VMware Tanzu Application Service for VMs v2.12 Release Notes
- Releases
- How to Upgrade
-
New Features in TAS for VMs v2.12
- TAS for VMs Is Compatible with cf CLI v8
- Gorouter Supports HTTP/2
- Gorouter Supports TLS v1.3
- New User Role: Space Supporter
- TAS for VMs Version is in Apps Manager UI
- Secure Endpoint for Metric Registrar
- Reduce Traffic to Syslog Drains
- Move aggregate drains to the syslog-binding cache to improve deploy speed and reduce errors
- Supported cf CLI Container Images
- Breaking Changes
- Known Issues
Page last updated:
This topic contains release notes for VMware Tanzu Application Service for VMs (TAS for VMs) v2.12.
TAS for VMs is certified by the Cloud Foundry Foundation for 2022.
For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.
Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs containing that patch.
Required Cloud Foundry Command-Line Interface (cf CLI) version: You must install cf CLI v7 or cf CLI v8 when upgrading to or using TAS for VMs v2.12.
For more information, see Upgrading to cf CLI v7 and Upgrading to cf CLI v8.
Releases
2.12.17
Release Date: 09/21/2022
- [Security Fix] Bump Cloud Controller Ruby version to 2.7.6 and Go to 1.18.5
- [Security Fix] Update Content-Security-Policy
- [Feature] Enables TLS for all internal MySQL galera and monitoring components
- [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
- [Feature Improvement] Use the latest version of nats-release
- Bump backup-and-restore-sdk to version
1.18.50 - Bump bosh-system-metrics-forwarder to version
0.0.24 - Bump bpm to version
1.1.19 - Bump capi to version
1.117.8 - Bump cflinuxfs3 to version
0.319.0 - Bump credhub to version
2.12.8 - Bump dotnet-core-offline-buildpack to version
2.4.0 - Bump garden-runc to version
1.22.0 - Bump go-offline-buildpack to version
1.9.49 - Bump log-cache to version
2.11.13 - Bump loggregator to version
106.6.9 - Bump loggregator-agent to version
6.4.4 - Bump metric-registrar to version
1.2.10 - Bump metrics-discovery to version
3.1.2 - Bump mysql-monitoring to version
9.18.0 - Bump nginx-offline-buildpack to version
1.1.42 - Bump nodejs-offline-buildpack to version
1.7.73 - Bump php-offline-buildpack to version
4.4.65 - Bump push-apps-manager-release to version
675.0.5 - Bump python-offline-buildpack to version
1.7.57 - Bump r-offline-buildpack to version
1.1.32 - Bump ruby-offline-buildpack to version
1.8.57 - Bump silk to version
3.12.0 - Bump staticfile-offline-buildpack to version
1.5.33 - Bump statsd-injector to version
1.11.21 - Bump syslog to version
11.8.2 - Bump system-metrics-scraper to version
3.2.8 - Bump uaa to version
74.5.48
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.265 | |
| backup-and-restore-sdk | 1.18.50 |
v1.18.50## Changes * Add final release 1.18.49 [ci skip] * Bump mariadb from 10.6.8 to 10.6.9 (#688) * Bump mysql from 5.7.37 to 5.7.38 (#674) * Bump postgres from 10.21 to 10.22 (#682) * Bump postgres from 11.16 to 11.17 (#683) * Bump postgres from 13.7 to 13.8 (#684) * Fix deploy postres ci job (#687) * [ci] Replace Xenial by Jammy (#689) ## Dependencies * **storage:** Updated to v1.25.0. v1.18.49## Changes * Add final release 1.18.47 [ci skip] ## Dependencies * **storage:** Updated to v1.24.0. v1.18.48## Changes * Add final release 1.18.47 [ci skip] * Fix bpm-release download url * Parametrise minis-host and minio-port * Remove explicit port in BOSH_GW_HOST * Remove hardcoded port * Replace secrets in task definition ## Dependencies * **storage:** Updated to v1.24.0. |
| binary-offline-buildpack | 1.0.45 | |
| bosh-dns-aliases | 0.0.4 | |
| bosh-system-metrics-forwarder | 0.0.24 | |
| bpm | 1.1.19 | |
| capi | 1.117.8 | |
| cf-autoscaling | 249.0.17 | |
| cf-cli | 1.38.0 | |
| cf-networking | 3.11.0 | |
| cflinuxfs3 | 0.319.0 | |
| credhub | 2.12.8 |
2.12.8
### Security Fixes
- Bump various dependencies, including bumping postgresql from 42.4.0 to 42.4.1, which addresses [CVE-2022-31197](https://nvd.nist.gov/vuln/detail/CVE-2022-31197)
2.12.7
### Security Fixes
- Bump various dependencies
### Bug Fixes
- Improved test robustness on platforms with slow random number generation
- Improved test robustness for several tests that handle database setup
|
| diego | 2.62.0 | |
| dotnet-core-offline-buildpack | 2.4.0 | |
| garden-runc | 1.22.0 | |
| go-offline-buildpack | 1.9.49 | |
| haproxy | 11.10.2 | |
| java-offline-buildpack | 4.50 | |
| log-cache | 2.11.13 | |
| loggregator | 106.6.9 | |
| loggregator-agent | 6.4.4 | |
| mapfs | 1.2.6 | |
| metric-registrar | 1.2.10 | |
| metrics-discovery | 3.1.2 | |
| mysql-monitoring | 9.18.0 |
v9.18.0
**Bugs Fixed**
Fixed a bug where mysql-metrics would fail to restart under ubuntu-jammy stemcells
As part of this fix, mysql-metrics and the mysql-diag-agent jobs now use bpm for process management.
v9.17.0
- `mysql-diag-agent` and `replication-canary` support TLS
v9.16.0
- Bump golang to version 1.18.2
|
| nats | 42 | |
| nfs-volume | 7.1.1 | |
| nginx-offline-buildpack | 1.1.42 | |
| nodejs-offline-buildpack | 1.7.73 | |
| notifications | 62 | |
| notifications-ui | 40 | |
| php-offline-buildpack | 4.4.65 | |
| push-apps-manager-release | 675.0.5 |
675.0.5
- Update Content-Security-Policy
|
| push-usage-service-release | 674.0.24 | |
| pxc | 0.44.0 | |
| python-offline-buildpack | 1.7.57 | |
| r-offline-buildpack | 1.1.32 | |
| routing | 0.236.0 | |
| ruby-offline-buildpack | 1.8.57 | |
| silk | 3.12.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| staticfile-offline-buildpack | 1.5.33 | |
| statsd-injector | 1.11.21 | |
| syslog | 11.8.2 | |
| system-metrics-scraper | 3.2.8 | |
| uaa | 74.5.48 |
v74.5.48
### Dependency bumps
- Various dependency bumps.
v74.5.47
### Fixes
- Fixes a sporadic pre-start script failure due to a race condition of the `update-ca-certificates` commands [#391]
### Dependency bumps
- Various dependency bumps.
