Release notes for Spring Cloud Services for VMware Tanzu
Spring Cloud Services v3.2 uses Ubuntu Jammy stemcell which requires more disk space than Ubuntu Xenial used in v3.1. To avoid installation failure due to insufficient disk space, make sure the VM has the minimum 12GB disk space. See product upgrades for troubleshooting assistance.
v3.2.7
Release Date: 9th October 2024
Bug fixes
- Fixes the UI issue in Service Registry dashboard.
- Fixes the timeout issue in upgrade-all-instances errand by upgrading Spring Cloud App Broker library.
Dependency upgrades
The following dependencies are upgraded in this release.
- Spring Boot to 3.3.4
- Spring Cloud App Broker to 2.3.1
- PXC (MySQL) to 1.0.31
- Routing to 0.312.0
- Backup and Restore SDK to 1.19.33
- BPM to 1.3.3
- OpenJDK to 17.0.12
- Git to 2.46.2
v3.2.6
Release Date: 26th July 2024
Bug fixes
- Adds back the service instance logging endpoint that enables Service Instance Logging Plugin to retrieve Config Server and Service Registry logs.
Dependency upgrades
The following dependencies are upgraded in this release.
- Spring Boot to 3.3.2
- Spring Cloud to 2023.0.3
- Spring Cloud Open Service Broker to 4.3.0
- Spring Cloud App Broker to 2.3.0
- Spring CredHub to 3.3.0
- Cloud Foundry Java Client to 5.12.2
- PXC (MySQL) to 1.0.30
- Routing to 0.301.0
- Backup and Restore SDK to 1.19.22
- BPM to 1.2.23
- OpenJDK to 17.0.11
- Git to 2.45.2
v3.2.5
Release Date: 26th June 2024
Bug fixes
- Fixes an issue in the Config Server dashboard, which was crashing if the default label did not exist in the git repository.
- Fixes an issue in the Config Server dashboard, which was crashing if the default "main" label did not exist in the git repository. Fallback to "master" is now functional.
- Fixes an issue in Config Server where composite vault backend values were not working.
- Allows more git repository branches and labels to be used with Config Server by increasing the Direct Memory allocation from 10M to 24M.
v3.2.4
Release Date: 29th April 2024
Bug fixes
- Fixes an issue in Service Registry where overriddenStatus was set to null (instead of UNKNOWN) during registration of non-Java client applications.
More details: This is only reproducible if client application is not a Java Application. The Eureka client library for Java sets the default overriddenStatus to UNKNOWN explicitly. But other third-party client libraries (nodejs for example) do not set the value, which is allowed when using the OSS Service Registry. In SCS Service Registry, we are doing an unmarshalling and then marshalling, in order to add fields to the payload. During this marshalling, if overriddenStatus is null, a NPE will be thrown. We’ve fixed the issue in v3.2.4 by setting the missing overriddenStatus to UNKNOWN, just before marshalling the registration.
Security fixes
The following CVEs are addressed in this release.
- CVE-2024-22257
- CVE-2024-22262
- CVE-2024-22259
- CVE-2024-26308
- CVE-2024-25710
- CVE-2024-29025
- CVE-2023-52428
Dependency upgrades
The following dependencies are upgraded in this release.
- Spring Boot to 3.1.11
v3.2.3
Release Date: 13th March 2024
New features
This release includes the following enhancements and changes.
- Adds additional masking to logs to properly mask credentials in git urls where proxy credentials are in use.
Security fixes
The following CVEs are addressed in this release.
- CVE-2024-22234
- CVE-2024-22243
- CVE-2024-20918
- CVE-2024-20952
- CVE-2024-20932
Dependency upgrades
The following dependencies are upgraded in this release.
- Spring Boot to 3.1.9
- PXC (MySQL) to 1.0.24
- Routing to 0.292.0
- Backup and Restore SDK to 1.19.3
- BPM to 1.2.16
- OpenJDK to 17.0.10
- Git to 2.44.0
v3.2.2
Release Date: 10th January 2024
New features
This release includes the following enhancements and changes.
- Switches from non-TLS NATS endpoint to TLS NATS endpoint. The non-TLS NATS endpoint will be deprecated in TAS v6.0 and then removed in TAS v7.0.
- The minimum required disk space has been increased to 10GB, in order to avoid insufficient disk space issue during upgrade.
Security fixes
Following CVEs are addressed in this release.
