Pivotal Application Service v2.5 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2019.

Read more about the certified provider program and the requirements of providers.


Releases

Warning: Before installing or upgrading to PAS v2.5, review the Critical Breaking Changes in PCF v2.5.

2.5.13

Release Date: 10/16/2019

  • [Security Fix] Bump Go to address CVE-2019-16276
  • [Security Fix] Add TLS to external policy server
  • [Security Fix] Improve redaction of sensitive data in SMB driver bosh logs
  • [Bug Fix] Fix defect disallowing “domain” option in SMB volume service
  • [Bug Fix] Disallow injection into the query parameter
  • [Bug Fix] Replace hard-coded MySQL Buffer Pool size with sane percentage value.
  • Bump ubuntu-xenial stemcell to version 250.116
  • Bump binary-offline-buildpack to version 1.0.35
  • Bump cf-syslog-drain to version 8.2.2
  • Bump cflinuxfs2 to version 1.295.0
  • Bump cflinuxfs3 to version 0.133.0
  • Bump dotnet-core-offline-buildpack to version 2.3.0
  • Bump go-offline-buildpack to version 1.9.1
  • Bump java-offline-buildpack to version 4.23
  • Bump log-cache to version 2.1.10
  • Bump loggregator-agent to version 2.3.2
  • Bump loggregator to version 103.4.2
  • Bump nginx-offline-buildpack to version 1.0.18
  • Bump nodejs-offline-buildpack to version 1.6.56
  • Bump php-offline-buildpack to version 4.3.82
  • Bump python-offline-buildpack to version 1.6.37
  • Bump r-offline-buildpack to version 1.0.13
  • Bump smb-volume to version 2.0.3
  • Bump staticfile-offline-buildpack to version 1.4.45
  • Bump statsd-injector to version 1.11.0
  • Bump uaa to version 71.4
Component Version
ubuntu-xenial stemcell250.116
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.76.10
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.6
cf-smoke-tests40.0.119
cf-syslog-drain8.2.2
cflinuxfs21.295.0
cflinuxfs30.133.0
consul-drain0.0.3
consul198
credhub2.1.9
diego2.27.12
dotnet-core-offline-buildpack2.3.0
garden-runc1.19.7
go-offline-buildpack1.9.1
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.23
log-cache2.1.10
loggregator-agent2.3.2
loggregator103.4.2
mapfs1.1.4
metric-registrar1.1.1
mysql-monitoring9.2.0
nats26
nfs-volume1.7.11
nginx-offline-buildpack1.0.18
nodejs-offline-buildpack1.6.56
notifications-ui36
notifications61
php-offline-buildpack4.3.82
push-apps-manager-release668.0.23
push-usage-service-release669.0.14
pxc0.14.3
python-offline-buildpack1.6.37
r-offline-buildpack1.0.13
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume2.0.3
staticfile-offline-buildpack1.4.45
statsd-injector1.11.0
syslog11.4.0
uaa71.4

2.5.12

Release Date: 10/08/2019

  • [Security Fix] Upgrade Diego Components to Use grpc v1.23.0 and Go 1.12.9 to Fix HTTP2 CVEs
  • [Security Fix] UAA Patch release to address privilege escalation vulnerabilities
  • [Security Fix] Bump garden-runc release to take Go HTTP/2 and containerd gRPC fixes
  • [Security Fix] Upgrade gRPC-java to patch HTTP/2 vulnerability
  • [Feature Improvement] Make TCP Router Request Timeout Configurable
  • [Feature Improvement] Metric Registrar - Allow app developers to register custom routes for metrics endpoints
  • [Feature Improvement] Set maximum database connection lifetime to 1 hour for Diego Locket component to reduce resource contention on PAS database
  • [Feature Improvement] Show revision number on processes in Apps Manager when revisions are enabled for an application
  • [Feature Improvement] Show panels in Apps Manager for each web process during a rolling deployment
  • [Bug Fix] Fix Usage Service SQL errors when MySQL has ONLY_FULL_GROUP_BY enabled
  • [Bug Fix] Show an app’s buildpack information in Apps Manager based on the app’s current droplet, to account for autodetected buildpacks
  • [Bug Fix] Fix filter to remove Apps Manager requests from logs shown in Apps Manager when apps are deployed to a path
  • [Bug Fix] Fix Apps Manager search server crashes in cases where requests to Cloud Controller fail
  • [Bug Fix] Fix links to documentation in Apps Manager to point to the correct PAS version
  • [Bug Fix] Allow slashes to be typed in the Apps Manager search bar
  • [Bug Fix] Allow non-web processes to be scaled via Apps Manager manually when autoscaling is enabled
  • [Bug Fix] Allow users to set custom memory and disk limits when running tasks against applications in Apps Manager
  • [Bug Fix] Fix bug that prevented users from inviting others to organizations and spaces through Apps Manager that did not appear in the first page of results from Cloud Controller
  • [Bug Fix] Improve performance of organization/space user role endpoint
  • [Bug Fix] Improve scalability of container-to-container service discovery by increasing file descriptor limit on bosh-dns-adapter
  • Bump ubuntu-xenial stemcell to version 250.112
  • Bump capi to version 1.76.10
  • Bump cf-networking to version 2.20.6
  • Bump cflinuxfs2 to version 1.294.0
  • Bump cflinuxfs3 to version 0.130.0
  • Bump credhub to version 2.1.9
  • Bump diego to version 2.27.12
  • Bump garden-runc to version 1.19.7
  • Bump java-offline-buildpack to version 4.22
  • Bump metric-registrar to version 1.1.1
  • Bump push-apps-manager-release to version 668.0.23
  • Bump push-usage-service-release to version 669.0.14
  • Bump uaa to version 71.3
Component Version
ubuntu-xenial stemcell250.112
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.76.10
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.6
cf-smoke-tests40.0.119
cf-syslog-drain8.2
cflinuxfs21.294.0
cflinuxfs30.130.0
consul-drain0.0.3
consul198
credhub2.1.9
diego2.27.12
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.7
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.22
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.1.1
mysql-monitoring9.2.0
nats26
nfs-volume1.7.11
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release668.0.23
push-usage-service-release669.0.14
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume2.0.1
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.3

