Release notes for Spring Cloud Services for VMware Tanzu

Spring Cloud Services v3.2 uses Ubuntu Jammy stemcell which requires more disk space than Ubuntu Xenial used in v3.1. To avoid installation failure due to insufficient disk space, make sure the VM has the minimum 12GB disk space. See product upgrades for troubleshooting assistance.

v3.2.7

Release Date: 9th October 2024

Bug fixes

  • Fixes the UI issue in Service Registry dashboard.
  • Fixes the timeout issue in upgrade-all-instances errand by upgrading Spring Cloud App Broker library.

Dependency upgrades

The following dependencies are upgraded in this release.

  • Spring Boot to 3.3.4
  • Spring Cloud App Broker to 2.3.1
  • PXC (MySQL) to 1.0.31
  • Routing to 0.312.0
  • Backup and Restore SDK to 1.19.33
  • BPM to 1.3.3
  • OpenJDK to 17.0.12
  • Git to 2.46.2

v3.2.6

Release Date: 26th July 2024

Bug fixes

  • Adds back the service instance logging endpoint that enables Service Instance Logging Plugin to retrieve Config Server and Service Registry logs.

Dependency upgrades

The following dependencies are upgraded in this release.

  • Spring Boot to 3.3.2
  • Spring Cloud to 2023.0.3
  • Spring Cloud Open Service Broker to 4.3.0
  • Spring Cloud App Broker to 2.3.0
  • Spring CredHub to 3.3.0
  • Cloud Foundry Java Client to 5.12.2
  • PXC (MySQL) to 1.0.30
  • Routing to 0.301.0
  • Backup and Restore SDK to 1.19.22
  • BPM to 1.2.23
  • OpenJDK to 17.0.11
  • Git to 2.45.2

v3.2.5

Release Date: 26th June 2024

Bug fixes

  • Fixes an issue in the Config Server dashboard, which was crashing if the default label did not exist in the git repository.
  • Fixes an issue in the Config Server dashboard, which was crashing if the default "main" label did not exist in the git repository. Fallback to "master" is now functional.
  • Fixes an issue in Config Server where composite vault backend values were not working.
  • Allows more git repository branches and labels to be used with Config Server by increasing the Direct Memory allocation from 10M to 24M.

v3.2.4

Release Date: 29th April 2024

Bug fixes

  • Fixes an issue in Service Registry where overriddenStatus was set to null (instead of UNKNOWN) during registration of non-Java client applications.

More details: This is only reproducible if client application is not a Java Application. The Eureka client library for Java sets the default overriddenStatus to UNKNOWN explicitly. But other third-party client libraries (nodejs for example) do not set the value, which is allowed when using the OSS Service Registry. In SCS Service Registry, we are doing an unmarshalling and then marshalling, in order to add fields to the payload. During this marshalling, if overriddenStatus is null, a NPE will be thrown. We’ve fixed the issue in v3.2.4 by setting the missing overriddenStatus to UNKNOWN, just before marshalling the registration.

Security fixes

The following CVEs are addressed in this release.

  • CVE-2024-22257
  • CVE-2024-22262
  • CVE-2024-22259
  • CVE-2024-26308
  • CVE-2024-25710
  • CVE-2024-29025
  • CVE-2023-52428

Dependency upgrades

The following dependencies are upgraded in this release.

  • Spring Boot to 3.1.11

v3.2.3

Release Date: 13th March 2024

New features

This release includes the following enhancements and changes.

  • Adds additional masking to logs to properly mask credentials in git urls where proxy credentials are in use.

Security fixes

The following CVEs are addressed in this release.

  • CVE-2024-22234
  • CVE-2024-22243
  • CVE-2024-20918
  • CVE-2024-20952
  • CVE-2024-20932

Dependency upgrades

The following dependencies are upgraded in this release.

  • Spring Boot to 3.1.9
  • PXC (MySQL) to 1.0.24
  • Routing to 0.292.0
  • Backup and Restore SDK to 1.19.3
  • BPM to 1.2.16
  • OpenJDK to 17.0.10
  • Git to 2.44.0

v3.2.2

Release Date: 10th January 2024

New features

This release includes the following enhancements and changes.

  • Switches from non-TLS NATS endpoint to TLS NATS endpoint. The non-TLS NATS endpoint will be deprecated in TAS v6.0 and then removed in TAS v7.0.
  • The minimum required disk space has been increased to 10GB, in order to avoid insufficient disk space issue during upgrade.

Security fixes

Following CVEs are addressed in this release.

