Network Source of Truth & Network Automation Platform
APACHE-2.0 License
Bot releases are visible (Hide)
Published by HanlinMiao 6 months ago
sqlparse
to 0.5.0
to fix GHSA-2m57-hf25-phgg. This is not a direct dependency so it will not auto-update when upgrading Nautobot. Please be sure to update your local environment.nautobot.extras.utils.bulk_delete_with_bulk_change_logging
helper function for improving performance on bulk delete.nautobot.extras.context_managers.deferred_change_logging_for_bulk_operation
context manager for improving performance on bulk update.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.1...v2.2.2
Published by HanlinMiao 6 months ago
jquery-ui
to version 1.13.2
due to CVE-2022-31160
.jquery
to version 3.7.1
.@gertzakis
Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.17...v1.6.18
Published by HanlinMiao 6 months ago
Pillow
dependency to ~10.3.0
to address CVE-2024-28219
.jquery-ui
to version 1.13.2
due to CVE-2022-31160
.idna
to 3.7 due to CVE-2024-3651. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment./api/dcim/locations/?cf_multiselect=1ea9237c-3ba7-4985-ba7e-6fd9e9bff813
as an alternative to /api/dcim/locations/?cf_multiselect=some-choice-value
.METRICS_DISABLED_APPS
to disable app metrics for specific apps.phone
and email
fields as mandatory.BaseFilterTestCase.get_filterset_test_values
.nautobot.setup()
function mistakenly removed in 2.2.0.>=4.7.0,<4.19.0
to ^4.7.0
.djangorestframework
to ~3.15.1
.jquery
to version 3.7.1
.nautobot-server pylint
management command from the example_app
, as pylint can be invoked directly with an appropriate --init-hook
instead.test.client
works in test cases using this class.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.2.0...v2.2.1
Published by glennmatthews 7 months ago
social-auth-core
to remove dependency on python-jose
& its dependency on ecdsa
.jsonschema
version constraint from >=4.7.0,<4.18.0
to ^4.7.0
.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.16...v1.6.17
Published by gsnider2195 7 months ago
Contact and Team are models that represent an individual and a group of individuals who can be linked to an object. Contacts and teams store the necessary information (name, phone number, email, and address) to uniquely identify and contact them. They are added to track ownerships of organizational entities and to manage resources more efficiently in Nautobot. Check out the documentation for Contact and Team. There is also a user guide available on how to utilize these models.
A new management command has been introduced to assist with migrating the Location fields contact_name
, contact_phone
and contact_email
to the new Contact and Team models. This command can be invoked with nautobot-server migrate_location_contacts
and will present a series of prompts to guide you through migrating Locations that have data in the contact_name
, contact_phone
, or contact_email
fields which are not already associated to a Contact or Team. This command will give you the option to create new Contacts or Teams or, if a similar Contact or Team already exists, to link the Location to the existing Contact or Team. Note that when assigning a Location to an existing Contact or Team that has a blank phone
or email
field, the value from the Location will be copied to the Contact/Team. After a Location has been associated to a Contact or Team, the contact_name
, contact_phone
, and contact_email
fields will be cleared from the Location.
Controller models have been added to the dcim
app. A Controller in Nautobot is an abstraction meant to represent network or SDN (Software-Defined Networking) controllers. These may include, but are not limited to, wireless controllers, cloud-based network management systems, and other forms of central network control mechanisms.
For more details, refer to the user guide for a Controller
model, a ControllerManagedDeviceGroup
model, or developer documentation for Controllers.
A Device Family represents a group of related Device Types. A Device Type can be optionally assigned to a Device Family. Each Device Family must have a unique name and may have a description assigned to it.
Job list is now available in two display variants: list and tiles. List is a standard table view with no major changes introduced. Tiles is a new type of view displaying jobs in a two-dimensional grid.
