Releases: hashicorp/packer
nightly
Nightly releases are snapshots of the development activity on the Packer project that may include new features and bug fixes scheduled for upcoming releases. These releases are made available to make it easier for users to test their existing build configurations against the latest Packer code base for potential issues or to experiment with new features, with a chance to provide feedback on ways to improve the changes before being released.
As these releases are snapshots of the latest code, you may encounter an issue compared to the latest stable release. Users are encouraged to run nightly releases in a non production environment. If you encounter an issue, please check our issue tracker to see if the issue has already been reported; if a report hasn't been made, please report it so we can review the issue and make any needed fixes.
Note: Nightly releases are only available via GitHub Releases, and artifacts are not codesigned or notarized. Distribution via other Release Channels such as the Releases Site or Homebrew is not yet supported.
v1.14.2
1.14.2 (September 9, 2025)
✨ Features
-
HCP Certificate Authentication Support – by @JenGoldstrich (#13435)
Adds support for theHCP_CRED_FILEenvironment variable and removes restrictions onHCP_CLIENT_IDandHCP_CLIENT_SECRETwhen connecting builds to an HCP Packer registry. -
Upgrade Node.js to v22 – by @LeahMarieBush (#13450)
Updates the Node.js version used for Packer website builds.
🐛 Bug Fixes
- fix(winrm): catch cmd err from winrm – by @anurag5sh in (#298)
Improved reliability by catching WinRM remote shell failures during provisioning - PowerShell wrapper cleanup – by @kp2099 (#13451)
Removed the unused$resultvariable from the wrapper string. - fix tests for shell and shell-local – by @kp2099 in (#300)
Acceptance test fixes for shell and shell-local
🛠 Improvements
- Added workflow-dispatch and set
PACKER_ACC_BUILDERSfor acceptance tests – by @kp2099 (#13444) - Improved spacing in
hcl2templateerror messages – by @sbraz (#13453) - Added callouts for HashiCorp-maintained plugins moving to releases.hashicorp.com – by @BrianMMcClain (#13438)
📦 Dependencies
- Bump
github.com/ulikunitz/xzfrom 0.5.10 → 0.5.14 – by @dependabot (#13459) - Bump
golang.org/x/oauth2from 0.13.0 → 0.27.0 – by @dependabot (#13460) - Bump
github.com/ulikunitz/xzfrom 0.5.10 → 0.5.15 – by @kp2099 (#13461) - Bump
github.com/hashicorp/packer-plugin-sdkfrom 0.6.2 → 0.6.3 – by @kp2099 (#13462)
👩💻 New Contributors
- @LeahMarieBush made their first contribution in #13450 🎉
Contributors
Assets 2
v1.14.1
v1.14.0
1.14.0 (Upcoming...)
IMPROVEMENTS:
-
core: Changes to pull official packer plugins binaries from official site (releases.hashicorp.com).
This change allows Packer to automatically download and install official plugins from the HashiCorp official release site.
This change standardizes our release process and ensures a more secure and reliable pipeline for plugin delivery.
GH-13431 -
core: Updated the docs related to packer provisioners
GH-13412 -
core/HCP: This change corrects the example docs to move the registry block to the top level of the template file
GH-13427 -
core: This update adds a new section explaining conditional expressions in HCL, including syntax, usage examples, and best practices for clarity and maintainability.
The documentation covers how to use conditionals for default values, dynamic argument omission, and recommends using locals for complex logic.
GH-13429
BUG FIXES:
- core: Fixes the default execute command for script and scripts to its original behavior from v1.12.0.
The recent change to use the -File operator for script execution required adjustments that are addressed in this PR.
GH-13422
SECURITY:
- Bump go-git from v5.13.0 to v5.16.2
GH-13420
v1.13.1
Fixed issues with powershell script execution by ensuring environment variables are correctly set, appending newline characters to prevent formatting-related errors, and updating acceptance tests to use regex matching for more reliable assertions.
Breaking Changes
Starting with Packer v1.13.1, the way PowerShell commands are executed has changed. Packer now uses the -File operator to run PowerShell scripts by default. As part of this update, Packer prepends certain preamble logic to the script before adding your script content.
The default command now looks like:
powershell -executionpolicy <execution_policy> -file {{.Path}}
Here, {{.Path}} refers to the path of the temporary script file generated by Packer. When using the script or scripts block, Packer injects the preamble logic at the top of this script file.
