Network Source of Truth & Network Automation Platform
APACHE-2.0 License
Bot releases are hidden (Show)
cryptography
to 43.0.1
to address GHSA-h4gh-qq45-vh27
. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.time_zone
field to ScheduledJob
model.ScheduledJob
execution when settings.TIME_ZONE
is other than "UTC".Meta.ordering
definition to ScheduledJob
model.DeviceModule*Table
rows in dark mode./api/ipam/prefixes/<uuid>/available-ips/
and /api/ipam/prefixes/<uuid>/available-prefixes/
REST API endpoints could not be assigned custom field data during their creation.AttributeError
exceptions from being raised when an App contains a model that doesn't inherit from BaseModel
.watchmedo
to celery_beat
development container.time-machine
as a development environment (test execution) dependency.nautobot-server generate_test_data
.development/cleanup_factory_dump.py
helper script to aid in identifying other issues with test data.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.3.1...v2.3.2
Published by HanlinMiao about 1 month ago
cryptography
to 43.0.1
to address GHSA-h4gh-qq45-vh27
. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.26...v1.6.27
Published by glennmatthews 2 months ago
DeviceForm
clean()
method to raise a validation error if there is any invalid software image file specified.IPAddress.objects.get_or_create
method to permit specifying a namespace as an alternative to a parent prefix.Device
model clean()
validation logic to allow user to specify a software version on a device without specifying any software image files.secrets_group
form field to be optional.OperationalError
that might be raised when running pylint-nautobot
or similar linters that depend on successfully running nautobot.setup()
.mkdocstrings-python
to ~1.10.8
.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.3.0...v2.3.1
Published by glennmatthews 2 months ago
This document describes all new features and changes in Nautobot 2.3.
Administrators should plan to take these actions during or immediately after upgrade from a previous version. New installations should also take note of these actions where appropriate.
!!! warning "Python 3.12"
Because Nautobot prior to 2.3.0 did not declare support for Python 3.12, most Apps similarly needed to previously declare an upper bound of Python 3.11 for their own compatibility. Therefore, older versions of most Apps will not be installable under Python 3.12. Before migrating your Nautobot environment to Python 3.12, it is your responsibility to confirm that all relevant Apps in your environment are also compatible and installable. There is a minor "chicken-and-egg" problem here in that Apps generally cannot declare support for a new Python version before Nautobot itself publishes a release that does so; therefore, as of the 2.3.0 Nautobot release day, most Apps have not yet been updated to declare support for Python 3.12. We'll be working in the following days to promptly update our supported Apps as needed, so stay tuned.
!!! warning "Docker images"
As has been Nautobot's policy since version 1.6.1, our published Docker images that are not tagged with a specific Python version implicitly always include the latest supported version of Python. This means that as of the release of Nautobot 2.3.0, the tags latest
, stable
, 2.3
, and 2.3.0
will all indicate Docker images that include Python 3.12, whereas previously these indicated Python 3.11 images. As noted above and below, updating to Python 3.12 may not be immediately desirable (or even possible, depending on the status of your Apps) as a "day one" action. If you need to stay with a given Python version for the time being, you must make sure that you're relying on an appropriately specific image tag, such as 2.3-py3.11
, stable-py3.10
, etc.
DYNAMIC_GROUPS_MEMBER_CACHE_TIMEOUT
setting can be safely removed, as it is no longer used. If this setting was being used previously, it is recommended to set the new scheduled job's interval to the same value.CHANGELOG_RETENTION
setting is still used to define the retention period, but the scheduled system job will perform the actual cleanup, if any needed.Job Authors and App Developers should take these actions to ensure compatibility with their Jobs and Apps.
DynamicGroup.update_cached_members()
to find the correct balance between Dynamic Group performance and membership updates.!!! warning "Django 4"
Django 4 includes a small number of breaking changes compared to Django 3. In our experience, most Apps have required few (or zero) updates to be Django 4 compatible, but your mileage may vary.
Added the new models CloudAccount
, CloudResourceType
, CloudNetwork
, and CloudService
to support recording of cloud provider accounts (AWS, Azure, GCP, DigitalOcean, etc.), cloud resource types (AWS EC2, Azure Virtual Machine Service, Google App Engine, etc.), cloud services (specific instances of services described by cloud resource types) and cloud network objects (such as VPCs) in Nautobot.
Added new models for ModuleBay
, Module
, ModuleType
, and ModuleBayTemplate
to support modeling line cards and other modular components of a device. These models allow you to define a hierarchy of module bays and modules within a device, and to assign components (such as interfaces, power ports, etc.) to specific modules.
