Stemcell v3363.x (Linux) Release Notes

This topic includes release notes for the 3363.x line of Linux stemcells used with Pivotal Cloud Foundry (PCF).


Release Date: March 13, 2018

  • Periodic Ubuntu Trusty stemcell bump


Release Date: February 23, 2018

  • Bump Ubuntu Trusty stemcells for USN-3582-2: Linux kernel (Xenial HWE) vulnerabilities


Release Date: January 23, 2018

  • Bump Ubuntu Trusty stemcells for USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities. This addresses the flaw known as Spectre. This update may include degradations to performance. Pivotal will do additional performance testing and provide updates as more information is available.


Release Date: January 18, 2018

  • Bump Ubuntu Trusty stemcells for USN-3534-1: GNU C Library vulnerabilities


Release Date: January 10, 2018

  • Bumps Ubuntu Trusty stemcells for USN-3522-4; also bumps vSphere stemcells to use VM hardware version 9
  • USN-3522-2 introduced a regression in the Linux Hardware Enablement kernel and USN-3522-4 fixes that issue.
  • Per the 3363.45 release note, monitor your VMs prior to upgrading to this stemcell and scale your VMs as necessary.


Release Date: January 10, 2018

  • Bump Ubuntu Trusty stemcells for USN-3522-2: Linux (Xenial HWE) vulnerability (This flaw is known as Meltdown.)

USN-3522-2 Addresses Meltdown Vulnerabilities

Meltdown exploits critical vulnerabilities in modern processors. For more information about Meltdown, see the Meltdown and Spectre Attacks blog post. USN-3522-2 addresses the critical vulnerability in Ubuntu associated with Meltdown.

This update may include degradations to performance if your VM’s CPU and memory usage are currently at near-capacity levels. Prior to upgrading to this stemcell, monitor your PCF VM’s current CPU and memory usage and scale those components if necessary. If any of your VMs are currently operating at 60% or above, Pivotal recommends scaling that VM. For more information about the performance impact of Meltdown-related stemcell patches on PCF components and guidance on scaling, see this KB article.

For more information about monitoring and scaling PCF, see the Monitoring PCF VMs from Ops Manager, Key Capacity Scaling Indicators, and Scaling PAS topics. Performance degradation is likely to vary by workload type, IaaS, and other factors. Pivotal recommends testing your deployment thoroughly after upgrading to this stemcell.


Release Date: November 29, 2017

  • Periodic Ubuntu stemcells update


Release Date: May 22, 2017

  • Periodic Ubuntu stemcells update


Release Date: April 25, 2017

  • Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities


Release Date: April 5, 2017

  • Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability


  • Made AWS AMI backing snapshot public to support encryption of boot disks


Release Date: March 31, 2017

  • Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability


Release Date: March 9, 2017

  • Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability


Release Date: February 16, 2017

Reported Problems:

  • DO NOT USE azure stemcell as it may cause data loss.

  • Out of memory errors still exists in Kernel

    • will be fixed around Feb 20.
  • rsyslog version updated to 8.24.0, regressing on issue #1537

  • AWS Light stemcell has incorrect name once imported

  • BOSH SSH does not work on BOSH Lite


  • Add more auditd rules

  • Fix CentOS initramfs to load necessary kernel modules

  • Disable boot loader login

  • Increasing tcp_max_sync_backlog

  • Disabling any DSA host keys

  • Add bosh_sshers group and assign it to vcap user

    • Only allow users in bosh_sshers group to SSH


  • Log Agent API access events in CEF format to syslog (vcap.agent topic)

  • Allow configuring swap size through env.bosh.swap_size (example: env.bosh.swap_size: 0)

  • Prepare for SHA2 releases

  • Allow setting fetching to work with base64 encoded user data

  • Do not delaycompress in logrotate

Create a pull request or raise an issue on the source for this page in GitHub