Isolation Segment v2.12 Release Notes
Page last updated:
This topic contains release notes for Isolation Segment v2.12.
Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing VMware Tanzu Application Service for VMs (TAS for VMs) containing that patch.
Releases
2.12.19
Release Date: 02/28/2023
- Bump cf-networking to version
3.22.0 - Bump cflinuxfs3 to version
0.352.0 - Bump garden-runc to version
1.23.0 - Bump loggregator-agent to version
6.5.8 - Bump metrics-discovery to version
3.2.7 - Bump routing to version
0.257.0 - Bump silk to version
3.22.0 - Bump smb-volume to version
3.1.9 - Bump syslog to version
11.8.8
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.418 | |
| bpm | 1.1.21 | |
| cf-networking | 3.22.0 | |
| cflinuxfs3 | 0.352.0 | |
| diego | 2.71.0 | |
| garden-runc | 1.23.0 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.8 |
v6.5.8
## What's Changed
* update dependencies
* Upgrade to go 1.20.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/224
**Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.7...v6.5.8
|
| mapfs | 1.2.12 | |
| metrics-discovery | 3.2.7 |
v3.2.7
* update golang to 1.20.1
**Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.6...v3.2.7###
v3.2.6
## What's Changed
* Upgrade to go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/104
**Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.5...v3.2.6
v3.2.5
## What's Changed
* Update dependencies
* Expire individual metrics by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/103
**Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.4...v3.2.5
|
| nfs-volume | 7.1.8 | |
| routing | 0.257.0 |
v0.257.0
## Changes
- Bumped to build with golang 1.19.6
## ✨ Built with go 1.19.6
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.256.0...v0.257.0
## Resources
- [Download release v0.257.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.257.0).
v0.256.0
## Changes
- Update healthchecker in release to stable version
## ✨ Built with go 1.19.5
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.255.0...v0.256.0
## Resources
- [Download release v0.256.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.256.0).
|
| silk | 3.22.0 | |
| smb-volume | 3.1.9 |
v3.1.9## Changes * Add force_noserverino property in smbdriver job (#102) ## Dependencies * **bosh-template:** Updated to v2.4.0. v3.1.8## Dependencies * **smbdriver:** Updated to v`6cc617a`. v3.1.7## Changes * Golang: Updated to v1.19.4 (#76) ## Dependencies * **rspec:** Updated to v3.12.0. |
| smoke-tests | 4.8.2 | |
| syslog | 11.8.8 |
v11.8.8
* update to golang 1.20.1
**Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.7...v11.8.8
v11.8.7
## What's Changed
* use go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/syslog-release/pull/117
**Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.6...v11.8.7
|
v2.12.18
Release Date: 02/09/2023
- [Bug Fix] Allows docker app workloads without a
shbinary in the docker image to execute properly. - Bump loggregator-agent to version
6.5.7 - Bump routing to version
0.255.0
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.401 | |
| bpm | 1.1.21 | |
| cf-networking | 3.19.0 | |
| cflinuxfs3 | 0.350.0 | |
| diego | 2.71.0 | |
| garden-runc | 1.22.9 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.7 |
v6.5.7
## What's Changed
* Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/202
* Update dependencies
**Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.6...v6.5.7
|
| mapfs | 1.2.12 | |
| metrics-discovery | 3.2.4 | |
| nfs-volume | 7.1.8 | |
| routing | 0.255.0 |
v0.255.0
[Upgrade healthchecker in release](https://github.com/cloudfoundry/routing-release/commit/ddb43e9e746b009d0ea6e6cf8cf8e7eb059ffafc). In order to limit the scope of packages brought in with the introduction of http healthchecker, we migrated the healthchecker package out of cf-networking-helpers into its own release.
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.254.0...v0.255.0
✨ Built with go 1.19.5
|
| silk | 3.19.0 | |
| smb-volume | 3.1.6 | |
| smoke-tests | 4.8.2 | |
| syslog | 11.8.6 |
v2.12.17
Release Date: 01/30/2023
- Bump cf-networking to version
3.19.0 - Bump cflinuxfs3 to version
0.350.0 - Bump garden-runc to version
1.22.9 - Bump routing to version
0.254.0 - Bump silk to version
3.19.0
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.376 | |
| bpm | 1.1.21 | |
| cf-networking | 3.19.0 | |
| cflinuxfs3 | 0.350.0 | |
| diego | 2.71.0 | |
| garden-runc | 1.22.9 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.6 | |
| mapfs | 1.2.12 | |
| metrics-discovery | 3.2.4 | |
| nfs-volume | 7.1.8 | |
| routing | 0.254.0 |
v0.254.0
✨ Built with go 1.19.5
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.253.0...v0.254.0
v0.253.0
## What's Changed
* Specs to make maxRetries configurable for endpoints and route-services by @domdom82 in https://github.com/cloudfoundry/routing-release/pull/298
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.252.0...v0.253.0
|
| silk | 3.19.0 | |
| smb-volume | 3.1.6 | |
| smoke-tests | 4.8.2 | |
| syslog | 11.8.6 |
v2.12.16
Release Date: 01/17/2023
- Bump cf-networking to version
3.17.0 - Bump cflinuxfs3 to version
0.347.0 - Bump diego to version
2.71.0 - Bump garden-runc to version
1.22.7 - Bump loggregator-agent to version
6.5.6 - Bump routing to version
0.252.0 - Bump silk to version
3.17.0 - Bump smoke-tests to version
4.8.2
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.364 | |
| bpm | 1.1.21 | |
| cf-networking | 3.17.0 | |
| cflinuxfs3 | 0.347.0 | |
| diego | 2.71.0 | |
| garden-runc | 1.22.7 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.6 |
v6.5.6
## What's Changed
* fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174
* updated some dependencies.
**Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6
|
| mapfs | 1.2.12 | |
| metrics-discovery | 3.2.4 | |
| nfs-volume | 7.1.8 | |
| routing | 0.252.0 |
v0.252.0
## What's Changed
- Improve random source for least connection pool to be thread safe. Thanks Daniel Lynch!
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.251.0...v0.252.0
|
| silk | 3.17.0 | |
| smb-volume | 3.1.6 | |
| smoke-tests | 4.8.2 |
4.8.2
Port assets/ruby_simple to Ruby 3
|
| syslog | 11.8.6 |
v2.12.15
Release Date: 12/15/2022
- [Security Fix] Fix CVE-2022-31733: Unsecured Application Port
- Bump bpm to version
1.1.21 - Bump cf-networking to version
3.16.0 - Bump cflinuxfs3 to version
0.345.0 - Bump diego to version
2.70.0 - Bump loggregator-agent to version
6.5.5 - Bump metrics-discovery to version
3.2.4 - Bump nfs-volume to version
7.1.8 - Bump routing to version
0.251.0 - Bump silk to version
3.16.0 - Bump syslog to version
11.8.6
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.364 | |
| bpm | 1.1.21 | |
| cf-networking | 3.16.0 | |
| cflinuxfs3 | 0.345.0 | |
| diego | 2.70.0 | |
| garden-runc | 1.22.5 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.5 |
v6.5.5
- bump-golang to v0.114.0 for golang 1.19.4
- Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
- Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src
- Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
- Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
- Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src
- Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
|
| mapfs | 1.2.12 | |
| metrics-discovery | 3.2.4 |
v3.2.4
- bump-golang to v0.114.0 for golang 1.19.4
- Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src
- Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
- Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
- Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src
- Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
- Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
|
| nfs-volume | 7.1.8 | |
| routing | 0.251.0 |
v0.251.0
## What's Changed
- When the `router.ca_certs` property switched from a multi-line string of certs, to an array of certs, gorouter started failing to start up if any of the certs provided were invalid. Previously they were ignored. This has been reverted, so that any invalid CA certs are ignored during startup. Thanks @ameowlia!
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.250.0...v0.251.0
v0.250.0
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.249.0...v0.250.0
## ✨ Built with go 1.19.4
v0.249.0
## What's Changed
* Switch to healthecker package in cf-networking-helpers by @mariash in https://github.com/cloudfoundry/routing-release/pull/302
* Add healthchecker package to sync-package-specs file by @mariash in https://github.com/cloudfoundry/routing-release/pull/303
* **Potential Breaking Change:** In preperation for mtls between gorouter and routing api, add gorouter backends ca to routing-api. Rendering these certs depends on routing-api consuming a link from gorouter. If you have multiple gorouter instance groups (for example in the case of isolation segments), you will need to rename bosh links to prevent the error "Multiple link providers found. For an example of link renaming, see [this ops file](https://github.com/cloudfoundry/cf-deployment/blob/main/operations/test/add-persistent-isolation-segment-router.yml#L74) by @reneighbor in https://github.com/cloudfoundry/routing-release/pull/300
* Ensure gorouter-healthchecker doesn't restart gorouter forever on failure by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/305
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.248.0...v0.249.0
v0.248.0
## What's Changed
* Handle nil ca cert in ca_certs property list
v0.247.0
## What's Changed
* gorouter template cleans `router.ca_certs` property to remove empty certificates
v0.246.0
## What's Changed
* Update `router.ca_certs` property to accept and array of certificates instead of a string block. Thanks @peanball!
v0.245.0
## What's Changed
* Gorouter's pre-start script now reserves ports used by other CF components when it increases the number of ephemeral ports available via `/proc/sys/net/ipv4/ip_local_reserved_ports`. This resolves issues when components fail to start up during deploys/monit restarts due to accidental port collisions with outbound traffic from the VM. Thanks @ameowlia !
* Routing-release no longer makes use of the deprecated uaa-go-client, and uses go-uaa instead
* The `routing_utils/nats_client` helper utility now supports saving + loading gorouter's routing tables! Thanks @domdom82 !
* Fixed a memory leak with `gorouter` that resulted in HTTP request objects being held open if a client canceled the connection before the App responded. Thanks @geofffranks !
* **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.244.0...v0.245.0
## ✨ Built with go 1.19.3
|
| silk | 3.16.0 | |
| smb-volume | 3.1.6 | |
| smoke-tests | 4.8.1 | |
| syslog | 11.8.6 |
v11.8.6
Update golang to 1.19.4
**Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.5...v11.8.6
v11.8.5
* update dependencies
* update golang to 1.19.3
**Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.4...v11.8.5
|
v2.12.14
Release Date: 11/10/2022
- [Feature] Add “Max request header size in kb” property to Networking tab to allow operators to specify a limit on the aggregate size of request headers. Requests over this limit receive a 431 status code.
