Headline
CVE-2023-3485: Release v1.20.0 · temporalio/temporal
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.
Release Highlights****Upgrade action
- SERVICE_FLAGS environment variable for docker images is removed, use SERVICES instead.
- The dynamic config setting matching.useOldRouting was removed and old routing is not available anymore. If you’re upgrading and did not set it earlier, set it to false across your cluster before the upgrade to minimize task dispatch disruption during deployment.
Deprecation heads-up
The following softwares will not be supported in future versions:
- MySQL 5.7: planned to be removed by v1.21; please upgrade to MySQL 8.0.17+.
- PostgreSQL 9.6 to 11: planned to be removed by v1.21; please upgrade to PostgreSQL 12+.
Advanced visibility
We’re launching advanced visibility features for SQL databases (see more below). However, this required a significant change in the existing functionality when used with Elasticsearch. Up until v1.19, when you create a custom search attribute of a given type, say Keyword, you could actually store a list of Keyword values. This will no longer be supported. If you have a search attribute of type Keyword, you will only be able to store a single Keyword value. If you wish to store a list of values, you can create a search attribute of type KeywordList. This is the only type that supports list of values, ie., there’s no equivalent for any other type (Int, Datetime, etc.).
$ temporal operator search-attribute create --name CustomField --type KeywordList
If you are using Elasticsearch, you can change the type of a Keyword search attribute to KeywordList type by re-creating the search attribute (warning: this will only work as expected if the value stored is already a list; otherwise, it will lead to unexpected errors):
$ temporal operator search-attribute remove --name CustomField $ temporal operator search-attribute create --name CustomField --type KeywordList
For backwards compatibility, if you’re using Elasticsearch, list of values is still supported for all search attribute types. However, we discourage such usage. Furthermore, future releases of SDK will deprecate API accepting list of values, and change it to be strong typed so it won’t accept list of values.
Advanced visibility on SQL DB (beta testing)
Advanced visibility features are now supported using one of the supported SQL databases (MySQL 8.0.17+, PostgreSQL 12+, and SQLite):
- Per namespace, you can create up to 3 custom search attributes for each of the types Bool, Datetime, Double, Int, Text and KeywordList, and up to 10 custom search attributes of type Keyword.
- You’ll be able to call the List API using SQL-like queries (ORDER BY and LIKE operators are not supported, check the documentation for more details).
Here are the steps to enable this feature [warning: for all commands below, please be aware of replacing the database parameters (user, password, host, port) accordingly to your use case]:
Upgrade Temporal Server to v1.20. If you don’t want to enable advanced visibility features, then stop here. Everything should work as usual.
Upgrade your database to MySQL 8.0.17+ or PostgreSQL 12+ if you’re using an older version. Please check with official documentation on how to upgrade MySQL and PostgreSQL. We also recommend making a backup of your data before taking any actions.
[Optional step for MySQL users] If you upgraded from MySQL 5.7, convert the database character set to utf8mb4(learn more about character sets in the MySQL documentation). The following commands are an example of how you can convert both the temporal and temporal_visibility databases (check the MySQL documentation for more details on changing the character set for databases and tables):
$ DB=temporal; ( echo 'SET foreign_key_checks=0; ALTER DATABASE `’$DB’` CHARACTER SET utf8mb4;’; mysql $DB -u root -proot -e “SHOW TABLES” --batch --skip-column-names | xargs -I{} echo ‘ALTER TABLE `’{}’` CONVERT TO CHARACTER SET utf8mb4;’ ) | mysql $DB -u root -proot $ DB=temporal_visibility; ( echo 'SET foreign_key_checks=0; ALTER DATABASE `’$DB’` CHARACTER SET utf8mb4;’; mysql $DB -u root -proot -e “SHOW TABLES” --batch --skip-column-names | xargs -I{} echo ‘ALTER TABLE `’{}’` CONVERT TO CHARACTER SET utf8mb4;’ ) | mysql $DB -u root -proot
Update the schema (if you need to set TLS cert, check our documentation for more details on the temporal-sql-tool command):
MySQL 8.0.17+:
$ ./temporal-sql-tool --ep localhost -p 3306 -u root -pw root --pl mysql8 --db temporal_visibility update-schema -d ./schema/mysql/v8/visibility/versioned
PostgreSQL 12+:
$ ./temporal-sql-tool --ep localhost -p 5432 -u temporal -pw temporal --pl postgres12 --db temporal_visibility update-schema -d ./schema/postgresql/v12/visibility/versioned
Change the sql.pluginName config to mysql8 or postgres12 accordingly.
