You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+45-1Lines changed: 45 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,51 @@ All notable changes to potctl / iofogctl are documented in this file.
5
5
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6
6
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
7
8
-
## [3.8.0-rc.1] — June 2026
8
+
## [v3.8.1] — July 2026
9
+
10
+
Stable v3.8 patch release. Bumps SDK, operator, and edgelet pins; adds fog node OTA semver targeting and hardens edgelet redeploy/containerd orchestration.
11
+
12
+
### Added
13
+
14
+
-`upgrade agent` / `rollback agent --semver` for targeted fog node version OTA via SDK `UpgradeNode` / `RollbackNode`
15
+
- ConfigMap `useVault` in deploy, describe, and `get configmaps`
16
+
- SSH keep-alive and streamed output for long-running remote edgelet installs
17
+
-`version --ecn`: NATS and debugger component image lines
18
+
19
+
### Changed
20
+
21
+
- Bump Go to **1.26.5**; **iofog-go-sdk** and **iofog-operator** to **v3.8.1**
22
+
- ConfigMap `immutable` is optional in YAML; updates preserve existing `immutable` / `useVault` when omitted
23
+
- Edgelet install redeploy: detect active engine and installed version; defer and deduplicate `edgelet-containerd` restarts (WASM + OTA)
24
+
- Edgelet readiness scripts: case-insensitive daemon status parsing and embedded-engine `runtime.engineReady` gate
25
+
- Offline/airgap image transfer: shared container-engine handling via airgap package
26
+
27
+
### Fixed
28
+
29
+
- Redundant `edgelet-containerd` restart on redeploy/OTA when WASM install already restarted the engine
30
+
- ConfigMap PATCH semantics when `immutable` or `useVault` are not set in deploy YAML
31
+
32
+
### Security
33
+
34
+
- Documented govulncheck exception **GO-2026-5932** (`golang.org/x/crypto/openpgp` via `go.podman.io/image/v5` image signature handling) until upstream migrates off the deprecated package; see `SECURITY.md`.
35
+
36
+
### Known limitations
37
+
38
+
-**GO-2026-5932**: CLI builds use `containers_image_openpgp` for cgo-free release binaries; `golang.org/x/crypto/openpgp` remains on the call path for airgap/offline image copy with no upstream fix available.
**iofogctl** and **potctl** are dual-flavor CLIs for installing, configuring, and operating ioFog [Edge Compute Networks](https://iofog.org/docs/2/getting-started/core-concepts.html) (ECNs). v3.8 is a greenfield release: configuration lives under `~/.iofog/v3`, and there is no in-place upgrade path from legacy potctl- or v3.7 deployments.
20
20
21
-
Release binaries ship for **linux** (amd64, arm64, armv6, armv7), **macOS** (amd64, arm64), and **Windows** (amd64). Built with **Go 1.26.4** (see `go.mod`).
21
+
Release binaries ship for **linux** (amd64, arm64, armv6, armv7), **macOS** (amd64, arm64), and **Windows** (amd64). Built with **Go 1.26.5** (see `go.mod`).
22
22
23
23
## Install — iofogctl
24
24
@@ -90,7 +90,7 @@ Shell autocompletion: `iofogctl autocomplete bash` (or `zsh`), then follow the p
90
90
91
91
## Build from source
92
92
93
-
Requires Go **1.26.4+** (matches the Go badge and `go.mod`). Build outside `$GOPATH` (Go modules):
93
+
Requires Go **1.26.5+** (matches the Go badge and `go.mod`). Build outside `$GOPATH` (Go modules):
|GO-2026-5932|— |`golang.org/x/crypto/openpgp` via `go.podman.io/image/v5`| Required by `containers_image_openpgp` build tag for cgo-free cross-platform builds (macOS, Windows, CI). Used for container image signature parsing in airgap/offline flows. Upstream `go.podman.io/image/v5` v5.40.0 explicitly retains deprecated openpgp; no patched version exists (`Fixed in: N/A`). | Remove when `go.podman.io/image` migrates to a maintained fork (e.g. `github.com/ProtonMail/go-crypto/openpgp`).|
47
47
48
-
No documented exceptions at launch. `make vulncheck` must pass with zero findings affecting CLI call paths.
48
+
`make vulncheck` must pass with zero undocumented findings affecting CLI call paths.
0 commit comments