2023.2.0#
Release Date: 11/15/2023
IMPORTANT:
This release requires Docker 20 with the updated Compose Plugin, Compose V2. (Earlier versions of Docker and Docker Compose V1 are no longer supported.) For more details, see https://docs.docker.com/compose/migrate/.
Added new stack for the Ingress Router. It uses the same
.env
file as the base Nucleus stack and stands up an NGINX-based router for Nucleus with TLS enabled.Added support for Nucleus bridge, allowing the Ingress Router (see above) to connect to Omniverse Cloud. This enables your Enterprise Nucleus Server to be accessible from streaming applications running in Omniverse Cloud.
Removed legacy standalone Navigator stack.
Components updates:
Core 1.14.25
Discovery Service 1.5.0
Auth Service 1.5.0
Search Service 3.2.7
Thumbnails Service 1.5.7
Tagging Service 3.1.7
Nucleus Navigator 3.3.3
View the detailed release notes
Core#
1.14.25#
Connection libraries
Protect OmniChannelPtr in SendContext by adding refcount
API server
Fixing mutex scoping for outMsgMtx/mSubscriptionsLock.
Resolver logging fixes for utf-8
Minor quality fixes
Add process stats command to the service API, set it to trip when we have no available fibers
1.14.24#
Nucleus Apollo GDPR: Create Secure Port for Bearer Token (3106)
Add X-Forwarded-For header handling for setting peer IP
Fix notification order to reduce mutex holding time while notifying subscriptions
Obfuscate “token”: “<token>” fields in logs
1.14.23#
Connection libraries
Update libcurl to 8.4.0
API server
Structured logging
Memory leak fix
S3 bucket authorization is now supported by nginx resolver cache
Messaging and connection leak fix. Deadlock resolution
LFT
Do not check token validity when calling finalizeAssetCreate
1.14.22#
Connection libraries
Renamed OMNI_LFT_MTLS_CLIENT_CERTIFICATE/OMNI_LFT_MTLS_CLIENT_PRIVATE_KEY/OMNI_LFT_MTLS_CLIENT_CERTIFICATE_PASS to OMNI_MTLS_CLIENT_CERTIFICATE/OMNI_MTLS_CLIENT_PRIVATE_KEY/OMNI_MTLS_CLIENT_CERTIFICATE_PASS
[Linux] in PEM format through OMNI_MTLS_CLIENT_CERTIFICATE/OMNI_MTLS_CLIENT_PRIVATE_KEY
[Windows] in P12 format through OMNI_MTLS_CLIENT_CERTIFICATE/OMNI_MTLS_CLIENT_CERTIFICATE_PASS P12 certificate doesn’t need the private key to be specified separately, but might need a password to be specified (if the certificate was issued with the password)
Bugfix in mtls.toml parsing
API server
Fix an issue when a signed URL to an Azure blob was rendered with an invalid file name
1.14.21#
API server
Update OpenSSL to version 3.0, curl, LWS
Update zlib
rename_user: service call in non-public API to implement a portion of GDPR requirements - this scrubs the meta database and renames all mentions of a specific username
1.14.20#
Connection libraries
mTLS improvements (supporting client certificate password for websocket connections and mtls.toml lookup)
Verifier
option to prevent content check in Azure environment
Docker
added metadata snapshotting and restore functionality
1.14.19#
Connection libraries
better detect certificate store paths on Linux in LFT code path
supply JWT to LFT for all requests
rename interface macros
OMNI_EXPORT -> OMNI_CONNLIB_EXPORT
OMNI_ZERO_INIT -> OMNI_CONNLIB_ZERO_INIT
OMNI_ABI -> OMNI_CONNLIB_ABI
OMNI_DEFAULT_CTOR_ZERO_INITIALIZE -> OMNI_CONNLIB_DEFAULT_CTOR_ZERO_INITIALIZE
OMNI_NOEXCEPT -> OMNI_CONNLIB_NOEXCEPT
OMNI_CALLBACK_NOEXCEPT -> OMNI_CONNLIB_CALLBACK_NOEXCEPT
API server
do not verify JWT token between LFT <-> API
fixing deadlock in Subscriptions
Docker
change icmp nucleus server check to a tcp connect
1.14.18#
API server
Fixed a bug in the task scheduler
Discovery Service#
1.5.0#
Support structured logging.
Support passing access_token to Discovery libraries.
Support verifying incoming connections with the access_token query parameter.
Add __interface_meta__ attribute with service meta for Python libraries.
Add warning for using default capabilities in the Python library.
1.4.10#
Update Python 3.10 to use OpenSSL 3.0.10
Authentication Service#
1.5.0#
Support structured logging.
Add a new function for invalidating refresh tokens by system administrators.
Fixed an issue where refresh tokens were not invalidated after disabling user profiles.
Support OpenID Connect for SSO.
Nucleus to NLS Integration.
Add MASTER_USER, MASTER_PASSWORD, and ADMIN_PASSWORD_OVERWRITE environment variables.
Fixed an issue where query params were not included in the destination field for SAML2 requests.
Integrate Starfleet Service Accounts.
Device flow support.
Fixed an issue where declined authentication results were sent via nonce subscription.
Added groups from IDP tokens into the generated Nucleus token. Two new optional env vars were introduced to support this: SERVICE_AUTHORIZATION_FILE and OPENID_CLAIM_GROUPS
Include detailed debug information displayed with authentication errors.
Support verifying incoming connections with the access_token query parameter.
Add optional client_id parameter for all APIs that generate access and refresh tokens.
Include claims passed from the IdP into Nucleus JWTs.
Remove an API for user registration.
Fixed an issue where token generation for invitations and reset password links could work incorrectly due to the information missing in the specified JWT.
Add all profile fields to JWT during SSO authentication.
Log usernames when service returns EXPIRED status for refresh and API tokens.
1.4.10#
Update Python 3.10 to use OpenSSL 3.0.10.
Search Service#
3.2.6#
Added functionality to avoid using omni-config-py in docker.
Support structured logging.
Update Python 3.10 to use OpenSSL 3.0.10.
Display service version during the startup and register it in the discovery service.
Tagging Service#
3.1.7#
Added functionality to avoid using omni-config-py in docker.
Support structured logging.
Updated to Python 3.10.13-nv1 for the OpenSSL fix
Updated idl.py to 0.22
Thumbnail Service#
1.5.7#
Added functionality to avoid using omni-config-py in docker.
Support structured logging.
Updated to Python 3.10.13-nv1 for the OpenSSL fix
Updated Pillow lib to 10.0.1 to fix the WebP vulnerability