Pivotal Application Service v2.7 Release Notes

Page last updated:

This topic contains release notes for Pivotal Application Service (PAS) v2.7.

For the feature highlights of this release, read the blog post Against the Backdrop of VMware Tanzu, Here’s How Tanzu Application Service’s New Release Helps You Build Modern Apps or ee New Features in PAS v2.8.

Pivotal Platform is certified by the Cloud Foundry Foundation for 2020.

Read more about the certified provider program and the requirements of providers.


Releases

2.7.24

Release Date: 09/21/2020

  • [Security Fix] Bump Usage Service ruby version to 2.6.6 - CVE-2020-15169 CVE-2020-10933 CVE-2020-10663
  • [Feature Improvement] Secure scraping available in Metric Registrar
  • Bump ubuntu-xenial stemcell to version 456.120
  • Bump cf-autoscaling to version 233
  • Bump cflinuxfs3 to version 0.204.0
  • Bump dotnet-core-offline-buildpack to version 2.3.14
  • Bump go-offline-buildpack to version 1.9.17
  • Bump metric-registrar to version 1.2.1
  • Bump nginx-offline-buildpack to version 1.1.14
  • Bump nodejs-offline-buildpack to version 1.7.26
  • Bump php-offline-buildpack to version 4.4.20
  • Bump push-usage-service-release to version 670.0.23
  • Bump python-offline-buildpack to version 1.7.20
  • Bump routing to version 0.207.0
  • Bump staticfile-offline-buildpack to version 1.5.10
Component Version
ubuntu-xenial stemcell456.120
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.13
cf-autoscaling233
cf-backup-and-restore0.0.11
cf-cli1.28.0
cf-networking2.33.0
cf-smoke-tests40.0.134
cf-syslog-drain10.2.5
cflinuxfs30.204.0
credhub2.5.12
diego2.48.0
dotnet-core-offline-buildpack2.3.14
garden-runc1.19.16
go-offline-buildpack1.9.17
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.32.1
leadership-election1.4.2
log-cache2.1.16
loggregator-agent3.21.11
loggregator105.6.7
mapfs1.2.4
metric-registrar1.2.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.14
nodejs-offline-buildpack1.7.26
notifications-ui39
notifications61
php-offline-buildpack4.4.20
push-apps-manager-release670.0.25
push-usage-service-release670.0.23
pxc0.28.0
python-offline-buildpack1.7.20
r-offline-buildpack1.1.7
routing0.207.0
ruby-offline-buildpack1.8.23
silk2.33.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.10
statsd-injector1.11.8
syslog11.6.1
uaa73.4.27

2.7.23

Release Date: 09/09/2020

  • [Security Fix] Fix vulnerabilities CVE-2019-11282, CVE-2019-11278 in UAA
  • [Security Fix] Log Cache fixes for CVE-2019-9512 CVE-2019-9513 CVE-2019-9515
  • [Security Fix] Fix for CVE-2020-5420: Improve Gorouter’s handling of invalid HTTP response codes
  • [Feature Improvement] Gorouter aliases /healthz to /health in order to prevent downtime during upgrades
  • Bump ubuntu-xenial stemcell to version 456.119
  • Bump cf-networking to version 2.33.0
  • Bump diego to version 2.48.0
  • Bump log-cache to version 2.1.16
  • Bump push-apps-manager-release to version 670.0.25
  • Bump routing to version 0.206.0
  • Bump silk to version 2.33.0
  • Bump uaa to version 73.4.27
Component Version
ubuntu-xenial stemcell456.119
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.13
cf-autoscaling232
cf-backup-and-restore0.0.11
cf-cli1.28.0
cf-networking2.33.0
cf-smoke-tests40.0.134
cf-syslog-drain10.2.5
cflinuxfs30.203.0
credhub2.5.12
diego2.48.0
dotnet-core-offline-buildpack2.3.13
garden-runc1.19.16
go-offline-buildpack1.9.16
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.32.1
leadership-election1.4.2
log-cache2.1.16
loggregator-agent3.21.11
loggregator105.6.7
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.12
nodejs-offline-buildpack1.7.25
notifications-ui39
notifications61
php-offline-buildpack4.4.19
push-apps-manager-release670.0.25
push-usage-service-release670.0.21
pxc0.28.0
python-offline-buildpack1.7.18
r-offline-buildpack1.1.7
routing0.206.0
ruby-offline-buildpack1.8.23
silk2.33.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.9
statsd-injector1.11.8
syslog11.6.1
uaa73.4.27

2.7.22

Release Date: 08/24/2020

  • [Security Fix] Fix for CVE-2020-5416: Improve Gorouter’s websocket error handling
  • [Bug Fix] Fix memory leak in RLP gateway
  • [Bug Fix]: Return 502 TLS Handshake error for an unresponsive backend
  • [Bug Fix] Fix Usage Service for inactive foundations
  • [Bug Fix] Bump garden-runc to v1.19.16
  • Bump cflinuxfs3 to version 0.203.0
  • Bump garden-runc to version 1.19.16
  • Bump go-offline-buildpack to version 1.9.16
  • Bump loggregator to version 105.6.7
  • Bump push-usage-service-release to version 670.0.21
  • Bump python-offline-buildpack to version 1.7.18
  • Bump routing to version 0.205.0
  • Bump ruby-offline-buildpack to version 1.8.23
Component Version
ubuntu-xenial stemcell456.116
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.13
cf-autoscaling232
cf-backup-and-restore0.0.11
cf-cli1.28.0
cf-networking2.31.0
cf-smoke-tests40.0.134
cf-syslog-drain10.2.5
cflinuxfs30.203.0
credhub2.5.12
diego2.47.0
dotnet-core-offline-buildpack2.3.13
garden-runc1.19.16
go-offline-buildpack1.9.16
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.32.1
leadership-election1.4.2
license
log-cache2.1.15
loggregator-agent3.21.11
loggregator105.6.7
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.12
nodejs-offline-buildpack1.7.25
notifications-ui39
notifications61
php-offline-buildpack4.4.19
push-apps-manager-release670.0.24
push-usage-service-release670.0.21
pxc0.28.0
python-offline-buildpack1.7.18
r-offline-buildpack1.1.7
routing0.205.0
ruby-offline-buildpack1.8.23
silk2.31.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.9
statsd-injector1.11.8
syslog11.6.1
uaa73.4.25

2.7.21

Release Date: 08/11/2020

  • [Security Fix] Notifications-ui removes UAA client secret from logs during installation
  • [Feature] Support Maestro’s rotation capability by adding Services TLS CA to all App containers
  • [Feature Improvement] Upgrade Percona-XtraDB-Cluster to version 5.7.30-31.43
  • [Bug Fix] Fix issue where requests to internal routes could fail due to incorrect case-sensitivity in DNS lookup in the service discovery controller.
  • [Bug Fix] Fix prom_scraper job to have scrape certs property. Restores Prometheus-style metrics emitting to Firehose.
  • Bump ubuntu-xenial stemcell to version 456.116
  • Bump cf-cli to version 1.28.0
  • Bump cf-networking to version 2.31.0
  • Bump cf-smoke-tests to version 40.0.134
  • Bump cflinuxfs3 to version 0.202.0
  • Bump dotnet-core-offline-buildpack to version 2.3.13
  • Bump garden-runc to version 1.19.14
  • Bump go-offline-buildpack to version 1.9.15
  • Bump java-offline-buildpack to version 4.32.1
  • Bump nginx-offline-buildpack to version 1.1.12
  • Bump nodejs-offline-buildpack to version 1.7.25
  • Bump notifications-ui to version 39
  • Bump php-offline-buildpack to version 4.4.19
  • Bump pxc to version 0.28.0
  • Bump python-offline-buildpack to version 1.7.17
  • Bump ruby-offline-buildpack to version 1.8.22
  • Bump silk to version 2.31.0
Component Version
ubuntu-xenial stemcell456.116
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.13
cf-autoscaling232
cf-backup-and-restore0.0.11
cf-cli1.28.0
cf-networking2.31.0
cf-smoke-tests40.0.134
cf-syslog-drain10.2.5
cflinuxfs30.202.0
credhub2.5.12
diego2.47.0
dotnet-core-offline-buildpack2.3.13
garden-runc1.19.14
go-offline-buildpack1.9.15
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.32.1
leadership-election1.4.2
log-cache2.1.15
loggregator-agent3.21.11
loggregator105.6.6
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.12
nodejs-offline-buildpack1.7.25
notifications-ui39
notifications61
php-offline-buildpack4.4.19
push-apps-manager-release670.0.24
push-usage-service-release670.0.20
pxc0.28.0
python-offline-buildpack1.7.17
r-offline-buildpack1.1.7
routing0.203.0
ruby-offline-buildpack1.8.22
silk2.31.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.9
statsd-injector1.11.8
syslog11.6.1
uaa73.4.25

2.7.20

Release Date: 07/16/2020

  • [Security Fix] Fix for CVE-2020-15586: Bump golang to version 1.14.5 with a fix in the net/http/httputil package for an issue which could cause the Gorouter to crash if a malicious client sends specially crafted HTTP requests.
  • [Feature Improvement] Platform operators can see X-Cf-RouterError response headers in router access logs
  • [Feature Improvement] Application developers can successfully deploy a reverse-proxy with support for sticky sessions
  • [Feature Improvement] Gorouter provides improved logging when the following error is received: x509: certificate has expired or is not yet valid

  • Bump cf-cli to version 1.27.0

  • Bump cf-smoke-tests to version 40.0.132

  • Bump cflinuxfs3 to version 0.198.0

  • Bump dotnet-core-offline-buildpack to version 2.3.12

  • Bump go-offline-buildpack to version 1.9.14

  • Bump java-offline-buildpack to version 4.31.1

  • Bump nginx-offline-buildpack to version 1.1.11

  • Bump nodejs-offline-buildpack to version 1.7.24

  • Bump php-offline-buildpack to version 4.4.18

  • Bump python-offline-buildpack to version 1.7.16

  • Bump r-offline-buildpack to version 1.1.7

  • Bump routing to version 0.203.0

  • Bump ruby-offline-buildpack to version 1.8.21

  • Bump staticfile-offline-buildpack to version 1.5.9

Component Version
ubuntu-xenial stemcell456.114
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.13
cf-autoscaling232
cf-backup-and-restore0.0.11
cf-cli1.27.0
cf-networking2.30.0
cf-smoke-tests40.0.132
cf-syslog-drain10.2.5
cflinuxfs30.198.0
credhub2.5.12
diego2.47.0
dotnet-core-offline-buildpack2.3.12
garden-runc1.19.10
go-offline-buildpack1.9.14
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.31.1
leadership-election1.4.2
log-cache2.1.15
loggregator-agent3.21.11
loggregator105.6.6
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.11
nodejs-offline-buildpack1.7.24
notifications-ui36
notifications61
php-offline-buildpack4.4.18
push-apps-manager-release670.0.24
push-usage-service-release670.0.20
pxc0.22.0
python-offline-buildpack1.7.16
r-offline-buildpack1.1.7
routing0.203.0
ruby-offline-buildpack1.8.21
silk2.30.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.9
statsd-injector1.11.8
syslog11.6.1
uaa73.4.25