The Prefix and VLAN models have replaced their single location
foreign-key field with a many-to-many locations
field, allowing multiple Locations to be attached to a single Prefix or VLAN. To ensure backwards compatibility with pre-2.2 code, these models now have a location
property which can be retrieved or set for the case of a single associated Location, but will raise a MultipleObjectsReturned
exception if the Prefix or VLAN in question has more than one associated Location. REST API versions 2.0 and 2.1 similarly still have a location
field, while REST API version 2.2 and later replace this with locations
.
New models have been added for Software Image Files and Software Versions. These models are used to track the software versions of Devices, Inventory Items and Virtual Machines and their associated image files. These models have been ported from the Device Lifecycle Management App and a future update to that app will migrate all existing data from the nautobot_device_lifecycle_mgmt.SoftwareImageLCM
and nautobot_device_lifecycle_mgmt.SoftwareLCM
models to the dcim.SoftwareImageFile
and dcim.SoftwareVersion
models added here.
Software Versions must be associated to a Platform. Software Image Files must be associated to one Software Version and may be associated to one or more Device Types. Devices, Inventory Items and Virtual Machines may be associated to one Software Version to track their current version. See the documentation for Software Image File and Software Version. There is also a user guide with instructions on how to create these models.
Language syntax highlighting for GraphQL, JSON, XML and YAML is now supported in the UI via JavaScript. To enable the feature, a code snippet has to be wrapped in the following HTML structure:
<pre><code class="language-{graphql,json,xml,yaml}">...</code></pre>
render_json
and render_yaml
template filters default to this new behavior with an optional opt-out syntax_highlight=False
arg.
The CSV import functionality for all models has been changed from a synchronous operation to an asynchronous background task (system Job). As a result, imports of large CSV files will no longer fail due to browser timeout.
!!! tip
Users now must have the run
action permission for extras > job
(specifically the nautobot.core.jobs.ImportObjects
Job) in order to import objects, in addition to the normal add
permissions for the object type being imported.
Installed Plugins
view has been renamed to Installed Apps
. Plugin
terminologies in Installed Plugins
(now Installed Apps
) view and dependent views have been changed to App
throughout. Plugin
references in documentation (excluding old release-notes) have been replaced by App
. Plugins
navigation menu has been renamed to Apps
.
max_length
on all Charfields (#2906)Model CharFields' max_length
attributes have been standardized globally to have at least 255 characters except where a shorter max_length
is explicitly justified.
Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.9...v2.2.0
Published by gsnider2195 7 months ago
django
to ~3.2.25
due to CVE-2024-27351
./extras/job-results/<uuid:pk>/log-table/
; furthermore it will not allow an authenticated user to view log entries for a JobResult they don't otherwise have permission to view. (GHSA-m732-wvh2-7cq4)/extras/git-repositories/<str:slug>/sync/
and /extras/git-repositories/<str:slug>/dry-run/
; a user who has change
permissions for a subset of Git repositories is no longer permitted to sync or dry-run other repositories for which they lack the appropriate permissions. (GHSA-m732-wvh2-7cq4)/api/dcim/connected-device/?peer_device=...&?peer_interface=...
