1.1.6¶
10/24/2019
Graphite 1.1.6 is now available for usage. Please note that this is a bugfix / securityfix release for the stable Graphite 1.1.x branch and it’s recommended for production usage. It also contains some improvements backported from the master branch.
Highlights¶
- Function parameters validation (disabled by default, can be enabled through ENFORCE_INPUT_VALIDATION variable)
- Better error handling (return 4XX instead of 5XX in case of wrong function parameters) if input validation enabled
- Python 3.8 and Django 2.x support
- New functions: add, sigmoid, logit, exp
- Python 3 fixes for Whisper and Carbon
- Carbonate have Python 3 support now
- Many improvements for Docker image, check its release page for details
Thanks a lot for all Graphite contributors and users! You are the best!
Source bundles are available from GitHub:
- https://github.com/graphite-project/graphite-web/archive/1.1.6.tar.gz
- https://github.com/graphite-project/carbon/archive/1.1.6.tar.gz
- https://github.com/graphite-project/whisper/archive/1.1.6.tar.gz
- https://github.com/graphite-project/carbonate/archive/1.1.6.tar.gz
Graphite can also be installed from PyPI via pip. PyPI bundles are here:
- http://pypi.python.org/pypi/graphite-web/
- http://pypi.python.org/pypi/carbon/
- http://pypi.python.org/pypi/whisper/
- http://pypi.python.org/pypi/carbonate/
You can also use docker image from https://hub.docker.com/r/graphiteapp/graphite-statsd/
Upgrading¶
Please upgrade whisper, carbon and graphite-web - they contain valuable bugfixes and improvements.
Incompatible changes¶
WHISPER_FALLOCATE_CREATE set to False by default in docker image (because True often causing issues in Docker).
Security Notes¶
SSRF vulnerability CVE-2017-18638 was fixed in this release. Please check security advisory for details. Also patches was released for graphite-web 1.0.x and 0.9.x, and we’ll discuss releases of non-supported branches later. Check issue 2008 for discussion. Also, recommended Django version was increased to 1.11.19 because previous Django versions are vulnerable to CVE-2019-6975 and CVE-2019-3498. Despite that, Graphite 1.1.6 functionally still supports Django >= 1.8.
New features¶
Graphite-Web¶
- set package long description (#2407, @YevhenLukomskyi)
- add tag formatting docs (#2426, @replay)
- Accept IPv6 addresses in CARBONLINK_HOSTS (#2436, @RoEdAl)
- update aggregation function docs for aggregate and groupbytags (#2451, @Dieterbe)
- Add Statusengine to list of integrations (Forwarding) (#2452, @nook24)
- Django22 compatibility (#2462, @piotr1212)
- Python 3.8 support (#2464, @piotr1212)
- New functions: add, sigmoid, logit, exp (#2466, @piotr1212)
- Better error handling (return 4XX instead of 5XX in case of wrong function parameters) (#2467, @replay)
- Pass maxDataPoints to the requestContext for Finder (#2479, @Felixoid)
- Add redis password support for tagdb (#2483, @ahmet2mir)
- Created issue template (#2488, @bigpythonimish)
- docs: add netdata to ‘tools that work with graphite’ (#2490, @sbasgall)
- Updated minimumBelow() docstring (#2493, @bigpythonimish)
- xFilesFactor is an optional parameter for removeEmptySeries (#2495, @DanCech)
- fix functions that aggregate to include the aliases in their params (#2496, @Dieterbe)
- the callback parameter for groupByNode is optional (#2497, @DanCech)
Carbon¶
- Add testing for Python 3.8 (#859, @piotr1212)
Whisper¶
- set package long description (#271, @YevhenLukomskyi)
- Dump as raw values (#282, @Glandos)
Carbonate¶
- Python 3 support (PR#107, @piotr1212)
- Use –copy-dest, enabling the rsync algorithm when copying from remote to staging (PR#106, @luke-heberling)
Bug Fixes¶
Graphite-Web¶
- fix dashboard graph metric list icon paths with URL_PREFIX (#2424, @ploxiln)
- docs: for sql db migration to 1.1 recommend –fake-initial (#2425, @ploxiln)
- Fix dashboard template loading from URL (#2431, @cbowman0)
- Dashboard render urls missing document.body.dataset.baseUrl (#2433, @cbowman0)
- fixed small errors in docs (#2443, 0xflotus)
- Copy requestContext() and empty prefetch (#2450, @cbowman0)
- Fix a broken link to structured_metrics in doc (#2463, @izeye)
- added space before (#2487, @saikek)
- Fix for CVE-2017-18638 (#2499, @deniszh)
- Upgrading minimal Django version (#2502, @deniszh)
Carbon¶
- set package long description (#834, @YevhenLukomskyi)
- Remove pidfile on ValueError exception (#853, @albang)
Whisper¶
- Switch to setuptools (#272, @piotr1212)
- adding appropriate ‘type’ to sleep variable (#273, @piotr1212)
- Add testing for Python 3.8, remove 3.4 (eol)(#277, @piotr1212)
- Altering rrd2whisper.py for py3 compatibility (#280, @FliesLikeABrick)
Carbonate¶
- fix lint errors (PR#105, @YevhenLukomskyi)
- specify long_description_content_type, so that package description is properly rendered on pypi.org (PR#104, @YevhenLukomskyi)