Pivotal Application Service v2.5 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2019.

Read more about the certified provider program and the requirements of providers.


Releases

Warning: Before installing or upgrading to PAS v2.5, review the Critical Breaking Changes in PCF v2.5.

2.5.9

Release Date: 08/15/2019

  • [Security Fix] Upgrade Envoy to Fix Security Vulnerabilities
  • [Security Fix] Upgrade libseccomp in bpm to 2.4.1 to address CVE-2019-9893
  • [Bug Fix] Improve output of Garden diagnostic tool (i.e. dontpanic) and increase resiliency in edge cases through improvements in containerd
  • Bump ubuntu-xenial stemcell to version 250.84
  • Bump bpm to version 1.1.1
  • Bump cf-autoscaling to version 221
  • Bump cf-smoke-tests to version 40.0.116
  • Bump garden-runc to version 1.19.5
  • Bump istio to version 1.0.2
  • Bump push-apps-manager-release to version 668.0.18
  • Bump push-usage-service-release to version 669.0.11
Component Version
ubuntu-xenial stemcell250.84
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.76.8
cf-autoscaling221
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.116
cf-syslog-drain8.2
cflinuxfs30.118.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.20
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications57
php-offline-buildpack4.3.78
push-apps-manager-release668.0.18
push-usage-service-release669.0.11
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.8

Release Date: 07/30/2019

  • [Security Fix] When a Spring Boot app has a route with unencrypted HTTP as the protocol, Apps Manager attempts requests via encrypted HTTPS
  • [Feature] Allow operator to configure service mesh domain
  • [Bug Fix] Fix issue in which Enable/Disable Autoscaling button in Apps Manager temporarily shows the wrong autoscaling state
  • [Bug Fix] Space Developer Networking Self Service checkbox in PAS tile configuration now gives proper permissions to Apps Manager users
  • [Bug Fix] Fix issue where services shared across orgs/spaces never load apps it is bound to from the other orgs/spaces on the Apps Manager service overview tab
  • [Bug Fix] Make search bar in Apps Manager case insensitive
  • [Bug Fix] Fixes a regression causing mount bind configuration to be rejected by the SMB volume service broker
  • [Bug Fix] Creating a space via the V3 API generates an audit event
  • [Bug Fix] Fix issue in SMB startup scripts that can cause restart failure or inadvertent application data permission change
  • Bump ubuntu-xenial stemcell to version 250.82
  • Bump binary-offline-buildpack to version 1.0.33
  • Bump capi to version 1.76.8
  • Bump cflinuxfs3 to version 0.118.0
  • Bump go-offline-buildpack to version 1.8.42
  • Bump java-offline-buildpack to version 4.20
  • Bump log-cache to version 2.1.6
  • Bump nginx-offline-buildpack to version 1.0.15
  • Bump nodejs-offline-buildpack to version 1.6.52
  • Bump php-offline-buildpack to version 4.3.78
  • Bump push-apps-manager-release to version 668.0.16
  • Bump python-offline-buildpack to version 1.6.36
  • Bump r-offline-buildpack to version 1.0.11
  • Bump ruby-offline-buildpack to version 1.7.42
  • Bump smb-volume to version 1.3.0
Component Version
ubuntu-xenial stemcell250.82
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.8
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.113
cf-syslog-drain8.2
cflinuxfs30.118.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.0
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.20
log-cache2.1.6
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications57
php-offline-buildpack4.3.78
push-apps-manager-release668.0.16
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.187.3
ruby-offline-buildpack1.7.42
silk2.20.1
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.7