REST API endpoint; a user who has view
permissions for a subset of interfaces is no longer permitted to query other interfaces for which they lack permissions. (GHSA-m732-wvh2-7cq4)<app>/<model>/<lookup>/notes/
UI endpoints; a user must now have the appropriate extras.view_note
permissions to view existing notes. (GHSA-m732-wvh2-7cq4)/api/redoc/
, /api/swagger/
, /api/swagger.json
, and /api/swagger.yaml
. (GHSA-m732-wvh2-7cq4)/api/graphql
REST API endpoint, even when EXEMPT_VIEW_PERMISSIONS
is configured. (GHSA-m732-wvh2-7cq4)/dcim/racks/<uuid>/dynamic-groups/
, /dcim/devices/<uuid>/dynamic-groups/
, /ipam/prefixes/<uuid>/dynamic-groups/
, /ipam/ip-addresses/<uuid>/dynamic-groups/
, /virtualization/clusters/<uuid>/dynamic-groups/
, and /virtualization/virtual-machines/<uuid>/dynamic-groups/
, even when EXEMPT_VIEW_PERMISSIONS
is configured. (GHSA-m732-wvh2-7cq4)/extras/secrets/provider/<str:provider_slug>/form/
. (GHSA-m732-wvh2-7cq4)nautobot.apps.utils.get_url_for_url_pattern
and nautobot.apps.utils.get_url_patterns
lookup functions.nautobot.apps.views.GenericView
base class.view_name
and view_description
optional parameters when instantiating a nautobot.apps.api.OrderedDefaultRouter
. Specifying these parameters is to be preferred over defining a custom APIRootView
subclass when defining App API URLs.nautobot.core.api.AuthenticatedAPIRootView
class. As a consequence, viewing the browsable REST API root endpoints (e.g. /api/
, /api/circuits/
, /api/dcim/
, etc.) now requires user authentication./api/docs/
and /graphql/
even when HIDE_RESTRICTED_UI
is False./dcim/<port-type>/<uuid>/connect/<termination_b_type>/
view endpoints with an invalid/nonexistent termination_b_type
string.ObjectPermissionRequiredMixin
or LoginRequiredMixin
as appropriate best practices.example_plugin
to use the new GenericView
base class as a best practice.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.15...v1.6.16
Published by gsnider2195 7 months ago
django
to ~3.2.25
due to CVE-2024-27351
./extras/job-results/<uuid:pk>/log-table/
; furthermore it will not allow an authenticated user to view log entries for a JobResult they don't otherwise have permission to view. (GHSA-m732-wvh2-7cq4)/extras/git-repositories/<uuid:pk>/sync/
and /extras/git-repositories/<uuid:pk>/dry-run/
; a user who has change
permissions for a subset of Git repositories is no longer permitted to sync or dry-run other repositories for which they lack the appropriate permissions. (GHSA-m732-wvh2-7cq4)/api/dcim/connected-device/?peer_device=...&?peer_interface=...
REST API endpoint; a user who has view
permissions for a subset of interfaces is no longer permitted to query other interfaces for which they lack permissions. (GHSA-m732-wvh2-7cq4)<app>/<model>/<uuid>/notes/
UI endpoints; a user must now have the appropriate extras.view_note
permissions to view existing notes. (GHSA-m732-wvh2-7cq4)/api/redoc/
, /api/swagger/
, /api/swagger.json
, and /api/swagger.yaml
. (GHSA-m732-wvh2-7cq4)/api/graphql
REST API endpoint, even when EXEMPT_VIEW_PERMISSIONS
is configured. (GHSA-m732-wvh2-7cq4)/dcim/racks/<uuid>/dynamic-groups/
, /dcim/devices/<uuid>/dynamic-groups/
, /ipam/prefixes/<uuid>/dynamic-groups/
, /ipam/ip-addresses/<uuid>/dynamic-groups/
, /virtualization/clusters/<uuid>/dynamic-groups/
, and /virtualization/virtual-machines/<uuid>/dynamic-groups/
, even when EXEMPT_VIEW_PERMISSIONS
is configured. (GHSA-m732-wvh2-7cq4)/extras/secrets/provider/<str:provider_slug>/form/
. (GHSA-m732-wvh2-7cq4)nautobot.apps.utils.get_url_for_url_pattern
and nautobot.apps.utils.get_url_patterns
lookup functions.nautobot.apps.views.GenericView
base class.view_name
and view_description
optional parameters when instantiating a nautobot.apps.api.OrderedDefaultRouter
. Specifying these parameters is to be preferred over defining a custom APIRootView
subclass when defining App API URLs.nautobot.apps.api.APIRootView
class. As a consequence, viewing the browsable REST API root endpoints (e.g. /api/
, /api/circuits/
, /api/dcim/
, etc.) now requires user authentication./api/users/users/my-profile/
