This topic includes release notes for Windows stemcells used with Tanzu Application Service (TAS for VMs) for Windows 2012R2.

To download a stemcell, see Stemcells (Windows) on the Broadcom Support portal.

1200.38

Security Fix

Bug Fix

  • Fixed a bug that left user directories on the target machines after a user had terminated a BOSH ssh connection into that machine
    • Deleted: .ssh directory and all normal files in the home directory that may have been created during the ssh session
    • Not Deleted: .dat files loaded as part of the registry hive when a user logs in. Files will exist with file locks until the next VM reboot.

1200.37

Features

1200.36

Features

  • Includes July 2019 Microsoft Security Updates
  • We aren’t shipping an Azure stemcell for 2012 R2 for this release, since there are compatibility issues with Windows Updates for July for Azure only.

1200.35

Features

1200.33

Features

1200.32

Features

1200.31

Features

Bug Fix

  • Disabled additional configuration related to NetBios. See the Pivotal Tracker story.

1200.30

Features

1200.29

Bug Fix

  • Symlinks in 2012R2 were not getting cleaned up properly, causing issues with BOSH DNS. This bug was blocking an urgent release of BOSH DNS due to a GoLang CVE. This issue is resolved.

1200.28

Features

1200.27

Features

1200.26

Features

1200.25

Features

  • Intended for use with October 2018 Microsoft Security Updates.
  • To ensure a consistent runtime for our users, we now manage the version of PowerShell for 2012R2. We upgraded the PowerShell version to v5.1 in this release.

Bug Fix

  • Intermittent “Access denied” errors during compilation phase of PAS-W deployments. We have added a fix to potentially resolve them.

1200.24

Release Date: September 24, 2018

Features

Bug Fix

  • Previously, the os_version argument was mandatory during the Invoke-Sysprep step. The OS is now detected by default, and the os_version argument is optional.

1200.23

Release Date: August 27, 2018

Features

  • Intended for use with the August 2018 Microsoft Security Updates.
  • Includes an important Microsoft Security Update that provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF). For more information, see Windows Support.
  • Compatible with the latest stable OpenSSH version, OpenSSH_for_Windows_v7.7.2.0p1-Beta. This version fixed the issue of OpenSSH logs filling up the disk.

Security Update

  • Disabled use of TLS 1.0 by SSL/TLS server and client.
  • Disabled RC4 and DCOM.
  • Disabled triple-DES cipher to mitigate against Sweet32: Birthday attacks on 64-bit block ciphers in TLS.

1200.22

Release Date: August 9, 2018

  • Intended for use with the July 2018 Microsoft security updates.
  • Intended for use with the Security and Quality Rollup updates for .NET Framework.
  • Bug Fix: Previously, when operators selected the Encrypt Linux EBS Volumes checkbox in the IaaS-specific configuration section of the BOSH Director tile, the deployment of PAS for Windows would fail. This release enables operators to select the Encrypt Linux EBS Volumes checkbox without the deployment of PAS for Windows failing. However, only Linux VMs will be encrypted, not Windows VMs.

1200.21

Release Date: July 9, 2018

  • Intended for use with June 2018 Microsoft security updates.
  • Includes CIS MS-L1 v2.2.1 security hardening for the public IaaSes (Azure, AWS and GCP)

1200.19

Release Date: June 1, 2018

  • Bug Fix: Includes a fix to support syncing as stated by Microsoft even when the time is drastically off.

1200.18

Release Date: May 18, 2018

  • Intended for use with May 2018 Microsoft security updates.

1200.17

Release Date: May 8, 2018

  • Intended for use with April 2018 Microsoft security updates.
  • Fixed a security issue.
  • Includes fixes for these security updates from Microsoft:
    • Microsoft Internet Explorer Cumulative Security Update (MS15-124)
    • Microsoft Internet Explorer Security Update for September 2017
    • Microsoft Windows CredSSP updates for March 2018
  • Disabled root disk resizing and provided larger root disks by default. For more information, see Using Windows Stemcells.

1200.16

Release Date: March 26, 2018

1200.15

Release Date: February 21, 2018

1200.14

Release Date: February 13, 2018

1200.13

Release Date: January 17, 2018

1200.11

Release Date: December 22, 2017

  • For Azure, GCP, and AWS Windows Stemcells, the root disk (C Drive) will be automatically resized on creation to the disk size specified in BOSH cloud config. Due to current CPI limitations, vSphere Stemcells are NOT able to resize their root disk on creation.
  • Intended for use with December Microsoft security updates.

1200.10

Release Date: December 19, 2017

  • You must use stembuild version 0.13 when creating a 1200.10 stemcell by hand.
  • AWS stemcells repartition to use entire root disk size as specified in BOSH cloud config.
  • Stemcell adds support for multiple CPIs. You can now set stemcell_formats in stemcell.MF.
  • Intended for use with November Microsoft security updates.
  • Updated OpenSSH to 0.0.22.
  • The BOSH Agent uses a lock file to ensure that DNS resolvers are updated only on first startup.