Release Date: 07/15/2019

  • [Security Fix] Fix high severity CVE in UAA: CVE-2019-3787
  • [Security Fix] UAA should prevent SCIM query injection attacks
  • Bump cf-smoke-tests to version 40.0.113
  • Bump cflinuxfs3 to version 0.113.0
  • Bump uaa to version 71.2
Component Version
ubuntu-xenial stemcell250.73
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.7
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.113
cf-syslog-drain8.2
cflinuxfs30.113.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.0
go-offline-buildpack1.8.40
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.4
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.13
nodejs-offline-buildpack1.6.51
notifications-ui36
notifications57
php-offline-buildpack4.3.77
push-apps-manager-release668.0.15
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.34
r-offline-buildpack1.0.10
routing0.187.3
ruby-offline-buildpack1.7.40
silk2.20.1
smb-volume1.1.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.2

2.5.6

  • [Security Fix] Bump UAA to address CVE-2019-3788
  • [Security Fix] Update CF CLI for Autoscaler
  • [Feature] Allow users to configure max package size so that they can upload packages larger than 2GB
  • [Feature Improvement] Add ability to configure max search depth for LDAP in UAA
  • [Bug Fix] Fix missing “actee_name” for certain CAPI user role related audit events
  • [Bug Fix] Switch the Autoscaling toggle to a button on Apps Manager’s app overview page to better indicate when the action is in progress
  • [Bug Fix] Cause Apps Manager errand to fail if environment variable assignment fails
  • [Bug Fix] Fix credentials for service instances in Apps Manager that failed to display
  • [Bug Fix] Generate valid form ids in Apps Manager to enhance accessibility
  • [Bug Fix] Ellipsify long names of service instances in the services tables of Apps Manager
  • [Bug Fix] Send requests to update environment variables in correct format so they do not fail from Apps Manager
  • [Bug Fix] Fix issue in which flyouts in Apps Manager did not open in Internet Explorer
  • [Bug Fix] Fix failure of inviting new members via Apps Manager in some networking configurations
  • [Bug Fix] Add optional TTL pruning for TLS routes
  • [Bug Fix] Allow operators to omit backup bucket fields
  • [Bug Fix] diego_brain instances no longer update concurrently with diego_cell VMs to prevent application downtime in case of deployment update failure
  • [Bug Fix] Send Isolation Segment smoke test application requests on port 443
  • Bump ubuntu-xenial stemcell to version 250.73
  • Bump capi to version 1.76.7
  • Bump cf-autoscaling to version 219
  • Bump cf-cli to version 1.16.0
  • Bump cf-smoke-tests to version 40.0.109
  • Bump cflinuxfs3 to version 0.109.0
  • Bump dotnet-core-offline-buildpack to version 2.2.12
  • Bump go-offline-buildpack to version 1.8.40
  • Bump nginx-offline-buildpack to version 1.0.13
  • Bump nodejs-offline-buildpack to version 1.6.51
  • Bump php-offline-buildpack to version 4.3.77
  • Bump push-apps-manager-release to version 668.0.15
  • Bump python-offline-buildpack to version 1.6.34
  • Bump r-offline-buildpack to version 1.0.10
  • Bump routing to version 0.187.3
  • Bump ruby-offline-buildpack to version 1.7.40
  • Bump staticfile-offline-buildpack to version 1.4.43
Component Version
ubuntu-xenial stemcell250.73
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.7
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.20.2
cf-smoke-tests40.0.109
cf-syslog-drain8.2
cflinuxfs30.109.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.0
go-offline-buildpack1.8.40
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.4
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.13
nodejs-offline-buildpack1.6.51
notifications-ui36
notifications57
php-offline-buildpack4.3.77
push-apps-manager-release668.0.15
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.34
r-offline-buildpack1.0.10
routing0.187.3
ruby-offline-buildpack1.7.40
silk2.20.1
smb-volume1.1.0
staticfile-offline-buildpack1.4.43
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.5

