This topic contains release notes for Isolation Segment v2.11.
Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs containing that patch.
Release Date: 05/25/2023
0.366.0
1.2.22
5.0.26
0.268.0
3.25.1
3.1.16
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.508 | |
bpm | 1.2.0 | |
cf-networking | 3.25.1 | |
cflinuxfs3 | 0.366.0 | |
count-cores-indicator | 2.0.0 | |
diego | 2.76.0 | |
garden-runc | 1.29.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.10 | |
mapfs | 1.2.22 |
v1.2.22## Dependencies * **v2:** Updated to v2.9.5. v1.2.21## Dependencies * **ginkgo v2:** Updated ginkgo to v2.9.4. |
metrics-discovery | 3.2.9 | |
nfs-volume | 5.0.26 |
v5.0.26## Changes * Bump src/code.cloudfoundry.org/nfsv3driver from `bc7d40e` to `a4d0c4a` (#412) ## Dependencies * **mapfs-release:** Updated to v`5435c30`. v5.0.25## Changes * Golang: Updated to v1.20.4 (#387) ## Dependencies * **mapfs-release:** Updated to v`3ac2121`. |
routing | 0.268.0 |
v0.268.0## Changes - Adds support for `route_registrar` to advertise HTTP2 based routes to gorouter. If not specified on a route, http1 is used by default. Thanks @peanball @plowin and @b1tamara!! ## Bosh Job Spec changes: ```diff diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec index 595f2075..bf3d9a03 100644 --- a/jobs/route_registrar/spec +++ b/jobs/route_registrar/spec @@ -101,6 +101,7 @@ properties: tls_port (required, integer, for http routes): Either `port` or `tls_port` are required; if both are provided, Gorouter will prefer tls_port. Requests for associated URIs will be forwarded over TLS by the router to this port. The IP is determined automatically from the host on which route-registrar is run. + protocol (optional, string): 'http1' or 'http2'. If not provided, Gorouter uses 'http1' as default. route_service_url (optional, string, for http routes): When valid route service URL is provided, Gorouter will proxy requests received for the uris above to the specified route service URL. server_cert_domain_san (conditional, string, for http routes): Required if tls_port is present. Gorouter will validate that the TLS certificate presented by the destination host contains this as a Subject Alternative Name (SAN). ``` ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.267.0...v0.268.0 ## Resources - [Download release v0.268.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.268.0). v0.267.0## Changes - The veresion of HAProxy used in tcp-router was bumped from 2.7.6 to 2.7.8. ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.266.0...v0.267.0 ## Resources - [Download release v0.267.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.267.0). |
silk | 3.25.1 |
3.25.1## Changes - Fixes compilation errors for `silk-datastore-syncer` ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/3.24.0...v3.25.1 ## Resources - [Download release v3.25.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.25.1). 3.24.0## Changes - ⚠️ The new `silk-data-syncer` job is missing some files that cause compilation to fail. This is not a problem if you are deploying without that job. If you need the job, please upgrade to 3.25.1. - Add new `silk-datastore-syncer` job to sync app log metadata from garden to silk datastore - Bump to Go 1.20.4 - Bump to Silk 20230501162532-6ab8d30026c6 - Bump dependencies such that Ginkgo V2 and Lager V3 are used ## Bosh Job Spec changes: ```diff diff --git a/jobs/silk-datastore-syncer/spec b/jobs/silk-datastore-syncer/spec new file mode 100644 index 0000000..9aa1813 --- /dev/null +++ b/jobs/silk-datastore-syncer/spec @@ -0,0 +1,26 @@ +--- +name: silk-datastore-syncer + +templates: + bpm.yml.erb: config/bpm.yml + start.erb: bin/start + +packages: + - silk-datastore-syncer + +properties: + disable: + description: "Disable this monit job. It will not run. Required for backwards compatability." + default: false + sync_interval_in_seconds: + description: "Interval to check garden for new metadata." + default: 30 + garden.address: + description: "Garden server listening address." + default: /var/vcap/data/garden/garden.sock + garden.network: + description: "Network type for the garden server connection (tcp or unix)." + default: unix + log_level: + description: "Logging level (debug, info, warn, error)." + default: info ``` ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/3.23.0...v3.24.0 ## Resources - [Download release v3.24.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.24.0). |
smb-volume | 3.1.16 |
v3.1.16## Dependencies * **smbbroker:** Updated to v`e30a49e`. v3.1.15## Changes * +Golang: Updated to v1.20.4 (#144) * Use default CF stack when pushing smbbroker (#149) ## Dependencies * **smbbroker:** Updated to v`a586257`. |
smoke-tests | 4.8.2 | |
syslog | 11.8.9 |
Release Date: 05/12/2023
1.2.0
3.25.1
0.364.0
2.0.0
2.76.0
1.29.0
6.5.10
1.2.20
3.2.9
5.0.24
0.266.0
3.1.14
11.8.9
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.508 | |
bpm | 1.2.0 | |
cf-networking | 3.25.1 |
3.25.1## Changes - None! ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/3.24.0...v3.25.1 ## Resources - [Download release v3.25.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.25.1). 3.24.0## Changes - Bump to Go 1.20.4 - Bump all dependencies such that only Ginkgo V2 and Lager V3 are used - Use [new docker images](https://github.com/cloudfoundry/cf-networking-release/commit/4b69f0a5690611dfa730a70e641f5c1f8145c66c) for local testing ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/3.23.0...v3.24.0 ## Resources - [Download release v3.24.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.24.0). |
cflinuxfs3 | 0.364.0 | |
count-cores-indicator | 2.0.0 | |
diego | 2.76.0 |
v2.76.0## Changes - Bump to Go 1.20.4 - Bump dependencies ## Bosh Job Spec changes: ```diff diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec index ae685ceb9..1fac48936 100644 --- a/jobs/auctioneer/spec +++ b/jobs/auctioneer/spec @@ -88,6 +88,12 @@ properties: diego.auctioneer.locket.api_location: description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API." default: locket.service.cf.internal:8891 + diego.auctioneer.locket.client_keepalive_time: + description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to." + default: 10 + diego.auctioneer.locket.client_keepalive_timeout: + description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server." + default: 22 locks.locket.enabled: description: When set, the auctioneer attempts to claim a lock from the Locket API. diff --git a/jobs/bbs/spec b/jobs/bbs/spec index b6f1040c2..9204a8d4c 100644 --- a/jobs/bbs/spec +++ b/jobs/bbs/spec @@ -140,6 +140,12 @@ properties: diego.bbs.locket.api_location: description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API." default: locket.service.cf.internal:8891 + diego.bbs.locket.client_keepalive_time: + description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to." + default: 10 + diego.bbs.locket.client_keepalive_timeout: + description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server." + default: 22 limits.open_files: description: Maximum number of files (including sockets) the BBS process may have open. diff --git a/jobs/rep/spec b/jobs/rep/spec index df7bd7c49..1383b67c0 100644 --- a/jobs/rep/spec +++ b/jobs/rep/spec @@ -217,6 +217,12 @@ properties: diego.rep.locket.api_location: description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API." default: locket.service.cf.internal:8891 + diego.rep.locket.client_keepalive_time: + description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to." + default: 10 + diego.rep.locket.client_keepalive_timeout: + description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server." + default: 22 enable_declarative_healthcheck: description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+" diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec index 4fc4504bf..023d76f18 100644 --- a/jobs/rep_windows/spec +++ b/jobs/rep_windows/spec @@ -227,7 +227,13 @@ properties: diego.rep.locket.api_location: description: "Hostname and port of the locket server" default: locket.service.cf.internal:8891 - + diego.rep.locket.client_keepalive_time: + description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to." + default: 10 + diego.rep.locket.client_keepalive_timeout: + description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server." + default: 22 + enable_declarative_healthcheck: description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action." default: false diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec index fa6c8d0d0..40b5eb74b 100644 --- a/jobs/vizzini/spec +++ b/jobs/vizzini/spec @@ -47,9 +47,6 @@ properties: vizzini.verbose: description: Run tests in verbose mode default: false - vizzini.stream: - description: Stream output from parallel test nodes. This option will lead to less coherent output but is useful when debugging - default: false enable_declarative_healthcheck: description: "When set, enables the declarative check tests in vizzini" ``` ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.75.0...v2.76.0 ## Resources - [Download release v2.76.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.76.0). v2.75.0## Changes * Bump ginkgo to v2 and lager to v3 * [Bug fix] Rep does not clean up resources when deleting container fails ## ✨ Built with go 1.20.3 **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.73.0...v2.75.0 ## Resources - [Download release v2.75.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.75.0). |
garden-runc | 1.29.0 |
v1.29.0## Changes ⚠️We have removed the garden-healthcheck job from garden while we investigate a way to make it less painful. From v1.22.6 through v1.28.0, garden restarts with a high container count could result in BOSH deploys failing due to a race condition between garden, bpm, monit, and garden-healthchecker. This will be re-enabled at a later time when we resolve the race condition. ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.28.0...v1.29.0 ## Resources - [Download release v1.29.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.29.0). v1.28.0## Changes - Bump to golang 1.20.4 - Bump dependencies ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.27.0...v1.28.0 ## Resources - [Download release v1.28.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.28.0). |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.10 |
v6.5.10## What's Changed * Bump to [go1.20.4](https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU/m/QvrjqM4XAgAJ) * Bump dependencies **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.9...v6.5.10 |
mapfs | 1.2.20 |
v1.2.20## Changes * Golang: Updated to v1.20.4 (#77, #78) ## Dependencies * **ginkgo v2:** Updated to v2.9.3. v1.2.16## Changes * Golang: Updated to v1.20.3 (#64, #65, #71) ## Dependencies * **gomega:** Updated to v1.27.6. |
metrics-discovery | 3.2.9 |
v3.2.9## What's Changed * Bump to [go1.20.4](https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU/m/QvrjqM4XAgAJ) * Bump dependencies **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.8...v3.2.9 |
nfs-volume | 5.0.24 |
v5.0.24## Dependencies * **mapfs-release:** Updated to v`a7129f3`. v5.0.23## Dependencies * **migrate_mysql_to_credhub:** Updated to v`784d6eb`. v5.0.22## Changes * Golang: Updated to v1.20.3 (#356, #358) ## Dependencies * **migrate_mysql_to_credhub:** Updated to v`66094f0`. |
routing | 0.266.0 |
v0.266.0## Change - 🐛Fixes a bug that may cause routing failures to apps. Thanks @maxmoehl and @domdom82!! - Many go dependency updates across all routing packages. Thanks @winkingturtle-vmw!! ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.265.1...v0.266.0 ## Resources - [Download release v0.266.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.266.0). v0.265.1:warning::warning::warning: **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.** ## Changes - Bump healthchecker ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.265.0...v0.265.1 ## Resources - [Download release v0.265.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.265.1). v0.265.0:warning::warning::warning: **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.** ## Changes - Bump to Go 1.20.4 ## ✨ Built with go 1.20.4 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.264.0...v0.265.0 ## Resources - [Download release v0.265.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.265.0). v0.264.0:warning::warning::warning: **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.** ## Changes - Bumped haproxy to 2.7.6 in cf-tcp-router, to resolve a bug preventing haproxy from properly transferring open connections to the new haproxy process when a reload occurred - https://github.com/haproxy/haproxy/issues/1883 - bosh export-release should now work as expected. - Fixed a bug present since v0.262.0 that caused CATs to intermittently fail on apps using nc as their server. ## ✨ Built with go 1.20.3 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.263.0...v0.264.0 ## Resources - [Download release v0.264.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.264.0). v0.263.0⚠️⚠️⚠️ **This version does not compile, it will be fixed with the next release** **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.** ## Changes - 🐛Fixed a bug present since v0.262.0 that caused CATs to intermittently fail on apps using `nc` as their server. - 🐛Bumped haproxy to 2.7.6 in cf-tcp-router, to resolve a bug preventing haproxy from properly transferring open connections to the new haproxy process when a reload occurred - [haproxy/#1883](https://github.com/haproxy/haproxy/issues/1883) ## ✨ Built with go 1.20.3 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.262.0...v0.263.0 ## Resources - [Download release v0.263.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.263.0). |
silk | 3.23.0 | |
smb-volume | 3.1.14 |
v3.1.14## Dependencies * **smbbroker:** Updated to v`6b6727c`. v3.1.13## Dependencies * **smbbroker:** Updated to v`62b84b6`. v3.1.12## Changes * Golang: Updated to v1.20.3 (#120, #128, #129) * Fix potential cred leak (#119) ## Dependencies * **smbbroker:** Updated to v`093c496`. |
smoke-tests | 4.8.2 | |
syslog | 11.8.9 |
v11.8.9* Upgrade packaged Golang version to 1.20.4 * Bump dependencies |
Release Date: 04/20/2023
Caution: This release is susceptible to CVE-2023-20882, which may cause routing failures to apps. To address this issue, VMware advises using TAS v3.0.10 and IST v3.0.10 instead.
