Releases: cloudfoundry-attic/cf-release
v217
The cf-release v217 was released on September 09, 2015.
Important:
- This release introduces significant improvements to the security of the consul cluster, however the operator must introduce these changes over the course of multiple deployments. If you are not running any consul servers as part of your deployment, you can ignore these instructions. Otherwise, please do the following:
- Scale the number of consul servers in your existing deployment down to 1 instance. The
consul.agent.servers.lan
property must be updated to reflect this; this should happen for free if you are using the standard tooling for manifest generation. If you are deploying Diego alongside CF, you must redeploy Diego as well to pick up theconsul.agent.servers.lan
change; again, this should happen for free if using the standard manifest generation tooling. - Generate SSL certificates, keys, and a separate encryption key for the gossip protocol used by consul (instructions). Upload the v217 release and generate your manifest for CF (and then Diego, if also deploying Diego).
- Deploy CF (and then Diego, if also deploying Diego).
- Scale the number of consul servers back up to whatever you had it at before. Regenerate all relevant manifests and deploy.
- Scale the number of consul servers in your existing deployment down to 1 instance. The
- cf-release v216 was skipped. After cutting a final release, the final release changes need to be committed back to the repo. We do one final deploy of the final release before committing its changes to master. In this case, a bug was found after doing the deploy, so we did not commit its changes. The bug was fixed, a new final release was deployed, and its changes have been committed. Since the director where the deploy was done already had a 216 deployed to it, we could not call the fixed release 216 as well, hence 217.
Contents:
- CC and Service Broker APIs
- Runtime
- Buildpacks and Stacks
- Routing
- Loggregator
- Internal Components
- Job Spec Changes
- Recommended BOSH Release and Stemcell Versions
- Recommended Diego Version
- Recommended Garden Linux Version
CC and Service Broker APIs
CC API Version: 2.35.0
Service Broker API Version: 2.6
Cloud Controller
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Private Brokers details
- [Experimental] Work reverted on Dashboard Clients per Service Instance details
- [Experimental] Work started on Route Services details
- cloudfoundry/cloud_controller_ng #411: Update cf-message-bus which includes latest NATS client details
- Add a description to the Resource Match API page to apidocs details
- Add description for recursive delete flag on Orgs and Spaces to apidocs details
- Update ruby version to 2.1.7 details
- Remove experimental flags for
total_private_domains
andapp_instance_limit
in Creating a Organization Quota Definition details - Added new endpoint to get number of started instances by Org
GET /v2/organizations/:guid/instance_usage
apidoc details
Runtime
DEA
Warden
- Remove guard against using aufs for nested warden containers to match current garden behavior. details
- Bump ruby version to 2.1.7. details
HM9000
No functional changes.
Buildpacks and Stacks
stacks
updated to 1.7.0 (from 1.4.0)
1.7.0
Notably, this release addresses USN-2726-1, "Expat vulnerability", which is related to CVE-2015-1283.
1.6.0
Notably, this release addresses USN-2722-1, "gdk-pixbuf vulnerability".
1.5.0
Notably, this release addresses:
- USN-2710-1, "OpenSSH vulnerabilities"
- USN-2710-2, "openssh regression"
which are related to:
in addition to two other vulnerabilities which do not yet have CVE numbers assigned.
go-buildpack
updated to v1.6.0 (from v1.5.0)
v1.6.0
- Output buildpack information in detect script.
(https://www.pivotaltracker.com/story/show/100757820) - Add go 1.5.
Remove go 1.1.x, which hasn't been updated since August 2013.
(https://www.pivotaltracker.com/story/show/101620562)
Packaged binaries:
name | version | cf_stacks |
---|---|---|
go | 1.2.1 | cflinuxfs2 |
go | 1.2.2 | cflinuxfs2 |
go | 1.3.2 | cflinuxfs2 |
go | 1.3.3 | cflinuxfs2 |
go | 1.4.1 | cflinuxfs2 |
go | 1.4.2 | cflinuxfs2 |
go | 1.5 | cflinuxfs2 |
ruby-buildpack
updated to v1.6.5 (from v1.6.2)
v1.6.5
- Change default Ruby version to '2.2.3'
(https://www.pivotaltracker.com/story/show/101779882)
Packaged binaries:
name | version | cf_stacks |
---|---|---|
ruby | 2.0.0 | cflinuxfs2 |
ruby | 2.1.6 | cflinuxfs2 |
ruby | 2.1.7 | cflinuxfs2 |
ruby | 2.2.2 | cflinuxfs2 |
ruby | 2.2.3 | cflinuxfs2 |
jruby | ruby-1.9.3-jruby-1.7.21 | cflinuxfs2 |
jruby | ruby-2.0.0-jruby-1.7.21 | cflinuxfs2 |
jruby | ruby-2.2.2-jruby-9.0.0.0 | cflinuxfs2 |
node | 0.12.7 | cflinuxfs2 |
bundler | 1.9.7 | cflinuxfs2 |
libyaml | 0.1.6 | cflinuxfs2 |
openjdk1.8-latest | 1.8.0_51 | cflinuxfs2 |
rails3_serve_static_assets | - | cflinuxfs2 |
rails_log_stdout | - | cflinuxfs2 |
v1.6.4
Note that v1.6.3 was not released.
- Add support for Ruby 2.1.7 and 2.0.0-p647, which addresses CVE-2015-3900.
Remove support for Ruby 2.1.5 and 2.0.0-p645.
