Pivotal Application Service for Windows v2.8 Release Notes

This topic contains release notes for Pivotal Application Service for Windows (PASW) v2.8.

For the feature highlights of this release, read the blog post Any company can become a software-driven organization. The new release of Tanzu Application Service gives you the blueprint or see New Features in PASW v2.8.


Releases

2.8.18

Release Date: 10/09/2020

  • [Bug Fix] Remove “power_of_two” constraint from CPU resource definitions
  • Bump windows2019 stemcell to version 2019.26
  • Bump windowsfs-release to version 2.18.0
Component Version
windows2019 stemcell2019.26
cf-smoke-tests40.0.134
diego2.48.0
envoy-nginx0.7.0
event-log0.8.0
garden-runc1.19.16
hwc-offline-buildpack3.1.10
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.18.0

2.8.17

Release Date: 09/21/2020

  • No BOSH release bumps
Component Version
windows2019 stemcell2019.25
cf-smoke-tests40.0.134
diego2.48.0
envoy-nginx0.7.0
event-log0.8.0
garden-runc1.19.16
hwc-offline-buildpack3.1.10
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.17.0

2.8.16

Release Date: 09/10/2020

  • Bump windows2019 stemcell to version 2019.25
  • Bump diego to version 2.48.0
  • Bump envoy-nginx to version 0.7.0
  • Bump windowsfs-release to version 2.17.0
Component Version
windows2019 stemcell2019.25
cf-smoke-tests40.0.134
diego2.48.0
envoy-nginx0.7.0
event-log0.8.0
garden-runc1.19.16
hwc-offline-buildpack3.1.10
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.17.0

2.8.15

Release Date: 08/24/2020

  • [Bug Fix] Bump garden-runc to v1.19.16
  • Bump garden-runc to version 1.19.16
Component Version
windows2019 stemcell2019.24
cf-smoke-tests40.0.134
diego2.47.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.16
hwc-offline-buildpack3.1.10
license
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.16.0

2.8.14

Release Date: 08/07/2020

  • [Bug Fix] System Metrics Scraper/Prom Scraper — Fixes a bug that causes excess log volume and increases scrape interval to reduce metric volume
  • Bump windows2019 stemcell to version 2019.24
  • Bump cf-smoke-tests to version 40.0.134
  • Bump garden-runc to version 1.19.14
  • Bump windowsfs-release to version 2.16.0
Component Version
windows2019 stemcell2019.24
cf-smoke-tests40.0.134
diego2.47.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.14
hwc-offline-buildpack3.1.10
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.16.0

2.8.13

Release Date: 07/09/2020

  • Bump windows2019 stemcell to version 2019.23
  • Bump cf-smoke-tests to version 40.0.130
Component Version
windows2019 stemcell2019.23
cf-smoke-tests40.0.130
diego2.47.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.15.0

2.8.12

Release Date: 06/25/2020

Component Version
windows2019 stemcell2019.22
cf-smoke-tests40.0.128
diego2.47.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.10
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.15.0

2.8.11

Release Date: 06/11/2020

  • [Bug Fix] Loggregator Agent - Fix certificate issues for all agent metrics
  • No release bumps
Component Version
windows2019 stemcell2019.22
cf-smoke-tests40.0.128
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.9
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.14.0

2.8.10

Release Date: 06/03/2020

  • [Bug Fix] Migrate services/intermediate_tls_ca to /services/tls_leaf for Maestro
  • Bump windows2019 stemcell to version 2019.22
  • Bump cf-smoke-tests to version 40.0.128
  • Bump windowsfs-release to version 2.14.0
Component Version
windows2019 stemcell2019.22
cf-smoke-tests40.0.128
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.9
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.14.0

2.8.9

Release Date: 05/18/2020

  • [Bug Fix] Fix scheduling bug in loggregator agent by upgrading to Go 1.14.2
  • Bump windows2019 stemcell to version 2019.20
  • Bump loggregator-agent to version 5.2.9
  • Bump windowsfs-release to version 2.13.0
Component Version
windows2019 stemcell2019.20
cf-smoke-tests40.0.127
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.9
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.13.0

