nautobot

What's Changed

Security

• #6182 - Updated cryptography to 43.0.1 to address GHSA-h4gh-qq45-vh27. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.

Added

• #5180 - Add filtering Job Results by Scheduled Job.
• #5591 - Added time_zone field to ScheduledJob model.
• #6120 - Added Status Field to VRF model.
• #6129 - Added collapsible icon rotation to homepage panels.

Fixed

• #5591 - Corrected several bugs around handling of ScheduledJob execution when settings.TIME_ZONE is other than "UTC".
• #5591 - Added missing Meta.ordering definition to ScheduledJob model.
• #6123 - Fixed cable status coloring for DeviceModule*Table rows in dark mode.
• #6131 - Fixed a regression in which IP addresses and prefixes created through the /api/ipam/prefixes/<uuid>/available-ips/ and /api/ipam/prefixes/<uuid>/available-prefixes/ REST API endpoints could not be assigned custom field data during their creation.
• #6146 - Added missing DynamicGroup content to Device Detail View and Software Image File Detail View.
• #6175 - Prevented some AttributeError exceptions from being raised when an App contains a model that doesn't inherit from BaseModel.

Housekeeping

• #5591 - Added watchmedo to celery_beat development container.
• #5591 - Added time-machine as a development environment (test execution) dependency.
• #6147 - Fixed some points of non-determinism in the data generated by nautobot-server generate_test_data.
• #6147 - Added development/cleanup_factory_dump.py helper script to aid in identifying other issues with test data.

Contributors

• @glennmatthews
• @HanlinMiao
• @jnmms
• @matt852

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.3.1...v2.3.2

What's Changed

Security

• #6182 - Updated cryptography to 43.0.1 to address GHSA-h4gh-qq45-vh27. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.

Fixed

• #6081 - Fixed AttributeError during pre_migrate when permission constraints are applied to custom fields.

Contributor

• @timizuoebideri1
• @HanlinMiao

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.26...v1.6.27

What's Changed

Added

• #5232 - Added support for groupings to computed fields.
• #5494 - Added validation logic to DeviceForm clean() method to raise a validation error if there is any invalid software image file specified.
• #5915 - Enhanced IPAddress.objects.get_or_create method to permit specifying a namespace as an alternative to a parent prefix.

Changed

• #5970 - Removed indentations for PrefixTable in various locations in the UI.

Fixed

• #5494 - Fixed Device model clean() validation logic to allow user to specify a software version on a device without specifying any software image files.
• #6096 - Updated CloudAccount UI: Set the secrets_group form field to be optional.
• #6097 - Updated ContactAssociation API: Set the role field to be required.
• #6116 - Added handling for an OperationalError that might be raised when running pylint-nautobot or similar linters that depend on successfully running nautobot.setup().

Housekeeping

• #6107 - Updated documentation dependency mkdocstrings-python to ~1.10.8.

Contributors

• @HanlinMiao
• @Renrut5
• @glennmatthews
• @timizuoebideri1

New Contributors

• @Renrut5 made their first contribution in https://github.com/nautobot/nautobot/pull/6059

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.3.0...v2.3.1

This document describes all new features and changes in Nautobot 2.3.

Upgrade Actions

Administrators

Administrators should plan to take these actions during or immediately after upgrade from a previous version. New installations should also take note of these actions where appropriate.

• Python 3.12 is now the default recommended version of Python.

!!! warning "Python 3.12"
Because Nautobot prior to 2.3.0 did not declare support for Python 3.12, most Apps similarly needed to previously declare an upper bound of Python 3.11 for their own compatibility. Therefore, older versions of most Apps will not be installable under Python 3.12. Before migrating your Nautobot environment to Python 3.12, it is your responsibility to confirm that all relevant Apps in your environment are also compatible and installable. There is a minor "chicken-and-egg" problem here in that Apps generally cannot declare support for a new Python version before Nautobot itself publishes a release that does so; therefore, as of the 2.3.0 Nautobot release day, most Apps have not yet been updated to declare support for Python 3.12. We'll be working in the following days to promptly update our supported Apps as needed, so stay tuned.