  • [Feature Improvement] Improved performance in loading Apps Manager foundation home page
  • [Feature Improvement] Switch the Autoscaling toggle to a button on Apps Manager’s app overview page to better indicate when the action is in progress
  • [Bug Fix] Fix issue where Apps Manager backup and restore failed if the system org and system space did not exist
  • [Bug Fix] Fix issue in which the browser back button sometimes did not work on Apps Manager Marketplace and New Org pages
  • [Bug Fix] Fix log-cache non-admin authorization for 50+ apps or service instances by paging through CAPI’s response links using internal CAPI address
  • [Bug Fix] Fix Router reconnecting to Routing API after Routing API shuts down ungracefully
  • [Bug Fix] Fix drain script in SMB volume driver to prevent it from unmounting shares before Diego has finished evacuating the cell
  • [Bug Fix] Fix issue with Azure Gateway was keeping connections alive longer than they were available when using HAProxy
  • [Bug Fix] Fix issue that prevented Apps Manager’s previous fix to honor the “Disable SSL certificate verification for this environment” PAS setting from taking effect
  • Bump ubuntu-xenial stemcell to version 250.58
  • Bump cflinuxfs3 to version 0.101.0
  • Bump haproxy to version 9.5.2
  • Bump log-cache to version 2.1.4
  • Bump push-apps-manager-release to version 668.0.13
  • Bump routing to version 0.187.2
  • Bump smb-volume to version 1.1.0
Component Version
ubuntu-xenial stemcell250.58
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.2
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.101.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.0
go-offline-buildpack1.8.39
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.4
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release668.0.13
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.187.2
ruby-offline-buildpack1.7.38
silk2.20.1
smb-volume1.1.0
staticfile-offline-buildpack1.4.42
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.4

  • [Security Fix] Network policy server returns X-XSS-Protection: 1 header to prevent noise in security scans
  • [Feature Improvement] Update default polling interval and idle connection limits for networking components to reduce resource contention on PAS database
  • [Bug Fix] Update MySQL server to version 5.7.25 to address performance issue when querying global variables which could cause platform components to lose database connectivity
  • [Bug Fix] Use the correct metrics url for the current foundation in Apps Manager
  • [Bug Fix] Removing a foundation from a multi-foundation setup no longer causes Apps Manager to crash
  • [Bug Fix] Apps Manager colors, header, and footer are customizable again
  • [Bug Fix] Fixes NFS resource leak issues
  • Bump cf-networking to version 2.20.2
  • Bump cflinuxfs3 to version 0.88.0
  • Bump nfs-volume to version 1.7.10
  • Bump push-apps-manager-release to version 668.0.11
  • Bump pxc to version 0.14.3
  • Bump silk to version 2.20.1
Component Version
ubuntu-xenial stemcell250.38
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.2
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.88.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.0
go-offline-buildpack1.8.39
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.3
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.10
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release668.0.11
push-usage-service-release669.0.10
pxc0.14.3
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.187.1
ruby-offline-buildpack1.7.38
silk2.20.1
smb-volume1.0.0
staticfile-offline-buildpack1.4.42
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.3

  • [Breaking Change] go versions 1.8 and 1.9 have been removed from go-offline-buildpack
  • [Feature Improvement] Allow raising of LogCache max_per_source to provide a longer historical duration for noisy sources.
  • [Bug Fix] Fixes backward compatibility issue with NFS that can prevent apps from binding to service instances created in PAS 2.2 or earlier
  • [Bug Fix] Allow persistent disk size on backup and restore to be configured
  • [Bug Fix] Update notifications service to be compatible with Go buildpack 1.8.36
  • Bump ubuntu-xenial stemcell to version 250.38
  • Bump binary-offline-buildpack to version 1.0.32
  • Bump cflinuxfs3 to version 0.86.0
  • Bump dotnet-core-offline-buildpack to version 2.2.11
  • Bump go-offline-buildpack to version 1.8.39
  • Bump log-cache to version 2.1.3
  • Bump nfs-volume to version 1.7.9
  • Bump nginx-offline-buildpack to version 1.0.11
  • Bump nodejs-offline-buildpack to version 1.6.49
  • Bump notifications to version 57
  • Bump php-offline-buildpack to version 4.3.76
  • Bump push-usage-service-release to version 669.0.10
  • Bump python-offline-buildpack to version 1.6.32
  • Bump r-offline-buildpack to version 1.0.9
  • Bump ruby-offline-buildpack to version 1.7.38
  • Bump staticfile-offline-buildpack to version 1.4.42
Component Version
ubuntu-xenial stemcell250.38
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.86.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.0
go-offline-buildpack1.8.39
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.3
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.9
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release668.0.9
push-usage-service-release669.0.10
pxc0.14.2
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.187.1
ruby-offline-buildpack1.7.38
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.42
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.2

