VMware Tanzu Application Service for VMs [Windows] v2.11 Release Notes
Page last updated:
This topic contains release notes for VMware Tanzu Application Service for VMs [Windows] v2.11.
Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs [Windows] containing that patch.
Warning: Windows stemcells v2019.44 and later include a version of tar
that is incompatible with
winfs2019-release v2.33.1 and earlier. For more information, see Windows Stemcell v2019.44 is Incompatible with
winfs2019-release v2.33.1 and Earlier below.
Before you install the tile, review the Windows Stemcell Compatibility Matrix.
Releases
2.11.25
Release Date: 01/17/2023
- Bump diego to version
2.71.0
- Bump garden-runc to version
1.22.7
- Bump loggregator-agent to version
6.5.6
- Bump smoke-tests to version
4.8.2
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.71.0 | |
envoy-nginx | 0.14.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.7 | |
windows-syslog | 1.1.11 | |
hwc-offline-buildpack | 3.1.27 | |
loggregator-agent | 6.5.6 |
v6.5.6## What's Changed * fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174 * updated some dependencies. **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6 |
metrics-discovery | 3.2.4 | |
smoke-tests | 4.8.2 |
4.8.2Port assets/ruby_simple to Ruby 3 |
winc | 2.9.0 | |
windows-utilities | 0.14.0 |
v2.11.24
Release Date: 12/15/2022
- [Security Fix] Fix CVE-2022-31733: Unsecured Application Port
- Bump diego to version
2.70.0
- Bump envoy-nginx to version
0.14.0
- Bump hwc-offline-buildpack to version
3.1.27
- Bump loggregator-agent to version
6.5.5
- Bump metrics-discovery to version
3.2.4
- Bump winc to version
2.9.0
- Bump windowsfs-release to version
2.40.0
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.70.0 | |
envoy-nginx | 0.14.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.5 | |
windows-syslog | 1.1.11 | |
hwc-offline-buildpack | 3.1.27 |
3.1.27* Add hwc 21.0.0, remove hwc 20.0.0 for stack(s) windows2016, windows (https://www.pivotaltracker.com/story/show/183726731) * Bumps default version to match new HWC version * Bumps go.mod go version to 1.19 Packaged binaries: | name | version | cf_stacks | |-|-|-| | hwc | 21.0.0 | windows, windows2016 | Default binary versions: | name | version | |-|-| | hwc | 21.0.0 | * Uncached buildpack SHA256: ae83488a72f50d1725fb37fc35e819133ed07af82d872b9fe7fb34e9de18b92e * Uncached buildpack SHA256: 2e2e474d7677112021cc892627eddef0768e28835b6ad98117a260ea022e4463 |
loggregator-agent | 6.5.5 |
v6.5.5- bump-golang to v0.114.0 for golang 1.19.4 - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src - Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src - Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 |
metrics-discovery | 3.2.4 |
v3.2.4- bump-golang to v0.114.0 for golang 1.19.4 - Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src - Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 |
smoke-tests | 4.8.1 | |
winc | 2.9.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.40.0 |
v2.11.23
Release Date: 12/01/2022
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.66.3 |
envoy-nginx | 0.13.0 |
event-log | 0.9.0 |
garden-runc | 1.22.5 |
windows-syslog | 1.1.11 |
hwc-offline-buildpack | 3.1.26 |
loggregator-agent | 6.5.4 |
metrics-discovery | 3.2.3 |
smoke-tests | 4.8.1 |
winc | 2.8.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.39.0 |
v2.11.22
Release Date: 11/10/2022
- Bump envoy-nginx to version
0.13.0
- Bump garden-runc to version
1.22.5
- Bump windows-syslog to version
1.1.11
- Bump hwc-offline-buildpack to version
3.1.26
- Bump loggregator-agent to version
6.5.4
- Bump metrics-discovery to version
3.2.3
- Bump smoke-tests to version
4.8.1
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.66.3 | |
envoy-nginx | 0.13.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.5 | |
windows-syslog | 1.1.11 | |
windowsfs-release | 2.39.0 | |
hwc-offline-buildpack | 3.1.26 |
3.1.26* Update libbuildpack Packaged binaries: | name | version | cf_stacks | |-|-|-| | hwc | 20.0.0 | windows, windows2016 | Default binary versions: | name | version | |-|-| | hwc | 20.0.0 | * Uncached buildpack SHA256: b9b2cec9ada73d9a2933a14e8e56f025c35b02d8bed7e74e20b093a23e13ec43 * Uncached buildpack SHA256: f633f0f686fc9539ec8f4ef205e778c820602e51434730fd69f7caad4cfb3d4f 3.1.25* Update libbuildpack * Bump github.com/onsi/gomega from 1.19.0 to 1.20.2 Packaged binaries: | name | version | cf_stacks | |-|-|-| | hwc | 20.0.0 | windows, windows2016 | Default binary versions: | name | version | |-|-| | hwc | 20.0.0 | * Uncached buildpack SHA256: 5a0c73cda7fe06118e554a93d78b0587f581e3eb2a4d108274814d372935469b * Uncached buildpack SHA256: fa7565740a5f73f2b87cbce06104517fcbc69bb513497ed8db492cb7d42f3dd1 |
loggregator-agent | 6.5.4 | |
metrics-discovery | 3.2.3 | |
smoke-tests | 4.8.1 |
4.8.1Create bosh final release 4.8.1 4.8.0Create bosh final release 4.8.0 4.7.0Create bosh final release 4.7.0 |
winc | 2.8.0 | |
windows-utilities | 0.14.0 |
v2.11.21
Release Date: 10/12/2022
- [Feature Improvement] Add option for file logging and improved event logging. For more information about syslog, see Optional TAS for VMs [Windows] 3.0 compatible syslog option below.