!!! warning "Docker images"
As has been Nautobot's policy since version 1.6.1, our published Docker images that are not tagged with a specific Python version implicitly always include the latest supported version of Python. This means that as of the release of Nautobot 2.3.0, the tags latest, stable, 2.3, and 2.3.0 will all indicate Docker images that include Python 3.12, whereas previously these indicated Python 3.11 images. As noted above and below, updating to Python 3.12 may not be immediately desirable (or even possible, depending on the status of your Apps) as a "day one" action. If you need to stay with a given Python version for the time being, you must make sure that you're relying on an appropriately specific image tag, such as 2.3-py3.11, stable-py3.10, etc.

• As noted below, a new system job is provided for automated Dynamic Group cache updates. Administrators should schedule this system job to run on a recurring basis within the Jobs UI, after the upgrade, or on new install. Configuration referencing the DYNAMIC_GROUPS_MEMBER_CACHE_TIMEOUT setting can be safely removed, as it is no longer used. If this setting was being used previously, it is recommended to set the new scheduled job's interval to the same value.
• As noted below, change logging retention cleanup is now handled via a system job. Administrators should schedule this job to run on a recurring basis to meet their needs. The CHANGELOG_RETENTION setting is still used to define the retention period, but the scheduled system job will perform the actual cleanup, if any needed.

Job Authors & App Developers

Job Authors and App Developers should take these actions to ensure compatibility with their Jobs and Apps.

• Job Authors and App Developers should carefully consider the updates to the DynamicGroup API and decide if their use cases dictate changing their group membership access patterns to use DynamicGroup.update_cached_members() to find the correct balance between Dynamic Group performance and membership updates.
• Job Authors and App Developers should carefully consider the updates to the TreeManager default behavior and make necessary changes to their access of Tree based models.
• Django 4.2 is now required by Nautobot, replacing the previous Django 3.2 dependency. Job Authors and App Developers should carefully consider the updates and changes in the Django release-notes (4.0, 4.1, 4.2), especially the relevant "Backwards incompatible changes" sections, to proactively identify any impact to their Apps.

!!! warning "Django 4"
Django 4 includes a small number of breaking changes compared to Django 3. In our experience, most Apps have required few (or zero) updates to be Django 4 compatible, but your mileage may vary.

• Python 3.12 is now supported by Nautobot and is now the default recommended version of Python. Apps will likely need to update their packaging in order to explicitly declare support for Python 3.12.

Release Overview

Added

Cloud Models (#5716, #5719, #5721, #5872)

Added the new models CloudAccount, CloudResourceType, CloudNetwork, and CloudService to support recording of cloud provider accounts (AWS, Azure, GCP, DigitalOcean, etc.), cloud resource types (AWS EC2, Azure Virtual Machine Service, Google App Engine, etc.), cloud services (specific instances of services described by cloud resource types) and cloud network objects (such as VPCs) in Nautobot.

Device Modules (#2101)

Added new models for ModuleBay, Module, ModuleType, and ModuleBayTemplate to support modeling line cards and other modular components of a device. These models allow you to define a hierarchy of module bays and modules within a device, and to assign components (such as interfaces, power ports, etc.) to specific modules.

Dynamic Group Enhancements (#5472, #5786)

Dynamic Groups now have a group_type field, which specifies whether this group is defined by an object filter, defined by aggregating other groups via set operations, or defined via static assignment of objects as group members (this third type is new in Nautobot 2.3). Additionally, you can now assign a tenant and/or tags to each Dynamic Group, and many more models now can be included in Dynamic Groups.

A new model, StaticGroupAssociation, and associated REST API, have been added in support of the new "static" group type. See also "Dynamic Group Cache Changes" below.

For more details, refer to the Dynamic Group documentation.

Interface and VMInterface Roles (#4406)

Added an optional role field to Interface and VMInterface models to track common interface configurations. Now the users can create Role instances that can be assigned to interfaces and vminterfaces.

Object Metadata Models (#5663)

Added a set of functionality for defining and managing object metadata, that is to say, data about the network data managed in Nautobot, such as data provenance, data ownership, and data classification. For more details, refer to the linked documentation.

Python 3.12 Support (#5429)

Nautobot now supports Python 3.12, and Python 3.12 is now the default Python version included in the nautobot Docker images.

Saved Views (#1758)

Added the ability for users to save multiple configurations of list views (table columns, filtering, pagination and sorting) for ease of later use and reuse. Refer to the Saved View documentation for more details and on how to use saved views.

