Pivotal Application Service v2.6 Release Notes

Page last updated:

This topic contains release notes for Pivotal Application Service (PAS) v2.6.

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2020.

Read more about the certified provider program and the requirements of providers.


Releases

2.6.15

Release Date: 02/06/2020

  • [Security Fix] CVE-2020-5399 - Use TLS for MySQL database connections in Credhub
  • [Feature Improvement] Replace Metric Forwarder integration with Metric Registrar integration in Apps Manager
  • [Feature Improvement] The HSM Client Private Key for CredHub can be encrypted.
  • [Feature Improvement] Use the Diego logging format for the Garden job
  • [Bug Fix] Show spring mappings in Apps Manager for apps using Spring Boot 2.2.x
  • [Bug Fix] Resize tooltip in the Apps Manager bind services flyout to make text fully visible
  • [Bug Fix] Add empty state message to Marketplace for orgs without spaces in Apps Manager
  • [Bug Fix] Add support for non-ASCII characters in app logs shown in Apps Manager
  • [Bug Fix] The Apps Manager bound services list correctly shows the number of bound apps when a table is paginated
  • [Bug Fix] Show full app name, regardless of length, in Apps Manager
  • [Bug Fix] Allow users with cloud_controller.global_auditor scope to view Cloud Controller resources in Apps Manager
  • [Bug Fix] Allow users with cloud_controller.admin_read_only scope to view Cloud Controller resources in Apps Manager, including secrets
  • [Bug Fix] When you click on the Restage App option, Apps Manager renders the restage app modal
  • [Bug Fix] For apps using Spring Boot 2.2.x, show Spring Health information in Apps Manager
  • [Bug Fix] Enforce memory limits on non-API cloud_controller jobs
  • [Bug Fix] HAProxy returns with HTTP/1.1 proto for 504s
  • Bump ubuntu-xenial stemcell to version 315.163
  • Bump capi to version 1.80.11
  • Bump cflinuxfs3 to version 0.161.0
  • Bump credhub to version 2.4.3
  • Bump dotnet-core-offline-buildpack to version 2.3.4
  • Bump go-offline-buildpack to version 1.9.5
  • Bump nginx-offline-buildpack to version 1.1.4
  • Bump nodejs-offline-buildpack to version 1.7.9
  • Bump php-offline-buildpack to version 4.4.6
  • Bump push-apps-manager-release to version 669.0.18
  • Bump python-offline-buildpack to version 1.7.6
  • Bump ruby-offline-buildpack to version 1.8.8
Component Version
ubuntu-xenial stemcell315.163
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.11
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.24.0
cf-networking2.22.10
cf-smoke-tests40.0.125
cf-syslog-drain10.2.5
cflinuxfs30.161.0
consul-drain0.0.3
consul198
credhub2.4.3
diego2.30.5
dotnet-core-offline-buildpack2.3.4
garden-runc1.19.9
go-offline-buildpack1.9.5
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.12
loggregator-agent3.16.3
loggregator105.6.3
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.4
nodejs-offline-buildpack1.7.9
notifications-ui36
notifications61
php-offline-buildpack4.4.6
push-apps-manager-release669.0.18
push-usage-service-release670.0.13
pxc0.22.0
python-offline-buildpack1.7.6
r-offline-buildpack1.1.1
routing0.188.9
ruby-offline-buildpack1.8.8
silk2.22.10
smb-volume2.1.1
staticfile-offline-buildpack1.5.3
statsd-injector1.11.8
syslog11.6.1
uaa71.7

2.6.14

Release Date: 01/16/2020

  • [Security Fix] Several security issues were fixed in MySQL USN-4070-1, USN-4195-1
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for loggregator release
  • [Feature] Expose PAS database metrics in the Healthwatch Indicator Protocol dashboard
  • [Bug Fix] Revert unintended audit logging format change in UAA
  • [Bug Fix] mapfs - Fix error when appending to a file
  • Bump ubuntu-xenial stemcell to version 315.154
  • Bump binary-offline-buildpack to version 1.0.36
  • Bump cf-cli to version 1.24.0
  • Bump cf-smoke-tests to version 40.0.125
  • Bump cf-syslog-drain to version 10.2.5
  • Bump cflinuxfs3 to version 0.153.0
  • Bump dotnet-core-offline-buildpack to version 2.3.3
  • Bump go-offline-buildpack to version 1.9.4
  • Bump log-cache to version 2.1.12
  • Bump loggregator-agent to version 3.16.3
  • Bump loggregator to version 105.6.3
  • Bump mysql-monitoring to version 9.7.0
  • Bump nginx-offline-buildpack to version 1.1.3
  • Bump nodejs-offline-buildpack to version 1.7.8
  • Bump php-offline-buildpack to version 4.4.5
  • Bump pxc to version 0.22.0
  • Bump python-offline-buildpack to version 1.7.5
  • Bump r-offline-buildpack to version 1.1.1
  • Bump ruby-offline-buildpack to version 1.8.6
  • Bump staticfile-offline-buildpack to version 1.5.3
  • Bump statsd-injector to version 1.11.8
  • Bump uaa to version 71.7
Component Version
ubuntu-xenial stemcell315.154
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.10
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.24.0
cf-networking2.22.10
cf-smoke-tests40.0.125
cf-syslog-drain10.2.5
cflinuxfs30.153.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.3
garden-runc1.19.9
go-offline-buildpack1.9.4
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.12
loggregator-agent3.16.3
loggregator105.6.3
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.7.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.3
nodejs-offline-buildpack1.7.8
notifications-ui36
notifications61
php-offline-buildpack4.4.5
push-apps-manager-release669.0.17
push-usage-service-release670.0.13
pxc0.22.0
python-offline-buildpack1.7.5
r-offline-buildpack1.1.1
routing0.188.9
ruby-offline-buildpack1.8.6
silk2.22.10
smb-volume2.1.1
staticfile-offline-buildpack1.5.3
statsd-injector1.11.8
syslog11.6.1
uaa71.7