2.7.19

Release Date: 07/09/2020

  • [Security Fix] Stop logging credentials in Autoscaler app
  • [Bug Fix] For sets of logs larger than 4MB, Apps Manager does not make requests to log cache with an invalid log limit
  • [Bug Fix] Display correct guid for App subresources in v2 GET response
  • [Bug Fix] Fix bug impacting hybrid grant flow with external oauth providers
  • [Bug Fix] Restore access to Log Cache service logs
  • Bump capi to version 1.84.13
  • Bump cf-autoscaling to version 232
  • Bump cf-smoke-tests to version 40.0.130
  • Bump cflinuxfs3 to version 0.197.0
  • Bump log-cache to version 2.1.15
  • Bump push-apps-manager-release to version 670.0.24
  • Bump uaa to version 73.4.25
Component Version
ubuntu-xenial stemcell456.114
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.13
cf-autoscaling232
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.30.0
cf-smoke-tests40.0.130
cf-syslog-drain10.2.5
cflinuxfs30.197.0
credhub2.5.12
diego2.47.0
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.12
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.31
leadership-election1.4.2
log-cache2.1.15
loggregator-agent3.21.11
loggregator105.6.6
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.18
notifications-ui36
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release670.0.24
push-usage-service-release670.0.20
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.201.0
ruby-offline-buildpack1.8.17
silk2.30.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.6
statsd-injector1.11.8
syslog11.6.1
uaa73.4.25

2.7.18

Release Date: 06/25/2020

  • [Breaking Change] Incorrect HTTP(S) Proxy configuration breaks CredHub interpolation for apps. For more information, see Incorrect HTTP(S) Proxy Configuration Breaks CredHub Interpolation for Apps in PAS v2.7.18 and Later below.
  • [Bug Fix] Add a new cache configuration to the NFS service allowing service instances to enable file attribute caching and achieve directory listing performance similar to the nfs-legacy service
  • [Bug Fix] Purged and re-seeded AppUsageEvents now contain parent app guid/name
  • [Bug Fix] Fix Autoscaler logging to respect the ‘Enable Verbose Logging’ checkbox
  • [Bug Fix] Remove invalid characters in hostnames in outgoing application syslog messages to comply with RFC 5424
  • Bump ubuntu-xenial stemcell to version 456.114
  • Bump capi to version 1.84.12
  • Bump cflinuxfs3 to version 0.195.0
  • Bump diego to version 2.47.0
  • Bump java-offline-buildpack to version 4.31
  • Bump loggregator-agent to version 3.21.11
  • Bump nfs-volume to version 2.3.9
  • Bump push-usage-service-release to version 670.0.20
Component Version
ubuntu-xenial stemcell456.114
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.12
cf-autoscaling230
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.30.0
cf-smoke-tests40.0.128
cf-syslog-drain10.2.5
cflinuxfs30.195.0
credhub2.5.12
diego2.47.0
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.12
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.31
leadership-election1.4.2
log-cache2.1.14
loggregator-agent3.21.11
loggregator105.6.6
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.9
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.18
notifications-ui36
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release670.0.23
push-usage-service-release670.0.20
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.201.0
ruby-offline-buildpack1.8.17
silk2.30.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.6
statsd-injector1.11.8
syslog11.6.1
uaa73.4.24

2.7.17

Release Date: 06/11/2020

  • [Feature Improvement] Upgrade Bellsoft JDK to version 11.0.7+10
  • [Bug Fix] Update App Metrics UAA client to support cloud_controller.admin scope
  • [Bug Fix] Usage Service - Backfill missing service name fields in usage reports
  • [Bug Fix] Fix issue preventing rolling deployments from working with Windows apps
  • [Bug Fix] Gorouter - Drain timeout always uses configured value
  • [Bug Fix] Silk - Continue container networking during cell drain
  • [Bug Fix] Pass through arbitrary parameters when binding a service to a route in Apps Manager
  • [Bug Fix] Prevent click into Apps Manager search bar from erroring out when data is not fully loaded
  • [Bug Fix] Improve monitoring metrics for Usage Service
  • Bump capi to version 1.84.11
  • Bump cf-networking to version 2.30.0
  • Bump cflinuxfs3 to version 0.192.0
  • Bump push-apps-manager-release to version 670.0.23
  • Bump push-usage-service-release to version 670.0.19
  • Bump routing to version 0.201.0
  • Bump silk to version 2.30.0
  • Bump uaa to version 73.4.24
Component Version
ubuntu-xenial stemcell456.112
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.11
cf-autoscaling230
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.30.0
cf-smoke-tests40.0.128
cf-syslog-drain10.2.5
cflinuxfs30.192.0
credhub2.5.12
diego2.36.5
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.12
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.29.1
leadership-election1.4.2
log-cache2.1.14
loggregator-agent3.21.10
loggregator105.6.6
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.6
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.18
notifications-ui36
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release670.0.23
push-usage-service-release670.0.19
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.201.0
ruby-offline-buildpack1.8.17
silk2.30.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.6
statsd-injector1.11.8
syslog11.6.1
uaa73.4.24

2.7.16

Release Date: 06/02/2020

  • [Security Fix] Fix minor CVEs in Credhub server from dependent libraries
  • [Feature] Allow egress traffic from apps to addresses on host via host_tcp_services
  • [Feature Improvement] HTTP trace requests now respond with a generic error page
  • [Bug Fix] Safeguard against unavailable stack traces in Spring and Steeltoe threaddump actuator endpoint in Apps Manager
  • [Bug Fix] Update Reverse Log Proxies to fix shutdown issues in Loggregator
  • Bump cf-smoke-tests to version 40.0.128
  • Bump cflinuxfs3 to version 0.189.0
  • Bump credhub to version 2.5.12
  • Bump go-offline-buildpack to version 1.9.12
  • Bump loggregator to version 105.6.6
  • Bump nfs-volume to version 2.3.6
  • Bump nodejs-offline-buildpack to version 1.7.18
  • Bump push-apps-manager-release to version 670.0.21
  • Bump uaa to version 73.4.23
Component Version
ubuntu-xenial stemcell456.112
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.9
cf-autoscaling230
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.28.0
cf-smoke-tests40.0.128
cf-syslog-drain10.2.5
cflinuxfs30.189.0
credhub2.5.12
diego2.36.5
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.12
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.29.1
leadership-election1.4.2
log-cache2.1.14
loggregator-agent3.21.10
loggregator105.6.6
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.6
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.18
notifications-ui36
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release670.0.21
push-usage-service-release670.0.14
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.199.0
ruby-offline-buildpack1.8.17
silk2.28.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.6
statsd-injector1.11.8
syslog11.6.1
uaa73.4.23

2.7.15

Release Date: 05/18/2020

  • [Security Fix] Support various CVE impacted components
  • [Bug Fix] Fix scheduling issue in loggregator agent by upgrading to Go 1.14.2
  • [Bug Fix] Fix issue in App Autoscaler where rules that were based on the HTTP-throughput metric failed to fire. For information about the HTTP Throughput metric, see Default Metrics for Scaling Rules.
  • [Bug Fix] Fix issue in App Autoscaler where the Scheduler API returned an error when executes_at was set to a time that was in the past.
  • Bump ubuntu-xenial stemcell to version 456.112
  • Bump cf-autoscaling to version 230
  • Bump cflinuxfs3 to version 0.180.0
  • Bump loggregator-agent to version 3.21.10
Component Version
ubuntu-xenial stemcell456.112
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.9
cf-autoscaling230
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.28.0
cf-smoke-tests40.0.127
cf-syslog-drain10.2.5
cflinuxfs30.180.0
credhub2.5.11
diego2.36.5
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.11
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.29.1
leadership-election1.4.2
log-cache2.1.14
loggregator-agent3.21.10
loggregator105.6.4
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.5
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.17
notifications-ui36
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release670.0.20
push-usage-service-release670.0.14
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.199.0
ruby-offline-buildpack1.8.17
silk2.28.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.6
statsd-injector1.11.8
syslog11.6.1
uaa73.4.22

2.7.14 - Withdrawn

Warning: This release has been removed from VMware Tanzu Network due to the severity of the Forwarder Agent CPU Causes Apps to Fail to Stage in v2.7.13 and v2.7.14 known issue.

Release Date: 05/05/2020

  • [Security Fix] Update debian packages and source libraries in nfs and mapfs releases
  • [Feature Improvement] Improved access logging and bumped versions of Jackson and MariaDB
  • [Feature Improvement] Autoscaler only skips certificate validation when no Database CA is provided
  • [Bug Fix] Performance and stability improvements in Log Cache
  • [Bug Fix] Cloud Controller only checks for bucket presence on startup instead of every call to blobstore
  • [Bug Fix] Fix bug that caused Apps Manager to error out on clicking into the search bar
  • [Bug Fix] Show full list of jobs for an app in Apps Manager
  • Bump ubuntu-xenial stemcell to version 456.110
  • Bump capi to version 1.84.9
  • Bump cflinuxfs3 to version 0.177.0
  • Bump dotnet-core-offline-buildpack to version 2.3.9
  • Bump go-offline-buildpack to version 1.9.11
  • Bump log-cache to version 2.1.14
  • Bump mapfs to version 1.2.4
  • Bump nfs-volume to version 2.3.5
  • Bump nginx-offline-buildpack to version 1.1.8
  • Bump nodejs-offline-buildpack to version 1.7.17
  • Bump php-offline-buildpack to version 4.4.13
  • Bump push-apps-manager-release to version 670.0.20
  • Bump python-offline-buildpack to version 1.7.13
  • Bump r-offline-buildpack to version 1.1.4
  • Bump ruby-offline-buildpack to version 1.8.17
  • Bump smb-volume to version 3.0.1
  • Bump staticfile-offline-buildpack to version 1.5.6
  • Bump uaa to version 73.4.22
Component Version
ubuntu-xenial stemcell456.110
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.9
cf-autoscaling226
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.28.0
cf-smoke-tests40.0.127
cf-syslog-drain10.2.5
cflinuxfs30.177.0
credhub2.5.11
diego2.36.5
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.11
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.29.1
leadership-election1.4.2
log-cache2.1.14
loggregator-agent3.21.9
loggregator105.6.4
mapfs1.2.4
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.5
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.17
notifications-ui36
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release670.0.20
push-usage-service-release670.0.14
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.199.0
ruby-offline-buildpack1.8.17
silk2.28.0
smb-volume3.0.1
staticfile-offline-buildpack1.5.6
statsd-injector1.11.8
syslog11.6.1
uaa73.4.22

2.7.13 - Withdrawn

Warning: This release has been removed from VMware Tanzu Network due to the severity of the Forwarder Agent CPU Causes Apps to Fail to Stage in v2.7.13 and v2.7.14 known issue.