(https://www.pivotaltracker.com/story/show/101589968)
Identity
Updated to UAA Release 2.6.1
Routing
- Work continues on support for Route Services details, more details
- Gorouter now logs X-Forwarded-Proto details
- Gorouter no longer responds to a publish NATS message with an empty subject details
- Work begun on support for TCP Routing in Routing API details
- Routing API no longer logs the Authorization header details
- A bug was introduced in v217 wherein gorouter logs are no longer rotated as frequently as they used to be. This could lead to failure if the disk fills up. A fix has been committed and will be included in v219 details.
Loggregator
Internal Components
etcd
No functional changes.
consul
- Improve operability of consul cluster when scaling down. details
- Consul servers determine whether they are synced with the rest of the cluster in the officially recommended manner. details
- Consul agents and servers communicate securely with one another. details
- Consul servers leave and join the cluster more reliably during a rolling deploy. details
route_registrar
- Added new
route_registrar
job to centralize route registra...
v215
The cf-release v215 was released on August 18, 2015.
Contents:
- CC and Service Broker APIs
- Runtime
- Buildpacks and Stacks
- Routing
- Loggregator
- Internal Components
- Job Spec Changes
- Recommended BOSH Release and Stemcell Versions
- Recommended Diego Version
- Miscellaneous
CC and Service Broker APIs
CC API Version: 2.34.0
Service Broker API Version: 2.6
Cloud Controller
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Private Brokers details
- [Experimental] Work continues on Dashboard Clients per Service Instance details
- Fixed issue where CC worker does not pick up jobs that could not be loaded on the first attempt details
- Update download endpoints in api docs to explain redirect behavior of cf oauth tokens to some blobstores that will not accept it details
- Fix instances reporting if app failed to stage details
- Ensure only space developers have access to service dashboards details
- cloudfoundry/cloud_controller_ng #408: Filter stopped and unstaged on hm9k bulk endpoint details
- /v2/spaces/:guid/summary should degrade gracefully if Diego is not available details
- ensure start logging happens when invalid scheme is used details
Runtime
No changes.
Buildpacks and Stacks
stacks
updated to 1.4.0 (from 1.1.0)
1.4.0
This rootfs enables both DEAs and Diego to share the vcap user home and app directories. #97733540
1.3.0
Notably, this version of the rootfs updates libsqlite3
to 3.8.2-1ubuntu2.1
to address USN-2698-1 "SQLite vulnerabilities" which addresses:
1.2.0
Notably, this release addresses USN-2694-1 "PCRE vulnerabilities", which is related to:
This release also adds the following package to the rootfs:
jq
java-buildpack
updated to v3.1.1 (from v3.1)
v3.1.1
I'm pleased to announce the release of the java-buildpack
, version 3.1.1
. This release ensures that the dependencies contained in the offline
buildpack are up to date.
For a more detailed look at the changes in 3.1.1
, please take a look at the commit log. Packaged versions of the buildpack, suitable for use with create-buildpack
and update-buildpack
, can be found attached to this release.
Packaged dependencies:
Dependency | Version |
---|---|
AppDynamics Agent | 4.0.7_0 |
GemFire | 8.0.0 |
GemFire Modules | 8.0.0.1 |
GemFire Modules Tomcat7 | 8.0.0.1 |
GemFire Security | 8.0.0 |
Groovy | 2.4.4 |
JRebel | 6.2.2 |
MariaDB JDBC | 1.1.9 |
Memory Calculator (centos6 ) |
1.1.1.RELEASE |
Memory Calculator (lucid ) |
1.1.1.RELEASE |
Memory Calculator (mountainlion ) |
1.1.1.RELEASE |
Memory Calculator (precise ) |
1.1.1.RELEASE |
Memory Calculator (trusty ) |
1.1.1.RELEASE |
New Relic Agent | 3.18.0 |
OpenJDK JRE (centos6 ) |
1.8.0_51 |
OpenJDK JRE (lucid ) |
1.8.0_51 |
OpenJDK JRE (mountainlion ) |
1.8.0_51 |
OpenJDK JRE (precise ) |
1.8.0_51 |
OpenJDK JRE (trusty ) |
1.8.0_51 |
Play Framework JPA Plugin | 1.7.0.RELEASE |
PostgreSQL JDBC | 9.4.1201 |
RedisStore | 1.2.0_RELEASE |
SLF4J API | 1.5.8 |
SLF4J JDK14 | 1.5.8 |
Spring Auto-reconfiguration | 1.7.0_RELEASE |
Spring Boot CLI | 1.2.5_RELEASE |
Tomcat Access Logging Support | 2.4.0_RELEASE |
Tomcat Lifecycle Support | 2.4.0_RELEASE |
Tomcat Logging Support | 2.4.0_RELEASE |
Tomcat | 8.0.24 |
ruby-buildpack
updated to v1.6.2 (from v1.6.1)
v1.6.2
- Update to JRuby 9.0.0.0 (final)
- Add 9.0.0.0
- Remove 9.0.0.0.rc2
- Update openjdk to 1.8.0_51 ("8u51")
This version of openjdk 8 addresses some severe CVEs, which are enumerated here:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
Packaged binaries:
name | version | cf_stacks |
---|---|---|
ruby | 2.0.0 | cflinuxfs2 |
ruby | 2.1.5 | cflinuxfs2 |
ruby | 2.1.6 | cflinuxfs2 |
ruby | 2.2.1 | cflinuxfs2 |
ruby | 2.2.2 | cflinuxfs2 |
jruby | ruby-1.9.3-jruby-1.7.21 | cflinuxfs2 |
jruby | ruby-2.0.0-jruby-1.7.21 | cflinuxfs2 |
jruby | ruby-2.2.2-jruby-9.0.0.0 | cflinuxfs2 |
node | 0.12.7 | cflinuxfs2 |
bundler | 1.9.7 | cflinuxfs2 |
libyaml | 0.1.6 | cflinuxfs2 |
openjdk1.8-latest | 1.8.0_51 | cflinuxfs2 |
rails3_serve_static_assets | - | cflinuxfs2 |
rails_log_stdout | - | cflinuxfs2 |
Identity
Updated to UAA Release 2.5.1
Routing
- Work continues on support for Route Services details
- Backfilled CATS for Sticky sessions details
- Routes registered with a path are now exposed by Routing API with GET endpoint details
Loggregator
Loggregator Features
- Make doppler message drain buffer size configurable via bosh "doppler.message_drain_buffer_size" . details
- Added additional lossiness metrics for monitoring between metron and doppler. details
- PR - Read to detect syslog writer connection close. details
- PR - Add default nats port to bosh jobs for nats, dea_logging_agent, loggregator_trafficcontroller, and metron_agent. details
- PR - Log which syslog sink url is slow during buffer overflow. details
Loggregator Bugs
- Fixed a bug where syslog drains would delay for 1ms during connection, backing up buffer. details ... additional notes
- Fixed a bug / added a feature to make doppler buffer sizes configurable. details ... additional notes
- Fixed a bug where TrafficController sends EOF unexpectedly to a firehose client. details
Internal Components
No changes.