  • [Feature] Add extension buildpack support for the binary buildpack on Windows
  • [Feature] push-apps-manager job can read configured UAA SAML providers
  • [Feature] Task pruning age can be configured to allow PAS users with very high numbers of tasks to reduce load on the Cloud Controller database.
  • [Feature] Add R offline buildpack
  • [Feature] Add NGINX offline buildpack
  • [Feature Improvement] Configure Diego LRP zones in Azure to point to BOSH AZs Zone
  • [Feature Improvement] Link directly to cflinuxfs3 migration documentation
  • [Feature Improvement] Add support for staging Docker images from repositories using schema version 2 manifests
  • [Bug Fix] Fix issue where empty or malformed certificates would cause CredHub to fail to start.
  • [Bug Fix] Increase TLS Certificate verification depth in Apps Manager to allow for longer certificate chains
  • [Bug Fix] Improve performance when loading the home page on a foundation with many organizations
  • [Bug Fix] Remove clear input icon that was overlaid on content from search bar on IE
  • Bump ubuntu-xenial stemcell to version 250.29
  • Bump bpm to version 1.0.4
  • Bump capi to version 1.76.6
  • Bump cf-autoscaling to version 218
  • Bump cflinuxfs3 to version 0.80.0
  • Bump credhub to version 2.1.5
  • Bump diego to version 2.27.6
  • Add new release nginx-offline-buildpack at version 1.0.9
  • Bump push-apps-manager-release to version 668.0.9
  • Add new release r-offline-buildpack at version 1.0.7
  • Bump ruby-offline-buildpack to version 1.7.36
Component Version
ubuntu-xenial stemcell250.29
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.31
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.76.6
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.80.0
consul-drain0.0.3
consul198
credhub2.1.5
diego2.27.6
dotnet-core-offline-buildpack2.2.7
garden-runc1.19.0
go-offline-buildpack1.8.35
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.1
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.8
nginx-offline-buildpack1.0.9
nodejs-offline-buildpack1.6.45
notifications-ui36
notifications55
php-offline-buildpack4.3.72
push-apps-manager-release668.0.9
push-usage-service-release669.0.9
pxc0.14.2
python-offline-buildpack1.6.29
r-offline-buildpack1.0.7
routing0.187.1
ruby-offline-buildpack1.7.36
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.40
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.1

