Stemcell v2019.x (Windows Server version 2019) Release Notes

This topic includes release notes for Windows stemcells used with Pivotal Application Service for Windows (PASW) v2.5, v2.6, v2.7, and v2.8.

The stemcell is based on Windows Server, version 2019.

To download a stemcell, see Stemcells for Pivotal Platform (Windows) on Pivotal Network.

2019.15

Release Date: January 18, 2020

Security Fix

Known Issues

Note: The feature to update root certificates in stembuild-built stemcells released in 2019.14 requires internet connection to the Windows Updates Server to complete successfully.

2019.14

Release Date: December 16, 2019

Security Fix

Features

  • Updated stembuild to always use the latest version of OpenSSH (8.0.0-p1-beta as of this release)
  • Root certificates on machines deployed using stembuild-built stemcells get updated certificates from the Windows Updates Server

2019.13

Release Date: November 22, 2019

Security Fix

Features

  • Added logging and exit code to stembuild construct to allow users to see the progress of the command and know whether it has completed preparing the VM for packaging
  • Added retry behavior for the file rename operation in the compilation VM to reduce risk of compilation failure due to custom antivirus installations in the base image

2019.12

Release Date: October 10, 2019

Security Fix

Features

  • Added a flag to stembuild package to allow user to specify patch version for the stemcell .tgz output
  • Aligned Internet Explorer-based policies in stemcells built using stembuild with Microsoft Baseline Security Standard

Bug Fix

  • Fixed a bug where stembuild construct was failing to execute with a DISM error

Note: Do not use stembuild-2019.11 because it will fail on stembuild construct. Use stembuild-2019.12 instead.

2019.11

Release Date: September 26, 2019

Security Fix

Features

  • Enabled the Hyper-V Windows feature for enabling Windows 2019 stemcells built using stembuild
  • Improved security hardening of Windows stemcells by aligning Internet Explorer-based policies with the Microsoft Baseline Security Standard

Bug Fix

  • Fixed a bug that left user directories on the target machines after a user had terminated a BOSH SSH connection into that machine:
    • Deleted: .ssh directory and all normal files in the home directory that may have been created during the SSH session.
    • Not deleted: .dat files loaded as part of the registry hive when a user logs in. Files will exist with file locks until the next VM reboot.

Note: There is no Windows stemcell v2019.10.

2019.9

Release Date: August 27, 2019

Features

2019.8

Release Date: July 23, 2019

Features

2019.7

Release Date: July 1, 2019

Features

  • Key improvements in stembuild with features such as SSH enable-by-default for deployed Windows VMs on vSphere and security fixes.
  • Enabled the Hyper-V Windows feature for enabling Windows in PKS and NSX-T compatibility with Windows teams.

2019.6

Release Date: June 19, 2019

Security Fix

  • Includes Microsoft Security Updates June 11, 2019—KB4503327
  • Introduces 2.3.1.2 (L1) and 1.1.1 (L1) CIS L1 policy hardenings based on the CIS Security Benchmark.

2019.5

Release Date: May 30, 2019

Security Fix

  • Based on Microsoft’s guidance, additional fixes to protect against speculative execution side-channel vulnerabilities

2019.4

Release Date: May 22, 2019

Features

  • Platform Engineers can deploy Windows Stemcells on a BOSH Director with Google Cloud Storage as their external Blobstore.
  • Improved Troubleshooting of Windows VMs, with ssh enabled by default for all Windows VMs. You can still disable SSH in the PASW tile.
  • Includes Microsoft Security Updates to protect against Microarchitectural Data Sampling side-channel vulnerabilities. For more information, see May 14, 2019—KB4494441 (OS Build 17763.503) in the Windows support documentation.

2019.3

Release Date: April 25, 2019

Features