- Bump envoy-nginx to version
0.12.0
- Bump garden-runc to version
1.22.4
- Bump windows-syslog to version
1.1.9
- Bump loggregator-agent to version
6.5.1
- Bump metrics-discovery to version
3.2.1
- Bump winc to version
2.8.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.66.3 |
envoy-nginx | 0.12.0 |
event-log | 0.9.0 |
garden-runc | 1.22.4 |
windows-syslog | 1.1.9 |
hwc-offline-buildpack | 3.1.24 |
loggregator-agent | 6.5.1 |
metrics-discovery | 3.2.1 |
smoke-tests | 4.5.0 |
winc | 2.8.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.37.0 |
v2.11.20
Release Date: 09/20/2022
- [Breaking Change] If you have configured an app log rate limit that measures app log rates in lines per second, Diego immediately drops app logs that exceed the app log rate limit. For more information, see Diego Drops App Logs That Exceed the App Log Rate Limit below.
- [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
- [Known Issue] If Git is not installed in the
PATH
environment variable for your Windows stemcell when you deploy TAS for VMs [Windows], you may encounter a version control system (VCS) stamping failure. For more information, see Windows Stemcells Without Git Installed Cause VSC Stamping Failures below. - Bump diego to version
2.66.3
- Bump envoy-nginx to version
0.10.0
- Bump garden-runc to version
1.22.0
- Bump loggregator-agent to version
6.4.4
- Bump metrics-discovery to version
3.1.2
- Bump winc to version
2.7.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.66.3 |
envoy-nginx | 0.10.0 |
event-log | 0.9.0 |
garden-runc | 1.22.0 |
hwc-offline-buildpack | 3.1.24 |
loggregator-agent | 6.4.4 |
metrics-discovery | 3.1.2 |
smoke-tests | 4.5.0 |
winc | 2.7.0 |
windows-utilities | 0.14.0 |
v2.11.17
Release Date: 08/10/2022
- Bump loggregator-agent to version
6.4.3
- Bump metrics-discovery to version
3.1.1
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.62.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.8 |
hwc-offline-buildpack | 3.1.24 |
loggregator-agent | 6.4.3 |
metrics-discovery | 3.1.1 |
smoke-tests | 4.5.0 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
v2.11.16
Release Date: 07/18/2022
- Bump diego to version
2.62.0
- Bump garden-runc to version
1.20.8
- Bump loggregator-agent to version
6.4.2
- Bump metrics-discovery to version
3.1.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.62.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.8 |
hwc-offline-buildpack | 3.1.24 |
loggregator-agent | 6.4.2 |
metrics-discovery | 3.1.0 |
smoke-tests | 4.5.0 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
v2.11.15
Release Date: 06/23/2022
Warning: Upcoming breaking changes! In future patches, no sooner than July 1st 2022, some components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components using the Go programming language will be updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. However, the pre-existing configuration for “TLS versions supported by the Gorouter” will still work. This change may not arrive all at once, as Go is used in systems throughout TAS. There will be a VMware Knowledge Base article about this change published prior to the changes rolling out. These changes will be clearly designated in the release notes of the versions they ship in; a version of this warning will appear on all patch versions until we are confident no systems remain to be updated.