  • [Feature Improvement] Add support for TCP hitless reloads in haproxy to avoid connection reset errors
  • [Feature Improvement] Auto bump the CF CLI release included with PAS for use by errands
  • [Feature Improvement] Add ability to enable/disable gorouter hairpinning with Bypass security checks for route service lookup. This feature has potential security concerns, but may be needed for backwards compatibility. See Configuring Route Service Lookup.
  • [Security Fix] Invitations app rejects insecure HTTP requests
  • [Bug Fix] Specify buildpack for Apps Manager and related microservice applications to remove conflicts with custom buildpacks
  • [Bug Fix] Fix issue in which Apps Manager shows Invalid User as the username for space and organization members without usernames, such as UAA clients
  • [Bug Fix] When deleting an organization in Apps Manager, the user is now redirected to the home page instead of another organization page
  • [Bug Fix] Fix bug where Apps Manager crash errors were not displayed
  • [Bug Fix] Fix error message that incorrectly assumed that an SSL validation error occurred on any failed connection to Apps Manager’s search server
  • [Bug Fix] Remove external link icon from dropdown items on Apps Manager’s Tools page
  • [Bug Fix] Fix bug where app changes pushed with –no-start does not take effect when the app was started via Apps Manager
  • [Bug Fix] Fix alignment of search results in Apps Manager
  • [Bug Fix] Fix failed access checks on mount for NFS volume service with some Windows NFS servers
  • [Bug Fix] Fix issue that can cause the Spring Boot actuator integration with Apps Manager to stop working for apps pushed using the beta rolling app deployment feature. See Rolling App Deployments (Beta).
  • [Bug Fix] Fix feature: “Operator can specify headers to be stripped from the response by the router”
  • [Bug Fix] Fix diego rep to always clean up temporary download cache directory
  • Bump ubuntu-xenial stemcell to version 250.25
  • Bump binary-offline-buildpack to version 1.0.31
  • Bump capi to version 1.76.5
  • Bump cf-autoscaling to version 217
  • Bump cf-cli to version 1.13.0
  • Bump cflinuxfs3 to version 0.76.0
  • Bump diego to version 2.27.4
  • Bump dotnet-core-offline-buildpack to version 2.2.7
  • Bump garden-runc to version 1.19.0
  • Bump go-offline-buildpack to version 1.8.35
  • Bump java-offline-buildpack to version 4.18
  • Bump nfs-volume to version 1.7.8
  • Bump nodejs-offline-buildpack to version 1.6.45
  • Bump php-offline-buildpack to version 4.3.72
  • Bump push-apps-manager-release to version 668.0.8
  • Bump python-offline-buildpack to version 1.6.29
  • Bump routing to version 0.187.1
  • Bump ruby-offline-buildpack to version 1.7.34
  • Bump staticfile-offline-buildpack to version 1.4.40
  • Bump uaa to version 71.0
Component Version
ubuntu-xenial stemcell250.25
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.31
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.3
capi1.76.5
cf-autoscaling217
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.76.0
consul-drain0.0.3
consul198
credhub2.1.2
diego2.27.4
dotnet-core-offline-buildpack2.2.7
garden-runc1.19.0
go-offline-buildpack1.8.35
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.18
log-cache2.1.1
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.8
nodejs-offline-buildpack1.6.45
notifications-ui36
notifications55
php-offline-buildpack4.3.72
push-apps-manager-release668.0.8
push-usage-service-release669.0.9
pxc0.14.2
python-offline-buildpack1.6.29
routing0.187.1
ruby-offline-buildpack1.7.34
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.40
statsd-injector1.6.0
syslog11.4.0
uaa71.0

2.5.0

See also:

Component Version
ubuntu-xenial stemcell250.21
backup-and-restore-sdk1.12.0
binary-offline-buildpack1.0.30
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.3
capi1.76.3
cf-autoscaling216
cf-backup-and-restore0.0.11
cf-cli1.12.0
cf-networking2.20.0
cf-smoke-tests40.0.40
cf-syslog-drain8.2
cflinuxfs30.72.0
consul-drain0.0.3
consul198
credhub2.1.2
diego2.27.0
dotnet-core-offline-buildpack2.2.5
garden-runc1.18.0
go-offline-buildpack1.8.33
haproxy9.4.1
istio1.0.1
java-offline-buildpack4.16.1
log-cache2.1.1
loggregator-agent2.3
loggregator103.4
mapfs1.1.4
metric-registrar1.0.4
mysql-monitoring9.2.0
nats26
nfs-volume1.7.7
nodejs-offline-buildpack1.6.43
notifications-ui36
notifications55
php-offline-buildpack4.3.70
push-apps-manager-release667.0.10
push-usage-service-release669.0.9
pxc0.14.2
python-offline-buildpack1.6.28
routing0.186.0
ruby-offline-buildpack1.7.31
silk2.20.0
smb-volume1.0.0
staticfile-offline-buildpack1.4.39
statsd-injector1.6.0
syslog11.4.0
uaa69.0

How to Upgrade

The procedure for upgrading to Pivotal Application Service (PAS) v2.5 is documented in the Upgrading Pivotal Cloud Foundry topic.