- CVE-2023-34053
- CVE-2023-6378
- CVE-2023-3635
Java dependency upgrades
Following dependencies are upgraded in this release.
- Spring Boot to 3.1.6
v3.2.1
Release Date: 1st December 2023
Security fixes
Following CVEs are addressed in this release.
- CVE-2023-5072
- CVE-2023-41080
- CVE-2023-42795
- CVE-2023-45648
- CVE-2023-42794
Java dependency upgrades
Following dependencies are upgraded in this release.
- Spring Boot to 3.1.5
Bosh release upgrades
Following bosh releases and blobs are upgraded in this release.
- PXC (MySQL) to 1.0.20
- Routing to 0.284.0
- Backup and Restore SDK to 1.18.106
- BPM to 1.2.11
- OpenJDK to 17.0.9
- Git to 2.42.1
v3.2.0
Release Date: 18th October 2023
New features
This release includes the following enhancements and changes.
- The Spring Cloud Services has been upgraded to Spring Boot 3.1.x and Spring Cloud 2202.0.x
- The Spring Cloud Services Stemcell upgraded to Ubuntu Jammy.
- The Spring Cloud Services has been updated to support custom JWT Issuer specified in TAS UAA settings.
- Upgrade All Instances Errand has been updated to:
- Attempt to upgrade all instances, including those in failed state.
- Continue the errand execution after individual SI upgrade failures
- Better logging for failed upgrades.
- Stack property has been added to the tile configuration. the default value is
cflinuxfs4. - Service Registry has been upgraded to Netflix Eureka 2.0
- Default label in Config Server has been changed to
main. - Connection
timeouthad been added to Config Server configuration. - Number Of instances (count) has been added into Config Server Dashboard page.
Java dependency upgrades
Following dependencies are upgraded in this release.
- Spring Boot to 3.1.4
- Spring Cloud to 2022.0.4
- Spring Cloud Open Service Broker to 4.1.0
- Spring Cloud App Broker to 2.1.0
Bosh release upgrades
Following bosh releases and blobs are upgraded in this release.
- PXC (MySQL) to 1.0.17
- Routing to 0.281.0
- Backup and Restore SDK to 1.18.92
- BPM to 1.2.7
- OpenJDK to 17.0.8.1
- Git to 2.42.0
Breaking changes
This release includes the following breaking changes, listed by component and area.
Config Server
In SCS v3.2, Config Server uses
mainas default label, instead ofmasterin earlier versions. If all your service instances are configured with a label explicitly, the upgrade can be done simply by runningupgrade-all-instanceserrand during 3.2.x tile installation or after. But if the service instances have been relying on the default value (master) for the label, you might need to take the following actions before running theupgrade-all-instanceserrand:Git backends: Config Server tries a branch named
mainfirst. Ifmainbranch does not exist, it will also try to checkout a branch namedmaster. If you want avoid the fallback call and let Config Server find the default label in the first attempt, you can do one of the followings:- You can rename the
masterbranch tomain, if the git repository is only used by SCS v3.2. - You can create a new branch called
mainfrom the existingmasterbranch, if the git repository is used by both SCS v3.1 and v3.2. - You can update all service instances by setting
labeltomasterexplicitly. - Or you can configure the client applications to use
masterlabel usingspring.cloud.config.label.
- You can rename the
CredHub backends: You need to update all secrets by replacing
masterwithmainin their path. Alternatively, you can configure the client applications to usemasterlabel viaspring.cloud.config.label.
Service Registry
- The
SPRING_APPLICATION_JSONenvironment variable has been removed from the Backing Application of Service Registry service instances. This should not impact any existing service instance or application but tools or scripts which have been using this variable need to be updated.
Known issues
Spring Cloud Services v3.2 requires more disk space
Spring Cloud Services v3.2 uses Ubuntu Jammy stemcell which requires more disk space than Ubuntu Xenial used in v3.1. To avoid installation failure due to insufficient disk space, make sure the VM has the minimum 12GB disk space. See product upgrades for troubleshooting assistance.
Spring Cloud Services v3.2.2 and earlier may leak proxy credentials in Mirror Service VM logs
When a proxy is used with a username+password in a git repository URL, where that git repository also uses username:password access in the URL, the proxy username:password credentials are visible at log level INFO in the Mirror Service VM logs.
This issue can be resolved by changing the Mirror Service log level to WARN or ERROR. Upgrading to SCS 3.2.3 will remove any username:password combination in a source repository URL.