Release Date: 04/22/2020

  • [Security Fix] Update netaddr library to prevent misconfigured file permissions in CAPI Release
  • [Feature] HAProxy can now be configured with custom certificate authorities
  • [Feature Improvement] Autoscaler uses TLS to communicate with its database
  • [Bug Fix] Loggregator Agent handles deployment with no Dopplers
  • Bump ubuntu-xenial stemcell to version 456.104
  • Bump capi to version 1.84.8
  • Bump cf-cli to version 1.26.0
  • Bump cflinuxfs3 to version 0.175.0
  • Bump loggregator-agent to version 3.21.9
Component Version
ubuntu-xenial stemcell456.104
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.8
cf-autoscaling226
cf-backup-and-restore0.0.11
cf-cli1.26.0
cf-networking2.28.0
cf-smoke-tests40.0.127
cf-syslog-drain10.2.5
cflinuxfs30.175.0
credhub2.5.11
diego2.36.5
dotnet-core-offline-buildpack2.3.7
garden-runc1.19.10
go-offline-buildpack1.9.8
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.29.1
leadership-election1.4.2
log-cache2.1.13
loggregator-agent3.21.9
loggregator105.6.4
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.6
nodejs-offline-buildpack1.7.15
notifications-ui36
notifications61
php-offline-buildpack4.4.9
push-apps-manager-release670.0.19
push-usage-service-release670.0.14
pxc0.22.0
python-offline-buildpack1.7.10
r-offline-buildpack1.1.2
routing0.199.0
ruby-offline-buildpack1.8.14
silk2.28.0
smb-volume2.1.1
staticfile-offline-buildpack1.5.5
statsd-injector1.11.8
syslog11.6.1
uaa73.4.20

2.7.12

Release Date: 04/07/2020

  • [Feature Improvement] Apps Manager Revisions tab only shows the Redeploy button for revisions that can be redeployed.
  • [Bug Fix] Bump Tomcat in UAA to fix SAML login issues
  • [Bug Fix] garden-runc - bump to latest release in supported versions
  • [Bug Fix] Fix issue that caused traffic-controller/doppler jobs to not start
  • [Bug Fix] Apps now show a status of down instead of crashed.
  • [Bug Fix] You can now view logs larger than 4 MB in Apps Manager.
  • [Bug Fix] Honor option to hide service plan prices in Apps Manager services tables.
  • [Bug Fix] Expose buildpack versions in the Settings tab for the app in Apps Manager
  • [Bug Fix] Apps Manager accepts numerical status, such as 500, from the Spring and Steeltoe health actuator endpoints.
  • [Bug Fix] Fix error when viewing the Settings tab for an app in Apps Manager while a Spring or Steeltoe app is restarting
  • [Bug Fix] Gorouter correctly handles control characters in URLs
  • [Bug Fix] Ensure usage service correctly considers usage events when installed after PAS
  • [Bug Fix] App developers now receive a 401 when using an expired access token with policy server
  • [Bug Fix] Autoscaler smoke test works when router rejects requests on port 80
  • [Security fix] Bump backup and restore SDK
  • Bump ubuntu-xenial stemcell to version 456.103
  • Bump backup-and-restore-sdk to version 1.17.4
  • Bump cf-autoscaling to version 226
  • Bump cf-networking to version 2.28.0
  • Bump cflinuxfs3 to version 0.174.0
  • Bump dotnet-core-offline-buildpack to version 2.3.7
  • Bump garden-runc to version 1.19.10
  • Bump go-offline-buildpack to version 1.9.8
  • Bump java-offline-buildpack to version 4.29.1
  • Bump loggregator to version 105.6.4
  • Bump nginx-offline-buildpack to version 1.1.6
  • Bump nodejs-offline-buildpack to version 1.7.15
  • Bump php-offline-buildpack to version 4.4.9
  • Bump push-apps-manager-release to version 670.0.19
  • Bump push-usage-service-release to version 670.0.14
  • Bump python-offline-buildpack to version 1.7.10
  • Bump r-offline-buildpack to version 1.1.2
  • Bump routing to version 0.199.0
  • Bump ruby-offline-buildpack to version 1.8.14
  • Bump silk to version 2.28.0
  • Bump staticfile-offline-buildpack to version 1.5.5
  • Bump uaa to version 73.4.20
Component Version
ubuntu-xenial stemcell456.103
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.7
cf-autoscaling226
cf-backup-and-restore0.0.11
cf-cli1.25.0
cf-networking2.28.0
cf-smoke-tests40.0.127
cf-syslog-drain10.2.5
cflinuxfs30.174.0
credhub2.5.11
diego2.36.5
dotnet-core-offline-buildpack2.3.7
garden-runc1.19.10
go-offline-buildpack1.9.8
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.29.1
leadership-election1.4.2
log-cache2.1.13
loggregator-agent3.21.6
loggregator105.6.4
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.6
nodejs-offline-buildpack1.7.15
notifications-ui36
notifications61
php-offline-buildpack4.4.9
push-apps-manager-release670.0.19
push-usage-service-release670.0.14
pxc0.22.0
python-offline-buildpack1.7.10
r-offline-buildpack1.1.2
routing0.199.0
ruby-offline-buildpack1.8.14
silk2.28.0
smb-volume2.1.1
staticfile-offline-buildpack1.5.5
statsd-injector1.11.8
syslog11.6.1
uaa73.4.20

2.7.11

Release Date: 03/13/2020

  • [Security Fix] Improve autoscaler HTTP throughput calculation performance and omit DATABASE_URL from logs
  • [Bug Fix] UAA no longer attempts to create logs in incorrect directory
  • [Bug Fix] Fix bug that prevented usage report in Apps Manager from displaying when only partial data is available
  • [Bug Fix] Wrap long resource names in Apps Manager’s usage report and invite members flow
  • Bump ubuntu-xenial stemcell to version 456.100
  • Bump cf-autoscaling to version 223
  • Bump cf-cli to version 1.25.0
  • Bump cflinuxfs3 to version 0.169.0
  • Bump dotnet-core-offline-buildpack to version 2.3.6
  • Bump go-offline-buildpack to version 1.9.7
  • Bump nginx-offline-buildpack to version 1.1.5
  • Bump nodejs-offline-buildpack to version 1.7.13
  • Bump php-offline-buildpack to version 4.4.8
  • Bump push-apps-manager-release to version 670.0.18
  • Bump python-offline-buildpack to version 1.7.8
  • Bump ruby-offline-buildpack to version 1.8.12
  • Bump staticfile-offline-buildpack to version 1.5.4
  • Bump uaa to version 73.4.18
Component Version
ubuntu-xenial stemcell456.100
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.7
cf-autoscaling223
cf-backup-and-restore0.0.11
cf-cli1.25.0
cf-networking2.23.5
cf-smoke-tests40.0.127
cf-syslog-drain10.2.5
cflinuxfs30.169.0
credhub2.5.11
diego2.36.5
dotnet-core-offline-buildpack2.3.6
garden-runc1.19.9
go-offline-buildpack1.9.7
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.13
loggregator-agent3.21.6
loggregator105.6.3
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.5
nodejs-offline-buildpack1.7.13
notifications-ui36
notifications61
php-offline-buildpack4.4.8
push-apps-manager-release670.0.18
push-usage-service-release670.0.13
pxc0.22.0
python-offline-buildpack1.7.8
r-offline-buildpack1.1.1
routing0.198.0
ruby-offline-buildpack1.8.12
silk2.23.5
smb-volume2.1.1
staticfile-offline-buildpack1.5.4
statsd-injector1.11.8
syslog11.6.1
uaa73.4.18

2.7.10

Release Date: 02/27/2020

  • [Breaking Change] Autoscaler controls do not appear for apps in Apps Manager. For the workaround, see the known issue Autoscaler Controls Do Not Appear in Apps Manager for Proxied Setups.
  • [Breaking Change] PCF Metrics link disappears from Apps Manager. For the workaround, see the known issue PCF Metrics Link Disappears in Apps Manager for Proxied Setups.
  • [Security Fix] Stop logging private data in background jobs
  • [Security Fix] Fix vulnerabilities CVE-2019-2426, CVE-2019-2449, CVE-2019-2422 in Credhub
  • [Security Fix] Fix vulnerability CVE-2020-5402 in UAA
  • [Feature Improvement] Allow Syslog Adapters to scale to zero
  • [Feature Improvement] Bring bug fixes and improvements in latest routing releases to all supported PAS versions
  • [Feature Improvement] The latest routing release adds the gorouter_time field, which logs the total time it takes for a request to travel through Gorouter. Because this changes the access log format, you might need to update your external monitoring configuration. For more information, see About Access Logs.
  • [Feature Improvement] Allow users to specify a list of URIs for other foundations that Apps Manager manages
  • [Feature Improvement] Introduce read only capabilities in Apps Manager for users with cloud_controller.global_auditor and cloud_controller.admin_read_only scopes
  • [Feature Improvement] Safeguard deletion of spaces in Apps Manager
  • [Feature Improvement] Improve the service instance creation flow in Apps Manager to better represent plan costs and features
  • [Feature Improvement] Improve performance of app logs loaded in Apps Manager
  • [Bug Fix] Fix display of Pivotal logo in footer of Apps Manager for Internet Explorer users
  • [Bug Fix] Allow users with usage_service.audit scope to view Usage Report in Apps Manager
  • [Bug Fix] Increase responsiveness of Apps Manager sidebar services count
  • [Bug Fix] Surface errors from Spring and Steeltoe trace actuator endpoint in Apps Manager
  • [Bug Fix] Account for asynchronous Spring and Steeltoe health actuator endpoint responses in Apps Manager
  • [Bug Fix] Fix bug that prevented users from navigating beyond first page of app revisions in Apps Manager
  • [Bug Fix] Fix issue that caused Apps Manager to show a 404 after renaming an org
  • [Bug Fix] Show full space and organization names, regardless of length, in Apps Manager
  • [Bug Fix] Use more informative description “Last Update” instead of “Last Push” in Apps Manager
  • [Bug Fix] Fix cascading deletions of certain resources with metadata
  • [Bug Fix] Fix Race Condition in Loggregator Agent
  • [Bug Fix] Fixes race condition in log cache, no longer causes cf-auth-proxy to crash
  • [Bug Fix] Cloud Controller no longer tries to connect to Copilot when it is not deployed
  • Bump ubuntu-xenial stemcell to version 456.98
  • Bump capi to version 1.84.7
  • Bump cf-smoke-tests to version 40.0.127
  • Bump cflinuxfs3 to version 0.164.0
  • Bump credhub to version 2.5.11
  • Bump log-cache to version 2.1.13
  • Bump loggregator-agent to version 3.21.6
  • Bump push-apps-manager-release to version 670.0.16
  • Bump routing to version 0.198.0
  • Bump uaa to version 73.4.17
Component Version
ubuntu-xenial stemcell456.98
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.7
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.24.0
cf-networking2.23.5
cf-smoke-tests40.0.127
cf-syslog-drain10.2.5
cflinuxfs30.164.0
credhub2.5.11
diego2.36.5
dotnet-core-offline-buildpack2.3.4
garden-runc1.19.9
go-offline-buildpack1.9.5
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.13
loggregator-agent3.21.6
loggregator105.6.3
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.4
nodejs-offline-buildpack1.7.9
notifications-ui36
notifications61
php-offline-buildpack4.4.6
push-apps-manager-release670.0.16
push-usage-service-release670.0.13
pxc0.22.0
python-offline-buildpack1.7.6
r-offline-buildpack1.1.1
routing0.198.0
ruby-offline-buildpack1.8.8
silk2.23.5
smb-volume2.1.1
staticfile-offline-buildpack1.5.3
statsd-injector1.11.8
syslog11.6.1
uaa73.4.17

