VMware Tanzu Application Service for Windows v3.0 Release Notes

Page last updated:

This topic contains release notes for VMware Tanzu Application Service for VMs [Windows] (TAS for VMs [Windows]) v3.0.

Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs [Windows] containing that patch.

Before you install the tile, review the Windows Stemcell Compatibility Matrix.

Releases

3.0.8

Release Date: 03/21/2023

• Bump diego to version 2.72.0
• Bump envoy-nginx to version 0.15.0
• Bump garden-runc to version 1.25.0
• Bump windowsfs-release to version 2.46.0

3.0.7

Release Date: 02/28/2023

• [Bug Fix] Include updated version of cflinuxfs3 and cflinuxfs4
• Bump garden-runc to version 1.23.0
• Bump hwc-offline-buildpack to version 3.1.28
• Bump loggregator-agent to version 6.5.8
• Bump metrics-discovery to version 3.2.7
• Bump winc to version 2.10.0
• Bump windows-syslog to version 1.1.13
• Bump windowsfs-release to version 2.44.0

  * Updates github-config (#104)
  * Bump github.com/onsi/gomega from 1.24.2 to 1.26.0
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 21.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 21.0.0 |
  * Uncached buildpack SHA256: 92a52f3346131abbe2472b1f12a2ff4e304aeb6c497b7e3f10a3537be8c1e721
  * Uncached buildpack SHA256: 37813ac6ded74a0e87924a3a9cec19afb6d4e6dfc6a8ef8da83f7d02fecfdc82
          

  * Add hwc 21.0.0, remove hwc 20.0.0
  for stack(s) windows2016, windows
  (https://www.pivotaltracker.com/story/show/183726731)
  * Bumps default version to match new HWC version
  * Bumps go.mod go version to 1.19
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 21.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 21.0.0 |
  * Uncached buildpack SHA256: ae83488a72f50d1725fb37fc35e819133ed07af82d872b9fe7fb34e9de18b92e
  * Uncached buildpack SHA256: 2e2e474d7677112021cc892627eddef0768e28835b6ad98117a260ea022e4463
          

  ## What's Changed
  * update dependencies
  * Upgrade to go 1.20.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/224
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.7...v6.5.8
          

  * update golang to 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.6...v3.2.7###
          

  ## What's Changed
  * Upgrade to go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/104
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.5...v3.2.6
          

  ## What's Changed
  * Update dependencies
  * Expire individual metrics by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/103
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.4...v3.2.5
          

  * update golang to 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.12...v1.1.13
          

  ## What's Changed
  * use go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/windows-syslog-release/pull/18
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.11...v1.1.12
          

v3.0.6

Release Date: 02/09/2023

• [Bug Fix] Allows docker app workloads without a sh binary in the docker image to execute properly.
• Bump loggregator-agent to version 6.5.7

  ## What's Changed
  * Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/202
  * Update dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.6...v6.5.7
          

v3.0.5

Release Date: 01/30/2023

• Bump garden-runc to version 1.22.9
• Bump windowsfs-release to version 2.42.0

v3.0.4

Release Date: 01/16/2023

• Bump diego to version 2.71.0
• Bump garden-runc to version 1.22.7
• Bump loggregator-agent to version 6.5.6
• Bump smoke-tests to version 4.8.2
• Bump windowsfs-release to version 2.41.0

  ## What's Changed
  * fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174
  * updated some dependencies.
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6
          

  Port assets/ruby_simple to Ruby 3
          

v3.0.3

Release Date: 12/15/2022

• [Security Fix] Fix CVE-2022-31733: Unsecured Application Port
• Bump diego to version 2.70.0
• Bump envoy-nginx to version 0.14.0
• Bump loggregator-agent to version 6.5.5
• Bump metrics-discovery to version 3.2.4
• Bump smoke-tests to version 4.8.1
• Bump winc to version 2.9.0
• Bump windows-syslog to version 1.1.11
• Bump windowsfs-release to version 2.40.0

  - bump-golang to v0.114.0 for golang 1.19.4
  - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
  - Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src
  - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
  - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
  - Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src
  - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
          

  ## What's Changed
  - Bump to go1.19.3
  - Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.3...v6.5.4
          

  ## What's Changed
  * Fix logs for forwarder agent drops by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/156
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.2...v6.5.3
          