Restart Temporal Server.
If you have previously created custom search attributes while using standard visibility, you’ll need to create them again. Do not delete the existing ones, just execute the command to create a new custom search attribute. For example, if you had created a custom search attribute named CustomField of type Keyword, then execute the following command (make sure you update to the latest version of Temporal CLI tool):
$ temporal operator search-attribute create --namespace default --name CustomField --type Keyword
For SQLite users, we do not support schema updates. Therefore, if you’re using SQLite file-based storage, you’ll need to reset your database from scratch.
Archival feature
We reimplemented the Archival feature using a separate task queue, providing higher efficiency, better resource isolation, and strong durability guarantees. Most importantly, Archival will now infinitely retry with an exponential backoff function before deleting any data. Before this change, Archival would only retry for a maximum of five minutes.
Workflow Update (alpha)
Workflow Updates enable gRPC clients to issue requests to workflow executions that mutate internal workflow state and return a response.
- This is an alpha quality release that must not be used for production workloads. Only workers using the Go SDK are supported. Workflow histories that include update events from this release may not be replayable by future releases.
- Workflow Updates are disabled by default. To enable UpdateWorkflowExecution API change frontend.enableUpdateWorkflowExecution dynamic config value to true.
- There is a new example in the samples-go repository demonstrating both how to invoke and how to handle updates.
Replication between clusters with different shard counts
Temporal Server 1.20 added capability to connect and replicate between 2 clusters with different shard count. The requirement is one cluster’s shard count is another one’s multiple (Y=NX, Y and X are shard count, and N is a natural number). Shard count is a scale unit, cluster could run into scale limit if the choose shard count is too small. This new feature make it possible to move live workload to a new cluster with larger shard count. It works the other way as well if you want to reduce your shard count.
Note: Temporal server 1.19 and earlier versions require 2 clusters to have exact same shard count if they want to be connected.
BatchOperation to support DeleteWorkflow
Add delete workflow as another supported action to BatchOperation API.
Otel 0.34
Open telemetry upgraded to 0.34. 0.34 Otel release contains a breaking change. All counters will be append a ‘_total’ suffix.
Default authorizer
If you’re using the default authorizer (note that the default authorizer is not used by default, you have to explicitly configure it), you should be aware of a few changes:
The special case for temporal-system namespace was removed. This namespace is used by various workflows that run on the system worker service.
Separately, two recent features, Schedules and Batch v2, require the system worker to connect to namespaces other than temporal-system. If your claim mapper was not properly authenticating the system worker service and giving it a System: RoleAdmin claim, then this special case meant that system workflows would work but Schedules and Batch v2 would not.
Now that this case is removed, your system workers might have trouble connecting to the frontend unless you make some other changes. Either 1) your claim mapper should properly authenticate the system worker and give it a System: RoleAdmin claim, or 2) use Internal Frontend to bypass the claim mapper for internode connections to frontend. See the Internal Frontend section below.
The special case for requests with no namespace was removed, and replaced with a check for two specific requests: gRPC health checks, and GetSystemInfo. All other requests with no namespace in the request, e.g. ListNamespaces now require corresponding claims to be allowed. If you were relying on that special case, you may have to adjust your claim mapper to add a System: RoleReader claim for authorized clients.
Because frontend.enableTokenNamespaceEnforcement defaulted to false, the no-namespace special case could also have been a security hole, depending on your claim mapper: if a client sent a request with a namespace in the token but an empty namespace field at the top level of the request, it would pass the authorizer without a proper check for a namespace claim. That dynamic config now defaults to true.
Internal frontend
There’s a new deployment option that can simplify worker→frontend communication, mTLS, claim mappers, and authorizers: the internal-frontend. You should consider using internal-frontend if:
- You’re using a claim mapper and authorizer (either default or custom) and there’s no easy way to differentiate between the system worker service and external clients.
