v4.2 Release Notes
Acknowledgments
Thank you to all of the community members who contributed code, documentation, suggestions, bug reports, and other assistance across the project! We would like to recognize the following individuals for their contributions to the Open OnDemand version 4.2 release.
mrobbert contributed the cluster_info API for the PBSPro job adapter in ood_core, and ensured
KDE desktops can correctly use startplasma-x11 when available.
james-s-willis fixed quota bar display, preventing bars from extending over 100%, and fixed the
file_quotas widget on custom pages.
andrejcermak contributed adding an OpenStack helper and refactoring coder logs functionality
in ood_core, as well as caching improvements for BatchConnect::App.from_token in ondemand.
harshit-soora contributed the OOD_WORKFLOW_SYNC_KEY feature, enabling synchronized launchers
within a workflow, as well as updates to the Project Manager tutorial and documentation.
robinkar fixed parsing of canceled sacct job states in ood_core and improved escaping of
option values for CSS selectors.
karcaw contributed mod_ood_proxy HSTS header support.
finchnSNPs and folkwest reported accessibility gaps in the job status table, files app, and the Project Manager, which contribute to the community feedback that helps improve Open OnDemand.
We'd also like to extend a big thank you to those listed below for contributing to Open OnDemand for the
first time in this release. These contributions span the ondemand, ood_core, and
ood-documentation GitHub repositories and include 9 first-time contributors.
james-s-willismade their first contribution in #5097mrobbertmade their first contribution in #5156clooty217made their first contribution in #5246bstepanovskimade their first contribution in #5294andrejcermakmade their first contribution in #5299mrobbertmade their first contribution in ood_core#930asubahmade their first contribution in ood-documentation#1332mcglow2made their first contribution in ood-documentation#1315harshit-sooramade their first contribution in ood-documentation#1329iqlinuxadminmade their first contribution in ood-documentation#1323
Authentication and Security
Software Bill of Materials
Version 4.2 includes a Software Bill of Materials (SBOM) that outlines the operating system-level software dependencies for Open OnDemand. Based on community feedback, the SBOM has moved to an industry-standard format and will be maintained in a dedicated OSC repository.
The Open-OnDemand-SBOM repository is available for version 4.2, with additional structure and documentation still being built out. This repository is intended to help sites review dependency information for security and compliance workflows.
Accessibility
Overview
Open OnDemand v4.2 includes many accessibility improvements across the dashboard and core applications. These include:
Additional support for keyboard navigation
Improved labeling for form items and icons
Additional regions and landmarks
Improved announcement and focus handling on automatically updating pages
Contrast improvements for links and buttons
Improved alerting experience with screen readers
Accessibility Conformance Report
Developers have uploaded the Open OnDemand 4.2 VPAT online which you may retrieve and review. This document is from the voluntary product assessment template a registered service mark of the Information Technology Industry Council (ITI).
Changes in version 4.2 ensure that immutable aspects of OnDemand are accessible by default, but do not account for customizations configured on individual instances.
Additional Accessibility Configurations
Here is a list of additional configurations that are needed to achieve full compliance with the WCAG 2.2 guidelines. Open OnDemand cannot ship with as they may be site specific.
WCAG criterion 2.4.5 "Multiple Ways": Centers need to enable the show_all_apps_link configuration to complete this criteria. In addition to enabling the link in the navbar, it may be helpful to call attention and link to it in your homepage welcome message.
WCAG criterion 3.2.6 "Consistent Help": Centers need to extend the help menu to complete this criteria.
Links should open in the current tab or give warning when they open in a new tab or window. This is to adhere to WCAG Technique G200 "New Tabs" and WCAG Technique G201 "Advanced warning for new tabs". Note this applies any custom Menus for custom pages your center may have created.
Operating System Support
Open OnDemand version 4.2 adds support for Debian 13 and Ubuntu 26.04.
Open OnDemand version 4.2 drops support for Ubuntu 22.04.
Dependency Updates
This release updates the following dependencies:
Passenger 6.1.2
NGINX 1.28.0
ondemand-dex 2.45.1
Ubuntu and Debian repository signing change
Debian and Ubuntu repositories are now signed using a SHA512 key rather than the previous SHA1 key.
Using the OnDemand release packages will result in the correct key being used.
