Skip to content

Releases: broadinstitute/cromwell

77

22 Feb 23:21
@breilly2 breilly2
77
b5699f6
Compare
Choose a tag to compare
77 
77
Assets 4

76

14 Feb 22:41
@mcovarr mcovarr
76
d503879
Compare
Choose a tag to compare
76 
76
Assets 4

75

04 Feb 01:10
@cjllanwarne cjllanwarne
75
33afec0
Compare
Choose a tag to compare
75

75 Release Notes

New AwaitingCloudQuota backend status

For Cloud Life Sciences v2beta only.

When a user's GCP project reaches a quota limit, Cromwell continues to submit jobs and Life Sciences acknowledges them as created even if the physical VM cannot yet start. Cromwell now detects this condition in the backend and reports AwaitingCloudQuota.

The status is informational and does not require any action. Users wishing to maximize throughput can use AwaitingCloudQuota as an indication they should check quota in Cloud Console and request a quota increase from GCP.

AwaitingCloudQuota will appear between the Initializing and Running backend statuses, and will be skipped if not applicable.

Now:

Status in metadata Quota normal Quota delay Status meaning
executionStatus Running Running Job state Cromwell is requesting from the backend
backendStatus Running AwaitingCloudQuota Job state reported by backend

Previously:

Status in metadata Quota normal Quota delay Status meaning
executionStatus Running Running Job state Cromwell is requesting from the backend
backendStatus Running Running Job state reported by backend

New 'requestedWorkflowId' API Option

Allows users to choose their own workflow IDs at workflow submission time.

If supplied for single workflows, this value must be a JSON string containing a valid, and not already used, UUID. For batch submissions, this value must be a JSON array of valid UUIDs.

If not supplied, the behavior is as today: Cromwell will generate a random workflow ID for every workflow submitted.

Bug Fixes

  • Fixed a bug on Google Pipelines API backends where missing optional output files (File?) were not correctly detected by Cromwell and caused invalid call cache entries to be written.
Assets 4

74

14 Jan 17:47
@breilly2 breilly2
74
10892f4
Compare
Choose a tag to compare
74 
74
Assets 4

73

07 Jan 12:50
@mcovarr mcovarr
73
04a69e5
Compare
Choose a tag to compare
73

73 Release Notes

Workflow Restart Performance Improvements

Cromwell now allows for improved performance restarting large workflows through the use of a separate rate limiter for restart checks than the rate limiter used for starting new jobs.
The restart check rate limiter is pre-configured in Cromwell's bundled reference.conf; see the job-restart-check-rate-control stanza in that file for explanations of the various parameters if adjustments are desired.

71 Release Notes

Bug Fixes

  • Fixed an issue handling data in Google Cloud Storage buckets with requester pays enabled that could sometimes cause I/O to fail.

70 Release Notes

CWL security fix #6510

Fixed an issue that could allow submission of an untrusted CWL file to initiate remote code execution. The vector was improper deserialization of the YAML source file.

CWL execution is enabled by default unless a CWL stanza is present in the configuration that specifies enabled: false. Cromwell instances with CWL disabled were not affected. Consequently, users who wish to mitigate the vulnerability without upgrading Cromwell may do so via this config change.

Assets 4

72

07 Dec 21:10
@jgainerdewar jgainerdewar
72
c6097d9
Compare
Choose a tag to compare
72

72 Release Notes

  • Security upgrades for dependencies
  • New developer documentation on backends
  • Harden some interactions with Google backend
Assets 4

71

04 Nov 19:26
@kpierre13 kpierre13
71
c778c33
Compare
Choose a tag to compare
71

71 Release Notes

Bug Fixes

  • Fixed an issue handling data in Google Cloud Storage buckets with requester pays enabled that could sometimes cause I/O to fail.
Assets 4

70

14 Oct 20:23
@cahrens cahrens
70
9e4e9f5
Compare
Choose a tag to compare
70

70 Release Notes

CWL security fix #6510

Fixed an issue that could allow submission of an untrusted CWL file to initiate remote code execution. The vector was improper deserialization of the YAML source file.

CWL execution is enabled by default unless a CWL stanza is present in the configuration that specifies enabled: false. Cromwell instances with CWL disabled were not affected. Consequently, users who wish to mitigate the vulnerability without upgrading Cromwell may do so via this config change.

Assets 4

69

22 Sep 18:15
@mcovarr mcovarr
69
901826e
Compare
Choose a tag to compare
69

69 Release Notes

Bug Fixes

DRS/basename Fix

The WDL basename function should now work as expected with DRS paths, giving the basename of the
resolved file, not just a substring of the DRS path.

Assets 4

68 Hotfix 8e12ab5

17 Sep 16:01
@cjllanwarne cjllanwarne
68_hotfix_8e12ab5
8e12ab5
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
68 Hotfix 8e12ab5

This is a hotfix to Cromwell 68 which reverts a library update which allowed incorrect credentials to be used when performing the final copying of log files up to a users bucket in GCS.

There was no known route to exploit this bug but it caused workflows to potentially fail with access denied errors at the final upload step and display another user's service account name in the error message.

When updating to Cromwell 68 please reference the 8e12ab5 hotfix release docker image: broadinstitute/cromwell:68-8e12ab5

Assets 4