Release Notes
1.13.0
January 10, 2024
fix
Resolved latency issues on ESXi virtual machines
info
Updated dependencies
1.12.0
December 7, 2023
new
Provided Gremlin has access to a valid AWS credentials chain, it now interprets AWS ARN values in
GREMLIN_TEAM_ID
, GREMLIN_TEAM_SECRET
, GREMLIN_TEAM_CERTIFICATE_OR_FILE
, GREMLIN_TEAM_PRIVATE_KEY_OR_FILE
. Gremlin supports ARN values from AWS Secrets Manager or AWS Systems Manager Parameter Store. Gremlin can optionally be supplied with GREMLIN_IAM_ROLE
to specify a role to assume for the strict purpose of fetching secret values.
fix
More context is added to various error messages
fix
Regression introduced in 1.11.0 where attacks with invalid arguments would end up
Lost Communication
instead of Failed
info
Updated dependencies
1.11.0
November 14, 2023
new
Attacks can sometimes fail to notify the Gremlin Control Plane when its connection is impacted by the attack itself. The Gremlin agent now tolerates these failures more often and attempts to resend failed notifications. This fixes attacks that end up in the
HaltFaled
stage that would otherwise finish in the Successful
stage.
1.10.1
November 7, 2023
new
Improved the output of the Gremlin Agent validation routine that happens on startup. When validation fails, details about the failure are written to
daemon.log
.
1.10.0
October 20, 2023
fix
Fixed an issue where attacks were incorrectly labeled
HaltFailed
when Gremlin fails to notify api.gremlin.com
during teardown of the network impact.
new
For users running Gremlin on AWS, more error information is printed to the log file when AWS metadata cannot be retrieved.
info
Updated dependencies
1.9.7
July 7, 2023
fix
Errors related to spawning subprocesses now have more detailed information useful for troubleshooting.
1.9.6
June 30, 2023
fix
For hostnames supplied to network attacks, Gremlin delegates DNS queries to the operating system. When this query fails, Gremlin now attemps to resolve the name completely within the running process in an attempt to overcome operating system failures. This allows Gremlin network attacks to continue in the face of failed DNS processing.
1.9.5
June 9, 2023
fix
Fixed a bug where Latency attacks would attempt to target multiple network interfaces, which is not yet supported. An error is now returned if
--device
is used to specify multiple network interfaces for a Latency attack. If no --device
is specified, Gremlin will choose the highest priority device it finds.info
Updated dependencies.
1.9.4
May 10, 2023
fix
Gremlin now tears down the TCP connection pool with
api.gremlin.com
after successive timeout failures.fix
Gremlin includes the name of the targeted network interface in execution log events related to applying network impact.
info
Updated dependencies.
1.9.3
March 29, 2023
info
Added support for tag values to be any simple YAML datatype (boolean, integer, float, string). Previously only strings were supported.
info
Updated dependencies.
1.9.2
March 23, 2023
fix
Fixed an issue that prevented Gremlin from ingesting Azure Tags.
fix
Fixed an issue that made Gremlin validation unreliable.
info
Updated dependencies.
1.9.1
March 15, 2023
new
Gremlin's version command now prints more build information.
info
Updated dependencies.
1.9.0
March 14, 2023
new
Multiple network interface attacks are now supported. Details are available in Network device selection.
info
Updated dependencies.
1.8.3
January 5, 2023
fix
Fix a bug in collect_certs when the target dropped the network connection before completing the TLS setup.
fix
Only consider IPv4 addresses for the default Gremlin Identifier.
info
Updated help URLs.
info
Updated dependencies.
1.8.2
November 22, 2022
fix
Fix a bug that prevented collect_certs from working when run against a container.
info
Updated dependencies.
1.8.1
November 21, 2022
new
Add a short argument (-n) for the not_less_than option.
info
Updated dependencies.
1.8.0
November 16, 2022
new
Introduce Certificate Expiry test for Reliability Management.
info
Updated dependencies.
1.7.3
October 28, 2022
fix
Fixed a bug where Gremlin would not properly launch attacks that resolve to a large amount of IP addresses / blocks.
1.7.2
August 31, 2022
fix
Fixed a bug where Gremlin would not properly include swap in free memory calculations, leading to incorrect attack results.
info
Updated dependencies.