Job Spec Changes
- Added default value 4222 for
nats.port
indea_logging_agent
,doppler
,loggregator_traffic_controller
, andmetron_agent
jobs. details - Added
doppler.message_drain_buffer_size
todoppler
job. details - Added
router.route_service_secret_prev
togorouter
job. details
Recommended BOSH Release and Stemcell Versions
- BOSH Release Version: bosh 195
- BOSH Stemcell Version(s):
name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
version: 3026
These are soft recommendations; several different versions of the BOSH release and stemcell are likely to work fine with this version of cf-release.
Recommended Diego Version
- Diego final release 0.1412.0 · release notes
This is a soft recommendation; several different versions of the Diego release may work fine with this version of cf-release.
<a name='miscellane...
v214
The cf-release v214 was released on July 29, 2015.
Important:
- This release includes a migration that modifies the
events
table. This table may be very large, and the migration may cause the deployment to fail if it takes too long to run. If the migration causes the deployment to fail, the api_z1/0 job will fail to start. If this happens, do not restart the deploy until the migration has finished running. The deploy can be restarted once thespace_id
foreign key constraint has been removed from theevents
table. - To avoid the possibility of the migration causing a failure, truncate the
events
table before the deployment starts. The data in theevents
table are considered to be audit and log data, and Cloud Foundry can function if it is removed.
Contents:
- CC and Service Broker APIs
- Runtime
- Buildpacks and Stacks
- Routing
- Loggregator
- Internal Components
- Job Spec Changes
- Recommended BOSH Release and Stemcell Versions
- Recommended Diego Version
CC and Service Broker APIs
CC API Version: 2.33.0
Service Broker API Version: 2.6
Cloud Controller
- Fixed backwards incompatible ccdb migration introduced in cf-release 213 details
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Private Brokers details
- [Experimental] Work continues on Dashboard Clients per Service Instance details
- Truncate the billing_events table to complete the deprecation details
- Support for app instance limit on Org Quota details
- cloudfoundry/cloud_controller_ng #402: Enlarge Service Keys Credentials details
- Audit events for service key create and delete details
- vendor/errors is no longer a submodule details
- use cf.internal for internal domain for consul details
- SSH access requires app update access details
- Create service usage event upon plan update details
- hm9k fetcher to only select the columns that are needed details
Runtime
DEA
- Fix race condition where DEA was sending heartbeat before UUID had been generated. details
Warden
- Use wait-for-lock when invoking iptables. details
- Keep track of containers when destroy fails. details
HM9000
- Enable pprof. details
Buildpacks and Stacks
rootfs
updated cflinuxfs2 to v1.1.0
v1.1.0
Notably, this release addresses USN-2670-1: "libwmf vulnerabilitites", which is related to:
go-buildpack
updated to v1.5.0 (from v1.4.0)
v1.5.0
-
Basic Godeps/Godeps.json validation
Note that ./Godeps and .godir are deprecated.
(See README.md for additional notes about the Godeps upgrade.)
-
Include current stack in unsupported stack message
(https://www.pivotaltracker.com/story/show/98579464) -
Remove vendored python interpreter
(https://www.pivotaltracker.com/story/show/94532204) -
Defaults for GOMAXPROCS
-
Update godep
Includes at least:
- 64k line fixes
- godep diff
- Cross compiled with go 1.4.2 / gox (statically linked)
-
GOPATH "g" -> "go"
Packaged binaries:
name | version | cf_stacks |
---|---|---|
go | 1.1.1 | cflinuxfs2 |
go | 1.1.2 | cflinuxfs2 |
go | 1.2.1 | cflinuxfs2 |
go | 1.2.2 | cflinuxfs2 |
go | 1.3.2 | cflinuxfs2 |
go | 1.3.3 | cflinuxfs2 |
go | 1.4.1 | cflinuxfs2 |
go | 1.4.2 | cflinuxfs2 |
nodejs-buildpack
updated to v1.5.0 (from v1.4.0)
v1.5.0
- remove versions 0.8.x and 0.9.x from manifest
(https://www.pivotaltracker.com/story/show/97770112) - Include CF built binaries
(https://www.pivotaltracker.com/story/show/97136960)
Packaged binaries:
name | version | cf_stacks |
---|---|---|
node | 0.10.38 | cflinuxfs2 |
node | 0.10.40 | cflinuxfs2 |
node | 0.11.15 | cflinuxfs2 |
node | 0.11.16 | cflinuxfs2 |
node | 0.12.6 | cflinuxfs2 |
node | 0.12.7 | cflinuxfs2 |
v1.4.2
- Security upgrade to nodejs 0.12.7
Add support for node version 0.10.40
Remove support for node version 0.10.37
(https://www.pivotaltracker.com/story/show/98855140)
v1.4.1
- Security upgrade to nodejs 0.12.6
(https://www.pivotaltracker.com/story/show/98683546)
php-buildpack
updated to v4.0.0 (from v3.3.0)
v4.0.0
-
upgrade PHP 5.6.11, 5.5.27, and 5.4.43
(https://www.pivotaltracker.com/story/show/98855368) -
Package all PHP modules in a single tarball
Instead of downloading PHP modules individually, include all modules in a
single tarball to make the manifest more manageable.