- Bump cf-networking to version
3.14.0 - Bump cflinuxfs3 to version
0.332.0 - Bump garden-runc to version
1.22.5 - Bump loggregator-agent to version
6.5.4 - Bump mapfs to version
1.2.12 - Bump metrics-discovery to version
3.2.3 - Bump routing to version
0.244.0 - Bump smb-volume to version
3.1.6 - Bump smoke-tests to version
4.8.1 - Bump syslog to version
11.8.4
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.305 | |
| bpm | 1.1.19 | |
| cf-networking | 3.14.0 | |
| cflinuxfs3 | 0.332.0 | |
| diego | 2.69.0 | |
| garden-runc | 1.22.5 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.4 | |
| mapfs | 1.2.12 |
v1.2.12## Changes * Replace `go get` with `go install` (#23) * Update vendored package golang-1-linux (#26) * Update vendored package golang-1-linux (#27) ## Dependencies * **mapfs:** Updated to v`27f8711`. |
| metrics-discovery | 3.2.3 | |
| nfs-volume | 7.1.3 | |
| routing | 0.244.0 |
v0.244.0
## What's Changed
* Emit access logs for 431 responses to Loggegator [gorouter PR #331](https://github.com/cloudfoundry/gorouter/pull/331). Thanks @dsabeti !
* Always suspend pruning when nats is down https://github.com/cloudfoundry/routing-release/pull/287. Thanks @ameowlia !
* **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.243.0...v0.244.0
## ✨ Built with go 1.19.2
v0.243.0
🎉 Bumped to go1.19.2
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.242.0...v0.243.0
|
| silk | 3.14.0 | |
| smb-volume | 3.1.6 |
v3.1.6## Changes * Update vendored package golang-1-linux (#67) * Update vendored package golang-1-linux (#70) ## Dependencies * **bosh-template:** Updated to v2.3.0. |
| smoke-tests | 4.8.1 |
4.8.1
Create bosh final release 4.8.1
4.8.0
Create bosh final release 4.8.0
|
| syslog | 11.8.4 |
v2.12.13
Release Date: 10/19/2022
- [Breaking Change] A change in behavior to line-based log rate limits has been made. Previously, logs were buffered and released at the allowed rate, now logs exceeding the limit will be dropped.
- Bump cf-networking to version
3.13.0 - Bump cflinuxfs3 to version
0.328.0 - Bump diego to version
2.69.0 - Bump garden-runc to version
1.22.4 - Bump loggregator-agent to version
6.5.1 - Bump mapfs to version
1.2.11 - Bump metrics-discovery to version
3.2.1 - Bump nfs-volume to version
7.1.3 - Bump routing to version
0.242.0 - Bump silk to version
3.14.0 - Bump smb-volume to version
3.1.5 - Bump smoke-tests to version
4.7.0 - Bump syslog to version
11.8.3
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.296 | |
| bpm | 1.1.19 | |
| cf-networking | 3.13.0 | |
| cflinuxfs3 | 0.328.0 | |
| diego | 2.69.0 | |
| garden-runc | 1.22.4 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.5.1 | |
| mapfs | 1.2.11 |
v1.2.11
## Changes
* Update vendored package golang-1-linux (#21)
v1.2.8
## What's Changed
* Bump src/mapfs to `0ee84aa` #18
v1.2.7
- [Bumps mapfs submodule to master@1600494](https://github.com/cloudfoundry/mapfs/commit/160049400a47577b0f3a8b2948974bc38ce76f18)
- [Bump golang from 1.13 to 1.17](https://github.com/cloudfoundry/mapfs-release/commit/c287adda5cbdf345ff1b4985ae93cb72f1618f95)
|
| metrics-discovery | 3.2.1 | |
| nfs-volume | 7.1.3 | |
| routing | 0.242.0 |
v0.242.0
## What's Changed
- `tcp_router` is now more verbose when running `haproxy_reloader` to assist in diagnosting failed reloads. Thanks @geofffranks! 🎉 ([PR 9](https://github.com/cloudfoundry/cf-tcp-router/pull/9))
- `gorouter` will now truncate access logs that exceed loggregator + UDP packet limits, so that we no longer drop access log messages sent to the firehose. Thanks @ameowlia @ebroberson! 😻 ([PR 328](https://github.com/cloudfoundry/gorouter/pull/328) and [PR 329](https://github.com/cloudfoundry/gorouter/pull/329))
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.241.0...v0.242.0
## ✨ Built with go 1.19.1
v0.241.0
🎉 Bumped to go1.19.1
* @plowin submitted [gorouter PR 327](https://github.com/cloudfoundry/gorouter/pull/327) to adjust endpoint-not-unregistered log-level to 'info'
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.240.0...v0.241.0
v0.240.0
## What's Changed
* @geofffranks and @ameowlia added property `router.max_header_bytes` to the gorouter job.
* This value controls the maximum number of bytes the gorouter will read parsing the request header's keys and values, including the request line.
* It does not limit the size of the request body.
* An additional padding of 4096 bytes is added to this value by go.
* Requests with larger headers will result in a 431 status code.
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.239.0...v0.240.0
## Manifest Property Changes
| Job | Property | 0.237.0 | 0.238.0 |
| --- | --- | --- | --- |
| `gorouter` | `router.max_header_bytes` | didn't exist | 1048576 (1MB) |
## ✨ Built with go 1.18.6
v0.239.0
## What's Changed
- Bumped Golang to 1.18.6 to mitigate [CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664)
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.238.0...v0.239.0
## ✨ Built with go 1.18.6
v0.238.0
## What's Changed
- Gorouter once again supports hairpinning for route-service requests, for more information, see [the proposed update.](https://github.com/cloudfoundry/routing-release/issues/281) `router.route_services_internal_lookup_allowlist` can be used to control which domains of route services can be hairpinned. Thanks @peanball!!