2.6.13

Release Date: 12/26/2019

  • [Security Fix] App Usage Service - Bump Nokogiri to 1.10.5 to fix CVE-2019-13117
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for syslog release
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for garden-runc release
  • [Feature Improvement] Upgrade nats release to use go 1.13 release
  • [Feature Improvement] Notifications service will skip hostname validation for external databases
  • [Feature Improvement] Add doppler.firehose and usage_service.audit to Apps Manager client
  • [Bug Fix] Prevents users from downloading the Accounting and Usage Service reports through Apps Manager when fields are undefined or null
  • [Bug Fix] Prevents multiple service instances without binding names from being bound to apps in Apps Manager
  • [Bug Fix] Exclude user-provided service instances from org-level service instance hours on Usage Report in Apps Manager
  • [Bug Fix] Account for malformed Git properties in Spring and Steeltoe apps to keep Apps Manager from crashing on render
  • [Bug Fix] Invalid Date is not shown in Apps Manager trace tab when using Spring v2.0
  • [Bug Fix] Move tooltip in the Apps Manager bind services flyout to make text fully visible
  • [Bug Fix] Prevent attempts to build a droplet when starting an app through Apps Manager if there is no associated package
  • [Bug Fix] Fix error when using after_guid query parameter with the v2/app_usage_events endpoint after all AppUsageEvents have been pruned
  • [Bug Fix] Passwords containing commas no longer cause the SMB volume service to crash at startup with a “mount failed” error
  • [Bug Fix] Silk correctly calculates non-standard CIDRs
  • Bump ubuntu-xenial stemcell to version 315.146
  • Bump capi to version 1.80.10
  • Bump cf-cli to version 1.23.0
  • Bump cf-networking to version 2.22.10
  • Bump cf-smoke-tests to version 40.0.124
  • Bump cflinuxfs3 to version 0.151.0
  • Bump garden-runc to version 1.19.9
  • Bump nats to version 28
  • Bump push-apps-manager-release to version 669.0.17
  • Bump push-usage-service-release to version 670.0.13
  • Bump pxc to version 0.21.0
  • Bump silk to version 2.22.10
  • Bump smb-volume to version 2.1.1
  • Bump syslog to version 11.6.1
Component Version
ubuntu-xenial stemcell315.146
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.10
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.23.0
cf-networking2.22.10
cf-smoke-tests40.0.124
cf-syslog-drain10.2.2
cflinuxfs30.151.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.9
go-offline-buildpack1.9.3
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.16.2
loggregator105.5.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.3.0
nats28
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.4
notifications-ui36
notifications61
php-offline-buildpack4.4.2
push-apps-manager-release669.0.17
push-usage-service-release670.0.13
pxc0.21.0
python-offline-buildpack1.7.2
r-offline-buildpack1.1.0
routing0.188.9
ruby-offline-buildpack1.8.2
silk2.22.10
smb-volume2.1.1
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.6.1
uaa71.6

2.6.12

Release Date: 12/09/2019

  • [Security Fix] Prevent logging of secure information
  • [Feature Improvement] Upgrade Routing, Networking, and Silk releases to use go 1.13 release
  • Bump cf-networking to version 2.22.9
  • Bump cflinuxfs3 to version 0.150.0
  • Bump routing to version 0.188.9
  • Bump silk to version 2.22.9
  • Bump uaa to version 71.6
Component Version
ubuntu-xenial stemcell315.143
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.9
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.9
cf-smoke-tests40.0.123
cf-syslog-drain10.2.2
cflinuxfs30.150.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.8
go-offline-buildpack1.9.3
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.16.2
loggregator105.5.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.3.0
nats26
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.4
notifications-ui36
notifications61
php-offline-buildpack4.4.2
push-apps-manager-release669.0.16
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.7.2
r-offline-buildpack1.1.0
routing0.188.9
ruby-offline-buildpack1.8.2
silk2.22.9
smb-volume2.1.0
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.4.0
uaa71.6

2.6.11

Release Date: 12/02/2019

  • [Feature] Allow operator to set a new bind configuration “version” on volume mounts. Operators with older versions of smb software can now use volume services.
  • [Bug Fix] S3 unversioned backup and restore now works if the unversioned target bucket used to be versioned
  • Bump ubuntu-xenial stemcell to version 315.143
  • Bump backup-and-restore-sdk to version 1.17.2
  • Bump cflinuxfs3 to version 0.149.0
  • Bump java-offline-buildpack to version 4.26
  • Bump nodejs-offline-buildpack to version 1.7.4
  • Bump php-offline-buildpack to version 4.4.2
  • Bump python-offline-buildpack to version 1.7.2
  • Bump r-offline-buildpack to version 1.1.0
  • Bump smb-volume to version 2.1.0
Component Version
ubuntu-xenial stemcell315.143
backup-and-restore-sdk1.17.2
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.9
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.6
cf-smoke-tests40.0.123
cf-syslog-drain10.2.2
cflinuxfs30.149.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.8
go-offline-buildpack1.9.3
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.26
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.16.2
loggregator105.5.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.3.0
nats26
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.4
notifications-ui36
notifications61
php-offline-buildpack4.4.2
push-apps-manager-release669.0.16
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.7.2
r-offline-buildpack1.1.0
routing0.188.4
ruby-offline-buildpack1.8.2
silk2.22.2
smb-volume2.1.0
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.4.0
uaa71.5

2.6.10

Release Date: 11/19/2019

  • [Security Fix] Address CVE-2019-17596
  • [Security Fix] Improve Gorouter resiliency to panics and address CVE-2019-11289
  • Bump ubuntu-xenial stemcell to version 315.133
  • Bump cf-smoke-tests to version 40.0.123
  • Bump cflinuxfs3 to version 0.143.0
  • Bump dotnet-core-offline-buildpack to version 2.3.2
  • Bump go-offline-buildpack to version 1.9.3
  • Bump mapfs to version 1.2.1
  • Bump nfs-volume to version 2.3.2
  • Bump nginx-offline-buildpack to version 1.1.1
  • Bump nodejs-offline-buildpack to version 1.7.2
  • Bump php-offline-buildpack to version 4.4.1
  • Bump python-offline-buildpack to version 1.7.1
  • Bump routing to version 0.188.4
  • Bump ruby-offline-buildpack to version 1.8.2
  • Bump smb-volume to version 2.0.4
  • Bump staticfile-offline-buildpack to version 1.5.1
Component Version
ubuntu-xenial stemcell315.133
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.9
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.6
cf-smoke-tests40.0.123
cf-syslog-drain10.2.2
cflinuxfs30.143.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.2
garden-runc1.19.8
go-offline-buildpack1.9.3
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.24
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.16.2
loggregator105.5.2
mapfs1.2.1
metric-registrar1.1.1
mysql-monitoring9.3.0
nats26
nfs-volume2.3.2
nginx-offline-buildpack1.1.1
nodejs-offline-buildpack1.7.2
notifications-ui36
notifications61
php-offline-buildpack4.4.1
push-apps-manager-release669.0.16
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.7.1
r-offline-buildpack1.0.13
routing0.188.4
ruby-offline-buildpack1.8.2
silk2.22.2
smb-volume2.0.4
staticfile-offline-buildpack1.5.1
statsd-injector1.11.1
syslog11.4.0
uaa71.5