(https://www.pivotaltracker.com/story/show/95473520) -
Package all httpd modules in a single tarball
Instead of downloading httpd modules individually, include all modules
in a single tarball to make the manifest more manageable.
(https://www.pivotaltracker.com/story/show/95473520) -
Add nginx 1.9.2, upgrade to 1.6.3; drop 1.7.x
(https://www.pivotaltracker.com/story/show/98855608) -
Include current stack in unsupported stack message
(https://www.pivotaltracker.com/story/show/98579464)
Packaged binaries:
name | version | cf_stacks |
---|---|---|
php | 5.4.42 | cflinuxfs2 |
php | 5.4.43 | cflinuxfs2 |
php | 5.5.26 | cflinuxfs2 |
php | 5.5.27 | cflinuxfs2 |
php | 5.6.10 | cflinuxfs2 |
php | 5.6.11 | cflinuxfs2 |
hhvm | 3.5.0 | cflinuxfs2 |
hhvm | 3.5.1 | cflinuxfs2 |
hhvm | 3.6.0 | cflinuxfs2 |
hhvm | 3.6.1 | cflinuxfs2 |
composer | 1.0.0-alpha10 | cflinuxfs2 |
httpd | 2.4.12 | cflinuxfs2 |
newrelic | 4.20.2.95 | cflinuxfs2 |
nginx | 1.6.3 | cflinuxfs2 |
nginx | 1.8.0 | cflinuxfs2 |
nginx | 1.9.2 | cflinuxfs2 |
v3.3.1
- Include php versions 5.6.10, 5.5.26, 5.4.42
Remove support for 5.4.39, 5.5.23, 5.6.7
Change the default PHP version to 5.5.26
(https://www.pivotaltracker.com/story/show/98547428) - Support nginx 1.8
(https://www.pivotaltracker.com/story/show/96911902) - Fix boolean values in options.json
(https://www.pivotaltracker.com/story/show/98199628)
python-buildpack
updated to v1.5.0 (from v1.4.0)
v1.5.0
- Include CF built binaries
(https://www.pivotaltracker.com/story/show/97136960) - Include current stack in unsupported stack message
(https://www.pivotaltracker.com/story/show/98579464) - Update pip to 7.1.0
- Update setuptools to 18.0.1
- Set xtrace if $BUILDPACK_XTRACE set
Packaged binaries:
name | version | cf_stacks |
---|---|---|
python | 2.7.10 | cflinuxfs2 |
python | 2.7.9 | cflinuxfs2 |
python | 3.3.5 | cflinuxfs2 |
python | 3.3.6 | cflinuxfs2 |
python | 3.4.2 | cflinuxfs2 |
python | 3.4.3 | cflinuxfs2 |
libffi | 3.1 | cflinuxfs2 |
libmemcache | 1.0.18 | cflinuxfs2 |
ruby-buildpack
updated to v1.6.1 (from v1.5.0)
v1.6.1
- Fix issues with the 'including unsupported' manifest
- Fix incorrect md5 checksum for node version 0.12.7
- Remove merge conflict annotations
Packaged binaries:
name | version | cf_stacks |
---|---|---|
ruby | 2.0.0 | cflinuxfs2 |
ruby | 2.1.5 | cflinuxfs2 |
ruby | 2.1.6 | cflinuxfs2 |
ruby | 2.2.1 | cflinuxfs2 |
ruby | 2.2.2 | cflinuxfs2 |
jruby | ruby-1.9.3-jruby-1.7.21 | cflinuxfs2 |
jruby | ruby-2.0.0-jruby-1.7.21 | cflinuxfs2 |
jruby | ruby-2.2.2-jruby-9.0.0.0.rc2 | cflinuxfs2 |
node ... |
v213
Release Notes
The cf-release v213 was released on July 9, 2015.
IMPORTANT: This release has a backwards incompatible Cloud Controller database migration that causes downtime for Cloud Controller during the deploy. We are working on getting this sorted out. We don't recommend upgrading to this release.
- CC and Service Broker APIs
- Runtime
- Buildpacks
- Identity
- Routing
- Log Aggregation and Metrics
- Manifest Template and Job Spec Changes
- Recommended BOSH Release and Stemcell Versions
- Recommended Diego Version
CC and Service Broker APIs
CC API Version: 2.33.0
Service Broker API Version: 2.6
- Removed space_id from events details
- NOTE: This caused the backwards incompatible ccdb migration. During the deploy of 213, there will be cloud controller down time while the cloud controller job is rolling. This issue is fixed in the next cf-release details
- Split client max body size manifest configuration details
cc.client_max_body_size
default decreased to 15M on body size for requests to cloud controllercc.app_bits_max_body_size
new property added that controls the max body size for application bits sent to cloud controller for app upload with default 1536M
- Switch buildpack cache key to be #{guid}-#{stack.name} details
- Recommend cleaning up the buildpack cache by using the buildpack_cache delete end point after upgrading to this release to reclaim the space used by caches with the older cache key. For large deployments, this end point may take some time and may need to be called again if it times out. apidoc
- Removed billing events api and associated models details
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work started on Private Brokers details
- API work on Service Keys epic complete details
- API work on Instance Tags epic complete details
- API work on Service ID included in service request to Service Broker completed (https://www.pivotaltracker.com/epic/show/1965166)
- As cloud controller admin, I can add a new stack to cloud controller POST /v2/stacks details | apidoc
- This end point allows the creation of stacks that cloud controller knows about. The stack would additionally need to be advertised/supported by a DEA or Cell in order for an app requesting the stack to be placed.