Worker Status Page (#5873)

User accounts with the is_staff flag set can access a new worker status page at /worker-status/ to view the status of the Celery worker(s) and the configured queues. The link to this page appears in the "User" dropdown at the bottom of the navigation menu, under the link to the "Profile" page. Use this page with caution as it runs a live query against the Celery worker(s) and may impact performance of your web service.

Changed

Changed TreeManager Default Behavior (#5786)

The TreeManager class (used for tree-models such as Location, RackGroup, and TenantGroup) default behavior has changed from with_tree_fields to without_tree_fields. This should improve performance in many cases but may impact Apps or Jobs that were relying on the old default; such code should be updated to explicitly call .with_tree_fields() where appropriate.

Dynamic Group Cache Changes (#5473)

To improve performance of the Dynamic Groups feature, a number of changes have been made:

• Dynamic Groups now always use StaticGroupAssociation records as a database cache of their member objects, rather than optionally caching their members in Redis for a limited time period. For Dynamic Groups of types other than the new "static" group type, these StaticGroupAssociation records are hidden by default from the UI and REST API.
• The DYNAMIC_GROUPS_MEMBER_CACHE_TIMEOUT setting variable is deprecated, as it no longer influences Dynamic Group cache behavior.
• The APIs DynamicGroup.members, DynamicGroup.count, DynamicGroup.has_member(), and object.dynamic_groups now always use the database cache rather than being recalculated on the fly.
• The APIs DynamicGroup.members_cached, DynamicGroup.members_cache_key, object.dynamic_groups_cached, object.dynamic_groups_list, and object.dynamic_groups_list_cached are now deprecated.
• Editing a Dynamic Group definition refreshes its cached members and those of any "parent" groups that use it.
• Viewing a Dynamic Group detail view in the UI refreshes its cached members (only).
• A new System Job, Refresh Dynamic Group Caches, can be run or scheduled as appropriate to refresh Dynamic Group member caches on demand.
• The existing API DynamicGroup.update_cached_members() can be called by Apps or Jobs needing to ensure that the cache is up-to-date for any given Dynamic Group.

Log Cleanup as System Job (#3749)

Cleanup of the change log (deletion of ObjectChange records older than a given cutoff) is now handled by the new LogsCleanup system Job, rather than occurring at random as a side effect of new change log records being created. Admins desiring automatic cleanup are encouraged to schedule this job to run at an appropriate interval suitable to your deployment's needs.

!!! info
Setting CHANGELOG_RETENTION in your Nautobot configuration by itself no longer directly results in periodic cleanup of ObjectChange records. You must run (or schedule to periodically run) the LogsCleanup Job for this to occur.

As an additional enhancement, the LogsCleanup Job can also be used to cleanup JobResult records if desired as well.

UI Button Consolidation (#5869, #5870, #5871)

Various button groups in the "object list" and "object detail" views have been consolidated following a common UI pattern of a single button for the most common action plus a popup menu for less common actions.

Dependencies

Updated to Django 4.2 (#3581)

As Django 3.2 has reached end-of-life, Nautobot 2.3 requires Django 4.2, the next long-term-support (LTS) version of Django. There are a number of changes in Django itself as a result of this upgrade; Nautobot App maintainers are urged to review the Django release-notes (4.0, 4.1, 4.2), especially the relevant "Backwards incompatible changes" sections, to proactively identify any impact to their Apps.

Contributors

• @glennmatthews
• @HanlinMiao
• @gertzakis
• @snaselj
• @timizuoebideri1
• @gsnider2195
• @smk4664
• @renovate
• @kvncampos
• @lampwins
• @jeffkala
• @dependabot

New Contributors

• @kvncampos made their first contribution in https://github.com/nautobot/nautobot/pull/5946

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.9...v2.3.0

What's Changed

Added

• #5965 - Added missing controller references for DeviceRedundancyGroup in the UI.
• #5980 - Added caching to FeatureQuery().get_choices() and FeatureQuery().list_subclasses().
• #6029 - Added environment variable support for setting CELERY_WORKER_PREFETCH_MULTIPLIER.
• #6030 - Added links from the Job list and detail views to quickly filter the list of Job Results to the corresponding Job.