1.7.1
July 29, 2022
fix
Fixed a bug where Gremlin would attempt to allocate more memory than was available when the cgroup attribute
memory.limit_in_bytes
was higher than available system memory.info
Updated dependencies.
1.7.0
July 26, 2022
new
Gremlin's Memory attack now has a new argument:
--allocation-strategy
(-s
), which informs Gremlin on how to interpret other memory consumption arguments: --percent
, --mb
, and --gb
. See more at Memory: Options
info
Updated dependencies.
1.6.1
May 23, 2022
fix
Correctly handle proxy usernames and passwords that contain special characters. Special characters must be percent-escaped. For example, %5C is used in place of a backslash. Details are available here.
info
Updated dependencies.
1.6.0
May 9, 2022
new
Disk attack improvements. The Disk attack is much faster, more accurate, and safer.
new
Gremlin now reads custom Azure tags associated with the machine and makes those tags available for targeting.
fix
Fixed a bug where Gremlin would fail validation if the DNS lookup of api.gremlin.com failed. This was likely to be a problem in high security environments.
fix
Fixed a bug where Gremlin would crash on some operating systems when process collection was enabled. Gremlin avoids crashing and disables process collection when errors are detected.
fix
Fixed a bug where Gremlin used to skip tag configuration even when it had a valid session. Gremlin now always configures tags on startup as long as it can communicate with the Gremlin control plane.
fix
Some automatic Azure tags were not being correctly read. The azEnvironment, location, name, osType, privateIpAddress, publicIpAddress, sku, vmId, vmSetScaleName, and zone tags are all automatically read and available for targeting.
info
Removed NTP timestamp from
gremlin check os
.info
Updated dependencies.
1.5.0
December 3, 2021
new
On startup, the Gremlin agent now performs some validation on its ability to run a CPU and Latency attack. Validation results are accessible through the Clients API.
info
Updated dependencies
1.4.0
October 25, 2021
new
The Disk attack has been significantly improved. In most cases it is much faster, more accurate, and safer. It also uses significantly less CPU and RAM when filling disk volumes. The improved version is used when the environment variable
GREMLIN_DEUCHAINN_EN1023
is set to true
; all other values are treated as false
. This environment variable may be ignored or removed in a future version without notice.1.3.1
October 20, 2021
fix
Fixed bug with Gremlin's IO attack cleanup when
--mode r
or --mode w
was used. Previously, Gremlin would try to tear down files that did not exist, leading to attack failures.info
Improve messages reported by the Gremlin IO attack, when file-creation errors occur.
1.3.0
October 8, 2021
info
Changed the way
PUSH_METRICS
boolean configuration variable is evaluated. Previously, any non-empty value other than "0"
would evaluate to true
(e.g. PUSH_METRICS=false
would evaluate to true
). This has been changed to provide expected outcomes: the only values that evaluate true
are now "1"
, "true"
, and "TRUE"
, leaving all other values to evaluate to false
.
info
Updated dependencies
1.2.4
September 27, 2021
fix
Fixed a bug where the Gremlin agent does not properly roll back time travel attacks with an offset of 5 seconds or less.
1.2.3
September 10, 2021
new
The
percent
argument for Disk attacks now accepts real numbers. For example, --percent 27.5
was previously unsupported.fix
Gremlin now correctly determines the local hostname making the automatic
local-hostname
available for targetting.fix
API interactions made by the Gremlin agent now always send the appropriate
Content-Type
header value.info
Updated dependencies
1.2.2
August 19, 2021
fix
Fixed a bug where the CPU attack would not affect all processors on systems with more than 64 processors.
info
Updated dependencies
1.2.0
July 15, 2021
fix
This update fixes Memory attack bugs. Previously, the amount of memory consumed would be limited to RAM. Memory attacks with this update include swap space / all virtual memory.
new
The Memory attack is more "aggressive" in the sense that the memory allocated by Gremlin during the attack is more difficult to swap to disk.
1.1.13
June 15, 2021
new
The Gremlin CLI now has a
gremlin check daemon
subcommand which reports on the status of any running Gremlin agent.info
Updated dependencies.
1.1.10
April 14, 2021
fix
While never observed, according to the Windows API documentation, getting the current username can fail. If that happened the Gremlin Client would fail to run an attack. Instead, this version resorts to using "unknown" if the username cannot be determined.