- Bump diego to version
2.62.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.62.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.6 |
hwc-offline-buildpack | 3.1.24 |
loggregator-agent | 6.4.1 |
metrics-discovery | 3.0.13 |
smoke-tests | 4.5.0 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
v2.11.14
Release Date: 06/09/2022
Warning: Breaking change. This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn’t bump to Go 1.18 until July 1, 2022. This TAS release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS release with Diego 2.64.0, then you are safe to continue using it.
- Bump diego to version
2.64.0
- Bump garden-runc to version
1.20.6
- Bump loggregator-agent to version
6.4.1
- Bump metrics-discovery to version
3.0.13
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.64.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.6 |
hwc-offline-buildpack | 3.1.24 |
loggregator-agent | 6.4.1 |
metrics-discovery | 3.0.13 |
smoke-tests | 4.5.0 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
v2.11.13
Release Date: 04/20/2022
- [Breaking Change] Syslog drains configured to use TLS now reject certificates signed with the SHA-1 hash function.
- Bump diego to version
2.62.0
- Bump hwc-offline-buildpack to version
3.1.24
- Bump loggregator-agent to version
6.3.11
- Bump metrics-discovery to version
3.0.10
- Bump winc to version
2.5.0
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.62.0 | |
envoy-nginx | 0.9.0 | |
event-log | 0.9.0 | |
garden-runc | 1.20.3 | |
hwc-offline-buildpack | 3.1.24 | |
loggregator-agent | 6.3.11 |
v6.3.11- fix bug with large messages (#89) - bump-golang to v0.100.0(now 1.18) |
metrics-discovery | 3.0.10 |
v3.0.10- fix bug with large messages (#22) - bump-golang to v0.100.0(now 1.18) |
smoke-tests | 4.5.0 | |
winc | 2.5.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.35.0 |
v2.11.12
Release Date: 03/31/2022
- [Feature Improvement] Move aggregate drains to the syslog-binding cache to improve deploy speed and reduce errors.
- Bump diego to version
2.61.0
- Bump garden-runc to version
1.20.3
- Bump hwc-offline-buildpack to version
3.1.23
- Bump loggregator-agent to version
6.3.10
- Bump metrics-discovery to version
3.0.9
- Bump windowsfs-release to version
2.35.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.61.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.3 |
hwc-offline-buildpack | 3.1.23 |
loggregator-agent | 6.3.10 |
metrics-discovery | 3.0.9 |
smoke-tests | 4.5.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
v2.11.11
Release Date: 02/28/2022
- [Feature Improvement] Per Golang 1.17’s new and stricter IP parsing standards, any IP addrs with leading zeros in any octets will result in a BOSH template failure to allow operators to remove the leading zeros and try again (affects properties fed into diego-release, garden-runc-release, winc-release, nats-release, and routing-release),.
- [Bug Fix] Smoke tests support for TLSv1.3 only option
- Bump diego to version
2.58.1
- Bump envoy-nginx to version
0.9.0
- Bump garden-runc to version
1.20.0
- Bump hwc-offline-buildpack to version
3.1.22
- Bump loggregator-agent to version
6.3.8
- Bump metrics-discovery to version
3.0.8
- Bump smoke-tests to version
4.5.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.58.1 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.0 |
hwc-offline-buildpack | 3.1.22 |
loggregator-agent | 6.3.8 |
metrics-discovery | 3.0.8 |
smoke-tests | 4.5.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.33.2 |
v2.11.10
Release Date: 02/08/2022
- [Security Fix] Diego - Bump containerd to v1.5.9 to fix CVE-2021-43816
- [Feature Improvement] TAS for VMs [Windows] supports compiled releases
- [Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so syslog drains registered using user-provided services cannot contain IP addresses with leading zeros in any octets.
- [Bug Fix] windowsfs-release compilation issue - Cannot extract through symlink
- Bump diego to version
2.57.0
- Bump hwc-offline-buildpack to version
3.1.21
- Bump loggregator-agent to version
6.3.7
- Bump metrics-discovery to version
3.0.7
- Bump smoke-tests to version
4.4.0
- Bump windowsfs-release to version
2.33.2
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.57.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.21 |
loggregator-agent | 6.3.7 |
metrics-discovery | 3.0.7 |
smoke-tests | 4.4.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.33.2 |
v2.11.9 - Withdrawn
Warning: This release has been removed from VMware Tanzu Network due to a regression in Windows FS Injector 0.21.0.