2.5.11

Release Date: 09/24/2019

  • [Bug Fix] Fixes a regression bug causing mounts for applications bound to smb volume services with an older version of the smbbroker to fail on restart or upgrade
  • Bump ubuntu-xenial stemcell to version 250.110
  • Bump cflinuxfs2 to version 1.292.0
  • Bump cflinuxfs3 to version 0.128.0
  • Bump smb-volume to version 2.0.1
Component Version
ubuntu-xenial stemcell250.110
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.76.9
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.5
cf-smoke-tests40.0.119
cf-syslog-drain8.2
cflinuxfs21.292.0
cflinuxfs30.128.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.9
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.21
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.11
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release668.0.22
push-usage-service-release669.0.12
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume2.0.1
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.10

Release Date: 09/17/2019

  • [Security Fix] Prevent users from inviting themselves to orgs they do not have access to via the Invitations microservice
  • [Security Fix] Sanitize user input to CSVs from Usage Report and Accounting Report ZIP files downloaded via Apps Manager
  • [Security Fix] Improve LDAP username validation for NFS LDAP integration
  • [Feature Improvement] consul_server can be scaled down to 0 instances
  • [Feature Improvement] Add an option CREDHUB_SKIP_INTERPOLATION to skip CredHub interpolation when staging/starting an app
  • [Feature Improvement] Add configuration for router balancing algorithm
  • [Feature Improvement] re-introduce the CFLinuxFS2 stack
  • [Bug Fix] Fix race condition in garden-external-networker
  • [Bug Fix] Address Azure MySQL compatibility problems in Notifications release
  • [Bug Fix] Fixes usage service migration that failed on external dbs with mysql mode ONLY_FULL_GROUP_BY.
  • [Bug Fix] Show TCP port for TCP routes on space page and app page in Apps Manager
  • [Bug Fix] Show an error page when there is a UAA error after attempted login to Apps Manager
  • [Bug Fix] Apps pushed with a droplet are able to start/stop/restart through Apps Manager
  • [Bug Fix] Update the square logo to use the PCF logo rather than the PWS logo in Apps Manager
  • [Bug Fix] Use streaming JSON instead of websockets for Apps Manager search functionality to account for incompatibility with some browsers
  • [Bug Fix] Include pushing applications with the –droplet option in the last push timestamp shown by Apps Manager
  • [Bug Fix] Fix Apps Manager crash when viewing service instance credentials that are complex data types
  • [Bug Fix] Smoke Test help text now properly references “Enable Metric Registrar”.
  • [Bug Fix] Keep resending route unregistration message to prevent application misrouting in case of NATS routing tier instability
  • [Bug fix] Backport cc_deployment_updater config fix to prevent failures when updating healthcheck timeout on multi-instance app deployments.
  • Bump ubuntu-xenial stemcell to version 250.106
  • Bump capi to version 1.76.9
  • Bump cf-autoscaling to version 222
  • Bump cf-networking to version 2.20.5
  • Bump cf-smoke-tests to version 40.0.119
  • Add new release cflinuxfs2 at version 1.291.0
  • Bump cflinuxfs3 to version 0.126.0
  • Bump diego to version 2.27.9
  • Bump java-offline-buildpack to version 4.21
  • Bump nfs-volume to version 1.7.11
  • Bump notifications to version 61
  • Bump push-apps-manager-release to version 668.0.22
  • Bump push-usage-service-release to version 669.0.12
Component Version
ubuntu-xenial stemcell250.106
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.76.9
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.5
cf-smoke-tests40.0.119
cf-syslog-drain8.2
cflinuxfs21.291.0
cflinuxfs30.126.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.9
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.21
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.11
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release668.0.22
push-usage-service-release669.0.12
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.9