If your script relies on specific PowerShell constructs (such as module imports, parameter declarations, or function definitions) that must appear at the top of the script, we recommend wrapping your script content inside a function and invoking it. This helps avoid any conflicts or ordering issues introduced by the preamble logic.
v1.13.0
1.13.0 (June 2, 2025)
FEATURES:
-
core: Enhanced the existing inline field in the shell provisioner to support any script with its own shebang (#!).
Allows users to provide scripts directly in the inline field, making it possible to use scripts generated by functions like templatefile.
Ensures that the shell provisioner executes the given script as intended, honoring the script's shebang line.
GH-13313 -
core: Added new built-in functions to Packer:
sum
startswith
endswith
These new functions expand the capabilities for template logic and variable handling in Packer builds.
GH-13349
IMPROVEMENTS:
-
hcl2: Added the ability for the packer fmt command to format multiple HCL files at once.
This enhancement allows users to format several files in a single command invocation.
GH-13362 -
hcl2: Added top level hcp_packer_registry block (this configuration was previously nested inside the build block and is still valid but deprecated) GH-13314
BUG FIXES:
-
core: Updated the documentation to explicitly state that a trailing slash is required when uploading directories, regardless of the guest OS.
This clarification is intended to ensure consistent behavior and prevent confusion, especially for Windows users.
GH-13309 -
core: Fixed an error occurring when using the --use-sequential-evaluation flag with packer console.
Updated the FlagSets to correctly include this flag, resolving the error.
GH-13316 -
core: added a wrapper around inline PowerShell commands executed by the provisioner to catch errors and ensure the Packer build fails if any command results in an error. #13334
-
hcl2: Ensures that Packer now preserves the user-defined order of variable files as input by the user.
This change maintains the intended precedence of variables, honoring the order specified on the command line.
GH-13350
SECURITY:
- Bump to go-crypto v0.36.0
GH-13369
v1.12.0
1.12.0 (January 22, 2025)
FEATURES:
-
core: add support for a DAG-based evaluation on locals and datasources.
A long-standing odditiy of Packer has been the order of evaluation for
locals and data sources. In previous versions of Packer, the
data sources were evaluated first, then the local variables were, making
it impossible to have a datasource that referenced a local variable as
part of its configuration.
This change introduces a Directed Acyclic Graph (DAG) to evaluate those
resources, instead of the phased approach of old, which makes the order
of evaluation not dependent on the type of resource, but instead of the
detected dependencies between them.
Note: While we are confident this should be robust enough for general
use, we do recognise that it is possible some users might encounter issues.
To give those users a way to continue using the old evaluation method, we
introduced a-use-sequential-evaluationcommand-line flag to the build,
validate, console and inspect subcommands, to force using the sequential
evaluation approach for those entities.
GH-13155 -
core/hcp: support for uploading SBOMs to HCP Packer.
Software Bill of Materials (SBOM) are a standardised way to export the various
software packages linked to an artifact. As some users have expressed a
need to produce and access those for images they build, we now add the
feature to Packer itself.
While the generation of the SBOM itself is not done directly by
Packer, instead we recommend using known scanners to produce them, we add
the capacity to upload this SBOM file to HCP Packer, and link it to a
build artifact.
GH-13171 -
core: support for alternate serialisation formats for plugin communication.
Packer relies on plugins to do most of the actual workload related to
building and provisioing artifacts, while Packer is mostly an orchestrator
for those plugins to perform their work.
This separation of concerns implies that both entities have to
communicate on multiple occasions during the course of a build.
Before v1.12.0 of Packer, and v0.6.0 of the plugin SDK, we used Gob to
do most of the serialisation for those steps.
This is however a bit of a problem recently, as go-cty, the library we
use for dynamic objects lifted from HCL templates, dropped support for
this a while back.
Therefore now, we introduce an alternative: protobuf/msgpack, which are
both usable and maintained by the projects around Packer, so we can begin
our transition away from gob with this change.
Note: as with the introduction of the DAG for locals/datasources, this
is a feature that we are reasonably confident you will not encounter bugs
with, however we cannot rule-out this possibility, therefore we introduce
a new environment variable:PACKER_FORCE_GOB, which if set to '1', forces
the use of Gob instead of protobuf/msgpack.