- Gorouter has a new websocket-specific dial timeout (`websocket_dial_timeout`), configurable separately from the default endpoint dial timeout. Thanks @peanball for this one too!!
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.237.0...v0.238.0
## Manifest Property Changes
| Job | Property | 0.237.0 | 0.238.0 |
| --- | --- | --- | --- |
| `gorouter` | `websocket_dial_timeout_in_seconds` | didn't exist | Defaults to `endpoint_dial_timeout_in_seconds`'s value |
| `gorouter` | `router.route_services_internal_lookup_allowlist` | didn't exist | No internal lookups allowed for route services. |
## ✨ Built with go 1.18.5
v0.237.0
## What's Changed
- ⚠️ Bump to golang 1.18 🎉
**Breaking Changes:** The routing components are now more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. These components have been updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases.
Please see this golang 1.18 release notes [section](https://tip.golang.org/doc/go1.18#tls10) for more information about the golang 1.18 change.
###
* Update uaa-go-client; by @joergdw in https://github.com/cloudfoundry/routing-release/pull/277
* updated spec files to match packages by @ebroberson in https://github.com/cloudfoundry/routing-release/pull/282
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.236.0...v0.237.0
## New Contributors
* @joergdw made their first contribution in https://github.com/cloudfoundry/routing-release/pull/277
* @ebroberson made their first contribution in https://github.com/cloudfoundry/routing-release/pull/282
## ✨ Built with go 1.18.4
|
| silk | 3.14.0 | |
| smb-volume | 3.1.5 |
v3.1.5
## Changes
* Update vendored package golang-1-linux (#58)
v3.1.4
## Release Notes
- Fix issue when multiple cf versions are included (#55)
## Dependencies
- The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM.
v3.1.3
## Release Notes
- Added support for CF CLI v8 to errands (#45)
- Fixed Jammy compilation issues (#53)
## Dependencies
- Bump [src/code.cloudfoundry.org/smbbroker](https://github.com/cloudfoundry/smbbroker) (#41, #50)
- Bump [src/code.cloudfoundry.org/smbdriver](https://github.com/cloudfoundry/smbdriver) (#47, #48, #51)
v3.1.2
## Release Notes
- Support Bionic Stemcell #16
- Add blobs for the `keyutils` package for both `bionic` and `jammy`.
- We now install this package on any VM that runs the `smbdriver` bosh job iff that VM uses a `bionic` or `jammy` stemcell
- This should allow the `smbdriver` to reliably mount SMB volumes on those stemcells, as discussed in #16
## Dependencies
- The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM.
v3.1.1
## Release Notes
* Bumps [bosh-template](https://github.com/cloudfoundry/bosh) from 2.2.0 to 2.2.1 (#22)
* Bumps [rspec-its](https://github.com/rspec/rspec-its) from 1.2.0 to 1.3.0 (#23)
* Bumps [rspec](https://github.com/rspec/rspec-metagem) to 3.11.0. (#37)
* Bumps [src/code.cloudfoundry.org/smbdriver](https://github.com/cloudfoundry/smbdriver) to `1e97c5d` (#34)
* Bumps [src/code.cloudfoundry.org/smbbroker](https://github.com/cloudfoundry/smbbroker) to `64ba567` (#36)
* Bumps automake from 1.15 to 1.15.1 (#43 - fixes Bionic compilation)
## Dependencies
- The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM.
|
| smoke-tests | 4.7.0 |
4.7.0
Create bosh final release 4.7.0
|
| syslog | 11.8.3 |
v2.12.12
Release Date: 09/21/2022
- [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
- Bump bpm to version
1.1.19 - Bump cflinuxfs3 to version
0.319.0 - Bump garden-runc to version
1.22.0 - Bump loggregator-agent to version
6.4.4 - Bump metrics-discovery to version
3.1.2 - Bump silk to version
3.12.0 - Bump syslog to version
11.8.2
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.265 |
| bpm | 1.1.19 |
| cf-networking | 3.11.0 |
| cflinuxfs3 | 0.319.0 |
| diego | 2.62.0 |
| garden-runc | 1.22.0 |
| haproxy | 11.10.2 |
| loggregator-agent | 6.4.4 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.1.2 |
| nfs-volume | 7.1.1 |
| routing | 0.236.0 |
| silk | 3.12.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| syslog | 11.8.2 |
v2.12.11
Release Date: 08/10/2022
- Bump cf-networking to version
3.11.0 - Bump cflinuxfs3 to version
0.312.0 - Bump haproxy to version
11.10.2 - Bump loggregator-agent to version
6.4.3 - Bump metrics-discovery to version
3.1.1 - Bump routing to version
0.236.0 - Bump silk to version
3.11.0 - Bump syslog to version
11.8.1
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.261 | |
| bpm | 1.1.18 | |
| cf-networking | 3.11.0 | |
| cflinuxfs3 | 0.312.0 | |
| diego | 2.62.0 | |
| garden-runc | 1.20.8 | |
| haproxy | 11.10.2 | |
| loggregator-agent | 6.4.3 | |
| mapfs | 1.2.6 | |
| metrics-discovery | 3.1.1 | |
| nfs-volume | 7.1.1 | |
| routing | 0.236.0 |
v0.236.0
## What's Changed
* Gorouter restart script waits for the gorouter to be running before reloading monit
## ✨ Built with go 1.17.12
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.235.0...0.236.0
0.235.0
## What's Changed
* Gorouter healthchecker retries connection instead of monit (https://github.com/cloudfoundry/routing-release/pull/275)
## ✨ Built with go 1.17.11
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.234.0...0.235.0
0.234.0
## What's Changed
* Gorouter: the metrics package now uses `lsof` to monitor file descriptors on MacOS @domdom82 https://github.com/cloudfoundry/gorouter/pull/312
* 🐛 Bumped the `lager` dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable. Thanks @ameowlia!