, /api/users/users/session/
, /api/users/tokens/authenticate/
, and /api/users/tokens/logout/
as they are unused at this time./graphql
./admin
./api/
./dcim/<port-type>/<uuid>/connect/<termination_b_type>/
view endpoints with an invalid/nonexistent termination_b_type
string.coverage
as a nautobot dependency instead of a development dependency.ObjectPermissionRequiredMixin
or LoginRequiredMixin
as appropriate best practices.OrderedDict
instance in nautobot/core/api/routers.py#21
with with a plain dict
instance.OrderedDict
instance in nautobot/dcim/models/racks.py#275
with a plain dict
instance.--pattern
argument to invoke unittest
.--parallel-workers
argument to invoke unittest
.example_plugin
to use the new GenericView
base class as a best practice.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.8...v2.1.9
Published by HanlinMiao 7 months ago
Device
to SoftwareImageFile
.DeviceType
to SoftwareImageFile
.InventoryItem
to SoftwareImageFile
.VirtualMachine
to SoftwareImageFile
.Device
to SoftwareVersion
.InventoryItem
to SoftwareVersion
.VirtualMachine
to SoftwareVersion
.ALLOW_REQUEST_PROFILING
, BANNER_TOP
, etc.)HardwareFamily
model class. (Renamed before release to DeviceFamily
.)device_family
field to Device Type model class.VRFDeviceAssignment
model.VRFPrefixAssignment
model.user_name
, changed_object
, or related_object
, and also by changed_object
in combination with user
or user_name
.job_import_button
template-tag and marked import_button
button template-tag as deprecated.nautobot.apps.utils.get_view_for_model
utility function.can_add
, can_change
, can_delete
, can_view
, and has_serializer
filters to the /api/extras/content-types/
REST API.q
(SearchFilter) filter to all filtersets where it was missing.q
filter: test_q_filter_exists
and test_q_filter_valid
.nautobot/core/settings.yaml
).highlight.js
library.hyperlinked_email
and hyperlinked_phone_number
template tags/filters./apps/
and /api/apps/
URL groupings, initially containing only the installed-apps/
sub-items.nautobot-apps
key to the /api/status/
REST API endpoint.MigrationsBackend
to health-check, which will fail if any unapplied database migrations are present.max_length
on all CharFields to at least 255 characters except where a shorter max_length
is explicitly justified.Prefix.location
to Prefix.locations
allowing multiple Locations to be associated with a given Prefix.name
alone since it is a unique field.VLAN.location
to VLAN.locations
allowing multiple Locations to be associated with a given VLAN.Plugins
navigation menu to Apps
. Apps that add to this menu are encouraged to update their navigation.py
to use the new name.Installed Plugins
view to Installed Apps
.Installed Apps
views to be visible to all authenticated users, not just staff/superuser accounts.nautobot-server health_check
CLI command.type
values to "other"
instead of failing the import.ImportObjects.roll_back_if_error
form field help text and label.import_button
button template-tag.nautobot.apps.exceptions.ConfigurationError
class as it is no longer used in Nautobot core and is trivially reimplementable by any App if desired.plugins
key under the /api/status/
REST API endpoint. Refer to nautobot-apps
instead.ViewTestCases
subclasses to define csv_data
for testing bulk-import views, as this functionality is now covered by a generic system Job.logan
-derived application startup logic, simplifying the Nautobot startup code flow.Job.after_return()
if a Job with an optional FileVar
was executed without supplying a value for that variable.--config PATH
value with the nautobot-server runserver
command.Prefix.ip_version
and IPAddress.ip_version
fields to be non-nullable.NavMenuItems
that do not define any specific required permissions
.NavMenuTab
and NavMenuGroup
permissions.Roles
navigation menu item.ValidationError
that was being thrown when a user logged out.date_done
value would cause the JobResult view to repeatedly refresh.Markdown
dependency to permit versions up to 3.5.x.example_plugin
to refer to the (renamed) example_app
.mkdocs-macros-plugin
as a development/documentation-rendering dependency.optional-settings
