This topic includes release notes for Windows stemcells used with the following runtimes:
- VMware Tanzu Application Service for VMs [Windows] (TAS for VMs [Windows]) v2.5 and later:
- For Windows stemcell compatibilities with TAS for VMs [Windows], see specific stemcell version notes below.
- VMware Tanzu Kubernetes Grid Integrated Edition (TKGI, formerly PKS) v1.5 and later:
- For Windows stemcell compatibilites with TKGI, refer to the Release Notes for your TKGI version.
The stemcell is based on Windows Server, version 2019.
To download a stemcell, see Stemcells (Windows) on VMware Tanzu Network.
Note: Manual stemcell creation is deprecated. Use stembuild v2019.23 or later to create stemcells automatically. For more information, see Creating a Windows Stemcell for vSphere Using stembuild.
2019.65
Release Date: September 13th, 2023
Changes
- Stembuild has been updated to remove available Windows features before the VM is restarted. It was found that feature removal can trigger the need for a restart, which can then block Dism.exe from running successfully during the construct cleanup process.
- Stembuild has reduced the number of retries when attempting to download certificates from Windows Update. Previously, this was causing air-gapped environments to wait for 10 minutes.
Security Patches
Works with Microsoft Security Updates Patch Tuesday September 12th, 2023
2019.64
Release Date: August 10th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday August 8th, 2023
2019.63
Release Date: July 12th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday July 11th, 2023
2019.62
Release Date: June 16th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday June 13th, 2023
2019.61
Release Date: May 11th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday May 9th, 2023
2019.60
Release Date: April 13th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday April 11th, 2023
2019.59
Release Date: March 15th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday March 14th, 2023
2019.58
Release Date: February 20th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday February 14th, 2023
2019.57
Release Date: January 13th, 2023
Security Patches
Works with Microsoft Security Updates Patch Tuesday January 10th, 2023
2019.56
Release Date: December 14th, 2022
Security Patches
Works with Microsoft Security Updates Patch Tuesday December 13th, 2022
2019.55
Release Date: November 8th, 2022
Security Patches
Works with Microsoft Security Updates Patch Tuesday November 8th, 2022
2019.54
Release Date: October 19th, 2022
Security Patches
Works with Microsoft Security Updates Patch Tuesday October 19, 2022
2019.53
Release Date: September 16th, 2022
Security Patches
Works with Microsoft Security Updates Patch Tuesday September 13, 2022
2019.52
Release Date: August 11th, 2022
Security Patches
Works with Microsoft Security Updates Patch Tuesday August 9, 2022
2019.51
Release Date: July 15th, 2022
Security Patches
Works with Microsoft Security Updates Patch Tuesday July 12, 2022
2019.50
Release Date: June 28th, 2022
Bug Fix
- Windows VMs get restarted once after the initial boot up. Depending on the timing of this restart it was possible for it to interfere with the bosh agent bootstrap process. The bosh agent is now disabled on the initial boot and changed to start automatically so it will only come up after the automatic restart.
2019.49
Release Date: June 14th, 2022
Security Patches
2019.48
Release Date: May 13th, 2022
Changes
- The Stembuild binaries for this release have been built using Golang 1.18 which has stricter requirements for TLS certificates. If you experience issues, ensure your vCenter certificates are valid, include a Subject Alternative Name and do not use the older SHA-1 hash function.
Security Patches
2019.47
Release Date: April 14th, 2022
Security Patches
2019.46
Release Date: March 15th, 2022
Security Patches
2019.45
Release Date: February 9th, 2022
Security Patches
2019.44
Release Date: January 14th, 2022
Security Patches
2019.43
Release Date: January 3rd, 2021
Security Patches
2019.42
Release Date: November 10th, 2021
Security Patches
2019.41
Release Date: October 14th, 2021
Security Patches
2019.40
Release Date: September 14th, 2021
Security Patches
2019.39
Release Date: August 11th, 2021
Security Patches
2019.38
Release Date: July 15th, 2021
Security Patches
2019.37
Release Date: June 10th, 2021
Security Patches
2019.36
Release Date: May 12th, 2021
Security Patches
2019.35
Release Date: April 15th, 2021
Security Patches
2019.34
Release Date: March 30th, 2021
Changes
- Includes bosh-agent 2.373.0:
- Enables the use of disk UUID to identify and mount ephemeral disks. This fixes an issue where the agent only accepted disk indices and ignored disks specified by UUID.
- Fixes an issue with the agent becoming unresponsive after a restart if the BOSH-configured NICs are migrated to a vSwitch which has other hidden virtual adapters with the same MAC address.