- Private domain limit added to org quota definition details | apidoc
- Space Developer can now download an app's droplet details | apidoc
- Added statsd metrics to cc details
- Added metrics on delayed job queue details
- Additional logging added around blobstore access in cc logsdetails
- user guid and request id logged at the beginning of the request in cc logs.details
- Additional cc logs to include response code and vcap request id for requests to cc details
- Ensure nfs mount exists before starting cc and cc worker jobs details
- Update nginx config to allow
cf files
to get application and bits details - Added staging error message to /v2/apps/:guid details
- Added a meaningful error when request fails due to issues writing to ccdbdetails
- When changing a plan, user should not see that the plan has changed until the update succeeds details
- only user with SpaceDeveloper role should be able to obtain dashboard_url details
- when attempting to recursively delete an org containing a service instance with bound applications, user should receive an error message indicating which service instance is the problem details
- Admins can delete the last OrgManager on an Organization details
Runtime
DEA
- Mask sensitive data (e.g. VCAP_SERVICES and environment variables) in logs. details
Warden
- Mask sensitive data (e.g. VCAP_SERVICES and environment variables) in logs. details
- Disk quotas no longer break when rootfs already contains
vcap
user. details - Move extraction of
cflinuxfs2
rootfs into the DEA job to ensure the ownership of/home/vcap
in the rootfs isvcap:vcap
. details
Buildpacks
staticfile-buildpack v1.2.0
https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.2.0
- Remove nginx version display
(https://www.pivotaltracker.com/story/show/94542440) - Remove lucid-specific binaries from manifest.yml
(https://www.pivotaltracker.com/story/show/96135874) - Give helpful message on unsupported stacks
(https://www.pivotaltracker.com/story/show/96590146)
https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.1.1
- Bump compile extensions
(https://www.pivotaltracker.com/story/show/96957294)
ruby-buildpack v1.5.0
https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.5.0
- Remove lucid-specific binaries from manifest.yml
(https://www.pivotaltracker.com/story/show/96135874) - Give helpful message on unsupported stacks
(https://www.pivotaltracker.com/story/show/96590188) - Use cloudfoundry java team built OpenJdks
(https://www.pivotaltracker.com/story/show/94123750)
python-buildpack v1.4.0
https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.4.0
- Remove 2.7.8 from skinny manifest
- Remove lucid-specific binaries from manifest.yml
(https://www.pivotaltracker.com/story/show/96135874) - alert user about incompatible stack usage
(https://www.pivotaltracker.com/story/show/96137338)
php-buildpack v3.3.0
https://github.com/cloudfoundry/php-buildpack/releases/tag/v3.3.0
- Fail with helpful error message for incompatible stack
(https://www.pivotaltracker.com/story/show/96590154) - Remove lucid-specific binaries from manifest.yml
(https://www.pivotaltracker.com/story/show/96135874) - Add PHP 5.6.8, 5.5.24, 5.4.40 to unsupported manifest
(https://www.pivotaltracker.com/story/show/94988124)
nodejs-buildpack v1.4.0
https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.4.0
- Merge upstream changes from Heroku (sha: f1b195427424922274807151e0dd8d1948d03ebb):
- Improvements to app caching logic
- Remove lucid-specific binaries from manifest.yml
(https://www.pivotaltracker.com/story/show/96135874) - Give helpful message on unsupported stacks
(https://www.pivotaltracker.com/story/show/96590188)
go-buildpack v1.4.0
https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.4.0
- Remove lucid64 references from manifest.yml
(https://www.pivotaltracker.com/story/show/96135874) - Alert user about incompatible stack usage
(https://www.pivotaltracker.com/story/show/96590164) - Fail staging on missing resource
(https://www.pivotaltracker.com/story/show/95737420) - Update Godeps instructions
(https://www.pivotaltracker.com/story/show/94986104)
binary-buildpack v1.0.1
https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.1
- Make compile and detect proper scripts
(https://www.pivotaltracker.com/story/show/96882956)
Identity
- Bumped UAA to version 2.4.0 details
Routing
- Work continues on support for route services details
- Moved gorouter and routing-api source to src/github.com details
- Routing API debug port changed so as not to conflict with GoRouter's details
- Routes can no longer be registered with the Routing API with ports greater than 65536 details
- Routing API now emits metrics for operational visibility using Metron agent details
Log Aggregation and Metrics
No Changes.
Manifest Template and ...
v212
The cf-release v212 was released on June 22nd, 2015
- IMPORTANT: Database migrations have been moved into their own job. Previously part of cloud_controller_ng details
- IMPORTANT: Loggregator vms have been renamed Doppler details. Note: with zero-downtime requires a two-phase deploy:
- Add instances of each doppler job to match the number of instances of the corresponding loggregator job and deploy.
- Remove all instances of loggregator and deploy.