- You were relying on the special case for temporal-system (see above) in the default authorizer or your custom authorizer.
- You’re using mTLS and you want to use a different CA for internode connections and external client connections to frontend.
Basically, internal-frontend makes the system worker service and frontend work like the other “internode” services (history and matching) so you can secure them in the same way.
To use it:
- Create an internal-frontend section in your static config under services by copying frontend and adjusting the ports (we suggest 7236/6936 but any works).
- Make sure the publicClient section is removed from static config.
- Add a new deployment that uses -service internal-frontend on its command line. If using mTLS, provide it with the same “internode” certs and keys as history and matching.
If you’re using pre-built docker images, set environment variable USE_INTERNAL_FRONTEND to 1 instead of the static config changes above.
Note that metrics will appear with service_name=internal-frontend so you might have to make adjustments to your obsrevability as well. Logs will appear tagged with {"service":"frontend","internal-frontend":true}.
You can use dynamic configs internal-frontend.globalNamespaceRPS and internal-frontend.globalNamespaceRPS.visibility to adjust the incoming rate limits for internal-frontend separately from [external] frontend.
Security-related changes
- Multiple changes to the default authorizer (see Default authorizer section above) #3706
- frontend.enableTokenNamespaceEnforcement dynamic configuration setting now defaults to true #3798
- The previous setting allowed cross-namespace access when presenting a task token where the namespace ID and the namespace fields have different values.
- Task tokens are generally handled entirely by clients, but can be created by end-users
- Thanks to Jacob LeGrone at DataDog for finding and reporting this insecure default.
- We strongly urge all users to upgrade to 1.20 or, if unable to upgrade, enable this configuration option
Scheduled Workflows GA
There are a few new dynamic config options for tuning the system worker service and schedules:
worker.perNamespaceWorkerOptions: map option to set options for workers for schedules and batch v2. Allows namespace constraints. Set values like this:
worker.perNamespaceWorkerOptions:
- value: MaxConcurrentWorkflowTaskPollers: 10
worker.stickyCacheSize: integer option to control sticky cache size for workers. Global to the process. Defaults to the SDK default (10,000).
worker.schedulerNamespaceStartWorkflowRPS: float value to set a maximum
number of workflows started by schedules at the namespace level. Allows
namespace constraints. Defaults to 30.
You may need to adjust these if you’re making heavy use of the schedules feature.
There are a few new metrics you can monitor also: schedule_missed_catchup_window, schedule_rate_limited, schedule_buffer_overruns, schedule_action_success, schedule_action_errors, schedule_cancel_workflow_errors schedule_terminate_workflow_errors.
With these changes and the authorizer/internal-frontend changes to make it easy for the system worker service to have the necessary access in all configurations, we’re calling the scheduled workflows feature generally available.
