Release notes for Spring Cloud Services for VMware Tanzu

Known issues

Spring Cloud Services v3.2 requires more disk space

Important Spring Cloud Services v3.2 uses Ubuntu Jammy stemcell which requires more disk space than Ubuntu Xenial used in v3.1. To avoid installation failure due to insufficient disk space, make sure the VM has the minimum 12GB disk space. See product upgrades for troubleshooting assistance.

Spring Cloud Services v3.2.2 and earlier may leak proxy credentials in Mirror Service VM logs

When a proxy is used with a username+password in a git repository URL, where that git repository also uses username:password access in the URL, the proxy username:password credentials are visible at log level INFO in the Mirror Service VM logs.

This issue can be resolved by changing the Mirror Service log level to WARN or ERROR. Upgrading to SCS 3.2.3 will remove any username:password combination in a source repository URL.

v3.2.5

Release Date: 26th June 2024

Bug fixes

  • Fixes an issue in the Config Server dashboard, which was crashing if the default label did not exist in the git repository.
  • Fixes an issue in the Config Server dashboard, which was crashing if the default "main" label did not exist in the git repository. Fallback to "master" is now functional.
  • Fixes an issue in Config Server where composite vault backend values were not working.
  • Allows more git repository branches and labels to be used with Config Server by increasing the Direct Memory allocation from 10M to 24M.

v3.2.4

Release Date: 29th April 2024

Bug fixes

  • Fixes an issue in Service Registry where overriddenStatus was set to null (instead of UNKNOWN) during registration of non-Java client applications.

More details: This is only reproducible if client application is not a Java Application. The Eureka client library for Java sets the default overriddenStatus to UNKNOWN explicitly. But other third-party client libraries (nodejs for example) do not set the value, which is allowed when using the OSS Service Registry. In SCS Service Registry, we are doing an unmarshalling and then marshalling, in order to add fields to the payload. During this marshalling, if overriddenStatus is null, a NPE will be thrown. We’ve fixed the issue in v3.2.4 by setting the missing overriddenStatus to UNKNOWN, just before marshalling the registration.

Security fixes

The following CVEs are addressed in this release.

  • CVE-2024-22257
  • CVE-2024-22262
  • CVE-2024-22259
  • CVE-2024-26308
  • CVE-2024-25710
  • CVE-2024-29025
  • CVE-2023-52428

Dependency upgrades

The following dependencies are upgraded in this release.

  • Spring Boot to 3.1.11

v3.2.3

Release Date: 13th March 2024

New features

This release includes the following enhancements and changes.

  • Adds additional masking to logs to properly mask credentials in git urls where proxy credentials are in use.

Security fixes

The following CVEs are addressed in this release.

  • CVE-2024-22234
  • CVE-2024-22243
  • CVE-2024-20918
  • CVE-2024-20952
  • CVE-2024-20932

Dependency upgrades

The following dependencies are upgraded in this release.

  • Spring Boot to 3.1.9
  • PXC (MySQL) to 1.0.24
  • Routing to 0.292.0
  • Backup and Restore SDK to 1.19.3
  • BPM to 1.2.16
  • OpenJDK to 17.0.10
  • Git to 2.44.0

v3.2.2

Release Date: 10th January 2024

New features

This release includes the following enhancements and changes.

  • Switches from non-TLS NATS endpoint to TLS NATS endpoint. The non-TLS NATS endpoint will be deprecated in TAS v6.0 and then removed in TAS v7.0.
  • The minimum required disk space has been increased to 10GB, in order to avoid insufficient disk space issue during upgrade.

Security fixes

Following CVEs are addressed in this release.

  • CVE-2023-34053
  • CVE-2023-6378
  • CVE-2023-3635

Java dependency upgrades

Following dependencies are upgraded in this release.

  • Spring Boot to 3.1.6

v3.2.1

Release Date: 1st December 2023

Security fixes

Following CVEs are addressed in this release.

  • CVE-2023-5072
  • CVE-2023-41080
  • CVE-2023-42795
  • CVE-2023-45648
  • CVE-2023-42794

Java dependency upgrades

Following dependencies are upgraded in this release.

  • Spring Boot to 3.1.5

Bosh release upgrades

Following bosh releases and blobs are upgraded in this release.

  • PXC (MySQL) to 1.0.20
  • Routing to 0.284.0
  • Backup and Restore SDK to 1.18.106
  • BPM to 1.2.11
  • OpenJDK to 17.0.9
  • Git to 2.42.1

v3.2.0

Release Date: 18th October 2023

New features

This release includes the following enhancements and changes.

  • The Spring Cloud Services has been upgraded to Spring Boot 3.1.x and Spring Cloud 2202.0.x
  • The Spring Cloud Services Stemcell upgraded to Ubuntu Jammy.
  • The Spring Cloud Services has been updated to support custom JWT Issuer specified in TAS UAA settings.
  • Upgrade All Instances Errand has been updated to:
    • Attempt to upgrade all instances, including those in failed state.
    • Continue the errand execution after individual SI upgrade failures
    • Better logging for failed upgrades.
  • Stack property has been added to the tile configuration. the default value is cflinuxfs4.
  • Service Registry has been upgraded to Netflix Eureka 2.0
  • Default label in Config Server has been changed to main.
  • Connection timeout had been added to Config Server configuration.
  • Number Of instances (count) has been added into Config Server Dashboard page.

Java dependency upgrades

Following dependencies are upgraded in this release.

  • Spring Boot to 3.1.4
  • Spring Cloud to 2022.0.4
  • Spring Cloud Open Service Broker to 4.1.0
  • Spring Cloud App Broker to 2.1.0

Bosh release upgrades

Following bosh releases and blobs are upgraded in this release.

  • PXC (MySQL) to 1.0.17
  • Routing to 0.281.0
  • Backup and Restore SDK to 1.18.92
  • BPM to 1.2.7
  • OpenJDK to 17.0.8.1
  • Git to 2.42.0

Breaking changes

This release includes the following breaking changes, listed by component and area.

Config Server

  • In SCS v3.2, Config Server uses main as default label, instead of master in earlier versions. If all your service instances are configured with a label explicitly, the upgrade can be done simply by running upgrade-all-instances errand during 3.2.x tile installation or after. But if the service instances have been relying on the default value (master) for the label, you need to take the following actions before running the upgrade-all-instanes errand:

    • Git backends: You can rename the master branch to main or create a new branch called main from the master branch. Alternatively, you can update all service instances by setting label to master explicitly.
    • CredHub backends: You need to update all secrets by replacing master with main in their path.

Service Registry

  • The SPRING_APPLICATION_JSON environment variable has been removed from the Backing Application of Service Registry service instances. This should not impact any existing service instance or application but tools or scripts which have been using this variable need to be updated.
check-circle-line exclamation-circle-line close-line
Scroll to top icon