- IMPORTANT: default template stemcells have been updated from lucid to trusty details
Buildpacks
- cloudfoundry/cf-release #701 Upgrade NodeJs buildpack to v1.3.4 details
- cloudfoundry/cf-release #697 Upgrade PHP buildpack to v3.2.2 details
- cloudfoundry/cf-release #699 Upgrade Staticfile buildpack to v1.1.0 details
- cloudfoundry/cf-release #702 Upgrade Python buildpack to v1.3.5 details
Runtime
- Allow for more than one attribute to be updated in a service instance update call. If anything fails, roll back all changes. details
- Warden more gracefully handles "Disconnected" timeouts during staging details
- Fixed a bug where newrelic filled logs with bogus error:
ERROR : URI::InvalidURIError: bad URI
details - [Experimental] User can scale v3 applications process memory details
- Address cve USN-2624-1 details
- Upgraded installed packages
- Service catalog now reports plans with the duplicate name details
- [Experimental] User can scale v3 process disk details
- Service catalog now reports duplicate plan ids details
- Fixed bug where Cloud Controller would become stuck waiting for NFS details
- Fixed bug where apps could request negative disk details
- Added doppler_logging_endpoint to /v2/info details
- Applications can be scaled to 0 instances details
- Space manager and auditor should see 404 error when deleting service keys details
- Gorouter - Added "Cache-Control" and "Expires" headers to prevent caching of heartbeat responses. details
- Fixed a bug where buildpack caches were not being deleted details
- Removed Experimental tag from context path routing details
UAA
- Bumped UAA to version 3.2.1 details
Routing Api
- [Experimental] Now co-located on the Cloud Controller details
Loggregator
- No major changes besides the rename to doppler mentioned above
Manifest and Job Spec Changes
properties.doppler.enabled
detailsproperties.doppler.use_ssl
detailsproperties.doppler.port
detailsproperties.collector.memory_threshold
detailsproperties.uaa.newrelic.environment
can be used to configure the old newrelic configuration ofuaa.newrelic.common.license_key
detailsproperties.uaa.database.case_insensitive
can be set to true when using case sensitivity with queries/filters because your DB is case sensitive.- [Experimental] routing api properties
properties.routing-api.consul_ttl
properties.routing-api.lock_retry_interval
properties.routing-api.metrics_reporting_ttl
properties.routing-api.statsd_endpoint
properties.routing-api.debug_address
properties.routing-api.max_concurrent_etcd_requests
properties.routing-api.statsd_client_flush_interval
- [Experimental]
Used Configuration
- BOSH Version: 152
- Stemcell Version: 2989
- CC Api Version: 2.29.0
Compatible Diego Version
- final release 0.1304.0 commit
v211
The cf-release v211 was released on June 4th, 2015
- IMPORTANT: This release removes lucid64 stack, please ensure apps migrated prior to upgrade
- IMPORTANT: If using the postgres included within cf-release, please carefully read the note below about postgres job upgrade
Runtime
- Remove lucid64 stack completely from cf-release details
- Please ensure all your applications have migrated to the cflinuxfs2 stack prior to upgrading to this release
- Once all apps have been migrated to the new stack, Operators will need to manually delete the lucid64 stack via the cc api using the admin user.
- http://apidocs.cloudfoundry.org/211/stacks/delete_a_particular_stack.html
- Upgraded postgres included in cf-release to postgres 9.4.2 details
- See note below about the postgres job upgrade
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Route API details
- [Experimental] Work continues on Context Path Routes details
- Work in progress for support of user-provided tags on service instances details
- cloudfoundry/cf-release #689: Fixing failed cc_ng and cc_ng_worker with NFS details
- Remove default support address for CC details
- increased cloud_controller_ng start timeout to be able to run long ccdb migrations details
- cloudfoundry/cf-release #680: staticfile to be tested before nodejs/ruby buildpacks details
- cloudfoundry/stacks #16: Add
cmake
to rootfses details - cloudfoundry/stacks #17: Add autoconf to rootfs details
- cloudfoundry/cf-release #682: Upgrading ruby buildpack to v1.4.2 details
- cloudfoundry/cf-release #683: Upgrading python buildpack to v1.3.2 details
- Make 'dea_next.stacks' overridable in the manifest. details
- cloudfoundry/cf-release #681: Add security group for cf-mysql subnets on bosh-lite details
- cloudfoundry/dea_ng #164: Add warden_handle method to staging task details
- Use MASQUERADE instead of SNAT for container NAT details
- Throw better errors for apps stats endpoint details
- Fix buildpack_cache deletion issue details
Loggregator
- If no Dopplers available in an AZ, Metron will now fail over across AZs. details
- StatsD support broken out of Metron and into a separate process. New class of items for adding data into metron/loggregator now known as an “injectors." Further info to follow on cf-dev.
- All loggregator metrics now using a Metron /varz shim instead of writing to a local /varz.
- Most loggregator metrics will have a different prefix as a result.
- All former metrics and new ones are documented - in wiki (scroll right) and in a public google doc.
- Story details.
- Other CF Components to follow; docs to be formalized with documentation team.
- NOAA client library fixed Close() issue, independent of CF release. Change is backward-incompatible.
- Removed Dropsonde protocol dependence on gogoproto for non-go builds. details
- Increase doppler marshal/unmarshal efficiency to compensate for message size changes. details
- [Bug Fix] Syslog drain binder is no longer leaking connections to cloud_controller. details
- [Bug Fix] LoggregatorClientPool no longer leaking clients to non-existant dopplers. details
Used Configuration
- BOSH Version: 152
- Stemcell Version: 2969
- CC Api Version: 2.28.0
Compatible Diego Version
- final release 0.1281.0 commit
Postgres Job Upgrade
The Postgres Job will upgrade the postgres database to version 9.4.2. Postgres will be unavailable during this upgrade.