1.1.23
0.361.0
2.73.0
1.27.0
6.5.9
3.2.8
5.0.21
0.262.0
3.1.11
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.488 | |
bpm | 1.1.23 | |
cf-networking | 3.23.0 | |
cflinuxfs3 | 0.361.0 | |
diego | 2.73.0 | |
garden-runc | 1.27.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.9 |
v6.5.9* Upgrade to go 1.20.2 * Bump dependencies **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.8...v6.5.9 |
mapfs | 1.2.13 | |
metrics-discovery | 3.2.8 |
v3.2.8* Upgrade to go1.20.2. * Bump dependencies. **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.7...v3.2.8 |
nfs-volume | 5.0.21 |
v5.0.21## Changes * +Golang: Updated to v1.20.2 (#342) ## Dependencies * **bosh-template:** Updated to v2.4.0. |
routing | 0.262.0 |
v0.262.0## Changes - 🐛Fixes the of golang has a known issue that causes backend request failures which previously returned 496, 499, 503, 525, or 526 to instead return a 502. Additionally stale routes may not have been pruned properly. Thanks @domdom82!! - 🚗Gorouter now retries requests which fail prior to any HTTP content being sent (since no backend received the HTTP content, they're by definition retriable). Thanks for the [PR](https://github.com/cloudfoundry/gorouter/pull/337). Thanks @maxmoehl and @domdom82!! ## ✨ Built with go 1.20.2 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.261.0...v0.262.0 ## Resources - [Download release v0.262.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.262.0). v0.261.0⚠️⚠️⚠️ **This version of golang has a known issue that may cause backend request failures that previously returned 496, 499, 503, 525, or 526 to instead return a 502. Additionally stale routes may not get pruned properly. This will be addressed in an upcoming release.** ## Changes - Bug fix: add healthcheck to routing-api for route-registrar ## Bosh Job Spec changes: ```diff diff --git a/jobs/routing-api/spec b/jobs/routing-api/spec index 5717f88f..f6a2175d 100644 --- a/jobs/routing-api/spec +++ b/jobs/routing-api/spec @@ -6,12 +6,15 @@ templates: uaa_ca.crt.erb: config/certs/uaa/ca.crt routing-api.yml.erb: config/routing-api.yml + routing_api_health_check.erb: bin/routing_api_health_check locket_ca.crt.erb: config/certs/locket/ca.crt locket_client.crt.erb: config/certs/locket/client.crt locket_client.key.erb: config/certs/locket/client.key api_mtls_client_ca.crt.erb: config/certs/routing-api/client_ca.crt + api_mtls_client.crt.erb: config/certs/routing-api/client.crt + api_mtls_client.key.erb: config/certs/routing-api/client.key api_mtls_server.crt.erb: config/certs/routing-api/server.crt api_mtls_server.key.erb: config/certs/routing-api/server.key @@ -107,6 +110,13 @@ properties: routing_api.mtls_client_key: description: "Routing API client key (provided to clients by bosh link)" + routing_api.health_check_timeout_per_retry: + default: 2 + description: "Maximum health check timeout (in seconds) for each retry attempt in the Routing API's route registration health check" + routing_api.health_check_total_timeout: + default: 6 + description: "Maximum health check timeout (in seconds). Health checks will be retried until this time limit is reached. This should be less than or equal to your route_registrar.routes.api.health_check.timeout" + metron.port: description: "The port used to emit dropsonde messages to the Metron agent." default: 3457 ``` ## ✨ Built with go 1.20.2 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.260.0...v0.261.0 ## Resources - [Download release v0.261.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.261.0). v0.260.0⚠️⚠️⚠️ **This version of golang has a known issue that may cause backend request failures that previously returned 496, 499, 503, 525, or 526 to instead return a 502. Additionally stale routes may not get pruned properly. This will be addressed in an upcoming release.** ## Changes - Dependency updates (cf cli, healthchecker, golang) - Many CI Updates - Thanks @jrussett! - 🐛[#310]The routing_utils route loader now sets the route service url when loading. Thanks @domdom82 ! - 🐛Two issues in route_registrar were fixed that led to routes expiring and then being re-registered with the same details: - Starting in v0.x.x, route_registrar no longer retried UAA connections when getting a token from UAA. Instead, the failure would cause route_registrar to restart, and reset it's emitter intervals. - The built in route expiry has been increased from RegistrationInterval + 2 seconds to 2.1 * RegistrationInterval. This prevent routes from expiring during the course of a route_registrar restart. - 🐛If tcp_router received routing events during its BulkSync cycle, it would always rewrite the haproxy configuration, and reload the haproxy process. This would occur regardless of whether the events required a new haproxy config. It now only updates the config + reloads haproxy if changes are necessary. ## ✨ Built with go 1.20.2 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.259.0...v0.260.0 ## Resources - [Download release v0.260.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.260.0). |
silk | 3.23.0 | |
smb-volume | 3.1.11 |
v3.1.11## Changes ## Dependencies * **smbbroker:** Updated to v`c5b6f5e`. |
smoke-tests | 4.8.2 | |
syslog | 11.8.8 |
Release Date: 03/21/2023
Note: This version of TAS for VMs contains a known issue with Gorouter error handling for backend app requests. Failures that previously returned HTTP Status Codes 496, 499, 503, 525, or 526 may instead return 502. Additionally, stale routes may fail to be pruned properly, which could result in apps unexpectedly returning HTTP Status Code 502.
3.23.0
0.356.0
2.72.0
1.25.0
1.2.13
0.259.0
3.23.0
3.1.10
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.448 | |
bpm | 1.1.21 | |
cf-networking | 3.23.0 | |
cflinuxfs3 | 0.356.0 | |
diego | 2.72.0 | |
garden-runc | 1.25.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.8 | |
mapfs | 1.2.13 |
v1.2.13## Changes * Golang: Updated to v1.19.4 (#32) * Golang: Updated to v1.19.5 (#37) * Golang: Updated to v1.19.5 (#44) * Golang: Updated to v1.20.1 (#48) ## Dependencies * **mapfs:** Updated to v`98da9f0`. |
metrics-discovery | 3.2.7 | |
nfs-volume | 5.0.20 | |
routing | 0.259.0 |
v0.259.0## Changes - No changes from last version. - Fixing CI so that artifacts are generated correctly for github release. ## ✨ Built with go 1.20.1 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.258.0...v0.259.0 ## Resources - [Download release v0.259.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.259.0). v0.258.0## Changes - Update healthchecker to [0.4.0](https://github.com/cloudfoundry/healthchecker-release/releases/tag/v0.4.0) - Increase startup delay default to 30 seconds [PR](https://github.com/cloudfoundry/healthchecker-release/pull/2) - Upgrade golang to 1.20.1 ## Bosh Job Spec changes: ```diff diff --git a/jobs/acceptance_tests/spec b/jobs/acceptance_tests/spec index 65bf4c30..6a73b9ae 100644 --- a/jobs/acceptance_tests/spec +++ b/jobs/acceptance_tests/spec @@ -7,7 +7,7 @@ templates: bpm.yml.erb: config/bpm.yml packages: - - golang-1.19-linux + - golang-1.20-linux - acceptance_tests - rtr - cf-cli-6-linux diff --git a/jobs/smoke_tests/spec b/jobs/smoke_tests/spec index b16357ed..0426dc99 100644 --- a/jobs/smoke_tests/spec +++ b/jobs/smoke_tests/spec @@ -7,7 +7,7 @@ templates: bpm.yml.erb: config/bpm.yml packages: - - golang-1.19-linux + - golang-1.20-linux - acceptance_tests - cf-cli-6-linux ``` ## ✨ Built with go 1.20.1 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.257.0...v0.258.0 ## Resources - [Download release v0.258.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.258.0). |
