Isolation Segment v2.10 Release Notes

Page last updated:

This topic contains release notes for Isolation Segment v2.10.

Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs containing that patch.


Releases

2.10.19

Release Date: 11/23/2021

  • [Bug Fix] Breaking Change: Any customers with gorouter certificates lacking a SubjectAltName extension will experience failures upon deployment. As a workaround to complete deployment while new certificates are procured, enable the “Enable temporary workaround for certs without SANs” property in the Networking section of the TAS tile. For more information on updating certs, see https://community.pivotal.io/s/article/Routing-and-golang-1-15-X-509-CommonName-deprecation?language=en_US
  • Bump bpm to version 1.1.15
  • Bump cf-networking to version 2.40.0
  • Bump cflinuxfs3 to version 0.264.0
  • Bump diego to version 2.53.1
  • Bump routing to version 0.226.0
  • Bump silk to version 2.40.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.15
cf-networking2.40.0
cflinuxfs30.264.0
diego2.53.1
garden-runc1.19.30
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.6
nfs-volume7.0.4
routing0.226.0
silk2.40.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.18

Release Date: 10/20/2021

  • Bump bpm to version 1.1.14
  • Bump cf-networking to version 2.39.0
  • Bump cflinuxfs3 to version 0.262.0
  • Bump silk to version 2.39.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.14
cf-networking2.39.0
cflinuxfs30.262.0
diego2.53.0
garden-runc1.19.30
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.6
nfs-volume7.0.4
routing0.224.0
silk2.39.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.17

Release Date: 09/29/2021

  • [Security Fix] Fixes an issue where BBS socket connections could be kept alive unnecessarily
  • [Feature Improvement] Disable Diego container proxy ALPN
  • Bump cflinuxfs3 to version 0.259.0
  • Bump diego to version 2.53.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.13
cf-networking2.38.0
cflinuxfs30.259.0
diego2.53.0
garden-runc1.19.30
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.6
nfs-volume7.0.4
routing0.224.0
silk2.38.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.16

Release Date: 09/16/2021

  • [Bug Fix] garden-runc - Fix handling reserved space on ext4 and generating bundle mounts when SMB volumes are present
  • Bump cflinuxfs3 to version 0.256.0
  • Bump garden-runc to version 1.19.30
  • Bump routing to version 0.224.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.13
cf-networking2.38.0
cflinuxfs30.256.0
diego2.50.0
garden-runc1.19.30
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.6
nfs-volume7.0.4
routing0.224.0
silk2.38.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.15

Release Date: 09/09/2021

Component Version
ubuntu-xenial stemcell621.0
bpm1.1.13
cf-networking2.38.0
cflinuxfs30.252.0
diego2.50.0
garden-runc1.19.29
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.6
nfs-volume7.0.4
routing0.221.0
silk2.38.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.14

Release Date: 07/15/2021

  • [Feature Improvement] garden-runc - Enable usage of .NET diagnostic tools
  • [Bug Fix] Prevent tcp routes from using system component ports.
  • Bump cf-networking to version 2.38.0
  • Bump cflinuxfs3 to version 0.249.0
  • Bump garden-runc to version 1.19.28
  • Bump metrics-discovery to version 3.0.6
  • Bump routing to version 0.216.0
  • Bump silk to version 2.38.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.12
cf-networking2.38.0
cflinuxfs30.249.0
diego2.50.0
garden-runc1.19.28
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.6
nfs-volume7.0.4
routing0.216.0
silk2.38.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.13

Release Date: 06/22/2021

  • [Security Fix] Bump some dependencies to resolve security vulnerabilities
  • Bump bpm to version 1.1.12
  • Bump cf-networking to version 2.37.0
  • Bump cflinuxfs3 to version 0.241.0
  • Bump loggregator-agent to version 6.0.6
  • Bump metrics-discovery to version 3.0.5
  • Bump silk to version 2.37.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.12
cf-networking2.37.0
cflinuxfs30.241.0
diego2.50.0
garden-runc1.19.25
haproxy9.8.0
loggregator-agent6.0.6
mapfs1.2.4
metrics-discovery3.0.5
nfs-volume7.0.4
routing0.213.0
silk2.37.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.12

Release Date: 05/27/2021

  • [Feature Improvement] Patch versions can be upgraded without a stemcell upgrade
  • [Feature Improvement] Adds per request metrics reporting, which makes metric frequency proportional to request frequency
  • [Bug Fix] Smoke Test allows the operator to provide the apps_domain property when deploying TAS and also properly configures user provided space when deploying an isolation segment
  • Bump bpm to version 1.1.11
  • Bump cf-networking to version 2.36.0
  • Bump cflinuxfs3 to version 0.238.0
  • Bump diego to version 2.50.0
  • Bump garden-runc to version 1.19.25
  • Bump routing to version 0.213.0
  • Bump silk to version 2.36.0
  • Bump smoke-tests to version 4.3.0
Component Version
ubuntu-xenial stemcell621.0
bpm1.1.11
cf-networking2.36.0
cflinuxfs30.238.0
diego2.50.0
garden-runc1.19.25
haproxy9.8.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.3
nfs-volume7.0.4
routing0.213.0
silk2.36.0
smb-volume3.0.1
smoke-tests4.3.0
syslog11.6.1