A copy of the database is made for the upgrade, you may need to adjust the persistent disk capacity of the postgres job.
If the upgrade fails:
- The old database is still available at
/var/vcap/store/postgres
- The new database is at
/var/vcap/store/postgres-9.4.2
- A marker file is kept at /var/vcap/store/FLAG_POSTGRES_UPGRADE to prevent the upgrade from happening again.
pg_upgrade
logs that may have details of why the migration failed can be found in/home/vcap/
To attempt the upgrade again, you should remove /var/vcap/store/postgres-9.4.2
and /var/vcap/store/FLAG_POSTGRES_UPGRADE
To rollback to a previous release, you should remove /var/vcap/store/postgres-9.4.2
and /var/vcap/store/FLAG_POSTGRES_UPGRADE
. The previous release has no knowledge of these files, but they will conflict if you later try the upgrade again.
Post upgrade, both old and new databases are kept. The old database moved to /var/vcap/store/postgres-previous
. The postgres-previous
directory will be kept until the next postgres upgrade is performed in the future. You are free to remove this if you have verified the new database works and you want to reclaim the space.
Manifest and Job Spec Changes
properties.cc.stacks.default
lucid64 stack has been removedproperties.dea_next.stacks.default
lucid64 stack has been removed
v210
The cf-release v210 was released on May 23rd, 2015
- Note: A bug was found where CC and Worker jobs were not updating when using NFS as a blobstore. details
Runtime
- Addressed USN-2617-1 CVE-2015-3202 FUSE vulnerabilities
- [Experimental] Work continues on support for Asynchronous Service Instance Operations details
- Support for configurable max polling duration
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Route API details
- [Experimental] Work continues on Context Path Routes details
- Work continues on support for Service Keys details
- Upgrade etcd server to 2.0.1 details
- Should be run as 1 node (for small deployments) or 3 nodes spread across zones (for HA)
- Also upgrades hm9k dependencies. LAMB client to be upgraded in a subsequent release. Older client is compatible.
- cloudfoundry/cf-release #670: Be able to specify timeouts for acceptance tests without defaults in the spec. details
- Fix bug where ssl enabled routers were not draining properly details
- cloudfoundry/cloud_controller_ng #378: current usage against the org quota details
- Apps no longer need to be unbound and rebound to receive new credentials when a user-provided service instance is updated. Apps only need to be restaged/restarted details
UAA
- Bumped to UAA 2.3.0 details
Used Configuration
- BOSH Version: 152
- Stemcell Version: 2889
- CC Api Version: 2.27.0
Compatible Diego Version
- final release 0.1247.0 commit
Manifest and Job Spec Changes
- properties.acceptance_tests.skip_regex added
- properties.app_ssh.host_key_fingerprint added
- properties.app_ssh.port defaults to 2222
- properties.uaa.newrelic added
- properties.login.logout.redirect.parameter.whitelist
v209
The cf-release v209 was released on May 20, 2015
- Please see note about merge of UAA/Login server jobs on cf-release v208
- Note manifest changes below
- Note: A bug was found where CC and Worker jobs were not updating when using NFS as a blobstore. details
Runtime
- [Experimental] Work continues on support for Asynchronous Service Instance Operations details
- Support for configurable max polling duration
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Route API details
- [Experimental] Work continues on Context Path Routes details
- Work continues on support for Service Keys details
- Orphan Mitigation implemented
- Support for brokers to reject bind requests without app_guid with an error code
- Arbitrary Service Parameters can be provided with calls to create service instance, update, bind, and create key details
- Broker api version incremented to 2.5, docs will be published shortly
- CLI work in progress
- /v2/service_usage_events now supports service_guid query param details
- SpaceManager now has read-permissions to /v2/service_instances, just as SpaceAuditor. Credentials are redacted details
- Rake is now configured to autocorrect rubocop errors; Rake should fail less often on first attempt details.
- Environment variables are now redacted from varz details
- cloudfoundry/gorouter #82: Record number of bytes in the request details
- This changes the format of messages recorded in the access log.
- Format:
Host - [StartTime] "Method RequestURI Protocol" StatusCode RequestBytesReceived BodyBytesSent "Referer" "User-Agent" RemoteAddr x_forwarded_for:"X-Forwarded-For" vcap_request_id:X-Vcap-Request-Id response_time:ResponseTime app_id:ApplicationId
- Example:
api.a1.cf-app.com - [15/05/2015:02:17:03 +0000] "GET /v2/spaces/3dd21504-7d75-4d01-a87f-e781b3f9729b/service_instances?return_user_provided_service_instances=true&q=name%3A1f4f6404-e204-4de4-4a95-7090d0a96a61&inline-relations-depth=1 HTTP/1.1" 200 0 3903 "-" "go-cli 6.11.1-4ef66f6 / linux" 10.10.66.195:14840 x_forwarded_for:"54.208.54.151" vcap_request_id:40d0b05a-ae34-4161-47c1-9500022731cb response_time:0.045296582 app_id:
Loggregator
- Bug fix: logs endpoint no longer hangs if doppler is down details
- Enabled scaling of unmarshallers to reduce message loss details
- Removed WWW-Authenticate from non-401 responses details
UAA
- Adjusted scopes for the identity client example details
- Handling of SAML metadata is now more lenient
details - Several additional DB properties are now configurable in manifest details
- Improved readability/usability of the internal hostnames property details
- Client display name is now used on Approvals page if it is available details
Used Configuration
- BOSH Version: 152
- Stemcell Version: 2889
- CC Api Version: 2.27.0
Compatible Diego Version
- final release 0.1209.0 commit
Manifest and Job Spec Changes
Added "binary_buildpack" buildpack to cc.system_buildpacks and cc.install_buildpacks
properties.acceptance_tests.include_routing_api defaults to false
properties.acceptance_tests.system_domain used for routing api specs
properties.acceptance_tests.oauth_password used for routing api specs
properties.uaa.database.max_connections defaults to 100
properties.uaa.database.max_idle_connections defaults to 10
properties.uaa.database.remove_abandoned defaults to false
properties.uaa.database.abandoned_timeout defaults to 300
properties.uaa.database.log_abandoned defaults to true
properties.uaa.zones.internal.hostnames defaults to [uaa.service.consul]
properties.login.logout.redirect.url
properties.login.logout.redirect.parameter.disable
properties.doppler.unmarshaller_count defaults to 5
properties.metron_agent.deployment
v208
The cf-release v208 was released on May 12th, 2015
- Please see note about merge of UAA/Login server jobs below to maintain zero down time for CC and UAA for existing deployments.