If not using OnDemand's release packages, the DEB-GPG-KEY-ondemand-SHA512 should be downloaded and used by the OnDemand repository's signed-by.
curl -fsSL https://apt.osc.edu/ondemand/DEB-GPG-KEY-ondemand-SHA512 | gpg --dearmor -o /etc/apt/keyrings/ondemand-web.gpg
source /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/ondemand-web.gpg] https://apt.osc.edu/ondemand/4.2/web/apt $VERSION_CODENAME main" > /etc/apt/sources.list.d/ondemand-web.list
Behavior Changes
Active Jobs Extended Details Panel Opens to the Side
In order to make the Active Jobs table accessible to screen readers, the mechanism for viewing the extended details of a job has been changed. Instead of opening the panel inside the table, it now opens either above or beside, allowing table navigation to proceed normally.
Interactive App Popovers Persist Under Hover and Focus
The app preview popovers shown in the 'Interactive Apps' list now open when focus lands on the trigger. The popovers will remain open as long as hover or focus remains within the trigger or popover content, allowing users to click links inside the popover.
Workflows Now Provide OOD_WORKFLOW_SYNC_KEY to Launchers
It was previously difficult to synchronize launchers within a workflow and pass data between launchers
without overwriting the data on each run. The introduction of the OOD_WORKFLOW_SYNC_KEY environment
variable fixes this by providing a unique alphanumeric value for each run of a workflow, which launchers
can include in file and directory names when reading or writing data. The feature can be enabled for
individual workflows upon creation or by editing an existing workflow. See the updated Project Manager Tutorial
for additional details and strategies for using OOD_WORKFLOW_SYNC_KEY in your workflows.
Session Object Now Available in view.html.erb
The full session object is now available for running job views, matching
the behavior of completed session views. This does not in any way affect the
view and connect variables that were available before, but does allow
access to previously unavailable session details, like the session id. For more details
on using the session object in views, see Session Information.
Edit Links No Longer Appear when Downloads are Disabled
For users with the download_enabled configuration set to false, the files app and
project directory tables will no longer serve 'Edit' links to files. This prevents users from opening the file editor
and copying the file contents, effectively downloading the file. With this change, disabling downloads will prevent
users from exporting the contents of any files, while still being able to execute certain files in predefined contexts,
like batch connect apps or templated projects.
Links open in current tab
All default links will now open in the current tab. This changes the default behavior of previous versions that opened some links in a new tab.
Upgrade Instructions
Warning
Update the development and/or test instances of OnDemand installed at your center before you modify the production instance.
Warning
We have tested the upgrade from version 4.1.4 to version 4.2.0 at OSC's Open OnDemand instance.
Update Open OnDemand repository.
sudo yum install -y https://yum.osc.edu/ondemand/4.2/ondemand-release-web-4.2-1.el8.noarch.rpm
sudo yum install -y https://yum.osc.edu/ondemand/4.2/ondemand-release-web-4.2-1.el9.noarch.rpm
sudo yum install -y https://yum.osc.edu/ondemand/4.2/ondemand-release-web-4.2-1.el9.noarch.rpm
wget -O /tmp/ondemand-release-web_4.2.0-noble_all.deb https://apt.osc.edu/ondemand/4.2/ondemand-release-web_4.2.0-noble_all.deb sudo apt install /tmp/ondemand-release-web_4.2.0-noble_all.deb sudo apt update
wget -O /tmp/ondemand-release-web_4.2.0-bookworm_all.deb https://apt.osc.edu/ondemand/4.2/ondemand-release-web_4.2.0-bookworm_all.deb sudo apt install /tmp/ondemand-release-web_4.2.0-bookworm_all.deb sudo apt update
sudo dnf install -y https://yum.osc.edu/ondemand/4.2/ondemand-release-web-4.2-1.amzn2023.noarch.rpm
Update Open OnDemand.
sudo yum clean all sudo yum update ondemand
sudo apt-get --only-upgrade install ondemand
(Dex users only) Update the
ondemand-dexpackage.sudo yum update ondemand-dex
sudo apt-get --only-upgrade install ondemand-dex
Update Apache configuration and restart Apache.
sudo /opt/ood/ood-portal-generator/sbin/update_ood_portalsudo systemctl try-restart httpd
sudo systemctl try-restart apache2
sudo systemctl try-restart httpd
(Dex users only) Restart the
ondemand-dexservice.sudo systemctl try-restart ondemand-dex.service
(SELinux users only) Update SELinux policies.
Force all PUNs to restart.
sudo /opt/ood/nginx_stage/sbin/nginx_stage nginx_clean -f