2.6.9

Release Date: 10/31/2019

  • [Security Fix] Eliminate risk of Jackson Databind vulnerabilities
  • [Security Fix] Upgrade Go, runc and containerd to latest to include security fixes
  • [Security Fix] Bump Usage Service Ruby to 2.5.7 and Loofah gem to 2.3.1
  • [Security Fix] CVE-2019-17596 bump Go
  • [Feature] Enable metrics for delayed job failures for Usage Service Release
  • [Feature Improvement] Correct System Logging TLS Destination Certificate Label
  • [Bug Fix] Add required template function to enable recreation of clock_global vm
  • [Bug Fix] Increase width of Apps Manager logs tab
  • [Bug Fix] Do not attempt to start an app if the app droplet fails to build in Apps Manager
  • [Bug Fix] Show buildpack name for java_buildpack in Apps Manager
  • [Bug Fix] Match CLI default timeouts when waiting for app restages and start health checks in Apps Manager
  • [Bug Fix] When starting an app via Apps Manager, do not build a new droplet unless it’s necessary to do so
  • [Bug Fix] Fix goroutine leak for websockets.
  • Bump ubuntu-xenial stemcell to version 315.114
  • Bump capi to version 1.80.9
  • Bump cf-syslog-drain to version 10.2.2
  • Bump cflinuxfs3 to version 0.137.0
  • Bump dotnet-core-offline-buildpack to version 2.3.1
  • Bump garden-runc to version 1.19.8
  • Bump java-offline-buildpack to version 4.24
  • Bump leadership-election to version 1.4.2
  • Bump log-cache to version 2.1.11
  • Bump loggregator-agent to version 3.16.2
  • Bump loggregator to version 105.5.2
  • Bump nginx-offline-buildpack to version 1.1.0
  • Bump nodejs-offline-buildpack to version 1.7.0
  • Bump php-offline-buildpack to version 4.4.0
  • Bump push-apps-manager-release to version 669.0.16
  • Bump push-usage-service-release to version 670.0.12
  • Bump routing to version 0.188.3
  • Bump ruby-offline-buildpack to version 1.8.1
  • Bump staticfile-offline-buildpack to version 1.5.0
  • Bump statsd-injector to version 1.11.1
  • Bump uaa to version 71.5
Component Version
ubuntu-xenial stemcell315.114
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.9
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.6
cf-smoke-tests40.0.119
cf-syslog-drain10.2.2
cflinuxfs30.137.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.1
garden-runc1.19.8
go-offline-buildpack1.9.1
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.24
leadership-election1.4.2
log-cache2.1.11
loggregator-agent3.16.2
loggregator105.5.2
mapfs1.1.5
metric-registrar1.1.1
mysql-monitoring9.3.0
nats26
nfs-volume2.3.0
nginx-offline-buildpack1.1.0
nodejs-offline-buildpack1.7.0
notifications-ui36
notifications61
php-offline-buildpack4.4.0
push-apps-manager-release669.0.16
push-usage-service-release670.0.12
pxc0.20.0
python-offline-buildpack1.6.37
r-offline-buildpack1.0.13
routing0.188.3
ruby-offline-buildpack1.8.1
silk2.22.2
smb-volume2.0.3
staticfile-offline-buildpack1.5.0
statsd-injector1.11.1
syslog11.4.0
uaa71.5

2.6.8

Release Date: 10/16/2019

  • [Security Fix] Bump Go to address CVE-2019-16276
  • [Security Fix] Add TLS to external policy server
  • [Security Fix] Improve redaction of sensitive data in SMB driver bosh logs
  • [Bug Fix] Fix defect disallowing “domain” option in SMB volume service
  • [Bug Fix] Disallow injection into the query parameter
  • [Bug Fix] Replace hard-coded MySQL Buffer Pool size with sane percentage value.
  • Bump ubuntu-xenial stemcell to version 315.103
  • Bump binary-offline-buildpack to version 1.0.35
  • Bump cf-syslog-drain to version 10.2.1
  • Bump cflinuxfs3 to version 0.133.0
  • Bump dotnet-core-offline-buildpack to version 2.3.0
  • Bump go-offline-buildpack to version 1.9.1
  • Bump java-offline-buildpack to version 4.23
  • Bump leadership-election to version 1.4.1
  • Bump log-cache to version 2.1.10
  • Bump nginx-offline-buildpack to version 1.0.18
  • Bump nodejs-offline-buildpack to version 1.6.56
  • Bump php-offline-buildpack to version 4.3.82
  • Bump python-offline-buildpack to version 1.6.37
  • Bump r-offline-buildpack to version 1.0.13
  • Bump smb-volume to version 2.0.3
  • Bump staticfile-offline-buildpack to version 1.4.45
  • Bump statsd-injector to version 1.11.0
  • Bump uaa to version 71.4
Component Version
ubuntu-xenial stemcell315.103
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.35
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.8
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.6
cf-smoke-tests40.0.119
cf-syslog-drain10.2.1
cflinuxfs30.133.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.3.0
garden-runc1.19.7
go-offline-buildpack1.9.1
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.23
leadership-election1.4.1
log-cache2.1.10
loggregator-agent3.14.3
loggregator105.5.1
mapfs1.1.5
metric-registrar1.1.1
mysql-monitoring9.3.0
nats26
nfs-volume2.3.0
nginx-offline-buildpack1.0.18
nodejs-offline-buildpack1.6.56
notifications-ui36
notifications61
php-offline-buildpack4.3.82
push-apps-manager-release669.0.15
push-usage-service-release670.0.10
pxc0.20.0
python-offline-buildpack1.6.37
r-offline-buildpack1.0.13
routing0.188.2
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume2.0.3
staticfile-offline-buildpack1.4.45
statsd-injector1.11.0
syslog11.4.0
uaa71.4