- A change in the templates to no longer include resource pool sizes requires a minimum bosh director of v149.
- Note: A bug was found where CC and Worker jobs were not updating when using NFS as a blobstore. details
Runtime
- [Experimental] Work continues on support for Asynchronous Service Instance Operations details
- Completed Improvements to Recursive Deletion of Org and Space, in support of Asynchronous Service Operations details
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Route API details
- [Experimental] Work continues on Context Path Routes details
- Work continues on support for Service Keys details
- Work continues on support for Arbitrary Service Parameters details
- Adjusted ephemeral disk sizes on new instance types for AWS template to be more realistic details
- Including staticfile buildpack v1.0.0 details
- Removed separate login job from minimal aws deployment details
- Allow acceptance test timeouts to be set via manifest details
- Update default cipher list for haproxy and gorouter details
- Addressed tcpdump CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155 details
- Upgrading php buildpack to v3.1.1 details
- Manifest templates no longer include resource pool sizes details
- Requires minimum bosh director v149
- Upgrading ruby buildpack to v1.3.1 details
- Bump CLI to 6.11.1 for CATS and remove darwin CLI details
- Upgrade cf-release to use ruby 2.1.6 and remove ruby 2.1.4 for CC, Collector, Warden, DEA details
- Addresses ruby CVE-2015-1855
- cloudfoundry/cf-release #660: Add security group for cf-mysql subnets to bosh-lite details
- Adjust VCAP_ID as endpoint/sticky cookie changes details
- Disable compression when creating proxy connection details
- cleanup regex details
- A space developer can create a wildcard route for private domains details
- Allow commands to be reset to nothing details
UAA Updates
- Merged UAA & Login Server details
- Multi-tenant UAA details
- Registering wildcard routes for *.login and *.uaa details
- Zero Downtime Upgrade Procedure
- Perform the cf-release upgrade and keep number of login server of jobs the same as your existing deploy.
- Change the number of Login Server Job instances to 0 and re-deploy after initial deploy completes.
Note: The combination of Older Login Server jobs and the newly merged UAA/Login Server job is not supported. This should be done only for a short duration to achieve the zero downtime. The Login Server instances should be deleted via a bosh redeploy immediately after a successful upgrade
Used Configuration
- BOSH Version: 152
- Stemcell Version: 2889
- CC Api Version: 2.25.0
Compatible Diego Version
- final release 1198 commit
Manifest and Job Spec Changes
jobs.login_z1.instances
changed to 0jobs.login_z2.instances
changed to 0properties.cc.allow_app_ssh_access
added- Set to "true" to allow SSH to Diego apps
- Not yet supported for configurations using HAProxy
- Added "staticfile_buildpack" buildpack to
cc.system_buildpacks
andcc.install_buildpacks
ha_proxy.ssl_ciphers
Reduced the set of default ciphers- Acceptance Test timeouts configurable via manifest properties
acceptance_tests.default_timeout
acceptance_tests.cf_push_timeout
acceptance_tests.long_curl_timeout
acceptance_tests.broker_start_timeout
v207
The cf-release v207 was released on April 16th, 2015
- Note: In this release we have changed the default rootfs to cflinuxfs2 details
- Note: A bug was found where CC and Worker jobs were not updating when using NFS as a blobstore. details
Runtime
- Fixed a bug introduced in v206 where apps using the python buildpack with cflinuxfs2 stack failed to run details
- cloudfoundry/cf-release #658: Java buildpack v3.0 details
- Added a new end point /v2/spaces/:guid/user_roles details
- Apps are now queryable by stack_guid details
- Update Sequel and add a index on droplets.droplet_hash details
- Improves general query performance against ccdb
- Fixed an issue where gorouters were always taking 15 minutes to drain detail
- [Experimental] Work continues on support for Asynchronous Service Instance Operations details
- Work continues on improvements to Recursive Space Deletion details
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Route API details
- Work continues on support for Service Keys details
- Work continues on support for Arbitrary Service Parameters details
Loggregator
Features
- Metron now supports statsd protocol endpoint. Details to follow in add'l vcap-dev post.
- Loggregator now generates UUID for components. details
- Additional Doppler integration tests to prevent regression:
- PR: Updated go package path. details
- PR: InstrumentedResponseWriter conforms to CloseNotifier interface. details
Bugs
- Fixed an issue where an incorrect typecast would cause a Doppler panic. details
- Fixed Doppler incorrectly computing totalDroppedMessages as a result of fixing typecast issue. details
- PR: Fixed an issue where syslog drain binder assumes that cc is available via http by default. details
- PR: Additional typos and broken links. detail 1 detail 2
Used Configuration
- BOSH Version: 152
- Stemcell Version: 2889
- CC Api Version: 2.25.0
Compatible Diego Version
- final release 0.1099.0 commit