2.7.9

Release Date: 02/07/2020

  • [Known Issue] Some Java client apps, including App Metrics v2.0, fail to start. In the app logs, you see that a TLS connection fails to be negotiated when the app communicates with the Gorouter. The connection fails with the exception: javax.net.ssl.SSLHandshakeException. This issue is fixed by using a later version of Java or by upgrading to PAS v2.7.10 or later. For Java versions, see JDK-8236039 in the JDK Bug System.
  • [Security Fix] CVE-2020-5399 - Use TLS for MySQL database connections in CredHub
  • [Feature Improvement] Replace Metric Forwarder integration with Metric Registrar integration in Apps Manager
  • [Feature Improvement] The HSM Client Private Key for CredHub can be encrypted.
  • [Feature Improvement] Use the Diego logging format for the Garden job
  • [Bug Fix] Show spring mappings in Apps Manager for apps using Spring Boot 2.2.x
  • [Bug Fix] Add empty state message to Marketplace for orgs without spaces in Apps Manager
  • [Bug Fix] Add support for non-ASCII characters in app logs shown in Apps Manager
  • [Bug Fix] The Apps Manager bound services list correctly shows the number of bound apps when a table is paginated
  • [Bug Fix] Show full app name, regardless of length, in Apps Manager
  • [Bug Fix] Allow users with cloud_controller.global_auditor scope to view Cloud Controller resources in Apps Manager
  • [Bug Fix] Allow users with cloud_controller.admin_read_only scope to view Cloud Controller resources in Apps Manager, including secrets
  • [Bug Fix] When you click the Restage App option, Apps Manager renders the restage app modal.
  • [Bug Fix] For apps using Spring Boot 2.2.x, show Spring Health information in Apps Manager
  • [Bug Fix] Wait for necessary information to load in Apps Manager before rendering link to recently accessed apps
  • [Bug Fix] Enforce memory limits on non-API cloud_controller jobs
  • [Bug Fix] HAProxy returns with HTTP/1.1 proto for 504s
  • Bump ubuntu-xenial stemcell to version 456.93
  • Bump capi to version 1.84.5
  • Bump cflinuxfs3 to version 0.161.0
  • Bump credhub to version 2.5.10
  • Bump dotnet-core-offline-buildpack to version 2.3.4
  • Bump go-offline-buildpack to version 1.9.5
  • Bump nginx-offline-buildpack to version 1.1.4
  • Bump nodejs-offline-buildpack to version 1.7.9
  • Bump php-offline-buildpack to version 4.4.6
  • Bump push-apps-manager-release to version 670.0.13
  • Bump python-offline-buildpack to version 1.7.6
  • Bump ruby-offline-buildpack to version 1.8.8
Component Version
ubuntu-xenial stemcell456.93
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.5
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.24.0
cf-networking2.23.5
cf-smoke-tests40.0.125
cf-syslog-drain10.2.5
cflinuxfs30.161.0
credhub2.5.10
diego2.36.5
dotnet-core-offline-buildpack2.3.4
garden-runc1.19.9
go-offline-buildpack1.9.5
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.12
loggregator-agent3.21.5
loggregator105.6.3
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.4
nodejs-offline-buildpack1.7.9
notifications-ui36
notifications61
php-offline-buildpack4.4.6
push-apps-manager-release670.0.13
push-usage-service-release670.0.13
pxc0.22.0
python-offline-buildpack1.7.6
r-offline-buildpack1.1.1
routing0.191.7
ruby-offline-buildpack1.8.8
silk2.23.5
smb-volume2.1.1
staticfile-offline-buildpack1.5.3
statsd-injector1.11.8
syslog11.6.1
uaa73.4.16

2.7.8

Release Date: 01/16/2020

  • [Known Issue] Some Java client apps, including App Metrics v2.0, fail to start. In the app logs, you see that a TLS connection fails to be negotiated when the app communicates with the Gorouter. The connection fails with the exception: javax.net.ssl.SSLHandshakeException. This issue is fixed by using a later version of Java or by upgrading to PAS v2.7.10 or later. For Java versions, see JDK-8236039 in the JDK Bug System.
  • [Security Fix] Several security issues were fixed in MySQL USN-4070-1, USN-4195-1
  • [Feature] Expose PAS database metrics in the Healthwatch Indicator Protocol dashboard
  • [Bug Fix] mapfs - Fix error when appending to a file
  • Bump ubuntu-xenial stemcell to version 456.84
  • Bump binary-offline-buildpack to version 1.0.36
  • Bump cf-cli to version 1.24.0
  • Bump cf-smoke-tests to version 40.0.125
  • Bump cflinuxfs3 to version 0.153.0
  • Bump dotnet-core-offline-buildpack to version 2.3.3
  • Bump go-offline-buildpack to version 1.9.4
  • Bump mysql-monitoring to version 9.7.0
  • Bump nginx-offline-buildpack to version 1.1.3
  • Bump nodejs-offline-buildpack to version 1.7.8
  • Bump php-offline-buildpack to version 4.4.5
  • Bump pxc to version 0.22.0
  • Bump python-offline-buildpack to version 1.7.5
  • Bump r-offline-buildpack to version 1.1.1
  • Bump ruby-offline-buildpack to version 1.8.6
  • Bump staticfile-offline-buildpack to version 1.5.3
Component Version
ubuntu-xenial stemcell456.84
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.4
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.24.0
cf-networking2.23.5
cf-smoke-tests40.0.125
cf-syslog-drain10.2.5
cflinuxfs30.153.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.3
garden-runc1.19.9
go-offline-buildpack1.9.4
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.12
loggregator-agent3.21.5
loggregator105.6.3
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.3
nodejs-offline-buildpack1.7.8
notifications-ui36
notifications61
php-offline-buildpack4.4.5
push-apps-manager-release670.0.12
push-usage-service-release670.0.13
pxc0.22.0
python-offline-buildpack1.7.5
r-offline-buildpack1.1.1
routing0.191.7
ruby-offline-buildpack1.8.6
silk2.23.5
smb-volume2.1.1
staticfile-offline-buildpack1.5.3
statsd-injector1.11.8
syslog11.6.1
uaa73.4.16

2.7.7

Release Date: 12/26/2019

  • [Security Fix] App Usage Service - Bump Nokogiri to 1.10.5 to fix CVE-2019-13117
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for syslog release
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for garden-runc release
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for loggregator releases
  • [Feature Improvement] Improve the upgrade process for 2.7 to ensure that users with large scale environments do not see too much log loss when switching from syslog adapters to syslog agents
  • [Feature Improvement] Upgrade nats release to use go 1.13 release
  • [Feature Improvement] Notifications service will skip hostname validation for external databases
  • [Feature Improvement] Clarify wording of Marketplace URL help text in Apps Manager configuration
  • [Feature Improvement] Add doppler.firehose and usage_service.audit to Apps Manager client
  • [Bug Fix] Fix bug that prevented users from downloading the Accounting and Usage Service reports through Apps Manager when fields are undefined or null
  • [Bug Fix] Fix bug that prevented additional resources from populating after user permissions load in Apps Manager
  • [Bug Fix] Fix bug preventing multiple service instances without binding names from being bound to apps in Apps Manager
  • [Bug Fix] Exclude user provided service instances from org level service instance hours on Usage Report in Apps Manager
  • [Bug Fix] Account for malformed git properties in Spring and Steeltoe apps to keep Apps Manager from crashing on render
  • [Bug Fix] Fix bug where 'Invalid Date’ was shown in Apps Manager trace tab when using Spring v2.0
  • [Bug Fix] Prevent Apps Manager’s revisions tab from crashing out when a deployment is in progress
  • [Bug Fix] Move tooltip in the Apps Manager bind services flyout to make text fully visible
  • [Bug Fix] Prevent attempts to build a droplet when starting an app through Apps Manager if there is no associated package
  • [Bug Fix] Fix error when using after_guid query parameter with the v2/app_usage_events endpoint after all AppUsageEvents have been pruned
  • [Bug Fix] Passwords containing commas no longer cause the SMB volume service to crash at startup with a “mount failed” error
  • [Bug Fix] CAPI - Allow manifests with internal routes to be applied
  • [Bug Fix] All CAPI jobs respect “Maximum disk quota per app”
  • Bump ubuntu-xenial stemcell to version 456.77
  • Bump capi to version 1.84.4
  • Bump cf-smoke-tests to version 40.0.124
  • Add new release cf-syslog-drain at version 10.2.5
  • Bump cflinuxfs3 to version 0.151.0
  • Bump garden-runc to version 1.19.9
  • Bump log-cache to version 2.1.12
  • Bump loggregator-agent to version 3.21.5
  • Bump loggregator to version 105.6.3
  • Bump nats to version 28
  • Bump push-apps-manager-release to version 670.0.12
  • Bump push-usage-service-release to version 670.0.13
  • Bump pxc to version 0.21.0
  • Bump smb-volume to version 2.1.1
  • Bump statsd-injector to version 1.11.8
  • Bump syslog to version 11.6.1
Component Version
ubuntu-xenial stemcell456.77
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.4
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.23.0
cf-networking2.23.5
cf-smoke-tests40.0.124
cf-syslog-drain10.2.5
cflinuxfs30.151.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.9
go-offline-buildpack1.9.3
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.12
loggregator-agent3.21.5
loggregator105.6.3
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.4.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.4
notifications-ui36
notifications61
php-offline-buildpack4.4.2
push-apps-manager-release670.0.12
push-usage-service-release670.0.13
pxc0.21.0
python-offline-buildpack1.7.2
r-offline-buildpack1.1.0
routing0.191.7
ruby-offline-buildpack1.8.2
silk2.23.5
smb-volume2.1.1
staticfile-offline-buildpack1.5.1
statsd-injector1.11.8
syslog11.6.1
uaa73.4.16

