This topic contains release notes for VMware Tanzu Application Service for VMs [Windows] v2.12.

Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs [Windows] containing that patch.

Warning: Windows stemcells v2019.44 and later include a version of tar that is incompatible with winfs2019-release v2.33.1 and earlier. For more information, see Windows Stemcell v2019.44 is Incompatible with winfs2019-release v2.33.1 and Earlier below.

Before you install the tile, review the Windows Stemcell Compatibility Matrix.


Releases

2.12.20

Release Date: 03/21/2023

  • Bump diego to version 2.72.0
  • Bump envoy-nginx to version 0.15.0
  • Bump garden-runc to version 1.25.0
  • Bump hwc-offline-buildpack to version 3.1.28
  • Bump windowsfs-release to version 2.46.0
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.72.0
envoy-nginx 0.15.0
event-log 0.9.0
garden-runc 1.25.0
windows-syslog 1.1.13
hwc-offline-buildpack 3.1.28
3.1.28
  * Updates github-config (#104)
  * Bump github.com/onsi/gomega from 1.24.2 to 1.26.0
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 21.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 21.0.0 |
  * Uncached buildpack SHA256: 92a52f3346131abbe2472b1f12a2ff4e304aeb6c497b7e3f10a3537be8c1e721
  * Uncached buildpack SHA256: 37813ac6ded74a0e87924a3a9cec19afb6d4e6dfc6a8ef8da83f7d02fecfdc82
          
metrics-discovery 3.2.7
smoke-tests 4.8.2
loggregator-agent 6.5.8
winc 2.10.0
windows-utilities 0.14.0
windowsfs-release 2.46.0

2.12.19

Release Date: 02/28/2023

  • Bump garden-runc to version 1.23.0
  • Bump windows-syslog to version 1.1.13
  • Bump metrics-discovery to version 3.2.7
  • Bump loggregator-agent to version 6.5.8
  • Bump winc to version 2.10.0
  • Bump windowsfs-release to version 2.44.0
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.71.0
envoy-nginx 0.14.0
event-log 0.9.0
garden-runc 1.23.0
windows-syslog 1.1.13
windowsfs-release 2.44.0
v1.1.13
  * update golang to 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.12...v1.1.13
          
v1.1.12
  ## What's Changed
  * use go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/windows-syslog-release/pull/18
  **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.11...v1.1.12
          
hwc-offline-buildpack 3.1.27
metrics-discovery 3.2.7
v3.2.7
  * update golang to 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.6...v3.2.7###
          
v3.2.6
  ## What's Changed
  * Upgrade to go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/104
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.5...v3.2.6
          
v3.2.5
  ## What's Changed
  * Update dependencies
  * Expire individual metrics by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/103
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.4...v3.2.5
          
smoke-tests 4.8.2
loggregator-agent 6.5.8
v6.5.8
  ## What's Changed
  * update dependencies
  * Upgrade to go 1.20.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/224
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.7...v6.5.8
          
winc 2.10.0
windows-utilities 0.14.0

v2.12.18

Release Date: 02/09/2023

  • [Bug Fix] Allows docker app workloads without a sh binary in the docker image to execute properly.
  • Bump loggregator-agent to version 6.5.7
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.71.0
envoy-nginx 0.14.0
event-log 0.9.0
garden-runc 1.22.9
windows-syslog 1.1.11
hwc-offline-buildpack 3.1.27
metrics-discovery 3.2.4
smoke-tests 4.8.2
loggregator-agent 6.5.7
v6.5.7
  ## What's Changed
  * Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/202
  * Update dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.6...v6.5.7
          
winc 2.9.0
windows-utilities 0.14.0
windowsfs-release 2.42.0

v2.12.17

Release Date: 01/30/2023

  • Bump garden-runc to version 1.22.9
  • Bump windowsfs-release to version 2.42.0
Component Version
windows2019 stemcell 2019.44
diego 2.71.0
envoy-nginx 0.14.0
event-log 0.9.0
garden-runc 1.22.9
windows-syslog 1.1.11
hwc-offline-buildpack 3.1.27
metrics-discovery 3.2.4
smoke-tests 4.8.2
loggregator-agent 6.5.6
winc 2.9.0
windows-utilities 0.14.0
windowsfs-release 2.42.0

v2.12.16

Release Date: 01/17/2023

  • Bump diego to version 2.71.0
  • Bump garden-runc to version 1.22.7
  • Bump smoke-tests to version 4.8.2
  • Bump loggregator-agent to version 6.5.6
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.71.0
envoy-nginx 0.14.0
event-log 0.9.0
garden-runc 1.22.7
windows-syslog 1.1.11
hwc-offline-buildpack 3.1.27
metrics-discovery 3.2.4
smoke-tests 4.8.2
4.8.2
  Port assets/ruby_simple to Ruby 3
          
loggregator-agent 6.5.6
v6.5.6
  ## What's Changed
  * fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174
  * updated some dependencies.
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6
          