All changes
2022-11-30 - 681ce45 - Fix service_latency_nouserlatency (#3677)
2022-12-01 - 79a572d - Remove empty visibility tag (#3681)
2022-12-01 - 21ed2aa - Update next release version (#3683)
2022-12-05 - 4907ff9 - Use empty namespace metrics tag if namespace not found (#3686)
2022-12-05 - c94d2bf - Refactor history cache to its own package (#3601)
2022-12-05 - 34e256a - Test that ShardOwnershipLostErrors are never retried (#3625)
2022-12-07 - d112ea8 - Update dashboards (#3694)
2022-12-07 - bece27d - Add metrics scopes for the archival queue (#3566)
2022-12-08 - 72aa9bd - Add an integration test for acquireShard (#3678)
2022-12-08 - eb88af4 - Add random delay to ArchiveExecutionTask (#3565)
2022-12-08 - 8a71b94 - Add a utility for reliably fetching search attributes and memo (#3687)
2022-12-08 - f0c2e58 - Disable the Test_DeleteExecutionsWorkflow_ManyExecutions_NoContinueAsNew test because it is flaky (#3699)
2022-12-08 - 1af8a94 - Fix flaky CreateIndex method (#3698)
2022-12-08 - b1943f7 - docs: add specific make step to README on the tools/sql path (#3697)
2022-12-08 - b47046f - Move ServiceName to primitives and use everywhere (#3695)
2022-12-09 - e127430 - Update Go SDK to v1.19.0 (#3701)
2022-12-09 - 55cdd69 - Adds DPanic and Panic level logging (writes log, then panics) (#3689)
2022-12-09 - ad1176c - Adds DPanic and Panic level logging (writes log, then panics) (#3689)
2022-12-09 - 4c4ef46 - Adds DPanic and Panic level logging (writes log, then panics) (#3689)
2022-12-09 - ae223cf - Filter replication task on source cluster (#3641)
2022-12-09 - 912dc51 - Fix flaky shard controller tests (#3693)
2022-12-12 - 0f27ed2 - Add sdk-features trigger to PRs (#3627)
2022-12-12 - 8ca4b2c - Handle data loss error in replication read history (#3704)
2022-12-13 - 2abbea9 - Separate archival integration tests into their own suite (#3707)
2022-12-13 - 0331549 - Add an archival task executor (#3663)
2022-12-13 - 532c422 - Add an archival queue factory (#3562)
2022-12-13 - 7a147f6 - Use namespace from schedule activity worker (#3680)
2022-12-15 - ea698fa - Remove old queue processing logic (#3716)
2022-12-15 - 0b4df6a - Rename metrics.Handler to avoid name stuttering (#3713)
2022-12-16 - 728f6ce - Improve archival_test (#3719)
2022-12-16 - 5a4e0a9 - Fix ArchiveExecutionTask key type (#3720)
2022-12-16 - 70b5969 - Remove unused cluster parameter from task notification (#3718)
2022-12-16 - edd3f0a - Fix bug not setting CanSkipVisibilityArchival (#3721)
2022-12-19 - 23a2c4e - Fix errcheck warnings in cmd/tools (#3729)
2022-12-20 - a7240b4 - Fix ES bulk processor commit timeout (#3696)
2022-12-20 - 6fbc4f4 - Rename mutableStateImpl receiver (#3737)
2022-12-20 - 0ad773b - Remove scheduled and started events from transient workflow task info (#3736)
2022-12-20 - b572419 - Fix bug where we return nil when there’s an error in the archival queue (#3723)
2022-12-20 - e57edab - Fix range variable in archiver_test not being captured (#3724)
2022-12-20 - fb3f2f9 - Fix errcheck in service/frontend (#3733)
2022-12-20 - 12e4162 - Document that errors in goro.Group.Go functions are ignored (#3734)
2022-12-20 - c6a89c0 - Workflow task state machine: minor renames (#3735)
2022-12-20 - 2b761b4 - Remove internal bulk processor retries (#3739)
2022-12-21 - 661880f - Refactor transient workflow task state machine (#3740)
2022-12-21 - b2c5357 - Verify cluster name in remove cluster call (#3715)
2022-12-21 - 11b808a - Fix errcheck in ./host/ (#3741)
2022-12-21 - d896157 - Fix errcheck in ./common/persistence/ (#3743)
2022-12-21 - 1454f84 - Fix errcheck in service/worker/ (#3731)