|
2.12.16
Release Date: 08/10/2022
- Bump backup-and-restore-sdk to version
1.18.47 - Bump bosh-system-metrics-forwarder to version
0.0.23 - Bump cf-autoscaling to version
249.0.17 - Bump cf-networking to version
3.11.0 - Bump cflinuxfs3 to version
0.312.0 - Bump credhub to version
2.12.6 - Bump dotnet-core-offline-buildpack to version
2.3.44 - Bump go-offline-buildpack to version
1.9.48 - Bump haproxy to version
11.10.2 - Bump java-offline-buildpack to version
4.50 - Bump log-cache to version
2.11.12 - Bump loggregator to version
106.6.8 - Bump loggregator-agent to version
6.4.3 - Bump metric-registrar to version
1.2.9 - Bump metrics-discovery to version
3.1.1 - Bump nginx-offline-buildpack to version
1.1.41 - Bump nodejs-offline-buildpack to version
1.7.72 - Bump php-offline-buildpack to version
4.4.64 - Bump pxc to version
0.44.0 - Bump python-offline-buildpack to version
1.7.56 - Bump r-offline-buildpack to version
1.1.31 - Bump routing to version
0.236.0 - Bump ruby-offline-buildpack to version
1.8.56 - Bump silk to version
3.11.0 - Bump staticfile-offline-buildpack to version
1.5.32 - Bump statsd-injector to version
1.11.20 - Bump syslog to version
11.8.1 - Bump system-metrics-scraper to version
3.2.7 - Bump uaa to version
74.5.46
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.261 | |
| backup-and-restore-sdk | 1.18.47 | |
| binary-offline-buildpack | 1.0.45 | |
| bosh-dns-aliases | 0.0.4 | |
| bosh-system-metrics-forwarder | 0.0.23 | |
| bpm | 1.1.18 | |
| capi | 1.117.7 | |
| cf-autoscaling | 249.0.17 | |
| cf-cli | 1.38.0 | |
| cf-networking | 3.11.0 | |
| cflinuxfs3 | 0.312.0 | |
| credhub | 2.12.6 |
2.12.6
### Security Fixes
- Bump various dependencies
|
| diego | 2.62.0 | |
| dotnet-core-offline-buildpack | 2.3.44 | |
| garden-runc | 1.20.8 | |
| go-offline-buildpack | 1.9.48 | |
| haproxy | 11.10.2 | |
| java-offline-buildpack | 4.50 | |
| log-cache | 2.11.12 | |
| loggregator | 106.6.8 | |
| loggregator-agent | 6.4.3 | |
| mapfs | 1.2.6 | |
| metric-registrar | 1.2.9 | |
| metrics-discovery | 3.1.1 | |
| mysql-monitoring | 9.15.0 | |
| nats | 42 | |
| nfs-volume | 7.1.1 | |
| nginx-offline-buildpack | 1.1.41 | |
| nodejs-offline-buildpack | 1.7.72 | |
| notifications | 62 | |
| notifications-ui | 40 | |
| php-offline-buildpack | 4.4.64 | |
| push-apps-manager-release | 675.0.4 | |
| push-usage-service-release | 674.0.24 | |
| pxc | 0.44.0 | |
| python-offline-buildpack | 1.7.56 | |
| r-offline-buildpack | 1.1.31 | |
| routing | 0.236.0 |
v0.236.0
## What's Changed
* Gorouter restart script waits for the gorouter to be running before reloading monit
## ✨ Built with go 1.17.12
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.235.0...0.236.0
0.235.0
## What's Changed
* Gorouter healthchecker retries connection instead of monit (https://github.com/cloudfoundry/routing-release/pull/275)
## ✨ Built with go 1.17.11
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.234.0...0.235.0
0.234.0
## What's Changed
* Gorouter: the metrics package now uses `lsof` to monitor file descriptors on MacOS @domdom82 https://github.com/cloudfoundry/gorouter/pull/312
* 🐛 Bumped the `lager` dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable. Thanks @ameowlia!
* Now tested with the bionic stemcell in CI
## ✨ Built with go 1.17.11
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.233.0...0.234.0
0.233.0
## What's Changed
* TCP Router: Add locking to the haproxy_reloader script to avoid haproxy reload/restart race conditions by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/269
* TCP Router: Bump HAProxy from 1.8.13 to 2.5.4 by @cunnie in https://github.com/cloudfoundry/routing-release/pull/266
* Gorouter: fix proxy round tripper race condition by @ameowlia and @geofffranks in https://github.com/cloudfoundry/gorouter/pull/318
* Routing API: fix timestamp precision issue that caused routes to be pruned unexpectedly by @geofffranks in https://github.com/cloudfoundry/routing-api/pull/24
* Routing API: remove `golang.x509ignoreCN` bosh property by @geofffranks and @mariash
* Routing API: fix bug that caused TCP Router's HAProxy to reload every minute by @jrussett in https://github.com/cloudfoundry/routing-api/pull/26.
## Manifest Property Changes
| Job | Property | Notes |
| --- | --- | --- |
| `routing-api` | `golang.x509ignoreCN` | This property exposed a go debug flag for go version 1.15. Since go 1.16 this go debug flag has had no affect. Removing this bosh property is part of our effort to keep our code base free of cruft. |
## ✨ Built with go 1.17.10
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.232.0...0.233.0
|
| ruby-offline-buildpack | 1.8.56 | |
| silk | 3.11.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| staticfile-offline-buildpack | 1.5.32 | |
| statsd-injector | 1.11.20 | |
| syslog | 11.8.1 | |
| system-metrics-scraper | 3.2.7 | |
| uaa | 74.5.46 |
2.12.15
Release Date: 07/19/2022
- [Security Fix] Update Content-Security-Policy
- [Feature] Enable telemetry for iptables rules on Diego cells
- [Feature] User has the ability to manage step up scaling app instances using Apps Manager
- [Feature Improvement] Deprecate Spring Cloud Connectors & Spring Auto Configuration support in Java Buildpack.
- [Bug Fix] Add health check script for Bosh DNS for Cloud Controller
- [Bug Fix] Fix dummy routes showing in the User Interface
- [Bug Fix] Fix role assignment when users are created through the CLI
- [Bug Fix] Fix share domain with organization screen from erroring out
- [Bug Fix] Resolves an issue with HAProxy log rotation creating null bytes and not freeing disk space after rotation
- [Bug Fix] Use Content-Disposition header as heapdump filename
- [Bug Fix] When Autoscaler is configured to use the RabbitMQ Queue Depth scaling metric in an autoscaling rule, you can specify a RabbitMQ service instance. If you specify a service instance, Autoscaler only requests metrics from that service instance.
- [Bug Fix] Autoscaler migration correctly handles manually-created service bindings index.
- [Bug Fix] Fixes Autoscaler edge case when using
http_throughputrules with scaling factor larger than1. - Bump backup-and-restore-sdk to version
1.18.43 - Bump cf-autoscaling to version
249.0.13 - Bump cf-cli to version
1.38.0 - Bump cf-networking to version
3.9.0 - Bump cflinuxfs3 to version
0.306.0 - Bump credhub to version
2.12.5 - Bump diego to version
2.62.0 - Bump garden-runc to version
1.20.8 - Bump go-offline-buildpack to version
1.9.47 - Bump java-offline-buildpack to version
4.49 - Bump metrics-discovery to version
3.1.0 - Bump nginx-offline-buildpack to version
1.1.39 - Bump nodejs-offline-buildpack to version
1.7.71 - Bump push-apps-manager-release to version
675.0.4 - Bump pxc to version
0.43.0 - Bump silk to version
3.9.0 - Bump uaa to version
74.5.44
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.252 | |
| backup-and-restore-sdk | 1.18.43 | |
| binary-offline-buildpack | 1.0.45 | |
| bosh-dns-aliases | 0.0.4 | |
| bosh-system-metrics-forwarder | 0.0.22 | |
| bpm | 1.1.18 | |
| capi | 1.117.7 | |
| cf-autoscaling | 249.0.13 | |
| cf-cli | 1.38.0 | |
| cf-networking | 3.9.0 | |
| cflinuxfs3 | 0.306.0 | |
| credhub | 2.12.5 |
2.12.5
### Security Fixes
- Bump various dependencies
### Bug Fixes
- Fix for URL path handling on Windows ([cloudfoundry/credhub issue 266](https://github.com/cloudfoundry/credhub/issues/266))
### Features
- CredHub now logs as info instead of error when a credential isn't found
- Added support for jammy-based stemcells that have openssl 3 ([pivotal/credhub-release issue 65](https://github.com/pivotal/credhub-release/issues/65))
|
| diego | 2.62.0 | |
| dotnet-core-offline-buildpack | 2.3.42 | |
| garden-runc | 1.20.8 | |
| go-offline-buildpack | 1.9.47 | |
| haproxy | 11.6.0 | |
| java-offline-buildpack | 4.49 | |
| log-cache | 2.11.11 | |
| loggregator | 106.6.7 | |
| loggregator-agent | 6.4.1 | |
| mapfs | 1.2.6 | |
| metric-registrar | 1.2.6 | |
| metrics-discovery | 3.1.0 | |
| mysql-monitoring | 9.15.0 | |
| nats | 42 | |
| nfs-volume | 7.1.1 | |
| nginx-offline-buildpack | 1.1.39 | |
| nodejs-offline-buildpack | 1.7.71 | |
| notifications | 62 | |
| notifications-ui | 40 | |
| php-offline-buildpack | 4.4.61 | |
| push-apps-manager-release | 675.0.4 | |
| push-usage-service-release | 674.0.24 | |
| pxc | 0.43.0 | |
| python-offline-buildpack | 1.7.54 | |
| r-offline-buildpack | 1.1.28 | |
| routing | 0.232.0 | |
| ruby-offline-buildpack | 1.8.54 | |
| silk | 3.9.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| staticfile-offline-buildpack | 1.5.30 | |
| statsd-injector | 1.11.19 | |
| syslog | 11.7.10 | |
| system-metrics-scraper | 3.2.5 | |
| uaa | 74.5.44 |
2.12.14
Release Date: 06/23/2022
Warning: Upcoming reduction in maintenance and security release coverage
In future patches, no sooner than July 1st 2022, some TAS components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components that use Go will no longer support TLS 1.0 or 1.1, or certificates using SHA-1. Use supported TLS protocols to avoid breaking changes and continue receiving maintenance and security releases.
