DC/OS Version 1.11.10 was released on February 12, 2019.
DC/OS 1.11.10 includes the following components:
DC/OS is a distributed operating system that enables you to manage resources, application deployment, data services, networking, and security in an on-premise, cloud, or hybrid cluster environment.
Issues Fixed in DC/OS 1.11.10
This release of DC/OS 1.11.10 addresses a security vulnerablity for container runtimes as identified by the RunC community and registered in the Common Vulnerabilities and Exposures (CVR) database.
For information about other issues fixed or known issues for the most recent release of DC/OS 1.11 prior to this security fix, see the release notes 1.11.9.
DCOS-48052 - An update to the containerizer launch binary prevents a malicious user from exploiting the
inithelper function used by container runtimes–including DockerD, containerD, and UCR. Without this change, a malicious user could gain access to a container’s root-level permissions and use those permissions to execute potentially malicious code on the host.
This issue has been reported by the RunC community (CVE-2019-5736) and affects the Docker Engine and Mesosphere Kubernetes Engine (MKE) container runtime components. The issue has also been reported by the Apache Mesos community for the Mesosphere Universal Container Runtime (UCR). All existing versions of DC/OS, Mesosphere Kuberentes Engine, and Docker Engine are affected by this vulnerability. However, this vulnerability does not affect DC/OS clusters or UCR containers if the cluster runs using the
strictsecurity mode and uses the default
nobodyuser account to launch UCR containers.
About DC/OS 1.11
DC/OS 1.11 includes many new capabilities with a focus on:
- Managing clusters across multiple clouds. Enterprise
- Production Kubernetes-as-a-service.
- Enhanced data security. Enterprise
- Updated data services.
Provide feedback on the new features and services at support.mesosphere.com.
New Features and Capabilities in DC/OS 1.11
- Multi-region management - Enables a DC/OS cluster to span multiple datacenters, clouds, and remote branches while providing a unified management and control cluster. View the documentation. Enterprise
- Linked clusters - A cluster link is a unidirectional relationship between one cluster and another. You can add and remove links from one cluster to another cluster using the DC/OS CLI. Once a link is set up, you can easily switch between clusters using the CLI or UI. View the documentation. Enterprise
- Fault domain awareness - Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. View the documentation. Enterprise
- Decommission nodes - Support for permanently decommissioning nodes makes it easier to manage
spotcloud instances, allowing for immediate task rescheduling. View the documentation
- Edge-LB 1.0. View the documentation. Enterprise
- IPv6 is now supported for Docker containers.
- Performance improvements to the DC/OS network stack - All networking components (minuteman, navstar, spartan) are aggregated into a single systemd unit called
dcos-net. Read this note to learn more about the re-factoring of the network stack.
- The configuration parameter
dns_forward_zonesnow takes a list of objects instead of nested lists (DCOS_OSS-1733). View the documentation to understand its usage.
- Secrets Management Service
- Secrets can now be binary files in addition to environment variables.
- Hierarchical access control is now supported.
- The DC/OS metrics component now produces metrics in Prometheus format. View the documentation.
- Unified logging API provides simple access to container (task) and system component logs. View the documentation.
- DC/OS Storage Service 0.1 (beta) - DSS users will be able to dynamically create volumes based upon profiles or policies to fine-tune their applications storage requirements. This feature leverages the industry-standard Container Storage Interface (CSI) to streamline the development of storage features in DC/OS by Mesosphere and our community and partner ecosystems. View the documentation.Beta Enterprise
- Pods now support persistent volumes. View the documentation.Beta
Updated DC/OS Data Services
- TLS encryption for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS is now supported. Enterprise
- Fault domain awareness for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic and DC/OS HDFS. Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. Enterprise
- New API endpoint to pause a node for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS. Use this endpoint to relaunch a node in an idle command state for debugging purposes.
- New DC/OS Kafka ZooKeeper service. View the documentation.
- You can now select a DC/OS data service version from a dropdown menu in the DC/OS UI.
- Improved scalability for all DC/OS data services.