silk | 3.23.0 | |
smb-volume | 3.1.10 |
v3.1.10## Changes * Backfill property tests for force_noserverino (#103) ## Dependencies * **smbbroker:** Updated to v`17e471d`. |
smoke-tests | 4.8.2 | |
syslog | 11.8.8 |
Release Date: 02/27/2023
3.22.0
0.352.0
1.23.0
6.5.8
3.2.7
0.257.0
3.22.0
3.1.9
11.8.8
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.418 | |
bpm | 1.1.21 | |
cf-networking | 3.22.0 | |
cflinuxfs3 | 0.352.0 | |
diego | 2.71.0 | |
garden-runc | 1.23.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.8 |
v6.5.8## What's Changed * update dependencies * Upgrade to go 1.20.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/224 **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.7...v6.5.8 |
mapfs | 1.2.12 | |
metrics-discovery | 3.2.7 |
v3.2.7* update golang to 1.20.1 **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.6...v3.2.7### v3.2.6## What's Changed * Upgrade to go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/104 **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.5...v3.2.6 v3.2.5## What's Changed * Update dependencies * Expire individual metrics by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/103 **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.4...v3.2.5 |
nfs-volume | 5.0.20 | |
routing | 0.257.0 |
v0.257.0## Changes - Bumped to build with golang 1.19.6 ## ✨ Built with go 1.19.6 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.256.0...v0.257.0 ## Resources - [Download release v0.257.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.257.0). v0.256.0## Changes - Update healthchecker in release to stable version ## ✨ Built with go 1.19.5 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.255.0...v0.256.0 ## Resources - [Download release v0.256.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.256.0). |
silk | 3.22.0 | |
smb-volume | 3.1.9 |
v3.1.9## Changes * Add force_noserverino property in smbdriver job (#102) ## Dependencies * **bosh-template:** Updated to v2.4.0. v3.1.8## Dependencies * **smbdriver:** Updated to v`6cc617a`. v3.1.7## Changes * Golang: Updated to v1.19.4 (#76) ## Dependencies * **rspec:** Updated to v3.12.0. |
smoke-tests | 4.8.2 | |
syslog | 11.8.8 |
v11.8.8* update to golang 1.20.1 **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.7...v11.8.8 v11.8.7## What's Changed * use go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/syslog-release/pull/117 **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.6...v11.8.7 |
Release Date: 02/09/2023
sh
binary in the docker image to execute properly.6.5.7
0.255.0
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.401 | |
bpm | 1.1.21 | |
cf-networking | 3.19.0 | |
cflinuxfs3 | 0.350.0 | |
diego | 2.71.0 | |
garden-runc | 1.22.9 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.7 |
v6.5.7## What's Changed * Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/202 * Update dependencies **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.6...v6.5.7 |
mapfs | 1.2.12 | |
metrics-discovery | 3.2.4 | |
nfs-volume | 5.0.20 | |
routing | 0.255.0 |
v0.255.0[Upgrade healthchecker in release](https://github.com/cloudfoundry/routing-release/commit/ddb43e9e746b009d0ea6e6cf8cf8e7eb059ffafc). In order to limit the scope of packages brought in with the introduction of http healthchecker, we migrated the healthchecker package out of cf-networking-helpers into its own release. **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.254.0...v0.255.0 ✨ Built with go 1.19.5 |
silk | 3.19.0 | |
smb-volume | 3.1.6 | |
smoke-tests | 4.8.2 | |
syslog | 11.8.6 |
Release Date: 01/31/2023
3.19.0
0.350.0
1.22.9
0.254.0
3.19.0
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.376 | |
bpm | 1.1.21 | |
cf-networking | 3.19.0 | |
cflinuxfs3 | 0.350.0 | |
diego | 2.71.0 | |
garden-runc | 1.22.9 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.6 | |
mapfs | 1.2.12 | |
metrics-discovery | 3.2.4 | |
nfs-volume | 5.0.20 | |
routing | 0.254.0 |
v0.254.0✨ Built with go 1.19.5 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.253.0...v0.254.0 v0.253.0## What's Changed * Specs to make maxRetries configurable for endpoints and route-services by @domdom82 in https://github.com/cloudfoundry/routing-release/pull/298 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.252.0...v0.253.0 |
silk | 3.19.0 | |
smb-volume | 3.1.6 | |
smoke-tests | 4.8.2 | |
syslog | 11.8.6 |
Release Date: 01/17/2023
3.17.0
0.347.0
2.71.0
1.22.7
6.5.6
0.252.0
3.17.0
4.8.2
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.364 | |
bpm | 1.1.21 | |
cf-networking | 3.17.0 | |
cflinuxfs3 | 0.347.0 | |
diego | 2.71.0 | |
garden-runc | 1.22.7 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.6 |
v6.5.6## What's Changed * fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174 * updated some dependencies. **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6 |
mapfs | 1.2.12 | |
metrics-discovery | 3.2.4 | |
nfs-volume | 5.0.20 | |
routing | 0.252.0 |
v0.252.0## What's Changed - Improve random source for least connection pool to be thread safe. Thanks Daniel Lynch! **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.251.0...v0.252.0 |
silk | 3.17.0 | |
smb-volume | 3.1.6 | |
smoke-tests | 4.8.2 |
4.8.2Port assets/ruby_simple to Ruby 3 |
syslog | 11.8.6 |
Release Date: 12/15/2022
1.1.21
3.16.0
0.345.0
2.70.0
6.5.5
3.2.4
0.251.0
3.16.0
11.8.6
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.364 | |
bpm | 1.1.21 | |
cf-networking | 3.16.0 | |
cflinuxfs3 | 0.345.0 | |
diego | 2.70.0 | |
garden-runc | 1.22.5 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.5 |
v6.5.5- bump-golang to v0.114.0 for golang 1.19.4 - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src - Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src - Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 |
mapfs | 1.2.12 | |
metrics-discovery | 3.2.4 |
v3.2.4- bump-golang to v0.114.0 for golang 1.19.4 - Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src - Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 |
nfs-volume | 5.0.20 | |
routing | 0.251.0 |
v0.251.0## What's Changed - When the `router.ca_certs` property switched from a multi-line string of certs, to an array of certs, gorouter started failing to start up if any of the certs provided were invalid. Previously they were ignored. This has been reverted, so that any invalid CA certs are ignored during startup. Thanks @ameowlia! **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.250.0...v0.251.0 v0.250.0**Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.249.0...v0.250.0 ## ✨ Built with go 1.19.4 v0.249.0## What's Changed * Switch to healthecker package in cf-networking-helpers by @mariash in https://github.com/cloudfoundry/routing-release/pull/302 * Add healthchecker package to sync-package-specs file by @mariash in https://github.com/cloudfoundry/routing-release/pull/303 * **Potential Breaking Change:** In preperation for mtls between gorouter and routing api, add gorouter backends ca to routing-api. Rendering these certs depends on routing-api consuming a link from gorouter. If you have multiple gorouter instance groups (for example in the case of isolation segments), you will need to rename bosh links to prevent the error "Multiple link providers found. For an example of link renaming, see [this ops file](https://github.com/cloudfoundry/cf-deployment/blob/main/operations/test/add-persistent-isolation-segment-router.yml#L74) by @reneighbor in https://github.com/cloudfoundry/routing-release/pull/300 * Ensure gorouter-healthchecker doesn't restart gorouter forever on failure by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/305 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.248.0...v0.249.0 v0.248.0## What's Changed * Handle nil ca cert in ca_certs property list v0.247.0## What's Changed * gorouter template cleans `router.ca_certs` property to remove empty certificates v0.246.0## What's Changed * Update `router.ca_certs` property to accept and array of certificates instead of a string block. Thanks @peanball! |