Release Date: 08/15/2019

  • [Security Fix] Upgrade Envoy to Fix Security Vulnerabilities
  • [Security Fix] Upgrade libseccomp in bpm to 2.4.1 to address CVE-2019-9893
  • [Bug Fix] Improve output of Garden diagnostic tool (i.e. dontpanic) and increase resiliency in edge cases through improvements in containerd
  • [Bug Fix] Pass through arbitrary parameters when binding a service to an app in Apps Manager
  • [Bug Fix] Show all contexts for Spring Boot actuator mappings in Apps Manager, not just mappings that have the ‘application’ context
  • [Bug Fix] Fix bug in Apps Manager where Spring Boot actuator trace tab data was not shown
  • Bump ubuntu-xenial stemcell to version 250.84
  • Bump bpm to version 1.1.1
  • Bump cf-autoscaling to version 221
  • Bump cf-smoke-tests to version 40.0.116
  • Bump garden-runc to version 1.19.5
  • Bump istio to version 1.0.2
  • Bump push-apps-manager-release to version 668.0.18
  • Bump push-usage-service-release to version 669.0.11
Component Version
ubuntu-xenial stemcell250.84
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.76.8
cf-autoscaling221
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.116
cf-syslog-drain8.2
cflinuxfs30.118.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.20
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications57
php-offline-buildpack4.3.78
push-apps-manager-release668.0.18
push-usage-service-release669.0.11
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.8

Release Date: 07/30/2019

  • [Security Fix] When a Spring Boot app has a route with unencrypted HTTP as the protocol, Apps Manager attempts requests via encrypted HTTPS
  • [Feature] Allow operator to configure service mesh domain
  • [Bug Fix] Fix issue in which Enable/Disable Autoscaling button in Apps Manager temporarily shows the wrong autoscaling state
  • [Bug Fix] Space Developer Networking Self Service checkbox in PAS tile configuration now gives proper permissions to Apps Manager users
  • [Bug Fix] Fix issue where services shared across orgs/spaces never load apps it is bound to from the other orgs/spaces on the Apps Manager service overview tab
  • [Bug Fix] Make search bar in Apps Manager case insensitive
  • [Bug Fix] Fixes a regression causing mount bind configuration to be rejected by the SMB volume service broker
  • [Bug Fix] Creating a space via the V3 API generates an audit event
  • [Bug Fix] Fix issue in SMB startup scripts that can cause restart failure or inadvertent application data permission change
  • Bump ubuntu-xenial stemcell to version 250.82
  • Bump binary-offline-buildpack to version 1.0.33
  • Bump capi to version 1.76.8
  • Bump cflinuxfs3 to version 0.118.0
  • Bump go-offline-buildpack to version 1.8.42
  • Bump java-offline-buildpack to version 4.20
  • Bump log-cache to version 2.1.6
  • Bump nginx-offline-buildpack to version 1.0.15
  • Bump nodejs-offline-buildpack to version 1.6.52
  • Bump php-offline-buildpack to version 4.3.78
  • Bump push-apps-manager-release to version 668.0.16
  • Bump python-offline-buildpack to version 1.6.36
  • Bump r-offline-buildpack to version 1.0.11
  • Bump ruby-offline-buildpack to version 1.7.42
  • Bump smb-volume to version 1.3.0
Component Version
ubuntu-xenial stemcell250.82
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.8
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.113
cf-syslog-drain8.2
cflinuxfs30.118.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.0
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.20
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications57
php-offline-buildpack4.3.78
push-apps-manager-release668.0.16
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.7

Release Date: 07/15/2019

  • [Security Fix] Fix high severity CVE in UAA: CVE-2019-3787
  • [Security Fix] UAA should prevent SCIM query injection attacks
  • Bump cf-smoke-tests to version 40.0.113
  • Bump cflinuxfs3 to version 0.113.0
  • Bump uaa to version 71.2
Component Version
ubuntu-xenial stemcell250.73
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.7
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.113
cf-syslog-drain8.2
cflinuxfs30.113.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.0
go-offline-buildpack1.8.40
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.4
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.13
nodejs-offline-buildpack1.6.51
notifications-ui36
notifications57
php-offline-buildpack4.3.77
push-apps-manager-release668.0.15
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.34
r-offline-buildpack1.0.10
routing0.187.3
ruby-offline-buildpack1.7.40
silk2.20.1
smb-volume1.1.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.6