2022-12-21 - 957cfa4 - Fix errcheck in ./common/archiver/ (#3744)
2022-12-21 - 676b744 - Fix errcheck in ./common/membership/ (#3742)
2022-12-21 - 3cb9232 - Clean namespace handover (#3692)
2022-12-21 - 2171a17 - Fix errcheck in ./common/rpc/ (#3752)
2022-12-22 - 3a322bb - Use latest replication task time as sync shard time (#3722)
2022-12-22 - 86e9d32 - Consolidate linters with golangci-lint (#3758)
2022-12-22 - ba2d711 - Remove unused Temporal interface (#3761)
2022-12-22 - 825d39c - Fix errcheck in service/matching (#3756)
2022-12-22 - 3292907 - Fix errcheck in temporal/ (#3757)
2022-12-22 - f09ea5c - Fix errcheck in service/history (#3754)
2022-12-23 - ff58057 - Handle unhandled errors in tests/ directory (#3730)
2022-12-23 - 930a5e8 - Handle unhandled errors in tools/ (#3748)
2022-12-23 - 5278b2e - Fix some unhandled deferred errors in ./common/ (#3750)
2022-12-23 - 7d66087 - Fix gofmt and add Go report card (#3751)
2022-12-28 - 4e8601a - Create an FX Module for Archival (#3726)
2022-12-28 - 5640a98 - Fix some lostcancel errors (#3764)
2022-12-28 - c912454 - Fix errcheck in service/history/shard (#3755)
2022-12-28 - 92b8758 - Add an integration test for durable archival (#3732)
2022-12-28 - e57f97f - Fix token count in archival rate limiter (#3749)
2022-12-28 - d970aa4 - Fine-tune the Revive linter (#3763)
2022-12-29 - 98545f9 - Remove unused parameters from task executable (#3747)
2022-12-29 - adf7c54 - Fix NPE in task channelWeightFn (#3766)
2023-01-03 - a22db81 - Remove deprecated code from queue implementation (#3770)
2023-01-03 - 32b5d91 - Make persistence tests consistent in handling ShardID (#3772)
2023-01-04 - 7215a32 - Validate shard id in shard controller (#3776)
2023-01-04 - a026002 - Remove task max retry count config (#3771)
2023-01-04 - ac8717c - Separate integration tests and unit tests (#3760)
2023-01-06 - 9c25286 - Trigger golangci-lint on pull requests (#3781)
2023-01-06 - e91760f - Add speculative workflow task (#3768)
2023-01-06 - 3882bb6 - Capture task processing panic (#3779)
2023-01-06 - 04ce8e3 - Deprecate old namespace change callback (#3774)
2023-01-09 - aa76719 - Expose replicateWorkflowState API in history (#3783)
2023-01-09 - 3e31880 - Add a component to assign polling shards (#3775)
2023-01-09 - ea893d1 - Disable eager activities for Python 0.1a1, 0.1a2, and0.1b1 too (#3793)
2023-01-10 - bb4ec7f - Prioritize worker pool shutdown (#3795)
2023-01-10 - c5254f3 - Address a few linter errors (#3780)
2023-01-10 - 1a9695e - Add internal-frontend role (#3706)
2023-01-11 - 851c634 - Rename host tests to functional tests (#3782)
2023-01-11 - e5883b9 - Minor test target fixes (#3801)
2023-01-11 - bd13fc6 - TW 219 - update links across repos (#3785)
2023-01-11 - ef98234 - Turn on frontend.enableTokenNamespaceEnforcement by default (#3798)
2023-01-11 - 6319a28 - Add NewInternalErrorWithDPanic for common dpanic pattern (#3797)
2023-01-11 - 5b182a7 - Capture panic in replication task processing (#3799)
2023-01-11 - d527a19 - Rename sdk-features to features (#3796)
2023-01-11 - daff5f1 - Add separate dynamic config knobs for internal-frontend rate limiting (#3800)
2023-01-11 - dc932a1 - Fix recover call (#3804)
2023-01-11 - bd06826 - Read cluster shard count from DB (#3788)
2023-01-12 - 26503cf - Drop task on serialization error (#3803)
2023-01-12 - b132fc2 - Redirect replication requests when shard count is different (#3789)
2023-01-13 - 0bf1137 - Add test definition in readme (#3807)
2023-01-13 - 51fd1dd - Allow start many replication pollers in one shard (#3790)
2023-01-13 - 3948854 - Allow connect clusters with different shards (#3777)