- Bump diego to version
2.62.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.244 |
| backup-and-restore-sdk | 1.18.42 |
| binary-offline-buildpack | 1.0.45 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.22 |
| bpm | 1.1.18 |
| capi | 1.117.7 |
| cf-autoscaling | 249.0.7 |
| cf-cli | 1.33.0 |
| cf-networking | 3.6.0 |
| cflinuxfs3 | 0.299.0 |
| credhub | 2.12.4 |
| diego | 2.62.0 |
| dotnet-core-offline-buildpack | 2.3.42 |
| garden-runc | 1.20.6 |
| go-offline-buildpack | 1.9.46 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.48.3 |
| log-cache | 2.11.11 |
| loggregator | 106.6.7 |
| loggregator-agent | 6.4.1 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.6 |
| metrics-discovery | 3.0.13 |
| mysql-monitoring | 9.15.0 |
| nats | 42 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.38 |
| nodejs-offline-buildpack | 1.7.70 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.61 |
| push-apps-manager-release | 675.0.3 |
| push-usage-service-release | 674.0.24 |
| pxc | 0.42.0 |
| python-offline-buildpack | 1.7.54 |
| r-offline-buildpack | 1.1.28 |
| routing | 0.232.0 |
| ruby-offline-buildpack | 1.8.54 |
| silk | 3.6.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| staticfile-offline-buildpack | 1.5.30 |
| statsd-injector | 1.11.19 |
| syslog | 11.7.10 |
| system-metrics-scraper | 3.2.5 |
| uaa | 74.5.41 |
2.12.13
Release Date: 06/09/2022
- [Security Fix] Added Content-Security-Policy headers in UAA responses
- [Bug Fix] Fix metric registrar secure scraping with isolation segments
- [Bug Fix] Sticky sessions no longer break when used with route-services that return HTTP 4xx/5xx responses
- [Bug Fix/Improvement] Stop emitting debug metrics for agents and log-cache by default. Reduces load on logging system by >=720 metrics per vm per minute
- [Breaking Change] If you followed the procedure in Autoscale application fails with MySQL Deadlock errors to manually add an index to an Autoscale database, and the index is not dropped before you upgrade to TAS for VMs v2.12.13, upgrading causes an error.
- Bump backup-and-restore-sdk to version
1.18.42 - Bump binary-offline-buildpack to version
1.0.45 - Bump bosh-system-metrics-forwarder to version
0.0.22 - Bump bpm to version
1.1.18 - Bump capi to version
1.117.7 - Bump cf-autoscaling to version
249.0.7 - Bump cf-networking to version
3.6.0 - Bump cflinuxfs3 to version
0.299.0 - Bump diego to version
2.64.0 - Bump dotnet-core-offline-buildpack to version
2.3.42 - Bump garden-runc to version
1.20.6 - Bump go-offline-buildpack to version
1.9.46 - Bump java-offline-buildpack to version
4.48.3 - Bump log-cache to version
2.11.11 - Bump loggregator to version
106.6.7 - Bump loggregator-agent to version
6.4.1 - Bump metric-registrar to version
1.2.6 - Bump metrics-discovery to version
3.0.13 - Bump nginx-offline-buildpack to version
1.1.38 - Bump nodejs-offline-buildpack to version
1.7.70 - Bump php-offline-buildpack to version
4.4.61 - Bump push-usage-service-release to version
674.0.24 - Bump python-offline-buildpack to version
1.7.54 - Bump routing to version
0.232.0 - Bump ruby-offline-buildpack to version
1.8.54 - Bump silk to version
3.6.0 - Bump staticfile-offline-buildpack to version
1.5.30 - Bump statsd-injector to version
1.11.19 - Bump syslog to version
11.7.10 - Bump system-metrics-scraper to version
3.2.5 - Bump uaa to version
74.5.41
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.244 | |
| backup-and-restore-sdk | 1.18.42 | |
| binary-offline-buildpack | 1.0.45 | |
| bosh-dns-aliases | 0.0.4 | |
| bosh-system-metrics-forwarder | 0.0.22 | |
| bpm | 1.1.18 | |
| capi | 1.117.7 | |
| cf-autoscaling | 249.0.7 | |
| cf-cli | 1.33.0 | |
| cf-networking | 3.6.0 | |
| cflinuxfs3 | 0.299.0 | |
| credhub | 2.12.4 | |
| diego | 2.64.0 | |
| dotnet-core-offline-buildpack | 2.3.42 | |
| garden-runc | 1.20.6 | |
| go-offline-buildpack | 1.9.46 | |
| haproxy | 11.6.0 | |
| java-offline-buildpack | 4.48.3 | |
| log-cache | 2.11.11 | |
| loggregator | 106.6.7 | |
| loggregator-agent | 6.4.1 | |
| mapfs | 1.2.6 | |
| metric-registrar | 1.2.6 | |
| metrics-discovery | 3.0.13 | |
| mysql-monitoring | 9.15.0 | |
| nats | 42 | |
| nfs-volume | 7.1.1 | |
| nginx-offline-buildpack | 1.1.38 | |
| nodejs-offline-buildpack | 1.7.70 | |
| notifications | 62 | |
| notifications-ui | 40 | |
| php-offline-buildpack | 4.4.61 | |
| push-apps-manager-release | 675.0.3 | |
| push-usage-service-release | 674.0.24 | |
| pxc | 0.42.0 | |
| python-offline-buildpack | 1.7.54 | |
| r-offline-buildpack | 1.1.28 | |
| routing | 0.232.0 |
0.232.0
## What's Changed
* Fixing issue #250: Return a 503 not a 404 when all instances down by @kecirlotfi in https://github.com/cloudfoundry/routing-release/pull/268 and https://github.com/cloudfoundry/gorouter/pull/314
* Fixing issue https://github.com/cloudfoundry/gorouter/pull/315: Fix route service pruning by @geofffranks
## Manifest Property Changes
| Job | Property | default | notes |
| --- | --- | --- | --- |
| `gorouter` | `for_backwards_compatibility_only.empty_pool_response_code_503` | `0s` | This property was added to enable https://github.com/cloudfoundry/routing-release/pull/268 |
## New Contributors 🎉
* @kecirlotfi made their first contribution! Thanks so much!
## ✨ Built with go 1.17.9
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.231.0...0.232.0
|
| ruby-offline-buildpack | 1.8.54 | |
| silk | 3.6.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| staticfile-offline-buildpack | 1.5.30 | |
| statsd-injector | 1.11.19 | |
| syslog | 11.7.10 | |
| system-metrics-scraper | 3.2.5 | |
| uaa | 74.5.41 |
2.12.12
Release Date: 04/20/2022
- [Feature Improvement] Add option to configure CC BBR health check timeout
- [Feature Improvement] Enforce service name uniqueness in shared services in spaces
- [Breaking Change] Syslog drains configured to use TLS now reject certificates signed with the SHA-1 hash function.