Dynamic Groups now have a group_type
field, which specifies whether this group is defined by an object filter, defined by aggregating other groups via set operations, or defined via static assignment of objects as group members (this third type is new in Nautobot 2.3). Additionally, you can now assign a tenant and/or tags to each Dynamic Group, and many more models now can be included in Dynamic Groups.
A new model, StaticGroupAssociation
, and associated REST API, have been added in support of the new "static" group type. See also "Dynamic Group Cache Changes" below.
For more details, refer to the Dynamic Group documentation.
Added an optional role
field to Interface and VMInterface models to track common interface configurations. Now the users can create Role instances that can be assigned to interfaces and vminterfaces.
Added a set of functionality for defining and managing object metadata, that is to say, data about the network data managed in Nautobot, such as data provenance, data ownership, and data classification. For more details, refer to the linked documentation.
Nautobot now supports Python 3.12, and Python 3.12 is now the default Python version included in the nautobot
Docker images.
Added the ability for users to save multiple configurations of list views (table columns, filtering, pagination and sorting) for ease of later use and reuse. Refer to the Saved View documentation for more details and on how to use saved views.
User accounts with the is_staff
flag set can access a new worker status page at /worker-status/
to view the status of the Celery worker(s) and the configured queues. The link to this page appears in the "User" dropdown at the bottom of the navigation menu, under the link to the "Profile" page. Use this page with caution as it runs a live query against the Celery worker(s) and may impact performance of your web service.
The TreeManager
class (used for tree-models such as Location, RackGroup, and TenantGroup) default behavior has changed from with_tree_fields
to without_tree_fields
. This should improve performance in many cases but may impact Apps or Jobs that were relying on the old default; such code should be updated to explicitly call .with_tree_fields()
where appropriate.
To improve performance of the Dynamic Groups feature, a number of changes have been made:
StaticGroupAssociation
records as a database cache of their member objects, rather than optionally caching their members in Redis for a limited time period. For Dynamic Groups of types other than the new "static" group type, these StaticGroupAssociation
records are hidden by default from the UI and REST API.DYNAMIC_GROUPS_MEMBER_CACHE_TIMEOUT
setting variable is deprecated, as it no longer influences Dynamic Group cache behavior.DynamicGroup.members
, DynamicGroup.count
, DynamicGroup.has_member()
, and object.dynamic_groups
now always use the database cache rather than being recalculated on the fly.DynamicGroup.members_cached
, DynamicGroup.members_cache_key
, object.dynamic_groups_cached
, object.dynamic_groups_list
, and object.dynamic_groups_list_cached
are now deprecated.Refresh Dynamic Group Caches
, can be run or scheduled as appropriate to refresh Dynamic Group member caches on demand.DynamicGroup.update_cached_members()
can be called by Apps or Jobs needing to ensure that the cache is up-to-date for any given Dynamic Group.Cleanup of the change log (deletion of ObjectChange
records older than a given cutoff) is now handled by the new LogsCleanup
system Job, rather than occurring at random as a side effect of new change log records being created. Admins desiring automatic cleanup are encouraged to schedule this job to run at an appropriate interval suitable to your deployment's needs.
!!! info
Setting CHANGELOG_RETENTION
in your Nautobot configuration by itself no longer directly results in periodic cleanup of ObjectChange
records. You must run (or schedule to periodically run) the LogsCleanup
Job for this to occur.
As an additional enhancement, the LogsCleanup
Job can also be used to cleanup JobResult
records if desired as well.
Various button groups in the "object list" and "object detail" views have been consolidated following a common UI pattern of a single button for the most common action plus a popup menu for less common actions.
As Django 3.2 has reached end-of-life, Nautobot 2.3 requires Django 4.2, the next long-term-support (LTS) version of Django. There are a number of changes in Django itself as a result of this upgrade; Nautobot App maintainers are urged to review the Django release-notes (4.0, 4.1, 4.2), especially the relevant "Backwards incompatible changes" sections, to proactively identify any impact to their Apps.
Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.9...v2.3.0
Published by glennmatthews 2 months ago
FeatureQuery().get_choices()
and FeatureQuery().list_subclasses()
.CELERY_WORKER_PREFETCH_MULTIPLIER
.Add IP Address
button to VirtualMachine Interface table.subdevice_role
of child
.clean()
behavior on IPAddress
that caused certain uniqueness violations to not be caught until save()
.FilterSet
instances when no filter is present.tenant__n
, tenant__isw
, etc.) when the base filter (tenant
, etc.) has a custom label.django-storages
temporarily to 1.14.3 due to an incompatibility between django-health-check
and version 1.14.4 of django-storages
.nautobot-server validate_models
command.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.8...v2.2.9
Published by gsnider2195 3 months ago
role
field to Interface and VMInterface models (#4406)Added an optional role
field to Interface and VMInterface models to track common interface configurations. Now the users can create Role instances that can be assigned to interfaces and vminterfaces.