2019.32
Release Date: March 15th, 2021
Security Patches
2019.31
Release Date: February 25th, 2021
Security Patches
2019.30
Release Date: January 16th, 2021
Security Patches
2019.29
Release Date: December 11th, 2020
Security Patches
2019.28
Release Date: November 12th, 2020
Security Patches
Changes
- Double WinRM connection timeouts to 2 minutes (up from 1 minute)
- Set Connection Timeout on WinRM file upload to 2 minutes (down from unlimited)
2019.27
Release Date: October 15th, 2020
Security Fix
- Includes the Tuesday October 13th, 2020 Microsoft security updates patch. For more information, see October 13, 2020—KB4577668 (OS Build 17763.1518) in the Microsoft Windows support documentation.
2019.26
Release Date: September 21st, 2020
Security Fix
- Includes the Tuesday September 8th, 2020 Microsoft security updates patch. For more information, see September 8, 2020—KB4570333 (OS Build 17763.1457) in the Microsoft Windows support documentation.
Note: This release does not include an Azure stemcell due to a change in the Azure Marketplace image publishing requirements.
2019.25
Release Date: August 25th, 2020
Security Fix
- Includes the Tuesday August 25th, 2020 Microsoft security updates patch. For more information, see August 11, 2020—KB4565349 (OS Build 17763.1397) in the Microsoft Windows support documentation.
Bug Fix
- Fixed a bug to ensure UTC timezone is set in the Windows VMs.
End of General Service Notice
This stemcell release is the last release supporting stemcell-builder and manually creating stemcells. After this release, you must use the stembuild-based approach to build stemcells.
2019.24
Release Date: July 24th, 2020
Security Fix
- Includes the Tuesday July 14th, 2020 Microsoft security update patch. For more information, see July 14th, 2020—KB4558998 (OS Build 17763.1339) in the Microsoft Windows support documentation.
2019.23
Release Date: June 25th, 2020
General Availability Release of stembuild
This release announces the general availability of stembuild. For more information about stembuild, see Creating a Windows Stemcell for vSphere Using stembuild.
Security Fix
- Includes the Tuesday June 9th, 2020 Microsoft security update patch. For more information, see June 9, 2020—KB4561608 (OS Build 17763.1282) in the Microsoft Windows support documentation.
Features
stembuild constructidentifies the location of the base VM, including across multiple data centers.stembuild constructlogs out any users who are logged in while theconstructcommand is in progress, ensuring minimum disruption during stemcell creation.
Deprecation Notice for Manual Stemcell Creation Process
The manual procedure for creating stemcells is deprecated. Support for manual stemcell creation ends September 2020. Ensure that you start using the new stembuild-based stemcell creation procedure on or before September 2020. See Creating a Windows Stemcell for vSphere Using stembuild.
2019.22
Release Date: May 21st, 2020
Security Fix
Features
stembuild constructstreams logs after the target VM reboots. Stembuild reconnects to the target VM using WinRM to stream logs after the VM reboot, showing you what is occurring on your target VM.- The BOSH Agent version is upgraded to v2.317. This version of the BOSH Agent can create a
vcapuser on a Windows VM.
2019.21
Note: There is no Windows stemcell v2019.21.
2019.20
Release Date: April 24th, 2020
Security Fixes
2019.19
Release Date: March 25th, 2020
TAS for VMs [Windows] Compatibilities
This stemcell and later v2019.x versions work with:
- TAS for VMs [Windows] v2.6.15, v2.7.11, or v2.8.6 and later.
Security Fixes
- Includes Microsoft Security Updates Patch Tuesday March 10th, 2020
- For issues encountered with upgrading to the correct TAS for VMs [Windows] versions, see the following articles in the Knowledge Base:
2019.18
Note: There is no Windows stemcell v2019.18.
2019.17
Release Date: February 14th, 2020
TAS for VMs [Windows] Compatibilities
This stemcell and later v2019.x versions work with:
- TAS for VMs [Windows] versions v2.6.15, v2.7.11, or v2.8.6 and later.
Security Fixes
- Includes Microsoft Security Updates Patch Tuesday February 11, 2020.
- For issues encountered with upgrading to the correct TAS for VMs [Windows] versions, see the following articles in the Knowledge Base:
Features
- Supports signed URL capability. If Windows users opt in, the BOSH agent manages artifacts on the blobstore using signed URLs rather than blobstore credentials. For more information on how to opt in to signed URLs, see Signed URLs in the Cloud Foundry BOSH documentation.
stembuildvalidates the VM OS is Windows Server 2019, OS build 17763. This is the only OS version that stembuild v2019.x is compatible with.
Bug Fixes
- Fixed a bug where
stembuild constructdid not execute successfully if it could not fetch updated root certificates from the public Windows Update Server.
