Release Notes

Overview

Gremlin Release Notes

Below you'll find notes describing what's new with the Gremlin suite of products. Get product announcements and release notes in your inbox by joining the Gremlin Announce group.

2019-11-12

Host (daemon) & Client (CLI) [2.12.19]

  • Improved memory attack performance by as much as four times while limiting the CPU impact.
  • Recover gracefully from operating system out-of-memory errors.
  • Minor status message improvements for the memory attack.

2019-10-29

Host (daemon) & Client (CLI) [2.12.17]

  • Fixed a bug where launching a container attack was not respecting the GREMLIN_BYPASS_USERNS_REMAP environment variable. This should get set only when the Docker namespace remapping feature is being used.

2019-10-23

Host (daemon) & Client (CLI) [2.12.16]

  • Fixed a bug where Memory Gremlin puts unnecessary strain on getrandom and therefore system entropy.

2019-10-21

Host (daemon) & Client (CLI) [2.12.15]

  • Updated dependencies

2019-10-17

Host (daemon) & Client (CLI) [2.12.14]

  • Fixed bug where Gremlin (in Docker only) would log errors about missing directories until it received an attack to run

2019-10-14

Host (daemon) & Client (CLI) [2.12.13]

  • Fixed a bug where the Gremlin CPU attack would leave too much CPU in the idle and sy states. The CPU attack will now consume the requested amount, using us instead.

2019-10-09

Host (daemon) & Client (CLI) [2.12.12]

  • Minor improvements to gremlin check functionality

2019-10-01

Host (daemon) & Client (CLI) [2.12.11]

  • Fixed bug where Gremlin would fail attacks due to a closed HTTP stream
  • Fixed bug where Gremlin would fail to load attacks under certain circumstances

2019-09-27

Host (daemon) & Client (CLI) [2.12.10]

  • Improved error messaging around loading authentication configuration
  • New command gremlin check for diagnostics, check out the docs

2019‑09‑16

Host (daemon) & Client (CLI) [2.12.9]

  • Dependency updates

2019-09-09

Host (daemon) & Client (CLI) [2.12.8]

  • Improve help text for Blackhole Gremlin arguments about ports
  • Dependency updates

2019-09-05

Host (daemon) & Client (CLI) [2.12.7]

  • Fix bug where Gremlin would create /var/lib/gremlin/.credentials with permissions from the OS umask. Gremlin would then change the mode of the created file before writing to it. Now, Gremlin creates the file with proper permissions, without having to change mode later.
  • Remove world-readable bit from the /var/log/gremlin directory

2019-09-04

Host (daemon) & Client (CLI) [2.12.6]

  • Dependency updates

2019-08-28

Host (daemon) & Client (CLI) [2.12.5]

  • Bugfix to Memory Gremlin running in containers - we were allowing the Gremlin to allocate more memory than was given to the target container

2019-08-23

Host (daemon) & Client (CLI) [2.12.4]

  • Bugfix to Memory Gremlin - we were letting the --percentage option consume more memory than was available

2019-08-21

Host (daemon) & Client (CLI) [2.12.3]

  • Fewer writes by the client to the filesystem, reducing the chance that a Disk Gremlin fails

2019-08-21

Host (daemon) & Client (CLI) [2.12.2]

  • Dependency updates

2019-08-05

Host (daemon) & Client (CLI) [2.12.1]

  • Explicitly track tearing down successful attacks, so we don't halt attacks too early in the case teardown takes a material amount of time.

2019-07-31

Host (daemon) & Client (CLI) [2.11.17]

  • Ensure Gremlin sidecars launched in a container have the same GREMLIN_IDENTIFIER as the daemon.
  • Dependency updates

2019-07-26

Host (daemon) & Client (CLI) [2.11.16]

  • Make the Memory attack track its allocation time in the Initializing state.

2019-07-25

Host (daemon) & Client (CLI) [2.11.15]

  • Dependency updates - no functional change

2019-07-18

Host (daemon) & Client (CLI) [2.11.14]

  • Dependency updates - no functional change

2019-07-11

Host (daemon) & Client (CLI) [2.11.12]

  • Build and CI updates - no functional change

2019-07-10

Host (daemon) & Client (CLI) [2.11.11]

  • Build and CI updates - no functional change

2019-07-09

Control Plane API

  • No updates

Web App

  • When running an attack against AWS instances, the attack details page has a link created automatically to the instance in the Cloudwatch metrics dashboard
  • Enter notes, observations, and a metrics link on the attack details page once an attack has completed
  • Enter a reason when When halting all or a single attack and view it in the attack details view

2019-07-08

Host (daemon) & Client (CLI) [2.11.10]

  • Bugfix for gremlin attack-container CLI command

2019-07-02

Host (daemon) & Client (CLI) [2.11.9]

  • Fix handling of GREMLIN_CLIENT_TAGS, which were ignored starting in 2.11.6.
  • Added more trust-store file locations

2019-06-27

Host (daemon) & Client (CLI) [2.11.8]

  • Build and CI updates - no functional change

2019-06-27

Host (daemon) & Client (CLI) [2.11.7]

  • Build and CI updates - no functional change

2019-06-25

Host (daemon) & Client (CLI) [2.11.6]

  • Automatically populate client tags when running in Microsoft Azure or Google Cloud

2019-06-21

Host (daemon) & Client (CLI) [2.11.4]

  • Bugfix for halted attacks which ended in a Lost Communication state (introduced in 2.11.2)

2019-06-18

Host (daemon) & Client (CLI) [2.11.3]

  • Dependency updates - no functional change

2019-06-12

Host (daemon) & Client (CLI) [2.11.2]