When upgrading to PAS v2.5, be aware of the following upgrade considerations:

  • If you previously used an earlier version of PAS, you must first upgrade to PAS v2.4 to successfully upgrade to PAS v2.5.

  • Some partner service tiles may be incompatible with PCF v2.5. Pivotal is working with partners to ensure their tiles are updated to work with the latest versions of PCF.

    For information about which partner service releases are currently compatible with PCF v2.5, review the appropriate partners services release documentation at https://docs.pivotal.io, or contact the partner organization that produces the tile.

New Features in PAS v2.5

PAS Only Supports cflinuxfs3

cflinuxfs3 is the only stack supported in PAS v2.5. In PAS v2.4, both the cflinuxfs3 and cflinuxfs2 stacks were supported.

All apps using cflinuxfs2 must be restaged with cflinuxfs3 before upgrading to PAS v2.5. For more information, see the Migrate Apps to cflinuxfs3 of the Upgrade Preparation Checklist for PCF v2.5 topic.

The cflinuxfs3 stack is derived from Ubuntu Bionic 18.04. The cflinuxfs2 stack is derived from Ubuntu Trusty 14.04, for which support ends in April 2019. For more information, see cflinuxfs3 Release in the BOSH documentation.

Disable Network Policy Enforcement Between Apps

You can disable Silk network policy enforcement between apps in the Networking pane of the PAS tile. Disabling network policy enforcement allows all apps to send network traffic to all other apps in the foundation despite no policy specifically allowing it.

Silk is a network fabric for containers designed for Cloud Foundry. For more information about Silk, see silk in GitHub.

Service Mesh Routing Plane (Beta)

Operators have the option to deploy a service mesh routing plane in addition to the existing HTTP and TCP routers. The first new feature provided by service mesh is weighted routing.

For more information, see Service Mesh (Beta).

Weighted Routing (Beta)

In deployments with service mesh configured, developers can configure routing weights for apps. Weighted routing allows you to map multiple apps to the same route and control the amount of traffic sent to each of them. Some use cases include include A/B testing, canary releases, or rolling out features over time to incremental user-bases.

For more information, see Using Weighted Routing (Beta).

Diego BBS Increases Routing Stability

Diego Bulletin Board System (BBS) improves routability for application instances running on cells with unstable presences.

Previously, when the cell missed a heartbeat, application instances on unstable cells were immediately replaced and routability was terminated. Now, when the cell misses a heartbeat, the routing to the application instance is maintained in case the cell is able to regain its presence. A replacement app is scheduled in case the cell does not regain its presence.

Support For Apps That Require Multiple Ports

PAS v2.5 supports apps that require multiple ports and apps that require custom ports. This update allows additional apps, such as Docker images and apps with TCP protocols that require multiple ports, to run on PAS.

For more information, see Configuring CF to Route Traffic to Apps on Custom Ports.

Configure Networking Policies Across Spaces Using the cf CLI

You can use the Cloud Foundry Command Line Interface (cf CLI) to configure networking policies across spaces in your PCF foundation. This allows you to quickly manage and configure networking policies without using the API.

Apps Manager Supports Asynchronous Service Bindings

Apps Manager supports services that take advantage of the flexibility of asynchronous bindings. Asynchronous bindings provide service brokers more time to perform the operations required to complete a bind. This can help service brokers avoid timing out for synchronous operations in PAS.

When you bind an app to a service that uses asynchronous bindings, Apps Manager displays the status of the service while the bind is still pending.

For more information about asynchronous operations in services, see the Open Service Broker API documentation.

Specify Metadata for Apps, Orgs, and Spaces

You can specify metadata to provide additional information about apps, orgs, and spaces. Metadata can help with operating, monitoring, and auditing your PAS deployment. Example uses of metadata include environment information, billing codes, points of contact, and information about security or risk.