Fixed

• #5775 - Reintroduced Add IP Address button to VirtualMachine Interface table.
• #5785 - Fixed Scheduled Jobs not respecting Job Soft / Hard Time Limit.
• #5796 - Added missing validation to ensure that a DeviceBay can only contain Devices with a subdevice_role of child.
• #5811 - Fixed broken UI and added error message when submitting IPAddressAssignForm without selecting any IPAddress.
• #5812 - Fixed CSV file upload handling of "UTF-8 with BOM" encoding.
• #5904 - Fixed performance of JobResults UI when thousands of JobLogEntries are present.
• #5904 - Fixed performance when Bulk Importing large csv files.
• #5912 - Fixed incorrect clean() behavior on IPAddress that caused certain uniqueness violations to not be caught until save().
• #5948 - Fixed table overflow.
• #5980 - Improved performance of GraphQL queries by no longer unnecessarily creating FilterSet instances when no filter is present.
• #5992 - Added signal to clear relevant content-type caches after running migrations.
• #6022 - Fixed incorrect labels for derived filters (tenant__n, tenant__isw, etc.) when the base filter (tenant, etc.) has a custom label.

Dependencies

• #6010 - Pinned django-storages temporarily to 1.14.3 due to an incompatibility between django-health-check and version 1.14.4 of django-storages.

Documentation

• #5949 - Fixed NewBranch job code in documentation.
• #5958 - Added an example job that uses a custom template to render the job form.
• #5959 - Fixed documentation structure and added documentation on contributing documentation updates.
• #5971 - Added documentation for registering jobs from Git Repositories.
• #6024 - Added documentation for the nautobot-server validate_models command.

Contributors

• @gsnider2195
• @timizuoebideri1
• @MCDELTAT
• @HanlinMiao
• @glennmatthews
• @itdependsnetworks
• @jnmms
• @jvanderaa
• @abates
• @tsm1th
• @joewesch

New Contributors

• @MCDELTAT made their first contribution in https://github.com/nautobot/nautobot/pull/5950
• @jnmms made their first contribution in https://github.com/nautobot/nautobot/pull/6022

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.8...v2.2.9

What's Changed

Added

Added an Optional role field to Interface and VMInterface models (#4406)

Added an optional role field to Interface and VMInterface models to track common interface configurations. Now the users can create Role instances that can be assigned to interfaces and vminterfaces.

Cloud Models (#5716, #5719, #5721, #5872)

Added the new models CloudAccount, CloudResourceType, CloudNetwork, and CloudService to support recording of cloud provider accounts (AWS, Azure, GCP, DigitalOcean, etc.), cloud resource types (AWS EC2, Azure Virtual Machine Service, Google App Engine, etc.), cloud services (specific instances of services described by cloud resource types) and cloud network objects (such as VPCs) in Nautobot.

Dynamic Group Enhancements

Dynamic Groups now have a group_type field, which specifies whether this group is defined by an object filter, defined by aggregating other groups via set operations, or defined via static assignment of objects as group members (this third type is new in Nautobot 2.3). Additionally, you can now assign a tenant and/or tags to each Dynamic Group.

A new model, StaticGroupAssociation, and associated REST API, have been added in support of the new "static" group type. See also "Dynamic Group Cache Changes" below.

For more details, refer to the Dynamic Group documentation.

Object Metadata Models (#5663)

Added a set of functionality for defining and managing object metadata, that is to say, data about the network data managed in Nautobot, such as data provenance, data ownership, and data classification. For more details, refer to the linked documentation.

Saved Views

Added the ability for users to save multiple configurations of list views (table columns, filtering, pagination and sorting) for ease of later use and reuse. Refer to the Saved View documentation for more details and on how to use saved views.

Device Modules (#2101)

Added new models for ModuleBay, Module, ModuleType, and ModuleBayTemplate to support modeling line cards and other modular components of a device. These models allow you to define a hierarchy of module bays and modules within a device, and to assign components (such as interfaces, power ports, etc.) to specific modules.