  • [Security Fix] Bump UAA to address CVE-2019-3788
  • [Security Fix] Update CF CLI for Autoscaler
  • [Feature] Allow users to configure max package size so that they can upload packages larger than 2GB
  • [Feature Improvement] Add ability to configure max search depth for LDAP in UAA
  • [Bug Fix] Fix missing “actee_name” for certain CAPI user role related audit events
  • [Bug Fix] Switch the Autoscaling toggle to a button on Apps Manager’s app overview page to better indicate when the action is in progress
  • [Bug Fix] Cause Apps Manager errand to fail if environment variable assignment fails
  • [Bug Fix] Fix credentials for service instances in Apps Manager that failed to display
  • [Bug Fix] Generate valid form ids in Apps Manager to enhance accessibility
  • [Bug Fix] Ellipsify long names of service instances in the services tables of Apps Manager
  • [Bug Fix] Send requests to update environment variables in correct format so they do not fail from Apps Manager
  • [Bug Fix] Fix issue in which flyouts in Apps Manager did not open in Internet Explorer
  • [Bug Fix] Fix failure of inviting new members via Apps Manager in some networking configurations
  • [Bug Fix] Add optional TTL pruning for TLS routes
  • [Bug Fix] Allow operators to omit backup bucket fields
  • [Bug Fix] diego_brain instances no longer update concurrently with diego_cell VMs to prevent application downtime in case of deployment update failure
  • [Bug Fix] Send Isolation Segment smoke test application requests on port 443
  • Bump ubuntu-xenial stemcell to version 250.73
  • Bump capi to version 1.76.7
  • Bump cf-autoscaling to version 219
  • Bump cf-cli to version 1.16.0
  • Bump cf-smoke-tests to version 40.0.109
  • Bump cflinuxfs3 to version 0.109.0
  • Bump dotnet-core-offline-buildpack to version 2.2.12
  • Bump go-offline-buildpack to version 1.8.40
  • Bump nginx-offline-buildpack to version 1.0.13
  • Bump nodejs-offline-buildpack to version 1.6.51
  • Bump php-offline-buildpack to version 4.3.77
  • Bump push-apps-manager-release to version 668.0.15
  • Bump python-offline-buildpack to version 1.6.34
  • Bump r-offline-buildpack to version 1.0.10
  • Bump routing to version 0.187.3
  • Bump ruby-offline-buildpack to version 1.7.40
  • Bump staticfile-offline-buildpack to version 1.4.43
Component Version
ubuntu-xenial stemcell250.73
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.7
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.109
cf-syslog-drain8.2
cflinuxfs30.109.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.0
go-offline-buildpack1.8.40
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.4
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.13
nodejs-offline-buildpack1.6.51
notifications-ui36
notifications57
php-offline-buildpack4.3.77
push-apps-manager-release668.0.15
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.34
r-offline-buildpack1.0.10
routing0.187.3
ruby-offline-buildpack1.7.40
silk2.20.1
smb-volume1.1.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.5

  • [Feature Improvement] Improved performance in loading Apps Manager foundation home page
  • [Feature Improvement] Switch the Autoscaling toggle to a button on Apps Manager’s app overview page to better indicate when the action is in progress
  • [Bug Fix] Fix issue where Apps Manager backup and restore failed if the system org and system space did not exist
  • [Bug Fix] Fix issue in which the browser back button sometimes did not work on Apps Manager Marketplace and New Org pages
  • [Bug Fix] Fix log-cache non-admin authorization for 50+ apps or service instances by paging through CAPI’s response links using internal CAPI address
  • [Bug Fix] Fix Router reconnecting to Routing API after Routing API shuts down ungracefully
  • [Bug Fix] Fix drain script in SMB volume driver to prevent it from unmounting shares before Diego has finished evacuating the cell
  • [Bug Fix] Fix issue with Azure Gateway was keeping connections alive longer than they were available when using HAProxy
  • [Bug Fix] Fix issue that prevented Apps Manager’s previous fix to honor the “Disable SSL certificate verification for this environment” PAS setting from taking effect
  • Bump ubuntu-xenial stemcell to version 250.58
  • Bump cflinuxfs3 to version 0.101.0
  • Bump haproxy to version 9.5.2
  • Bump log-cache to version 2.1.4
  • Bump push-apps-manager-release to version 668.0.13
  • Bump routing to version 0.187.2
  • Bump smb-volume to version 1.1.0
Component Version
ubuntu-xenial stemcell250.58
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.2
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.101.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.0
go-offline-buildpack1.8.39
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.4
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release668.0.13
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.187.2
ruby-offline-buildpack1.7.38
silk2.20.1
smb-volume1.1.0
staticfile-offline-buildpack1.4.42
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.4

  • [Security Fix] Network policy server returns X-XSS-Protection: 1 header to prevent noise in security scans
  • [Feature Improvement] Update default polling interval and idle connection limits for networking components to reduce resource contention on PAS database
  • [Bug Fix] Update MySQL server to version 5.7.25 to address performance issue when querying global variables which could cause platform components to lose database connectivity
  • [Bug Fix] Use the correct metrics url for the current foundation in Apps Manager
  • [Bug Fix] Removing a foundation from a multi-foundation setup no longer causes Apps Manager to crash
  • [Bug Fix] Apps Manager colors, header, and footer are customizable again
  • [Bug Fix] Fixes NFS resource leak issues
  • Bump cf-networking to version 2.20.2
  • Bump cflinuxfs3 to version 0.88.0
  • Bump nfs-volume to version 1.7.10
  • Bump push-apps-manager-release to version 668.0.11
  • Bump pxc to version 0.14.3
  • Bump silk to version 2.20.1
Component Version
ubuntu-xenial stemcell250.38
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.2
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.88.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.0
go-offline-buildpack1.8.39
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.3
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release668.0.11
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.187.1
ruby-offline-buildpack1.7.38
silk2.20.1
smb-volume1.0.0
staticfile-offline-buildpack1.4.42
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.3