- Bump backup-and-restore-sdk to version
1.18.39 - Bump binary-offline-buildpack to version
1.0.43 - Bump capi to version
1.117.6 - Bump cf-autoscaling to version
249.0.2 - Bump cflinuxfs3 to version
0.285.0 - Bump credhub to version
2.12.4 - Bump diego to version
2.62.0 - Bump dotnet-core-offline-buildpack to version
2.3.41 - Bump go-offline-buildpack to version
1.9.42 - Bump java-offline-buildpack to version
4.48.2 - Bump log-cache to version
2.11.8 - Bump loggregator to version
106.6.4 - Bump loggregator-agent to version
6.3.11 - Bump metrics-discovery to version
3.0.10 - Bump nginx-offline-buildpack to version
1.1.37 - Bump nodejs-offline-buildpack to version
1.7.69 - Bump php-offline-buildpack to version
4.4.59 - Bump pxc to version
0.42.0 - Bump python-offline-buildpack to version
1.7.53 - Bump r-offline-buildpack to version
1.1.28 - Bump ruby-offline-buildpack to version
1.8.53 - Bump uaa to version
74.5.37
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.224 | |
| backup-and-restore-sdk | 1.18.39 | |
| binary-offline-buildpack | 1.0.43 | |
| bosh-dns-aliases | 0.0.4 | |
| bosh-system-metrics-forwarder | 0.0.21 | |
| bpm | 1.1.16 | |
| capi | 1.117.6 | |
| cf-autoscaling | 249.0.2 |
v249.0.2
## What's Changed
* Bump github.com/onsi/gomega from 1.18.1 to 1.19.0 in /src by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/640
* bump spring boot for cve CVE-2022-22965 by @Benjamintf1 in https://github.com/pivotal-cf/cf-autoscaling-release/pull/646
* Bump log4j-to-slf4j from 2.17.1 to 2.17.2 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/619
* Bump log4j-api from 2.17.1 to 2.17.2 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/618
* Bump gson from 2.8.6 to 2.9.0 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/611
* Bump spock-core from 2.0-groovy-3.0 to 2.1-groovy-3.0 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/613
* Bump objenesis from 3.1 to 3.2 in /src/cf-autoscaling/api by @dependabot in https://github.com/pivotal-cf/cf-autoscaling-release/pull/479
**Full Changelog**: https://github.com/pivotal-cf/cf-autoscaling-release/compare/v249.0.1...v249.0.2
v249.0.1
## What's Changed
* Pin jackson-databind to 2.13.2.2 to address [CVE-2020-36518](https://nvd.nist.gov/vuln/detail/CVE-2020-36518)
* Unpin tomcat dependencies in autoscale API in https://github.com/pivotal-cf/cf-autoscaling-release/pull/636
* Bump autoscale API dependencies in https://github.com/pivotal-cf/cf-autoscaling-release/pull/612, https://github.com/pivotal-cf/cf-autoscaling-release/pull/625, https://github.com/pivotal-cf/cf-autoscaling-release/pull/525, https://github.com/pivotal-cf/cf-autoscaling-release/pull/634
**Full Changelog**: https://github.com/pivotal-cf/cf-autoscaling-release/compare/v249...v249.0.1
|
| cf-cli | 1.33.0 | |
| cf-networking | 3.3.0 | |
| cflinuxfs3 | 0.285.0 | |
| credhub | 2.12.4 |
2.12.4
### Security Fixes
- Bump various dependencies.
2.12.3
### Security Fixes
- Bump various dependencies.
|
| diego | 2.62.0 | |
| dotnet-core-offline-buildpack | 2.3.41 | |
| garden-runc | 1.20.3 | |
| go-offline-buildpack | 1.9.42 | |
| haproxy | 11.6.0 | |
| java-offline-buildpack | 4.48.2 | |
| log-cache | 2.11.8 |
v2.11.8
## Release Highlights
Pin Go back to go1.17.
[Go 1.18 includes changes to memory management](https://tip.golang.org/doc/go1.18#runtime) and we'd like to get more familiarity with these changes and their impact before bumping.
### ✨ Built with golang 1.17.8
v2.11.7
- fix bug with large messages (#58)
- bump-golang to v0.100.0(now 1.18)
v2.11.6
* fix prom scraper config (#55)
* bump-golang to v0.99.0
* Remove useless GODEBUG flag `x509ignoreCN`
|
| loggregator | 106.6.4 |
v106.6.4
- fix bug with large messages (#430)
- bump-golang to v0.100.0(now 1.18)
|
| loggregator-agent | 6.3.11 |
v6.3.11
- fix bug with large messages (#89)
- bump-golang to v0.100.0(now 1.18)
|
| mapfs | 1.2.6 | |
| metric-registrar | 1.2.5 | |
| metrics-discovery | 3.0.10 |
v3.0.10
- fix bug with large messages (#22)
- bump-golang to v0.100.0(now 1.18)
|
| mysql-monitoring | 9.15.0 | |
| nats | 42 | |
| nfs-volume | 7.1.1 | |
| nginx-offline-buildpack | 1.1.37 | |
| nodejs-offline-buildpack | 1.7.69 | |
| notifications | 62 | |
| notifications-ui | 40 | |
| php-offline-buildpack | 4.4.59 | |
| push-apps-manager-release | 675.0.3 | |
| push-usage-service-release | 674.0.23 | |
| pxc | 0.42.0 | |
| python-offline-buildpack | 1.7.53 | |
| r-offline-buildpack | 1.1.28 | |
| routing | 0.231.0 | |
| ruby-offline-buildpack | 1.8.53 | |
| silk | 3.3.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| staticfile-offline-buildpack | 1.5.29 | |
| statsd-injector | 1.11.18 | |
| syslog | 11.7.7 | |
| system-metrics-scraper | 3.2.4 | |
| uaa | 74.5.37 |
2.12.11
Release Date: 04/06/2022
- [Security Fix] This release fixes CVE-2022-22965; note that the “fix” in the immediately prior version did not actually address the vulnerability, as Spring framework dependencies in UAA that should have been updated, were not. We have confirmed this version actually contains the dependency bumps, and that it is no longer vulnerable to our confirmed exploit. We consider this patch necessary for secure operation; see the VMware Security Advisory here for more details. This release also includes a new version of the Java Buildpack.
- Bump java-offline-buildpack to version
4.48.2 - Bump uaa to version
74.5.37
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.224 |
| backup-and-restore-sdk | 1.18.34 |
| binary-offline-buildpack | 1.0.42 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.21 |
| bpm | 1.1.16 |
| capi | 1.117.4 |
| cf-autoscaling | 249 |
| cf-cli | 1.33.0 |
| cf-networking | 3.3.0 |
| cflinuxfs3 | 0.279.0 |
| credhub | 2.12.1 |
| diego | 2.61.0 |
| dotnet-core-offline-buildpack | 2.3.40 |
| garden-runc | 1.20.3 |
| go-offline-buildpack | 1.9.41 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.48.2 |
| log-cache | 2.11.5 |
| loggregator | 106.6.3 |
| loggregator-agent | 6.3.10 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.5 |
| metrics-discovery | 3.0.9 |
| mysql-monitoring | 9.15.0 |
| nats | 42 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.36 |
| nodejs-offline-buildpack | 1.7.67 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.57 |
| push-apps-manager-release | 675.0.3 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.41.0 |
| python-offline-buildpack | 1.7.51 |
| r-offline-buildpack | 1.1.27 |
| routing | 0.231.0 |
| ruby-offline-buildpack | 1.8.52 |
| silk | 3.3.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| staticfile-offline-buildpack | 1.5.29 |
| statsd-injector | 1.11.18 |
| syslog | 11.7.7 |
| system-metrics-scraper | 3.2.4 |
| uaa | 74.5.37 |
2.12.10
Release Date: 03/31/2022
- [Security Fix] This release was intended to address CVE-2022-22965, but did not actually update the vulnerable dependencies. Upgrade to a more recent patch version instead. See the VMware Security Advisory here for more details.
- Bump uaa to version
74.5.36
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.224 |
| backup-and-restore-sdk | 1.18.34 |
| binary-offline-buildpack | 1.0.42 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.21 |
| bpm | 1.1.16 |
| capi | 1.117.4 |
| cf-autoscaling | 249 |
| cf-cli | 1.33.0 |
| cf-networking | 3.3.0 |
| cflinuxfs3 | 0.279.0 |
| credhub | 2.12.1 |
| diego | 2.61.0 |
| dotnet-core-offline-buildpack | 2.3.40 |
| garden-runc | 1.20.3 |
| go-offline-buildpack | 1.9.41 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.48 |
| log-cache | 2.11.5 |
| loggregator | 106.6.3 |
| loggregator-agent | 6.3.10 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.5 |
| metrics-discovery | 3.0.9 |
| mysql-monitoring | 9.15.0 |
| nats | 42 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.36 |
| nodejs-offline-buildpack | 1.7.67 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.57 |
| push-apps-manager-release | 675.0.3 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.41.0 |
| python-offline-buildpack | 1.7.51 |
| r-offline-buildpack | 1.1.27 |
| routing | 0.231.0 |
| ruby-offline-buildpack | 1.8.52 |
| silk | 3.3.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| staticfile-offline-buildpack | 1.5.29 |
| statsd-injector | 1.11.18 |
| syslog | 11.7.7 |
| system-metrics-scraper | 3.2.4 |
| uaa | 74.5.36 |
2.12.9
Release Date: 03/31/2022
- [Security Fix] This release fixes CVE-2022-23806 and CVE-2022-23772.