  • CVE-2023-34053
  • CVE-2023-6378
  • CVE-2023-3635

Java dependency upgrades

Following dependencies are upgraded in this release.

  • Spring Boot to 3.1.6

v3.2.1

Release Date: 1st December 2023

Security fixes

Following CVEs are addressed in this release.

  • CVE-2023-5072
  • CVE-2023-41080
  • CVE-2023-42795
  • CVE-2023-45648
  • CVE-2023-42794

Java dependency upgrades

Following dependencies are upgraded in this release.

  • Spring Boot to 3.1.5

Bosh release upgrades

Following bosh releases and blobs are upgraded in this release.

  • PXC (MySQL) to 1.0.20
  • Routing to 0.284.0
  • Backup and Restore SDK to 1.18.106
  • BPM to 1.2.11
  • OpenJDK to 17.0.9
  • Git to 2.42.1

v3.2.0

Release Date: 18th October 2023

New features

This release includes the following enhancements and changes.

  • The Spring Cloud Services has been upgraded to Spring Boot 3.1.x and Spring Cloud 2202.0.x
  • The Spring Cloud Services Stemcell upgraded to Ubuntu Jammy.
  • The Spring Cloud Services has been updated to support custom JWT Issuer specified in TAS UAA settings.
  • Upgrade All Instances Errand has been updated to:
    • Attempt to upgrade all instances, including those in failed state.
    • Continue the errand execution after individual SI upgrade failures
    • Better logging for failed upgrades.
  • Stack property has been added to the tile configuration. the default value is cflinuxfs4.
  • Service Registry has been upgraded to Netflix Eureka 2.0
  • Default label in Config Server has been changed to main.
  • Connection timeout had been added to Config Server configuration.
  • Number Of instances (count) has been added into Config Server Dashboard page.

Java dependency upgrades

Following dependencies are upgraded in this release.

  • Spring Boot to 3.1.4
  • Spring Cloud to 2022.0.4
  • Spring Cloud Open Service Broker to 4.1.0
  • Spring Cloud App Broker to 2.1.0

Bosh release upgrades

Following bosh releases and blobs are upgraded in this release.

  • PXC (MySQL) to 1.0.17
  • Routing to 0.281.0
  • Backup and Restore SDK to 1.18.92
  • BPM to 1.2.7
  • OpenJDK to 17.0.8.1
  • Git to 2.42.0

Breaking changes

This release includes the following breaking changes, listed by component and area.

Config Server

  • In SCS v3.2, Config Server uses main as default label, instead of master in earlier versions. If all your service instances are configured with a label explicitly, the upgrade can be done simply by running upgrade-all-instances errand during 3.2.x tile installation or after. But if the service instances have been relying on the default value (master) for the label, you might need to take the following actions before running the upgrade-all-instances errand:

    • Git backends: Config Server tries a branch named main first. If main branch does not exist, it will also try to checkout a branch named master. If you want avoid the fallback call and let Config Server find the default label in the first attempt, you can do one of the followings:

      • You can rename the master branch to main, if the git repository is only used by SCS v3.2.
      • You can create a new branch called main from the existing master branch, if the git repository is used by both SCS v3.1 and v3.2.
      • You can update all service instances by setting label to master explicitly.
      • Or you can configure the client applications to use master label using spring.cloud.config.label.
    • CredHub backends: You need to update all secrets by replacing master with main in their path. Alternatively, you can configure the client applications to use master label via spring.cloud.config.label.

Service Registry

  • The SPRING_APPLICATION_JSON environment variable has been removed from the Backing Application of Service Registry service instances. This should not impact any existing service instance or application but tools or scripts which have been using this variable need to be updated.

Known issues

Spring Cloud Services v3.2 requires more disk space

Spring Cloud Services v3.2 uses Ubuntu Jammy stemcell which requires more disk space than Ubuntu Xenial used in v3.1. To avoid installation failure due to insufficient disk space, make sure the VM has the minimum 12GB disk space. See product upgrades for troubleshooting assistance.

Spring Cloud Services v3.2.2 and earlier may leak proxy credentials in Mirror Service VM logs

When a proxy is used with a username+password in a git repository URL, where that git repository also uses username:password access in the URL, the proxy username:password credentials are visible at log level INFO in the Mirror Service VM logs.

This issue can be resolved by changing the Mirror Service log level to WARN or ERROR. Upgrading to SCS 3.2.3 will remove any username:password combination in a source repository URL.

check-circle-line exclamation-circle-line close-line
Scroll to top icon