Release Notes for Spring Cloud Services for VMware Tanzu

Release notes for Spring Cloud Services for VMware Tanzu

WARNING: If you install Spring Cloud Services (SCS) v3.1 alongside v2.x, deleting SCS v2.1.2 or earlier will delete the p-spring-cloud-services org used by both v2.x and v3.1. (See Known Issues.) For steps to migrate completely to SCS v3.1, see the Installing or Upgrading topics.

Known Issues

Spring Cloud Services v3.1.20 introduced bug in Config Server host key verification

Spring Cloud Services v3.1.20 introduced a problem which can cause the Config Server’s SSH host key verification check to incorrectly fail. This problem occurs in the Mirror Service on creation or update of mirrors when host key verification is enabled, and the repository being mirrored is served on SSH port 22.

To resolve this issue, upgrade to Spring Cloud Services version 3.1.21.

Spring Cloud Services v3.1.0-v3.1.19 fails on service broker commands with Tanzu Application Service v2.11.x

Tanzu Application Service deprecated the state field for service broker endpoints. This causes Spring Cloud Services v3.1.0 to v3.1.19 versions to fail on service broker commands for service instances including create-service, update-service and bind-service.

To resolve this issue, upgrade to Spring Cloud Services version 3.1.20 which now has Tanzu Application Service v2.11.x support.

Spring Cloud Services v3.1.15 introduced bug on Config Server dashboard mirrors synchronization display

Spring Cloud Services v3.1.15 introduced a change that causes existing Config Server instances that are not upgraded to 3.1.15 or above to not show the result of Synchronize Mirrors execution on the dashboard. This results in the commit hash not updating after the mirror has been synchronized. This does not affect the actual mirror synchronization and therefore refreshing the Config Server dashboard will show the current commit hash.

To resolve this issue, upgrade the Config Server instance using the cf update-service [NAME] -c '{"upgrade": true}' command. The Config Server instance dashboard should then behave as expected.

Spring Cloud Services v3.1 Shares Org Used by 2.x

Spring Cloud Services (SCS) v3.1 uses the p-spring-cloud-services org for deployment of backing apps for service instances. SCS v2.x, which is a separate tile, also uses this org. In SCS =< v2.0.10 and =< v2.1.2, the Broker Deregistrar pre-delete lifecycle errand deletes the p-spring-cloud-services org. Because of this, deleting the v2.x tile will also affect the v3.1 tile. Deletion of the p-spring-cloud-services org can result in loss of v3.1 service instance backing apps, potentially affecting client apps bound to the service instances.

If you have installed Spring Cloud Services v3.1 alongside =< v2.0.10 or =< v2.1.2, do NOT delete the v2.x tile. If you do wish to delete the 2.x tile, upgrade to SCS >= v3.0.4 or later and SCS >= v2.0.11 or >= v2.1.3, and then delete the v2.x tile.

Cannot Update Credentials for Git Repositories That Use HTTP(S) URLs

In Spring Cloud Services v3.1.0–v3.1.5, you cannot update credentials for a Git repository that was originally added to a Config Server service instance using a HTTP or HTTPS URL. This means that if the repository’s credentials are rotated, the Config Server’s mirror service will be unable to update its mirror of the repository.

To resolve this issue, you can update the Config Server to use SSH, rather than HTTP or HTTPS, to access the Git repository. See SSH Repository Access.


Release Date: 2nd September 2021

  • Resolved issue where some network connections were remaining in CLOSE_WAIT state


Release Date: 29th June 2021

  • Fixed Config Server host key verification for Git servers running on SSH port 22


Release Date: 13th May 2021

  • Added support for Tanzu Application Service version 2.11.x


Release Date: 17th February 2021

  • Enabled the ability to disable CredHub integration from the tile
  • Fixed an error where the mirror-service periodic refresh fails
  • Upgraded PXC (MySQL) release to enable TLS


Release Date: 8th December 2020

  • Added support for Spring Boot 2.3


Release Date: 27th October 2020

  • Added support for http(s) proxy in the mirror-service.


Release Date: 7th October 2020

  • Resolved issue with login to dashboard due to an invalid redirect URI being generated by the config server.
  • Now we support the configuration of Git SSH URL on the Config Server
  • Fixed regression of plaintext files not being served with default label in root of the repo
  • Enabled Vault token to renew when using composite Config Server configuration
  • Added in parameters to Vault health check for “perfstandbyok” and “standbyok”


Release Date: 25th August 2020

  • Resolved issue when a Git repository configuration in composite array for Config Server fails during refresh with periodic set to true then all subsequent Git repository refreshes fail.
  • Resolved issue with Config Server service instance dashboard responding with 500 internal server error when HashiCorp Vault is configured.