2023-01-17 - 0a90b77 - Fix datarace in forwarder_test (#3767)
2023-01-17 - efb3bc1 - Fix redirect replicate workflow state (#3809)
2023-01-17 - c24c83f - Use generics in jitter (#3717)
2023-01-18 - a54483d - Fix flaky jitter test (#3814)
2023-01-19 - 4576a10 - Add debug.TimeoutMultiplier to all timeouts (#3815)
2023-01-19 - 5413d18 - Add mock archival queue processors to history engine tests (#3817)
2023-01-19 - eb4b574 - Fix some bugs in the archival queue task executor (#3813)
2023-01-19 - e0081fd - Fix a rare deadlock in scanner.Stop (#3818)
2023-01-20 - 82c958d - Partial revert #3731, fix errcheck, add comments (#3787)
2023-01-20 - 5175ab6 - Single scheduled queue max read level (#3778)
2023-01-24 - 9389673 - Support batch operation with list of workflow executions (#3812)
2023-01-24 - 3abd50d - Better SQL query splitter (#3791)
2023-01-24 - b9bba94 - Fix GetWorkflowExecution in PostgreSQL (#3816)
2023-01-24 - 554b32d - Produce archival tasks conditionally (#3823)
2023-01-24 - 285bf33 - Start the archival queue iff history or visibility archival is enabled in the static config (#3827)
2023-01-24 - a06da89 - Remove matching.useOldRouting dynamic config (#3824)
2023-01-24 - 278f545 - Add dynamic config for sdk worker options (#3806)
2023-01-24 - 4c71899 - Update Go SDK to 1.20.0 (#3810)
2023-01-25 - 7e54876 - Rename UpdateWorkflow to UpdateWorkflowExecution (#3832)
2023-01-25 - 1c638ac - Enable durable archival (#3828)
2023-01-25 - e6113da - Fix SQL NPE after connection is closed (#3829)
2023-01-25 - 430d3a9 - Messages protocol implementation (#3843)
2023-01-25 - 1543bd4 - Update UI to v2.10.0 (#3841)
2023-01-25 - 5652dc4 - Fix time fields of rows from GetClusterMembers (#3840)
2023-01-25 - 4f53af9 - Tune linters (#3848)
2023-01-25 - 5338f96 - Add env vars to control log format and level for tests (#3836)
2023-01-25 - b494736 - Add RefreshPerNSWorkerManager and RemoveOverride for tests (#3837)
2023-01-25 - 1c84aad - Fix continue as new validation (#3845)
2023-01-25 - 5c23836 - Fix handover callback (#3847)
2023-01-25 - 7e89af4 - Add explicit per-namespace rate limit to schedules (#3838)
2023-01-25 - 909ca96 - Add initial memo to scheduler workflows (#3839)
2023-01-26 - c52848e - Revert #3755 (#3842)
2023-01-26 - 9d3fede - Add index name to constructor of search attribute validator (#3834)
2023-01-26 - 25015d4 - Emit lag metrics for all registered history queues (#3851)
2023-01-26 - de6f2df - Remove internal-frontend from default services (#3849)
2023-01-26 - 391ed61 - Factor out task queue name mangling into new package (#3549)
2023-01-26 - d1c5d10 - Change deadline too short to failedPrecondition error (#3856)
2023-01-26 - fc6efef - Remove failover levels (#3854)
2023-01-27 - dc257ce - Add GetIndexName method to visibility manager (#3820)
2023-01-27 - 3b3498a - Move namespace handler to service/frontend (#3855)
2023-01-27 - 0e4506b - Remove internal-frontend from development configs (#3859)
2023-01-27 - 6e732e7 - Return last error instead of ctx error (#3857)
2023-01-30 - 9a4f19e - Mark state transition & completion metrics with namespace activeness (#3831)
2023-01-30 - 3501f67 - Conditionally register archival category (#3867)
2023-01-30 - b40a4ac - Fix activity eager execution on workflow close (#3868)
2023-01-30 - 473b449 - update development version of temporalio/ui to 2.10.1 (#3869)
2023-01-30 - 7e83ca2 - Add custom search attribute aliases map to namespace config (#3866)
2023-01-30 - 416abfb - Update type of keyword list search attributes (#3865)
2023-01-30 - fa429a5 - [Advanced Visibility with SQL] Adding MySQL 8 schema and interface (#3552)
2023-01-31 - 7e3daf1 - Add lower priority for replication tasks (#3870)