silk | 3.16.0 | |
smb-volume | 3.1.6 | |
smoke-tests | 4.8.1 | |
syslog | 11.8.6 |
v11.8.6Update golang to 1.19.4 **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.5...v11.8.6 |
Release Date: 12/01/2022
0.245.0
11.8.5
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.305 | |
bpm | 1.1.19 | |
cf-networking | 3.12.0 | |
cflinuxfs3 | 0.332.0 | |
diego | 2.66.3 | |
garden-runc | 1.22.5 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.4 | |
mapfs | 1.2.12 | |
metrics-discovery | 3.2.3 | |
nfs-volume | 5.0.20 | |
routing | 0.245.0 |
v0.245.0## What's Changed * Gorouter's pre-start script now reserves ports used by other CF components when it increases the number of ephemeral ports available via `/proc/sys/net/ipv4/ip_local_reserved_ports`. This resolves issues when components fail to start up during deploys/monit restarts due to accidental port collisions with outbound traffic from the VM. Thanks @ameowlia ! * Routing-release no longer makes use of the deprecated uaa-go-client, and uses go-uaa instead * The `routing_utils/nats_client` helper utility now supports saving + loading gorouter's routing tables! Thanks @domdom82 ! * Fixed a memory leak with `gorouter` that resulted in HTTP request objects being held open if a client canceled the connection before the App responded. Thanks @geofffranks ! * **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.244.0...v0.245.0 ## ✨ Built with go 1.19.3 |
silk | 3.14.0 | |
smb-volume | 3.1.6 | |
smoke-tests | 4.8.1 | |
syslog | 11.8.5 |
v11.8.5* update dependencies * update golang to 1.19.3 **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.4...v11.8.5 |
Release Date: 11/10/2022
0.332.0
1.22.5
6.5.4
1.2.12
3.2.3
0.244.0
3.14.0
3.1.6
4.8.1
11.8.4
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.305 | |
bpm | 1.1.19 | |
cf-networking | 3.12.0 | |
cflinuxfs3 | 0.332.0 | |
diego | 2.66.3 | |
garden-runc | 1.22.5 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.5.4 | |
mapfs | 1.2.12 |
v1.2.12## Changes * Replace `go get` with `go install` (#23) * Update vendored package golang-1-linux (#26) * Update vendored package golang-1-linux (#27) ## Dependencies * **mapfs:** Updated to v`27f8711`. |
metrics-discovery | 3.2.3 | |
nfs-volume | 5.0.20 | |
routing | 0.244.0 |
v0.244.0## What's Changed * Emit access logs for 431 responses to Loggegator [gorouter PR #331](https://github.com/cloudfoundry/gorouter/pull/331). Thanks @dsabeti ! * Always suspend pruning when nats is down https://github.com/cloudfoundry/routing-release/pull/287. Thanks @ameowlia ! * **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.243.0...v0.244.0 ## ✨ Built with go 1.19.2 v0.243.0🎉 Bumped to go1.19.2 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.242.0...v0.243.0 v0.242.0## What's Changed - `tcp_router` is now more verbose when running `haproxy_reloader` to assist in diagnosting failed reloads. Thanks @geofffranks! 🎉 ([PR 9](https://github.com/cloudfoundry/cf-tcp-router/pull/9)) - `gorouter` will now truncate access logs that exceed loggregator + UDP packet limits, so that we no longer drop access log messages sent to the firehose. Thanks @ameowlia @ebroberson! 😻 ([PR 328](https://github.com/cloudfoundry/gorouter/pull/328) and [PR 329](https://github.com/cloudfoundry/gorouter/pull/329)) **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.241.0...v0.242.0 ## ✨ Built with go 1.18 * despite what the docs/go.version says * because the go 1.18 package is present v0.241.0🎉 ~~Bumped to go1.19.1~~ * Still using go 1.18 * despite what the docs/go.version says * because the go 1.18 package is present * @plowin submitted [gorouter PR 327](https://github.com/cloudfoundry/gorouter/pull/327) to adjust endpoint-not-unregistered log-level to 'info' **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.240.0...v0.241.0 v0.240.0## What's Changed * @geofffranks and @ameowlia added property `router.max_header_bytes` to the gorouter job. * This value controls the maximum number of bytes the gorouter will read parsing the request header's keys and values, including the request line. * It does not limit the size of the request body. * An additional padding of 4096 bytes is added to this value by go. * Requests with larger headers will result in a 431 status code. **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.239.0...v0.240.0 ## Manifest Property Changes | Job | Property | 0.237.0 | 0.238.0 | | --- | --- | --- | --- | | `gorouter` | `router.max_header_bytes` | didn't exist | 1048576 (1MB) | ## ✨ Built with go 1.18.6 |
silk | 3.14.0 | |
smb-volume | 3.1.6 |
v3.1.6## Changes * Update vendored package golang-1-linux (#67) * Update vendored package golang-1-linux (#70) ## Dependencies * **bosh-template:** Updated to v2.3.0. |
smoke-tests | 4.8.1 |
4.8.1Create bosh final release 4.8.1 |
syslog | 11.8.4 |
Release Date: 10/26/2022
5.0.20
4.8.0
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.296 | |
bpm | 1.1.19 | |
cf-networking | 3.12.0 | |
cflinuxfs3 | 0.319.0 | |
diego | 2.66.3 | |
garden-runc | 1.22.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.4.4 | |
mapfs | 1.2.11 | |
metrics-discovery | 3.1.2 | |
nfs-volume | 5.0.20 |
v5.0.20## Changes * Use the newer golang package, not the older one (#239) ## Dependencies * **mapfs-release:** Updated to v`db176d8`. v5.0.19## Changes * Update vendored package golang-1-linux (#222) ## Dependencies * **gomega:** Updated to v1.22.1. |
routing | 0.239.0 | |
silk | 3.12.0 | |
smb-volume | 3.1.5 | |
smoke-tests | 4.8.0 |
4.8.0Create bosh final release 4.8.0 |
syslog | 11.8.2 |
Release Date: 10/12/2022
0.239.0
4.7.0
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.265 | |
bpm | 1.1.19 | |
cf-networking | 3.12.0 | |
cflinuxfs3 | 0.319.0 | |
diego | 2.66.3 | |
garden-runc | 1.22.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.4.4 | |
mapfs | 1.2.11 | |
metrics-discovery | 3.1.2 | |
nfs-volume | 5.0.18 | |
routing | 0.239.0 |