Changed

Dynamic Group Cache Changes

To improve performance of the Dynamic Groups feature, a number of changes have been made:

• Dynamic Groups now always use StaticGroupAssociation records as a database cache of their member objects, rather than optionally caching their members in Redis for a limited time period. For Dynamic Groups of types other than the new "static" group type, these StaticGroupAssociation records are hidden by default from the UI and REST API.
• The DYNAMIC_GROUPS_MEMBER_CACHE_TIMEOUT setting variable is deprecated, as it no longer influences Dynamic Group cache behavior.
• The APIs DynamicGroup.members, DynamicGroup.count, DynamicGroup.has_member(), and object.dynamic_groups now always use the database cache rather than being recalculated on the fly.
• The APIs DynamicGroup.members_cached, DynamicGroup.members_cache_key, object.dynamic_groups_cached, object.dynamic_groups_list, and object.dynamic_groups_list_cached are now deprecated.
• Editing a Dynamic Group definition refreshes its cached members and those of any "parent" groups that use it.
• Viewing a Dynamic Group detail view in the UI refreshes its cached members (only).
• A new System Job, Refresh Dynamic Group Caches, can be run or scheduled as apprropriate to refresh Dynamic Group member caches on demand.
• The existing API DynamicGroup.update_cached_members() can be called by Apps or Jobs needing to ensure that the cache is up-to-date for any given Dynamic Group.

Updated to Django 4.2

As Django 3.2 has reached end-of-life, Nautobot 2.3 requires Django 4.2, the next long-term-support (LTS) version of Django. There are a number of changes in Django itself as a result of this upgrade; Nautobot App maintainers are urged to review the Django release-notes (4.0, 4.1, 4.2), especially the relevant "Backwards incompatible changes" sections, to proactively identify any impact to their Apps.

Log Cleanup as System Job (#3749)

Cleanup of the change log (deletion of ObjectChange records older than a given cutoff) is now handled by the new LogsCleanup system Job, rather than occurring at random as a side effect of new change log records being created. Admins desiring automatic cleanup are encouraged to schedule this job to run at an appropriate interval suitable to your deployment's needs.

!!! info
Setting CHANGELOG_RETENTION in your Nautobot configuration by itself no longer directly results in periodic cleanup of ObjectChange records. You must run (or schedule to periodically run) the LogsCleanup Job for this to occur.

As an additional enhancement, the LogsCleanup Job can also be used to cleanup JobResult records if desired as well.

Contributors

• @gertzakis
• @glennmatthews
• @gsnider2195
• @HanlinMiao
• @kvncampos
• @smk4664
• @snaselj
• @timizuoebideri1

New Contributors

• @kvncampos made their first contribution in https://github.com/nautobot/nautobot/pull/5946

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.8...v2.3.0-beta.1

What's Changed

Fixed

• #5935 - Fixed issue in which a save() could be called unnecessarily on child devices.

Contributors

• @nrnvgh

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.25...v1.6.26

What's Changed

Security

• #5911 - Updated zipp to 3.19.1 to address CVE-2024-5569. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.

Fixed

• #5569 - Fixed relationship required to ignore objects that do not match the related filter.
• #5613 - Fixed intermittent failure in integration test for dynamic groups.
• #5906 - Added support for filtering in GraphQL of objects identified by a many-to-many relation (Location.prefixes, Prefix.locations, etc.)
• #5935 - Fixed issue in which a save() could be called unnecessarily on child devices.

Dependencies

• #5833 - Updated dependency social-auth-app-django to ~5.4.2.
• #5833 - Updated optional dependency django-storages to ~1.14.4.

Documentation

• #5833 - Updated documentation dependency mkdocs-material to ~9.5.29.
• #5874 - Updated documentation regarding Nautobot on Ubuntu 24.04.

Housekeeping

• #5610 - Added integration test to do basic checking for static media failures caused by typos in template files.

Contributors

• @gsnider2195
• @jvanderaa
• @glennmatthews
• @nrnvgh

New Contributors

• @sdoiron0330 made their first contribution in https://github.com/nautobot/nautobot/pull/5570

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.7...v2.2.8

What's Changed

Security

• #5891 - Updated certifi to 2024.7.4 to address CVE-2024-39689. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.

Dependencies

• #5897 - Pinned dev dependency faker to >=0.7.0,<26.0.0 to work around breaking change in v26.0.0 (faker/#2070).