2023-01-31 - 9629854 - Update search attributes operator commands to handle aliasing (#3871)
2023-01-31 - f3cf504 - [Advanced Visibility with SQL] Changing visibility schema for SQLite (#3819)
2023-01-31 - cb22aab - [Advanced Visibility with SQL] Adding PostgreSQL 12 schema and interface (#3844)
2023-01-31 - 750fc54 - Implement searchattribute.MapperProvider (#3873)
2023-01-31 - 29afc2f - Handle updating cluster metadata search attributes info when using SQL DB (#3861)
2023-01-31 - c257d84 - Implement default mapper for SQL visibility (#3875)
2023-02-01 - de0b049 - Fix visibility processor panic on add after stop (#3830)
2023-02-01 - 2bc48d2 - Upgrade otel to 0.34 (#3850)
2023-02-01 - af00719 - Merge custom search attributes from index name with empty string key (#3877)
2023-02-01 - d9bac92 - Return error if cluster metadata is invalid (#3879)
2023-02-01 - cbd73e0 - Synchronous workflow update (#3822)
2023-02-01 - dbeab31 - clean replication task processor after disconnect (#3882)
2023-02-01 - 6ef7749 - Eager workflow dispatch (#3835)
2023-02-01 - 8b6b2fb - Keep queue factory group tag (#3880)
2023-02-02 - b5f64f2 - Protect UpdateWorkflowExecution API with dynamic config feature flag (#3884)
2023-02-02 - 5721cf8 - Add MySQL 8 admin interface (#3886)
2023-02-02 - 19d36fb - Fix docker config template to set only one visibility (#3889)
2023-02-02 - cf9e84a - Overwrite operation for admin and operator APIs (#3890)
2023-02-02 - e43e5b5 - Advanced visibility for MySQL (#3878)
2023-02-02 - f94e575 - Update admin handler to handle search attributes operations with SQL DB (#3894)
2023-02-02 - 52d1ba0 - Advanced visibility for PostgreSQL (#3896)
2023-02-02 - 32a4686 - Pass workflowTask object to completion methods of mutable state (#3897)
2023-02-03 - bd2d3b3 - Advanced visibility for SQLite (#3895)
2023-02-03 - 82f911e - Disable unused-parameter linter (#3891)
2023-02-03 - 75cf92b - Ignore unhandled errors from fmt.Printf (#3892)
2023-02-03 - c7d7a89 - Listen for loopback instead of all incoming traffic in RP test (#3893)
2023-02-03 - a4943bb - Add metrics + max buffer size to schedule workflow (#3872)
2023-02-03 - 30264ca - Update SDK dependency to v1.21.0 (#3902)
2023-02-03 - d43e112 - Fix fail of speculative workflow task (#3898)
2023-02-03 - e95e082 - Fix namespace interceptor to allow search attributes operations (#3899)
2023-02-03 - 20a5ce3 - Remove search attributes with nil values (#3903)
2023-02-03 - 3ade263 - Allow setting cluster Id explicitly (#3883)
2023-02-03 - 008f056 - Improve task scheduler rate limiter (#3860)
2023-02-03 - ca5be29 - Reimplement DC redirection handler (#3887)
2023-02-03 - a070fb5 - Fix clientFactory build issue (#3904)
2023-02-04 - 157cd11 - Bugfix: conditional variable broadcast channel size (#3906)
2023-02-06 - 9972e77 - Fix backward compatibility with std visibility when doing search attribute operations (#3907)
2023-02-06 - a65c7d4 - Fix MySQL visibility select query (#3909)
2023-02-06 - 52c3a9e - Fix silly bug in matching client (#3910)
2023-02-07 - a840d75 - Strict validation when using SQL DB for visibility (#3905)
2023-02-07 - 793dd7e - Use max join time as start timeout (#3911)
2023-02-08 - 9186ca7 - Fix visibility full text search query in MySQL (#3913)
2023-02-08 - 9e37fec - Refactor failWorkflowTask method (#3915)
2023-02-08 - 908a672 - Fail workflow task with BadSearchAttributes cause if search attributes mapper returned an error (#3919)
2023-02-08 - 0da3d99 - Default authorizer always allow health checks (#3920)
2023-02-08 - 158a70e - Reduce unnecessary log noise (#3918)