2.6.7

Release Date: 10/08/2019

  • [Security Fix] Fix vulnerability with TLS ciphers in Loggregator
  • [Security Fix] Upgrade Diego Components to Use grpc v1.23.0 and Go 1.12.9 to Fix HTTP2 CVEs
  • [Security Fix] UAA Patch release to address privilege escalation vulnerabilities
  • [Security Fix] Bump garden-runc release to take Go HTTP/2 and containerd gRPC fixes
  • [Security Fix] Upgrade gRPC-java to patch HTTP/2 vulnerability
  • [Feature Improvement] Make TCP Router Request Timeout Configurable. For more information, see Configuring TCP Routing in PAS.
  • [Feature Improvement] Show revision number on processes in Apps Manager when revisions are enabled for an application
  • [Feature Improvement] Show panels in Apps Manager for each web process during a rolling deployment
  • [Feature Improvement] Metric Registrar - Allow app developers to register custom routes for metrics endpoints
  • [Bug Fix] Fix issue where some metrics were incorrectly aggregated
  • [Bug Fix] PXC Release - Stale pid files are cleaned up so that processes start reliably
  • [Bug Fix] Fix Usage Service SQL errors when MySQL has ONLY_FULL_GROUP_BY enabled
  • [Bug Fix] Show an app’s buildpack information in Apps Manager based on the app’s current droplet, to account for autodetected buildpacks
  • [Bug Fix] Fix filter to remove Apps Manager requests from logs shown in Apps Manager when apps are deployed to a path
  • [Bug Fix] Fix Apps Manager search server crashes in cases where requests to Cloud Controller fail
  • [Bug Fix] Fix links to documentation in Apps Manager to point to the correct PAS version
  • [Bug Fix] Allow slashes to be typed in the Apps Manager search bar
  • [Bug Fix] Allow non-web processes to be scaled via Apps Manager manually when autoscaling is enabled
  • [Bug Fix] Allow users to set custom memory and disk limits when running tasks against applications in Apps Manager
  • [Bug Fix] Fix bug that prevented users from inviting others to organizations and spaces through Apps Manager that did not appear in the first page of results from Cloud Controller
  • [Bug Fix] Improve performance of organization/space user role endpoint
  • [Bug Fix] Improve scalability of container-to-container service discovery by increasing file descriptor limit on bosh-dns-adapter
  • [Bug Fix] Metric Registrar - Metric Registrar Monitor app now gets deleted after Deploy Metric Registrar errand completes, reducing load on Cloud Controller
  • Bump ubuntu-xenial stemcell to version 315.99
  • Bump capi to version 1.80.8
  • Bump cf-networking to version 2.22.6
  • Bump cflinuxfs3 to version 0.130.0
  • Bump credhub to version 2.4.2
  • Bump diego to version 2.30.5
  • Bump garden-runc to version 1.19.7
  • Bump java-offline-buildpack to version 4.22
  • Bump loggregator-agent to version 3.16
  • Bump loggregator to version 105.6
  • Bump metric-registrar to version 1.1.1
  • Bump push-apps-manager-release to version 669.0.15
  • Bump push-usage-service-release to version 670.0.10
  • Bump pxc to version 0.20.0
  • Bump uaa to version 71.3
Component Version
ubuntu-xenial stemcell315.99
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.8
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.6
cf-smoke-tests40.0.119
cf-syslog-drain10.2
cflinuxfs30.130.0
consul-drain0.0.3
consul198
credhub2.4.2
diego2.30.5
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.7
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.22
leadership-election1.4
log-cache2.1.6
loggregator-agent3.16
loggregator105.6
mapfs1.1.5
metric-registrar1.1.1
mysql-monitoring9.3.0
nats26
nfs-volume2.3.0
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release669.0.15
push-usage-service-release670.0.10
pxc0.20.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.188.2
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume2.0.1
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.3

2.6.6

Release Date: 09/24/2019

  • [Bug Fix] Fixes a regression bug causing mounts for applications bound to smb volume services with an older version of the smbbroker to fail on restart or upgrade
  • Bump ubuntu-xenial stemcell to version 315.97
  • Bump cflinuxfs3 to version 0.128.0
  • Bump smb-volume to version 2.0.1
Component Version
ubuntu-xenial stemcell315.97
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.7
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.5
cf-smoke-tests40.0.119
cf-syslog-drain10.2
cflinuxfs30.128.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.4
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.21
leadership-election1.4
log-cache2.1.6
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.3.0
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release669.0.14
push-usage-service-release670.0.8
pxc0.19.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.188.2
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume2.0.1
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.2

