What has the Charm Tech team been up to in pulse #15? The highlights: Pebble and ops releases, more Scenario 7 progress, and Pebble performance work.
Security Releases
We released ops 2.15, a little earlier in the month than normal. Two notable aspects of the release:
- It includes a security fix for CVE-2024-41129. If a charm crashed while setting secret contents, the contents would leak into the Juju logs, or if software was installed that logged process execution including arguments secret contents would leak there. We encourage all charms to update to ops 2.15, where this is fixed.
- Support for Pebble check events. You’ll need Juju 3.6b2 to try these out, but we would love to hear from anyone that starts using these.
We also had two new Pebble releases:
- 1.14.1 includes a fix for CVE-2024-24790, which didn’t introduce a vulnerability in Pebble, but did get flagged by automated checkers. This release also fixes the snap versions to correctly be tags rather than commit hashes.
- 1.15, where the main highlight is the new Identities feature.
Ops and charming
- Wrapped up work for the Pebble check events.
- More work on the upcoming Scenario 7.0 release, including a small spec covering the future location of the Scenario code, and how you’ll install it, as we progress with recommending Scenario over Harness.
- Worked on how-to guides for managing leadership and for using storage volumes.
- Initial research work for pylibjuju, firstly to release a version that includes warnings for functionality that will be unavailable with Juju 4, and then developing a plan to build a version of pylibjuju that works with Juju 3.6 and 4.0.
Pebble
- Completed, other than documentation, the work on the initial implementation of Pebble Identities.
- Researched whether replacing the current JSON state file with an embedded database would be worth the effort. We’ll wrap this research up with a conclusion in the next pulse.
- Wrapped up the auditing of locking in Pebble, and subsequent improvements (e.g. #451)
- More work on the upcoming dedicated Pebble documentation site.
- Some smaller fixes for error handling and child subreaping, and pulled in improvements from snapd.