v0.239.0## What's Changed - Bumped Golang to 1.18.6 to mitigate [CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664) **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.238.0...v0.239.0 ## ✨ Built with go 1.18.6 v0.238.0## What's Changed - Gorouter once again supports hairpinning for route-service requests, for more information, see [the proposed update.](https://github.com/cloudfoundry/routing-release/issues/281) `router.route_services_internal_lookup_allowlist` can be used to control which domains of route services can be hairpinned. Thanks @peanball!! - Gorouter has a new websocket-specific dial timeout (`websocket_dial_timeout`), configurable separately from the default endpoint dial timeout. Thanks @peanball for this one too!! **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.237.0...v0.238.0 ## Manifest Property Changes | Job | Property | 0.237.0 | 0.238.0 | | --- | --- | --- | --- | | `gorouter` | `websocket_dial_timeout_in_seconds` | didn't exist | Defaults to `endpoint_dial_timeout_in_seconds`'s value | | `gorouter` | `router.route_services_internal_lookup_allowlist` | didn't exist | No internal lookups allowed for route services. | ## ✨ Built with go 1.18.5 v0.237.0## What's Changed - ⚠️ Bump to golang 1.18 🎉 **Breaking Changes:** The routing components are now more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. These components have been updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. Please see this golang 1.18 release notes [section](https://tip.golang.org/doc/go1.18#tls10) for more information about the golang 1.18 change. ### * Update uaa-go-client; by @joergdw in https://github.com/cloudfoundry/routing-release/pull/277 * updated spec files to match packages by @ebroberson in https://github.com/cloudfoundry/routing-release/pull/282 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.236.0...v0.237.0 ## New Contributors * @joergdw made their first contribution in https://github.com/cloudfoundry/routing-release/pull/277 * @ebroberson made their first contribution in https://github.com/cloudfoundry/routing-release/pull/282 ## ✨ Built with go 1.18.4 |
silk | 3.12.0 | |
smb-volume | 3.1.5 | |
smoke-tests | 4.7.0 |
4.7.0Create bosh final release 4.7.0 |
syslog | 11.8.2 |
Release Date: 09/20/2022
1.1.19
3.12.0
0.319.0
2.66.3
1.22.0
6.4.4
1.2.11
3.1.2
5.0.18
3.12.0
3.1.5
11.8.2
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.265 | |
bpm | 1.1.19 | |
cf-networking | 3.12.0 | |
cflinuxfs3 | 0.319.0 | |
diego | 2.66.3 | |
garden-runc | 1.22.0 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.4.4 | |
mapfs | 1.2.11 |
v1.2.11## Changes * Update vendored package golang-1-linux (#21) v1.2.8## What's Changed * Bump src/mapfs to `0ee84aa` #18 v1.2.7- [Bumps mapfs submodule to master@1600494](https://github.com/cloudfoundry/mapfs/commit/160049400a47577b0f3a8b2948974bc38ce76f18) - [Bump golang from 1.13 to 1.17](https://github.com/cloudfoundry/mapfs-release/commit/c287adda5cbdf345ff1b4985ae93cb72f1618f95) |
metrics-discovery | 3.1.2 | |
nfs-volume | 5.0.18 |
v5.0.18## Changes * Update vendored package golang-1-linux (#215) ## Dependencies * **bosh-template:** Updated to v2.3.0. v5.0.17## Changes * Update vendored package golang-1-linux (#206) * [ci] Force use of iptables instead of nftables ## Dependencies * **ginkgo:** Updated to v1.16.5. |
routing | 0.236.0 | |
silk | 3.12.0 | |
smb-volume | 3.1.5 |
v3.1.5## Changes * Update vendored package golang-1-linux (#58) v3.1.4## Release Notes - Fix issue when multiple cf versions are included (#55) ## Dependencies - The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM. v3.1.3## Release Notes - Added support for CF CLI v8 to errands (#45) - Fixed Jammy compilation issues (#53) ## Dependencies - Bump [src/code.cloudfoundry.org/smbbroker](https://github.com/cloudfoundry/smbbroker) (#41, #50) - Bump [src/code.cloudfoundry.org/smbdriver](https://github.com/cloudfoundry/smbdriver) (#47, #48, #51) v3.1.2## Release Notes - Support Bionic Stemcell #16 - Add blobs for the `keyutils` package for both `bionic` and `jammy`. - We now install this package on any VM that runs the `smbdriver` bosh job iff that VM uses a `bionic` or `jammy` stemcell - This should allow the `smbdriver` to reliably mount SMB volumes on those stemcells, as discussed in #16 ## Dependencies - The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM. v3.1.1## Release Notes * Bumps [bosh-template](https://github.com/cloudfoundry/bosh) from 2.2.0 to 2.2.1 (#22) * Bumps [rspec-its](https://github.com/rspec/rspec-its) from 1.2.0 to 1.3.0 (#23) * Bumps [rspec](https://github.com/rspec/rspec-metagem) to 3.11.0. (#37) * Bumps [src/code.cloudfoundry.org/smbdriver](https://github.com/cloudfoundry/smbdriver) to `1e97c5d` (#34) * Bumps [src/code.cloudfoundry.org/smbbroker](https://github.com/cloudfoundry/smbbroker) to `64ba567` (#36) * Bumps automake from 1.15 to 1.15.1 (#43 - fixes Bionic compilation) ## Dependencies - The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM. |
smoke-tests | 4.5.0 | |
syslog | 11.8.2 |
Release Date: 08/10/2022
3.11.0
0.312.0
6.4.3
3.1.1
0.236.0
3.11.0
11.8.1
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.256 | |
bpm | 1.1.18 | |
cf-networking | 3.11.0 | |
cflinuxfs3 | 0.312.0 | |
diego | 2.62.0 | |
garden-runc | 1.20.8 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.4.3 | |
mapfs | 1.2.6 | |
metrics-discovery | 3.1.1 | |
nfs-volume | 5.0.16 | |
routing | 0.236.0 |
v0.236.0## What's Changed * Gorouter restart script waits for the gorouter to be running before reloading monit ## ✨ Built with go 1.17.12 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.235.0...0.236.0 |
silk | 3.11.0 | |
smb-volume | 3.1.0 | |
smoke-tests | 4.5.0 | |
syslog | 11.8.1 |
Release Date: 07/18/2022
3.9.0
0.309.0
2.62.0
1.20.8
6.4.2
3.1.0
0.235.0
3.9.0
11.8.0
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.252 | |
bpm | 1.1.18 | |
cf-networking | 3.9.0 | |
cflinuxfs3 | 0.309.0 | |
diego | 2.62.0 | |
garden-runc | 1.20.8 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.4.2 | |
mapfs | 1.2.6 | |
metrics-discovery | 3.1.0 | |
nfs-volume | 5.0.16 | |
routing | 0.235.0 |
0.235.0## What's Changed * Gorouter healthchecker retries connection instead of monit (https://github.com/cloudfoundry/routing-release/pull/275) ## ✨ Built with go 1.17.11 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.234.0...0.235.0 0.234.0## What's Changed * Gorouter: the metrics package now uses `lsof` to monitor file descriptors on MacOS @domdom82 https://github.com/cloudfoundry/gorouter/pull/312 * 🐛 Bumped the `lager` dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable. Thanks @ameowlia! * Now tested with the bionic stemcell in CI ## ✨ Built with go 1.17.11 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.233.0...0.234.0 |
silk | 3.9.0 | |
smb-volume | 3.1.0 | |
smoke-tests | 4.5.0 | |
syslog | 11.8.0 |
Release Date: 06/23/2022
Warning:Upcoming breaking changes! In future patches, no sooner than July 1st 2022, some components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components using the Go programming language will be updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. However, the pre-existing configuration for "TLS versions supported by the Gorouter" will still work. This change may not arrive all at once, as Go is used in systems throughout TAS for VMs. There will be a VMware Knowledge Base article about this change published prior to the changes rolling out. These changes will be clearly designated in the release notes of the versions they ship in; a version of this warning will appear on all patch versions until we are confident no systems remain to be updated.
2.62.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.244 |
bpm | 1.1.18 |
cf-networking | 3.6.0 |
cflinuxfs3 | 0.301.0 |
diego | 2.62.0 |
garden-runc | 1.20.6 |
haproxy | 9.8.0 |
loggregator-agent | 6.4.1 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.13 |
nfs-volume | 5.0.16 |
routing | 0.233.0 |
silk | 3.6.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.5.0 |
syslog | 11.7.10 |
Release Date: 06/09/2022
Warning: Breaking change. This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn't bump to Go 1.18 until July 1, 2022. This TAS for VMs release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS for VMs release with Diego 2.64.0, then you are safe to continue using it.