2023-02-09 - 304bc98 - Fix MySQL visibility index for full text search (#3921)
2023-02-09 - 2d17cb8 - Replicate custom search attributes aliases with namespace replication (#3922)
2023-02-09 - d4498d1 - Expose history size to workflows (#3055)
2023-02-09 - 75c05a2 - Call RedirectionInterceptor only for WorkflowHandler (#3924)
2023-02-09 - 77a4487 - Fix MySQL visibility indexes with close_time column (#3927)
2023-02-09 - 0da29e6 - Fix typo in visibility schema for SQLite (#3932)
2023-02-09 - de6ca9c - Tokenize and build FTS query string for postgres and sqlite (#3933)
2023-02-09 - 7faf6f8 - Handle namespace division filter in SQL queries (#3931)
2023-02-10 - f332748 - Schedules start workflows through frontend (#3935)
2023-02-10 - 1fb0697 - Make frontend drain traffic time configurable (#3934)
2023-02-10 - 2117c81 - Add integration tests for eager workflow start (#3928)
2023-02-10 - 74bfaff - Enable Elasticsearch functional tests for SQL advanced visibility (#3923)
2023-02-10 - 2d9bb16 - Frontend health check waits until membership initialized (#3936)
2023-02-10 - 8501b04 - Remove foreign key from MySQL visibility schema (#3937)
2023-02-10 - 4f5b1b0 - Remove unnecessary aliasing/unaliasing of scheduled workflow search attributes (#3943)
2023-02-10 - 3b27372 - Support mysql8 and postgres12 dbs in docker config template (#3941)
2023-02-10 - df9ec34 - Fix TestUpdateWeight (#3942)
2023-02-10 - 85c4381 - Address #3923 feedback (#3938)
2023-02-10 - e96b529 - Update failure detect default time (#3940)
2023-02-13 - 75a4c0f - Fix recreate custom search attribute after upgrade to advanced visibility with SQL (#3945)
2023-02-13 - 677890b - Separate metrics on read history and read raw history (#3925)
2023-02-13 - 654bc3f - Fix create custom search attribute with SQL DB (#3951)
2023-02-13 - 4b78d28 - Fix ExecutionTime rounding when using PostgreSQL (#3952)
2023-02-14 - 0a22e1c - Fix Elasticsearch index creation in functional tests (#3954)
2023-02-14 - d353dcc - Emit inordered buffered events metric (#3949)
2023-02-14 - 0b698c1 - Wrap user’s visibility query string in parenthesis (#3956)
2023-02-14 - f4e4ea2 - Remove isRecordValid check from ES visibility store (#3948)
2023-02-14 - 099cef3 - Support CountWorkflowExecutions for SQL DB (#3955)
2023-02-14 - 5d6d93c - Refactor SQL query converter (#3950)
2023-02-15 - c357812 - Propagate SDK Metadata & add capability (#3944)
2023-02-15 - 8917ecc - Update Go SDK to v1.21.1 (#3960)
2023-02-15 - a23489b - Set namespace on API if not present (#3953)
2023-02-15 - 98a52d1 - Quick fix for generated mock file name (#3959)
2023-02-15 - 868b2d1 - Update IsAdvancedVisibilityActivity to include SQL DB (#3957)
2023-02-15 - 0bb6884 - Handle namespace not found case in redirection interceptor (#3947)
2023-02-15 - 2db4175 - Fix IWRR scheduler UpdateWeight test (#3961)
2023-02-16 - 7ab7e9c - Metering metadata propagation (#3965)
2023-02-16 - cbed0fe - Fix wrap user query string in parenthesis (#3967)
2023-02-16 - f9bd5b0 - DeleteExecutions workflow: pass nextPageToken with ContinueAsNewError (#3966)
2023-02-16 - 93fb0ec - Populate history size in describe workflow and list workflow response (#3964)
2023-02-16 - 06188f3 - Suport dual visibility in visibility persistence checks (#3968)
2023-02-16 - b313b7f - Delete workflow execution from visibility store even if it was deleted from main store (#3962)
Helpful links to get you started with Temporal
Temporal Docs
Server
Docker Compose
Helm Chart
Docker images for this release (use tag 1.20.0)
Server
Server With Auto Setup (what is Auto-Setup?)
Admin-Tools
Related news
Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace.