VMware Tanzu Application Service for VMs v2.10 Release Notes

Page last updated:

This topic contains release notes for VMware Tanzu Application Service for VMs (TAS for VMs) v2.10.

For the feature highlights of this release, read the blog post VMware Tanzu Application Service 2.10 Adds New CLI, Eases Upgrades with More Flexible Control Plane or see New Features in TAS for VMs v2.10.

TAS for VMs is certified by the Cloud Foundry Foundation for 2023.

For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.

Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs containing that patch.

Releases

2.10.35

Release Date: 08/10/2022

• Bump backup-and-restore-sdk to version 1.18.47
• Bump bosh-system-metrics-forwarder to version 0.0.23
• Bump cf-networking to version 3.11.0
• Bump cflinuxfs3 to version 0.312.0
• Bump dotnet-core-offline-buildpack to version 2.3.44
• Bump go-offline-buildpack to version 1.9.48
• Bump java-offline-buildpack to version 4.50
• Bump nginx-offline-buildpack to version 1.1.41
• Bump nodejs-offline-buildpack to version 1.7.72
• Bump php-offline-buildpack to version 4.4.64
• Bump pxc to version 0.44.0
• Bump python-offline-buildpack to version 1.7.56
• Bump r-offline-buildpack to version 1.1.31
• Bump routing to version 0.236.0
• Bump ruby-offline-buildpack to version 1.8.56
• Bump silk to version 3.11.0
• Bump statsd-injector to version 1.11.20
• Bump syslog to version 12.0.2
• Bump uaa to version 74.5.46

  ## What's Changed
  * Gorouter restart script waits for the gorouter to be running before reloading monit
  ## ✨  Built with go 1.17.12
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.235.0...0.236.0
          

2.10.34

Release Date: 07/18/2022

• [Feature Improvement] Deprecate Spring Cloud Connectors & Spring Auto Configuration support in Java Buildpack.
• Bump backup-and-restore-sdk to version 1.18.46
• Bump cf-autoscaling to version 249.0.13
• Bump cf-networking to version 3.9.0
• Bump cflinuxfs3 to version 0.309.0
• Bump credhub to version 2.12.6
• Bump diego to version 2.62.0
• Bump dotnet-core-offline-buildpack to version 2.3.43
• Bump go-offline-buildpack to version 1.9.47
• Bump nginx-offline-buildpack to version 1.1.39
• Bump php-offline-buildpack to version 4.4.63
• Bump pxc to version 0.43.0
• Bump python-offline-buildpack to version 1.7.55
• Bump r-offline-buildpack to version 1.1.30
• Bump routing to version 0.235.0
• Bump ruby-offline-buildpack to version 1.8.55
• Bump silk to version 3.9.0
• Bump staticfile-offline-buildpack to version 1.5.31
• Bump syslog to version 12.0.1
• Bump uaa to version 74.5.45

  ### Security Fixes
  - Bump various dependencies
          

  ### Security Fixes
  - Bump various dependencies
  ### Bug Fixes
  - Fix for URL path handling on Windows ([cloudfoundry/credhub issue 266](https://github.com/cloudfoundry/credhub/issues/266))
  ### Features
  - CredHub now logs as info instead of error when a credential isn't found
  - Added support for jammy-based stemcells that have openssl 3 ([pivotal/credhub-release issue 65](https://github.com/pivotal/credhub-release/issues/65))
          

  ## What's Changed
  * Gorouter healthchecker retries connection instead of monit (https://github.com/cloudfoundry/routing-release/pull/275)
  ## ✨  Built with go 1.17.11
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.234.0...0.235.0
          

  ## What's Changed
  * Gorouter: the metrics package now uses `lsof` to monitor file descriptors on MacOS @domdom82 https://github.com/cloudfoundry/gorouter/pull/312
  * 🐛 Bumped the `lager` dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable. Thanks @ameowlia!
  * Now tested with the bionic stemcell in CI
  ## ✨  Built with go 1.17.11
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.233.0...0.234.0
          

2.10.33

Release Date: 06/23/2022

Warning: Upcoming reduction in maintenance and security release coverage
In future patches, no sooner than July 1st 2022, some TAS components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components that use Go will no longer support TLS 1.0 or 1.1, or certificates using SHA-1. Use supported TLS protocols to avoid breaking changes and continue receiving maintenance and security releases.

• Bump diego to version 2.62.0

2.10.32

Release Date: 06/09/2022

Warning: Breaking change
This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn’t bump to Go 1.18 until July 1, 2022. This TAS release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS release with Diego 2.64.0, then you are safe to continue using it.

• [Security Fix] Added Content-Security-Policy headers in UAA responses
• [Bug Fix] Sticky sessions no longer break when used with route-services that return HTTP 4xx/5xx responses
• Bump backup-and-restore-sdk to version 1.18.42
• Bump binary-offline-buildpack to version 1.0.45
• Bump bosh-system-metrics-forwarder to version 0.0.22
• Bump bpm to version 1.1.18
• Bump cf-autoscaling to version 249.0.7
• Bump cf-networking to version 3.6.0
• Bump cflinuxfs3 to version 0.301.0
• Bump diego to version 2.64.0
• Bump dotnet-core-offline-buildpack to version 2.3.42
• Bump garden-runc to version 1.20.6
• Bump go-offline-buildpack to version 1.9.46
• Bump java-offline-buildpack to version 4.49
• Bump log-cache to version 2.8.6
• Bump loggregator to version 106.3.16
• Bump loggregator-agent to version 6.0.10
• Bump metric-registrar to version 1.1.13
• Bump metrics-discovery to version 3.0.13
• Bump nginx-offline-buildpack to version 1.1.38
• Bump nodejs-offline-buildpack to version 1.7.70
• Bump php-offline-buildpack to version 4.4.61
• Bump push-usage-service-release to version 673.0.27
• Bump python-offline-buildpack to version 1.7.54
• Bump r-offline-buildpack to version 1.1.29
• Bump routing to version 0.233.0
• Bump ruby-offline-buildpack to version 1.8.54
• Bump silk to version 3.6.0
• Bump staticfile-offline-buildpack to version 1.5.30
• Bump statsd-injector to version 1.11.19
• Bump syslog to version 11.7.10
• Bump system-metrics-scraper to version 2.0.16
• Bump uaa to version 74.5.41

  ## What's Changed
  * TCP Router: Add locking to the haproxy_reloader script to avoid haproxy reload/restart race conditions by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/269
  * TCP Router: Bump HAProxy from 1.8.13 to 2.5.4 by @cunnie in https://github.com/cloudfoundry/routing-release/pull/266
  * Gorouter: fix proxy round tripper race condition by @ameowlia and @geofffranks  in https://github.com/cloudfoundry/gorouter/pull/318
  * Routing API: fix timestamp precision issue that caused routes to be pruned unexpectedly by @geofffranks in https://github.com/cloudfoundry/routing-api/pull/24
  *  Routing API: remove `golang.x509ignoreCN` bosh property by @geofffranks and @mariash
  * Routing API: fix bug that caused TCP Router's HAProxy to reload every minute by @jrussett in https://github.com/cloudfoundry/routing-api/pull/26.
  ## Manifest Property Changes
  | Job | Property  | Notes |
  | --- | --- | --- |
  | `routing-api` | `golang.x509ignoreCN` | This property exposed a go debug flag for go version 1.15. Since go 1.16 this go debug flag has had no affect. Removing this bosh property is part of our effort to keep our code base free of cruft. |
  ## ✨  Built with go 1.17.10
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.232.0...0.233.0
          

  ## What's Changed
  * Fixing issue #250: Return a 503 not a 404 when all instances down by @kecirlotfi in https://github.com/cloudfoundry/routing-release/pull/268 and https://github.com/cloudfoundry/gorouter/pull/314
  * Fixing issue https://github.com/cloudfoundry/gorouter/pull/315: Fix route service pruning by @geofffranks
  ## Manifest Property Changes
  | Job | Property | default | notes |
  | --- | --- | --- | --- |
  | `gorouter` | `for_backwards_compatibility_only.empty_pool_response_code_503` | `0s` | This property was added to enable https://github.com/cloudfoundry/routing-release/pull/268 |
  ## New Contributors 🎉
  * @kecirlotfi made their first contribution! Thanks so much!
  ## ✨  Built with go 1.17.9
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.231.0...0.232.0
          

2.10.31

Release Date: 04/20/2022

• Bump backup-and-restore-sdk to version 1.18.39
• Bump binary-offline-buildpack to version 1.0.43
• Bump cf-autoscaling to version 249.0.2
• Bump cf-networking to version 3.3.0
• Bump cflinuxfs3 to version 0.285.0
• Bump credhub to version 2.12.4
• Bump diego to version 2.62.0
• Bump dotnet-core-offline-buildpack to version 2.3.41
• Bump go-offline-buildpack to version 1.9.42
• Bump java-offline-buildpack to version 4.48.2
• Bump loggregator to version 106.3.15
• Bump metrics-discovery to version 3.0.10
• Bump nginx-offline-buildpack to version 1.1.37
• Bump nodejs-offline-buildpack to version 1.7.69
• Bump php-offline-buildpack to version 4.4.59
• Bump push-apps-manager-release to version 673.0.6
• Bump pxc to version 0.42.0
• Bump python-offline-buildpack to version 1.7.53
• Bump r-offline-buildpack to version 1.1.28
• Bump ruby-offline-buildpack to version 1.8.53
• Bump silk to version 3.3.0
• Bump uaa to version 74.5.37

  ## What's Changed
  * Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 in /src by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/640
  * bump spring boot for cve CVE-2022-22965 by @Benjamintf1 in https://github.com/pivotal-cf/cf-autoscaling-release/pull/646
  * Bump log4j-to-slf4j from 2.17.1 to 2.17.2 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/619
  * Bump log4j-api from 2.17.1 to 2.17.2 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/618
  * Bump gson from 2.8.6 to 2.9.0 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/611
  * Bump spock-core from 2.0-groovy-3.0 to 2.1-groovy-3.0 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/613
  * Bump objenesis from 3.1 to 3.2 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/479
  **Full Changelog**: https://github.com/pivotal-cf/cf-autoscaling-release/compare/v249.0.1...v249.0.2
          

  ## What's Changed
  * Pin jackson-databind to 2.13.2.2 to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518)
  * Unpin tomcat dependencies in autoscale API in https://github.com/pivotal-cf/cf-autoscaling-release/pull/636
  * Bump autoscale API dependencies in https://github.com/pivotal-cf/cf-autoscaling-release/pull/612, https://github.com/pivotal-cf/cf-autoscaling-release/pull/625, https://github.com/pivotal-cf/cf-autoscaling-release/pull/525, https://github.com/pivotal-cf/cf-autoscaling-release/pull/634
  **Full Changelog**: https://github.com/pivotal-cf/cf-autoscaling-release/compare/v249...v249.0.1
          

  ### Security Fixes
  - Bump various dependencies.
          

  ### Security Fixes
  - Bump various dependencies.
          

  * Bump golang release to v0.100.0
  Go Version: 1.18
          

  - fix bug with large messages (#22)
  - bump-golang to v0.100.0(now 1.18)
          

2.10.30

Release Date: 04/06/2022

• [Security Fix] This release fixes CVE-2022-22965; note that the “fix” in the immediately prior version did not actually address the vulnerability, as Spring framework dependencies in UAA that should have been updated, were not. We have confirmed this version actually contains the dependency bumps, and that it is no longer vulnerable to our confirmed exploit. We consider this patch necessary for secure operation; see the VMware Security Advisory here for more details. This release also includes a new version of the Java Buildpack.
• Bump java-offline-buildpack to version 4.48.2
• Bump uaa to version 74.5.37

2.10.29

Release Date: 03/31/2022

• [Security Fix] This release was intended to address CVE-2022-22965, but did not actually update the vulnerable dependencies. Upgrade to a more recent patch version instead. See the VMware Security Advisory here for more details.
• Bump uaa to version 74.5.36

2.10.28

Release Date: 03/31/2022

• [Security Fix] This release fixes CVE-2022-23806 and CVE-2022-23772.
• [Bug Fix] Assign cloud_controller.read and cloud_controller.write scopes to service brokers created using CF CLI v8
• [Bug Fix] Resolve an issue resulting in tcp-router repeatedly respawning haproxy until it hits a forked process limit
• [Bug Fix] Resolves an issue where invalid seeded router group values should caused breaking changes
• [Bug fix] Remove x509ignoreCN option in Gorouter
• Bump backup-and-restore-sdk to version 1.18.36
• Bump cf-autoscaling to version 249
• Bump cf-networking to version 3.1.0
• Bump cflinuxfs3 to version 0.279.0
• Bump credhub to version 2.12.1
• Bump diego to version 2.61.0
• Bump dotnet-core-offline-buildpack to version 2.3.40
• Bump garden-runc to version 1.20.3
• Bump go-offline-buildpack to version 1.9.41
• Bump java-offline-buildpack to version 4.48.1
• Bump log-cache to version 2.8.5
• Bump loggregator to version 106.3.14
• Bump loggregator-agent to version 6.0.9
• Bump metric-registrar to version 1.1.12
• Bump metrics-discovery to version 3.0.9
• Bump nginx-offline-buildpack to version 1.1.36
• Bump nodejs-offline-buildpack to version 1.7.67
• Bump php-offline-buildpack to version 4.4.57
• Bump python-offline-buildpack to version 1.7.51
• Bump r-offline-buildpack to version 1.1.27
• Bump routing to version 0.231.0
• Bump ruby-offline-buildpack to version 1.8.52
• Bump silk to version 3.1.0
• Bump staticfile-offline-buildpack to version 1.5.29
• Bump uaa to version 74.5.35

  ### Security Fixes
  - Bump various dependencies.
          

  ### Security Fixes
  - Bump various dependencies.
  ### Bug Fixes
  - Fixes an issue where CredHub experiences downtime during certificate rotation process by making CredHub properly load concatenated mTLS CA certificates.
  ### Features
  - CredHub is now compatible with Postgres 13, 14.
          

  ### Dependency Bumps
  - Bumps log4j2 to 2.17.1
          

  ### Security Fixes
  - Further addresses [CVE with Log4j library](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q) and [its prior incomplete fix](https://github.com/advisories/GHSA-7rjr-3q55-vv33) by bumping to log4j2 2.16.0.
          

  ### Security Fixes
  - Addresses [CVE with Log4j library](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)
  ### Features
  - Adds a minimum duration server-level configuration fields for leaf and CA certificates: `certificates.leaf_minimum_duration_in_days` and `certificates.ca_minimum_duration_in_days`. When these fields are configured, if a request to generate or regenerate a certificate has a duration lower than the minimum, then the minimum duration is used instead. (https://github.com/cloudfoundry/credhub/pull/201)
          

  ## Bug Fixes
  - Removed the x509ignoreCN property. Now that `gorouter` is built on golang 1.17, it
no longer has any effect on gorouter behavior, and was only adding to confusion in
the properties
  - Resolve an issue with route-registrar using the same TTL as it's RegistrationInterval
for tcp routes, leading to unnecessary churn of pruned + re-registered routes.
  - Resolve an issue with Routing API where upserts to tcp routes were causing change
events to be emitted when the only change was a bump in TTL. This led to an issue
where tcp-router was constantly reloading haproxy with every route's heartbeat
registration call.
  ## Manifest Property Changes
  | Job | Property | 0.230.0 | 0.231.0 |
  | --- | --- | --- | --- |
  | `gorouter` | `golang.x509ignoreCN` | false | No longer exists |
  |  `route_registrar` | `golang.x509ignoreCN` | false | No longer exists |
  | `tcp_router` | `golang.x509ignoreCN` | false | No longer exists |
  ### ✨ Built with golang 1.17.8
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.230.0...0.231.0
          

  ## Feature
  * update gorouter for prometheus scraping by @Benjamintf1 in https://github.com/cloudfoundry/routing-release/pull/258
  ## Bug Fix
  * Invalid seeded router group manifest values should no longer cause breaking changes by default by @ameowlia in https://github.com/cloudfoundry/routing-release/pull/261
  ### ✨ Built with golang 1.17.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.229.0...0.230.0
          

2.10.27

Release Date: 02/28/2022

• [Feature Improvement] Due to routing-release now being built with Golang 1.17, all certificates provided MUST contain SAN entries on them. The previous workaround of setting “Enable temporary workaround for certs without SANs” will no longer function.
• [Feature Improvement] Per Golang 1.17’s new and stricter IP parsing standards, any IP addrs with leading zeros in any octets will result in a BOSH template failure to allow operators to remove the leading zeros and try again (affects properties fed into diego-release, garden-runc-release, winc-release, nats-release, and routing-release),.
• [Feature Improvement] UAA is compatible with MySQL 8
• [Feature Improvement] Enable TLS for container-to-container communication. See docs here for more info. Warning: this feature introduces a migration to the bbs database. Rolling back from this release will cause database issues.
• [Bug Fix] Cloud Controller Worker - PruneExcessAppRevisions job is more memory efficient
• [Bug Fix] Fix default metric registrar blocked tags to include ‘ip’ and remove 'id’
• [Bug Fix] Fixes an issue related to the parsing of the X-B3-TraceId and X-B3-SpanId HTTP headers
• [Bug Fix] Restore missing networking and garden metrics
• [Bug Fix] Smoke tests support for TLSv1.3 only option
• Bump backup-and-restore-sdk to version 1.18.34
• Bump capi to version 1.95.13
• Bump cf-autoscaling to version 248
• Bump cflinuxfs3 to version 0.274.0
• Bump credhub to version 2.9.9
• Bump diego to version 2.58.1
• Bump garden-runc to version 1.19.33
• Bump loggregator-agent to version 6.0.8
• Bump metric-registrar to version 1.1.11
• Bump metrics-discovery to version 3.0.8
• Bump nats to version 42
• Bump routing to version 0.229.0
• Bump smoke-tests to version 4.5.0
• Bump uaa to version 74.5.34

2.10.26

Release Date: 02/07/2022

Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.

• [Security Fix] Diego - Bump containerd to v1.5.9 to address (CVE-2021-43816)
• [Security Fix] Bump routing release to 0.228.0 to address (CVE-2021-44716)
• [Feature] Monit thresholds for the Cloud Controller worker are configurable
• [Feature] Apps can be step-scaled up or down in Autoscaler. See About App Autoscaler.
• [Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so IP addresses with leading zeros in any octets cause a BOSH template failure. Operators can remove the leading zeros and try deploying again. This affects properties that feed into cf-networking-release, silk-release, loggregator-agent-release, and syslog-release. Syslog drains and metric registrar endpoints registered using user-provided services might also be affected.
• [Bug Fix] Cloud Controller worker PruneExcessAppRevisions job is more memory efficient

2.10.25

Release Date: 12/21/2021

Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.

• [Security Fix] Fix uncontrolled recursion related to Log4j (CVE-2021-45105)
• Bump credhub to version 2.9.8 which has Log4j 2.17.0
• Bump java-offline-buildpack to version 4.47
• Bump uaa to version 74.5.30 which has Log4j 2.17.0

2.10.24

Release Date: 12/16/2021

Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.

• [Security Fix] Fix remote code execution vulnerability related to Log4j (CVE-2021-45046)
• [Breaking Change] Gorouter: zipkin trace-id size now complies with w3 standard of 16 bytes opposed to the previous 8 bytes.
• Bump credhub to version 2.9.7 which has Log4j 2.16.0
• Bump java-offline-buildpack to version 4.45
• Bump php-offline-buildpack to version 4.4.53
• Bump routing to version `0.227.0
• Bump uaa to version 74.5.29 which has Log4j 2.16.0

2.10.23

Release Date: 12/15/2021

Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.

• [Security Fix] Java and PHP Buildpacks - Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
• [Bug Fix] Fix “pre-start scripts failed. Failed Jobs: policy-server” error Upgrading to CF Networking Release 2.40.0
• [Bug Fix] Enable audit logging file rotation to reduce I/O load during log rotation
• [Bug Fix] Smoke Tests uses specified domain for Isolation Segments
• Bump backup-and-restore-sdk to version 1.18.28
• Bump cf-autoscaling to version 242
• Bump cf-networking to version 2.42.0
• Bump cflinuxfs3 to version 0.268.0
• Bump java-offline-buildpack to version 4.44
• Bump metrics-discovery to version 3.0.7
• Bump php-offline-buildpack to version 4.4.52
• Bump routing to version 0.227.0
• Bump silk to version 2.41.0
• Bump smoke-tests to version 4.3.1
• Bump syslog to version 11.7.6

2.10.22

Release Date: 12/13/2021

• [Security Fix] UAA and CredHub - Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
• [Bug Fix] Diego - Envoy v1.19 uses the original TCP connection pool so that it can accept more than 1024 downstream connections
• Bump credhub to version 2.9.6 which has Log4j 2.15.0
• Bump diego to version 2.54.0
• Bump uaa to version 74.5.28 which has Log4j 2.15.0

2.10.21

Release Date: 11/23/2021

• [Breaking Change] All Gorouter certificates require a SubjectAltName extension. If any Gorouter certificates lack a SubjectAltName, deployment fails. If you need to complete a deployment before configuring new Gorouter certificates, select Enable temporary workaround for certs without SANs in the Networking pane of the TAS for VMs tile. For more information about updating certificates, see Routing and Golang 1.15 X.509 CommonName deprecation in the Knowledge Base.
• [Bug Fix] Cloud Controller - Ensure app lifecycle_type is not nil when determining app lifecycle
• Bump backup-and-restore-sdk to version 1.18.26
• Bump bpm to version 1.1.15
• Bump capi to version 1.95.11
• Bump cf-networking to version 2.40.0
• Bump cflinuxfs3 to version 0.264.0
• Bump diego to version 2.53.1
• Bump dotnet-core-offline-buildpack to version 2.3.36
• Bump go-offline-buildpack to version 1.9.37
• Bump nodejs-offline-buildpack to version 1.7.63
• Bump php-offline-buildpack to version 4.4.48
• Bump python-offline-buildpack to version 1.7.47
• Bump r-offline-buildpack to version 1.1.23
• Bump routing to version 0.226.0
• Bump ruby-offline-buildpack to version 1.8.48
• Bump silk to version 2.40.0
• Bump staticfile-offline-buildpack to version 1.5.26
• Bump uaa to version 74.5.26

2.10.20

Release Date: 10/20/2021

• [Security Fix] CAPI - Address service broker SSRF CVE-2021-22099
• [Security Fix] CAPI - Cap label selectors at 50 in queries and improve label selector performance to mitigate DOS vulnerability CVE-2021-22101
• [Feature Improvement] Set default for System metrics scrape interval to 15s
• [Bug Fix] CAPI - Default staging apps to use process memory and disk in v3
• [Bug Fix] Fix certificate rotation by fixing CredHub’s import of concatenated certificates
• [Bug Fix] Fix “System metrics scrape interval” configuration in manifest
• Bump backup-and-restore-sdk to version 1.18.22
• Bump bpm to version 1.1.14
• Bump capi to version 1.95.10
• Bump cf-autoscaling to version 241
• Bump cf-networking to version 2.39.0
• Bump cflinuxfs3 to version 0.262.0
• Bump credhub to version 2.9.4
• Bump nginx-offline-buildpack to version 1.1.32
• Bump nodejs-offline-buildpack to version 1.7.62
• Bump php-offline-buildpack to version 4.4.46
• Bump push-usage-service-release to version 673.0.26
• Bump pxc to version 0.39.0
• Bump python-offline-buildpack to version 1.7.46
• Bump r-offline-buildpack to version 1.1.22
• Bump silk to version 2.39.0
• Bump staticfile-offline-buildpack to version 1.5.25

2.10.19

Release Date: 09/29/2021

• [Security Fix] Fixes an issue where BBS socket connections could be kept alive unnecessarily
• [Feature Improvement] Disable Diego container proxy ALPN
• Bump backup-and-restore-sdk to version 1.18.19
• Bump binary-offline-buildpack to version 1.0.40
• Bump cflinuxfs3 to version 0.259.0
• Bump diego to version 2.53.0
• Bump dotnet-core-offline-buildpack to version 2.3.34
• Bump java-offline-buildpack to version 4.42
• Bump nginx-offline-buildpack to version 1.1.31
• Bump nodejs-offline-buildpack to version 1.7.61
• Bump php-offline-buildpack to version 4.4.45
• Bump push-usage-service-release to version 673.0.22
• Bump python-offline-buildpack to version 1.7.45
• Bump r-offline-buildpack to version 1.1.21
• Bump ruby-offline-buildpack to version 1.8.46

2.10.18

Release Date: 09/16/2021

• [Security Fix] Usage Service - Bump rails dependency to address CVE-2021-22942
• [Bug Fix] garden-runc - Fix handling reserved space on ext4 and generating bundle mounts when SMB volumes are present
• Bump backup-and-restore-sdk to version 1.18.18
• Bump cf-autoscaling to version 239
• Bump cflinuxfs3 to version 0.256.0
• Bump garden-runc to version 1.19.30
• Bump push-usage-service-release to version 673.0.21
• Bump routing to version 0.224.0
• Bump uaa to version 74.5.25

2.10.17

Release Date: 09/09/2021

• [Security Fix] Gorouter built with Go 1.16.7 to address CVE-2021-36221
• [Bug Fix] CAPI - Some metrics for CAPI were not being properly emitted
• [Bug Fix] Usage Service - Address performance of /system_report/task_usages endpoint on large foundations
• Bump backup-and-restore-sdk to version 1.18.16
• Bump bpm to version 1.1.13
• Bump cflinuxfs3 to version 0.252.0
• Bump credhub to version 2.9.1
• Bump go-offline-buildpack to version 1.9.34
• Bump java-offline-buildpack to version 4.40
• Bump push-usage-service-release to version 673.0.19
• Bump pxc to version 0.37.0
• Bump routing to version 0.221.0
• Bump staticfile-offline-buildpack to version 1.5.24

2.10.16

Release Date: 07/20/2021

• [Bug Fix] Ensure Cloud Controller organization and space quota validations include limit for tasks run against an app that has been exceeded
• [Bug Fix] Garden recovers after a machine restarts
• Bump capi to version 1.95.6
• Bump dotnet-core-offline-buildpack to version 2.3.32
• Bump garden-runc to version 1.19.29
• Bump nginx-offline-buildpack to version 1.1.30
• Bump nodejs-offline-buildpack to version 1.7.57
• Bump php-offline-buildpack to version 4.4.44
• Bump python-offline-buildpack to version 1.7.43
• Bump r-offline-buildpack to version 1.1.20

2.10.15

Release Date: 07/15/2021

• [Security Fix] Fixed context path 404 vulnerability
• [Bug Fix] Prevent TCP routes from using system component ports. For more information, see TCP Routes Stop Working in the Knowledge Base. If you try to create or update a router group to include system component ports, the Routing API returns an error. Current invalid router groups that include system component ports are not changed, but a warning is logged. In TAS for VMs v2.12.0, invalid router groups cause a deploy failure. For more information, see Check and fix invalid router groups before TAS 2.12 in the Knowledge Base.
• [Bug Fix] Fix metric-registrar crashing when non-url formatted drains exist
• [Bug Fix] Add an option to remove extra metadata from syslog drains
• [Breaking Change] Gorouter sends all responses with transfer-encoded chunks. Some responses that were not chunked in previous versions now use transfer-encoded chunks. For more information, see Clients receive responses with no Content-Length header and a chunked encoded body after upgrading Tanzu Application Service for VMs in the Knowledge Base. (edited 20 Oct 2021)
• Bump binary-offline-buildpack to version 1.0.39
• Bump cf-networking to version 2.38.0
• Bump cflinuxfs3 to version 0.249.0
• Bump dotnet-core-offline-buildpack to version 2.3.31
• Bump garden-runc to version 1.19.28
• Bump go-offline-buildpack to version 1.9.33
• Bump log-cache to version 2.8.2
• Bump loggregator to version 106.3.12
• Bump metric-registrar to version 1.1.9
• Bump metrics-discovery to version 3.0.6
• Bump nats to version 40
• Bump nginx-offline-buildpack to version 1.1.29
• Bump nodejs-offline-buildpack to version 1.7.56
• Bump php-offline-buildpack to version 4.4.43
• Bump push-apps-manager-release to version 673.0.5
• Bump pxc to version 0.36.0
• Bump python-offline-buildpack to version 1.7.42
• Bump r-offline-buildpack to version 1.1.19
• Bump routing to version 0.216.0
• Bump ruby-offline-buildpack to version 1.8.42
• Bump silk to version 2.38.0
• Bump staticfile-offline-buildpack to version 1.5.23
• Bump syslog to version 11.7.5
• Bump system-metrics-scraper to version 2.0.14
• Bump uaa to version 74.5.24

2.10.14

Release Date: 06/22/2021

• [Security Fix] Bump some dependencies to resolve security vulnerabilities
• Bump bpm to version 1.1.12
• Bump cf-autoscaling to version 238
• Bump cf-networking to version 2.37.0
• Bump cflinuxfs3 to version 0.241.0
• Bump dotnet-core-offline-buildpack to version 2.3.29
• Bump java-offline-buildpack to version 4.39
• Bump loggregator-agent to version 6.0.6
• Bump metric-registrar to version 1.1.6
• Bump metrics-discovery to version 3.0.5
• Bump nodejs-offline-buildpack to version 1.7.52
• Bump php-offline-buildpack to version 4.4.40
• Bump push-apps-manager-release to version 673.0.4
• Bump ruby-offline-buildpack to version 1.8.39
• Bump silk to version 2.37.0
• Bump statsd-injector to version 1.11.16

2.10.13

Release Date: 05/27/2021

• [Feature Improvement] Patch versions can be upgraded without a stemcell upgrade
• [Feature Improvement] Improve metric-registrar to handle unreachable CC more gracefully, delete smoke-test app in the case of failure, and integrate CUPS caching
• [Feature Improvement] Adds per request metrics reporting, which makes metric frequency proportional to request frequency
• [Bug Fix] Smoke Test allows the operator to provide the apps_domain property when deploying TAS and also properly configures user provided space when deploying an isolation segment
• [Bug Fix] Fix race condition and prevent network policy MySQL database from being able to get into an invalid state.
• Bump binary-offline-buildpack to version 1.0.38
• Bump bpm to version 1.1.11
• Bump cf-networking to version 2.36.0
• Bump cflinuxfs3 to version 0.238.0
• Bump diego to version 2.50.0
• Bump dotnet-core-offline-buildpack to version 2.3.27
• Bump garden-runc to version 1.19.25
• Bump metric-registrar to version 1.1.5
• Bump nginx-offline-buildpack to version 1.1.26
• Bump nodejs-offline-buildpack to version 1.7.50
• Bump notifications to version 62
• Bump php-offline-buildpack to version 4.4.38
• Bump push-usage-service-release to version 673.0.16
• Bump pxc to version 0.35.0
• Bump python-offline-buildpack to version 1.7.39
• Bump r-offline-buildpack to version 1.1.17
• Bump ruby-offline-buildpack to version 1.8.38
• Bump silk to version 2.36.0
• Bump staticfile-offline-buildpack to version 1.5.21

2.10.12

Release Date: 03/31/2021

• [Breaking Change] This restores the breaking change originally found in 2.10.10 and temporarily remediated in 2.10.11: Gorouter update to Golang v1.15 introduces stricter transfer-encoding header standards. Stricter header standards break Spring apps that incorrectly set the header. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
• [Breaking Change] TAS for VMs v2.10.12 specifies Java buildpack v4.36. This causes a breaking change if you use Tanzu GemFire for VMs v1.12 or earlier with Tomcat session state caching. For information about how to avoid this breaking change, see Known Issues in the Tanzu GemFire for VMs documentation.
• [Security Fix] Usage Service - Upgrade Nokogiri gem to address CVE-2020-26247
• [Security Fix] Usage Service - Upgrade Rails gem to address CVE-2021-22880
• [Feature Improvement] MySQL binlogs volume is capped at 33% of available disk storage
• Bump ubuntu-xenial stemcell to version 621.115
• Bump cf-cli to version 1.32.0
• Bump cflinuxfs3 to version 0.227.0
• Bump diego to version 2.49.0
• Bump go-offline-buildpack to version 1.9.26
• Bump nodejs-offline-buildpack to version 1.7.42
• Bump php-offline-buildpack to version 4.4.31
• Bump push-usage-service-release to version 673.0.15
• Bump python-offline-buildpack to version 1.7.30
• Bump routing to version 0.213.0
• Bump ruby-offline-buildpack to version 1.8.31

2.10.11

Release Date: 02/19/2021

• [Breaking Change] TAS for VMs v2.10.11 specifies Java buildpack v4.36. This causes a breaking change if you use Tanzu GemFire for VMs v1.12 or earlier with Tomcat session state caching. For information about how to avoid this breaking change, see Known Issues in the Tanzu GemFire for VMs documentation.
• [Temporary Remediation] Gorouter - Emit log, emit metric, and don’t error when an app response contains a duplicate “Transfer-Encoding: chunked” header. This is a stop gap to discover which apps are sending invalid responses. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
• [Bug Fix] Autoscaling - Reduce RabbitMQ overhead of RabbitMQ based autoscaling rules.
• [Bug Fix] Diego and Cloud Controller no longer get out of sync when using TCP routes
• Bump ubuntu-xenial stemcell to version 621.101
• Bump capi to version 1.95.5
• Bump cf-autoscaling to version 237
• Bump cflinuxfs3 to version 0.223.0
• Bump dotnet-core-offline-buildpack to version 2.3.22
• Bump go-offline-buildpack to version 1.9.25
• Bump java-offline-buildpack to version 4.36
• Bump nginx-offline-buildpack to version 1.1.20
• Bump nodejs-offline-buildpack to version 1.7.41
• Bump php-offline-buildpack to version 4.4.30
• Bump pxc to version 0.33.0
• Bump python-offline-buildpack to version 1.7.29
• Bump r-offline-buildpack to version 1.1.12
• Bump routing to version 0.211.1
• Bump ruby-offline-buildpack to version 1.8.30
• Bump staticfile-offline-buildpack to version 1.5.15
• Bump uaa to version 74.5.22

2.10.10

Release Date: 12/18/2020

• [Breaking Change] Gorouter update to Golang v1.15 introduces stricter transfer-encoding header standards. Stricter header standards break Spring apps that incorrectly set the header. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
• [Security Fix] Bump garden-runc-release to address CVE-2020-15257
• Bump ubuntu-xenial stemcell to version 621.94
• Bump cf-autoscaling to version 235
• Bump cf-networking to version 2.35.0
• Bump cflinuxfs3 to version 0.216.0
• Bump dotnet-core-offline-buildpack to version 2.3.19
• Bump garden-runc to version 1.19.18
• Bump go-offline-buildpack to version 1.9.23
• Bump java-offline-buildpack to version 4.34
• Bump nginx-offline-buildpack to version 1.1.19
• Bump nodejs-offline-buildpack to version 1.7.37
• Bump php-offline-buildpack to version 4.4.27
• Bump python-offline-buildpack to version 1.7.26
• Bump r-offline-buildpack to version 1.1.11
• Bump routing to version 0.210.0
• Bump ruby-offline-buildpack to version 1.8.27
• Bump silk to version 2.35.0
• Bump staticfile-offline-buildpack to version 1.5.14

2.10.9

Release Date: 11/18/2020

• [Security Fix] Fix for CVE-2020-5423
• [Security Fix] Bump some dependencies to resolve security vulnerabilities in Apps Manager.
• [Feature Improvement] Update CLI download link in Apps Manager to ensure it downloads the latest 7.x.x version.
• Bump bosh-system-metrics-forwarder to version 0.0.20
• Bump capi to version 1.95.4
• Bump metric-registrar to version 1.1.4
• Bump push-apps-manager-release to version 673.0.0
• Bump pxc to version 0.31.0
• Bump uaa to version 74.5.21

2.10.8

Release Date: 11/04/2020

• [Security Fix] Fix for CVE-2020-5417
• [Bug Fix] Bumps Metrics-Discovery-Release to fix upgrades failing from nats to nats TLS
• [Bug Fix] Downgrade haproxy to prevent blackbox failure
• Bump ubuntu-xenial stemcell to version 621.90
• Bump capi to version 1.95.3
• Bump dotnet-core-offline-buildpack to version 2.3.17
• Bump go-offline-buildpack to version 1.9.21
• Bump java-offline-buildpack to version 4.33
• Bump log-cache to version 2.8.1
• Bump metrics-discovery to version 3.0.3
• Bump nginx-offline-buildpack to version 1.1.16
• Bump nodejs-offline-buildpack to version 1.7.32
• Bump php-offline-buildpack to version 4.4.23
• Bump python-offline-buildpack to version 1.7.24
• Bump r-offline-buildpack to version 1.1.10
• Bump ruby-offline-buildpack to version 1.8.26
• Bump staticfile-offline-buildpack to version 1.5.12

2.10.7

Release Date: 10/26/2020

• [Feature] UAA - Expose configuration options for proxy settings
• [Feature Improvement] Operators can configure how long cloud controller audit events are retained
• [Feature Improvement] Networking: Clarify that drain timeout should be lower than backend request timeout to reduce drain time during deploys
• [Bug Fix] Loggregator Agent Release - Prom Scraper metrics server names match
• Bump ubuntu-xenial stemcell to version 621.89
• Bump cflinuxfs3 to version 0.210.0
• Bump uaa to version 74.5.20

2.10.6

Release Date: 10/19/2020

• [Security Fix] Bump Percona XtraDB Cluster to 5.7.31
• [Feature Improvement] Internal route staleness threshold is now configurable
• [Bug Fix] ServiceDiscoveryController - Reconnect internal routing metrics to the firehose
• [Bug Fix] NATS - Bump release to v38 to fix various issues
• [Bug Fix] Gorouter performs TLS to backends when “Skip SSL Certificate Verification” is enabled. Stale routes are now pruned.
• Bump ubuntu-xenial stemcell to version 621.87
• Bump cf-networking to version 2.34.0
• Bump cflinuxfs3 to version 0.209.0
• Bump nats to version 38
• Bump pxc to version 0.30.0
• Bump routing to version 0.208.0
• Bump silk to version 2.34.0

2.10.5

Release Date: 10/09/2020

• [Security Fix] Remove credentials from process name and fix CVE CODEC-134, CODEC-270
• [Bug Fix] Enable users to adjust the timeout for all healthcheck types in Apps Manager
• [Bug Fix] Users can view process based audit events in Apps Manager
• [Feature] The v7 cf CLI is the default CLI
• [Bug Fix] Revert Metric-Registrar Bump
• Bump ubuntu-xenial stemcell to version 621.85
• Bump cflinuxfs3 to version 0.208.0
• Bump credhub to version 2.9.0
• Bump dotnet-core-offline-buildpack to version 2.3.15
• Bump go-offline-buildpack to version 1.9.19
• Bump nginx-offline-buildpack to version 1.1.15
• Bump nodejs-offline-buildpack to version 1.7.29
• Bump php-offline-buildpack to version 4.4.22
• Bump push-apps-manager-release to version 672.0.14
• Bump python-offline-buildpack to version 1.7.22
• Bump r-offline-buildpack to version 1.1.9
• Bump ruby-offline-buildpack to version 1.8.25
• Bump staticfile-offline-buildpack to version 1.5.11

2.10.4

Release Date: 09/21/2020

• [Security Fix] Bump Usage Service ruby version to 2.6.6 - CVE-2020-15169 CVE-2020-10933 CVE-2020-10663
• [Security Fix] Update cf-autoscaling’s dependencies to mitigate CVEs
• [Bug Fix] Modify cf-autoscaling’s API to return HTTP status 404 (not found) when not logged in. Previously it returned 401 (unauthorized). The behavior now matches the documentation
• [Feature Improvement] Secure scraping available in Metric Registrar (Reverted in v2.10.5)
• [Breaking Change] Change noisy Gorouter logs to use debug log level. Replace with more helpful, quieter logs. For more details, see routing-release in GitHub.
• Bump ubuntu-xenial stemcell to version 621.84
• Bump cf-autoscaling to version 233
• Bump cflinuxfs3 to version 0.204.0
• Bump dotnet-core-offline-buildpack to version 2.3.14
• Bump go-offline-buildpack to version 1.9.17
• Bump metric-registrar to version 1.2.1
• Bump push-usage-service-release to version 673.0.13
• Bump python-offline-buildpack to version 1.7.20
• Bump routing to version 0.207.0
• Bump staticfile-offline-buildpack to version 1.5.10

2.10.3

Release Date: 09/09/2020

• [Security Fix] Fix for CVE-2020-5420: Improve Gorouter’s handling of invalid HTTP responses
• [Feature Improvement] Gorouter aliases /healthz to /health in order to prevent downtime during upgrades
• [Feature Improvement] Allow users to scale memory & disk for web processes in Apps Manager when autoscaling is enabled
• [Bug Fix] Safeguard against null log payloads for apps in Apps Manager
• [Bug Fix] Improve Log Cache Syslog Ingestion Performance
• Bump ubuntu-xenial stemcell to version 621.82
• Bump cf-networking to version 2.33.0
• Bump diego to version 2.48.0
• Bump log-cache to version 2.8.0
• Bump nfs-volume to version 7.0.4
• Bump nginx-offline-buildpack to version 1.1.14
• Bump nodejs-offline-buildpack to version 1.7.26
• Bump php-offline-buildpack to version 4.4.20
• Bump push-apps-manager-release to version 672.0.13
• Bump routing to version 0.206.0
• Bump silk to version 2.33.0

2.10.2

Release Date: 08/24/2020

• [Security Fix] Fix for CVE-2020-5416: Improve Gorouter’s websocket error handling
• [Bug Fix] loggr-syslog-agent - Fix server alternative name
• [Bug Fix] Fix memory leak in RLP gateway
• [Bug Fix]: Return 502 TLS Handshake error for an unresponsive backend
• [Bug Fix] Fix Usage Service for inactive foundations
• [Bug Fix] Bump garden-runc to v1.19.16
• Bump ubuntu-xenial stemcell to version 621.78
• Bump cflinuxfs3 to version 0.203.0
• Bump garden-runc to version 1.19.16
• Bump go-offline-buildpack to version 1.9.16
• Bump java-offline-buildpack to version 4.32.1
• Bump loggregator to version 106.3.11
• Bump push-usage-service-release to version 673.0.11
• Bump python-offline-buildpack to version 1.7.18
• Bump routing to version 0.205.0
• Bump ruby-offline-buildpack to version 1.8.23

2.10.1

Release Date: 08/07/2020

• [Security Fix] Notifications-ui removes UAA client secret from logs during installation
• [Feature Improvement] Expose GCS blobstore storage account timeout values
• [Feature Improvement] Upgrade Percona-XtraDB-Cluster to version 5.7.30-31.43
• [Bug Fix] Fix issue where requests to internal routes could fail due to incorrect case-sensitivity in DNS lookup in the service discovery controller.
• [Bug Fix] Apps Manager accounts for App Metrics’ duplicate counts of HTTP requests, HTTP latency, and HTTP errors on App page Overview tab graphs
• [Bug Fix] System Metrics Scraper/Prom Scraper — Fixes a bug that causes excess log volume and increases scrape interval to reduce metric volume
• Bump ubuntu-xenial stemcell to version 621.77
• Bump cf-cli to version 1.28.0
• Bump cf-networking to version 2.31.0
• Bump cflinuxfs3 to version 0.202.0
• Bump dotnet-core-offline-buildpack to version 2.3.13
• Bump garden-runc to version 1.19.14
• Bump go-offline-buildpack to version 1.9.15
• Bump nginx-offline-buildpack to version 1.1.12
• Bump nodejs-offline-buildpack to version 1.7.25
• Bump notifications-ui to version 40
• Bump php-offline-buildpack to version 4.4.19
• Bump push-apps-manager-release to version 672.0.12
• Bump pxc to version 0.28.0
• Bump python-offline-buildpack to version 1.7.17
• Bump ruby-offline-buildpack to version 1.8.22
• Bump silk to version 2.31.0
• Bump system-metrics-scraper to version 2.0.13

2.10.0

Release Date: July 31, 2020

• See New Features in TAS for VMs v2.10.
• See Breaking Changes.

How to Upgrade

To upgrade to TAS for VMs v2.10, see Upgrading Ops Manager.

When upgrading to TAS for VMs v2.10, be aware of the following upgrade considerations:

• If you previously used an earlier version of TAS for VMs, you must first upgrade to TAS for VMs v2.9 to successfully upgrade to TAS for VMs v2.10.

• Some partner service tiles may be incompatible with TAS for VMs v2.10. VMware is working with partners to ensure their tiles are updated to work with the latest versions of TAS for VMs.
  
  For information about which partner service releases are currently compatible with TAS for VMs v2.10, review the appropriate partners services release documentation at https://docs.pivotal.io or contact the partner organization that produces the tile.

New Features in TAS for VMs v2.10

TAS for VMs v2.10 includes the following major features:

Aggregate Syslog Drains Contain Logs Only

When you configure an aggregate syslog drain in TAS for VMs v2.10, by default you receive logs only. You do not also receive metrics. By not including metrics alongside logs, your syslog drain uses fewer resources and reduces network traffic between TAS for VMs components and your external logging service.

If you want the aggregate drain to send metrics along with logs, you can modify your drain URLs.

To continue to see metrics in your drains after upgrading to TAS for VMs v2.10:

1. Navigate to the Ops Manager Installation Dashboard.
2. Click the VMware Tanzu Application Service for VMs tile in the Installation Dashboard.
3. Select System Logging.
4. For Aggregate log and metric drain destinations, enter the hostname or IP address of the syslog server and append ?include-metrics-deprecated=true. For example, https://syslog-server.com:123?include-metrics-deprecated=true.
5. Click Save.

For more information about configuring aggregate syslog drains, see Configure System Logging in Configuring TAS for VMs.

Send Only App Metrics to Firehose

You can choose to prevent the Loggregator Firehose from emitting app logs but still allow the Firehose to emit app metrics. Disabling logs in the Firehose helps reduce the load on TAS for VMs by allowing you to scale down Doppler and Traffic Controller VMs.

To configure the Firehose to receive only app metrics, you must select the Disable logs in Firehose, Log Cache syslog ingestion, Enable V1 Firehose, and Enable V2 Firehose checkboxes in the System Logging pane of the TAS for VMs tile. You must also configure Aggregate log and metric drain destinations in the System Logging pane of the TAS for VMs tile. For more information, see Configure System Logging in Configuring TAS for VMs.

Optionally Use Human-Readable Timestamps for Component Logs

TAS for VMs v2.10 introduces RFC3339 log format support for several TAS for VMs components. You can configure these components to produce logs with human-readable RFC3339 timestamps with the Timestamp format for component logs configuration option in the TAS for VMs tile. Logs that use human-readable timestamps are often easier to debug.

RFC3339-formatted timestamps follow the RFC3339 spec, include nine points of precision where possible, and are in UTC. For example:

• 2019-11-21T22:16:18.750673404Z
• 2019-11-21T22:16:18.750000000Z

For more information about configuring the Timestamp format for component logs field, see System Logging in Configuring TAS for VMs.

In TAS for VMs v2.10.0, if you select the Converge to human-readable RFC3339 format option under Timestamp format for component logs, then the following components and related jobs use RFC3339 timestamps: 

Components not listed in the table above either do not support RFC3339 timestamps in TAS for VMs v2.10.0 or were already using the RFC3339 timestamp format. Selecting Converge to human-readable RFC3339 format ensures that any additional components that add support for RFC3339 timestamps in later releases of TAS for VMs v2.10 are automatically configured to use RFC3339 timestamps after you upgrade.

To confirm which TAS for VMs components use RFC3339 timestamps:

1. Go to the debug/files endpoint at https://OPS-MANAGER-FQDN/debug/files, where OPS-MANAGER-FQDN is the fully-qualified domain name of your Ops Manager instance.

2. For each component, confirm that the logging.format.timestamp property is set to rfc3339.

Breaking Change: The Timestamp format for component logs feature replaces the Format of timestamps in Diego logs feature in the App Containers pane of the TAS for VMs tile. However, when you upgrade to TAS for VMs v2.10, the option that was selected under Format of timestamps in Diego logs in your previous deployment is applied to Timestamp format for component logs. For more information, see Timestamp Format for Component Logs Replaces Timestamp Format for Diego Logs below.

Configurable Sticky Session Cookie Names

You can supply sticky session cookie names for the Gorouter to use when handling sticky sessions. The Gorouter uses these cookies to support session affinity, or sticky sessions. For more information, see Session Affinity in HTTP Routing.

By default, the Gorouter uses JSESSIONID. Some apps require a different session name. For example, Spring WebFlux requires SESSION for the session cookie name.

To supply cookie names, see Configure Networking in Configuring TAS for VMs.

Improvements to App Autoscaler

TAS for VMs v2.10 includes the following improvements to App Autoscaler:

• App Autoscaler no longer returns an error when you set an executes_at time that is in the past. This lets you re-use scheduled limit changes through the Scheduler API. App Autoscaler calculates future execution dates based on the past date.
• You can use rules that are based on the HTTP throughput metric when the number of the requests is high. For information about the metric, see Default Metrics for Scaling Rules.

TAS for VMs Is Compatible with cf CLI v7

TAS for VMs v2.10 paired with cf CLI v7 allows you to do the following:

• Push updates to apps without incurring downtime. See Rolling App Deployments.
• Exercise granular control over the cf push process. See Running cf push Sub-Step Commands.
• Use a single command to push apps that run multiple processes. See Pushing an App with Multiple Processes.
• Run additional processes in the same container as your app. See Pushing Apps with Sidecar Processes.
• Add metadata to resources such as spaces and apps. See Using Metadata.

For more information about the GA release of cf CLI v7, see Cloud Foundry Further Simplifies Modern App Development: An Inside Look at the New cf CLI v7.

Deployment on VMware Cloud Foundation

TAS for VMs v2.10 can be deployed on VMware Cloud Foundation (VCF) v4.1. For instructions and more information, see Deploying TAS for VMs to VCF.

Breaking Changes

TAS for VMs v2.10 includes the following breaking changes:

Gorouter Update to Golang v1.15 Introduces Stricter Transfer-Encoding Header Standards in TAS for VMs v2.10.10 and Later

In TAS for VMs v2.10.10 and later, stricter header standards break Spring apps that incorrectly set the header. For more information, see routing-release in GitHub.

TAS for VMs v2.10.11 includes a patch release to Gorouter that emits logs, emits metrics, and does not error out when an app response contains a duplicate Transfer-Encoding: chunked header. The v2.10.11 release includes a stop gap fix to discover which apps are sending invalid responses. This fix will be removed in the next patch release. For more details, see the Applications on TAS for VMs get 502 chunked response error knowledge base article.

Before you upgrade to TAS for VMs v2.10.12 or later, you must follow the resolution steps in the above referenced KB article to fix the apps.

Timestamp Format for Component Logs Replaces Timestamp Format for Diego Logs

The Format of timestamps in Diego logs feature is removed from the App Containers pane of the TAS for VMs tile. It is replaced by Timestamp format for component logs in the System Logging pane of the TAS for VMs tile.

TAS for VMs v2.10 automatically configures Timestamp format for component logs based on how you configured Format of timestamps in Diego logs in TAS for VMs v2.9:

• If the RFC3339 timestamps option for Format of timestamps in Diego logs is selected before you upgrade to TAS for VMs v2.10, then the Converge to human-readable RFC3339 format option for Timestamp format for component logs is selected in TAS for VMs v2.10 by default. Converge to human-readable RFC3339 format configures TAS for VMs to use RFC3339 timestamps in the logs of several TAS for VMs components.

• If the Seconds since the Unix epoch option for Format of timestamps in Diego logs is selected before you upgrade to TAS for VMs v2.10, then the Maintain previous format option for Timestamp format for component logs is selected in TAS for VMs v2.10 by default.

To avoid breaking changes associated with this update, you must:

• Update any automation scripts that reference the removed Format of timestamps in Diego logs feature.

• If RFC3339 timestamps is selected for Format of timestamps in Diego logs before you upgrade to TAS for VMs v2.10, update any external monitoring configuration to account for RFC3339 timestamps in the logs for several TAS for VMs components. For a list of TAS for VMs components that support RFC3339 timestamps in TAS for VMs v2.10, see Optionally Use Human-Readable Timestamps for Component Logs in VMware Tanzu Application Service for VMs v2.10 Release Notes.

For more information about configuring RFC3339 timestamps for component logs, see System Logging in Configuring TAS for VMs.