  • [Breaking Change] go versions 1.8 and 1.9 have been removed from go-offline-buildpack
  • [Feature Improvement] Allow raising of LogCache max_per_source to provide a longer historical duration for noisy sources.
  • [Bug Fix] Fixes backward compatibility issue with NFS that can prevent apps from binding to service instances created in PAS 2.2 or earlier
  • [Bug Fix] Allow persistent disk size on backup and restore to be configured
  • [Bug Fix] Update notifications service to be compatible with Go buildpack 1.8.36
  • Bump ubuntu-xenial stemcell to version 250.38
  • Bump binary-offline-buildpack to version 1.0.32
  • Bump cflinuxfs3 to version 0.86.0
  • Bump dotnet-core-offline-buildpack to version 2.2.11
  • Bump go-offline-buildpack to version 1.8.39
  • Bump log-cache to version 2.1.3
  • Bump nfs-volume to version 1.7.9
  • Bump nginx-offline-buildpack to version 1.0.11
  • Bump nodejs-offline-buildpack to version 1.6.49
  • Bump notifications to version 57
  • Bump php-offline-buildpack to version 4.3.76
  • Bump push-usage-service-release to version 669.0.10
  • Bump python-offline-buildpack to version 1.6.32
  • Bump r-offline-buildpack to version 1.0.9
  • Bump ruby-offline-buildpack to version 1.7.38
  • Bump staticfile-offline-buildpack to version 1.4.42
Component Version
ubuntu-xenial stemcell250.38
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.86.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.0
go-offline-buildpack1.8.39
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.3
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.9
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release668.0.9
push-usage-service-release669.0.10
pxc0.14.2
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.187.1
ruby-offline-buildpack1.7.38
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.42
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.2

  • [Feature] Add extension buildpack support for the binary buildpack on Windows
  • [Feature] push-apps-manager job can read configured UAA SAML providers
  • [Feature] Task pruning age can be configured to allow PAS users with very high numbers of tasks to reduce load on the Cloud Controller database.
  • [Feature] Add R offline buildpack
  • [Feature] Add NGINX offline buildpack
  • [Feature Improvement] Configure Diego LRP zones in Azure to point to BOSH AZs Zone
  • [Feature Improvement] Link directly to cflinuxfs3 migration documentation
  • [Feature Improvement] Add support for staging Docker images from repositories using schema version 2 manifests
  • [Bug Fix] Fix issue where empty or malformed certificates would cause CredHub to fail to start.
  • [Bug Fix] Increase TLS Certificate verification depth in Apps Manager to allow for longer certificate chains
  • [Bug Fix] Improve performance when loading the home page on a foundation with many organizations
  • [Bug Fix] Remove clear input icon that was overlaid on content from search bar on IE
  • Bump ubuntu-xenial stemcell to version 250.29
  • Bump bpm to version 1.0.4
  • Bump capi to version 1.76.6
  • Bump cf-autoscaling to version 218
  • Bump cflinuxfs3 to version 0.80.0
  • Bump credhub to version 2.1.5
  • Bump diego to version 2.27.6
  • Add new release nginx-offline-buildpack at version 1.0.9
  • Bump push-apps-manager-release to version 668.0.9
  • Add new release r-offline-buildpack at version 1.0.7
  • Bump ruby-offline-buildpack to version 1.7.36
Component Version
ubuntu-xenial stemcell250.29
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.31
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.80.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.7
garden-runc1.19.0
go-offline-buildpack1.8.35
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.1
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.8
nginx-offline-buildpack1.0.9
nodejs-offline-buildpack1.6.45
notifications-ui36
notifications55
php-offline-buildpack4.3.72
push-apps-manager-release668.0.9
push-usage-service-release669.0.9
pxc0.14.2
python-offline-buildpack1.6.29
r-offline-buildpack1.0.7
routing0.187.1
ruby-offline-buildpack1.7.36
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.40
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.1

  • [Feature Improvement] Add support for TCP hitless reloads in haproxy to avoid connection reset errors
  • [Feature Improvement] Auto bump the CF CLI release included with PAS for use by errands
  • [Feature Improvement] Add ability to enable/disable gorouter hairpinning with Bypass security checks for route service lookup. This feature has potential security concerns, but may be needed for backwards compatibility. See Configuring Route Service Lookup.
  • [Security Fix] Invitations app rejects insecure HTTP requests
  • [Bug Fix] Specify buildpack for Apps Manager and related microservice applications to remove conflicts with custom buildpacks
  • [Bug Fix] Fix issue in which Apps Manager shows Invalid User as the username for space and organization members without usernames, such as UAA clients
  • [Bug Fix] When deleting an organization in Apps Manager, the user is now redirected to the home page instead of another organization page
  • [Bug Fix] Fix bug where Apps Manager crash errors were not displayed
  • [Bug Fix] Fix error message that incorrectly assumed that an SSL validation error occurred on any failed connection to Apps Manager’s search server
  • [Bug Fix] Remove external link icon from dropdown items on Apps Manager’s Tools page
  • [Bug Fix] Fix bug where app changes pushed with –no-start does not take effect when the app was started via Apps Manager
  • [Bug Fix] Fix alignment of search results in Apps Manager
  • [Bug Fix] Fix failed access checks on mount for NFS volume service with some Windows NFS servers
  • [Bug Fix] Fix issue that can cause the Spring Boot actuator integration with Apps Manager to stop working for apps pushed using the beta rolling app deployment feature. See Rolling App Deployments (Beta).
  • [Bug Fix] Fix feature: “Operator can specify headers to be stripped from the response by the router”
  • [Bug Fix] Fix diego rep to always clean up temporary download cache directory
  • Bump ubuntu-xenial stemcell to version 250.25
  • Bump binary-offline-buildpack to version 1.0.31
  • Bump capi to version 1.76.5
  • Bump cf-autoscaling to version 217
  • Bump cf-cli to version 1.13.0
  • Bump cflinuxfs3 to version 0.76.0
  • Bump diego to version 2.27.4
  • Bump dotnet-core-offline-buildpack to version 2.2.7
  • Bump garden-runc to version 1.19.0
  • Bump go-offline-buildpack to version 1.8.35
  • Bump java-offline-buildpack to version 4.18
  • Bump nfs-volume to version 1.7.8
  • Bump nodejs-offline-buildpack to version 1.6.45
  • Bump php-offline-buildpack to version 4.3.72
  • Bump push-apps-manager-release to version 668.0.8
  • Bump python-offline-buildpack to version 1.6.29
  • Bump routing to version 0.187.1
  • Bump ruby-offline-buildpack to version 1.7.34
  • Bump staticfile-offline-buildpack to version 1.4.40
  • Bump uaa to version 71.0
Component Version
ubuntu-xenial stemcell250.25
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.31
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.3
capi1.76.5
cf-autoscaling217
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.76.0
consul-drain0.0.3
consul198
credhub2.1.2
diego2.27.4
dotnet-core-offline-buildpack2.2.7
garden-runc1.19.0
go-offline-buildpack1.8.35
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.1
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.8
nodejs-offline-buildpack1.6.45
notifications-ui36
notifications55
php-offline-buildpack4.3.72
push-apps-manager-release668.0.8
push-usage-service-release669.0.9
pxc0.14.2
python-offline-buildpack1.6.29
routing0.187.1
ruby-offline-buildpack1.7.34
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.40
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.0