- [Bug Fix] Assign cloud_controller.read and cloud_controller.write scopes to service brokers created using CF CLI v8
- [Bug Fix] CAPI: Quota metrics are no longer filtered when syslog ingress is turned on
- [Bug Fix] Propagate updated user provided service environment variables to bound applications for CF CLI v8
- [Bug Fix] Resolve an issue resulting in tcp-router repeatedly respawning haproxy until it hits a forked process limit
- [Bug Fix] Resolves an issue where invalid seeded router group values should caused breaking changes
- [Bug fix] Remove x509ignoreCN option in Gorouter
- Bump capi to version
1.117.4 - Bump cf-autoscaling to version
249 - Bump cf-networking to version
3.3.0 - Bump cflinuxfs3 to version
0.279.0 - Bump credhub to version
2.12.1 - Bump diego to version
2.61.0 - Bump dotnet-core-offline-buildpack to version
2.3.40 - Bump garden-runc to version
1.20.3 - Bump go-offline-buildpack to version
1.9.41 - Bump loggregator to version
106.6.3 - Bump loggregator-agent to version
6.3.10 - Bump metric-registrar to version
1.2.5 - Bump metrics-discovery to version
3.0.9 - Bump nginx-offline-buildpack to version
1.1.36 - Bump nodejs-offline-buildpack to version
1.7.67 - Bump php-offline-buildpack to version
4.4.57 - Bump python-offline-buildpack to version
1.7.51 - Bump r-offline-buildpack to version
1.1.27 - Bump routing to version
0.231.0 - Bump ruby-offline-buildpack to version
1.8.52 - Bump silk to version
3.3.0 - Bump staticfile-offline-buildpack to version
1.5.29 - Bump uaa to version
74.5.35
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.224 | |
| backup-and-restore-sdk | 1.18.34 | |
| binary-offline-buildpack | 1.0.42 | |
| bosh-dns-aliases | 0.0.4 | |
| bosh-system-metrics-forwarder | 0.0.21 | |
| bpm | 1.1.16 | |
| capi | 1.117.4 | |
| cf-autoscaling | 249 | |
| cf-cli (v7/v8)* | 1.33.0 | |
| cf-networking | 3.3.0 | |
| cflinuxfs3 | 0.279.0 | |
| credhub | 2.12.1 |
2.12.1
### Security Fixes
- Bump various dependencies.
2.12.0
### Security Fixes
- Bump various dependencies.
### Bug Fixes
- Fixes an issue where CredHub experiences downtime during certificate rotation process by making CredHub properly load concatenated mTLS CA certificates.
### Features
- CredHub is now compatible with Postgres 13, 14.
2.11.1
### Dependency Bumps
- Bumps log4j2 to 2.17.1
2.11.0
### Security Fixes
- Further addresses [CVE with Log4j library](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q) and [its prior incomplete fix](https://github.com/advisories/GHSA-7rjr-3q55-vv33) by bumping to log4j2 2.16.0.
2.10.0
### Security Fixes
- Addresses [CVE with Log4j library](https://github.com/advisories/GHSA-jfh8-c2jp-5v3q)
### Features
- Adds a minimum duration server-level configuration fields for leaf and CA certificates: `certificates.leaf_minimum_duration_in_days` and `certificates.ca_minimum_duration_in_days`. When these fields are configured, if a request to generate or regenerate a certificate has a duration lower than the minimum, then the minimum duration is used instead. (https://github.com/cloudfoundry/credhub/pull/201)
|
| diego | 2.61.0 | |
| dotnet-core-offline-buildpack | 2.3.40 | |
| garden-runc | 1.20.3 | |
| go-offline-buildpack | 1.9.41 | |
| haproxy | 11.6.0 | |
| java-offline-buildpack | 4.48 | |
| log-cache | 2.11.5 | |
| loggregator | 106.6.3 | |
| loggregator-agent | 6.3.10 | |
| mapfs | 1.2.6 | |
| metric-registrar | 1.2.5 | |
| metrics-discovery | 3.0.9 | |
| mysql-monitoring | 9.15.0 | |
| nats | 42 | |
| nfs-volume | 7.1.1 | |
| nginx-offline-buildpack | 1.1.36 | |
| nodejs-offline-buildpack | 1.7.67 | |
| notifications | 62 | |
| notifications-ui | 40 | |
| php-offline-buildpack | 4.4.57 | |
| push-apps-manager-release | 675.0.3 | |
| push-usage-service-release | 674.0.23 | |
| pxc | 0.41.0 | |
| python-offline-buildpack | 1.7.51 | |
| r-offline-buildpack | 1.1.27 | |
| routing | 0.231.0 |
0.231.0
## Bug Fixes
- Removed the x509ignoreCN property. Now that `gorouter` is built on golang 1.17, it
no longer has any effect on gorouter behavior, and was only adding to confusion in
the properties
- Resolve an issue with route-registrar using the same TTL as it's RegistrationInterval
for tcp routes, leading to unnecessary churn of pruned + re-registered routes.
- Resolve an issue with Routing API where upserts to tcp routes were causing change
events to be emitted when the only change was a bump in TTL. This led to an issue
where tcp-router was constantly reloading haproxy with every route's heartbeat
registration call.
## Manifest Property Changes
| Job | Property | 0.230.0 | 0.231.0 |
| --- | --- | --- | --- |
| `gorouter` | `golang.x509ignoreCN` | false | No longer exists |
| `route_registrar` | `golang.x509ignoreCN` | false | No longer exists |
| `tcp_router` | `golang.x509ignoreCN` | false | No longer exists |
### ✨ Built with golang 1.17.8
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.230.0...0.231.0
0.230.0
## Feature
* update gorouter for prometheus scraping by @Benjamintf1 in https://github.com/cloudfoundry/routing-release/pull/258
## Bug Fix
* Invalid seeded router group manifest values should no longer cause breaking changes by default by @ameowlia in https://github.com/cloudfoundry/routing-release/pull/261
### ✨ Built with golang 1.17.7
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.229.0...0.230.0
|
| ruby-offline-buildpack | 1.8.52 | |
| silk | 3.3.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| staticfile-offline-buildpack | 1.5.29 | |
| statsd-injector | 1.11.18 | |
| syslog | 11.7.7 | |
| system-metrics-scraper | 3.2.4 | |
| uaa | 74.5.35 |
2.12.8
Release Date: 02/28/2022
- [Feature Improvement] Due to routing-release now being built with Golang 1.17, all certificates provided MUST contain SAN entries on them. The previous workaround of setting “Enable temporary workaround for certs without SANs” will no longer function.
- [Feature Improvement] Per Golang 1.17’s new and stricter IP parsing standards, any IP addrs with leading zeros in any octets will result in a BOSH template failure to allow operators to remove the leading zeros and try again (affects properties fed into diego-release, garden-runc-release, winc-release, nats-release, and routing-release),.
- [Feature Improvement] UAA is compatible with MySQL 8
- [Feature Improvement] Enable TLS for container-to-container communication. See docs here for more info. Warning: this feature introduces a migration to the bbs database. Rolling back from this release will cause database issues.
- [Bug Fix] Fix default metric registrar blocked tags to include ‘ip’ and remove 'id’
- [Bug Fix] Fix metric-registrar blocked tags configuration
- [Bug Fix] Fixes an issue related to the parsing of the X-B3-TraceId and X-B3-SpanId HTTP headers
- [Bug Fix] Restore missing networking and garden metrics
- [Bug Fix] Smoke tests support for TLSv1.3 only option
- Bump backup-and-restore-sdk to version
1.18.34 - Bump cf-autoscaling to version
248 - Bump cflinuxfs3 to version
0.274.0 - Bump credhub to version
2.9.9 - Bump diego to version
2.58.1 - Bump garden-runc to version
1.20.0 - Bump loggregator-agent to version
6.3.8 - Bump metric-registrar to version
1.2.4 - Bump metrics-discovery to version
3.0.8 - Bump nats to version
42 - Bump routing to version
0.229.0 - Bump smoke-tests to version
4.5.0 - Bump uaa to version
74.5.34
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.211 |
| backup-and-restore-sdk | 1.18.34 |
| binary-offline-buildpack | 1.0.42 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.21 |
| bpm | 1.1.16 |
| capi | 1.117.2 |
| cf-autoscaling | 248 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.43.0 |
| cflinuxfs3 | 0.274.0 |
| credhub | 2.9.9 |
| diego | 2.58.1 |
| dotnet-core-offline-buildpack | 2.3.38 |
| garden-runc | 1.20.0 |
| go-offline-buildpack | 1.9.38 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.48 |
| log-cache | 2.11.5 |
| loggregator | 106.6.2 |
| loggregator-agent | 6.3.8 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.4 |
| metrics-discovery | 3.0.8 |
| mysql-monitoring | 9.15.0 |
| nats | 42 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.34 |
| nodejs-offline-buildpack | 1.7.66 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.55 |
| push-apps-manager-release | 675.0.3 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.41.0 |
| python-offline-buildpack | 1.7.49 |
| r-offline-buildpack | 1.1.25 |
| routing | 0.229.0 |
| ruby-offline-buildpack | 1.8.50 |
| silk | 2.43.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| staticfile-offline-buildpack | 1.5.28 |
| statsd-injector | 1.11.18 |
| syslog | 11.7.7 |
| system-metrics-scraper | 3.2.4 |
| uaa | 74.5.34 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.7
Release Date: 02/07/2022
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
- [Security Fix] Diego - Bump containerd to v1.5.9 to address (CVE-2021-43816)
- [Security Fix] Bump routing release to v0.228.0 to address (CVE-2021-44716)
- [Feature] Monit thresholds for the Cloud Controller worker are configurable
- [Feature] Operators can sort apps by status in Apps Manager
- [Feature] Apps can be step-scaled up or down in Autoscaler. See About App Autoscaler.
