This release provides security patches, bug fixes, and improvements.
See also the fleetcommand-agent Release Notes.
-
Upgrading from pre-5.7 versions of Domino will no longer cause the loss of user roles during SSO login if the external role synchronization was disabled.
-
Users created via the "Add User" button on the users admin page, no longer have URL breaking characters in their username. The portion of their email before the @ character is sanitized and used as their Domino username.
-
Performance improvements for all Data Source tabs, including in the admin panel.
-
S3 buckets must have CORS enabled to use "View Latest Raw File" button in the code file browser if the file is > 5 MB (
com.cerebro.domino.frontend.defaultMaxFileSizeToRenderInBytes
). As a workaround, use the Download button to download larger files and view them on your computer.
-
In Azure Blob Store deployments, projects with many files may fail to sync through the Domino CLI. To work around this issue, do not disable file locking when prompted by Domino.
-
You cannot view the latest raw file. In the navigation pane, go to Files and click a file to view its details. If you click View Latest Raw File, a blank page opens.
-
When uploading a large file to the Azure blob store by syncing a workspace, you may encounter a Java Out of Memory error from Azure if the file/blob already exists. To work around this issue, use the Domino CLI to upload the file to the project.
-
Model Monitoring data sources aren’t validated. If you enter an invalid bucket name and attempt to save, the entry will go through. However, you won’t be able to see metrics for that entry because the name points to an invalid bucket.
-
Domino instances that make use of Azure Blob Storage may experience stalled jobs within projects with many large files.
-
If you attach a Git repository to a DFS project that points to a tagged release, the tag won’t be honored when building a model API in that project. The build log will show an error similar to the following, and the model will be built using the default branch of your Git repository instead of the tagged branch:
Jul 05 2023 14:36:27 -0500 #10 6.481 WARN [d.r.d.GitRepoUpdater] could not parse ref: v1.3.0 checking out default branch correlationId="iA2qWrYSLQ" thread="main"
To work around this issue, use the branch name when building model APIs instead of the release tag.
-
If an admin resets a user’s password, it invalidates all the user’s authentication tokens, including tokens used for long-running tasks like jobs, workspaces, or apps. The user must create a new password, log back into Domino, and restart all executions. This also applies to CLI authentication; the user must re-login to their Domino CLI.
-
In Domino 5.6, the cost analyzer pod (inactive unless Kubecost is enabled) defaults to a different
storageClass
compared to Domino 5.7. As a result, the pod won’t run after upgrading to 5.7, breaking Kubecost functionality. However, data will continue to persist in Prometheus (or custom storage if using Kubecost Enterprise).To prevent this issue while still in Domino 5.6, override the default storageClass
gp2
with the one expected in 5.7,dominodisk
, during Kubecost installation by settingrelease_overrides.cost-analyzer.chart_values.persistentVolume.storageClass
todominodisk
in the agent yaml before installing Kubecost.If you’ve already installed Kubecost on Domino 5.6, avoid the upgrade error by setting
release_overrides.cost-analyzer.chart_values.persistentVolume.storageClass
togp2
in the agent YAML configuration file before upgrading to 5.7.
-
Rename dataset’s file button is not available when the user navigates to the dataset from the global dataset page.
To work around this issue, navigate to the dataset from the project’s page.
-
The sample script for making asynchronous Model API requests contains an extra
/
at the end of theDOMINO_URL
variable. As a result, running the script will show an error similar to the following.{'requestId': 'key not found: HandlerDef', 'errors': ['java.util.NoSuchElementException: key not found: HandlerDef']}
To work around this issue, remove the trailing
/
at the end of theDOMINO_URL
variable.
-
Links to Stack Trace and CPU Flame Graph from the Cluster tab in the Ray Cluster UI don’t work due to an upstream issue with Ray not supporting these links when hosted behind a reverse proxy. This issue is isolated to the Cluster tab, and these links work from other tabs in the same dashboard. This issue is tracked with Ray here and will likely be resolved in a future release of Ray.
-
Data values returned from querying the following data sources are only of type byte array. This issue was fixed in Domino 5.7.2.
-
MongoDB
-
Palantir
-
Tabular S3 with AWS Glue
-
Teradata
-
Trino
Programmatic type casting is necessary to convert values to the desired types.
-
-
The Status, Active Version, and Owner columns do not appear in the Model API list. This issue is fixed in Domino 5.8.0.
-
The RabbitMQ service (rabbitmq-ha) may not be updated to a cluster IP service. All executions (Workspaces, Jobs, and Applications) will refer to the RabbitMQ service by IP address rather than service name. This will cause failures if the IP address changes. Contact Domino Support for help.
-
Deleting all R variables from memory using
rm(list = ls(al = TRUE))
also deletes variables that Domino uses for internal processes. To safely delete variables, userm(list = ls(all = TRUE)[!grepl("^.domino", ls(all = TRUE))])
instead."
-
When restarting a Workspace through the Update Settings modal, External Data Volumes are not mounted in the new Workspace. Follow the steps to mount External Data Volumes. This issue is fixed in Domino 5.9.0.
-
Downloading single files from Datasets will fail if the filename contains special characters, including
+
and&
. As a workaround, remove the mentioned special characters by renaming the file. This issue is fixed in Domino 5.10.0.
-
Spaces in ADLS filenames are not allowed when getting and putting objects in Azure Data Sources with DominoDataR. As a workaround, upgrade to DominoDataR version 0.2.4. This issue is fixed in Domino 5.10.0.
-
Viewing dataset files in an Azure-based Domino cluster may lock files, preventing them from being deleted or modified. Restarting Nucleus frontend pods will release the lock. This issue is fixed in Domino 5.11.1.
-
GKE users that provisioned their infrastructure with Domino’s terraform-gcp-gke module must apply the changes introduced for
5.7.0
as of terraform-gcp-gke v2.5.0 when upgrading to ensure firewall rules work properly. -
VPN support from within executions was updated to be disabled by default. Support can be enabled by setting the global config value
com.cerebro.domino.computegrid.executions.allowVpn = true
.
-
AKS users that provisioned their infrastructure with Domino’s terraform-azure-aks module must apply the changes introduced as of terraform-azure-aks v2.3.0 when upgrading to ensure diagnostic settings are removed.
-
MongoDB is no longer the authoritative source of truth for User Roles. Keycloak has taken over the role. User Groups in Keycloak now correspond to Domino Global Roles, and a user’s membership status in these groups defines their Domino roles. The Central Config key
authentication.oidc.externalRolesEnabled
has been retired and no longer has any effect. Any edits made to roles in MongoDB will be overridden by the data from Keycloak.