Pivotal Application Service for Windows v2.8 Release Notes

Page last updated:

This topic contains release notes for Pivotal Application Service (PAS) for Windows.

How to Upgrade

The PAS for Windows v2.8 tile is available with the release of Pivotal Platform v2.8. To use the PAS for Windows v2.8 tile, you must install Ops Manager v2.8 or later and PAS v2.8 or later.

Releases

2.8.3

Release Date: 01/18/2020

  • [Security Fix] Addresses CVE 2020-0601: Windows CryptoAPI Spoofing Vulnerability
  • Bump windows2019 stemcell to version 2019.15
  • Bump windowsfs-release to version 2.4.0
Component Version
windows2019 stemcell2019.15
cf-windows-smoke-tests40.0.125
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.4.0

2.8.2

Release Date: 01/16/2020

  • Bump cf-windows-smoke-tests to version 40.0.125
  • Removed loggregator release
Component Version
windows2019 stemcell2019.14
cf-windows-smoke-tests40.0.125
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.3.0

2.8.1

Release Date: 12/26/2019

  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for garden-runc release
  • [Security Fix] CVE-2019-17596 - Fix panic upon an attempt to process network traffic containing an invalid DSA public key for loggregator releases
  • [Feature] Expose all platform metrics on Prometheus endpoints
  • Bump windows2019 stemcell to version 2019.14
  • Bump cf-windows-smoke-tests to version 40.0.124
  • Bump garden-runc to version 1.19.9
  • Bump loggregator-agent to version 5.2.1
  • Add new release metrics-discovery at version 2.0.2
Component Version
windows2019 stemcell2019.14
cf-windows-smoke-tests40.0.124
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.9
hwc-offline-buildpack3.1.10
loggregator-agent5.2.1
loggregator106.2.0
metrics-discovery2.0.2
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.3.0

2.8.0

Release Date: 12/09/2019

Component Version
windows2019 stemcell2019.13
cf-windows-smoke-tests40.0.123
diego2.39.0
envoy-nginx0.6.0
event-log0.8.0
garden-runc1.19.8
hwc-offline-buildpack3.1.10
loggregator-agent5.1.0
loggregator106.2.0
winc2.0.0
windows-utilities0.13.0
windowsfs-release2.3.0

New Features in PAS for Windows v2.8

PAS for Windows v2.8 includes the following major features:

Deprecation of the windows2016 Stack

You should migrate any apps that run on the windows2016 stack to the windows stack.

You can migrate your apps from windows2016 to windows using Stack Auditor, a Cloud Foundry CLI plugin. For more information, see Using the Stack Auditor Plugin.

Mutual TLS Disables Unproxied Port Mappings

When you enable mutual TLS, PAS for Windows disables unproxied port mappings. This ensures that unsecure ports are closed and also provides feature parity with PAS.

To enable mutual TLS for PAS for Windows, go to the Advanced Features pane in the PASW tile. Under TLS connections from Router to apps (beta), select Router and apps use mutual TLS to verify each other’s identity.

For more information, see TLS Connections from Router to Apps (Beta) in the Installing and Configuring PASW topic.

NFS Broker Uses CredHub as Backing Store

NFS Broker uses CredHub as its backing store, rather than an internal PAS database. Because BOSH Backup and Restore (BBR) no longer backs up NFS Broker, the nfsbroker-bbr job is removed.

For more information about CredHub, see CredHub.

Mutual TLS Added to Loggregator Endpoints and Components

Mutual TLS is added to the Loggregator, Loggregator Agent, and Log Cache endpoints. It is also added to the Leadership Election job. This provides additional security between these endpoints and metric scrapers.

For more information about Loggregator components, see Loggregator Architecture. For more information about the Leadership Election job and metric scraping, see the System Metrics repository on GitHub.

V2 Firehose Can Be Disabled

You can disable the Loggregator V2 Firehose by deselecting the Enable V2 Firehose checkbox in the System Logging pane of the PAS tile. This shuts down VMs used for the V2 Firehose, such as Dopplers and Reverse Log Proxies. After you disable the V2 Firehose, you can delete these VMs from your deployment to save resources.

Warning: If you disable the V2 Firehose, you must select the Enable Log Cache syslog ingestion checkbox, or logs and metrics do not appear in Log Cache. Pivotal recommends that you do not disable the Firehose if you are dependent on any of the following:
  • Service tile metrics
  • Pivotal Healthwatch or Pivotal App Metrics
  • Partner log or metric integrations

Warning: If you disable the V1 or V2 Firehose, you must disable the Smoke Test Errand or the deploy fails. For more information, see Disable the Smoke Test Errand If You Disable the Firehose.

For more information, see the Configure System Logging section of the Configuring PAS topic.

Aggregate Drain for Metrics and App Logs

When an aggregate log and metric drain is configured in PAS, PAS for Windows sends logs and metrics to the Loggregator Log Cache syslog server through the aggregate log and metric drain instead of the Loggregator Firehose. This allows you to disable the Firehose and delete related VMs, such as Dopplers and Reverse Log Proxies. For more information about disabling the Firehose, see V2 Firehose Can Be Disabled.

To enable an aggregate log and metric drain for your foundation, add a comma-separated list of syslog endpoints to the Aggregate log and metric drain destinations field in the System Logging pane of the PAS tile. For more information, see the Configure System Logging section of the Configuring PAS topic.

Web Config Transform Extension Buildpack

You can use the Web Config Transform Extension Buildpack to externalize .NET Framework configurations in the web.config file to external sources such as GitHub, CredHub, or environment variables. The buildpack uses token replacement to ensure that app configurations are not included in the web.config build artifact.

For more information about using the buildpack, see the Web Config Transform Buildpack repository on GitHub.

New Advanced Features

The Advanced Features pane of the PAS for Windows v2.8 tile includes new functionality that may have certain constraints.

Although these features are fully supported, Pivotal recommends caution when using them in production.

Known Issues

There are currently no known issues in PAS for Windows v2.8.