  ## What's Changed
  * Bump golang to 1.19.2
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.1...v6.5.2
          

  ## What's Changed
  * remove the use of sha1 by @duanemay in https://github.com/cloudfoundry/loggregator-agent-release/pull/133
  * Bump github.com/valyala/fasthttp from 1.39.0 to 1.40.0 in /src by @dependabot in https://github.com/cloudfoundry/loggregator-agent-release/pull/129
  * Upgrade ginkgo to v2 by @ctlong in https://github.com/cloudfoundry/loggregator-agent-release/pull/135
  * Golang 1.19.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/138
  ## New Contributors
  * @duanemay made their first contribution in https://github.com/cloudfoundry/loggregator-agent-release/pull/133
  * @rroberts2222 made their first contribution in https://github.com/cloudfoundry/loggregator-agent-release/pull/138
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.0...v6.5.1
          

  - bump-golang to v0.114.0 for golang 1.19.4
  - Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src
  - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
  - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
  - Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src
  - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
  - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
          

  ## What's Changed
  * Bump to go1.19.3
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.2...v3.2.3
          

  ## What's Changed
  * update golang to 1.19.2
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.1...v3.2.2
          

  ## What's Changed
  * Bump github.com/onsi/ginkgo/v2 from 2.1.6 to 2.2.0 in /src by @dependabot in https://github.com/cloudfoundry/metrics-discovery-release/pull/51
  * Bump github.com/nats-io/nats.go from 1.16.0 to 1.17.0 in /src by @dependabot in https://github.com/cloudfoundry/metrics-discovery-release/pull/50
  * Replace `ioutil` use with `io` and `os` by @ctlong in https://github.com/cloudfoundry/metrics-discovery-release/pull/52
  * Bump to golang 1.19.1 by @Benjamintf1 in https://github.com/cloudfoundry/metrics-discovery-release/pull/54
  ## New Contributors
  * @rroberts2222 made their first contribution in https://github.com/cloudfoundry/metrics-discovery-release/pull/55
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.0...v3.2.1
          

  Create bosh final release 4.8.1
          

  Create bosh final release 4.8.0
          

  Create bosh final release 4.7.0
          

  * update golang to 1.19.3
          

  ## What's Changed
  * Bump to golang 1.19.2
  ## New Contributors
  * @ctlong made their first contribution in https://github.com/cloudfoundry/windows-syslog-release/pull/14
  * @rroberts2222 made their first contribution in https://github.com/cloudfoundry/windows-syslog-release/pull/15
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.9...v1.1.10
          

  * Bump to golang 1.18.6
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.8...v1.1.9
          

  ## What's Changed
  * Bump golang to 1.18.5
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.7...v1.1.8
          

v3.0.2

Release Date: 12/01/2022

• Bump diego to version 2.69.0

v3.0.1

Release Date: 11/15/2022

• Bump envoy-nginx to version 0.13.0
• Bump garden-runc to version 1.22.5
• Bump hwc-offline-buildpack to version 3.1.26
• Bump windowsfs-release to version 2.39.0

  * Update libbuildpack
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 20.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 20.0.0 |
  * Uncached buildpack SHA256: b9b2cec9ada73d9a2933a14e8e56f025c35b02d8bed7e74e20b093a23e13ec43
  * Uncached buildpack SHA256: f633f0f686fc9539ec8f4ef205e778c820602e51434730fd69f7caad4cfb3d4f
          

  * Update libbuildpack
  * Bump github.com/onsi/gomega from 1.19.0 to 1.20.2
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 20.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 20.0.0 |
  * Uncached buildpack SHA256: 5a0c73cda7fe06118e554a93d78b0587f581e3eb2a4d108274814d372935469b
  * Uncached buildpack SHA256: fa7565740a5f73f2b87cbce06104517fcbc69bb513497ed8db492cb7d42f3dd1
          

v3.0.0

Release Date: 10/06/2022

• [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
• [Known Issue] If Git is not installed in the PATH environment variable for your Windows stemcell when you deploy TAS for VMs [Windows], you may encounter a version control system (VCS) stamping failure. For more information, see Windows Stemcells Without Git Installed Cause VSC Stamping Failures below.

How to Upgrade

The TAS for VMs [Windows] v3.0 tile is available with the release of VMware Tanzu Application Service for VMs (TAS for VMs) v3.0. To use the TAS for VMs [Windows] v3.0 tile, you must install VMware Tanzu Operations Manager v2.10 or later and TAS for VMs v3.0 or later.