2.6.5

Release Date: 09/17/2019

  • [Security Fix] Prevent users from inviting themselves to orgs they do not have access to via the Invitations microservice
  • [Security Fix] Sanitize user input to CSVs from Usage Report and Accounting Report ZIP files downloaded via Apps Manager
  • [Security Fix] Improve LDAP username validation for NFS LDAP integration
  • [Feature Improvement] consul_server can be scaled down to 0 instances
  • [Feature Improvement] Add an option CREDHUB_SKIP_INTERPOLATION to skip CredHub interpolation when staging/starting an app
  • [Feature Improvement] Add configuration for router balancing algorithm to the Networking pane. Pivotal recommends Round robin for most use cases. Selecting Least connection may result in a more even load between application instances. For more information, see HTTP Routing.
  • [Bug Fix] Fix race condition in garden-external-networker
  • [Bug Fix] Fix CCNG bbr lock scripts to be idempotent
  • [Bug Fix] Address Azure MySQL compatibility problems in Notifications release
  • [Bug Fix] Fixes NFS regression and upgrade issues
  • [Bug Fix] Fixes usage service migration that failed on external dbs with mysql mode ONLY_FULL_GROUP_BY.
  • [Bug Fix] Show TCP port for TCP routes on space page and app page in Apps Manager
  • [Bug Fix] Show an error page when there is a UAA error after attempted login to Apps Manager
  • [Bug Fix] Apps pushed with a droplet are able to start/stop/restart through Apps Manager
  • [Bug Fix] Update the square logo to use the PCF logo rather than the PWS logo in Apps Manager
  • [Bug Fix] Use streaming JSON instead of websockets for Apps Manager search functionality to account for incompatibility with some browsers
  • [Bug Fix] Include pushing applications with the –droplet option in the last push timestamp shown by Apps Manager
  • [Bug Fix] Fix Apps Manager crash when viewing service instance credentials that are complex data types
  • [Bug Fix] Re-enable use of custom logos in Apps Manager
  • [Bug Fix] Set width and height of custom logos to keep them from adjusting the layout of Apps Manager
  • [Bug Fix] Smoke Test help text now properly references “Enable Metric Registrar”.
  • [Bug Fix] Keep resending route unregistration message to prevent application misrouting in case of NATS routing tier instability
  • [Bug fix] Backport cc_deployment_updater config fix to prevent failures when updating healthcheck timeout on multi-instance app deployments.
  • Bump ubuntu-xenial stemcell to version 315.93
  • Bump capi to version 1.80.7
  • Bump cf-autoscaling to version 222
  • Bump cf-networking to version 2.22.5
  • Bump cf-smoke-tests to version 40.0.119
  • Bump cflinuxfs3 to version 0.126.0
  • Bump diego to version 2.30.4
  • Bump java-offline-buildpack to version 4.21
  • Bump nfs-volume to version 2.3.0
  • Bump notifications to version 61
  • Bump push-apps-manager-release to version 669.0.14
  • Bump push-usage-service-release to version 670.0.8
  • Bump pxc to version 0.19.0
Component Version
ubuntu-xenial stemcell315.93
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.7
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.5
cf-smoke-tests40.0.119
cf-syslog-drain10.2
cflinuxfs30.126.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.4
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.21
leadership-election1.4
log-cache2.1.6
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.3.0
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release669.0.14
push-usage-service-release670.0.8
pxc0.19.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.188.2
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.2

2.6.4

Release Date: 08/15/2019

  • [Security Fix] Upgrade Envoy to Fix Security Vulnerabilities
  • [Security Fix] Upgrade libseccomp in bpm to 2.4.1 to address CVE-2019-9893
  • [Bug Fix] Keep application navigation from overlapping with buildpack information of Spring applications in Apps Manager
  • [Bug Fix] Fix horizontal scrolling in Apps Manager for smaller browser windows
  • [Bug Fix] Pass through arbitrary parameters when binding a service to an app in Apps Manager
  • [Bug Fix] Show all contexts for Spring Boot actuator mappings in Apps Manager, not just mappings that have the ‘application’ context
  • [Bug Fix] Fix bug in Apps Manager where Spring Boot actuator trace tab data was not shown
  • [Bug Fix] Improve output of Garden diagnostic tool (i.e. dontpanic) and increase resiliency in edge cases through improvements in containerd
  • [Bug Fix] Users should only get an external mesh domain seeded when the istio service mesh is enabled.
  • Bump ubuntu-xenial stemcell to version 315.72
  • Bump bpm to version 1.1.1
  • Bump capi to version 1.80.5
  • Bump cf-autoscaling to version 221
  • Bump cf-smoke-tests to version 40.0.116
  • Bump garden-runc to version 1.19.5
  • Bump istio to version 1.0.2
  • Bump push-apps-manager-release to version 669.0.10
  • Bump push-usage-service-release to version 670.0.7
Component Version
ubuntu-xenial stemcell315.72
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.80.5
cf-autoscaling221
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.2
cf-smoke-tests40.0.116
cf-syslog-drain10.2
cflinuxfs30.118.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.1
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.5
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.2
java-offline-buildpack4.20
leadership-election1.4
log-cache2.1.6
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.2.2
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications57
php-offline-buildpack4.3.78
push-apps-manager-release669.0.10
push-usage-service-release670.0.7
pxc0.18.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.188.2
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.2

2.6.3

Release Date: 08/01/2019

  • [Security Fix] When a Spring Boot app has a route with unencrypted HTTP as the protocol, Apps Manager attempts requests via encrypted HTTPS
  • [Feature] Allow operator to configure service mesh domain
  • [Feature] Add option to allow queries to inactive MySQL servers so auditing and reporting queries can be made without impacting performance on the active MySQL node.
  • [Bug Fix] Fix issue in which Enable/Disable Autoscaling button in Apps Manager temporarily shows the wrong autoscaling state
  • [Bug Fix] Space Developer Networking Self Service checkbox in PAS tile configuration now gives proper permissions to Apps Manager users
  • [Bug Fix] Fix issue where services shared across orgs/spaces never load apps it is bound to from the other orgs/spaces on the Apps Manager service overview tab
  • [Bug Fix] Make search bar in Apps Manager case insensitive
  • [Bug Fix] Fix various Apps Manager UI bugs
  • [Bug Fix] Fix race condition when starting the PAS MySQL database that caused potential failures during upgrade/deploy
  • [Bug Fix] Fixes a regression causing mount bind configuration to be rejected by the SMB volume service broker
  • [Bug Fix] Creating a space via the V3 API generates an audit event
  • [Bug Fix] Fix issue in SMB startup scripts that can cause restart failure or inadvertent application data permission change
  • [Bug Fix] Fix evaluation of nfsbrokerpush.db.ca_cert property in nfs-volume-release when using external DB without TLS.
  • Bump ubuntu-xenial stemcell to version 315.70
  • Bump backup-and-restore-sdk to version 1.16.0
  • Bump binary-offline-buildpack to version 1.0.33
  • Bump capi to version 1.80.4
  • Bump cflinuxfs3 to version 0.118.0
  • Bump go-offline-buildpack to version 1.8.42
  • Bump java-offline-buildpack to version 4.20
  • Bump log-cache to version 2.1.6
  • Bump nfs-volume to version 2.2.2
  • Bump nginx-offline-buildpack to version 1.0.15
  • Bump nodejs-offline-buildpack to version 1.6.52
  • Bump php-offline-buildpack to version 4.3.78
  • Bump push-apps-manager-release to version 669.0.8
  • Bump pxc to version 0.18.0
  • Bump python-offline-buildpack to version 1.6.36
  • Bump r-offline-buildpack to version 1.0.11
  • Bump ruby-offline-buildpack to version 1.7.42
  • Bump smb-volume to version 1.3.0
Component Version
ubuntu-xenial stemcell315.70
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.80.4
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.2
cf-smoke-tests40.0.113
cf-syslog-drain10.2
cflinuxfs30.118.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.1
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.1
go-offline-buildpack1.8.42
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.20
leadership-election1.4
log-cache2.1.6
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.2.2
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications57
php-offline-buildpack4.3.78
push-apps-manager-release669.0.8
push-usage-service-release670.0.6
pxc0.18.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.188.2
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume1.3.0
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.2