2.10.11

Release Date: 03/31/2021

  • [Breaking Change] This restores the breaking change originally found in 2.10.9 and temporarily remediated in 2.10.10: Gorouter update to Golang v1.15 introduces stricter transfer-encoding header standards. Stricter header standards break Spring apps that incorrectly set the header. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
  • [Feature] gorouter - Operator can limit CAs gorouter trusts when validating client certs to a specified list. For more information, see Configure Networking.
  • Bump ubuntu-xenial stemcell to version 621.115
  • Bump cflinuxfs3 to version 0.227.0
  • Bump diego to version 2.49.0
  • Bump routing to version 0.212.0
Component Version
ubuntu-xenial stemcell621.115
bpm1.1.7
cf-networking2.35.0
cflinuxfs30.227.0
diego2.49.0
garden-runc1.19.18
haproxy9.8.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.3
nfs-volume7.0.4
routing0.212.0
silk2.35.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.10

Release Date: 02/19/2021

  • [Temporary Remediation] Gorouter - Emit log, emit metric, and don’t error when an app response contains a duplicate “Transfer-Encoding: chunked” header. This is a stop gap to discover which apps are sending invalid responses. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
  • Bump ubuntu-xenial stemcell to version 621.101
  • Bump cflinuxfs3 to version 0.223.0
  • Bump routing to version 0.211.1
Component Version
ubuntu-xenial stemcell621.101
bpm1.1.7
cf-networking2.35.0
cflinuxfs30.223.0
diego2.48.0
garden-runc1.19.18
haproxy9.8.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.3
nfs-volume7.0.4
routing0.211.1
silk2.35.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.9

Release Date: 12/18/2020

  • [Breaking Change] Gorouter update to Golang v1.15 introduces stricter transfer-encoding header standards. Stricter header standards break Spring apps that incorrectly set the header. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
  • [Security Fix] Bump garden-runc-release to address CVE-2020-15257
  • Bump ubuntu-xenial stemcell to version 621.94
  • Bump cf-networking to version 2.35.0
  • Bump cflinuxfs3 to version 0.216.0
  • Bump garden-runc to version 1.19.18
  • Bump routing to version 0.210.0
  • Bump silk to version 2.35.0
Component Version
ubuntu-xenial stemcell621.94
bpm1.1.7
cf-networking2.35.0
cflinuxfs30.216.0
diego2.48.0
garden-runc1.19.18
haproxy9.8.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.3
nfs-volume7.0.4
routing0.210.0
silk2.35.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.8

Release Date: 11/18/2020

  • No BOSH release bumps
Component Version
ubuntu-xenial stemcell621.90
bpm1.1.7
cf-networking2.34.0
cflinuxfs30.210.0
diego2.48.0
garden-runc1.19.16
haproxy9.8.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.3
nfs-volume7.0.4
routing0.208.0
silk2.34.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.7

Release Date: 11/04/2020

  • [Bug Fix] Downgrade haproxy to prevent blackbox failure
  • Bump ubuntu-xenial stemcell to version 621.90
  • Bump metrics-discovery to version 3.0.3
Component Version
ubuntu-xenial stemcell621.90
bpm1.1.7
cf-networking2.34.0
cflinuxfs30.210.0
diego2.48.0
garden-runc1.19.16
haproxy9.8.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.3
nfs-volume7.0.4
routing0.208.0
silk2.34.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.6

Release Date: 10/26/2020

  • [Feature Improvement] Networking: Clarify that drain timeout should be lower than backend request timeout to reduce drain time during deploys
  • [Bug Fix] Loggregator Agent Release - Prom Scraper metrics server names match
  • Bump ubuntu-xenial stemcell to version 621.89
  • Bump cf-networking to version 2.34.0
  • Bump cflinuxfs3 to version 0.210.0
  • Bump routing to version 0.208.0
  • Bump silk to version 2.34.0
Component Version
ubuntu-xenial stemcell621.89
bpm1.1.7
cf-networking2.34.0
cflinuxfs30.210.0
diego2.48.0
garden-runc1.19.16
haproxy10.0.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.4
routing0.208.0
silk2.34.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.5

Release Date: 10/09/2020

  • [Feature] The v7 cf CLI is the default CLI
  • [Bug Fix] Remove “power_of_two” constraint from CPU resource definitions
  • [BUG FIX] syslog-agent - Add ops man cert to use syslog ingestion for log-cache
  • Bump ubuntu-xenial stemcell to version 621.85
  • Bump cflinuxfs3 to version 0.208.0
Component Version
ubuntu-xenial stemcell621.85
bpm1.1.7
cf-networking2.33.0
cflinuxfs30.208.0
diego2.48.0
garden-runc1.19.16
haproxy10.0.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.4
routing0.207.0
silk2.33.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.4