- [Feature Improvement] Apps Manager supports HTTP/2
- [Feature Improvement] Operators can assign the Space Supporter role in Apps Manager
- [Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so IP addresses with leading zeros in any octets cause a BOSH template failure. Operators can remove the leading zeros and try deploying again. This affects properties that feed into cf-networking-release, silk-release, loggregator-agent-release, and syslog-release. Syslog drains and metric registrar endpoints registered using user-provided services might also be affected.
- [Bug Fix] Adds the ability to parse the cost object in service plan
- [Bug Fix] Fix race conditions that could cause Autoscaler to crash
- Bump backup-and-restore-sdk to version
1.18.32 - Bump binary-offline-buildpack to version
1.0.42 - Bump bosh-system-metrics-forwarder to version
0.0.21 - Bump bpm to version
1.1.16 - Bump cf-autoscaling to version
247 - Bump cf-networking to version
2.43.0 - Bump cflinuxfs3 to version
0.272.0 - Bump diego to version
2.57.0 - Bump dotnet-core-offline-buildpack to version
2.3.38 - Bump go-offline-buildpack to version
1.9.38 - Bump java-offline-buildpack to version
4.48 - Bump log-cache to version
2.11.5 - Bump loggregator to version
106.6.2 - Bump loggregator-agent to version
6.3.7 - Bump metric-registrar to version
1.2.3 - Bump metrics-discovery to version
3.0.7 - Bump nats to version
41 - Bump nginx-offline-buildpack to version
1.1.34 - Bump nodejs-offline-buildpack to version
1.7.66 - Bump php-offline-buildpack to version
4.4.55 - Bump push-apps-manager-release to version
675.0.3 - Bump pxc to version
0.41.0 - Bump python-offline-buildpack to version
1.7.49 - Bump r-offline-buildpack to version
1.1.25 - Bump routing to version
0.228.0 - Bump ruby-offline-buildpack to version
1.8.50 - Bump silk to version
2.43.0 - Bump smoke-tests to version
4.4.0 - Bump staticfile-offline-buildpack to version
1.5.28 - Bump statsd-injector to version
1.11.18 - Bump syslog to version
11.7.7 - Bump system-metrics-scraper to version
3.2.4 - Bump uaa to version
74.5.31
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.198 |
| backup-and-restore-sdk | 1.18.32 |
| binary-offline-buildpack | 1.0.42 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.21 |
| bpm | 1.1.16 |
| capi | 1.117.2 |
| cf-autoscaling | 247 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.43.0 |
| cflinuxfs3 | 0.272.0 |
| credhub | 2.9.8 |
| diego | 2.57.0 |
| dotnet-core-offline-buildpack | 2.3.38 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.38 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.48 |
| log-cache | 2.11.5 |
| loggregator | 106.6.2 |
| loggregator-agent | 6.3.7 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.3 |
| metrics-discovery | 3.0.7 |
| mysql-monitoring | 9.15.0 |
| nats | 41 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.34 |
| nodejs-offline-buildpack | 1.7.66 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.55 |
| push-apps-manager-release | 675.0.3 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.41.0 |
| python-offline-buildpack | 1.7.49 |
| r-offline-buildpack | 1.1.25 |
| routing | 0.228.0 |
| ruby-offline-buildpack | 1.8.50 |
| silk | 2.43.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.4.0 |
| staticfile-offline-buildpack | 1.5.28 |
| statsd-injector | 1.11.18 |
| syslog | 11.7.7 |
| system-metrics-scraper | 3.2.4 |
| uaa | 74.5.31 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.6
Release Date: 12/21/2021
Warning:
See the following warnings:
- VMware recommends upgrading TAS for VMs as soon as possible to address CVE-2021-44228. If you are unable to upgrade, you can mitigate this CVE manually. See Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in Tanzu Application Service v2.7 - v2.12.
- This vulnerability also affects Ops Manager. VMware recommends upgrading to Ops Manager v2.10.24 as soon as possible. For more information, see the Ops Manager v2.10.24 release notes.
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
- [Security Fix] Fix uncontrolled recursion related to Log4j (CVE-2021-45105)
- [Bug Fix] Cloud Controller Worker: PruneExcessAppRevisions job is more memory efficient
- [Breaking Change] Gorouter: zipkin
trace-idsize complies with w3 standard of 16 bytes opposed to the previous 8 bytes. - Bump credhub to version
2.9.8which has Log4j2.17.0 - Bump java-offline-buildpack to version
4.47 - Bump routing to version
0.227.0 - Bump uaa to version
74.5.30which has Log4j2.17.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | ~621 |
| backup-and-restore-sdk | 1.18.28 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.15 |
| capi | 1.117.2 |
| cf-autoscaling | 242 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.42.0 |
| cflinuxfs3 | 0.268.0 |
| credhub | 2.9.8 |
| diego | 2.54.0 |
| dotnet-core-offline-buildpack | 2.3.36 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.37 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.47 |
| log-cache | 2.11.4 |
| loggregator | 106.6.1 |
| loggregator-agent | 6.3.5 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.32 |
| nodejs-offline-buildpack | 1.7.63 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.53 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.39.0 |
| python-offline-buildpack | 1.7.47 |
| r-offline-buildpack | 1.1.23 |
| routing | 0.227.0 |
| ruby-offline-buildpack | 1.8.48 |
| silk | 2.41.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.1 |
| staticfile-offline-buildpack | 1.5.26 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.6 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.30 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.5
Release Date: 12/16/2021
Warning:
See the following warnings:
- VMware recommends upgrading TAS for VMs as soon as possible to address CVE-2021-44228. If you are unable to upgrade, you can mitigate this CVE manually. See Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in Tanzu Application Service v2.7 - v2.12.
- This vulnerability also affects Ops Manager. VMware recommends upgrading to Ops Manager v2.10.24 as soon as possible. For more information, see the Ops Manager v2.10.24 release notes.
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
- [Security Fix] Fix remote code execution vulnerability related to Log4j (CVE-2021-45046)
- Bump credhub to version
2.9.7which has Log4j2.16.0 - Bump java-offline-buildpack to version
4.45 - Bump php-offline-buildpack to version
4.4.53 - Bump uaa to version
74.5.29which has Log4j2.16.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | ~621 |
| backup-and-restore-sdk | 1.18.28 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.15 |
| capi | 1.117.2 |
| cf-autoscaling | 242 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.42.0 |
| cflinuxfs3 | 0.268.0 |
| credhub | 2.9.7 |
| diego | 2.54.0 |
| dotnet-core-offline-buildpack | 2.3.36 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.37 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.45 |
| log-cache | 2.11.4 |
| loggregator | 106.6.1 |
| loggregator-agent | 6.3.5 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.32 |
| nodejs-offline-buildpack | 1.7.63 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.53 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.39.0 |
| python-offline-buildpack | 1.7.47 |
| r-offline-buildpack | 1.1.23 |
| routing | 0.227.0 |
| ruby-offline-buildpack | 1.8.48 |
| silk | 2.41.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.1 |
| staticfile-offline-buildpack | 1.5.26 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.6 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.29 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.4
Release Date: 12/15/2021
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
Warning:
See the following warnings:
- VMware recommends upgrading TAS for VMs as soon as possible to address CVE-2021-44228. If you are unable to upgrade, you can mitigate this CVE manually. See Workaround instructions to address CVE-2021-44228 and CVE-2021-45046 in Tanzu Application Service v2.7 - v2.12.
- This vulnerability also affects Ops Manager. VMware recommends upgrading to Ops Manager v2.10.24 as soon as possible. For more information, see the Ops Manager v2.10.24 release notes.