2.6.2

Release Date: 07/15/2019

  • [Security Fix] Fix high severity CVE in UAA: CVE-2019-3787
  • [Security Fix] UAA should prevent SCIM query injection attacks
  • Bump cf-smoke-tests to version 40.0.113
  • Bump cflinuxfs3 to version 0.113.0
  • Bump uaa to version 71.2
Component Version
ubuntu-xenial stemcell315.45
backup-and-restore-sdk1.15.1
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.80.3
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.2
cf-smoke-tests40.0.113
cf-syslog-drain10.2
cflinuxfs30.113.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.1
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.1
go-offline-buildpack1.8.40
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
leadership-election1.4
log-cache2.1.4
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.1.0
nginx-offline-buildpack1.0.13
nodejs-offline-buildpack1.6.51
notifications-ui36
notifications57
php-offline-buildpack4.3.77
push-apps-manager-release669.0.7
push-usage-service-release670.0.6
pxc0.16.0
python-offline-buildpack1.6.34
r-offline-buildpack1.0.10
routing0.188.2
ruby-offline-buildpack1.7.40
silk2.22.2
smb-volume1.1.0
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.2

2.6.1

  • [Security Fix] Bump UAA to address CVE-2019-3788
  • [Security Fix] Update CF CLI for Autoscaler
  • [Feature] Allow users to configure max package size so that they can upload packages larger than 2GB
  • [Feature Improvement] Add ability to configure max search depth for LDAP in UAA
  • [Feature Improvement] Set maximum database connection lifetime to 1 hour for Diego Locket component to reduce resource contention on PAS database
  • [Bug Fix] Fix missing “actee_name” for certain CAPI user role related audit events
  • [Bug Fix] Make sure logged-in users are rate-limited according to authenticated rate limit
  • [Bug Fix] Fix failure of inviting new members via Apps Manager in some networking configurations
  • [Bug Fix] Cause Apps Manager errand to fail if environment variable assignment fails
  • [Bug Fix] Fix issue where creating a new organization fails in Apps Manager
  • [Bug Fix] Fix credentials for service instances in Apps Manager that failed to display
  • [Bug Fix] Add labels to key value forms in Apps Manager to enhance accessibility
  • [Bug Fix] Generate valid form ids in Apps Manager to enhance accessibility
  • [Bug Fix] Ellipsify long names of service instances in the services tables of Apps Manager
  • [Bug Fix] Fix issue in which flyouts in Apps Manager did not open in Internet Explorer
  • [Bug Fix] Fix error that prevented sharing domains across organizations in Apps Manager
  • [Bug Fix] Add optional TTL pruning for TLS routes
  • [Bug Fix] Allow operators to omit backup bucket fields
  • [Bug Fix] diego_brain instances no longer update concurrently with diego_cell VMs to prevent application downtime in case of deployment update failure
  • [Bug Fix] Send Isolation Segment smoke test application requests on port 443
  • Bump ubuntu-xenial stemcell to version 315.45
  • Bump capi to version 1.80.3
  • Bump cf-autoscaling to version 219
  • Bump cf-cli to version 1.16.0
  • Bump cf-smoke-tests to version 40.0.109
  • Bump cflinuxfs3 to version 0.109.0
  • Bump diego to version 2.30.1
  • Bump dotnet-core-offline-buildpack to version 2.2.12
  • Bump go-offline-buildpack to version 1.8.40
  • Bump nginx-offline-buildpack to version 1.0.13
  • Bump nodejs-offline-buildpack to version 1.6.51
  • Bump php-offline-buildpack to version 4.3.77
  • Bump push-apps-manager-release to version 669.0.7
  • Bump python-offline-buildpack to version 1.6.34
  • Bump r-offline-buildpack to version 1.0.10
  • Bump routing to version 0.188.2
  • Bump ruby-offline-buildpack to version 1.7.40
  • Bump staticfile-offline-buildpack to version 1.4.43
Component Version
ubuntu-xenial stemcell315.45
backup-and-restore-sdk1.15.1
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.80.3
cf-autoscaling219
cf-backup-and-restore0.0.11
cf-cli1.16.0
cf-networking2.22.2
cf-smoke-tests40.0.109
cf-syslog-drain10.2
cflinuxfs30.109.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.1
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.1
go-offline-buildpack1.8.40
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
leadership-election1.4
log-cache2.1.4
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.1.0
nginx-offline-buildpack1.0.13
nodejs-offline-buildpack1.6.51
notifications-ui36
notifications57
php-offline-buildpack4.3.77
push-apps-manager-release669.0.7
push-usage-service-release670.0.6
pxc0.16.0
python-offline-buildpack1.6.34
r-offline-buildpack1.0.10
routing0.188.2
ruby-offline-buildpack1.7.40
silk2.22.2
smb-volume1.1.0
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa71.0

2.6.0

Component Version
ubuntu-xenial stemcell315.36
backup-and-restore-sdk1.15.1
binary-offline-buildpack1.0.32
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.0.4
capi1.80.0
cf-autoscaling218
cf-backup-and-restore0.0.11
cf-cli1.13.0
cf-networking2.22.2
cf-smoke-tests40.0.108
cf-syslog-drain10.2
cflinuxfs30.101.0
consul-drain0.0.3
consul198
credhub2.4.0
diego2.30.0
dotnet-core-offline-buildpack2.2.11
garden-runc1.19.1
go-offline-buildpack1.8.39
haproxy9.5.2
istio1.0.1
java-offline-buildpack4.18
leadership-election1.4
log-cache2.1.4
loggregator-agent3.14
loggregator105.5
mapfs1.1.5
metric-registrar1.0.4
mysql-monitoring9.3.0
nats26
nfs-volume2.1.0
nginx-offline-buildpack1.0.11
nodejs-offline-buildpack1.6.49
notifications-ui36
notifications57
php-offline-buildpack4.3.76
push-apps-manager-release669.0.4
push-usage-service-release670.0.6
pxc0.16.0
python-offline-buildpack1.6.32
r-offline-buildpack1.0.9
routing0.188.1
ruby-offline-buildpack1.7.38
silk2.22.2
smb-volume1.1.0
staticfile-offline-buildpack1.4.42
statsd-injector1.10.0
syslog11.4.0
uaa71.0

How to Upgrade

To upgrade to PAS v2.6, see Upgrading Pivotal Cloud Foundry.