Contributors

• @glennmatthews
• @gsnider2195

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.24...v1.6.25

What's Changed

Security

• #5891 - Updated certifi to 2024.7.4 to address CVE-2024-39689. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.

Fixed

• #4237 - Fixed display issue with multiple tags filter on dynamic groups. Multiple Tags are now correctly displayed with an AND.
• #5093 - Fixed blank page redirect when syncing or running a dry run on a GIT Repo with no workers available; now redirects to the GIT Repo Detail page with an error message.
• #5804 - Fixed operation of "Mark planned"/"Mark installed" button in Device component table views.
• #5832 - Fixed lack of API versioning of responses to a POST to /api/ipam/prefixes/<id>/available-prefixes/ to allocate child prefixes of a prefix.
• #5832 - Fixed incorrect OpenAPI schema for /api/ipam/prefixes/<id>/available-prefixes/ and /api/ipam/prefixes/<id>/available-ips/.

Dependencies

• #5518 - Updated drf-spectacular to version 0.27.2.
• #5896 - Pinned dev dependency faker to >=0.7.0,<26.0.0 to work around breaking change in v26.0.0 (faker/#2070).

Housekeeping

• #5847 - Updated the term plugin to app within the GitHub templates.
• #5858 - Enhanced the test runner to include a hash of applied database migrations as part of the factory dump filename, reducing the likelihood of using the wrong cached data for a given branch.

Contributors

• @glennmatthews
• @timizuoebideri1
• @jvanderaa
• @smk4664

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.6...v2.2.7

What's Changed

Security

• #5821 - Updated urllib3 to 2.2.2 due to CVE-2024-37891. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.

Housekeeping

• #5754 - Updated development dependency requests to ~2.32.2.

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.23...v1.6.24

What's Changed

Security

• #5821 - Updated urllib3 to 2.2.2 due to CVE-2024-37891. This is not a direct dependency so it will not auto-update when upgrading. Please be sure to upgrade your local environment.

Added

• #5550 - Added support for specifying a tag or a commit hash as the GitRepository branch value.
• #5550 - Added an enabled flag to the JobButton class; disabled JobButtons will not appear in the UI.
• #5793 - Added --print-hashes option to nautobot-server generate_test_data command.
• #5807 - Added the ability to sort and filter the IPAddress list view by the nat_inside field.

Changed

• #5550 - Changed the behavior on removal of a previously-installed Job class to additionally auto-disable any JobButtons, JobHooks, and ScheduledJobs referencing this class.

Fixed

• #5550 - Fixed an issue where config-contexts and export-templates sourced from a Git repository might not be automatically deleted from Nautobot after removing them from the repository and resyncing it.
• #5550 - Fixed an exception that might be raised when performing a Git repository "dry-run" sync if certain types of diffs are present.
• #5782 - Fixed an issue with Job code not being fully reloaded after syncing a Git repository.
• #5809 - Fixed missing support for the GitRepository model in GraphQL.
• #5819 - Fixed inability to use bare (local-DNS) hostnames when specifying a GitRepository remote URL.

Documentation

• #5726 - Updated, cleaned up, and separated out the main landing page for Nautobot docs.
• #5752 - Corrected incorrect entry for nautobot.utilities.ordering in v2-code-location-changes table.
• #5754 - Updated mkdocs-material to 9.5.25.

Housekeeping

• #5754 - Updated development dependencies requests to ~2.32.2 and watchdog to ~4.0.1.
• #5793 - Refactored generate_test_data implementation for improved debuggability.
• #5793 - Fixed a bug in ControllerManagedDeviceGroupFactory that could result in nondeterministic test data.

Contributors

• @glennmatthews
• @qduk
• @jvanderaa
• @abates
• @renovate
• @dependabot
• @timizuoebideri1

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.5...v2.2.6

What's Changed

Security

• #5740 - Updated requests to 2.32.1 to address GHSA-9wx4-h78v-vm56. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment.
• #5757 - Fixed missing member object permission enforcement (e.g., enforce Device permissions for a Dynamic Group containing Devices) when viewing Dynamic Group member objects in the UI or REST API (GHSA-qmjf-wc2h-6x3q).