2.7.6

Release Date: 12/09/2019

  • [Security Fix] Prevent logging of secure information
  • [Feature Improvement] Upgrade Routing, Networking, and Silk releases to use go 1.13 release
  • [Bug Fix] Add length constraint to CredHub internal encryption provider keys
  • Bump cf-cli to version 1.23.0
  • Bump cf-networking to version 2.23.5
  • Bump cflinuxfs3 to version 0.150.0
  • Bump routing to version 0.191.7
  • Bump silk to version 2.23.5
  • Bump uaa to version 73.4.16
Component Version
ubuntu-xenial stemcell456.74
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.23.0
cf-networking2.23.5
cf-smoke-tests40.0.123
cflinuxfs30.150.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.8
go-offline-buildpack1.9.3
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.21.4
loggregator105.6.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.4
notifications-ui36
notifications61
php-offline-buildpack4.4.2
push-apps-manager-release670.0.11
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.7.2
r-offline-buildpack1.1.0
routing0.191.7
ruby-offline-buildpack1.8.2
silk2.23.5
smb-volume2.1.0
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.4.0
uaa73.4.16

2.7.5

Release Date: 12/02/2019

  • [Feature] Allow operator to set a new bind configuration “version” on volume mounts. Operators with older versions of smb software can now use volume services.
  • [Bug Fix] S3 unversioned backup and restore now works if the unversioned target bucket used to be versioned
  • Bump ubuntu-xenial stemcell to version 456.74
  • Bump backup-and-restore-sdk to version 1.17.2
  • Bump cflinuxfs3 to version 0.149.0
  • Bump java-offline-buildpack to version 4.26
  • Bump nodejs-offline-buildpack to version 1.7.4
  • Bump php-offline-buildpack to version 4.4.2
  • Bump python-offline-buildpack to version 1.7.2
  • Bump r-offline-buildpack to version 1.1.0
  • Bump smb-volume to version 2.1.0
Component Version
ubuntu-xenial stemcell456.74
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.22.0
cf-networking2.23.4
cf-smoke-tests40.0.123
cflinuxfs30.149.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.8
go-offline-buildpack1.9.3
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.21.4
loggregator105.6.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.4
notifications-ui36
notifications61
php-offline-buildpack4.4.2
push-apps-manager-release670.0.11
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.7.2
r-offline-buildpack1.1.0
routing0.191.2
ruby-offline-buildpack1.8.2
silk2.22.2
smb-volume2.1.0
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.4.0
uaa73.4.15

2.7.4

Release Date: 11/20/2019

  • [Security Fix] Address CVE-2019-17596
  • [Security Fix] Improve Gorouter resiliency to panics and address CVE-2019-11289
  • [Bug Fix] Fixes a bug that made the UAA fail to start up successfully any time the env.no_proxy property was set
  • Bump ubuntu-xenial stemcell to version 456.69
  • Bump cf-cli to version 1.22.0
  • Bump cf-smoke-tests to version 40.0.123
  • Bump cflinuxfs3 to version 0.144.0
  • Bump dotnet-core-offline-buildpack to version 2.3.2
  • Bump go-offline-buildpack to version 1.9.3
  • Bump mapfs to version 1.2.1
  • Bump nfs-volume to version 2.3.2
  • Bump nginx-offline-buildpack to version 1.1.1
  • Bump nodejs-offline-buildpack to version 1.7.2
  • Bump php-offline-buildpack to version 4.4.1
  • Bump python-offline-buildpack to version 1.7.1
  • Bump routing to version 0.191.2
  • Bump ruby-offline-buildpack to version 1.8.2
  • Bump smb-volume to version 2.0.4
  • Bump staticfile-offline-buildpack to version 1.5.1
  • Bump uaa to version 73.4.15
Component Version
ubuntu-xenial stemcell456.69
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.22.0
cf-networking2.23.4
cf-smoke-tests40.0.123
cflinuxfs30.144.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.8
go-offline-buildpack1.9.3
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.24
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.21.4
loggregator105.6.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.2
notifications-ui36
notifications61
php-offline-buildpack4.4.1
push-apps-manager-release670.0.11
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.7.1
r-offline-buildpack1.0.13
routing0.191.2
ruby-offline-buildpack1.8.2
silk2.22.2
smb-volume2.0.4
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.4.0
uaa73.4.15

2.7.3

Release Date: 10/31/2019

  • [Security Fix] Eliminate risk of Jackson Databind vulnerabilities
  • [Security Fix] Upgrade Go, runc and containerd to latest to include security fixes
  • [Security Fix] Bump Usage Service Ruby to 2.5.7 and Loofah gem to 2.3.1
  • [Security Fix] CVE-2019-17596 bump Go
  • [Feature] Enable metrics for delayed job failures for Usage Service Release
  • [Feature Improvement] Correct System Logging TLS Destination Certificate Label
  • [Feature Improvement] Add Marketplace URL field and change sidebar links to secondary navigation links in Apps Manager configuration
  • [Bug Fix] Fix loading state on panels in Apps Manager
  • [Bug Fix] Increase width of Apps Manager logs tab
  • [Bug Fix] Do not attempt to start an app if the app droplet fails to build in Apps Manager
  • [Bug Fix] Redesign Apps Manager footer to accommodate footer links
  • [Bug Fix] Show buildpack name for java_buildpack in Apps Manager
  • [Bug Fix] Show correct Cloud Controller target on Apps Manager’s tools page
  • [Bug Fix] Match CLI default timeouts when waiting for app restages and start health checks in Apps Manager
  • [Bug Fix] When starting an app via Apps Manager, do not build a new droplet unless it’s necessary to do so
  • Bump ubuntu-xenial stemcell to version 456.40
  • Bump cf-cli to version 1.21.0
  • Bump cflinuxfs3 to version 0.137.0
  • Bump garden-runc to version 1.19.8
  • Bump java-offline-buildpack to version 4.24
  • Bump leadership-election to version 1.4.2
  • Bump log-cache to version 2.1.11
  • Bump loggregator-agent to version 3.21.4
  • Bump loggregator to version 105.6.2
  • Bump push-apps-manager-release to version 670.0.11
  • Bump push-usage-service-release to version 670.0.12
  • Bump ruby-offline-buildpack to version 1.8.1
  • Bump statsd-injector to version 1.11.1
  • Bump uaa to version 73.4.14
Component Version
ubuntu-xenial stemcell456.40
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.21.0
cf-networking2.23.4
cf-smoke-tests40.0.119
cflinuxfs30.137.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.1
garden-runc1.19.8
go-offline-buildpack1.9.1
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.24
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.21.4
loggregator105.6.2
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.0
nginx-offline-buildpack1.1.0
nodejs-offline-buildpack1.7.0
notifications-ui36
notifications61
php-offline-buildpack4.4.0
push-apps-manager-release670.0.11
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.6.37
r-offline-buildpack1.0.13
routing0.191.0
ruby-offline-buildpack1.8.1
silk2.22.2
smb-volume2.0.3
staticfile-offline-buildpack1.5.0
statsd-injector1.11.1
syslog11.4.0
uaa73.4.14

Warning: Before installing or upgrading to PAS v2.7, review Breaking Changes.

2.7.2

Release Date: 10/16/2019

  • [Security Fix] Bump Go to address CVE-2019-16276
  • [Security Fix] Add TLS to external policy server
  • [Security Fix] Improve redaction of sensitive data in SMB driver bosh logs
  • [Bug Fix] Fix defect disallowing “domain” option in SMB volume service
  • [Bug Fix] Disallow injection into the query parameter
  • [Bug Fix] Increase task result file size to ensure apps with very long start commands stage successfully
  • [Bug Fix] Replace hard-coded MySQL Buffer Pool size with sane percentage value.
  • [Bug Fix] Disable internal blobstore backups when using an external blobstore
  • Bump ubuntu-xenial stemcell to version 456.30
  • Bump binary-offline-buildpack to version 1.0.35
  • Bump cf-networking to version 2.23.4
  • Bump cflinuxfs3 to version 0.135.0
  • Bump diego to version 2.36.5
  • Bump dotnet-core-offline-buildpack to version 2.3.1
  • Bump go-offline-buildpack to version 1.9.1
  • Bump java-offline-buildpack to version 4.23
  • Bump leadership-election to version 1.4.1
  • Bump log-cache to version 2.1.10
  • Bump loggregator-agent to version 3.21.3
  • Bump loggregator to version 105.6.1
  • Bump nginx-offline-buildpack to version 1.1.0
  • Bump nodejs-offline-buildpack to version 1.7.0
  • Bump php-offline-buildpack to version 4.4.0
  • Bump python-offline-buildpack to version 1.6.37
  • Bump r-offline-buildpack to version 1.0.13
  • Bump smb-volume to version 2.0.3
  • Bump staticfile-offline-buildpack to version 1.5.0
  • Bump statsd-injector to version 1.11.0
  • Bump uaa to version 73.4.10
Component Version
ubuntu-xenial stemcell456.30
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.19.0
cf-networking2.23.4
cf-smoke-tests40.0.119
cflinuxfs30.135.0
credhub2.5.6
diego2.36.5
dotnet-core-offline-buildpack2.3.1
garden-runc1.19.7
go-offline-buildpack1.9.1
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.23
leadership-election1.4.1
log-cache2.1.10
loggregator-agent3.21.3
loggregator105.6.1
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.0
nginx-offline-buildpack1.1.0
nodejs-offline-buildpack1.7.0
notifications-ui36
notifications61
php-offline-buildpack4.4.0
push-apps-manager-release670.0.10
push-usage-service-release670.0.10
pxc0.20.0
python-offline-buildpack1.6.37
r-offline-buildpack1.0.13
routing0.191.0
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume2.0.3
staticfile-offline-buildpack1.5.0
statsd-injector1.11.0
syslog11.4.0
uaa73.4.10