1.1.18
3.6.0
0.301.0
2.64.0
1.20.6
6.4.1
3.0.13
5.0.16
0.233.0
3.6.0
11.7.10
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.244 | |
bpm | 1.1.18 | |
cf-networking | 3.6.0 | |
cflinuxfs3 | 0.301.0 | |
diego | 2.64.0 | |
garden-runc | 1.20.6 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.4.1 | |
mapfs | 1.2.6 | |
metrics-discovery | 3.0.13 | |
nfs-volume | 5.0.16 | |
routing | 0.233.0 |
0.233.0## What's Changed * TCP Router: Add locking to the haproxy_reloader script to avoid haproxy reload/restart race conditions by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/269 * TCP Router: Bump HAProxy from 1.8.13 to 2.5.4 by @cunnie in https://github.com/cloudfoundry/routing-release/pull/266 * Gorouter: fix proxy round tripper race condition by @ameowlia and @geofffranks in https://github.com/cloudfoundry/gorouter/pull/318 * Routing API: fix timestamp precision issue that caused routes to be pruned unexpectedly by @geofffranks in https://github.com/cloudfoundry/routing-api/pull/24 * Routing API: remove `golang.x509ignoreCN` bosh property by @geofffranks and @mariash * Routing API: fix bug that caused TCP Router's HAProxy to reload every minute by @jrussett in https://github.com/cloudfoundry/routing-api/pull/26. ## Manifest Property Changes | Job | Property | Notes | | --- | --- | --- | | `routing-api` | `golang.x509ignoreCN` | This property exposed a go debug flag for go version 1.15. Since go 1.16 this go debug flag has had no affect. Removing this bosh property is part of our effort to keep our code base free of cruft. | ## ✨ Built with go 1.17.10 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.232.0...0.233.0 0.232.0## What's Changed * Fixing issue #250: Return a 503 not a 404 when all instances down by @kecirlotfi in https://github.com/cloudfoundry/routing-release/pull/268 and https://github.com/cloudfoundry/gorouter/pull/314 * Fixing issue https://github.com/cloudfoundry/gorouter/pull/315: Fix route service pruning by @geofffranks ## Manifest Property Changes | Job | Property | default | notes | | --- | --- | --- | --- | | `gorouter` | `for_backwards_compatibility_only.empty_pool_response_code_503` | `0s` | This property was added to enable https://github.com/cloudfoundry/routing-release/pull/268 | ## New Contributors 🎉 * @kecirlotfi made their first contribution! Thanks so much! ## ✨ Built with go 1.17.9 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.231.0...0.232.0 |
silk | 3.6.0 | |
smb-volume | 3.1.0 | |
smoke-tests | 4.5.0 | |
syslog | 11.7.10 |
Release Date: 04/20/2022
0.285.0
2.62.0
6.3.11
3.0.10
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.224 | |
bpm | 1.1.16 | |
cf-networking | 3.3.0 | |
cflinuxfs3 | 0.285.0 | |
diego | 2.62.0 | |
garden-runc | 1.20.3 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.3.11 |
v6.3.11- fix bug with large messages (#89) - bump-golang to v0.100.0(now 1.18) |
mapfs | 1.2.6 | |
metrics-discovery | 3.0.10 |
v3.0.10- fix bug with large messages (#22) - bump-golang to v0.100.0(now 1.18) |
nfs-volume | 5.0.12 | |
routing | 0.231.0 | |
silk | 3.3.0 | |
smb-volume | 3.1.0 | |
smoke-tests | 4.5.0 | |
syslog | 11.7.7 |
Release Date: 03/31/2022
3.3.0
0.279.0
2.61.0
1.20.3
6.3.10
3.0.9
0.231.0
3.3.0
Component | Version | Release Notes |
---|---|---|
ubuntu-xenial stemcell | 621.224 | |
bpm | 1.1.16 | |
cf-networking | 3.3.0 | |
cflinuxfs3 | 0.279.0 | |
diego | 2.61.0 | |
garden-runc | 1.20.3 | |
haproxy | 9.8.0 | |
loggregator-agent | 6.3.10 | |
mapfs | 1.2.6 | |
metrics-discovery | 3.0.9 | |
nfs-volume | 5.0.12 | |
routing | 0.231.0 |
0.231.0## Bug Fixes - Removed the x509ignoreCN property. Now that `gorouter` is built on golang 1.17, it no longer has any effect on gorouter behavior, and was only adding to confusion in the properties - Resolve an issue with route-registrar using the same TTL as it's RegistrationInterval for tcp routes, leading to unnecessary churn of pruned + re-registered routes. - Resolve an issue with Routing API where upserts to tcp routes were causing change events to be emitted when the only change was a bump in TTL. This led to an issue where tcp-router was constantly reloading haproxy with every route's heartbeat registration call. ## Manifest Property Changes | Job | Property | 0.230.0 | 0.231.0 | | --- | --- | --- | --- | | `gorouter` | `golang.x509ignoreCN` | false | No longer exists | | `route_registrar` | `golang.x509ignoreCN` | false | No longer exists | | `tcp_router` | `golang.x509ignoreCN` | false | No longer exists | ### ✨ Built with golang 1.17.8 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.230.0...0.231.0 0.230.0## Feature * update gorouter for prometheus scraping by @Benjamintf1 in https://github.com/cloudfoundry/routing-release/pull/258 ## Bug Fix * Invalid seeded router group manifest values should no longer cause breaking changes by default by @ameowlia in https://github.com/cloudfoundry/routing-release/pull/261 ### ✨ Built with golang 1.17.7 **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.229.0...0.230.0 |
silk | 3.3.0 | |
smb-volume | 3.1.0 | |
smoke-tests | 4.5.0 | |
syslog | 11.7.7 |
Release Date: 02/28/2022
0.274.0
2.58.1
1.20.0
6.3.8
3.0.8
0.229.0
4.5.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.211 |
bpm | 1.1.16 |
cf-networking | 2.43.0 |
cflinuxfs3 | 0.274.0 |
diego | 2.58.1 |
garden-runc | 1.20.0 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.8 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.8 |
nfs-volume | 5.0.12 |
routing | 0.229.0 |
silk | 2.43.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.5.0 |
syslog | 11.7.7 |
Release Date: 02/07/2022
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
[Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so IP addresses with leading zeros in any octets cause a BOSH template failure. Operators can remove the leading zeros and try deploying again. This affects properties that feed into cf-networking-release, silk-release, loggregator-agent-release, and syslog-release. Syslog drains and metric registrar endpoints registered using user-provided services might also be affected.
Bump bpm to version 1.1.16
2.43.0
0.272.0
2.57.0
6.3.7
3.0.7
0.228.0
2.43.0
4.4.0
11.7.7
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.198 |
bpm | 1.1.16 |
cf-networking | 2.43.0 |
cflinuxfs3 | 0.272.0 |
diego | 2.57.0 |
garden-runc | 1.19.30 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.7 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.7 |
nfs-volume | 5.0.12 |
routing | 0.228.0 |
silk | 2.43.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.4.0 |
syslog | 11.7.7 |
Release Date: 12/15/2021
Note: This version of TAS for VMs contains a known issue that can cause application traces to break. See Gorouter Sets an Invalid X-B3-SpanID Header in Known Issues.