* Now tested with the bionic stemcell in CI
## ✨ Built with go 1.17.11
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.233.0...0.234.0
0.233.0
## What's Changed
* TCP Router: Add locking to the haproxy_reloader script to avoid haproxy reload/restart race conditions by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/269
* TCP Router: Bump HAProxy from 1.8.13 to 2.5.4 by @cunnie in https://github.com/cloudfoundry/routing-release/pull/266
* Gorouter: fix proxy round tripper race condition by @ameowlia and @geofffranks in https://github.com/cloudfoundry/gorouter/pull/318
* Routing API: fix timestamp precision issue that caused routes to be pruned unexpectedly by @geofffranks in https://github.com/cloudfoundry/routing-api/pull/24
* Routing API: remove `golang.x509ignoreCN` bosh property by @geofffranks and @mariash
* Routing API: fix bug that caused TCP Router's HAProxy to reload every minute by @jrussett in https://github.com/cloudfoundry/routing-api/pull/26.
## Manifest Property Changes
| Job | Property | Notes |
| --- | --- | --- |
| `routing-api` | `golang.x509ignoreCN` | This property exposed a go debug flag for go version 1.15. Since go 1.16 this go debug flag has had no affect. Removing this bosh property is part of our effort to keep our code base free of cruft. |
## ✨ Built with go 1.17.10
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.232.0...0.233.0
|
| silk | 3.11.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| syslog | 11.8.1 |
v2.12.10
Release Date: 07/19/2022
- [Feature] Enable telemetry for iptables rules on Diego cells
- [Bug Fix] Resolves an issue with HAProxy log rotation creating null bytes and not freeing disk space after rotation
- Bump cf-networking to version
3.9.0 - Bump cflinuxfs3 to version
0.306.0 - Bump diego to version
2.62.0 - Bump garden-runc to version
1.20.8 - Bump metrics-discovery to version
3.1.0 - Bump silk to version
3.9.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.252 |
| bpm | 1.1.18 |
| cf-networking | 3.9.0 |
| cflinuxfs3 | 0.306.0 |
| diego | 2.62.0 |
| garden-runc | 1.20.8 |
| haproxy | 11.6.0 |
| loggregator-agent | 6.4.1 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.1.0 |
| nfs-volume | 7.1.1 |
| routing | 0.232.0 |
| silk | 3.9.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| syslog | 11.7.10 |
v2.12.9
Release Date: 06/23/2022
Warning: Upcoming breaking changes! In future patches, no sooner than July 1st 2022, some components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components using the Go programming language will be updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. However, the pre-existing configuration for “TLS versions supported by the Gorouter” will still work. This change may not arrive all at once, as Go is used in systems throughout TAS. There will be a VMware Knowledge Base article about this change published prior to the changes rolling out. These changes will be clearly designated in the release notes of the versions they ship in; a version of this warning will appear on all patch versions until we are confident no systems remain to be updated.
- Bump diego to version
2.62.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.244 |
| bpm | 1.1.18 |
| cf-networking | 3.6.0 |
| cflinuxfs3 | 0.299.0 |
| diego | 2.62.0 |
| garden-runc | 1.20.6 |
| haproxy | 11.6.0 |
| loggregator-agent | 6.4.1 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.13 |
| nfs-volume | 7.1.1 |
| routing | 0.232.0 |
| silk | 3.6.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| syslog | 11.7.10 |
v2.12.8
Release Date: 06/09/2022
Warning: Breaking change. This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn’t bump to Go 1.18 until July 1, 2022. This TAS release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS release with Diego 2.64.0, then you are safe to continue using it.
- [Bug Fix] Fix metric registrar secure scraping with isolation segments
- [Bug Fix] Sticky sessions no longer break when used with route-services that return HTTP 4xx/5xx responses
- Bump bpm to version
1.1.18 - Bump cf-networking to version
3.6.0 - Bump cflinuxfs3 to version
0.299.0 - Bump diego to version
2.64.0 - Bump garden-runc to version
1.20.6 - Bump loggregator-agent to version
6.4.1 - Bump metrics-discovery to version
3.0.13 - Bump routing to version
0.232.0 - Bump silk to version
3.6.0 - Bump syslog to version
11.7.10
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.244 | |
| bpm | 1.1.18 | |
| cf-networking | 3.6.0 | |
| cflinuxfs3 | 0.299.0 | |
| diego | 2.64.0 | |
| garden-runc | 1.20.6 | |
| haproxy | 11.6.0 | |
| loggregator-agent | 6.4.1 | |
| mapfs | 1.2.6 | |
| metrics-discovery | 3.0.13 | |
| nfs-volume | 7.1.1 | |
| routing | 0.232.0 |
0.232.0
## What's Changed
* Fixing issue #250: Return a 503 not a 404 when all instances down by @kecirlotfi in https://github.com/cloudfoundry/routing-release/pull/268 and https://github.com/cloudfoundry/gorouter/pull/314
* Fixing issue https://github.com/cloudfoundry/gorouter/pull/315: Fix route service pruning by @geofffranks
## Manifest Property Changes
| Job | Property | default | notes |
| --- | --- | --- | --- |
| `gorouter` | `for_backwards_compatibility_only.empty_pool_response_code_503` | `0s` | This property was added to enable https://github.com/cloudfoundry/routing-release/pull/268 |
## New Contributors 🎉
* @kecirlotfi made their first contribution! Thanks so much!