You can specify two types of metadata: labels and annotations. You can query objects based on labels but not annotations.

For more information about metadata and how to add, update, and view metadata, see Using Metadata.

Generate Garden Component Logs with Binary File

Garden, the component that PCF uses to create and manage isolated environments called containers, includes a binary file called dontpanic. Operators can run /var/vcap/packages/garden/bin/dontpanic to generate a tar file of Garden component logs for use in troubleshooting or reporting an issue.

For more information about Garden, see Garden.

mysql-restore and mysql-backup Jobs Are Removed

PAS v2.5 does not use the mysql-restore and mysql-backup jobs to back up MySQL internally. Instead, each BOSH job is backed up separately with the BBR. mysql-restore and mysql-backup have therefore been removed.

For more information, see Backing Up and Restoring Pivotal Cloud Foundry.

Cloud Controller Retrieves Container Metrics from Log Cache

In PAS v2.5, Cloud Controller supports retrieving container metrics both from Traffic Controller and directly from Log Cache. When Cloud Controller retrieves container metrics directly from Log Cache, it can use the new Diego metric tags with these metric envelopes.

As for Traffic Controller, the containermetrics/app-guid endpoint no longer exists.

For more information about Log Cache and Traffic Controller, see Configuring Logging in PAS, Loggregator Architecture, and Overview of Logging and Metrics.

Known Issues

Extended cf logs Downtime

When upgrading from PAS v2.4, there is extended cf logs downtime. This causes the smoke test errand to fail during upgrade.

Scheduler Fails to Deploy If Connecting to MySQL Over TLS

Scheduler for PCF has a dependency on MySQL for PCF v2.x and currently does not support connecting to a MySQL database over TLS. If MySQL for PCF v2.x is configured to require TLS connection to the database, Scheduler fails to install.

Pivotal recommends configuring Scheduler to allow Optional TLS. This approach can be applied to other use cases, such as Spring Cloud Services, or for developer applications.

For more information, see PAS Scheduler fails to deploy in 2.5 in the Pivotal Knowledge Base.

Cloud Controller Error Causes PCF Upgrade to Fail

With buildpacks now having stack associations, additional validation must be added while upgrading to PAS v2.2 and later. This can generate a new StacklessAndStackfulMatchingBuildpacksError error in the post-start scripts.

For more information and instructions for resolving this issue, see Pivotal Cloud Foundry upgrade fails with a StacklessAndStackfulMatchingBuildpacksExistError Cloud Controller Error in the Pivotal Knowledge Base.

Apps Usage Service Errand Fails on Foundations With Self-Signed Certificates

The Apps Usage Service errand fails to deploy in PAS on foundations that use a self-signed or private certificate for Transport Layer Security (TLS). The Apps Usage Service errand fails with the following curl SSL error:

curl: (60) server certificate verification failed.
CAfile: /etc/ssl/certs/ca-certificates.crt
CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs).
If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Error: failed to run job-process: exit status 1 (exit status 1)

This error occurs because the Apps Usage Service errand uses native curl instead of cf curl to query an API endpoint. The native curl command fails SSL verification in the PAS deployment.

For more information and instructions for resolving this issue, see Apps Usage errand fails in PAS 2.5 with curl SSL error.

HTTP Response Headers Field Not Functional

The Remove Specified HTTP Response Headers field is not functional. If you modify this field, the router does not remove the headers as expected. This is due to a bug that prevents the configuration from being applied to the underlying job.

For more information, see Remove Specified HTTP Response Headers in PCF does not work in the Pivotal Knowledge Base.

Azure Availability Zones Not Compatible with Diego

While PAS v2.5 supports Azure availability zones (AZs), enabling this feature is not recommended for production workloads. With Azure AZs, Diego cannot detect which zone the cells are in. This means PAS cannot distribute app instances across different AZs, causing PCF not to run in high availability mode.

For more information, see Azure Availability Zones are not compatible with Diego in PAS 2.5 in the Pivotal Knowledge Base.

