v1.27.0-fips: first FIPS release

This is the first FIPS-compliant release of Pebble.

It is on par with the mainline v1.27.0 release, except all cryptography use is removed:

• basic authentication is disabled
• HTTPS in server, client, health checks and log exporters is disabled

What's Changed

• feat: FIPS in a branch by @dimaqq in #734

Full Changelog: v1.26.0-fips...v1.27.0-fips

v1.27.0: syslog log forwarding

This release adds a syslog log target type for forwarding service logs to syslog (TCP or UDP, no TLS). Thanks to @jy5275 on the Networking APAC team for adding this feature.

In it includes an improvement to the pebble pull error message when the file is not found, and a couple of small docs changes.

What's Changed

• feat: support forwarding log to syslog in #725
• feat: support forwarding log to syslog via UDP in #732
• docs: replace redirecting links with the new locations in #749
• client: improve error message when pulling non-existent files in #754
• docs: update the release procedure to include FIPS builds in #764

New Contributors

• @jy5275 made their first contribution in #725
• @Nurysso made their first contribution in #749

Full Changelog: v1.26.0...v1.27.0

v1.26.0-fips: Dummy base release for FIPS-compliant Pebble

What is this?

This is not a real release. It's the base on top of which the FIPS-compliant Pebble source code is built.

What's Changed

• feat: support forwarding log to syslog by @jy5275 in #725
• chore: run gopls modernize on the codebase by @dimaqq in #728
• chore: update Rockcraft documentation links by @tonyandrewmeyer in #733
• ci: upload failed snapcraft build logs by @dimaqq in #736
• ci: generate SBOM and run security scan in CI by @james-garner-canonical in #731
• chore: temporarily disable snap builds in the fips branch by @dimaqq in #745

Full Changelog: v1.26.0...v1.26.0-fips

v1.26.0: mTLS support, various fixes

This release includes mTLS support for projects that build on Pebble (#708 and #715), as well as mTLS client pairing requests on the /v1/pairing API endpoint (#702).

In addition, it includes two bug fixes:

• don't run "start" tasks again, to avoid spurious restarts in #709
• avoid error log when daemon retries "exec" tasks on startup in #714

Full Changelog: v1.25.0...v1.26.0

v1.25.0: "cert" identity type, various fixes

This is a minor release with only one small new feature: a "cert" identity type (#694) -- this is not useful by itself, but will be used in upcoming mTLS work. In addition, this release includes various bug fixes and CI improvements.

What's Changed

• test(testutil): remove test using reaper in #692
• fix: websocket connection timeout in #691
• chore: logging and error handling improvement related to websocket connection in #695
• chore: fix failed unit test in #697
• refactor: move appendTimestamp from servicelog to logger in #700
• fix(plan): empty sections should support defaults in #699
• chore(golangci-lint): update to latest in #703
• fix: make checkstate TestFailures tests more reliable in #701
• ci: remove incorrect argument in #704
• feat(identity): support certificate type identity in #694

New Contributors

• @Chris-Peterson444 made their first contribution in #692

Full Changelog: v1.24.0...v1.25.0

v1.24.0: opentelemetry, security event logging, exec fixes

This release adds an opentelemetry log target type to send logs in OpenTelemetry format and adds security event logging (SEC0045), in addition to several fixes to pebble exec (thanks @anpep) and performance and documentation improvements. It also adds a Snap for RISC-V architecture.

What's Changed

• feat: add security event logging in #666
• feat: send logs in opentelemetry format in #663
• fix(cmdstate): concurrent access to executions map in #686
• fix(cmdstate,wsutil): don't report websocket close errors in #670
• ci: add support for riscv64 architecture when building snap in #688
• perf: improve performance of serializing log timestamps in #674
• docs: update links to Ops docs in #667
• docs: add section on cryptographic technology in #678

New Contributors

• @brancz made their first contribution in #674

Full Changelog: v1.23.0...v1.24.0

v1.23.0: in-memory state, "successes" for checks, prune service logs

This release adds several minor features, notably the option for the daemon to use in-memory state (PEBBLE_PERSIST=never), a "successes" field to show the number of times a health check has run successfully in pebble checks, and a feature that prunes service logs of inactive services after a certain time period.

Notable PRs

• feat: add "successes" field to checks API and CLI output in #633
• docs: update service start order in #651
• docs: create coding style guide in #612
• feat: prune service logs and serviceData in service manager in #653
• fix: avoid second copy when combining layers in #650
• feat: in-memory state in #658

Full Changelog: v1.22.2...v1.23.0

v1.22.2: update golang.org/x packages

This release updates the golang.org/x to quiet security advisories (GHSA-qxp5-gwg8-xv66 may affect Pebble as it uses HTTP). Thanks @miketonks for the contribution (#630).

Full Changelog: v1.22.1...v1.22.2

v1.19.2: avoid panic when Pebble restarts after stop-checks

This is a bugfix release on the 1.19-maintenance branch that prevents a panic when the Pebble daemon restarts after a stop-checks operation (#625).

Full Changelog: v1.19.1...v1.19.2

v1.22.1: avoid panic when Pebble restarts after stop-checks

This is a bugfix release that prevents a panic when the Pebble daemon restarts after a stop-checks operation (#625).

It also includes a minor change to the client package to always add Content-Type: application/json to requests (#619), and an update to the docs starter pack and build scripts (#615).

Full Changelog: v1.22.0...v1.22.1