and required-settings
to be generated automatically from settings.yaml
schema.nautobot/core/settings.json
with nautobot/core/settings.yaml
for improved readability and maintainability.ContactAssociation
model.example_plugin
to example_app
.example_plugin_with_view_override
to example_app_with_view_override
.examples
directory with "App", except in cases where the terminology is embedded in core code (settings.PLUGINS
, plugins:
and plugins-api
named URLs, etc.)role
attribute required on ContactAssociation
Model.coverage
, django-debug-toolbar
, factory-boy
, mkdocs-material
, mkdocstrings
, mkdocstrings-python
, pylint
, rich
, ruff
, selenium
, splinter
, towncrier
, watchdog
, and yamllint
to their latest available versions.HardwareFamily
to DeviceFamily
.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.8...v2.2.0-beta.1
Published by HanlinMiao 7 months ago
CELERY_BEAT_HEARTBEAT_FILE
settings variable.validation_minimum
and validation_maximum
as length constraints on a Custom Field of type Text
, URL
, JSON
, Markdown
, Selection
, or Multiple Selection
.validation_regex
as a constraint on valid choice definitions for a Custom Field of type Selection
or Multiple Selection
.IEC 60906-1
, 2P+T 10A (NBR 14136)
, and 2P+T 20A (NBR 14136)
.LX.5
, LX.5/PC
, LX.5/UPC
, and LX.5/APC
.CXP (100GE)
, DSFP (100GE)
, SFP-DD (100GE)
, QSFP-DD (100GE)
, QSFP-DD (200GE)
, CFP2 (400GE)
, OSFP-RHS (400GE)
, CDFP (400GE)
, CPF8 (400GE)
, SFP+ (32GFC)
, SFP-DD (64GFC)
, and SFP+ (64GFC)
.TemplateExtension.list_buttons()
API, allowing apps to register button content to be injected into object list views.functools.lru_cache
to use django-redis cache instead.Text
.task_queues
of the job class.extras.view_scheduledjob
permission to the "Job Approval Queue" navigation menu item./tmp/nautobot_celery_beat_heartbeat
) each time its scheduler wakes up.docker-compose.yml
under docker-compose
v1.x.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.7...v2.1.8
Published by HanlinMiao 7 months ago
CELERY_BEAT_HEARTBEAT_FILE
settings variable.TemplateExtension.list_buttons()
API, allowing apps to register button content to be injected into object list views.task_queues
of the job class./tmp/nautobot_celery_beat_heartbeat
) each time its scheduler wakes up.docker-compose.yml
under docker-compose
v1.x.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.14...v1.6.15
Published by glennmatthews 8 months ago
pyuwsgi
being installed without SSL support.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.13...v1.6.14
Published by glennmatthews 8 months ago
pyuwsgi
being installed without SSL support.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.6...v2.1.7
Published by glennmatthews 8 months ago
nautobot-server pre_migrate
command to identify Interfaces and VMInterfaces with multiple VRFs through IPAddress relationships.pip3 install --no-binary=pyuwsgi
in order to have SSL support in pyuwsgi
.pip3 install --no-binary=lxml
to avoid incompatibilities between lxml
and xmlsec
packages.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.12...v1.6.13
Published by glennmatthews 8 months ago
cryptography
to 42.0.4 due to CVE-2024-26130. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.ChangeLoggedModelsQuery().as_queryset()
to improve performance when saving many objects in a change-logged context.nautobot.core.testing.forms.FormTestCases
base class and added it to nautobot.apps.testing
as well.Tenant
UI detail view breadcrumb with invalid TenantGroup
filter link.TenantGroup
UI detail view with invalid "add tenant" button invalid query_params
link.DeviceForm
invalid cluster
field query_params
.PrefixForm
invalid vlan
and vlan_group
fields query_params
.device.device_role
on the Rack detail view for non-racked device objects.invalidate_max_depth_cache
itself calculating max_depth
on querysets without tree fields.nautobot.apps
import locations.pip3 install --no-binary=pyuwsgi
in order to have SSL support in pyuwsgi
.pip3 install --no-binary=lxml
to avoid incompatibilities between lxml
and xmlsec