Added the new models CloudAccount
, CloudResourceType
, CloudNetwork
, and CloudService
to support recording of cloud provider accounts (AWS, Azure, GCP, DigitalOcean, etc.), cloud resource types (AWS EC2, Azure Virtual Machine Service, Google App Engine, etc.), cloud services (specific instances of services described by cloud resource types) and cloud network objects (such as VPCs) in Nautobot.
Dynamic Groups now have a group_type
field, which specifies whether this group is defined by an object filter, defined by aggregating other groups via set operations, or defined via static assignment of objects as group members (this third type is new in Nautobot 2.3). Additionally, you can now assign a tenant and/or tags to each Dynamic Group.
A new model, StaticGroupAssociation
, and associated REST API, have been added in support of the new "static" group type. See also "Dynamic Group Cache Changes" below.
For more details, refer to the Dynamic Group documentation.
Added a set of functionality for defining and managing object metadata, that is to say, data about the network data managed in Nautobot, such as data provenance, data ownership, and data classification. For more details, refer to the linked documentation.
Added the ability for users to save multiple configurations of list views (table columns, filtering, pagination and sorting) for ease of later use and reuse. Refer to the Saved View documentation for more details and on how to use saved views.
Added new models for ModuleBay
, Module
, ModuleType
, and ModuleBayTemplate
to support modeling line cards and other modular components of a device. These models allow you to define a hierarchy of module bays and modules within a device, and to assign components (such as interfaces, power ports, etc.) to specific modules.
To improve performance of the Dynamic Groups feature, a number of changes have been made:
StaticGroupAssociation
records as a database cache of their member objects, rather than optionally caching their members in Redis for a limited time period. For Dynamic Groups of types other than the new "static" group type, these StaticGroupAssociation
records are hidden by default from the UI and REST API.DYNAMIC_GROUPS_MEMBER_CACHE_TIMEOUT
setting variable is deprecated, as it no longer influences Dynamic Group cache behavior.DynamicGroup.members
, DynamicGroup.count
, DynamicGroup.has_member()
, and object.dynamic_groups
now always use the database cache rather than being recalculated on the fly.DynamicGroup.members_cached
, DynamicGroup.members_cache_key
, object.dynamic_groups_cached
, object.dynamic_groups_list
, and object.dynamic_groups_list_cached
are now deprecated.Refresh Dynamic Group Caches
, can be run or scheduled as apprropriate to refresh Dynamic Group member caches on demand.DynamicGroup.update_cached_members()
can be called by Apps or Jobs needing to ensure that the cache is up-to-date for any given Dynamic Group.As Django 3.2 has reached end-of-life, Nautobot 2.3 requires Django 4.2, the next long-term-support (LTS) version of Django. There are a number of changes in Django itself as a result of this upgrade; Nautobot App maintainers are urged to review the Django release-notes (4.0, 4.1, 4.2), especially the relevant "Backwards incompatible changes" sections, to proactively identify any impact to their Apps.
Cleanup of the change log (deletion of ObjectChange
records older than a given cutoff) is now handled by the new LogsCleanup
system Job, rather than occurring at random as a side effect of new change log records being created. Admins desiring automatic cleanup are encouraged to schedule this job to run at an appropriate interval suitable to your deployment's needs.
!!! info
Setting CHANGELOG_RETENTION
in your Nautobot configuration by itself no longer directly results in periodic cleanup of ObjectChange
records. You must run (or schedule to periodically run) the LogsCleanup
Job for this to occur.
As an additional enhancement, the LogsCleanup
Job can also be used to cleanup JobResult
records if desired as well.
Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.8...v2.3.0-beta.1
Published by gsnider2195 3 months ago
Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.25...v1.6.26
Published by gsnider2195 3 months ago
zipp
to 3.19.1
to address CVE-2024-5569
. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.Location.prefixes
, Prefix.locations
, etc.)social-auth-app-django
to ~5.4.2
.django-storages
to ~1.14.4
.mkdocs-material
to ~9.5.29
.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.7...v2.2.8
Published by gsnider2195 3 months ago
certifi
to 2024.7.4
to address CVE-2024-39689
. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.faker
to >=0.7.0,<26.0.0
to work around breaking change in v26.0.0 (faker/#2070).Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.24...v1.6.25
Published by gsnider2195 3 months ago
certifi
to 2024.7.4
to address CVE-2024-39689
. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment./api/ipam/prefixes/<id>/available-prefixes/
to allocate child prefixes of a prefix./api/ipam/prefixes/<id>/available-prefixes/
and /api/ipam/prefixes/<id>/available-ips/
.drf-spectacular
to version 0.27.2
.faker
to >=0.7.0,<26.0.0
to work around breaking change in v26.0.0 (faker/#2070).Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.6...v2.2.7
Published by glennmatthews 4 months ago
urllib3
to 2.2.2 due to CVE-2024-37891. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.requests
to ~2.32.2
.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.23...v1.6.24
Published by glennmatthews 4 months ago
urllib3
to 2.2.2 due to CVE-2024-37891. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.branch
value.enabled
flag to the JobButton class; disabled JobButtons will not appear in the UI.--print-hashes
option to nautobot-server generate_test_data
command.IPAddress
list view by the nat_inside
field.nautobot.utilities.ordering
in v2-code-location-changes
table.mkdocs-material
to 9.5.25.requests
to ~2.32.2
and watchdog
to ~4.0.1
.generate_test_data
implementation for improved debuggability.ControllerManagedDeviceGroupFactory
that could result in nondeterministic test data.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.5...v2.2.6
Published by glennmatthews 5 months ago
requests
to 2.32.1
to address GHSA-9wx4-h78v-vm56. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment.PrefixBulkEditForm
.VRFBulkEditForm
.CustomFieldFilterForm
alias of CustomFieldModelFilterFormMixin
as this would have caused confusion with the newly added CustomFieldFilterForm
class providing filtering support for the Custom Fields list view.ContactAssociationFilterSet.associated_object_type
not using the right filter field.AttributeError
thrown when deleting software versions or images from list views._custom_field_data
filter on various FilterSets.Filter "_custom_field_data" on ... is not GraphQL safe, and will be omitted
warning logs when generating the GraphQL schema.xmlsec
library in the Nautobot Docker images.mkdocs~1.6.0
and mkdocs-material~9.5.23
.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.4...v2.2.5
Published by glennmatthews 5 months ago
requests
to 2.32.1
to address GHSA-9wx4-h78v-vm56. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment.requests
to ~2.32.1
.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.22...v1.6.23
Published by glennmatthews 5 months ago
BANNER_TOP
, BANNER_BOTTOM
, and BANNER_LOGIN
configuration to prevent against potential injection of malicious scripts (stored XSS) via these features (GHSA-r2hr-4v48-fjv3).BRANDING_FILEPATHS
configuration to specify a custom css
and/or javascript
file to be added to Nautobot page content.BANNER_TOP
, BANNER_BOTTOM
, and BANNER_LOGIN
configuration settings.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.21...v1.6.22
Published by glennmatthews 5 months ago
BANNER_TOP
, BANNER_BOTTOM
, and BANNER_LOGIN
configuration to prevent against potential injection of malicious scripts (stored XSS) via these features (GHSA-r2hr-4v48-fjv3).Jinja2
dependency to 3.1.4
to address CVE-2024-34064
.BRANDING_FILEPATHS
configuration to specify a custom css
and/or javascript
file to be added to Nautobot page content.BANNER_TOP
, BANNER_BOTTOM
, and BANNER_LOGIN
configuration settings.active_tab
context to be missing from several views.nh3
to 0.2.17
in poetry.lock
.docker-compose.yml
files as newer versions of Docker complain about it being obsolete.invoke stop
so that it also stops the optional mkdocs
container if present.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.3...v2.2.4
Published by glennmatthews 5 months ago
Pillow
dependency to ~10.3.0
to address CVE-2024-28219
.idna
to 3.7
due to CVE-2024-3651
. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.social-auth-app-django
dependency to ~5.4.1
to address CVE-2024-32879
.Jinja2
dependency to 3.1.4
to address CVE-2024-34064
.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.20...v1.6.21
Published by glennmatthews 6 months ago
brief=true
in API endpoints by eliminating unnecessary database joins.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.19...v1.6.20
Published by glennmatthews 6 months ago
social-auth-app-django
dependency to ~5.4.1
to address CVE-2024-32879
.run_job
generic Celery task as a wrapper for execution of all Nautobot Jobs.nautobot.apps.jobs.get_jobs()
API.nautobot.extras.jobs.Job
class to no longer be a subclass of celery.tasks.Task
.location
field in Prefix
and VLAN
GraphQL schema.location
.social-auth-core
by removing an extras related to openidconnect
that no longer exists.per_page
and page
query parameters.JOBS_ROOT
or a Git repository.kwargs
when dry-running a job approval request via the REST API.nautobot.extras.plugins.register_jobs
function.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.2...v2.2.3
Published by gsnider2195 6 months ago
sqlparse
to 0.5.0
to fix GHSA-2m57-hf25-phgg. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment./graphql/
and /admin/
pages.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.18...v1.6.19