## ✨ Built with go 1.17.9
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.231.0...0.232.0
|
| silk | 3.6.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| syslog | 11.7.10 |
v2.12.7
Release Date: 04/20/2022
- [Breaking Change] Syslog drains configured to use TLS now reject certificates signed with the SHA-1 hash function.
- Bump cflinuxfs3 to version
0.285.0 - Bump diego to version
2.62.0 - Bump loggregator-agent to version
6.3.11 - Bump metrics-discovery to version
3.0.10
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.224 | |
| bpm | 1.1.16 | |
| cf-networking | 3.3.0 | |
| cflinuxfs3 | 0.285.0 | |
| diego | 2.62.0 | |
| garden-runc | 1.20.3 | |
| haproxy | 11.6.0 | |
| loggregator-agent | 6.3.11 |
v6.3.11
- fix bug with large messages (#89)
- bump-golang to v0.100.0(now 1.18)
|
| mapfs | 1.2.6 | |
| metrics-discovery | 3.0.10 |
v3.0.10
- fix bug with large messages (#22)
- bump-golang to v0.100.0(now 1.18)
|
| nfs-volume | 7.1.1 | |
| routing | 0.231.0 | |
| silk | 3.3.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| syslog | 11.7.7 |
v2.12.6
Release Date: 03/31/2022
- [Security Fix] This release fixes CVE-2022-23806 and CVE-2022-23772.
- [Bug Fix] Resolve an issue resulting in tcp-router repeatedly respawning haproxy until it hits a forked process limit
- [Bug Fix] Resolves an issue where invalid seeded router group values should caused breaking changes
- [Bug fix] Remove x509ignoreCN option in Gorouter
- Bump cf-networking to version
3.3.0 - Bump cflinuxfs3 to version
0.279.0 - Bump diego to version
2.61.0 - Bump garden-runc to version
1.20.3 - Bump loggregator-agent to version
6.3.10 - Bump metrics-discovery to version
3.0.9 - Bump routing to version
0.231.0 - Bump silk to version
3.3.0
| Component | Version | Release Notes |
|---|---|---|
| ubuntu-xenial stemcell | 621.224 | |
| bpm | 1.1.16 | |
| cf-networking | 3.3.0 | |
| cflinuxfs3 | 0.279.0 | |
| diego | 2.61.0 | |
| garden-runc | 1.20.3 | |
| haproxy | 11.6.0 | |
| loggregator-agent | 6.3.10 | |
| mapfs | 1.2.6 | |
| metrics-discovery | 3.0.9 | |
| nfs-volume | 7.1.1 | |
| routing | 0.231.0 |
0.231.0
## Bug Fixes
- Removed the x509ignoreCN property. Now that `gorouter` is built on golang 1.17, it
no longer has any effect on gorouter behavior, and was only adding to confusion in
the properties
- Resolve an issue with route-registrar using the same TTL as it's RegistrationInterval
for tcp routes, leading to unnecessary churn of pruned + re-registered routes.
- Resolve an issue with Routing API where upserts to tcp routes were causing change
events to be emitted when the only change was a bump in TTL. This led to an issue
where tcp-router was constantly reloading haproxy with every route's heartbeat
registration call.
## Manifest Property Changes
| Job | Property | 0.230.0 | 0.231.0 |
| --- | --- | --- | --- |
| `gorouter` | `golang.x509ignoreCN` | false | No longer exists |
| `route_registrar` | `golang.x509ignoreCN` | false | No longer exists |
| `tcp_router` | `golang.x509ignoreCN` | false | No longer exists |
### ✨ Built with golang 1.17.8
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.230.0...0.231.0
0.230.0
## Feature
* update gorouter for prometheus scraping by @Benjamintf1 in https://github.com/cloudfoundry/routing-release/pull/258
## Bug Fix
* Invalid seeded router group manifest values should no longer cause breaking changes by default by @ameowlia in https://github.com/cloudfoundry/routing-release/pull/261
### ✨ Built with golang 1.17.7
**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.229.0...0.230.0
|
| silk | 3.3.0 | |
| smb-volume | 3.1.0 | |
| smoke-tests | 4.5.0 | |
| syslog | 11.7.7 |
v2.12.5
Release Date: 02/28/2022
- [Feature Improvement] Due to routing-release now being built with Golang 1.17, all certificates provided MUST contain SAN entries on them. The previous workaround of setting “Enable temporary workaround for certs without SANs” will no longer function.
- [Feature Improvement] Per Golang 1.17’s new and stricter IP parsing standards, any IP addrs with leading zeros in any octets will result in a BOSH template failure to allow operators to remove the leading zeros and try again (affects properties fed into diego-release, garden-runc-release, winc-release, nats-release, and routing-release),.