Release Date: 12/15/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- [Bug Fix] Diego - Envoy v1.19 uses the original TCP connection pool so that it can accept more than 1024 downstream connections
- [Bug Fix] Smoke Tests uses specified domain for Isolation Segments
- Bump diego to version
2.54.0
- Bump loggregator-agent to version
6.3.5
- Bump smoke-tests to version
4.3.1
Component | Version |
---|---|
windows2019 stemcell | ~2019 |
diego | 2.54.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.20 |
loggregator-agent | 6.3.5 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.1 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.31.0 |
v2.11.8
Release Date: 11/23/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- Bump diego to version
2.53.1
- Bump hwc-offline-buildpack to version
3.1.20
- Bump windowsfs-release to version
2.31.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.53.1 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.20 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.31.0 |
v2.11.7
Release Date: 10/19/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- No BOSH release bumps
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.53.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.29.0 |
v2.11.6
Release Date: 09/30/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- [Security Fix] Fixes an issue where BBS socket connections could be kept alive unnecessarily
- [Feature Improvement] Disable Diego container proxy ALPN
- Bump diego to version
2.53.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.53.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.29.0 |
v2.11.5
Release Date: 09/17/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- [Bug Fix] garden-runc - Fix handling reserved space on ext4 and generating bundle mounts when SMB volumes are present
- Bump garden-runc to version
1.19.30
- Bump windowsfs-release to version
2.29.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.50.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.29.0 |
v2.11.4
Release Date: 09/09/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- [Bug Fix] garden-runc - recover after cell restarts
- Bump garden-runc to version
1.19.29
- Bump loggregator-agent to version
6.3.4
- Bump windowsfs-release to version
2.28.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.50.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.29 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.28.0 |
v2.11.3
Release Date: 07/15/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- Bump garden-runc to version
1.19.28
- Bump hwc-offline-buildpack to version
3.1.18
- Bump metrics-discovery to version
3.0.6
- Bump windowsfs-release to version
2.27.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.50.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.28 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.3 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.27.0 |
v2.11.2
Release Date: 06/22/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- [Security Fix] Bump some dependencies to resolve security vulnerabilities
- Bump loggregator-agent to version
6.3.3
- Bump metrics-discovery to version
3.0.5
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.50.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.25 |
hwc-offline-buildpack | 3.1.13 |
loggregator-agent | 6.3.3 |
metrics-discovery | 3.0.5 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.26.0 |
v2.11.1
Release Date: 05/27/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
- See Known Issues.
- [Feature Improvement] Patch versions can be upgraded without a stemcell upgrade
- [Bug Fix] Smoke Test allows the operator to provide the apps_domain property when deploying TAS and also properly configures user provided space when deploying an isolation segment
- Bump diego to version
2.50.0
- Bump garden-runc to version
1.19.25
- Bump loggregator-agent to version
6.2.1
- Bump smoke-tests to version
4.3.0
- Bump windowsfs-release to version
2.26.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.50.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.25 |
hwc-offline-buildpack | 3.1.13 |
loggregator-agent | 6.2.1 |
metrics-discovery | 3.0.3 |
smoke-tests | 4.3.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.26.0 |
v2.11.0
Release Date: March 30, 2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
Component | Version |
---|---|
windows2019 stemcell | 2019.32 |
diego | 2.49.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.18 |
hwc-offline-buildpack | 3.1.13 |
loggregator-agent | 6.2.0 |
metrics-discovery | 3.0.3 |
smoke-tests | 2.2.0 |
winc | 2.2.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.23.0 |
How to Upgrade
The TAS for VMs [Windows] v2.11 tile is available with the release of Ops Manager v2.10. For more information, see the Ops Manager documentation.
To use the TAS for VMs [Windows] v2.11 tile, you must install Ops Manager v2.10 and VMware Tanzu Application Service for VMs (TAS for VMs) v2.11 or later.
New Features in TAS for VMs [Windows] v2.11
There are no new features in this release of TAS for VMs [Windows].
Breaking Changes
TAS for VMs [Windows] v2.11 includes the following breaking change:
Diego Drops App Logs That Exceed the App Log Rate Limit
As of TAS for VMs [Windows] v2.11.20, if you have configured an app log rate limit that measures app log rates in lines per second, Diego immediately drops app logs that exceed the app log rate limit.
In TAS for VMs [Windows] v2.11.19 and earlier, Diego buffers and releases approximately 5 MB to 10 MB of app logs that exceed the app log rate limit. This behavior has changed in TAS for VMs [Windows] v2.11.20 because Diego has been upgraded to a newer version.
If this change in behavior causes parts of your deployment to fail, VMware recommends that you either modify any automated scripts that rely on app log output or increase the app log rate limit.
For more information about app log rate limits, see App Log Rate Limiting.