Release Date: 13th July 2020

  • Resolved issue with Git repository passwords not encoding some special characters appropriately leading to failed mirroring of the repository.


Release Date: 13th July 2020

  • Resolved issue with application-security-groups configuration not applying on cf create-service.


Release Date: 25th June 2020

  • Added ability to provide names of Application Security Groups (ASGs) to be used for a service instance. When creating or updating a service instance using the cf create-service or cf update-service commands, you can include an application-security-groups parameter listing the ASGs which should be applied for the service instance, and these ASGs will be added to the space used by the service instance’s backing app.
  • The configuration shown on a Config Server service instance’s dashboard now includes the list of ASGs applied for that service instance.
  • The Config Server is now compatible with the Service Instance Logging cf CLI plugin’s cf service-logs (or cf sil) command, including the --recent flag.
  • The Service Registry is now compatible with the Service Instance Logging cf CLI plugin’s cf service-logs (or cf sil) command, including the --recent flag.


Release Date: 29th May 2020

  • Added ability to enable off-platform service key access for service instances in tile configuration.
  • Fixed issue when Config Server Git repo is set to specific label and executing “Sync Mirrors” from dashboard was reporting the incorrect commit hash after the sync.
  • Fixed issue when Config Server uses Git repo with no master branch.
  • Fixed issue when Config Server is configured with multiple Git repos with same URL but different labels.


Release Date: 4th May 2020

  • Fixed issue for users with Space Developer role accessing dashboards when there a significant amount of spaces created on platform.


Release Date: 21st April 2020

  • Upgraded stemcell major version to Ubuntu Xenial 621.*.


Release Date: 14th April 2020

  • Fixed issue with periodic configuration view on service instance dashboard.


Release Date: 27th March 2020

  • Added ability to see that encrypt.key is configured via Config Server dashboard but redacted to ensure key token is not exposed.
  • Added back API support on Config Server service instances to encrypt values based on encrypt.key configured token.


Release Date: 13th March 2020

  • Removed ability to create service keys to ensure secure access for client applications.
  • Added the ability to set encrypt.key on Git repository configurations enabling hashed secrets in property files.
  • Fixed issue with updating credentials on Git repository defined with a HTTPS URI.
  • Fixed issue with custom domain not being used in dashboard URL.


Release Date: 22nd January 2020

  • Further improved fix for rotating Certificate Authorities while maintaining certificate uniqueness in errand JVM truststore.


Release Date: 15th January 2020

  • A periodic parameter added to Config Server service instance configuration updates Git repository mirrors on the Config Server’s mirror service every five minutes.
  • Added tile configuration for the timeout used for pushing backing apps for a service instance.
  • Fixed an issue that could cause a server error to appear on the Config Server dashboard when using the HashiCorp Vault backend.
  • Fixed use of the default label configured per Config Server Git repository for client app property requests.


Release Date: 25th November 2019

  • Fixed issue when rotating Certificate Authorities while maintaining certificate uniqueness in errand JVM truststore.


Release Date: 14th November 2019

  • Fixed CredHub bootstrapper errand so that it can update client credential permissions when re-running after tile install failure.


Release Date: 28th October 2019

  • Resolved issue with accessing service instance dashboard when VMware Tanzu Application Service for VMs (TAS) tile is configured with “Authentication and Enterprise SSO” as SAML.


Release Date: 7th October 2019

Enhancements included in this release:

  • The Spring Cloud Services broker has been upgraded to Spring Boot 2.1.8.RELEASE and Spring Cloud Greenwich.SR3.
  • Service Registry service has been added back with a new name: p.service-registry.
  • The existing Service Registry configuration options have not changed although there is now a new option named peer-timeout that can be set in milliseconds. This can alleviate issues with peer replication timing out when there is higher latency in the network between peers.
  • There is now a process for doing backup and restore of Spring Cloud Services stateful resources.

Important items to note:

  • Spring Cloud Services v3.1.0 does not include Circuit Breaker Dashboard services. To use these services, you can install Spring Cloud Services v2.0 alongside v3.1.0.

    Warning: You cannot upgrade to Ops Manager v2.7 if you are running Spring Cloud Services v2.0.

  • The Circuit Breaker Dashboard service will not return, as the underlying Netflix OSS Hystrix Dashboard project has been deprecated.