See also:

Component Version
ubuntu-xenial stemcell250.21
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.30
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.3
capi1.76.3
cf-autoscaling216
cf-backup-and-restore0.0.11
cf-cli1.12.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.72.0
consul-drain0.0.3
consul198
credhub2.1.2
diego2.27.0
dotnet-core-offline-buildpack2.2.5
garden-runc1.18.0
go-offline-buildpack1.8.33
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.16.1
log-cache2.1.1
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.7
nodejs-offline-buildpack1.6.43
notifications-ui36
notifications55
php-offline-buildpack4.3.70
push-apps-manager-release667.0.10
push-usage-service-release669.0.9
pxc0.14.2
python-offline-buildpack1.6.28
routing0.186.0
ruby-offline-buildpack1.7.31
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.39
statsd-injector1.6.0
syslog11.4.0
uaa69.0

How to Upgrade

The procedure for upgrading to Pivotal Application Service (PAS) v2.5 is documented in the Upgrading Pivotal Cloud Foundry topic.

When upgrading to PAS v2.5, be aware of the following upgrade considerations:

  • If you previously used an earlier version of PAS, you must first upgrade to PAS v2.4 to successfully upgrade to PAS v2.5.

  • Some partner service tiles may be incompatible with PCF v2.5. Pivotal is working with partners to ensure their tiles are updated to work with the latest versions of PCF.

    For information about which partner service releases are currently compatible with PCF v2.5, review the appropriate partners services release documentation at https://docs.pivotal.io, or contact the partner organization that produces the tile.

New Features in PAS v2.5

PAS v2.5.9 and Earlier Only Support cflinuxfs3

PAS versions v2.5.0 to v2.5.9 do not support apps running on cflinuxfs2.

PAS v2.5 patch versions v2.5.10 and later optionally support pre-existing apps staged with cflinuxfs2 buildpacks, but do not support restaging on cflinuxfs2. To enable cflinuxfs2 support, see the Configure Cloud Controller section of the Configuring PAS topic.

PAS v2.4 also supports both the cflinuxfs3 and cflinuxfs2 stacks.

Pivotal recommends that you upgrade to the latest v2.5 and encourage developers to migrate all their apps and upgrade any custom buildpacks to cflinuxfs3. For more information, see the Migrate Apps to cflinuxfs3 of the Upgrade Preparation Checklist for PCF v2.5 topic.

The cflinuxfs3 stack is derived from Ubuntu Bionic 18.04. The cflinuxfs2 stack is derived from Ubuntu Trusty 14.04, for which support ends in April 2019. For more information, see cflinuxfs3 Release in the BOSH documentation.

Disable Network Policy Enforcement Between Apps

You can disable Silk network policy enforcement between apps in the Networking pane of the PAS tile. Disabling network policy enforcement allows all apps to send network traffic to all other apps in the foundation despite no policy specifically allowing it.

Silk is a network fabric for containers designed for Cloud Foundry. For more information about Silk, see silk in GitHub.

Service Mesh Routing Plane (Beta)

Operators have the option to deploy a service mesh routing plane in addition to the existing HTTP and TCP routers. The first new feature provided by service mesh is weighted routing.

For more information, see Service Mesh (Beta).

Weighted Routing (Beta)

In deployments with service mesh configured, developers can configure routing weights for apps. Weighted routing allows you to map multiple apps to the same route and control the amount of traffic sent to each of them. Some use cases include include A/B testing, canary releases, or rolling out features over time to incremental user-bases.

For more information, see Using Weighted Routing (Beta).

