Stemcell v1803.x (Windows Server version 1803) Release Notes
This topic includes release notes for Windows stemcells used with Pivotal Application Service for Windows (PASW) v2.3 and v2.4.
The stemcell is based on Windows Server, version 1803.
To download a stemcell, see Stemcells for Pivotal Platform (Windows) on Pivotal Network.
Note: Windows Server v1803 is out of mainstream support. 1803.17 is the last release of Pivotal Stemcells for Windows, v1803.x.
Release Date: November 22, 2019
- Added retry behavior for the file rename operation in the compilation VM to reduce risk of compilation failure due to custom antivirus installations in the base image.
Release Date: October 10, 2019
- Added a flag to
stembuild packageto allow the user to specify a patch version for the stemcell created.
Release Date: September 20, 2019
- Fixed a bug that left user directories on the target machines after a user had terminated a BOSH ssh connection into that machine.
.sshdirectory and all normal files in the home directory that may have been created during the ssh session.
- Not Deleted:
.datfiles loaded as part of the registry hive when a user logs in. Files will exist with file locks until the next VM reboot.
Release Date: August 27, 2019
- Includes Microsoft Security Updates Patch Tuesday August 2019.
- Introduced a new feature in stembuild construct command to validate/invalidate the OS based on stembuild version.
Release Date: July 23, 2019
- Includes Microsoft Security Updates July 2019.
- Windows Defender is installed but completely disabled.
Release Date: June 19, 2019
- Includes Microsoft Security Updates June 11, 2019—KB4503286
- Introduces 184.108.40.206 (L1) and 1.1.1 (L1) CIS L1 policy hardenings based on the CIS Security Benchmark.
Release Date: May 31, 2019
- Based on Microsoft’s guidance, additional fixes to protect against speculative execution side-channel vulnerabilities
Release Date: May 22, 2019
- Platform Engineers can deploy Windows Stemcells on a BOSH Director with Google Cloud Storage as their external Blobstore.
- Improved Troubleshooting of Windows VMs, with ssh enabled by default for all Windows VMs. You can still disable SSH in the PASW tile.
- Includes Microsoft Security Updates to protect against Microarchitectural Data Sampling side-channel vulnerabilities. For more information, see May 14, 2019—KB4499167 (OS Build 17134.765) in the Windows support documentation.
- Intended for use with April 2019 Microsoft Security Updates
- Includes March 2019 Microsoft Security Updates.
- Disabled additional configuration related to NetBios. See the Pivotal Tracker story.
Release Date: March 1, 2019
- [Patches] Included February Patch Tuesday Microsoft Security Updates.
Release Date: January 24, 2019
- [Patches] Included January Patch Tuesday Microsoft Security Updates.
- Added fix for mitigating CVE-2018-3639.
Release Date: December 24, 2018
- [Patches] Included December Patch Tuesday Microsoft Security Updates.
- Added the BOSH API version in the stemcell to surface more information about the compatibility of the stemcell with BOSH.
- BOSH release job symlinks were not getting cleaned up when a target folder was removed. This issue is resolved.
Release Date: November 28, 2018
- [Security] Disabled use of TLS 1.0 by SSL/TLS server and client.
- [Security] Disabled RC4.
- [Security] Disabled triple-DES cipher to mitigate against Sweet32: Birthday attacks on 64-bit block ciphers in TLS.
- [Patches] Intended for use with November Patch Tuesday Microsoft Security Updates.
- [New IaaS Support] Added support for AWS GovCloud.
Release Date: October 30, 2018
- Intended for use with October 2018 Microsoft Security Updates.
- Disables RDP by default to improve security of the 1803 stemcells. You can still enable RDP through the PASW Tile Configuration.
- Intermittent “Access denied” errors occur during the compilation phase of PASW deployments. We have added a fix to potentially resolve them.
- Fixed the Ephemeral Disk Provisioning for Azure enabling compatibility of PASW’s ephemeral disk functionality with OpsMgr on Azure.
- For Google Cloud Platform (GCP) users, a bug in PASW causes outbound connections from applications deployed on PASW with this stemcell version to fail. The resolution will come in patch versions of PASW v2.1, v2.2 and v2.3.
Release Date: October 1, 2018
- Includes ephemeral disk support. This enables you to configure the size of your Windows cells in the PASW tile. For more information, see the Configure Tile Resources section in Installing and Configuring PAS for Windows. This also allows you to reduce your root disk to a minimum of 30 GB.
- Intended for use with the September 2018 Microsoft Security Updates.
- Previously, the
os_versionargument was mandatory during the
Invoke-Sysprepstep. The OS is now detected by default, and the
os_versionargument is optional.
Release Date: September 24, 2018
- This is the first 1803 stemcell.
- Intended for use with the August 2018 Microsoft Security Updates.
- Includes an important Microsoft Security Update that provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF). For more information, see Windows Support.
- Compatible with the latest stable OpenSSH version,
- The v1803.1 Windows stemcell does not support ephemeral disks. Support for ephemeral disks is expected in v1803.2. This enables you to configure the size of your Windows cells in the PAS for Windows tile. For more information, see Step 4: Configure Tile Resources of Installing and Configuring PAS for Windows.