New Features in TAS for VMs [Windows] v3.0

TAS for VMs [Windows] v3.0 includes the following major feature:

TAS for VMs [Windows] Uses windows-syslog for Syslog Forwarding

TAS for VMs [Windows] v3.0 uses windows-syslog to forward logs from BOSH jobs on TAS for VMs [Windows] VMs to the syslog endpoint you configure.

windows-syslog also allows you to configure TAS for VMs [Windows] VMs to connect to the syslog endpoint over TLS.

If you are upgrading to TAS for VMs [Windows] v3.0 from TAS for VMs [Windows] v2.13, and you manually added windows-syslog as a BOSH add-on to the runtime configuration for your TAS for VMs [Windows] v2.13 deployment, you must remove the add-on before you upgrade.

For more information, see the windows-syslog-release on GitHub.

Breaking Changes

TAS for VMs [Windows] v3.0 includes the following breaking changes:

Global Log Rate Limit is Deprecated

The global log rate limit that measures app log rates in lines per second is deprecated in favor of per-app log rate limits that measure app log rates in bytes per second.

If you have configured a global log rate limit in lines per second, VMware recommends that you re-configure your apps to use log rate limits in bytes per second.

If you still want to use the global log rate limit, logs that exceed the log rate limit are immediately dropped. Previously, logs that exceeded the log rate limit were buffered and released at the configured log rate.

For more information about app log rate limits, see App Log Rate Limiting.

windows-syslog Uses a Different Log Format

The logs that windows-syslog forwards to the configured syslog endpoint for your TAS for VMs [Windows] deployment follow a different format from that of previous logs.

If your observability platform is configured to gather data by parsing forwarded system logs, you may need to re-configure your rules to accommodate the following format changes:

• The priority is changed from kernel/debug(7) to user/info(14).

• The app name is changed from Microsoft-Windows-Security-Auditing to event_logger.

• The process number is changed from a numerical process ID to rs2.

• Logs contain structured data for instance and deployment details.

• The event log JSON string includes additional fields.

• In the event log JSON string, field names are written in camel case.

• In the event log JSON string, fields may appear in a different order.

The following example shows the previous log format:

<7>1 2022-07-06T22:19:38.1413061Z 10.0.4.14 Microsoft-Windows-Security-Auditing 160 - - {"message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-7F65ECCF-0D0$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1f7c\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x248\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","source":"Microsoft-Windows-Security-Auditing"}

The following example shows the new log format:

<14>1 2022-07-11T22:27:08.279742Z 10.0.4.12 event_logger rs2 - [instance@47450 az="us-central1-b" deployment="pas-windows-dfc8956c7081f9369571" director="" group="windows_diego_cell" id="d0564a0e-684f-4b58-99ee-6a59d1e7caf8"] {"MachineName":"vm-c5547227-c4fa-44ae-79d0-ee56f96e82a4","Data":[],"Index":162257,"Category":"(13312)","CategoryNumber":13312,"EventID":4688,"EntryType":8,"Message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-C5547227-C4F$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1590\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x1120\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","Source":"Microsoft-Windows-Security-Auditing","ReplacementStrings":["S-1-5-18","VM-C5547227-C4F$","WORKGROUP","0x3e7","0x1590","C:\\Windows\\System32\\wbem\\WMIC.exe","%%1936","0x1120","","S-1-0-0","-","-","0x0","C:\\bosh\\bosh-agent.exe","S-1-16-16384"],"InstanceId":4688,"TimeGenerated":"\/Date(1657578421000)\/","TimeWritten":"\/Date(1657578421000)\/","UserName":null,"Site":null,"Container":null}

Known Issues

TAS for VMs [Windows] v3.0 includes the following known issue:

Windows Stemcells Without Git Installed Cause VSC Stamping Failures

If Git is not installed either on your Windows stemcell or in the PATH environment variable for your Windows stemcell when you deploy TAS for VMs [Windows] v3.0.0, you may see the following error:

Stderr:   Use -buildvcs=false to disable VCS stamping.

This occurs because some TAS for VMs [Windows] v3.0.0 use Go v1.18, which embeds VSC information in binaries. As a result, releases that contain .git files require that Git is installed either on your Windows stemcell or in the PATH for your Windows stemcell. If you do not have Git installed in either location and have not set the buildvcs property to false, Go v1.18 fails to build the release.

TAS for VMs [Windows] v3.0.0 contains windows2019fs-release. Because windows2019fs-release contains .git files, deployments of TAS for VMs [Windows] v3.0.0 using Windows stemcells that do not have Git installed on them or in their PATH fail with the VSC stamping error above.