- [Security Fix] Java and PHP Buildpacks - Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
- [Bug Fix] Fix “pre-start scripts failed. Failed Jobs: policy-server” error Upgrading to CF Networking Release v2.40.0
- [Bug Fix] Enables audit logging file rotation to reduce I/O load during log rotation
- [Bug Fix] Smoke Tests uses specified domain for Isolation Segments
- [Feature Improvement] Cloud Controller - Allow operators to configure the Cloud Controller monit healthcheck timeout
- Bump capi to version
1.117.2 - Bump cf-cli to version
1.33.0 - Bump cf-networking to version
2.42.0 - Bump garden-runc to version
1.19.30 - Bump haproxy to version
11.6.0 - Bump java-offline-buildpack to version
4.44 - Bump php-offline-buildpack to version
4.4.52 - Bump smoke-tests to version
4.3.1
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | ~621 |
| backup-and-restore-sdk | 1.18.28 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.15 |
| capi | 1.117.2 |
| cf-autoscaling | 242 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.42.0 |
| cflinuxfs3 | 0.268.0 |
| credhub | 2.9.6 |
| diego | 2.54.0 |
| dotnet-core-offline-buildpack | 2.3.36 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.37 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.44 |
| log-cache | 2.11.4 |
| loggregator | 106.6.1 |
| loggregator-agent | 6.3.5 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.32 |
| nodejs-offline-buildpack | 1.7.63 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.52 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.39.0 |
| python-offline-buildpack | 1.7.47 |
| r-offline-buildpack | 1.1.23 |
| routing | 0.227.0 |
| ruby-offline-buildpack | 1.8.48 |
| silk | 2.41.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.1 |
| staticfile-offline-buildpack | 1.5.26 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.6 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.28 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.3
Release Date: 12/13/2021
Warning:
See the following warnings:
- VMware recommends upgrading TAS for VMs as soon as possible to address CVE-2021-44228. If you are unable to upgrade, you can mitigate this CVE manually. See Instructions to address CVE-2021-44228 in Tanzu Application Service (2.7 through 2.12).
- This release does not contain the Java buildpack bump for this vulnerability. You must manually bump the Java buildpack and lock the version. Download the updated buildpack from VMware Tanzu Network.
- This vulnerability also affects Ops Manager. VMware recommends upgrading to Ops Manager v2.10.24 as soon as possible. For more information, see the Ops Manager v2.10.24 release notes.
- [Security Fix] UAA and CredHub - Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
- [Bug Fix] Diego - Envoy v1.19 uses the original TCP connection pool so that it can accept more than 1024 downstream connections
- Bump credhub to version
2.9.6which has Log4j2.15.0 - Bump diego to version
2.54.0 - Bump uaa to version
74.5.28which has Log4j2.15.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.176 |
| backup-and-restore-sdk | 1.18.26 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.15 |
| capi | 1.117.1 |
| cf-autoscaling | 241 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.40.0 |
| cflinuxfs3 | 0.264.0 |
| credhub | 2.9.6 |
| diego | 2.54.0 |
| dotnet-core-offline-buildpack | 2.3.36 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.37 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.42 |
| log-cache | 2.11.4 |
| loggregator | 106.6.1 |
| loggregator-agent | 6.3.4 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.32 |
| nodejs-offline-buildpack | 1.7.63 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.48 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.39.0 |
| python-offline-buildpack | 1.7.47 |
| r-offline-buildpack | 1.1.23 |
| routing | 0.226.0 |
| ruby-offline-buildpack | 1.8.48 |
| silk | 2.40.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| staticfile-offline-buildpack | 1.5.26 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.5 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.28 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.2
Release Date: 11/23/2021
- Bump backup-and-restore-sdk to version
1.18.26 - Bump bpm to version
1.1.15 - Bump cf-autoscaling to version
241 - Bump cf-networking to version
2.40.0 - Bump cflinuxfs3 to version
0.264.0 - Bump diego to version
2.53.1 - Bump dotnet-core-offline-buildpack to version
2.3.36 - Bump go-offline-buildpack to version
1.9.37 - Bump haproxy to version
11.6.0 - Bump loggregator to version
106.6.1 - Bump nodejs-offline-buildpack to version
1.7.63 - Bump php-offline-buildpack to version
4.4.48 - Bump python-offline-buildpack to version
1.7.47 - Bump r-offline-buildpack to version
1.1.23 - Bump routing to version
0.226.0 - Bump ruby-offline-buildpack to version
1.8.48 - Bump silk to version
2.40.0 - Bump staticfile-offline-buildpack to version
1.5.26
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | ~621 |
| backup-and-restore-sdk | 1.18.26 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.15 |
| capi | 1.117.1 |
| cf-autoscaling | 241 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.40.0 |
| cflinuxfs3 | 0.264.0 |
| credhub | 2.9.4 |
| diego | 2.53.1 |
| dotnet-core-offline-buildpack | 2.3.36 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.37 |
| haproxy | 11.6.0 |
| java-offline-buildpack | 4.42 |
| log-cache | 2.11.4 |
| loggregator | 106.6.1 |
| loggregator-agent | 6.3.4 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.32 |
| nodejs-offline-buildpack | 1.7.63 |
| notifications | 62 |
| notifications-ui | 40 |
| php-offline-buildpack | 4.4.48 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.39.0 |
| python-offline-buildpack | 1.7.47 |
| r-offline-buildpack | 1.1.23 |
| routing | 0.226.0 |
| ruby-offline-buildpack | 1.8.48 |
| silk | 2.40.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| staticfile-offline-buildpack | 1.5.26 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.5 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.26 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.1
Release Date: 10/20/2021
- [Security Fix] CAPI - Cap label selectors at 50 in queries and improve label selector performance to mitigate DOS vulnerability CVE-2021-22101
- [Feature Improvement] HTTP/2 toggle disables Diego container proxy ALPN
- [Feature Improvement] Set default for system metrics scrape interval to 15 seconds
- [Bug Fix] CAPI - Some metrics for CAPI were not being properly emitted
- [Bug Fix] Fix certificate rotation by fixing CredHub’s import of concatenated certificates
- [Bug Fix] Fix “System metrics scrape interval” configuration in manifest
- Bump backup-and-restore-sdk to version
1.18.22 - Bump bpm to version
1.1.14 - Bump capi to version
1.117.1 - Bump cflinuxfs3 to version
0.262.0 - Bump credhub to version
2.9.4 - Bump log-cache to version
2.11.4 - Bump nginx-offline-buildpack to version
1.1.32 - Bump nodejs-offline-buildpack to version
1.7.61 - Bump push-usage-service-release to version
674.0.23 - Bump pxc to version
0.39.0 - Bump python-offline-buildpack to version
1.7.46 - Bump r-offline-buildpack to version
1.1.22 - Bump ruby-offline-buildpack to version
1.8.47 - Bump uaa to version
74.5.26
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.0 |
| backup-and-restore-sdk | 1.18.22 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.14 |
| capi | 1.117.1 |
| cf-autoscaling | 239 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.38.0 |
| cflinuxfs3 | 0.262.0 |
| credhub | 2.9.4 |
| diego | 2.53.0 |
| dotnet-core-offline-buildpack | 2.3.34 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.34 |
| haproxy | 11.4.4 |
| java-offline-buildpack | 4.42 |
| log-cache | 2.11.4 |
| loggregator-agent | 6.3.4 |
| loggregator | 106.6.0 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.32 |
| nodejs-offline-buildpack | 1.7.61 |
| notifications-ui | 40 |
| notifications | 62 |
| php-offline-buildpack | 4.4.45 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.23 |
| pxc | 0.39.0 |
| python-offline-buildpack | 1.7.46 |
| r-offline-buildpack | 1.1.22 |
| routing | 0.224.0 |
| ruby-offline-buildpack | 1.8.47 |
| silk | 2.38.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| staticfile-offline-buildpack | 1.5.24 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.5 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.26 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
2.12.0
Release Date: October 4, 2021
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.0 |
| backup-and-restore-sdk | 1.18.18 |
| binary-offline-buildpack | 1.0.40 |
| bosh-dns-aliases | 0.0.4 |
| bosh-system-metrics-forwarder | 0.0.20 |
| bpm | 1.1.13 |
| capi | 1.117.0 |
| cf-autoscaling | 239 |
| cf-cli (v7/v8)* | 1.33.0 |
| cf-networking | 2.38.0 |
| cflinuxfs3 | 0.259.0 |
| credhub | 2.9.1 |
| diego | 2.53.0 |
| dotnet-core-offline-buildpack | 2.3.34 |
| garden-runc | 1.19.30 |
| go-offline-buildpack | 1.9.34 |
| haproxy | 11.4.4 |
| java-offline-buildpack | 4.42 |
| log-cache | 2.11.2 |
| loggregator-agent | 6.3.4 |
| loggregator | 106.6.0 |
| mapfs | 1.2.6 |
| metric-registrar | 1.2.2 |
| metrics-discovery | 3.0.6 |
| mysql-monitoring | 9.15.0 |
| nats | 40 |
| nfs-volume | 7.1.1 |
| nginx-offline-buildpack | 1.1.31 |
| nodejs-offline-buildpack | 1.7.57 |
| notifications-ui | 40 |
| notifications | 62 |
| php-offline-buildpack | 4.4.45 |
| push-apps-manager-release | 675.0.1 |
| push-usage-service-release | 674.0.20 |
| pxc | 0.37.0 |
| python-offline-buildpack | 1.7.45 |
| r-offline-buildpack | 1.1.21 |
| routing | 0.224.0 |
| ruby-offline-buildpack | 1.8.46 |
| silk | 2.38.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| staticfile-offline-buildpack | 1.5.24 |
| statsd-injector | 1.11.16 |
| syslog | 11.7.5 |
| system-metrics-scraper | 3.2.3 |
| uaa | 74.5.25 |
* The cf-cli version corresponds to the commercial distribution on VMware Tanzu Network.