2.42.0
0.268.0
2.54.0
6.3.5
0.227.0
2.41.0
4.3.1
11.7.6
Component | Version |
---|---|
ubuntu-xenial stemcell | ~621 |
bpm | 1.1.15 |
cf-networking | 2.42.0 |
cflinuxfs3 | 0.268.0 |
diego | 2.54.0 |
garden-runc | 1.19.30 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.5 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.227.0 |
silk | 2.41.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.1 |
syslog | 11.7.6 |
Release Date: 11/23/2021
1.1.15
2.40.0
0.264.0
0.226.0
2.40.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.15 |
cf-networking | 2.40.0 |
cflinuxfs3 | 0.264.0 |
diego | 2.53.0 |
garden-runc | 1.19.30 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.4 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.226.0 |
silk | 2.40.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.5 |
Release Date: 10/19/2021
1.1.14
2.39.0
0.262.0
0.225.0
2.39.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.14 |
cf-networking | 2.39.0 |
cflinuxfs3 | 0.262.0 |
diego | 2.53.0 |
garden-runc | 1.19.30 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.4 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.225.0 |
silk | 2.39.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.5 |
Release Date: 09/30/2021
0.259.0
2.53.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.13 |
cf-networking | 2.38.0 |
cflinuxfs3 | 0.259.0 |
diego | 2.53.0 |
garden-runc | 1.19.30 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.4 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.224.0 |
silk | 2.38.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.5 |
Release Date: 09/16/2021
0.256.0
1.19.30
0.224.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.13 |
cf-networking | 2.38.0 |
cflinuxfs3 | 0.256.0 |
diego | 2.50.0 |
garden-runc | 1.19.30 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.4 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.224.0 |
silk | 2.38.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.5 |
Release Date: 09/09/2021
1.1.13
0.252.0
1.19.29
6.3.4
0.221.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.13 |
cf-networking | 2.38.0 |
cflinuxfs3 | 0.252.0 |
diego | 2.50.0 |
garden-runc | 1.19.29 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.4 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.221.0 |
silk | 2.38.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.5 |
Release Date: 07/15/2021
2.38.0
0.249.0
1.19.28
3.0.6
0.216.0
2.38.0
11.7.5
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.12 |
cf-networking | 2.38.0 |
cflinuxfs3 | 0.249.0 |
diego | 2.50.0 |
garden-runc | 1.19.28 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.3 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.6 |
nfs-volume | 5.0.12 |
routing | 0.216.0 |
silk | 2.38.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.5 |
Release Date: 06/22/2021
1.1.12
2.37.0
0.240.0
6.3.3
3.0.5
2.37.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.12 |
cf-networking | 2.37.0 |
cflinuxfs3 | 0.240.0 |
diego | 2.50.0 |
garden-runc | 1.19.25 |
haproxy | 9.8.0 |
loggregator-agent | 6.3.3 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.5 |
nfs-volume | 5.0.12 |
routing | 0.213.0 |
silk | 2.37.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.0 |
Release Date: 05/27/2021
1.1.11
2.36.0
0.238.0
2.50.0
1.19.25
6.2.1
5.0.12
0.213.0
2.36.0
4.3.0
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.0 |
bpm | 1.1.11 |
cf-networking | 2.36.0 |
cflinuxfs3 | 0.238.0 |
diego | 2.50.0 |
garden-runc | 1.19.25 |
haproxy | 9.8.0 |
loggregator-agent | 6.2.1 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.3 |
nfs-volume | 5.0.12 |
routing | 0.213.0 |
silk | 2.36.0 |
smb-volume | 3.1.0 |
smoke-tests | 4.3.0 |
syslog | 11.7.0 |
Release Date: March 30, 2021
Component | Version |
---|---|
ubuntu-xenial stemcell | 621.113 |
bpm | 1.1.7 |
cf-networking | 2.35.0 |
cflinuxfs3 | 0.229.0 |
diego | 2.49.0 |
garden-runc | 1.19.18 |
haproxy | 9.8.0 |
loggregator-agent | 6.2.0 |
mapfs | 1.2.6 |
metrics-discovery | 3.0.3 |
nfs-volume | 5.0.11 |
routing | 0.211.0 |
silk | 2.35.0 |
smb-volume | 3.1.0 |
smoke-tests | 2.2.0 |
syslog | 11.7.0 |
The Isolation Segment v2.11 tile is available for installation with Ops Manager v2.10.
Isolation segments provide dedicated pools of resources where you can deploy apps and isolate workloads. Using isolation segments separates app resources as completely as if they were in different deployments but avoids redundant management and network complexity. For more information about isolation segments, see Isolation Segments in TAS for VMs Security.
For more information about using isolation segments in your deployment, see Managing Isolation Segments.
The Isolation Segment v2.11 tile is available with the release of Ops Manager v2.10. For more information, see the Ops Manager documentation.
To use the Isolation Segment v2.11 tile, you must install Ops Manager v2.10 and VMware Tanzu Application Service for VMs (TAS for VMs) v2.11 or later.
To install Isolation Segment v2.11, see Installing Isolation Segment.
Isolation Segment v2.11 includes the following major feature:
When validating requests using mutual TLS to back ends and route services, the Gorouter trusts multiple certificate authorities (CAs) by default. In Isolation Segment v2.11, you can configure which CA certificates the Gorouter trusts.
For more information, see Configure Networking in Installing Isolation Segment.
Isolation Segment v2.11 includes the following breaking changes:
In Isolation Segment v2.11, the option to disable SSL certificate verification for an environment is removed.
Before you upgrade to Isolation Segment v2.11, you must deactivate the Disable SSL certificate verification checkbox in the Networking pane of the TAS for VMs tile. For more information, see Configure Networking in Configuring TAS for VMs.
If the Disable SSL certificate verification for this environment checkbox is activated when you try to upgrade to Isolation Segment, the upgrade fails with the following error:
attempt to upgrade to IST 2.11+ with Skip SSL Verification enabled, please disable Skip SSL Verification prior to upgrade by un-checking "Disable SSL certificate verification for this environment" under "Networking"
If you plan to automate the installation of Isolation Segment v2.11, you must remove references to the corresponding property .properties.skip_cert_verify
.
In Isolation Segment v2.11, stricter header standards break Spring apps that incorrectly set the header.
To avoid this breaking change, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base. You must complete the resolution procedure described in this Knowledge Base article before you upgrade to Isolation Segment v2.11.0 or later.
Note: This breaking change is also present in Pivotal Isolation Segment v2.7.30, Pivotal Isolation Segment v2.8.24, Isolation Segment v2.9.18, and Isolation Segment v2.10.10. If you are using any of these versions or earlier, you must upgrade to Pivotal Isolation Segment v2.7.31, Pivotal Isolation Segment v2.8.25, Isolation Segment v2.9.19, or Isolation Segment v2.10.11 before upgrading or jump upgrading to Isolation Segment v2.11. For more information, see Applications on TAS for VMs get 502 chunked response error in the Knowledge Base.
As of Isolation Segment v2.11.20, if you have configured an app log rate limit that measures app log rates in lines per second, Diego immediately drops app logs that exceed the app log rate limit.
In Isolation Segment v2.11.19 and earlier, Diego buffers and releases approximately 5 MB to 10 MB of app logs that exceed the app log rate limit. This behavior has changed in Isolation Segment v2.11.20 because Diego has been upgraded to a newer version.
If this change in behavior causes parts of your deployment to fail, VMware recommends that you either modify any automated scripts that rely on app log output or increase the app log rate limit.
For more information about app log rate limits, see App Log Rate Limiting.
Isolation Segment v2.11 includes the following known issue:
An issue with the Gorouter’s implementation of X-B3-SpanId
and X-B3-TraceId
headers can cause invalid span IDs to be set after updating the X-B3-TraceId
header to the new 16-byte standard. As a result, some applications and libraries invalidate the X-B3-SpanId
value, breaking traces of the application.
This issue affects versions of TAS for VMs that contain routing-release v0.227.0 and v0.228.0.