Added

• #5588 - Added "Add VRFs" and "Remove VRFs" fields to PrefixBulkEditForm.
• #5588 - Added "Add Prefixes" and "Remove Prefixes" fields to VRFBulkEditForm.
• #5655 - Added "Device Family" as a configurable column in the Device Types table view.
• #5690 - Added a generic test case that asserts that all list views provide an appropriate FilterForm class.
• #5747 - Added "Circuit Terminations" navigation menu item.

Removed

• #5690 - Removed deprecated CustomFieldFilterForm alias of CustomFieldModelFilterFormMixin as this would have caused confusion with the newly added CustomFieldFilterForm class providing filtering support for the Custom Fields list view.

Fixed

• #5564 - Fixed ContactAssociationFilterSet.associated_object_type not using the right filter field.
• #5669 - Fixed AttributeError thrown when deleting software versions or images from list views.
• #5690 - Fixed a Javascript error when attempting to filter certain list views.
• #5690 - Added missing "default" filter forms for a number of list views.
• #5703 - Fixed unintended creation of _custom_field_data filter on various FilterSets.
• #5703 - Fixed Filter "_custom_field_data" on ... is not GraphQL safe, and will be omitted warning logs when generating the GraphQL schema.
• #5707 - Fixed incorrect installation of xmlsec library in the Nautobot Docker images.
• #5708 - Fixed integrity error when doing bulk edits that resulted from a delete operation on a related model.
• #5738 - Fixed incorrect API query parameters when selecting VLANs to apply to a VM Interface.
• #5738 - Fixed incorrect query parameters when accessing or creating Clusters from a Cluster Type detail view.

Documentation

• #5699 - Updated to mkdocs~1.6.0 and mkdocs-material~9.5.23.
• #5699 - Fixed a number of broken links within the documentation.

Housekeeping

• #5699 - Updated pylint to ~3.1.1.
• #5740 - Updated test dependency requests to ~2.32.1.

Contributors

• @glennmatthews
• @tsm1th
• @timizuoebideri1
• @renovate
• @dependabot
• @HanlinMiao

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.4...v2.2.5

What's Changed

Security

• #5740 - Updated requests to 2.32.1 to address GHSA-9wx4-h78v-vm56. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment.
• #5762 - Fixed missing member object permission enforcement (e.g., enforce Device permissions for a Dynamic Group containing Devices) when viewing Dynamic Group member objects in the UI or REST API (GHSA-qmjf-wc2h-6x3q).

Housekeeping

• #5740 - Updated test dependency requests to ~2.32.1.

Contributors

• @glennmatthews

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.22...v1.6.23

What's Changed

Security

• #1858 - Added sanitization of HTML tags in the content of BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration to prevent against potential injection of malicious scripts (stored XSS) via these features (GHSA-r2hr-4v48-fjv3).

Added

• #1858 - Added support in BRANDING_FILEPATHS configuration to specify a custom css and/or javascript file to be added to Nautobot page content.
• #1858 - Added Markdown support to the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings.

Fixed

• #2974 - Fixed an error when deleting and then recreating a GitRepository that provides Jobs.

Contributors

• @glennmatthews

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.21...v1.6.22

What's Changed

Security

• #1858 - Added sanitization of HTML tags in the content of BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration to prevent against potential injection of malicious scripts (stored XSS) via these features (GHSA-r2hr-4v48-fjv3).
• #5672 - Updated Jinja2 dependency to 3.1.4 to address CVE-2024-34064.

Added

• #1858 - Added support in BRANDING_FILEPATHS configuration to specify a custom css and/or javascript file to be added to Nautobot page content.
• #1858 - Added Markdown support to the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings.

Fixed

• #4986 - Fixed inconsistent use of super causing active_tab context to be missing from several views.
• #5644 - Made the uniqueness constraints between the ContactAssociation model and the related API serializer consistent.
• #5684 - Fixed standard CSV export when using export templates.
• #5689 - Fixed change logging for bulk delete operations so that user is included in the log.

Documentation

• #5661 - Updated documentation to organize installation instructions and provide easier to use functions from mkdocs.

Housekeeping

• #5263 - Updated nh3 to 0.2.17 in poetry.lock.
• #5637 - Removed "version" from development docker-compose.yml files as newer versions of Docker complain about it being obsolete.
• #5637 - Fixed behavior of invoke stop so that it also stops the optional mkdocs container if present.