2.8.8

Release Date: 04/22/2020

  • [Bug Fix] Fix server_name value to use Common Name as metrics_agent_metrics_tls
  • Bump windows2019 stemcell to version 2019.19
  • No release bumps
Component Version
windows2019 stemcell2019.19
cf-smoke-tests40.0.127
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.8
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.12.0

2.8.7

Release Date: 04/07/2020

  • [Bug Fix] garden-runc - bump to latest release in supported versions
  • [Bug Fix] Fix a memory leak and go-routine leak related to having multiple aggregate drains in Loggregator
  • Bump garden-runc to version 1.19.10
  • Bump loggregator-agent to version 5.2.8
  • Bump windows-utilities to version 0.14.0
  • Bump windowsfs-release to version 2.12.0
Component Version
windows2019 stemcell2019.15
cf-smoke-tests40.0.127
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.10
hwc-offline-buildpack3.1.10
loggregator-agent5.2.8
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.14.0
windowsfs-release2.12.0

2.8.6

Release Date: 03/19/2020

  • [Bug Fix] Fix DNS Interaction between Loggregator Agent and Doppler
  • Add new release cf-smoke-tests at version 40.0.127
  • Bump loggregator-agent to version 5.2.7
  • Bump windowsfs-release to version 2.10.0
  • Removed cf-windows-smoke-tests release
Component Version
windows2019 stemcell2019.17
cf-smoke-tests40.0.127
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.7
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.10.0

2.8.5

Release Date: 03/02/2020

  • [Feature] Support Maestro’s rotation capability by adding Services TLS CA to all App containers
  • [Bug Fix] Log only necessary information when auction scoring fails
  • [Bug Fix] Fix Race Condition in Loggregator Agent
  • Bump windows2019 stemcell to version 2019.17
  • Bump cf-windows-smoke-tests to version 40.0.127
  • Bump diego to version 2.44.0
  • Bump loggregator-agent to version 5.2.6
Component Version
windows2019 stemcell2019.17
cf-windows-smoke-tests40.0.127
diego2.44.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.6
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.5.0

2.8.4

Release Date: 02/06/2020

  • Bump windowsfs-release to version 2.5.0

  • Include support for .NET Framework 4.8.0

Component Version
windows2019 stemcell2019.15
cf-windows-smoke-tests40.0.125
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.5.0

2.8.3

Release Date: 01/18/2020

  • [Security Fix] Addresses CVE 2020-0601: Windows CryptoAPI Spoofing Vulnerability
  • Bump windows2019 stemcell to version 2019.15
  • Bump windowsfs-release to version 2.4.0
Component Version
windows2019 stemcell2019.15
cf-windows-smoke-tests40.0.125
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.4.0

2.8.2

Release Date: 01/16/2020

  • Bump cf-windows-smoke-tests to version 40.0.125
  • Removed loggregator release
Component Version
windows2019 stemcell2019.14
cf-windows-smoke-tests40.0.125
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.3.0

2.8.1

Release Date: 12/26/2019

  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for garden-runc release
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for loggregator releases
  • [Feature] Expose all platform metrics on Prometheus endpoints
  • Bump windows2019 stemcell to version 2019.14
  • Bump cf-windows-smoke-tests to version 40.0.124
  • Bump garden-runc to version 1.19.9
  • Bump loggregator-agent to version 5.2.1
  • Add new release metrics-discovery at version 2.0.2
Component Version
windows2019 stemcell2019.14
cf-windows-smoke-tests40.0.124
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
loggregator106.2.0
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.3.0

2.8.0

Release Date: 12/09/2019

Component Version
windows2019 stemcell2019.13
cf-windows-smoke-tests40.0.123
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.8
hwc-offline-buildpack3.1.10
loggregator-agent5.1.0
loggregator106.2.0
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.3.0

How to Upgrade

The PASW v2.8 tile is available with the release of Pivotal Platform v2.8. To use the PASW v2.8 tile, you must install Pivotal Operations Manager v2.8 or later and Pivotal Application Service (PAS) v2.8 or later.

New Features in PASW v2.8

PASW v2.8 includes the following major features:

Deprecation of the windows2016 Stack

You should migrate any apps that run on the windows2016 stack to the windows stack.

You can migrate your apps from windows2016 to windows using Stack Auditor, a Cloud Foundry CLI plugin. For more information, see Using the Stack Auditor Plugin.

Mutual TLS Disables Unproxied Port Mappings

When you enable mutual TLS, PASW disables unproxied port mappings. This ensures that unsecure ports are closed and also provides feature parity with PAS.

To enable mutual TLS for PASW, go to the Advanced Features pane in the PASW tile. Under TLS connections from Router to apps (beta), select Router and apps use mutual TLS to verify each other’s identity.

For more information, see TLS Connections from Router to Apps (Beta) in Installing and Configuring PASW.

NFS Broker Uses CredHub as Backing Store

NFS Broker uses CredHub as its backing store, rather than an internal PAS database. Because BOSH Backup and Restore (BBR) no longer backs up NFS Broker, the nfsbroker-bbr job is removed.

For more information about CredHub, see CredHub.

Mutual TLS Added to Loggregator Endpoints and Components

Mutual TLS is added to the Loggregator, Loggregator Agent, and Log Cache endpoints. It is also added to the Leadership Election job. This provides additional security between these endpoints and metric scrapers.

For more information about Loggregator components, see Loggregator Architecture. For more information about the Leadership Election job and metric scraping, see the System Metrics repository on GitHub.

V2 Firehose Can Be Disabled

You can disable the Loggregator V2 Firehose by deselecting the Enable V2 Firehose checkbox in the System Logging pane of the PAS tile. This shuts down VMs used for the V2 Firehose, such as Dopplers and Reverse Log Proxies. After you disable the V2 Firehose, you can delete these VMs from your deployment to save resources.

Warning: If you disable the V2 Firehose, you must select the Enable Log Cache syslog ingestion checkbox, or logs and metrics do not appear in Log Cache. Pivotal recommends that you do not disable the Firehose if you are dependent on any of the following:
  • Service tile metrics
  • Pivotal Healthwatch or Pivotal App Metrics
  • Partner log or metric integrations

Warning: If you disable the V1 or V2 Firehose, you must disable the Smoke Test Errand or the deploy fails. For more information, see Disable the Smoke Test Errand If You Disable the Firehose.

For more information, see Configure System Logging in Configuring PAS.

Aggregate Drain for Metrics and App Logs

When an aggregate log and metric drain is configured in PAS, PASW sends logs and metrics to the Loggregator Log Cache syslog server through the aggregate log and metric drain instead of the Loggregator Firehose. This allows you to disable the Firehose and delete related VMs, such as Dopplers and Reverse Log Proxies. For more information about disabling the Firehose, see V2 Firehose Can Be Disabled.

To enable an aggregate log and metric drain for your foundation, add a comma-separated list of syslog endpoints to the Aggregate log and metric drain destinations field in the System Logging pane of the PAS tile. For more information, see Configure System Logging in Configuring PAS.

Web Config Transform Extension Buildpack

You can use the Web Config Transform Extension Buildpack to externalize .NET Framework configurations in the web.config file to external sources such as GitHub, CredHub, or environment variables. The buildpack uses token replacement to ensure that app configurations are not included in the web.config build artifact.

For more information about using the buildpack, see the Web Config Transform Buildpack repository on GitHub.

DNS Search Domains Support

PASW v2.8 supports DNS search domains. PASW app containers use the domains configured in the PAS DNS search domains field as their domain search list.

For more information, see (Optional) Configure DNS Search Domains in Installing and Configuring PASW.

New Advanced Features

The Advanced Features pane of the PASW v2.8 tile includes new functionality that may have certain constraints.

Although these features are fully supported, Pivotal recommends caution when using them in production.

Breaking Changes

See the following PASW v2.8 breaking change:

Incorrect HTTP(S) Proxy Configuration Breaks CredHub Interpolation for Apps in PASW v2.8.12 and Later

In PASW v2.8.12 and later, apps that have an incorrect HTTP(S) Proxy configuration fail to stage or restart due to a CredHub interpolation error.

Before you upgrade to PASW v2.8.12 or later, you must fix the HTTP(S) Proxy configuration of any impacted applications:

  1. Determine whether your apps are impacted by following the resolution procedure in Knowledgebase Article 9305.
  2. Update all impacted apps to use the recommended proxy settings that are documented in Configuring Proxy Settings for All Apps.
  3. Restart modified apps.

Known Issues

There are currently no known issues in PASW v2.8.