2.7.1

Release Date: 10/08/2019

  • [Security Fix] Upgrade Diego Components to Use grpc v1.23.0 and Go 1.12.9 to Fix HTTP2 CVEs
  • [Security Fix] UAA Patch release to address privilege escalation vulnerabilities
  • [Security Fix] Bump garden-runc release to take Go HTTP/2 and containerd gRPC fixes
  • [Security Fix] Upgrade gRPC-java to patch HTTP/2 vulnerability
  • [Feature Improvement] Make TCP Router Request Timeout Configurable. For more information, see Configuring TCP Routing in PAS.
  • [Feature Improvement] Metric Registrar - Allow app developers to register custom routes for metrics endpoints
  • [Feature Improvement] Docker image applications hosted in AWS ECR continue to run when restarted after the typical AWS ECR credential expiration period
  • [Feature Improvement] Show revision number on processes in Apps Manager when revisions are enabled for an application
  • [Feature Improvement] Show panels in Apps Manager for each web process during a rolling deployment
  • [Bug Fix] Fixes a regression bug causing mounts for applications bound to smb volume services with an older version of the smbbroker to fail on restart or upgrade
  • [Bug Fix] PXC Release: Stale pid files are cleaned up so that processes start reliably
  • [Bug Fix] Fix Usage Service SQL errors when MySQL has ONLY_FULL_GROUP_BY enabled
  • [Bug Fix] Show an app’s buildpack information in Apps Manager based on the app’s current droplet, to account for autodetected buildpacks
  • [Bug Fix] Fix filter to remove Apps Manager requests from logs shown in Apps Manager when apps are deployed to a path
  • [Bug Fix] Keep search results in Apps Manager from disappearing while they are being refreshed
  • [Bug Fix] Fix Apps Manager search server crashes in cases where requests to Cloud Controller fail
  • [Bug Fix] Fix links to documentation in Apps Manager to point to the correct PAS version
  • [Bug Fix] Allow slashes to be typed in the Apps Manager search bar
  • [Bug Fix] Fix bug where Spring Boot logo was shown instead of Steeltoe logo in the Apps Manager sidebar for Steeltoe apps
  • [Bug Fix] Add plan column to the app services tab in Apps Manager so plan names do not get cut off
  • [Bug Fix] Stretch background of flyout in Apps Manager to accommodate sidebar being closed
  • [Bug Fix] Keep service icons from changing size in Apps Manager when an action is in progress
  • [Bug Fix] Allow users to set custom memory and disk limits when running tasks against applications in Apps Manager
  • [Bug Fix] Fix bug that prevented users from inviting others to organizations and spaces through Apps Manager that did not appear in the first page of results from Cloud Controller
  • [Bug Fix] Improve performance of organization/space user role endpoint
  • [Bug Fix] Improve scalability of container-to-container service discovery by increasing file descriptor limit on bosh-dns-adapter
  • [Bug Fix] Tag system containers with network.healthcheck so that 3rd party networking plugins can ignore them.
  • [Bug Fix] Metric Registrar - Metric Registrar Monitor app now gets deleted after Deploy Metric Registrar errand completes, reducing load on Cloud Controller
  • Bump ubuntu-xenial stemcell to version 456.27
  • Bump capi to version 1.84.2
  • Bump cf-networking to version 2.23.2
  • Bump cflinuxfs3 to version 0.130.0
  • Bump credhub to version 2.5.6
  • Bump diego to version 2.36.4
  • Bump garden-runc to version 1.19.7
  • Bump java-offline-buildpack to version 4.22
  • Bump metric-registrar to version 1.1.1
  • Bump push-apps-manager-release to version 670.0.10
  • Bump push-usage-service-release to version 670.0.10
  • Bump pxc to version 0.20.0
  • Bump smb-volume to version 2.0.1
  • Bump uaa to version 73.4.8
Component Version
ubuntu-xenial stemcell456.27
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.19.0
cf-networking2.23.2
cf-smoke-tests40.0.119
cflinuxfs30.130.0
credhub2.5.6
diego2.36.4
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.7
go-offline-buildpack1.8.42
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.22
leadership-election1.4
log-cache2.1.6
loggregator-agent3.21
loggregator105.6
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.0
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release670.0.10
push-usage-service-release670.0.10
pxc0.20.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.191.0
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume2.0.1
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa73.4.8

2.7.0

Component Version
ubuntu-xenial stemcell456.25
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.1
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.19.0
cf-networking2.23.1
cf-smoke-tests40.0.119
cflinuxfs30.128.0
credhub2.5.2
diego2.36.0
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.21
leadership-election1.4
log-cache2.1.6
loggregator-agent3.21
loggregator105.6
mapfs1.2.0
metric-registrar1.0.4
mysql-monitoring9.4.0
nats27
nfs-volume2.3.0
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release670.0.8
push-usage-service-release670.0.8
pxc0.19.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.191.0
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa73.4.4

How to Upgrade

To upgrade to PAS v2.7, see Upgrading Pivotal Platform.

When upgrading to PAS v2.7, be aware of the following upgrade considerations:

  • If you previously used an earlier version of PAS, you must first upgrade to PAS v2.6 to successfully upgrade to PAS v2.7.

  • Some partner service tiles may be incompatible with Pivotal Platform v2.7. Pivotal is working with partners to ensure their tiles are updated to work with the latest versions of Pivotal Platform.

    For information about which partner service releases are currently compatible with Pivotal Platform v2.7, review the appropriate partners services release documentation at https://docs.pivotal.io, or contact the partner organization that produces the tile.

New Features in PAS v2.7

PAS v2.7 includes the following major features:

Sidecars for Java Apps (Beta)

PAS v2.7 supports pushing Java apps with sidecars. Pushing apps with sidecars is a beta feature that released with PAS v2.6.0.

For more information about the PAS v2.6 feature, see Pushing Apps with Sidecar Processes (Beta) in Pivotal Application Service v2.6 Release Notes. To understand how you can push Java apps with sidecars, see Requirements for Java Apps in Pushing Apps with Sidecar Processes.

Rotate the Cloud Controller Database Encryption Key

PAS v2.7 supports rotating the Cloud Controller Database (CCDB) encryption key. This key is used to encrypt sensitive data at rest in the CCDB, such as app environment variables.

You can rotate the key using the new Encryption key ledger field and Rotate CC Database Key errand in the PAS tile. For more information, see Rotating the Cloud Controller Database Encryption Key.

Consul Server Instance Removed from PAS

The Consul server instance is removed from PAS. This saves VM resources and reduces maintenance for managing a clustered component.

In PAS v2.4, the instance count for Consul server VMs was scaled down to zero. This allowed the Consul server to continue to provide the Consul link for tiles that consume it. In PAS v2.7, the Consul server instance is removed from PAS.

Warning: This feature causes breaking changes. For information about breaking changes caused by the removal of the Consul server instance, see Consul Clients Not Supported in PAS below.

Maximum Envelopes Per Source Raised for Log Cache

By default, Log Cache keeps 100,000 envelopes per source. An envelope wraps an event and adds metadata. For sources that produce more than 100,000 envelopes, this default may not provide a long enough duration for you to specify a time period for a historical query. PAS v2.7 allows you to raise the maximum number of envelopes stored per source above the default 100,000 if needed.

For more information about configuring this limit, see Configure Advanced Features in Configuring PAS. For more information about envelopes, see Protocol Documentation in the dropsonde-protocol repository on GitHub.

Support for Upgrading Service Instances

PAS v2.7 includes CAPI v1.83.0, which supports upgrading service instances to the latest version of a service plan. This is an optional feature that service authors can implement.

App developers can check the upgrade available column in the output of the cf services command to see if a service broker supports upgrades. For more information, see Upgrade a Service Instance in Managing Service Instances with the cf CLI.

If you are a service author and want to enable this feature, see Updating a Service Instance in the Open Service Broker API Specification on GitHub.

Updated Resource Navigation in Apps Manager UI

The Apps Manager UI has an updated look and feel as well as updated resource navigation.

You can navigate to resources, such as the app Overview and Settings panes, from a panel on the left side of the screen in Apps Manager. You can find resources that previously appeared in the panel, such as links to documentation and Support, in the Apps Manager footer.

For more information, see Using Apps Manager.

Manage App Re-Deployments and Revisions in Apps Manager

You can do the following in Apps Manager to manage app re-deployments and revisions:

  • View revisions for an app.
  • Deploy a revision of an app.
  • View the deployment status of an app revision.
  • View the environment variables associated with an app revision.

You can manage app re-deployments and revisions in the Revisions pane of the Apps Manager UI.

For more information, see Manage App Revisions in Managing Apps and Service Instances Using Apps Manager.

UAA Property uaadb.tls Consolidates TLS Configuration Options

The UAA property uaadb.tls replaces uaadb.tls_enabled and uaadb.skip_ssl_validation. This simplifies and consolidates existing configuration options for TLS connections to an external database.

uaadb.tls enables TLS connections by default. The following are supported values for this property:

  • enabled: Enables TLS connections to an external database.
  • enabled_skip_hostname_validation: Enables TLS connections to an external database and ignores hostnames in database server certificates.
  • enabled_skip_all_validation: Enables TLS connections to an external database and skips SSL validation in database server certificates.
  • disabled: Disables TLS connections to the UAA database.

Warning: This is a breaking change. For more information, see Changed Properties and Jobs.

CredHub Supports KMS

You can configure Key Management Service (KMS) encryption providers for CredHub. Configuring KMS encryption providers for CredHub allows you to more easily create and manage the encryption keys that you use in your environment.

For more information about how to configure KMS providers for CredHub in PAS, see Configure CredHub in Configuring PAS.

Enable Inactive MySQL Port for Auditing and Reporting

PAS v2.7 introduces the option to enable MySQL proxies to listen on port 3336. If you enable this option, you can run auditing and reporting queries on a MySQL node that is not currently serving traffic. By running these queries on an inactive node, the active MySQL nodes continue to serve requests with no effect on performance.

To enable this option, select the Enable inactive MySQL port checkbox in the Internal MySQL pane of the PAS tile. For more information, see Configure Internal MySQL in Configuring PAS.

SSH Into Linux and Windows Apps on NSX-T

You can SSH into Linux and Windows apps on vSphere deployments with NSX-T enabled.

For more information, see Accessing Apps with SSH.

Agent-Based Syslog Egress Is Enabled by Default

PAS v2.7 contains Syslog Agents, which forward logs to configured syslog drains and Loggregator. Syslog Agents are enabled by default.

Agent-based syslog egress removes the need for VMs dedicated to syslog drains. So, any instance groups and properties related to these VMs were removed in PAS v2.7.0 through v2.7.6.

The following instance groups are removed:

  • syslog_adapter
  • syslog_scheduler

The following property is removed:

  • syslog_metrics_to_syslog_enabled

Note:The syslog_adapter and syslog_scheduler instance groups and the syslog_metrics_to_syslog_enabled property are availble in PAS v2.7.7. This allows you to optionally disable Syslog Agents in PAS v2.7.7.

Breaking Change: If you enable Syslog Agents in PAS v2.7.7 or later, metadata tags for app logs and metrics are added to outgoing syslog messages. You must update any external monitoring configuration you use to account for the new format and tags. For more information, see Metadata Tags for Metrics and App Logs below.

For more information about how Syslog Agents function within Loggregator, see Loggregator Architecture and the loggregator-agent-release repository on GitHub.

Improved Route Consistency in Diego Route Emitter

PAS v2.7 improves route consistency in the Route Emitter component of Diego.

This Diego enhancement ensures better routing resiliency in the event of control plane downtime. For example, if NATS experiences downtime or the network becomes unstable, apps can remain routable since PAS no longer prunes routes on time-to-live (TTL).

This modification to the Route Emitter removes the need for the Prune routes on TTL expiry for TLS back ends configuration option in PAS v2.7. For more information, see Intermittent Misrouting of Apps in Large PCF Foundations in Pivotal Application Service v2.6 Release Notes.