  • Dependency updates - no functional change intended but regression introduced where halted attacks ended in a Lost Communication state

2019-06-10

Host (daemon) & Client (CLI) [2.11.1]

  • Automatically populate client tags with instance-id when running on AWS EC2.
  • Dependency updates

2019-05-30

Control Plane API [1.6.47]

  • No updates

Web App

  • Resolved an issue where switching teams would not update the ALFI attacks view

2019-05-29

Host (daemon) & Client (CLI) [2.11.0]

  • Resource CPU Attacks can now impact All cores and can consume a percentage of CPU capacity
  • Network DNS attacks now cache the IP address of the Gremlin Control Plane to avoid the attack from halting prematurely
  • Proxy details are now hidden in the attack logs on successful calls

2019-03-29

Host (daemon) & Client (CLI) [2.9.0]

  • No updates

Control Plane API [1.6.27]

  • No updates

Web App

  • Resolved an issue where client certificates couldn't be deleted
  • Deleting the current team is no longer possible

2019-03-22

Host (daemon) & Client (CLI) [2.8.30]

  • No updates

Control Plane API [1.6.25]

  • When creating a Blackhole attack, port 53 is whitelisted by default
  • Resolved an issue where the Shutdown attack would fail with a start delay of 2 or more minutes

Web App

  • Auto-add feature has been deprecated and removed

2019-03-08

Host (daemon) & Client (CLI) [2.8.29]

  • Resolved an issue when the Time Travel attack is halted and the time was not reverted accurately on the host

Control Plane API [1.6.20]

  • Resolved an issue where logins would fail if a user was a member of 10 or more teams

2019-03-01

Host (daemon) & Client (CLI) [2.8.28]

  • Syscheck has been deprecated and removed from the client

Control Plane API [1.6.17]

  • Resolved an issue where duplicate Company names were shown on login

Web App

  • No updatets

2019-02-22

Host (daemon) & Client (CLI) [2.8.26]

  • Resolved an issue with the Disk attack, where the client will not crash when the disk reaches 100% capacity

Control Plane API [1.6.14]

  • Resolved an issue where an SSO login without an account would show an infinite spinner

Web App

  • No updatets

2019-01-25

Host (daemon) & Client (CLI) [2.8.26]

  • Improved error messaging when running syscheck

Control Plane API [1.5.39]

  • No updates

Web App

  • Resolved an issue when re-running a Time Travel attack, where the time period to advance was not always accurate
  • Drop down menus in the Create Attack view are now searchable
  • Invited users who have not signed up can now be deleted
  • A notification is shown 7 days before a trial ends

2018-12-20

Host (daemon) & Client (CLI) [2.8.21]

  • Resolved an issue when running syscheck on RHEL 6.7, which no longer relies on using top to minimize dependencies

Control Plane API [1.4.38]

  • When using containers with Datadog integration, container labels are now available

Web App

  • When configuring a memory attack, provide the amount of memory to consume in either MB or GB, but not both
  • Resolved an issue where at times the number of users within a company was reported incorrectly
  • Resolved an issue with re-running time trial attacks, where the time to advance the clock was not always accurate
  • Drop downs in the create attack view are now searchable
  • The Choose a Gremlin section of the create attack view has been updated to show the categories and attack types more clearly

2018-11-15

Host (daemon) & Client (CLI) [2.8.17]

  • While a Time Travel Attack is underway, if an NTP server futher updates the clock, the attack will not make subsequent changes and when complete the clock will be reset to the accurate value
  • Installing with RPM no longer requires sudo

Control Plane API [1.3.25]

  • Registering client tags now clears existing tags instead of appending to existing tags
  • The use of TLS 1.0 for API access is no longer allowed, TLS 1.1/1.2 are fully supported
  • Increased the allowed skew between control plane and daemon clocks from 15 seconds to 1 minute

Web App

  • Client list now includes a tab for registered ALFI clients
  • Execution errors are now available in the Attack Details view

2018-10-23

Host (daemon) & Client (CLI) [2.8.14]

  • Resolved an issue where syscheck on a container would hang if the NET_ADMIN capability wasn't present, a relevant error message is now returned

ALFI Java Client Library [0.5.1]

  • The GREMLIN_ALFI_IDENTIFIER is required (previously was optional) when authenticating your application with Gremlin

Control Plane API [1.3.21]

  • Creating an ALFI attack that overlaps with an existing attack will fail
  • Datadog integration now supports ALFI

Web App

  • Resolved an issue where hostnames and IP addresses were shown incorrectly when cloning an attack
  • When creating an ALFI attack, previously used Application Type values will be available and searchable
  • To simplify attack creation, advanced fields will be initially hidden

2018-10-11

Host (daemon) & Client (CLI) [2.8.13]

  • Signature-based auth using certificates is the expected authentication method, supported for hosts and containers
  • Syscheck now works with Docker containers

ALFI Java Client Library [0.5.0]

  • Install with Maven now available
  • Client library modules available individually

    • alfi-core Core library required for all ALFI functionality
    • alfi-aws [Optional] AWS integration, providing coordinate discovery for AwsLambda and AwsEc2
    • alfi-apache-http-client [Optional] ALFI injection points for Apache HTTP Client
    • alfi-aws-dynamodb-client [Optional] ALFI injection points for DynamoDB
  • AWS Parameter Store can be used for configuration

Control Plane API [1.3.6]

  • Slack integration issue resolved which was causing a timeout on registration
  • ALFI issue resolved where adding a key to ApplicationCoordinates prevented registeration

Web App

  • Resolved an issue where an attack end time was not displayed accurately
  • Certificates available for download on the team settings page for signature-based auth
  • The ALFI attack details will auto refresh until the attack is complete