Aggregate Syslog Drains Contain Logs Only

In TAS for VMs v2.10, aggregate syslog drains contain only logs by default, and do not contain metrics. If you rely on metrics sent through aggregate syslog drains, you must add ?include-metrics-deprecated=true to your aggregate drain URLs to continue to receive metrics in the drains.

For more information, see Aggregate Syslog Drains Contain Logs Only in the TAS for VMs v2.10 Release Notes.

TAS for VMs v2.10.11 and Later Incompatible with Tanzu GemFire for VMs v1.12 and Earlier with Tomcat Session State Caching

TAS for VMs v2.10.11 and later specifies Java buildpack v4.36. This causes a breaking change if you use Tanzu GemFire for VMs v1.12 or earlier with Tomcat session state caching. For information about how to avoid this breaking change, see Known Issues in the Tanzu GemFire for VMs documentation.

Known Issues

TAS for VMs v2.10 includes the following known issues:

Rolling App Deployment Does Not Timeout

Rolling app deployments do not properly timeout when the startup timeout is reached. You may experience a rolling app deployment process that hangs indefinitely.

If you experience a hanging rolling app deployment, you can manually terminate the process. For more information about terminating the rolling app deployment process, see the cf CLI v7 procedure in Cancel a Deployment.

Incompatible Stemcell Causes Job Failure

If you use the NSX-T Container Plugin (NCP) tile v3.0.2 or earlier, do not upgrade to TAS for VMs 2.10.5. The stemcell in this patch is not compatible with the NCP tile v3.0.2 or earlier and causes the openvswitch job to fail when you deploy.

Errors Viewing App Logs after Disabling V1 Firehose

If you deactivate the V1 Firehose and you are using a version of the cf CLI earlier than v6.50, you may encounter errors when you push an app or view the logs for an app. The logs exist but are not visible from the cf CLI.

Running the following commands results in errors:

• cf logs: Timeout trying to connect to NOAA
• cf push: timeout connecting to log server, no log will be shown

Despite the log-related errors, cf push works correctly and pushes the app.

To avoid encountering errors after deactivating the Loggregator V1 Firehose, upgrade to cf CLI v6.50 or later.

Metric Registrar 1.2.1 Issues

The following known issues with Metrics Registrar v1.2.1 affect TAS for VMs v2.10.4.

Several issues with the Metric Registrar v1.2.1 release cause problems when upgrading to TAS for VMs v2.10.4.

These known issues led to a reversion of Metrics Registrar in TAS for VMs v2.10.5. Features introduced in TAS for VMs v2.10.4 are not available in later versions of TAS for VMs.

Metric Registrar Orchestrator Cannot Connect to Cloud Controller

When the metric_registrar_orchestrator job starts up, it exits if it cannot connect to the Cloud Controller.

This issue can arise if either BOSH DNS or the Cloud Controller fails. For example, if BOSH DNS is being rolled during an update, there may be a log line similar to the following regarding host name resolution:

unable to connect to Cloud Controller: Get \"https://q-s0.cloud-controller.env.deployment.bosh:9227/internal/v4/syslog_drain_urls\": dial tcp: lookup q-s0.cloud-controller.pcfdev802.cf-85ed2c836ae0287e088c.bosh on 10.0.0.6:23: no such host

If Cloud Controller is unavailable, there may be a log line about the Cloud Controller:

unable to connect to Cloud Controller: unexpected status from cloud controller: 503

The failure of metric_registrar_orchestrator to start can block upgrades to TAS for VMs v2.10.4.

Metric Registrar Orchestrator Crashes with Unexpected Service URLs

The metric_registrar_orchestrator job parses user-provided services and their associated URLs. It expects all service URLs to have a scheme, and if it encounters one without a scheme, it crashes with the error message:

panic: runtime error: index out of range [1] with length 1

To fix this issue, check user-provided services, and make sure each service has a scheme. For example, if one of the services has the URL my.service.com, update the scheme to http://my.service.com or whichever scheme the service is communicated over.

This issue is resolved in TAS for VMs v2.10.5 and later.

Metric Registrar Smoke Tests Fail in Environments that Enable mTLS for App Containers

This issue affects TAS for VMs v2.10.4 deployments that have the Gorouter app identity verification property enabled. When enabled, this property configures Gorouter and app containers to use mTLS to verify each other’s identity.

When running the metric_registrar_smoke_test errand, the smoke test fails to detect metrics from a secure-endpoint:

DeploymentValidation
[90m/var/vcap/data/compile/smoke_test/smoke_test/deployment_validation/deployment_validation_test.go:25[0m
  [91m[1mreceives metrics scraped from metric endpoints [It][0m
  [90m/var/vcap/data/compile/smoke_test/smoke_test/deployment_validation/deployment_validation_test.go:48[0m

  [91mMonitor could not detect metrics emitted from the registered endpoint.
  Expected
      <int>: 0
  to be >
      <int>: 0[0m

To resolve this issue:

1. Retrieve the cf manifest:

   bosh -d $CF_DEPLOYMENT manifest > /tmp/cf-manifest.yml
   

2. Update the containers.proxy.verify_subject_alt_name property of the rep job to include the server name of the Metric Registrar secure endpoint scraper:

   verify_subject_alt_name:
       - gorouter.service.cf.internal
       - ssh-proxy.service.cf.internal
       - metric_registrar_endpoint_worker_scrape_tls
   

3. Redploy with the updated manifest:

   bosh -d $CF_DEPLOYMENT deploy /tmp/cf-manifest.yml
   

This issue is resolved in TAS for VMs v2.10.5 and later.

End-of-Life Components

This section lists of components that are either at their end-of-life (EOL) or nearing EOL.

Buildpack Support Changes

This section lists support changes to buildpacks associated with this release:

• NGINX Buildpack: NGINX v1.16.x and v1.17.x are removed from the NGINX buildpack v1.1.12 and later because NGINX v1.16.x and v1.17.x are out of support.

• Node.js Buildpack: Node.js v13.x is removed from the Node.js buildpack v1.7.22 and later because Node.js v13.x is out of support.

• PHP Buildpack: NGINX v1.16.x and v1.17.x are removed from the PHP buildpack v4.4.20 and later because NGINX v1.16.x and v1.17.x are out of support.

If your apps depend on any of these language distributions and use the buildpacks that are packaged with TAS for VMs, consider updating the apps and their dependencies before upgrading to TAS for VMs v2.10.

AWS S3 Path-Based Access Model

On September 30, 2020, AWS will no longer support the path-based model for accessing S3 buckets. Support for the path-based model will continue for S3 buckets created on or before September 30, 2020. S3 buckets created after that date must be accessed using the virtual-hosted model.

For more information, see Amazon S3 Path Deprecation Plan – The Rest of the Story on the AWS News Blog.

Pre-Start Scripts Fail on policy-server Job

When upgrading to TAS for VMs v2.10.21, the policy-server pre-start script runs a database migration that drops a stored procedure that is no longer needed. If your networkpolicyserver database does not have the stored procedure, you might see the following error in diego_database policy-server stdout logs:

PROCEDURE networkpolicyserver.drop_destination_index does not exist handling 66

To work around this error, add the migration to your networkpolicyserver.gorp_migrations table and skip the migration.

For more information, see “pre-start scripts failed. Failed Jobs: policy-server” error Upgrading to CF Networking Release 2.40.0 in Tanzu Application Service for VMs in the Knowledge Base.

Gorouter Sets an Invalid X-B3-SpanID Header

An issue with the Gorouter’s implementation of X-B3-SpanId and X-B3-TraceId headers can cause invalid span IDs to be set after updating the X-B3-TraceId header to the new 16-byte standard. As a result, some applications and libraries invalidate the X-B3-SpanId value, breaking traces of the application.

This issue affects versions of TAS for VMs that contain routing-release v0.227.0 and v0.228.0.