This topic includes release notes for Windows stemcells used with Pivotal Application Service for Windows (PASW) v2.3 and v2.4.
The stemcell is based on Windows Server, version 1803.
To download a stemcell, see Stemcells (Windows) on the Broadcom Support portal.
Note Windows Server v1803 is out of mainstream support.
1803.17 is the last release of Pivotal Stemcells for Windows, v1803.x.
1803.17
Release Date: November 22, 2019
Security Fix
Feature
- Added retry behavior for the file rename operation in the compilation VM to reduce risk of compilation failure due to custom antivirus installations in the base image.
1803.16
Release Date: October 10, 2019
Security Fix
Feature
- Added a flag to
stembuild packageto allow the user to specify a patch version for the stemcell created.
1803.15
Release Date: September 20, 2019
Security Fix
Bug Fix
- Fixed a bug that left user directories on the target machines after a user had terminated a BOSH ssh connection into that machine.
- Deleted:
.sshdirectory and all normal files in the home directory that may have been created during the ssh session. - Not Deleted:
.datfiles loaded as part of the registry hive when a user logs in. Files will exist with file locks until the next VM reboot.
- Deleted:
1803.14
Release Date: August 27, 2019
Features
- Includes Microsoft Security Updates Patch Tuesday August 2019.
- Introduced a new feature in stembuild construct command to validate/invalidate the OS based on stembuild version.
1803.13
Release Date: July 23, 2019
Features
- Includes Microsoft Security Updates July 2019.
- Windows Defender is installed but completely disabled.
1803.12
Release Date: June 19, 2019
Security Fix
- Includes Microsoft Security Updates June 11, 2019—KB4503286
- Introduces 2.3.1.2 (L1) and 1.1.1 (L1) CIS L1 policy hardenings based on the CIS Security Benchmark.
1803.11
Release Date: May 31, 2019
Security Fix
- Based on Microsoft’s guidance, additional fixes to protect against speculative execution side-channel vulnerabilities
1803.10
Release Date: May 22, 2019
Features
- Platform Engineers can deploy Windows Stemcells on a BOSH Director with Google Cloud Storage as their external Blobstore.
- Improved Troubleshooting of Windows VMs, with ssh enabled by default for all Windows VMs. You can still disable SSH in the PASW tile.
- Includes Microsoft Security Updates to protect against Microarchitectural Data Sampling side-channel vulnerabilities. For more information, see May 14, 2019—KB4499167 (OS Build 17134.765) in the Windows support documentation.
1803.9
Features
- Intended for use with April 2019 Microsoft Security Updates
1803.8
Features
- Includes March 2019 Microsoft Security Updates.
Bug Fix
- Disabled additional configuration related to NetBios. See the Pivotal Tracker story.
1803.7
Release Date: March 1, 2019
Features
- [Patches] Included February Patch Tuesday Microsoft Security Updates.
1803.6
Release Date: January 24, 2019
Features
- [Patches] Included January Patch Tuesday Microsoft Security Updates.
- Added fix for mitigating CVE-2018-3639.
1803.5
Release Date: December 24, 2018
Features
- [Patches] Included December Patch Tuesday Microsoft Security Updates.
- Added the BOSH API version in the stemcell to surface more information about the compatibility of the stemcell with BOSH.
Bug Fix
- BOSH release job symlinks were not getting cleaned up when a target folder was removed. This issue is resolved.
1803.4
Release Date: November 28, 2018
Features
- [Security] Disabled use of TLS 1.0 by SSL/TLS server and client.
- [Security] Disabled RC4.
- [Security] Disabled triple-DES cipher to mitigate against Sweet32: Birthday attacks on 64-bit block ciphers in TLS.
- [Patches] Intended for use with November Patch Tuesday Microsoft Security Updates.
- [New IaaS Support] Added support for AWS GovCloud.
1803.3
Release Date: October 30, 2018
Features
- Intended for use with October 2018 Microsoft Security Updates.
- Disables RDP by default to improve security of the 1803 stemcells. You can still enable RDP through the PASW Tile Configuration.
Bug Fix
- Intermittent “Access denied” errors occur during the compilation phase of PASW deployments. We have added a fix to potentially resolve them.
- Fixed the Ephemeral Disk Provisioning for Azure enabling compatibility of PASW’s ephemeral disk functionality with OpsMgr on Azure.
Known Issues
- For Google Cloud Platform (GCP) users, a bug in PASW causes outbound connections from applications deployed on PASW with this stemcell version to fail. The resolution will come in patch versions of PASW v2.1, v2.2 and v2.3.
1803.2
Release Date: October 1, 2018
Features
- Includes ephemeral disk support. This enables you to configure the size of your Windows cells in the PASW tile. For more information, see the Configure Tile Resources section in Installing and Configuring PAS for Windows. This also allows you to reduce your root disk to a minimum of 30 GB.
- Intended for use with the September 2018 Microsoft Security Updates.
Bug Fix
- Previously, the
os_versionargument was mandatory during theInvoke-Sysprepstep. The OS is now detected by default, and theos_versionargument is optional.
1803.1
Release Date: September 24, 2018
Features
- This is the first 1803 stemcell.
- Intended for use with the August 2018 Microsoft Security Updates.
- Includes an important Microsoft Security Update that provides protections against a new speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF). For more information, see Windows Support.
- Compatible with the latest stable OpenSSH version,
OpenSSH_for_Windows_v7.7.2.0p1.
Known Issue
- The v1803.1 Windows stemcell does not support ephemeral disks. Support for ephemeral disks is expected in v1803.2. This enables you to configure the size of your Windows cells in the PAS for Windows tile. For more information, see Step 4: Configure Tile Resources of Installing and Configuring PAS for Windows.
