Stemcell v1803.x (Windows Server version 1803) Release Notes

This topic includes release notes for Windows stemcells used with Pivotal Application Service for Windows (PASW) v2.3 and v2.4.

The stemcell is based on Windows Server, version 1803.

To download a stemcell, see Stemcells for Pivotal Platform (Windows) on Pivotal Network.

Note: Windows Server v1803 is out of mainstream support. 1803.17 is the last release of Pivotal Stemcells for Windows, v1803.x.

1803.17

Release Date: November 22, 2019

Security Fix

Feature

  • Added retry behavior for the file rename operation in the compilation VM to reduce risk of compilation failure due to custom antivirus installations in the base image.

1803.16

Release Date: October 10, 2019

Security Fix

Feature

  • Added a flag to stembuild package to allow the user to specify a patch version for the stemcell created.

1803.15

Release Date: September 20, 2019

Security Fix

Bug Fix

  • Fixed a bug that left user directories on the target machines after a user had terminated a BOSH ssh connection into that machine.
    • Deleted: .ssh directory and all normal files in the home directory that may have been created during the ssh session.
    • Not Deleted: .dat files loaded as part of the registry hive when a user logs in. Files will exist with file locks until the next VM reboot.

1803.14

Release Date: August 27, 2019

Features

1803.13

Release Date: July 23, 2019

Features

  • Includes Microsoft Security Updates July 2019.
  • Windows Defender is installed but completely disabled.

1803.12

Release Date: June 19, 2019

Security Fix

  • Includes Microsoft Security Updates June 11, 2019—KB4503286
  • Introduces 2.3.1.2 (L1) and 1.1.1 (L1) CIS L1 policy hardenings based on the CIS Security Benchmark.

1803.11

Release Date: May 31, 2019

Security Fix

  • Based on Microsoft’s guidance, additional fixes to protect against speculative execution side-channel vulnerabilities

1803.10

Release Date: May 22, 2019

Features

  • Platform Engineers can deploy Windows Stemcells on a BOSH Director with Google Cloud Storage as their external Blobstore.
  • Improved Troubleshooting of Windows VMs, with ssh enabled by default for all Windows VMs. You can still disable SSH in the PASW tile.
  • Includes Microsoft Security Updates to protect against Microarchitectural Data Sampling side-channel vulnerabilities. For more information, see May 14, 2019—KB4499167 (OS Build 17134.765) in the Windows support documentation.

1803.9

Features

1803.8

Features

Bug Fix

  • Disabled additional configuration related to NetBios. See the Pivotal Tracker story.

1803.7

Release Date: March 1, 2019

Features

1803.6

Release Date: January 24, 2019

Features

1803.5

Release Date: December 24, 2018

Features

Bug Fix

  • BOSH release job symlinks were not getting cleaned up when a target folder was removed. This issue is resolved.

1803.4

Release Date: November 28, 2018

Features

  • [Security] Disabled use of TLS 1.0 by SSL/TLS server and client.
  • [Security] Disabled RC4.
  • [Security] Disabled triple-DES cipher to mitigate against Sweet32: Birthday attacks on 64-bit block ciphers in TLS.
  • [Patches] Intended for use with November Patch Tuesday Microsoft Security Updates.
  • [New IaaS Support] Added support for AWS GovCloud.

1803.3

Release Date: October 30, 2018

Features

Bug Fix

  • Intermittent “Access denied” errors occur during the compilation phase of PASW deployments. We have added a fix to potentially resolve them.
  • Fixed the Ephemeral Disk Provisioning for Azure enabling compatibility of PASW’s ephemeral disk functionality with OpsMgr on Azure.

Known Issues

  • For Google Cloud Platform (GCP) users, a bug in PASW causes outbound connections from applications deployed on PASW with this stemcell version to fail. The resolution will come in patch versions of PASW v2.1, v2.2 and v2.3.

1803.2

Release Date: October 1, 2018

Features

  • Includes ephemeral disk support. This enables you to configure the size of your Windows cells in the PASW tile. For more information, see the Configure Tile Resources section in Installing and Configuring PAS for Windows. This also allows you to reduce your root disk to a minimum of 30 GB.
  • Intended for use with the September 2018 Microsoft Security Updates.

Bug Fix

  • Previously, the os_version argument was mandatory during the Invoke-Sysprep step. The OS is now detected by default, and the os_version argument is optional.

1803.1

Release Date: September 24, 2018

Features

  • This is the first 1803 stemcell.
  • Intended for use with the August 2018 Microsoft Security Updates.
  • Includes an important Microsoft Security Update that provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF). For more information, see Windows Support.
  • Compatible with the latest stable OpenSSH version, OpenSSH_for_Windows_v7.7.2.0p1.

Known Issue

  • The v1803.1 Windows stemcell does not support ephemeral disks. Support for ephemeral disks is expected in v1803.2. This enables you to configure the size of your Windows cells in the PAS for Windows tile. For more information, see Step 4: Configure Tile Resources of Installing and Configuring PAS for Windows.