Pivotal Isolation Segment v2.7 Release Notes

Page last updated:

Releases

2.7.6

Release Date: 12/09/2019

  • [Feature Improvement] Upgrade Routing, Networking, and Silk releases to use go 1.13 release
  • Bump cf-networking to version 2.23.5
  • Bump cflinuxfs3 to version 0.150.0
  • Bump routing to version 0.191.7
  • Bump silk to version 2.23.5
Component Version
ubuntu-xenial stemcell456.74
bpm1.1.1
cf-networking2.23.5
cflinuxfs30.150.0
diego2.36.5
garden-runc1.19.8
haproxy9.6.1
loggregator-agent3.21.4
mapfs1.2.1
nfs-volume2.3.2
routing0.191.7
silk2.23.5
smb-volume2.1.0
syslog11.4.0

2.7.5

Release Date: 12/02/2019

  • [Feature] Allow operator to set a new bind configuration “version” on volume mounts. Operators with older versions of smb software can now use volume services.
  • Bump ubuntu-xenial stemcell to version 456.74
  • Bump cflinuxfs3 to version 0.149.0
  • Bump smb-volume to version 2.1.0
Component Version
ubuntu-xenial stemcell456.74
bpm1.1.1
cf-networking2.23.4
cflinuxfs30.149.0
diego2.36.5
garden-runc1.19.8
haproxy9.6.1
loggregator-agent3.21.4
mapfs1.2.1
nfs-volume2.3.2
routing0.191.2
silk2.22.2
smb-volume2.1.0
syslog11.4.0

2.7.4

Release Date: 11/20/2019

  • [Security Fix] Address CVE-2019-17596
  • [Security Fix] Improve Gorouter resiliency to panics
  • Bump ubuntu-xenial stemcell to version 456.58
  • Bump cflinuxfs3 to version 0.143.0
  • Bump mapfs to version 1.2.1
  • Bump nfs-volume to version 2.3.2
  • Bump routing to version 0.191.2
  • Bump smb-volume to version 2.0.4
Component Version
ubuntu-xenial stemcell456.58
bpm1.1.1
cf-networking2.23.4
cflinuxfs30.143.0
diego2.36.5
garden-runc1.19.8
haproxy9.6.1
loggregator-agent3.21.4
mapfs1.2.1
nfs-volume2.3.2
routing0.191.2
silk2.22.2
smb-volume2.0.4
syslog11.4.0

2.7.3

Release Date: 10/31/2019

  • [Security Fix] Upgrade Go, runc and containerd to latest to include security fixes
  • [Security Fix] CVE-2019-17596 bump Go
  • Bump ubuntu-xenial stemcell to version 456.40
  • Bump cflinuxfs3 to version 0.137.0
  • Bump garden-runc to version 1.19.8
  • Bump loggregator-agent to version 3.21.4
Component Version
ubuntu-xenial stemcell456.40
bpm1.1.1
cf-networking2.23.4
cflinuxfs30.137.0
diego2.36.5
garden-runc1.19.8
haproxy9.6.1
loggregator-agent3.21.4
mapfs1.2.0
nfs-volume2.3.0
routing0.191.0
silk2.22.2
smb-volume2.0.3
syslog11.4.0

2.7.2

Release Date: 10/16/2019

  • [Security Fix] Bump Go to address CVE-2019-16276
  • [Security Fix] Improve redaction of sensitive data in SMB driver bosh logs
  • [Bug Fix] Fix defect disallowing “domain” option in SMB volume service
  • [Bug Fix] Increase task result file size to ensure apps with very long start commands stage successfully
  • Bump ubuntu-xenial stemcell to version 456.30
  • Bump cf-networking to version 2.23.4
  • Bump cflinuxfs3 to version 0.133.0
  • Bump diego to version 2.36.5
  • Bump loggregator-agent to version 3.21.3
  • Bump smb-volume to version 2.0.3
Component Version
ubuntu-xenial stemcell456.30
bpm1.1.1
cf-networking2.23.4
cflinuxfs30.133.0
diego2.36.5
garden-runc1.19.7
haproxy9.6.1
loggregator-agent3.21.3
mapfs1.2.0
nfs-volume2.3.0
routing0.191.0
silk2.22.2
smb-volume2.0.3
syslog11.4.0