GH-13120
IMPROVEMENTS:
- hcl2/json: add
aws_secretsmanager_rawfuncion.
When using the AWS secretsmanager function with a non-text secret, one could
only get a secret once at a time.
This could get cumbersome if wanting to get multiple through one request,
which led people to encode their JSON/Object secrets as a big base64
encoded string that they could get once, and then manipulate through JSON
functions.
While the workaround works, it is one extra layer of manipulations to do so,
therefore a new function to always get the raw textual version of a secret
is now added to Packer.
GH-13242 - hcl2: add
alltrueandanytruefunctions.
As with Terraform, Packer now supports the HCL functionsalltrueand
anytrue, which returns whether or not a collection only consists of
truevalues, or if any is.
GH-13237 - hcl2: add
strcontainsfunction.
As with Terraform, Packer now supports the HCL functionstrcontains,
which returns whether or not a string contains a substring within it.
GH-13217
GH-13222 - datasource/http: Support other methods than GET.
The HTTP datasource used to always use GET requests for getting data
from a remote HTTP server, which was not always enough since some endpoints
may only support other methods. This change allows for most of the HTTP
methods to perform those requests.
GH-13190 - hcl2: add
base64gzipfunction.
In some cases, small blobs may need to be kept in memory, and injected in
a template somewhere else, but if the blob needs to be minimised, the
base64gzip function can be invoked to compress the blob and expose it
as a valid HCL2 string for use later.
GH-13142
BUG FIXES:
- hcl2: Fix duplicate error messages on top-level HCL violations.
A parsing quirk for HCL templates caused Packer to produce the same parsing
error multiple times if the error was caused by a top-level violation.
GH-13245 - build: Include LC_UUID in Darwin binaries.
A change in how Apple authorises a plugin to access the network caused
Packer to break on recent (14.7 and above) macOS versions, as Packer uses
the local network to communicate with plugins.
The fix is to include an additional UUID into the metadata of the produced
binary, so it is authorised by macOS to use the local network, which prompts
an update to the version of Go used for building Packer (1.22.9), as it is
when this addition is supported by an LDFLAG.
GH-13214 - hcl2: Don't error on empty bucker slug.
As reported by members of our community, using a hcp_packer_registry
block without a bucket slug, even if provided by external means, would cause
Packer to fail with an invalid bucket slug error. This is most definitely
a bug, which is addressed in this release.
GH-13210 - hcp: fix bug when trying to extract HEAD SHA from empty Git repo.
GH-13165
SECURITY:
- Bump to go-crypto v0.31.0
GH-13233
NOTES:
v1.12.0-alpha1
version: cut packer 1.12.0-alpha1
v1.11.2
1.11.2 (July 30, 2024)
FEATURES
- core/hcp: export Packer options, OS, CI and VCS metadata for a build.
Following up on the introduction of metadata for builds in Packer 1.11.0,
this version introduces more metadata. In addition to the version of Packer
core, and the plugins used, we now capture CI-specific environment variables
(gitlab-ci and github-actions for now), Git-specific information, OS details
like architecture and kernel version, and the command-line options passed
to packer build.
v1.11.1
1.11.1 (July 1, 2024)
NOTES:
- Future Scaffolding: This release contains additional changes that allow
Packer core to validate access a HCP Packer bucket before trying to
publish to it. If the bucket does not exist and the associated service
principle does not have permission to create the bucket Packer will fail
the build.GH-13059
SECURITY:
- core: Bump github.com/hashicorp/go-retryablehttp to address
CVE-2024-6104.GH-13081
IMPROVEMENTS:
- core/hcl2: The issue is that local variables in templates are evaluated in a
non-deterministic order, leading to inconsistent behavior. To fix this,
local variables will now build a list of direct dependencies, similar to
datasources, and evaluate these dependencies recursively. A caveat is that
there's a recursion cap of 10 to prevent infinite recursion; if this limit
is reached, an error is returned, prompting the user to fix their template.
GH-13039 - core: bump github.com/hashicorp/hcp-sdk-go from 0.96.0 to 0.99.0
GH-13063 - core: bump github.com/hashicorp/packer-plugin-sdk from 0.5.3 to 0.5.4
GH-13061
BUG FIXES:
- core/hcp: Change UpsertBucket to call GetBucket to address unauthorized error
from ustream API.
GH-13059