1200.8

Release Date: November 10, 2017

  • BOSH Agent: Disables port 5985 for WinRM by default.
  • [Bug Fix] Fixes an issue where an empty cloud config would remove all DNS resolvers from a Windows host.
  • [Bug Fix] Fix for IPsec add-on.

Known Issues

  • File updates.txt is not generated for 2016/1709 stemcells.

1200.7

Release Date: October 23, 2017

  • [Bug Fix] BOSH Agent timeout fix for high ESX workload scenarios.
  • Intended for 2017 Oct Windows Updates roll-up (KB4041685).

1200.6

Release Date: October 18, 2017

  • [Security Improvement] Includes CIS MS-L1 v2.2.1 security hardening.
  • [Security Improvement] The security policies disable RDP by default. To enable RDP, use the enable_rdp job in the windows-utilities-release (version 0.4.0 or greater).
  • [Bug Fix] Fixes an issue in the BOSH Agent regarding DNS resolvers that can cause application downtime when a BOSH Director is unavailable (e.g. during upgrades) when deployed on Cloud Foundry.

Known Issues

  • In the case of an empty cloud config, the Windows host DNS list will be cleared on BOSH Agent restarts.
  • CIS policies break the IPsec add-on.

1200.5

Release Date: October 11, 2017

  • Install-CFFeatures is now Install-CFFeatures2012.
  • [Security Improvement] BOSH Agent randomizes password for Administrator user on bootup. To set the password, use the set_password job in the windows-utilities-release.
  • Removes Windows Defender for all IaaSes in Windows Server 2016/1709.
  • [Improvement] No longer installs Docker on Windows 2016/1709.

1200.4

Release Date: September 14, 2017

  • The BOSH-Agent now disables automatic updates during its bootstrap process.
  • Do not remove Powershell-ISE when building stemcell.
  • Added better error checking when applying group policies.
  • Intended for 2017 Sep Windows Updates roll-up.
  • Sets smaller MTU of network interfaces created by Docker on GCP for Windows 2016.
  • Skip sysprep until official Windows 1709 build is available due to bug in insider build.

1200.3

Release Date: August 22, 2017

  • Agent backs off exponentially when unable to reach the director, moving from 5 seconds to 160 seconds over 6 connection attempts, to reduce the impact on small-footprint BOSH VMs. This resolves BOSH Agent Open Issue #137.
  • BOSH SSH is now supported as a beta feature. Users can enable connecting to a cmd session using the bosh ssh command by running the relevant job from windows-utilities-release.
  • Fixed an issue where jobs were being stopped synchronously rather than concurrently, preventing stop scripts that waited on other stop scripts from ever finishing.
  • Fixed an issue where jobs that failed to start on the first attempt weren’t being retried.
  • Other minor bug fixes and performance improvements.

1200.0

Release Date: July 14, 2017

  • Includes July 2017 Windows Security Updates.
  • Fixes an error where Windows stemcells were incompatible with bosh director setting ‘enable_nats_delivered_templates’ set to true.
  • Fixed startup issue on GCP.
  • Fixed issue where the Windows Agent would reset DNS settings whenever the HTTPMetadataService was invoked on AWS.
  • Upgrades included .NET version to 4.7.

1079.0

Release Date: June 5, 2017

  • Based on Windows Server 2012R2.
  • Includes .NET Framework 4.6.1.
  • Available for AWS, GCP, and Azure.
  • Includes all Windows Updates and security patches up through April 2017.
  • To be used with VMware Tanzu Application Service for VMs Runtime for Windows v1.9.3+, v1.10.2+, and v1.11.0.

1056.1

Release Date: June 1, 2017

  • Based on Windows Server 2012R2.
  • Includes .NET Framework 4.6.1.
  • Available for AWS, GCP, and Azure.
  • Includes all Windows Updates and security patches up through March 2017.
  • To be used with VMware Tanzu Application Service for VMs Runtime for Windows v1.9.0, v1.9.1, v1.9.2, v1.10.0, v1.10.1.

1056.0

Release Date: April 5, 2017

  • Based on Windows Server 2012R2.
  • Includes .NET Framework 4.6.1.
  • Available for AWS, GCP, and Azure.
  • Includes all Windows Updates and security patches up through March 2017.
  • To be used with VMware Tanzu Application Service for VMs Runtime for Windows v1.9.0, v1.9.1, v1.9.2, v1.10.0, v1.10.1.

Known Limitations

  • Does not support BOSH SSH or persistent disks.
check-circle-line exclamation-circle-line close-line
Scroll to top icon