Release Date: 09/21/2020

  • Bump ubuntu-xenial stemcell to version 621.84
  • Bump cflinuxfs3 to version 0.204.0
  • Bump routing to version 0.207.0
Component Version
ubuntu-xenial stemcell621.84
bpm1.1.7
cf-networking2.33.0
cflinuxfs30.204.0
diego2.48.0
garden-runc1.19.16
haproxy10.0.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.4
routing0.207.0
silk2.33.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.3

Release Date: 09/09/2020

  • [Security Fix] Fix for CVE-2020-5420: Improve Gorouter’s handling of invalid HTTP responses
  • [Feature Improvement] Gorouter aliases /healthz to /health in order to prevent downtime during upgrades
  • Bump ubuntu-xenial stemcell to version 621.82
  • Bump cf-networking to version 2.33.0
  • Bump diego to version 2.48.0
  • Bump nfs-volume to version 7.0.4
  • Bump routing to version 0.206.0
  • Bump silk to version 2.33.0
  • Bump smoke-tests to version 2.2.0
Component Version
ubuntu-xenial stemcell621.82
bpm1.1.7
cf-networking2.33.0
cflinuxfs30.203.0
diego2.48.0
garden-runc1.19.16
haproxy10.0.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.4
routing0.206.0
silk2.33.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.10.2

Release Date: 08/24/2020

  • [Bug Fix] loggr-syslog-agent - Fix server alternative name
  • [Bug Fix]: Return 502 TLS Handshake error for an unresponsive backend
  • [Bug Fix] Bump garden-runc to v1.19.16
  • Bump ubuntu-xenial stemcell to version 621.78
  • Bump cflinuxfs3 to version 0.203.0
  • Bump garden-runc to version 1.19.16
  • Bump routing to version 0.205.0
Component Version
ubuntu-xenial stemcell621.78
bpm1.1.7
cf-networking2.31.0
cflinuxfs30.203.0
diego2.47.0
garden-runc1.19.16
haproxy10.0.0
license
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.205.0
silk2.31.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

2.10.1

Release Date: 08/08/2020

  • [Bug Fix] Fix issue where requests to internal routes could fail due to incorrect case-sensitivity in DNS lookup in the service discovery controller.
  • [Bug Fix] System Metrics Scraper/Prom Scraper — Fixes a bug that causes excess log volume and increases scrape interval to reduce metric volume
  • Bump ubuntu-xenial stemcell to version 621.77
  • Bump cf-networking to version 2.31.0
  • Bump cflinuxfs3 to version 0.202.0
  • Bump garden-runc to version 1.19.14
  • Bump silk to version 2.31.0
Component Version
ubuntu-xenial stemcell621.77
bpm1.1.7
cf-networking2.31.0
cflinuxfs30.202.0
diego2.47.0
garden-runc1.19.14
haproxy10.0.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.203.0
silk2.31.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

2.10.0

Release Date: July 31, 2020

Component Version
ubuntu-xenial stemcell621.76
bpm1.1.7
cf-networking2.30.0
cflinuxfs30.198.0
diego2.47.0
garden-runc1.19.11
haproxy10.0.0
loggregator-agent6.0.2
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.203.0
silk2.30.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

About Isolation Segment

The Isolation Segment v2.10 tile is available for installation with Ops Manager v2.10.

Isolation segments provide dedicated pools of resources where you can deploy apps and isolate workloads. Using isolation segments separates app resources as completely as if they were in different Ops Manager deployments but avoids redundant management and network complexity. For more information about isolation segments, see Isolation Segments in TAS for VMs Security.

For more information about using isolation segments in your deployment, see Managing Isolation Segments.

How to Install

To install Isolation Segment v2.10, see Installing Isolation Segment.

To install Isolation Segment v2.10, you must first install Ops Manager v2.10.

New Features in Isolation Segment v2.10

Isolation Segment v2.10 includes the following major features:

Aggregate Syslog Drains Contain Logs Only

When you configure an aggregate syslog drain in Isolation Segment v2.10, by default you receive logs only. You do not also receive metrics. By not including metrics alongside logs, your syslog drain uses fewer resources and reduces network traffic between TAS for VMs components and your external logging service.

If you want the aggregate drain to send metrics along with logs, you can modify your drain URLs.

To continue to see metrics in your drains after upgrading to Isolation Segment v2.10:

  1. Navigate to the Ops Manager Installation Dashboard.
  2. Click the Isolation Segment tile in the Installation Dashboard.
  3. Select System Logging.
  4. For Address, enter the hostname or IP address of the syslog server and append ?include-metrics-deprecated=true. For example, https://syslog-server.com:123?include-metrics-deprecated=true.
  5. Click Save.

For more information about configuring aggregate syslog drains, see Configure System Logging in Configuring TAS for VMs.

You can supply sticky session cookie names for the Gorouter to use when handling sticky sessions. The Gorouter uses these cookies to support session affinity, or sticky sessions. For more information, see Session Affinity in HTTP Routing.

By default, the Gorouter uses JSESSIONID. Some apps require a different session name. For example, Spring WebFlux requires SESSION for the session cookie name.

To supply cookie names, see Configure Networking in Installing Isolation Segment.

Breaking Changes

There are no breaking changes in this release of Isolation Segment.

Known Issues

There are no known issues for Isolation Segment v2.10 at this time.