Apps Manager SSL Validation Cannot Be Disabled in PAS v2.5.0 through v2.5.4

In PAS v2.5.0 through v2.5.4, Apps Manager ignores the Disable SSL certificate verification for this environment PAS tile setting. For environments using SSL certificates signed by an untrusted certificate authority (CA), this may cause Apps Manager to show no content.

To resolve this issue, see Apps Manager shows no content due to SSL validation issue in the Pivotal Knowledge Base.

Apps Manager Only Allows One Intermediate Certificate Authority in PAS v2.5.0 and v2.5.1

In PAS v2.5.0 and v2.5.1, Apps Manager does not accept SSL certificates that have a signing chain with more than one intermediate certificate authority between the SSL certificate and the root certificate authority. This includes certificates from backend services such as the Cloud Controller API.

If there is more than one certificate authority, Apps Manager does not show content, and the logs for Apps Manager include the text certificate chain too long.

If you must use an SSL certificate chain with more than one intermediate certificate authority in your environment, contact Pivotal Support to discuss options for working around this issue.

Apps Manager BOSH Backup and Restore (BBR) Script Fails

In PAS v2.5.0 through v2.5.4, the Apps Manager BBR script fails when the system organization and system space do not exist.

To avoid script failure, manually create the system organization and system space.

Metric Registrar App Log Error Message

An invalid log drain error message may appear in app logs on foundations where the Metric Registrar is enabled. This error message indicates that the current version of Loggregator cannot parse the scheme used by the Metric Registrar.

This error message does not indicate that the app logs are incorrect or incomplete. There is no action required.

Some Environment Variables Are Missing When Using cflinuxfs3

When using the cflinuxfs3 stack in PAS v2.3 or later, if you provide environment variables containing periods or dashes, the environment variables do not appear in the process environment of the app.

To resolve this issue, ensure that all applications are using environment variables that do not contain periods or dashes.

For more information, see Missing environment variables when using PAS 2.3+ and the cflinuxfs3 stack in the Pivotal Knowledge Base.

CredHub Database Migration Failure

When the CredHub database fails to migrate with a Flyway exception, it may be caused by an issue with the flyway_schema_history table.

For information on how to address this issue, see Database Migration Failure in GitHub.

Intermittent Misrouting of Apps in Large PCF Foundations

Large PCF Foundations can experience intermittent misrouting of apps. These routes can point to non-existent or incorrect app containers and can cause apps to intermittently return HTTP codes 404 or 502.

This issue typically occurs in larger-sized foundations where a single Gorouter instance misses a deregistration message when a user unmaps routes to a running app. As a result, the Gorouter retains stale routes in its routing table.

This issue been fixed in PAS v2.5.6.

If you experience intermittent misrouting in apps, do the following:

  1. Log in to Ops Manager.
  2. Update the PAS tile to PAS v2.5.6.
  3. In the PAS tile, select Application Containers.
  4. Select the Prune Routes on TTL Expiry for TLS Backends checkbox.
  5. Click Review Pending Changes.
  6. Click Apply Changes.

To persist this configuration after an upgrade, upgrade to PAS v2.6.1 or later.

For more information, see Enabling TLS from the Gorouter to application instances results in bad routes in PAS 2.3+.

Apps Manager Spring Boot Integration Fails in Internet Explorer

In PAS v2.5.8, Apps Manager includes a change in communication with Spring Boot Actuator endpoints that is not compatible with the Internet Explorer 11 browser. The change results in Spring Boot information not appearing on the app page.

This issue is fixed in later patch versions and does not affect other browsers.

Apps Manager Does Not Show Spring Mappings Outside of the Application Context

In PAS v2.5.0 to v2.5.8, the Spring Boot mappings in Apps Manager did not account for contexts other than the ‘application’ context. For this reason, some Spring Boot mappings may fail to show up in Apps Manager for a given application.

This issue is fixed in later releases.