When upgrading to PAS v2.6, be aware of the following upgrade considerations:

  • If you previously used an earlier version of PAS, you must first upgrade to PAS v2.5 to successfully upgrade to PAS v2.6.

  • Some partner service tiles may be incompatible with PCF v2.6. Pivotal is working with partners to ensure their tiles are updated to work with the latest versions of PCF.

    For information about which partner service releases are currently compatible with PCF v2.6, review the appropriate partners services release documentation at https://docs.pivotal.io, or contact the partner organization that produces the tile.

New Features in PAS v2.6

PAS v2.6 includes the following major features:

Monitor System Metrics with System Metrics Agent

System Metrics Agent provides more visibility into VM compute, network, and storage metrics. These VM metrics help with troubleshooting and diagnosing issues for potential infrastructure problems.

The System Metric Agent is enabled by default in the System Logging pane of the PAS tile. You can disable it by deselecting the Enable System Metrics checkbox.

When enabled, the metrics are emitted through Loggregator. For more information about viewing logs and metrics, see the Platform components row of Viewing Logs and Metrics in Overview of Logging and Metrics.

For a list of the VM metrics that the System Metric Agent emits for Windows VMs, see VM Metrics in the Loggregator Agent Release repository on GitHub.

Metric Registrar Enabled by Default

In the Metric Registrar pane, Metric Registrar is enabled by default. This allows you to output custom app metrics that can be monitored by platform-provided tooling.

For information about configuring Metric Registrar, see Configure Metric Registrar in Configuring PAS.

Enable, View, and Rollback Revisions for Apps

PAS supports revisions for apps. A revision is an object that represents code and configuration used by an app at a specific time. Some uses cases for revisions include rolling back your app to a previous version and viewing changes in your app over time. You can also add metadata to revisions.

For more information, see App Revisions.

Push Apps with Sidecar Processes (Beta)

You can run additional processes, or sidecars, in the same container as your app. Sidecars are useful for processes that depend on each other or must run in the same container. This includes processes that must communicate through localhost or share the same filesystem, such as an Application Performance Monitoring (APM) tool.

For more information, see Pushing Apps with Sidecar Processes (Beta).

Garden Delegates Container Creation and Destruction to containerd by Default

Traditionally, Garden uses runc directly to create, delete, and run container processes. Garden v1.15.0 and later support delegating some of the container lifecycle through containerd, which is the industry standard wrapper around runc.

PAS v2.6 enables containerd mode by default to bring PAS in line with other container providers. When you upgrade to PAS v2.6, Garden switches the container runtime from runc to containerd. Since the restart of Garden and the re-creation of containers are a normal part of a PAS upgrade, there is no operational impact to running applications.

To disable containerd mode, deselect the Enable Containerd Delegation checkbox in the Application Containers pane of the PAS tile.

For more information, see opsguide-containerd.md in the Garden-runC Release repository on GitHub.

NFS Legacy Mounter Removed

PAS v2.6 removes the nfs-legacy NFS mounter. Existing nfs-legacy service instances continue to work, but use the newer nfs mounter.

PAS v2.3 introduced the nfs-experimental service. PAS v2.4 made this the default nfs service, and the original service became nfs-legacy. For more information, see Experimental NFS Volume Service Supports NFSv4 in Pivotal Application Service v2.3 Release Notes and NFS-Experimental Service Graduation in Pivotal Application Service v2.4 Release Notes.

Extra Diego Root CA Added to Prevent Future Expiration Issues

The current Diego root CA included with PAS v2.3 and later expires in mid-2020. To prevent potential expiration issues with intermediate CAs when the root CA expires, PAS v2.6 includes another Diego root CA that extends the root CA expiration date.

The Diego root CA is used to sign intermediate CAs, which are used to sign app identity certificates. In turn, app identity certificates are used to establish trust between applications and various components.

PAS v2.6 includes both the original root CA and the new root CA for Diego. This release note is informational only. No operator intervention is required.

Performance Improvements for Read-Write File Systems

PAS v2.6 improves the speed of read-write mounted file systems that use UID mapping. This improvement addresses performance issues in mapfs, which is enabled when you specify a UID that maps to an NFS volume.

For more information about using external file systems and NFS volume services, see Using an External File System (Volume Services).

Increased CPUs for Gorouter VMs

To improve reliability, PAS v2.6 increases the default and minimum CPU core count from one to two for Gorouter VMs.

PAS migrates Gorouter VMs with a single core to a VM type with two CPU cores during the upgrade.

Loggregator Syslog Agent Increases Scale For Syslog Drains

Warning: See the following known issue related to this feature: App Syslog Drains Fail After Enabling Agent-Based Syslog.

The Loggregator architecture includes optional Syslog Agents. Syslog Agents run on PCF component VMs and host VMs to manage connections with and write to syslog drains for app logs. The addition of Syslog Agents increases the number of syslog drain service bindings supported by the Loggregator system and reduces the workload for Loggregator VMs.

To enable Syslog Agents, select Enable agent-based syslog egress for app logs in the System Logging pane of the PAS tile.

Note: Enabling this feature disables the Syslog Adapter and Syslog Scheduler to avoid log duplication.

This update resolves a known issue where app log loss occurs at 10,000 syslog drain service bindings. For more information about the known issue, see Known Loggregator Scaling Issues in the Pivotal Knowledge Base.

For more information about Syslog Agents, see Loggregator Architecture.