Diego BBS Increases Routing Stability

Diego Bulletin Board System (BBS) improves routability for application instances running on cells with unstable presences.

Previously, when the cell missed a heartbeat, application instances on unstable cells were immediately replaced and routability was terminated. Now, when the cell misses a heartbeat, the routing to the application instance is maintained in case the cell is able to regain its presence. A replacement app is scheduled in case the cell does not regain its presence.

Support For Apps That Require Multiple Ports

PAS v2.5 supports apps that require multiple ports and apps that require custom ports. This update allows additional apps, such as Docker images and apps with TCP protocols that require multiple ports, to run on PAS.

For more information, see Configuring CF to Route Traffic to Apps on Custom Ports.

Configure Networking Policies Across Spaces Using the cf CLI

You can use the Cloud Foundry Command Line Interface (cf CLI) to configure networking policies across spaces in your PCF foundation. This allows you to quickly manage and configure networking policies without using the API.

Apps Manager Supports Asynchronous Service Bindings

Apps Manager supports services that take advantage of the flexibility of asynchronous bindings. Asynchronous bindings provide service brokers more time to perform the operations required to complete a bind. This can help service brokers avoid timing out for synchronous operations in PAS.

When you bind an app to a service that uses asynchronous bindings, Apps Manager displays the status of the service while the bind is still pending.

For more information about asynchronous operations in services, see the Open Service Broker API documentation.

Specify Metadata for Apps, Orgs, and Spaces

You can specify metadata to provide additional information about apps, orgs, and spaces. Metadata can help with operating, monitoring, and auditing your PAS deployment. Example uses of metadata include environment information, billing codes, points of contact, and information about security or risk.

You can specify two types of metadata: labels and annotations. You can query objects based on labels but not annotations.

For more information about metadata and how to add, update, and view metadata, see Using Metadata.

Generate Garden Component Logs with Binary File

Garden, the component that PCF uses to create and manage isolated environments called containers, includes a binary file called dontpanic. Operators can run /var/vcap/packages/garden/bin/dontpanic to generate a tar file of Garden component logs for use in troubleshooting or reporting an issue.

For more information about Garden, see Garden.

mysql-restore and mysql-backup Jobs Are Removed

PAS v2.5 does not use the mysql-restore and mysql-backup jobs to back up MySQL internally. Instead, each BOSH job is backed up separately with the BBR. mysql-restore and mysql-backup have therefore been removed.

For more information, see Backing Up and Restoring Pivotal Cloud Foundry.

Cloud Controller Retrieves Container Metrics from Log Cache

In PAS v2.5, Cloud Controller supports retrieving container metrics both from Traffic Controller and directly from Log Cache. When Cloud Controller retrieves container metrics directly from Log Cache, it can use the new Diego metric tags with these metric envelopes.

As for Traffic Controller, the containermetrics/app-guid endpoint no longer exists.

For more information about Log Cache and Traffic Controller, see Configuring Logging in PAS, Loggregator Architecture, and Overview of Logging and Metrics.

Known Issues

Extended cf logs Downtime

When upgrading from PAS v2.4, there is extended cf logs downtime. This causes the smoke test errand to fail during upgrade.

Scheduler Fails to Deploy If Connecting to MySQL Over TLS

Scheduler for PCF has a dependency on MySQL for PCF v2.x and currently does not support connecting to a MySQL database over TLS. If MySQL for PCF v2.x is configured to require TLS connection to the database, Scheduler fails to install.

Pivotal recommends configuring Scheduler to allow Optional TLS. This approach can be applied to other use cases, such as Spring Cloud Services, or for developer applications.

For more information, see PAS Scheduler fails to deploy in 2.5 in the Pivotal Knowledge Base.

Cloud Controller Error Causes PCF Upgrade to Fail

With buildpacks now having stack associations, additional validation must be added while upgrading to PAS v2.2 and later. This can generate a new StacklessAndStackfulMatchingBuildpacksError error in the post-start scripts.

For more information and instructions for resolving this issue, see Pivotal Cloud Foundry upgrade fails with a StacklessAndStackfulMatchingBuildpacksExistError Cloud Controller Error in the Pivotal Knowledge Base.

Apps Usage Service Errand Fails on Foundations With Self-Signed Certificates

The Apps Usage Service errand fails to deploy in PAS on foundations that use a self-signed or private certificate for Transport Layer Security (TLS). The Apps Usage Service errand fails with the following curl SSL error:

curl: (60) server certificate verification failed.
CAfile: /etc/ssl/certs/ca-certificates.crt
CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs).
If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Error: failed to run job-process: exit status 1 (exit status 1)

This error occurs because the Apps Usage Service errand uses native curl instead of cf curl to query an API endpoint. The native curl command fails SSL verification in the PAS deployment.

For more information and instructions for resolving this issue, see Apps Usage errand fails in PAS 2.5 with curl SSL error.

HTTP Response Headers Field Not Functional

The Remove Specified HTTP Response Headers field is not functional. If you modify this field, the router does not remove the headers as expected. This is due to a bug that prevents the configuration from being applied to the underlying job.

For more information, see Remove Specified HTTP Response Headers in PCF does not work in the Pivotal Knowledge Base.