packages.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.5...v2.1.6
Published by HanlinMiao 8 months ago
cryptography
to 42.0.2 due to CVE-2024-0727. This is not a direct dependency so will not auto-update when upgrading. Please be sure to upgrade your local environment.latest
and latest-py<version>
tags to the nautobot
Docker images published for the latest stable release of Nautobot.METRICS_AUTHENTICATED
setting to control authentication for the HTTP endpoint /metrics
.nautobot-dev
Docker images to reserve the latest
and latest-py<version>
tags for the latest stable release of Nautobot, rather than the latest build from the develop
branch.TreeQuerySet.ancestors
implementation to a more efficient approach for shallow trees.location_id
to location
in virtualization/forms.py
.host
and mask_length
would default to a null ip_version
.base.css
.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.4...v2.1.5
Published by HanlinMiao 8 months ago
Django
dependency to 3.2.24 due to CVE-2024-24680.TreeQuerySet.ancestors
implementation to a more efficient approach for shallow trees.commit=False
.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.11...v1.6.12
Published by gsnider2195 8 months ago
Django
dependency to 3.2.24 due to CVE-2024-24680.TypeError
and similar exceptions thrown when rendering certain App data tables in v2.1.3.constance.backends.memory.MemoryBackend
to avoid intermittent failures in parallel tests.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.3...v2.1.4
Published by glennmatthews 9 months ago
pillow
dependency to 10.2.0 due to CVE-2023-50447.user_name
, changed_object
, or related_object
, and also by changed_object
in combination with user
or user_name
./api/ipam/prefixes/
and /api/ipam/vrfs/
REST API endpoints.MarkupSafe
dependency to 2.1.5.mysqlclient
dependency to 2.2.3.python-slugify
dependency to 8.0.3.pyuwsgi
dependency to 2.0.23.mkdocs-section-index
documentation dependency to 0.3.8.ruff
development dependency to 0.1.15.--parallel
option to invoke unittest
.--parallel
flag to invoke unittest
in CI.invoke unittest --parallel
.invoke unittest
and invoke integration-test
to automatically report code coverage on successful completion.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.2...v2.1.3
Published by glennmatthews 9 months ago
pillow
dependency to 10.2.0 due to CVE-2023-50447.Full Changelog: https://github.com/nautobot/nautobot/compare/v1.6.10...v1.6.11
Published by glennmatthews 9 months ago
/files/get/
URL endpoint (for viewing FileAttachment files in the browser), as it was unused and could potentially pose security issues.render_markdown()
utility function used to render comments, notes, job log entries, etc.sanitize
function to also handle sanitization of lists and tuples of strings.comments
, description
, Notes, Job log entries, etc.) to also permit the use of a limited subset of "safe" HTML tags and attributes.nautobot-server runjob
management command to check whether the requested user has permission to run the requested job.nautobot-server runjob
management command to check whether the requested job is installed and enabled.nautobot-server runjob
management command to check whether a Celery worker is running when invoked without the --local
flag./api/dcim/locations/
REST API.nautobot-server startplugin
management command.ensure_git_repository
.location_id
to location
in virtualization/forms.py
.KeyError
when refreshing Git repository Jobs.error
and critical
log entries when viewing a Job Result.Job.__call__()
initial setup.nautobot-server runjob
if a job returned data other than a dict.nautobot-server runjob
resulted in any JobResult status other than "FAILED".nautobot-server runjob --local
or JobResult.execute_job()
.nh3
HTML sanitization library as a dependency.cookiecutter-nautobot-app
project in the App developer documentation.packaging
dependency to permit newer versions since it follows CalVer rather than SemVer.start_period
for development nautobot
container to allow sufficient time for initial migrations to run.Full Changelog: https://github.com/nautobot/nautobot/compare/v2.1.1...v2.1.2