Note: You must manually update your certificates if your VM does not have access to the public Windows Update Server.
- Fixed a bug that tried to validate your VM credentials before connecting to the VM via WinRM. For more information on the original validation bug, see “Validating connection to vm…” step fails during stembuild construct for Stembuild v2019.15 in the Knowledge Base.
2019.16
Note: There is no Windows stemcell v2019.16.
2019.15
Release Date: January 18, 2020
Security Fixes
- Includes Microsoft Security Updates Patch Tuesday January 2020. This release includes fixes for CVE-2020-0601.
Known Issues
stembuild constructmay fail when it validates the connection to the VM. This is caused by the WinRM configuration. For more information about the specific symptoms and recommended temporary workaround for this issue, see “Validating connection to vm…” step fails during stembuild construct for Stembuild v2019.15 in the Knowledge Base.
Note: The feature to update root certificates in stembuild-built stemcells released in 2019.14 requires internet connection to the Windows Updates Server to complete successfully.
2019.14
Release Date: December 16, 2019
Security Fixes
Features
- Updated stembuild to always use the latest version of OpenSSH (8.0.0-p1-beta as of this release)
- Root certificates on machines deployed using stembuild-built stemcells get updated certificates from the Windows Updates Server
2019.13
Release Date: November 22, 2019
Security Fixes
Features
- Added logging and exit code to
stembuild constructto allow users to see the progress of the command and know whether it has completed preparing the VM for packaging - Added retry behavior for the file rename operation in the compilation VM to reduce risk of compilation failure due to custom antivirus installations in the base image
2019.12
Release Date: October 10, 2019
Security Fixes
Features
- Added a flag to
stembuild packageto allow user to specify patch version for the stemcell .tgz output - Aligned Internet Explorer-based policies in stemcells built using stembuild with Microsoft Baseline Security Standard
Bug Fixes
- Fixed a bug where
stembuild constructwas failing to execute with a DISM error
Note: Do not use stembuild-2019.11 because it will fail on stembuild construct. Use stembuild-2019.12 instead.
2019.11
Release Date: September 26, 2019
Security Fixes
Features
- Enabled the Hyper-V Windows feature for enabling Windows 2019 stemcells built using stembuild
- Improved security hardening of Windows stemcells by aligning Internet Explorer-based policies with the Microsoft Baseline Security Standard
Bug Fixes
- Fixed a bug that left user directories on the target machines after a user had terminated a BOSH SSH connection into that machine:
- Deleted:
.sshdirectory and all normal files in the home directory that may have been created during the SSH session. - Not deleted:
.datfiles loaded as part of the registry hive when a user logs in. Files will exist with file locks until the next VM reboot.
- Deleted:
Note: There is no Windows stemcell v2019.10.
2019.9
Release Date: August 27, 2019
Features
- Includes Microsoft Security Updates Patch Tuesday August 2019
- Aligned a set of audit policies on the stemcells based on Microsoft Baseline Security Standard
- Introduced a new feature in
stembuild constructcommand to validate/invalidate the OS based on stembuild version.
2019.8
Release Date: July 23, 2019
Features
- Includes Microsoft Security Updates Patch Tuesday July 2019
- Windows Defender is installed but disabled on all stemcells.
2019.7
Release Date: July 1, 2019
Features
- Key improvements in stembuild with features such as SSH enable-by-default for deployed Windows VMs on vSphere and security fixes.
- Enabled the Hyper-V Windows feature for enabling Windows in PKS and NSX-T compatibility with Windows teams.
2019.6
Release Date: June 19, 2019
Security Fixes
- Includes Microsoft Security Updates June 11, 2019—KB4503327
- Introduces 2.3.1.2 (L1) and 1.1.1 (L1) CIS L1 policy hardenings based on the CIS Security Benchmark.
2019.5
Release Date: May 30, 2019
Security Fixes
- Based on Microsoft’s guidance, additional fixes to protect against speculative execution side-channel vulnerabilities
2019.4
Release Date: May 22, 2019
Features
- Platform Engineers can deploy Windows Stemcells on a BOSH Director with Google Cloud Storage as their external Blobstore.
- Improved Troubleshooting of Windows VMs, with ssh enabled by default for all Windows VMs. You can still disable SSH in the TAS for VMs [Windows] tile.
- Includes Microsoft Security Updates to protect against Microarchitectural Data Sampling side-channel vulnerabilities. For more information, see May 14, 2019—KB4494441 (OS Build 17763.503) in the Windows support documentation.
2019.3
Release Date: April 25, 2019
Features
- This is the first 2019 stemcell.
- Includes Microsoft Security Updates Patch Tuesday April 2019