Azure Availability Zones Not Compatible with Diego

While PAS v2.5 supports Azure availability zones (AZs), enabling this feature is not recommended for production workloads. With Azure AZs, Diego cannot detect which zone the cells are in. This means PAS cannot distribute app instances across different AZs, causing PCF not to run in high availability mode.

For more information, see Azure Availability Zones are not compatible with Diego in PAS 2.5 in the Pivotal Knowledge Base.

Apps Manager SSL Validation Cannot Be Disabled in PAS v2.5.0 through v2.5.4

In PAS v2.5.0 through v2.5.4, Apps Manager ignores the Disable SSL certificate verification for this environment PAS tile setting. For environments using SSL certificates signed by an untrusted certificate authority (CA), this may cause Apps Manager to show no content.

To resolve this issue, see Apps Manager shows no content due to SSL validation issue in the Pivotal Knowledge Base.

Apps Manager Only Allows One Intermediate Certificate Authority in PAS v2.5.0 and v2.5.1

In PAS v2.5.0 and v2.5.1, Apps Manager does not accept SSL certificates that have a signing chain with more than one intermediate certificate authority between the SSL certificate and the root certificate authority. This includes certificates from backend services such as the Cloud Controller API.

If there is more than one certificate authority, Apps Manager does not show content, and the logs for Apps Manager include the text certificate chain too long.

If you must use an SSL certificate chain with more than one intermediate certificate authority in your environment, contact Pivotal Support to discuss options for working around this issue.

Apps Manager BOSH Backup and Restore (BBR) Script Fails

In PAS v2.5.0 through v2.5.4, the Apps Manager BBR script fails when the system organization and system space do not exist.

To avoid script failure, manually create the system organization and system space.

Metric Registrar App Log Error Message

An invalid log drain error message may appear in app logs on foundations where the Metric Registrar is enabled. This error message indicates that the current version of Loggregator cannot parse the scheme used by the Metric Registrar.

This error message does not indicate that the app logs are incorrect or incomplete. There is no action required.

Some Environment Variables Are Missing When Using cflinuxfs3

When using the cflinuxfs3 stack in PAS v2.3 or later, if you provide environment variables containing periods or dashes, the environment variables do not appear in the process environment of the app.

To resolve this issue, ensure that all applications are using environment variables that do not contain periods or dashes.

For more information, see Missing environment variables when using PAS 2.3+ and the cflinuxfs3 stack in the Pivotal Knowledge Base.

CredHub Database Migration Failure

When the CredHub database fails to migrate with a Flyway exception, it may be caused by an issue with the flyway_schema_history table.

For information on how to address this issue, see Database Migration Failure in GitHub.

Intermittent Misrouting of Apps in Large PCF Foundations

Large PCF Foundations can experience intermittent misrouting of apps. These routes can point to non-existent or incorrect app containers and can cause apps to intermittently return HTTP codes 404 or 502.

This issue typically occurs in larger-sized foundations where a single Gorouter instance misses a deregistration message when a user unmaps routes to a running app. As a result, the Gorouter retains stale routes in its routing table.

To resolve this issue, update to PAS v2.5.10 or later.

If you have previously checked the Prune Routes on TTL Expiry for TLS Backends checkbox as referenced below, uncheck the box for improved guarantees of route consistency during control plane instability.

  1. Log in to Ops Manager.
  2. In the PAS tile, select Application Containers.
  3. Uncheck the Prune Routes on TTL Expiry for TLS Backends checkbox.
  4. Click Review Pending Changes.
  5. Click Apply Changes.

If you are on v2.5.6 to v2.5.9 and need a temporary mitigation pending upgrades, do the following:

  1. Log in to Ops Manager.
  2. In the PAS tile, select Application Containers.
  3. Select the Prune Routes on TTL Expiry for TLS Backends checkbox.
  4. Click Review Pending Changes.
  5. Click Apply Changes.

If you are on a version earlier than v2.5.6, you must upgrade to address this issue.

For more information, see Enabling TLS from the Gorouter to application instances results in bad routes in PAS 2.3+.

Apps Manager Spring Boot Integration Fails in Internet Explorer

In PAS v2.5.8, Apps Manager includes a change in communication with Spring Boot Actuator endpoints that is not compatible with the Internet Explorer 11 browser. The change results in Spring Boot information not appearing on the app page.

This issue is fixed in PAS v2.5.9 and later, and does not affect other browsers.

Apps Manager Does Not Show Spring Mappings Outside of the Application Context

In PAS v2.5.0 to v2.5.8, the Spring Boot mappings in Apps Manager did not account for contexts other than the 'application’ context. For this reason, some Spring Boot mappings may fail to show up in Apps Manager for a given application.

This issue is fixed in PAS v2.5.9 and later.

In PAS v2.5.1 to v2.5.9, Apps Manager shows the PWS logo rather than the PCF logo if a custom logo has not been uploaded.

This issue is fixed in PAS v2.5.10 and later.

Inviting New Users or Adding Space Roles in Apps Manager Fails

In PAS v2.5.10 and v2.5.11, the Apps Manager service that handles inviting new users to Cloud Foundry fails in many cases to add space roles for users or invite new users with space roles. As a workaround, use the cf CLI to manage user roles.

For more information, see User Admin commands in the Cloud Foundry CLI Reference Guide.