Mutual TLS Communication Between Routing API and Other Components

Communication between the PAS Routing API and other PAS routing components is authenticated with mutual TLS (mTLS).

In mTLS communication, both components verify each other’s identity. This adds additional security for communication between the Routing API and other routing components.

Configure Multiple Internal Domains

You can configure multiple internal domains that apps use for internal DNS service discovery.

This allows you to create separate domains for different organizations in your foundation. For example, you can create a separate domain for apps on the development tier and apps on the production tier.

For more information about configuring internal domains for PAS, see Configure App Developer Controls in Configuring PAS.

Configure File Storage Backup Level

You can configure PAS v2.7 to exclude droplets or to exclude both droplets and packages from your blobstore backup. This feature reduces the size of your backup artifact and can enable you to take more frequent backups without using a large amount of storage space.

Excluding droplets or both droplets and packages from your blobstore backup can cause shorter periods of app downtime. However, you must re-push or restage all apps, which results in a higher Recovery Time Objective (RTO).

For more information about the advantages and disadvantages of excluding droplets or excluding both droplets and packages, see File Storage Backup Level. To configure your blobstore backup level, see Configure File Storage in Configuring PAS.

Rolling App Deployments Is GA

The rolling app deployments feature is GA. It was released as a beta feature in PAS v2.4. This feature allows you to push updates to apps without incurring downtime.

This feature is enabled by default. You can optionally disable it in the Advanced Features pane.

For more information, see Rolling App Deployments.

nfsbroker Backing Store Is in CredHub

The nfsbroker backing store is migrated from your external PAS database to CredHub, provided that CredHub exists in the deployment. This allows you to specify LDAP credentials when you create an NFS Volume Service instance.

NFS Volume Service only uses CredHub as its backing store. If CredHub is not deployed, you cannot use NFS Volume Service.

For more information, see Configure LDAP Credentials with Service Instance Creation in Using an External File System (Volume Services).

Enable or Disable Firehose in Loggregator

The Firehose is enabled by default and configurable. You can enable or disable the Firehose by selecting or deselecting the Enable V1 Firehose checkbox in the System Logging pane of PAS v2.7. Disabling the Firehose disables the Traffic Controller job in Loggregator, which causes logs to be sent to the Traffic Controller VM through Log Cache instead.

To enable or disable the Firehose, see Configure System Logging in Configuring PAS. For more information about Traffic Controller and how it handles logs, see Loggregator Architecture.

Warning: If you disable the Firehose, you must disable the Smoke Test Errand or the deploy fails. For more information, see Disable the Smoke Test Errand If You Disable the Firehose below.

Annotation Keys and Key Prefixes Use Kubernetes Format

In PAS v2.7, annotation keys and key prefixes use the same metadata format as Kubernetes. This feature enables creating services with a consistent metadata format across PAS and Kubernetes. For more information about annotation keys and key prefixes, see Using Metadata.

Support for Pushing Container Images Hosted in AWS ECR

When you push container images hosted in AWS Elastic Container Registry (ECR) with the Cloud Foundry CLI (cf CLI), you can provide the access key ID and secret for an AWS IAM user as a Docker username and password as part of the cf push command. Apps are able to then continuously restart and restage successfully.

This update allows the cf CLI to successfully pull container images hosted in ECR with valid AWS Identity and Access Management (IAM) user credentials.

For more information, see Amazon Elastic Container Registry (ECR) in Deploying an App with Docker.

Breaking Changes

PAS v2.7 includes the following breaking changes:

Incorrect HTTP(S) Proxy Configuration Breaks CredHub Interpolation for Apps in PAS v2.7.18 and Later

In PAS v2.7.18 and later, apps that have an incorrect HTTP(S) Proxy configuration fail to stage or restart due to a CredHub interpolation error.

Before you upgrade to PAS v2.7.18 or later, you must fix the HTTP(S) Proxy configuration of any impacted applications:

  1. Determine whether your apps are impacted by following the resolution procedure in Knowledgebase Article 9305.
  2. Update all impacted apps to use the recommended proxy settings that are documented in Configuring Proxy Settings for All Apps.
  3. Restart modified apps.

You Cannot Install PAS v2.7.0 or PAS v2.7.1 with External Blobstores

You cannot install or deploy PAS v2.7.0 or v2.7.1 with external blobstores. For more information, see You Cannot Install PAS v2.7.0 or v2.7.1 with External Blobstores in Pivotal Application Service v2.7 Release Notes.

Consul Clients Not Supported in PAS

The Consul server instance is removed from PAS. Tile authors must remove any Consul clients from their products to avoid failed deployments.

To remove Consul clients from your products, make the following changes to any job_type that is colocated with consul_agent:

- name: consul_agent
    release: consul
    ...
    manifest: |
      ...
      consul:
        client:
          enabled: "(( $ops_manager.dns_enabled ? false : true ))"

For more information about removing Consul clients from your products, see Tile Authors Must Remove consul_agent in Pivotal Platform v2.4 Partner Release Notes.

Do Not Edit Syslog Agent Configuration When Upgrading from PAS v2.7.6 or Earlier

If you are upgrading from PAS v2.7.6 or earlier, do not change your Syslog Agent configuration when you stage PAS v2.7.7 or later for the first time. For example, if Syslog Agents are enabled on your current version of PAS, ensure that Syslog Agents are enabled when you stage PAS v2.7.7 or later for the first time.

If you change your Syslog Agent configuration after staging and before the first deploy of PAS v2.7.7 or later, there is a significant period of log loss or log duplication while BOSH enables or disables Syslog Agents. For more information about this log loss or duplication, see Duplicate or Missing Logs in Pivotal Application Service v2.7 Release Notes.

You can edit the Syslog Agent configuration in PAS v2.7.7 or later after the first deploy. To edit your Syslog Agent configuration, see Configure System Logging in Configuring PAS.

Metadata Tags for Metrics and App Logs

Agent-based syslog egress is enabled and non-configurable in PAS v2.7.6 and earlier, but can be disabled in PAS v2.7.7 and later. Syslog Agents forward logs to Loggregator and syslog drains that you configure.

If you enable Agent-based syslog egress in PAS v2.7.7 or later, your app logs and metrics include metadata tags. Tags appear after the header of each syslog message and before the syslog message text. You must update any external monitoring configuration you use to account for the new format and tags.

The new metadata tags appear in app logs in the following format:

956 <14>1 2020-03-31T12:11:02.529497+00:00 Tax_us-uat.AI.tax-plis-blue
ec3cd4e4-baf9-456d-965a-96bcb2c61a47 [APP/PROC/WEB/0]
[tags@47450 deployment="cf-78e7a9442158adb53366" index="c57b95c6-d79f-4cfb-b7f3-08a770946b7a"
instance_id="0" ip="10.214.110.84" job="diego_cell" origin="rep"
process_id="ec3cd4e4-baf9-456d-965a-96bcb2c61a47"
process_instance_id="1cf3854e-29d8-4825-7685-11ec" process_type="web"
product="Pivotal Application Service" source_id="ec3cd4e4-baf9-456d-965a-96bcb2c61a47"
source_type="APP/PROC/WEB" system_domain="example.my-domain.io"]
2020-03-31 07:11:02.529 INFO [tax-plis,B2347215-T21118008-COWF/35558169/38311791]
--- [http-nio-8080-exec-5] c.c.b.t.p.s.p.b.BatchPostProcessor :
Report file created in 47 ms

Changed Properties and Jobs

The following PAS tile properties and PAS jobs have changed in PAS v2.7.

Before upgrading to PAS v2.7, you must update any automation scripts to remove or change references to these properties and jobs.

  • UAA properties uaadb.tls_enabled and uaadb.skip_ssl_validation

  • Syslog jobs syslog_adapter and syslog_scheduler, and property syslog_metrics_to_syslog_enabled

    • The job instance groups syslog_adapter and syslog_scheduler, and the property syslog_metrics_to_syslog_enabled are removed.
    • Agent-based syslog egress renders these items unnecessary. For more information, see Agent-Based Syslog Egress Is Enabled by Default in Pivotal Application Service v2.7 Release Notes.
  • Container networking property cf_networking_internal_domains

    • The cf_networking_internal_domains is now an array.
  • Runtime CredHub property credhub_key_encryption_passwords

    • The credhub_key_encryption_passwords property is replaced by credhub_hsm_provider_encryption_keys for HSM-resident CredHub and credhub_internal_provider_keys for internal CredHub.

Known Issues

PAS v2.7 includes the following known issues:

You Cannot Install PAS v2.7.0 or v2.7.1 with External Blobstores

Warning: This is a breaking change for PAS v2.7.0 and v2.7.1. Do not attempt to upgrade to PAS v2.7.0 or v2.7.1 if you have one or more external blobstores. You can deploy PAS v2.7.2 with external blobstores.

You cannot install PAS v2.7.0 or v2.7.1 with external blobstores. If you try to install and deploy PAS v2.7.0 or v2.7.1 with one or more external blobstores, the deploy fails with a pipeline error.

This issue is caused by changes to the blobstore backup options in PAS v2.7.0. For more information about these changes, see Configure File Storage Backup Level.

This issue is resolved in PAS v2.7.2.

Some Environment Variables Are Missing When Using cflinuxfs3

When using the cflinuxfs3 stack in PAS v2.3 or later, if you provide environment variables containing periods or dashes, the environment variables do not appear in the process environment of the app.

To resolve this issue, ensure that all apps are using environment variables that do not contain periods or dashes.

For more information, see Missing environment variables when using PAS 2.3+ and the cflinuxfs3 stack in the Knowledge Base.

Duplicate or Missing Logs

Syslog Agents are required on PAS v2.7.0 through v2.7.6. When you upgrade to PAS v2.7.0 through v2.7.6, BOSH turns on Syslog Agents and turns off Syslog Adapter VMs.

If BOSH turns off the Syslog Adapter VMs before it turns on the Syslog Agents, then there are no logs for a significant period of time while BOSH turns on the Syslog Agents on each Diego Cell.

If BOSH turns on the Syslog Agents before it turns off the Syslog Adapter VMs, then there are duplicate logs until the Syslog Adapter VMs are off.

This period of log loss or log duplication is signifantly reduced in PAS v2.7.7 and later. For more information, see Duplicate or Missing Logs After Enabling Syslog Agents in PAS v2.7.7 and Later.

For more information about Syslog Agents, see Agent-Based Syslog Egress Is Enabled by Default.

Duplicate or Missing Logs After Enabling Syslog Agents in PAS v2.7.7 and Later

If you upgrade to PAS v2.7.7 or later from PAS v2.6 and Syslog Agents were disabled on your PAS v2.6 deployment, there is a short period of log loss or log duplication if you enable Syslog Agents on PAS v2.7.7 or later.

This log loss or log duplication occurs when BOSH enables Syslog Agents and turns off Syslog Adapter VMs. For more information about the cause of the log loss or duplication, see Duplicate or Missing Logs.