Optional TAS for VMs [Windows] 3.0 compatible syslog option
TAS for VMs [Windows] 3.0 includes changes to syslog forwarding. These changes include - Changes in syslog format to better match other tiles. - Allows securely forwarding logs with tls enabled. - Includes bosh logs to match other tiles and to aid in debugging and auditing the system.
These changes will only be enabled if you turn off compatibility_mode
in the system logging window of the settings.
The formatting changes are detailed as follows:
* The priority is changed from kernel/debug(7)
to user/info(14)
.
* The app name is changed from Microsoft-Windows-Security-Auditing
to event_logger
.
* The process number is changed from a numerical process ID to rs2
.
* Logs contain structured data for instance and deployment details.
* The event log JSON string includes additional fields.
* In the event log JSON string, field names are written in camel case.
* In the event log JSON string, fields may appear in a different order.
The following example shows the previous log format:
<7>1 2022-07-06T22:19:38.1413061Z 10.0.4.14 Microsoft-Windows-Security-Auditing 160 - - {"message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-7F65ECCF-0D0$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1f7c\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x248\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","source":"Microsoft-Windows-Security-Auditing"}
The following example shows the new log format:
<14>1 2022-07-11T22:27:08.279742Z 10.0.4.12 event_logger rs2 - [instance@47450 az="us-central1-b" deployment="pas-windows-dfc8956c7081f9369571" director="" group="windows_diego_cell" id="d0564a0e-684f-4b58-99ee-6a59d1e7caf8"] {"MachineName":"vm-c5547227-c4fa-44ae-79d0-ee56f96e82a4","Data":[],"Index":162257,"Category":"(13312)","CategoryNumber":13312,"EventID":4688,"EntryType":8,"Message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-C5547227-C4F$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1590\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x1120\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","Source":"Microsoft-Windows-Security-Auditing","ReplacementStrings":["S-1-5-18","VM-C5547227-C4F$","WORKGROUP","0x3e7","0x1590","C:\\Windows\\System32\\wbem\\WMIC.exe","%%1936","0x1120","","S-1-0-0","-","-","0x0","C:\\bosh\\bosh-agent.exe","S-1-16-16384"],"InstanceId":4688,"TimeGenerated":"\/Date(1657578421000)\/","TimeWritten":"\/Date(1657578421000)\/","UserName":null,"Site":null,"Container":null}
Known Issues
TAS for VMs [Windows] v2.11 includes the following known issues:
Upgrades Fail When the Stemcell Does Not Change
If you upgrade to a version of TAS for VMs [Windows] that uses the same stemcell, TAS for VMs [Windows] can fail to create containers, causing the deployment to fail. If there are stemcell changes or if the Microsoft base layer changes, this error is unlikely to occur.
For more information, see Failure to create containers when upgrading with shared Microsoft base image in the VMware Tanzu Knowledge Base.
Smoke Tests Fail When Isolation Segment is Deployed
The Smoke Test errand runs extra, failing tests when TAS for VMs [Windows] is deployed with Isolation Segment. They are “Compute isolation disabled” and “Application Workflow Linux Applications”.
To work around this issue, disable Smoke Tests. For more information, see Windows Tile smoke-tests fails for isolation segment segments in the VMware Tanzu Knowledge Base.
Windows Stemcell v2019.44 is Incompatible with winfs2019-release v2.33.1 and Earlier
Windows stemcells v2019.44 and later include a newer version of tar
that is incompatible with winfs2019-release
v2.33.1 and earlier.
TAS for VMs [Windows] deployments that use Windows stemcells v2019.44 and later cannot untar winfs2019-release
v2.33.1 and earlier. Compatible
Windows stemcells for winfs2019-release
v2.33.1 and earlier include v2019.0 through v2019.43.
Windows Stemcells Without Git Installed Cause VSC Stamping Failures
If Git is not installed either on your Windows stemcell or in the PATH
environment variable for your Windows stemcell when you deploy
TAS for VMs [Windows] v2.11.20, you may see the following error:
Stderr: Use -buildvcs=false to disable VCS stamping.
This occurs because some TAS for VMs [Windows] v2.11.20 use Go v1.18, which embeds VSC information in binaries. As a result,
releases that contain .git
files require that Git is installed either on your Windows stemcell or in the PATH
for your Windows stemcell. If you do not
have Git installed in either location and have not set the buildvcs
property to false
, Go v1.18 fails to build the release.
TAS for VMs [Windows] v2.11.20 contains windows2019fs-release
. Because windows2019fs-release
contains .git
files,
deployments of TAS for VMs [Windows] v2.11.20 using Windows stemcells that do not have Git installed on them or in their
PATH
fail with the VSC stamping error above.