How to Upgrade
To upgrade to TAS for VMs v2.12, see Configuring TAS for VMs for Upgrades.
When upgrading to TAS for VMs v2.12, be aware of the following upgrade considerations:
If you previously used an earlier version of TAS for VMs, you must first upgrade to TAS for VMs v2.11 to successfully upgrade to TAS for VMs v2.12.
Upgrade the cf CLI to the latest cf CLI v7 release, the latest cf CLI v8 release, or the commercial cf CLI distribution available on VMware Tanzu Network.
To minimize downtime for developers pushing apps, upgrade from TAS for VMs v2.11.9 or later. Upgrading from earlier patch versions can result in an
Unknown Errorwhen pushing apps.Some partner service tiles may be incompatible with TAS for VMs v2.12. VMware is working with partners to ensure their tiles are updated to work with the latest versions of TAS for VMs.
For information about which partner service releases are currently compatible with TAS for VMs v2.12, review the appropriate partners services release documentation at https://docs.pivotal.io or contact the partner organization that produces the tile.
New Features in TAS for VMs v2.12
TAS for VMs v2.12 includes the following major features:
TAS for VMs Is Compatible with cf CLI v8
TAS for VMs v2.12 paired with cf CLI v8 allows you to do the following:
- Push apps with end-to-end HTTP/2 routing
- Assign the Space Supporter role to users
- Manage services asynchronously
For more information, see Upgrading to cf CLI v8.
Gorouter Supports HTTP/2
Breaking Change: See Envoy Advertises HTTP/2 Support Over ALPN in the Breaking Changes section.
In TAS for VMs v2.12 and later, HTTP/2 support is enabled by default. HTTP/2 is the second major version of the the HTTP protocol.
HTTP/2 features the following improvements over HTTP/1.1:
- Uses a binary data format instead of plain text
- Compresses headers
- Multiplexes multiple HTTP requests over a single TCP connection
Together, these improvements can improve response times for some apps.
For more information about the HTTP/2 protocol, see RFC 7540.
For information about configuring support for HTTP/2 in TAS for VMs, see Configuring HTTP/2 Support.
For information about routing HTTP/2 traffic to your TAS for VMs apps, see Routing HTTP/2 and gRPC Traffic to Apps.
Gorouter Supports TLS v1.3
In TAS for VMs v2.12, the Gorouter supports TLS v1.3. New installations of TAS for VMs use TLS v1.3 for the Gorouter by default. If you are upgrading to TAS for VMs v2.12, the Gorouter uses TLS v1.2 by default.
You can select which versions of TLS that the Gorouter uses when you configure TAS for VMs. Selecting support for TLS v1.3 only is a beta feature in TAS for VMs v2.12.
For more information, see (Beta) Gorouter Can Support TLS v1.3 Connections Only in the Breaking Changes section.
New User Role: Space Supporter
TAS for VMs v2.12 introduces the Space Supporter role. Users with the Space Supporter role can do the following:
- View app logs and audit events
- Start, stop, and restart apps
- Scale apps
- Read, bind, and unbind existing service instances
Users with the Space Supporter role cannot do any of the following:
- View credentials or app data
- Edit app source code
- SSH into app instances
- View the app environment
- Create or access service keys
- Create or update services
- Delete apps or services
The Space Supporter role is only available for the Cloud Controller V3 API. If a user with this role tries to access a V2 endpoint, the API returns a 403.
For more information, see User Roles in Orgs, Spaces, Roles, and Permissions.
TAS for VMs Version is in Apps Manager UI
You can find the current version of TAS for VMs in the footer of the Apps Manager UI.
Secure Endpoint for Metric Registrar
TAS for VMs v2.12 allows operators to register a secure endpoint for the Metric Registrar CLI plugin to ingest app metrics.
You can use the cf register-metrics-endpoint command to specify an internal port in your app when you register the endpoint to the metric registrar.
For more information, see Register a Metrics Endpoint in Using Metric Registrar.
Reduce Traffic to Syslog Drains
TAS for VMs v2.12 includes an option to control how much deployment metadata is sent in app and aggregate syslog drains.
If you select the Default loggregator drain metadata checkbox, then TAS for VMs sends all metadata from your deployment to syslog drains.
If you do not select this option, then TAS for VMs sends a reduced amount of metadata. This can reduce your external database logs by up to 50 percent.
For more information, see (Optional) Configure System Logging in Configuring TAS for VMs.
Move aggregate drains to the syslog-binding cache to improve deploy speed and reduce errors
Aggregate drains are now stored and retrieved from the syslog binding cache. This means that deployments that change aggregate drains only deploy on the binding cache/clock VM. It does not deploy all VMs on the system. This also removes the log-cache drain when not in use, reducing BOSH error logs when syslog ingestion for log-cache is not in use.
Supported cf CLI Container Images
VMware supports the following container images that contain the cf CLI:
VMware maintains these container images and updates them with the latest security patches.
Breaking Changes
TAS for VMs v2.12 includes the following breaking changes:
(Beta) Gorouter Can Support TLS v1.3 Connections Only
TLS v1.3 is not compatible with some versions of Java. If you configure TAS for VMs to support TLS v1.3 only, you might encounter errors with Java apps. For more information, see JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3 in the JDK Bug System.
The tile property that controls the TLS version in TAS for VMs changes in TAS for VMs v2.12. You must update any stored configuration files to reflect the change.
Envoy Advertises HTTP/2 Support Over ALPN
Envoy, the Diego container proxy, advertises HTTP/2 support using Application-Layer Protocol Negotiation (ALPN) for all apps. Internal clients that access the Envoy TLS port directly must negotiate down to HTTP/1.1 for apps that do not support HTTP/2. The Envoy TLS port is typically 61001. Clients that connect to apps using the Gorouter are not affected.
Gorouter No Longer De-chunks Short Chunked Responses
In previous versions of TAS for VMs, the Gorouter de-chunked short chunked responses, set a Content-Length header, and sent a traditional body. This capability was available when Gorouter used Golang v1.15, which is out of support.
For versions of TAS for VMs that contain routing-release v0.214.0 and later, the Gorouter uses Golang v1.16 which sends a chunked response. If your clients or proxies that access apps cannot handle a chunked response, or expect a Content-Length header, they break.
For more information, see Clients receive responses with no Content-Length header and a chunked encoded body after upgrading Tanzu Application Service for VMs in the Knowledge Base.
Known Issues
TAS for VMs v2.12 includes the following known issue:
HAProxy Does Not Support HTTP/2
HAProxy is not configured to support HTTP/2 ingress traffic. HAProxy also does not send HTTP/2 traffic to the Gorouter, even when HTTP/2 is enabled.
To work around this issue, you can use an external load balancer to support HTTP/2 traffic. For more information, see Configure Load Balancers in Configuring HTTP/2 Support.
This issue is resolved in TAS for VMs v2.12.2 and later.
Pre-Start Scripts Fail on policy-server Job
When upgrading to TAS for VMs v2.12.2, the policy-server pre-start script runs a database migration that drops
a stored procedure that is no longer needed. If your networkpolicyserver database does not have the
stored procedure, you might see the following error in diego_database policy-server
stdout logs:
PROCEDURE networkpolicyserver.drop_destination_index does not exist handling 66
To work around this error, add the migration to your networkpolicyserver.gorp_migrations table and skip the migration.
For more information, see “pre-start scripts failed. Failed Jobs: policy-server” error Upgrading to CF Networking Release 2.40.0 in Tanzu Application Service for VMs in the Knowledge Base.
Gorouter Sets an Invalid X-B3-SpanID Header
An issue with the Gorouter’s implementation of X-B3-SpanId and X-B3-TraceId headers
can cause invalid span IDs to be set after updating the X-B3-TraceId header to the new 16-byte standard.
As a result, some applications and libraries invalidate the X-B3-SpanId value, breaking traces of the application.
This issue affects versions of TAS for VMs that contain routing-release v0.227.0 and v0.228.0.