- [Bug Fix] Fixes an issue related to the parsing of the X-B3-TraceId and X-B3-SpanId HTTP headers
- [Bug Fix] Smoke tests support for TLSv1.3 only option
- Bump cflinuxfs3 to version
0.274.0 - Bump diego to version
2.58.1 - Bump garden-runc to version
1.20.0 - Bump loggregator-agent to version
6.3.8 - Bump metrics-discovery to version
3.0.8 - Bump routing to version
0.229.0 - Bump smoke-tests to version
4.5.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.211 |
| bpm | 1.1.16 |
| cf-networking | 2.43.0 |
| cflinuxfs3 | 0.274.0 |
| diego | 2.58.1 |
| garden-runc | 1.20.0 |
| haproxy | 11.6.0 |
| loggregator-agent | 6.3.8 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.8 |
| nfs-volume | 7.1.1 |
| routing | 0.229.0 |
| silk | 2.43.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.5.0 |
| syslog | 11.7.7 |
v2.12.4
Release Date: 02/07/2022
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
- [Security Fix] Bump routing release to v0.228.0 to address (CVE-2021-44716)
- [Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so IP addresses with leading zeros in any octets cause a BOSH template failure. Operators can remove the leading zeros and try deploying again. This affects properties that feed into cf-networking-release, silk-release, loggregator-agent-release, and syslog-release. Syslog drains and metric registrar endpoints registered using user-provided services might also be affected.
- Bump bpm to version
1.1.16 - Bump cf-networking to version
2.43.0 - Bump cflinuxfs3 to version
0.272.0 - Bump diego to version
2.57.0 - Bump loggregator-agent to version
6.3.7 - Bump metrics-discovery to version
3.0.7 - Bump routing to version
0.228.0 - Bump silk to version
2.43.0 - Bump smoke-tests to version
4.4.0 - Bump syslog to version
11.7.7
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.198 |
| bpm | 1.1.16 |
| cf-networking | 2.43.0 |
| cflinuxfs3 | 0.272.0 |
| diego | 2.57.0 |
| garden-runc | 1.19.30 |
| haproxy | 11.6.0 |
| loggregator-agent | 6.3.7 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.7 |
| nfs-volume | 7.1.1 |
| routing | 0.228.0 |
| silk | 2.43.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.4.0 |
| syslog | 11.7.7 |
v2.12.3
Release Date: 12/15/2021
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
- [Bug Fix] Fix “pre-start scripts failed. Failed Jobs: policy-server” error Upgrading to CF Networking Release 2.40.0
- [Bug Fix] Diego - Envoy v1.19 uses the original TCP connection pool so that it can accept more than 1024 downstream connections.
- [Bug Fix] Smoke Tests uses specified domain for Isolation Segments
- Bump cf-networking to version
2.42.0 - Bump cflinuxfs3 to version
0.268.0 - Bump diego to version
2.54.0 - Bump loggregator-agent to version
6.3.5 - Bump routing to version
0.227.0 - Bump silk to version
2.41.0 - Bump smoke-tests to version
4.3.1 - Bump syslog to version
11.7.6
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | ~621 |
| bpm | 1.1.15 |
| cf-networking | 2.42.0 |
| cflinuxfs3 | 0.268.0 |
| diego | 2.54.0 |
| garden-runc | 1.19.30 |
| haproxy | 11.6.0 |
| loggregator-agent | 6.3.5 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.6 |
| nfs-volume | 7.1.1 |
| routing | 0.227.0 |
| silk | 2.41.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.1 |
| syslog | 11.7.6 |
v2.12.2
Release Date: 11/23/2021
- [Feature Improvement] Enable HTTP/2 for HAProxy
- [Bug Fix] Breaking Change: Any customers with gorouter certificates lacking a SubjectAltName extension will experience failures upon deployment. As a workaround to complete deployment while new certificates are procured, enable the “Enable temporary workaround for certs without SANs” property in the Networking section of the TAS tile. For more information on updating certs, see the support articlxe Routing and Golang 1.15 X.509 CommonName deprecation
- Bump bpm to version
1.1.15 - Bump cf-networking to version
2.40.0 - Bump cflinuxfs3 to version
0.264.0 - Bump diego to version
2.53.1 - Bump haproxy to version
11.6.0 - Bump routing to version
0.226.0 - Bump silk to version
2.40.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.0 |
| bpm | 1.1.15 |
| cf-networking | 2.40.0 |
| cflinuxfs3 | 0.264.0 |
| diego | 2.53.1 |
| garden-runc | 1.19.30 |
| haproxy | 11.6.0 |
| loggregator-agent | 6.3.4 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.6 |
| nfs-volume | 7.1.1 |
| routing | 0.226.0 |
| silk | 2.40.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| syslog | 11.7.5 |
v2.12.1
Release Date: 10/20/2021
- [Feature Improvement] HTTP/2 toggle disables Diego container proxy ALPN
- Bump bpm to version
1.1.14 - Bump cflinuxfs3 to version
0.262.0
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.0 |
| bpm | 1.1.14 |
| cf-networking | 2.38.0 |
| cflinuxfs3 | 0.262.0 |
| diego | 2.53.0 |
| garden-runc | 1.19.30 |
| haproxy | 11.4.4 |
| loggregator-agent | 6.3.4 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.6 |
| nfs-volume | 7.1.1 |
| routing | 0.224.0 |
| silk | 2.38.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| syslog | 11.7.5 |
v2.12.0
Release Date: October 4, 2021
| Component | Version |
|---|---|
| ubuntu-xenial stemcell | 621.0 |
| bpm | 1.1.13 |
| cf-networking | 2.38.0 |
| cflinuxfs3 | 0.259.0 |
| diego | 2.53.0 |
| garden-runc | 1.19.30 |
| haproxy | 11.4.4 |
| loggregator-agent | 6.3.4 |
| mapfs | 1.2.6 |
| metrics-discovery | 3.0.6 |
| nfs-volume | 7.1.1 |
| routing | 0.224.0 |
| silk | 2.38.0 |
| smb-volume | 3.1.0 |
| smoke-tests | 4.3.0 |
| syslog | 11.7.5 |
About Isolation Segment
The Isolation Segment v2.12 tile is available for installation with Ops Manager v2.10.