2.7.1

Release Date: 10/08/2019

  • [Security Fix] Upgrade Diego Components to Use grpc v1.23.0 and Go 1.12.9 to Fix HTTP2 CVEs
  • [Security Fix] UAA Patch release to address privilege escalation vulnerabilities
  • [Security Fix] Bump garden-runc release to take Go HTTP/2 and containerd gRPC fixes
  • [Security Fix] Upgrade gRPC-java to patch HTTP/2 vulnerability
  • [Feature Improvement] Make TCP Router Request Timeout Configurable
  • [Feature Improvement] Metric Registrar - Allow app developers to register custom routes for metrics endpoints
  • [Feature Improvement] Docker image applications hosted in AWS ECR continue to run when restarted after the typical AWS ECR credential expiration period
  • [Bug Fix] Fixes a regression bug causing mounts for applications bound to smb volume services with an older version of the smbbroker to fail on restart or upgrade
  • [Bug Fix] PXC Release - Stale pid files are cleaned up so that processes start reliably
  • [Bug Fix] Fix Usage Service SQL errors when MySQL has ONLY_FULL_GROUP_BY enabled
  • [Bug Fix] Allow users to set custom memory and disk limits when running tasks against applications in Apps Manager
  • [Bug Fix] Improve performance of organization/space user role endpoint
  • [Bug Fix] Improve scalability of container-to-container service discovery by increasing file descriptor limit on bosh-dns-adapter
  • [Bug Fix] Tag system containers with network.healthcheck so that 3rd party networking plugins can ignore them.
  • Bump ubuntu-xenial stemcell to version 456.27
  • Bump capi to version 1.84.2
  • Bump cf-networking to version 2.23.2
  • Bump cflinuxfs3 to version 0.130.0
  • Bump credhub to version 2.5.6
  • Bump diego to version 2.36.4
  • Bump garden-runc to version 1.19.7
  • Bump java-offline-buildpack to version 4.22
  • Bump metric-registrar to version 1.1.1
  • Bump push-apps-manager-release to version 670.0.10
  • Bump push-usage-service-release to version 670.0.10
  • Bump pxc to version 0.20.0
  • Bump smb-volume to version 2.0.1
  • Bump uaa to version 73.4.8
Component Version
ubuntu-xenial stemcell456.27
backup-and-restore-sdk1.16.0
binary-offline-buildpack1.0.33
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.1
capi1.84.2
cf-autoscaling222
cf-backup-and-restore0.0.11
cf-cli1.19.0
cf-networking2.23.2
cf-smoke-tests40.0.119
cflinuxfs30.130.0
credhub2.5.6
diego2.36.4
dotnet-core-offline-buildpack2.2.12
garden-runc1.19.7
go-offline-buildpack1.8.42
haproxy9.6.1
istio1.3.0
java-offline-buildpack4.22
leadership-election1.4
log-cache2.1.6
loggregator-agent3.21
loggregator105.6
mapfs1.2.0
metric-registrar1.1.1
mysql-monitoring9.4.0
nats27
nfs-volume2.3.0
nginx-offline-buildpack1.0.15
nodejs-offline-buildpack1.6.52
notifications-ui36
notifications61
php-offline-buildpack4.3.78
push-apps-manager-release670.0.10
push-usage-service-release670.0.10
pxc0.20.0
python-offline-buildpack1.6.36
r-offline-buildpack1.0.11
routing0.191.0
ruby-offline-buildpack1.7.42
silk2.22.2
smb-volume2.0.1
staticfile-offline-buildpack1.4.43
statsd-injector1.10.0
syslog11.4.0
uaa73.4.8

2.7.0

Breaking Change:The diego file server is now serving on port 8447; this port must be open for communications between IST and PAS.

See New Features.

Component Version
ubuntu-xenial stemcell456.25
bpm1.1.1
cf-networking2.23.1
cflinuxfs30.128.0
diego2.36.0
garden-runc1.19.5
haproxy9.6.1
loggregator-agent3.21
mapfs1.2.0
nfs-volume2.3.0
routing0.191.0
silk2.22.2
smb-volume1.3.0
syslog11.4.0

About Pivotal Isolation Segment

The Pivotal Isolation Segment v2.7 tile is available for installation with Pivotal Platform v2.7.

Isolation segments provide dedicated pools of resources where you can deploy apps and isolate workloads. Using isolation segments separates app resources as completely as if they were in different Pivotal Platform deployments but avoids redundant management and network complexity. For more information about isolation segments, see the Isolation Segments section of the Pivotal Application Service Security topic.

For more information about using isolation segments in your deployment, see Managing Isolation Segments.

How to Install

The procedure for installing Pivotal Isolation Segment v2.7 is documented in Installing Pivotal Isolation Segment.

To install a Pivotal Isolation Segment, you must first install Pivotal Platform v2.7.

New Features in Pivotal Isolation Segment v2.7

SSH Into Linux and Windows Apps on NSX-T

You can SSH into Linux and Windows apps on vSphere deployments with NSX-T enabled.

For more information, see Accessing Apps with SSH.

Agent-Based Syslog Egress Is Enabled by Default

Pivotal Isolation Segment v2.7 contains Syslog Agent, an agent that forwards logs to configured syslog drains and Loggregator. Syslog Agent is enabled by default, and the option to enable or disable syslog egress is removed from the PAS UI.

Additionally, the instance groups syslog_adapter and syslog_scheduler, and the property syslog_metrics_to_syslog_enabled are removed, as agent-based syslog egress removes the need for VMs dedicated to syslog drains.

For more information about how Syslog Agent functions within Loggregator, see Loggregator Architecture and the loggregator-agent-release repository on GitHub.

Improved Route Consistency in Diego Route-Emitter

PAS v2.7 improves route consistency in the route-emitter component of Diego.

This Diego enhancement ensures better routing resiliency in the event of control plane downtime. For example, if NATS experiences downtime or the network becomes unstable, apps can remain routable since PAS no longer prunes routes on time-to-live (TTL).

This modification to route-emitter removes the need for the Prune routes on TTL expiry for TLS back ends configuration option in Pivotal Isolation Segment v2.7. For more information, see Intermittent Misrouting of Apps in Large PCF Foundations in the PAS v2.6 release notes.

About Advanced Features

The Advanced Features section of the Pivotal Isolation Segment v2.7 tile includes new functionality that may have certain constraints.

Although these features are fully supported, Pivotal recommends caution when using them in production.