Please do not upgrade to v2.1.4 or v2.1.5 Spring Cloud Gateway for VMware Tanzu v2.1.4 and v2.1.5 are affected by a TLS certificate configuration issue which prevents successful installation. Please avoid upgrading to these versions.
v2.1.8
Release Date: Sept 27, 2024
Enhancements included in this release
Resolved security vulnerabilities:
- CVE-2024-22262 (Bouncy Castle Java)
v2.1.7
Release Date: Aug 8, 2024
Enhancements included in this release
Resolved security vulnerabilities:
- CVE-2024-22262 (spring-web)
v2.1.6
Release Date: Apr 10, 2024
Enhancements included in this release
- Fixed a NATS TLS configuration issue which prevented successful installation of v2.1.4 and v2.1.5
v2.1.5
Release Date: Apr 9, 2024
Enhancements included in this release
- Improvements to Hazelcast graceful shutdown.
- The Spring Cloud Gateway tile now defaults to not using Redis, even if the Redis tile is already installed in Ops Manager. Redis is still recommended for highly available deployments, but this change removes the requirement to provide explicit configuration in order to install Spring Cloud Gateway when Redis is present.
Resolved security vulnerabilities:
- CVE-2023-52428 (nimbus-jose-jwt)
- CVE-2024-22257 (spring-security-core)
- CVE-2024-22259 (spring-web)
v2.1.4
Release Date: Mar 12, 2024
Enhancements included in this release
- Adds compatibility with TAS 6.0
Resolved security vulnerabilities:
- CVE-2023-33201 (bcprov-jdk18on)
- CVE-2024-22234 (spring-security-core)
- CVE-2024-22243 (spring-web)
- CVE-2024-26308 (commons-compress)
v2.1.3
Release Date: Feb 2, 2024
Enhancements included in this release
Resolved security vulnerabilities:
- CVE-2024-20918 (BellSoft Liberica JRE)
- CVE-2024-20932 (BellSoft Liberica JRE)
- CVE-2024-20952 (BellSoft Liberica JRE)
v2.1.2
Release Date: Dec 19, 2023
Enhancements included in this release
Resolved security vulnerabilities:
- CVE-2023-6378 (logback-core)
- CVE-2023-34054 (reactor-netty-http)
- CVE-2023-34062 (reactor-netty-http)
v2.1.1
Release Date: Nov 24, 2023
Enhancements included in this release
- Resolved security vulnerabilities: CVE-2023-29400 (golang) and GHSA-xpw8-rcwv-8f8p (io.netty)
BOSH release updates
- Backing and Restore SDK 1.18.107
- BPM 1.2.11
- PXC 1.0.20
- Routing 0.284.0
v2.1.0
Release Date: Oct 30, 2023
Enhancements included in this release
- Compatibility with VMware Tanzu Application Service 5.0
- Gateway service instance backing apps now default to the
cflinuxfs4
stack
- All Gateway backing apps are upgraded to
cflinuxfs4
by the upgrade-all-instances
errand
- Added the following filters: JsonToXml, Replay, RestrictRequestHeaders, RewriteJsonAttributesResponseBody, XmlToJson
- Ability to remove specific API routes from auto-generated OpenAPI specification
- Ability to filter by Organization, Space, API gateway service instance name, API version and/or API group ID when using the
/openapi
endpoint
- Improved execution of
upgrade-all-instances
errand to handle failed or in-progress operations on service instances
- Improved BOSH job logging
Significant dependency updates
- Spring Boot 3.1.4
- Spring Cloud 2022.0.4
- Spring Cloud Gateway 4.0.7
- Spring Cloud App Broker 2.1.0
- Spring CredHub 3.1.0
BOSH release updates
- Backing and Restore SDK 1.18.99
- BPM 1.2.8
- PXC 1.0.17
- Routing 0.281.0