Isolation segments provide dedicated pools of resources where you can deploy apps and isolate workloads. Using isolation segments separates app resources as completely as if they were in different deployments but avoids redundant management and network complexity. For more information about isolation segments, see Isolation Segments in TAS for VMs Security.
For more information about using isolation segments in your deployment, see Managing Isolation Segments.
How to Install
To install Isolation Segment v2.12, see Installing Isolation Segment.
To install Isolation Segment v2.12, you must first install Ops Manager v2.10. For more information, see the Ops Manager documentation.
New Features in Isolation Segment v2.12
Isolation Segment v2.12 includes the following major features:
Gorouter Supports TLS v1.3
In Isolation Segment v2.12, the Gorouter supports TLS v1.3. New installations of Isolation Segment use TLS v1.3 for the Gorouter by default. If you are upgrading to Isolation Segment v2.12, the Gorouter uses TLS v1.2 by default.
You can select which versions of TLS that the Gorouter uses when you configure Isolation Segment. Selecting support for TLS v1.3 only is a beta feature in Isolation Segment v2.12.
For more information, see (Beta) Gorouter Can Support TLS v1.3 Connections Only below.
Gorouter Supports HTTP/2
Breaking Change: See Envoy Advertises HTTP/2 Support Over ALPN below.
In TAS for VMs v2.12 and later, HTTP/2 support is enabled by default. HTTP/2 is the second major version of the the HTTP protocol.
HTTP/2 features the following improvements over HTTP/1.1:
Uses a binary data format instead of plain text
Compresses headers
Multiplexes multiple HTTP requests over a single TCP connection
Together, these improvements can improve response times for some apps.
For more information about the HTTP/2 protocol, see RFC 7540.
For information about configuring support for HTTP/2 in TAS for VMs, see Configuring HTTP/2 Support.
For information about routing HTTP/2 traffic to your TAS for VMs apps, see Routing HTTP/2 and gRPC Traffic to Apps.
Breaking Changes
Isolation Segment v2.12 includes the following breaking changes:
(Beta) Gorouter Can Support TLS v1.3 Connections Only
TLS v1.3 is not compatible with some versions of Java. If you configure Isolation Segment to support TLS v1.3 only, you might encounter errors with Java apps. For more information, see JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3 in the JDK Bug System.
The tile property that controls the TLS version in Isolation Segment changes in TAS for VMs v2.12. You must update any stored configuration files to reflect the change.
Envoy Advertises HTTP/2 Support Over ALPN
Envoy, the Diego container proxy, advertises HTTP/2 support using Application-Layer Protocol Negotiation (ALPN) for all apps. Internal clients that access the
Envoy TLS port directly must negotiate down to HTTP/1.1 for apps that do not support HTTP/2. The Envoy TLS port is typically 61001. Clients that connect to
apps using the Gorouter are not affected.
Gorouter No Longer De-chunks Short Chunked Responses
In previous versions of TAS for VMs, the Gorouter de-chunked short chunked responses, set a Content-Length header, and sent a traditional body. This capability was available when Gorouter used Golang v1.15, which is out of support.
For versions of TAS for VMs that contain routing-release v0.214.0 and later, the Gorouter uses Golang v1.16 which sends a chunked response. If your clients or proxies that access apps cannot handle a chunked response, or expect a Content-Length header, they break.
For more information, see Clients receive responses with no Content-Length header and a chunked encoded body after upgrading Tanzu Application Service for VMs in the Knowledge Base.
Known Issues
Isolation Segment v2.12 includes the following known issue:
HAProxy Does Not Support HTTP/2
HAProxy is not configured to support HTTP/2 ingress traffic. HAProxy also does not send HTTP/2 traffic to the Gorouter, even when HTTP/2 is enabled.
To work around this issue, you can use an external load balancer to support HTTP/2 traffic. For more information, see Configure Load Balancers in Configuring HTTP/2 Support.
This issue is resolved in TAS for VMs v2.12.2 and later.
Gorouter Sets an Invalid X-B3-SpanID Header
An issue with the Gorouter’s implementation of X-B3-SpanId and X-B3-TraceId headers
can cause invalid span IDs to be set after updating the X-B3-TraceId header to the new 16-byte standard.
As a result, some applications and libraries invalidate the X-B3-SpanId value, breaking traces of the application.
This issue affects versions of TAS for VMs that contain routing-release v0.227.0 and v0.228.0.