Disable the Smoke Test Errand If You Disable the Firehose

If you disable the V1 Firehose in PAS v2.7, you must also disable the smoke test errand.

If you do not disable the smoke test errand, the deploy fails with an error similar to the following:

Waiting for app to start...
    name:            SMOKES-1-APP-c19f146f3ab78951
    requested state: started
    routes:          smokes-1-app-c19f146f3ab78951.apps.sys.hoge.foo.io
    last uploaded:   Thu 13 Feb 09:24:31 UTC 2020
    stack:           cflinuxfs3
    buildpacks:      ruby
    type:            web
    instances:       1/1
    memory usage:    1024M
    start command:   bundle exec rackup config.ru -p $PORT
         state     since                  cpu    memory    disk      details
    #0   running   2020-02-13T09:24:42Z   0.0%   0 of 1G   0 of 1G
    [32m[2020-02-13 09:24:46.72 (UTC)]> cf logs --recent SMOKES-1-APP-c19f146f3ab78951 [0m
    Retrieving logs for app SMOKES-1-APP-c19f146f3ab78951 in org system / space SMOKE-1-SPACE-be9b05a382fa29d3 as smoke_tests...
    unknown issue when making HTTP request to Loggregator
    FAILED

To disable the smoke test errand:

  1. Navigate to the Errands pane in the PAS tile.

  2. For Smoke Test Errand, select Off.

For more information, see Configure Errands in Configuring PAS.

Cannot Delete Last Remaining Syslog Drain

PAS v2.7 has a known issue in which you cannot delete the last remaining app syslog drain in a foundation. This issue only applies if there is a single drain in the entire foundation, and you delete that drain.

When you delete the last remaining drain, logs continue to be sent to its syslog endpoint. This happens even though the deletion appears to succeed. As a workaround, you can create another drain to cause the previously deleted drain to stop sending logs by running:

cf drain APP-NAME invalid://invalid

Where APP-NAME is the name of the app from which you deleted the log drain.

Note: To view the number of syslog drains in a foundation, ensure that the Log Cache CLI plugin is installed, and run cf tail syslog_agent -n 100 | grep 'GAUGE drains'. To install the Log Cache CLI plugin, see log-cache on the cf CLI Plugins website.

Forwarder Agent CPU Causes Apps to Fail to Stage in v2.7.13 and v2.7.14

After upgrading to PAS v2.7.13 and v2.7.14, apps can fail to stage with one the following errors:

  • stderr: Error staging application: StagingTimeExpired

  • "description": "Stager error: bbs stager client staging failed: the requested resource already exists", "error_code": "CF-StagerError"

These errors occur because the Loggregator Forwarder Agent has high CPU usage. The Forwarder Agent high CPU usage is caused by the upgrade to Golang v1.14.1.

To resolve this issue, do one of the following:

  • Schedule a cron job to restart the loggr-forwarder-agent process for diego_database and diego_brain. Run:

    bosh -d CF-DEPLOYMENT ssh diego_database -c "PATH=$PATH:/var/vcap/bosh/bin sudo monit restart loggr-forwarder-agent"
    

    Where CF-DEPLOYMENT is your deployment name.

  • Increase the vm_type for diego_database and diego_brain to assign more CPU instances.

For more information, see the Applications failing to stage after upgrading to PAS 2.7.13 or 2.7.14 Knowledge Base article.

Autoscaler Scales Only Web Processes Based on HTTP Metrics From All Processes

If a multi-process app is set to scale on HTTP Metrics, the metrics of non-web processes can cause Autoscaler to scale the web process incorrectly.

Errors in NFS Volume Service File Append Operations

A defect in the mapfs FUSE driver causes errors to occur in file append operations when you enable the ID mapping feature with NFS in PAS v2.7.4 through PAS v2.7.7.

You enable the ID mapping feature by specifying either the uid or username option in service instance or service bind configurations.

When this issue occurs, appending files within the mounted file system fails with the error File operation not supported. For example, echo hello >> test.txt fails.

This issue is resolved in PAS v2.7.8.

Cannot Invite New Users or Add Space Roles in Apps Manager

In PAS v2.7.0, the service that handles inviting new users to PAS fails to do the following in many cases:

  • Add space roles for users
  • Invite new users with space roles

As a workaround, you can use the CLI to manage user roles. For more information, see User Admin in the cf CLI Reference Guide.

This issue is resolved in PAS v2.7.1.

Pivotal Spring Cloud Services v2.0.x Not Compatible with PAS v2.7

Pivotal Spring Cloud Services v2.0.x is not compatible with PAS v2.7 because Consul server is no longer available in PAS v2.7.

PCF Metrics v1.6.2 and Earlier Not Compatible with PAS v2.7.9 and Later

App Metrics v1.6.2 and earlier is incompatible with the following PAS patch versions:

  • PAS v2.5.20 and later
  • PAS v2.6.15 and later
  • PAS v2.7.9 and later
  • PAS v2.8.3 and later

This incompatibility is caused by an update to nodejs-offline-buildpack v1.7.9, which removes support for Node.js 8.x.

If you upgrade to one of the PAS versions above and you are using App Metrics v1.6.2 or earlier, then App Metrics no longer works.

To resolve this issue, upgrade to App Metrics v1.6.3 or later.

For more information, see PCF Metrics v1.6.x is not compatible with PAS 2.5.20+, 2.6.15+, 2.7.9+ & 2.8.3+.

Logs Take a Long Time to Load in Apps Manager

In PAS v2.7.0 through v2.7.9, Apps Manager uses an inefficient method of loading app logs. This method causes the logs page to remain in a loading state for a long time before displaying logs. This issue is resolved in PAS v2.7.10.

Asynchronous Spring and Steeltoe health Endpoint Causes Apps Manager to Crash

This issue only applies to PAS v2.7.9 and earlier.

If your Spring or Steeltoe app uses an asynchronous health actuator endpoint, you might see the error TypeError: Cannot read property 'code' of undefined in the Overview tab for the app. The normal contents of the Overview tab are not displayed.

This does not indicate a problem with the app, and information on the other tabs displays correctly.

Errors Viewing App Logs after Disabling V1 Firehose

If you disable the V1 Firehose and you are using a version of the cf CLI earlier than v6.50, you may encounter errors when you push an app or view the logs for an app. The logs exist but are not visible from the cf CLI.

Running the following commands results in errors:

  • cf logs: Timeout trying to connect to NOAA
  • cf push: timeout connecting to log server, no log will be shown

Despite the log-related errors, cf push works correctly and pushes the app.

To avoid encountering errors after disabling the Loggregator V1 Firehose, upgrade to cf CLI v6.50 or later.

App Metrics v2.0.0 Is Incompatible with Apps Manager Integration

This issue affects App Metrics v2.0.0.

If the App Metrics v2.0.0 tile is installed on a foundation, then the View in Metrics link on the app Overview tab in Apps Manager does not appear or is broken.

App Metrics Route Change Results In “Unexpected error occurrence”

This issue affects you only if you upgrade from App Metrics v2.0.0 to App Metrics v2.0.1 or later.

The route to App Metrics moved from appmetrics.FOUNDATION_SYSTEM_DOMAIN.com in v2.0.0 to metrics.FOUNDATION_SYSTEM_DOMAIN in v2.0.1.

If you have set the Multi-foundation configuration (beta) field of the Apps Manager section in a PAS tile, you must update the metricsUrl field to reflect the route change. If the field is not updated, then clicking View in Metrics on the app Overview tab in Apps Manager results in an Unexpected error occurence message.

Invalid Events from Cloud Controller Purge and Reseed

In PAS v2.7.17 and earlier, the /v2/app_usage_events/destructively_purge_all_and_reseed_started_apps endpoint may generate app events without valid GUIDs. These invalid GUIDs can cause errors with components that consume them when parsing and correlating events. This issue affects Cloud Controller and App Usage Service.

For more information about the API endpoint, see Purge and reseed App Usage Events in the App Usage Events API documentation. For more information about the issue, see App Usage Service startup errors and data inconsistency in the knowledge base.

This issue is resolved in PAS v2.7.18.

App Metrics v2.0 Causes Apps Manager to Log Out on PAS v2.7.4 and Earlier

For deployments with both App Metrics v2.0 and PAS v2.7.4 or earlier installed, viewing any app Overview page in Apps Manager causes the user session to expire, which results in a log out.

For deployments with PAS v2.7.4 and earlier, this issue affects all App Metrics v2.0 patch versions.

This issue is resolved in PAS v2.7.5 and later.

Asynchronous Jobs May Fail

The following commands that are executed asynchronously may fail if they are enqueued mid-deployment:

  • cf delete-org
  • cf delete-space
  • cf create-service
  • cf update-service

The job times out with the message, Job ([JOB-GUID]) polling timeout has been reached.
Where JOB-GUID is the GUID of the job.

The job failure may occur between the update of the cloud_controller and cloud_controller_worker instance groups. To mitigate this issue, retry any failed jobs after the worker instance groups complete updating.

cf push App Staging Errors During Upgrade to PAS v2.7

During the upgrade PAS v2.7, users may receive app staging errors when pushing apps. These errors are due to the file_server property on Cloud Controllers being updated to use TLS communications. Staging may continue to fail while Diego Brain jobs are being upgraded to v2.7.

This issue is resolved after all Diego Brains job have been updated to v2.7.

For more information, see the Upgrade From TAS v2.6 to 2.7 CAPI Impact Overview Knowledge Base article.

This issue affects PAS v2.7.10 and later deployments that have any version of PCF Metrics or App Metrics installed.

If your PAS deployment has restrictive networking policies around request proxying, then the View in PCF Metrics link may not appear in Apps Manager.

To resolve this issue:

  1. Using the cf CLI, log in to the system org and system space.
  2. Locate the search-server app.
  3. Update the no_proxy environment variable for the search-server app to include your system domain.

    cf set-env search-server no_proxy '*.SYSTEM-DOMAIN'
    

    where SYSTEM-DOMAIN is the system domain configured for your PAS deployment. For example:

    cf set-env search-server no_proxy '*.example.com'
    

  4. Restage the search-server app.

    cf restage search-server
    

Autoscaler Controls Do Not Appear in Apps Manager for Proxied Setups

This issue affects PAS v2.7.10 and later deployments that manage the Autoscaler service for individual apps in Apps Manager.

If your PAS deployment has restrictive networking policies around request proxying, then Autoscaler controls may not appear for apps within Apps Manager even when the Autoscaler service is enabled for an org.

To resolve this issue:

  1. Using the cf CLI, log in to the system org and system space.
  2. Locate the search-server app.
  3. Update the no_proxy environment variable for the search-server app to include your system domain.

    cf set-env search-server no_proxy '*.SYSTEM-DOMAIN'
    

    where SYSTEM-DOMAIN is the system domain configured for your PAS deployment. For example:

    cf set-env search-server no_proxy '*.example.com'