docs/release_notes/v1.11.1.md
This hotfix release contains 7 bug fixes.
Updating Dapr from 1.10 to 1.11 on Kubernetes clusters which have the permission enforcement admission controller enabled gives the following error when using Service Invocation:
unable to create Dapr service for wrapper, service: test/test-dapr, err:
services \"test-dapr\" is forbidden: cannot set blockOwnerDeletion if an
ownerReference refers to a resource you can't set finalizers on:
Since v1.11.0 Service Invocation on Kubernetes clusters which have the permission enforcement admission controller enabled is unusable.
This is particularly problematic when for OpenShift clusters, as they have this admission controller enabled by default.
When using the permission enforcement admission controller on Kubernetes, Service Invocation fails because the operator is unable to create or update Services.
We updated the Kubernetes RBAC permissions used by the Dapr Operator.
The daprd sidecar process would increase in memory over time when using Actor reminders and timers.
Using Actor reminders and timers in Dapr 1.11.0 and earlier could cause a goroutine leak that would grow over time. This could cause increase CPU utilization and/or memory exhaustion.
Goroutines were not being cleaned up when reminders and timers fired or were stopped.
Goroutines are now cleaned up when reminders and timers are fired.
Actor Reminders without data were stored incorrectly and the empty (null) data was subsequently interpreted as a string value. Everytime an Actor Reminder was updated it reencoded the existing encoding, causing exponential growth in ActorReminder data leading up to the MongoDB document size limit. Other problems include the incorrect storage of the actor reminder period.
Since v1.10.5 (and also in v1.11.0), Actor Reminders used with MongoDB as Actor State Store were impacted by this bug. While some reminders written or updated with affected versions may work, all reminders written with the impacted versions should be considered unrecoverable as some reminder data may have been corrupted.
The issue was related to the usage of BSON as data serialization format for MongoDB. Due to changes in the Dapr runtime introduced in version 1.10.5, reminders data and periods were incorrectly serialized in BSON format.
We addressed the issues with serializing actor reminder data in BSON format for MongoDB.
When using Managed Identity inside Azure Web Apps (Azure App Service), Dapr shows the following error:
ChainedTokenCredential: failed to acquire a token.
Since v1.11.0, Dapr is unable to authenticate with Azure services using Managed Identity on Azure App Service.
The authentication library's timeout for obtaining a token using Managed Identity on Azure App Service was too small, leading to authentication failure before the token could be obtained.
Dapr will now discover whether it is running in Azure App Service, and applies an appropriate timeout for the authentication method.
Dapr would error when attempting to overwrite a TTL-enabled key in Microsoft SQL Server.
Since v1.10.0, clients could not overwrite TTL-enabled keys in the Microsoft SQL Server state store.
A condition in the Microsoft SQL Server Set procedure meant TTL-enabled keys could never be written to.
Fix the condition to allow TTL-enabled keys to be overwritten.
Dapr would require an application port to be set in order to invoke a non-Dapr endpoint.
This issue required users to open a port on their applications even if not required in case they wanted to invoke non-Dapr endpoints.
The runtime code for creating an application channel for non-localhost apps required an application port as part of the validation logic.
The application port validation was removed.
Azure Service Bus users who send custom metadata properties (Application Properties) which are not URL safe encounter the following error message in the Daprd logs when using the Azure Service Bus binding, and the message will not be sent to the application:
"App handler returned an error for message xxx on queue xxx: error invoking app: Post "http://127.0.0.1:80/xxx": net/http: invalid header field name"
Applications will not receive messages from Azure Service Bus bindings if these messages contain custom attributes that are not URL safe.
Azure Service Bus supports storing custom metadata properties, Application Properties, but does not require these to be URL safe. Dapr incorrectly treated these attributes as URL safe.
Daprd encodes Azure Service Bus Application Properties before sending messages to applications, so that all data is URL safe.
Use of the RabbitMQ components could result in a memory leak under certain circumstances.
Applications may run out of memory when using the RabbitMQ components.
The rabbitmq/amqp091-go library used by the Dapr RabbitMQ components introduced a memory leak in version v1.7.0. See https://github.com/rabbitmq/amqp091-go/issues/179 for details.
We upgraded the library to version v1.8.1. The memory leak was fixed as of version v1.8.0.