Contributors

• @glennmatthews
• @jdueitt
• @renovate
• @joewesch
• @whitej6
• @jvanderaa
• @tsm1th
• @HanlinMiao

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.3...v2.2.4

What's Changed

Security

• #5521 - Updated Pillow dependency to ~10.3.0 to address CVE-2024-28219.
• #5561 - Updated idna to 3.7 due to CVE-2024-3651. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.
• #5624 - Updated social-auth-app-django dependency to ~5.4.1 to address CVE-2024-32879.
• #5675 - Updated Jinja2 dependency to 3.1.4 to address CVE-2024-34064.

Contributors

• @glennmatthews

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.20...v1.6.21

What's Changed

Security

• #5647 - Fixed a reflected-XSS vulnerability (GHSA-jxgr-gcj5-cqqg) in object-list view rendering of user-provided query parameters.

Fixed

• #5626 - Increased performance of brief=true in API endpoints by eliminating unnecessary database joins.

Contributors

• @glennmatthews
• @Kircheneer

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.19...v1.6.20

What's Changed

Security

• #5624 - Updated social-auth-app-django dependency to ~5.4.1 to address CVE-2024-32879.
• #5646 - Fixed a reflected-XSS vulnerability (GHSA-jxgr-gcj5-cqqg) in object-list view rendering of user-provided query parameters.

Added

• #2946 - Added custom link support for interfaces, console ports, console server ports, power ports, power outlets, front ports, rear ports, device bays, and inventory items.
• #5034 - Added a view to convert location contact information to contacts or teams.
• #5537 - Re-added run_job generic Celery task as a wrapper for execution of all Nautobot Jobs.
• #5560 - Added a template tag which creates a hyperlink that opens in a new tab.
• #5586 - Added nautobot.apps.jobs.get_jobs() API.

Changed

• #5498 - Changed the nautobot.extras.jobs.Job class to no longer be a subclass of celery.tasks.Task.

Fixed

• #5513 - Fixed missing location field in Prefix and VLAN GraphQL schema.
• #5513 - Restored ability to filter Prefix and VLAN objects at the ORM level by location.
• #5565 - Fixed optional dependency on social-auth-core by removing an extras related to openidconnect that no longer exists.
• #5586 - Fixed incorrect rendering of Job variables in the ScheduledJob detail view.
• #5594 - Fixed Job tiles view not understanding the per_page and page query parameters.
• #5595 - Fixed bug where API Extra Actions weren't displaying the proper name.
• #5603 - Fixed config contexts loaded from Git repositories not populating Device Redundancy Group information.
• #5640 - Fixed bug in generating the URL parameters for cloning objects.
• #5642 - Fixed some cases where stale Job code might be present when Jobs are sourced from JOBS_ROOT or a Git repository.
• #5642 - Fixed incorrect handling of Job kwargs when dry-running a job approval request via the REST API.

Documentation

• #5094 - Added "Reserved Attribute Names" section to the Jobs developer documentation.
• #5608 - Updated VLAN documentation with a recommendation for modeling of VLANs with respect to Locations.
• #5626 - Added extras features docs to core developer new model checklist.
• #5635 - Added borders to tabbed sections of mkdocs.

Housekeeping

• #4498 - Removed redundant nautobot.extras.plugins.register_jobs function.
• #5586 - Fixed an intermittent ImportError when running tests with certain options.
• #5605 - Added prerelease and release workflow to deploy sandbox environments automatically.

Contributors

• @HanlinMiao
• @jdrew82
• @timizuoebideri1
• @gsnider2195
• @glennmatthews
• @teunvink
• @nlgotz
• @cardoe
• @dependabot
• @jvanderaa
• @tsm1th
• @jdueitt

New Contributors

• @teunvink made their first contribution in https://github.com/nautobot/nautobot/pull/5625
• @jdueitt made their first contribution in https://github.com/nautobot/nautobot/pull/5641

Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.2...v2.2.3

What's Changed

Security

• #5579 - Updated sqlparse to 0.5.0 to fix GHSA-2m57-hf25-phgg. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment.

Fixed

• #5610 - Fixed static media failure on /graphql/ and /admin/ pages.

Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.18...v1.6.19

Contributors

• @HanlinMiao
• @gsnider2195