Terminate Specific Instances of an App in Apps Manager UI

Apps Manager allows you to terminate a specific instance of an app through the UI. On the list of apps in the Apps Manager UI, a menu option called Terminate Instance appears.

For more information about terminating an instance, see Terminate a process instance in the Cloud Foundry API documentation.

View and Edit Labels and Annotations Associated with an Organization

In the Settings pane of the Apps Manager UI, the Metadata section contains lists of labels and annotations associated with an organization. You can edit these labels and annotations.

For more information, see Add Metadata in Managing Orgs and Spaces Using Apps Manager.

Known Issues

PAS v2.6 includes the following known issues:

App Syslog Drains Fail After Enabling Agent-Based Syslog

If you select Enable agent-based syslog egress for app logs in the System Logging pane of the PAS tile, external syslog drains that are bound to Windows Apps cannot collect logs. For more information, see Enable agent-based syslog egress for app logs" interrupts external log collection for PAS Windows apps in the Pivotal Knowledge Base.

Some Environment Variables Are Missing When Using cflinuxfs3

When using the cflinuxfs3 stack in PAS v2.3 or later, if you provide environment variables containing periods or dashes, the environment variables do not appear in the process environment of the app.

To resolve this issue, ensure that all apps are using environment variables that do not contain periods or dashes.

For more information, see Missing environment variables when using PAS 2.3+ and the cflinuxfs3 stack in the Pivotal Knowledge Base.

CredHub Database Migration Failure

When the CredHub database fails to migrate with a Flyway exception, it may be caused by an issue with the flyway_schema_history table.

For information on how to address this issue, see Database Migration Failure in Known Issues with current CredHub versions in the CredHub repository on GitHub.

Intermittent Misrouting of Apps in Large PCF Foundations

Large PCF Foundations can experience intermittent misrouting of apps. These routes can point to non-existent or incorrect app containers and can cause apps to intermittently return HTTP codes 404 or 502.

This issue typically occurs in larger-sized foundations where a single Gorouter instance misses a deregistration message when a user unmaps routes to a running app. As a result, the Gorouter retains stale routes in its routing table.

To resolve this issue, update to PAS v2.6.5 or later.

If you previously enabled the Prune Routes on TTL Expiry for TLS Backends checkbox in the Application Containers pane of the PAS tile, disable the checkbox for improved guarantees of route consistency during control plane instability. To disable the checkbox:

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click the PAS tile.

  3. Select Application Containers.

  4. Disable the Prune Routes on TTL Expiry for TLS Backends checkbox.

  5. In the the Ops Manager Installation Dashboard, click Review Pending Changes.

  6. Click Apply Changes.

If you are on PAS v2.6.1 to v2.6.4 and need a temporary mitigation pending upgrades:

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click the PAS tile.

  3. Select Application Containers.

  4. Enable the Prune Routes on TTL Expiry for TLS Backends checkbox.

  5. In the the Ops Manager Installation Dashboard, click Review Pending Changes.

  6. Click Apply Changes.

If you are on a version earlier than PAS v2.6.1, you must upgrade to address this issue.

For more information, see Enabling TLS from the Gorouter to application instances results in bad routes in PAS 2.3+ in the Pivotal Knowledge Base.

Service Mesh Domain Exists Without Enabling Service Mesh

PAS v2.6.0 through v2.6.3 automatically creates a service mesh domain mesh.CF-APPS-DOMAIN even when you do not enable service mesh in the Networking - Service Mesh pane of the PAS tile. This may cause issues such as SSL certificate errors or failing environment automation scripts. To work around this issue, you can delete the domain from PAS.

This issue is resolved in PAS v2.6.4. However, upgrading to PAS v2.6.4 from PAS v2.6.0 through v2.6.3 does not delete the domain. You must manually delete the domain.

Errors in NFS Volume Service File Append Operations

A defect in the mapfs FUSE driver causes errors to occur in file append operations when you enable the ID mapping feature with NFS in PAS v2.6.10 through PAS v2.6.13.

You enable the ID mapping feature by specifying either the uid or username option in service instance or service bind configurations.

When this issue occurs, appending files within the mounted file system fail with the error File operation not supported. For example, echo hello >> test.txt fails.

This issue is resolved in PAS v2.6.14.

Apps Manager Spring Boot Integration Fails in Internet Explorer

In PAS v2.6.3, Apps Manager includes a change in communication with Spring Boot Actuator endpoints that is not compatible with the Internet Explorer 11 browser. The change results in Spring Boot information not appearing on the app page.

This issue is resolved in PAS v2.6.4 and later and does not affect other browsers.

In PAS v2.6.0 to v2.6.4, Apps Manager does not show a custom logo in its header. It instead shows the Pivotal Web Services logo.

In PAS v2.6.5 and v2.6.6, the correct PCF default logo is displayed and custom logos may be uploaded. However, the uploaded logo must be the right size, or it causes layout problems.

Apps Manager Does Not Show Spring Mappings Other Than the 'Application’ Context

In PAS v2.6.0 to v2.6.3, the Spring Boot mappings in Apps Manager did not account for contexts other than the 'application’ context. For this reason, some Spring Boot mappings may fail to show up in Apps Manager for a given app.

This issue is resolved in PAS v2.6.4 and later.

Cannot Invite New Users or Add Space Roles in Apps Manager

In PAS v2.6.5 and v2.6.6, the service that handles inviting new users to PAS fails to add space roles for users or invite new users with space roles in many cases.

As a workaround, you can use the CLI to manage user roles. For more information, see User Admin in the cf CLI Reference Guide.

This issue is resolved in PAS v2.6.7 and later.

PCF Metrics v1.6.x Not Compatible with PAS v2.6.15 and Later

After you upgrade to a patch release of PAS, PCF Metrics v1.6.x no longer works. This incompatibility is caused by an update to nodejs-offline-buildpack v1.7.9, which removes support for Node.js 8.x.

If you require PCF Metrics v1.6.x, do not upgrade to any of the following PAS patch versions:

  • PAS v2.6.15 and later
  • PAS v2.7.9 and later
  • PAS v2.8.3 and later

If you have already upgraded, see the PCF Metrics v1.6.x is not compatible with PAS 2.6.15+, 2.7.9+ & 2.8.3+ for potential workarounds.