token

  • gm-control and gm-control-api output structured error logs, configured via the GM_CONTROL_CONSOLE_FORMAT (control) and GM_CONTROL_API_LOG_FORMAT (control api) env vars

  • gm-dashboard performance improvements with large number of cards in Fabric view

  • gm-dashboard displays filter configuration as JSON in the control panel

  • gm-slo-service deprecation warning on /businessImpact endpoint, it is now a field on the Cluster object in gm-catalog

  • gm-data returns cluster and zone in all responses

  • gm-data log format is altered to give timestamps of the event, not start of http call

  • gm-data GET /stats now reports the size of Mongo database pool

  • gm-data no longer allows the creation of world-writable files

  • All Fabric and Sense services now serve OpenAPI documentation in either JSON, YAML, or HTML format

  • All Go-based Fabric, Sense, and Platform services upgraded to Go v1.14.6

  • All NodeJS-based Sense services upgraded

Known Issues

  • gm-apier crashes with the error [CRITICAL] WORKER TIMEOUT when fetching a file if more than one worker process is started. The severity of this issue has been reduced by changing the number of workers in the pool to 1. With this setting, the maximum file size limit during HTTP file fetching is around 20-25mb. gm-apier can still handle files loaded directly from the file system up to at least 500mb.