1.1.9
April 5, 2021
new
Daemon log file management improvements. Previously, the log file was truncated at midnight. That made troubleshooting difficult. The log file is now rolled when it reaches approximately 1 MiB. Ten compressed log files are kept. With this update the current log file typically captures several days and the compressed log files typically capture a few weeks at a modest cost of approximately 2 MiB of disk space.
1.1.8
March 17, 2021
fix
Fix a bug in Gremlin's argument parsing for the
hostnames
and ipaddresses
arguments for network attacks.1.1.7
March 12, 2021
fix
Improve command-line argument parsing by providing better error messages and catching more edge cases related to illegal inputs.
1.1.6
March 4, 2021
fix
Patch a vulnerability in a 3rd party library that posed a variety of memory corruption scenarios, most likely use-after-free.
info
Improve error messages among network attacks when an invalid network device is supplied. Error message now includes all valid devices.
info
Drop invalid targeting tags with a warning.
1.1.5
February 18, 2021
new
The daemon version is included in the
gremlin check
report.fix
Occasionally the Docker version was incorrectly parsed which would result in the classic driver being used for container attacks.
1.1.3
January 27, 2021
new
Some agent API traffic is now gzip-compressed, reducing network overhead on machines where Gremlin is installed.
1.1.2
January 12, 2021
fix
Patch a vulnerability in a 3rd party library that posed a potential buffer overflow scenario
fix
Patch a vulnerability in a 3rd party library that posed a potential scenario to operate on dangling memory references
1.1.1
December 11, 2020
new
You can now specify the
SSL_CERT_FILE
variable via the config.yml
file. See the advanced configuration page for details on how to use it.1.1.0
December 7, 2020
fix
Gremlin now properly interprets escaped newline characters
\n
for values of the GREMLIN_SSL_CERT
environment variable.info
Gremlin now reports container and process data at a slower rate, down from every 5 seconds during active attacks (and every 10 seconds otherwise) to every 30 seconds. We've found that this data changes much less frequently than is justified for a 5-10 second interval. This should result in significantly reduced network overhead required to run Gremlin.
info
Updated dependencies
1.0.18
November 20, 2020
fix
The Gremlin agent now writes a message to
daemon.log
when attacks finish. This provides observers of this log with an approximation on when attacks have ended.info
Updated dependencies
1.0.17
November 6, 2020
new
Gremlin correctly reports Windows 2019 (and later)
fix
Gremlin can be removed if the kernel driver is stopped or removed by hand
1.0.16
October 13, 2020
fix
Eliminate a nuisance warning that was output at the end of an attack
info
Updated dependencies
1.0.12
September 28, 2020
new
AWS Availability Zone ID (azid) is available for targeting.
new
AWS tags are now available for targeting.
1.0.11
September 21, 2020
fix
Fix a regression introduced in
1.0.10
that prevented proper installation on Windows 8.1 / Server 2012 R21.0.8
July 30, 2020
fix
On Windows machines with many cores, CPU attack was not utilizing as much CPU time as expected.
1.0.7
July 15, 2020
fix
Improve error messaging when Gremlin fails to find an IP address for a hostname supplied with the
--hostname
argument, which can be passed to any network attack. Error message now mentions failures due to specifying a hostname that maps to an invalid DNS record type, such as NS.1.0.6
July 1, 2020
fix
Patch a vulnerability in a 3rd party library that posed a potential denial of service to Gremlin's outbound https connections. In practice this is 100% mitigated unless connecting Gremlin through a malicious SSL proxy
info
Updated dependencies
1.0.4
June 2, 2020
fix
Added more detail to error messages that occur when Gremlin fails to do a DNS lookup of a hostname. Previously the error message did not include the reason for the lookup failure. An example of the new detail we've added is:
failed to lookup address information: Name does not resolve.
1.0.3
May 20, 2020
fix
Fixed a bug where the Gremlin Disk attack would not clean up the impact files it created if it was halted from the UI.
1.0.2
May 11, 2020
fix
Added additional validity checks on data returned from the Windows API. This improves error handling when the target system does not behave as Gremlin expected.
1.0.1
May 6, 2020
info
We now collect an approximate host boot time, this will aid Gremlin to better recognize unique hosts on your team.
fix
Select a default network interface in more cases (also used when Gremlin identifier isn't specified).
1.0.0
April 30, 2020
new
Initial release of Gremlin for Windows, allowing attacks to be run on Windows environments. See more about running Gremlin on Windows.