winc 2.9.0
windows-utilities 0.14.0
windowsfs-release 2.41.0

v2.12.15

Release Date: 12/15/2022

  • [Security Fix] Fix CVE-2022-31733: Unsecured Application Port
  • Bump diego to version 2.70.0
  • Bump envoy-nginx to version 0.14.0
  • Bump hwc-offline-buildpack to version 3.1.27
  • Bump metrics-discovery to version 3.2.4
  • Bump loggregator-agent to version 6.5.5
  • Bump winc to version 2.9.0
  • Bump windowsfs-release to version 2.40.0
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.70.0
envoy-nginx 0.14.0
event-log 0.9.0
garden-runc 1.22.5
windows-syslog 1.1.11
hwc-offline-buildpack 3.1.27
3.1.27
  * Add hwc 21.0.0, remove hwc 20.0.0
  for stack(s) windows2016, windows
  (https://www.pivotaltracker.com/story/show/183726731)
  * Bumps default version to match new HWC version
  * Bumps go.mod go version to 1.19
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 21.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 21.0.0 |
  * Uncached buildpack SHA256: ae83488a72f50d1725fb37fc35e819133ed07af82d872b9fe7fb34e9de18b92e
  * Uncached buildpack SHA256: 2e2e474d7677112021cc892627eddef0768e28835b6ad98117a260ea022e4463
          
metrics-discovery 3.2.4
v3.2.4
  - bump-golang to v0.114.0 for golang 1.19.4
  - Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src
  - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
  - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
  - Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src
  - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
  - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
          
smoke-tests 4.8.1
loggregator-agent 6.5.5
v6.5.5
  - bump-golang to v0.114.0 for golang 1.19.4
  - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
  - Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src
  - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
  - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
  - Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src
  - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
          
winc 2.9.0
windows-utilities 0.14.0

v2.12.14

Release Date: 11/10/2022

  • Bump garden-runc to version 1.22.5
  • Bump windows-syslog to version 1.1.11
  • Bump hwc-offline-buildpack to version 3.1.26
  • Bump metrics-discovery to version 3.2.3
  • Bump smoke-tests to version 4.8.1
  • Bump loggregator-agent to version 6.5.4
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.69.0
envoy-nginx 0.13.0
event-log 0.9.0
garden-runc 1.22.5
windows-syslog 1.1.11
windowsfs-release 2.39.0
hwc-offline-buildpack 3.1.26
3.1.26
  * Update libbuildpack
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 20.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 20.0.0 |
  * Uncached buildpack SHA256: b9b2cec9ada73d9a2933a14e8e56f025c35b02d8bed7e74e20b093a23e13ec43
  * Uncached buildpack SHA256: f633f0f686fc9539ec8f4ef205e778c820602e51434730fd69f7caad4cfb3d4f
          
metrics-discovery 3.2.3
smoke-tests 4.8.1
4.8.1
  Create bosh final release 4.8.1
          
4.8.0
  Create bosh final release 4.8.0
          
4.7.0
  Create bosh final release 4.7.0
          
loggregator-agent 6.5.4
winc 2.8.0
windows-utilities 0.14.0
windowsfs-release 2.40.0

v2.12.13

Release Date: 10/19/2022

  • [Feature Improvement] Add option for file logging and improved event logging. For more information about syslog, see Optional TAS for VMs [Windows] 3.0 compatible syslog option.
  • Bump diego to version 2.69.0
  • Bump envoy-nginx to version 0.13.0
  • Bump garden-runc to version 1.22.4
  • Bump windows-syslog to version 1.1.7
  • Bump metrics-discovery to version 3.2.1
  • Bump loggregator-agent to version 6.5.1
  • Bump winc to version 2.8.0
  • Bump windowsfs-release to version 2.37.0
Component Version
windows2019 stemcell 2019.44
diego 2.69.0
envoy-nginx 0.13.0
event-log 0.9.0
garden-runc 1.22.4
windows-syslog 1.1.7
hwc-offline-buildpack 3.1.25
metrics-discovery 3.2.1
smoke-tests 4.5.0
loggregator-agent 6.5.1
winc 2.8.0
windows-utilities 0.14.0
windowsfs-release 2.37.0

v2.12.12

Release Date: 09/21/2022

  • [Security Fix] Bump Cloud Controller Ruby version to 2.7.6 and Go to 1.18.5
  • [Security Fix] Update Content-Security-Policy
  • [Breaking Change] If you have configured an app log rate limit that measures app log rates in lines per second, Diego immediately drops app logs that exceed the app log rate limit. For more information, see Diego Drops App Logs That Exceed the App Log Rate Limit below.
  • Bump diego to version 2.66.3
  • [Feature] Enables TLS for all internal MySQL galera and monitoring components
  • [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
  • [Known Issue] If Git is not installed in the PATH environment variable for your Windows stemcell when you deploy TAS for VMs [Windows], you may encounter a version control system (VCS) stamping failure. For more information, see Windows Stemcells Without Git Installed Cause VSC Stamping Failures below.
  • Bump envoy-nginx to version 0.11.0
  • Bump garden-runc to version 1.22.2
  • Bump hwc-offline-buildpack to version 3.1.25
  • Bump metrics-discovery to version 3.2.0
  • Bump loggregator-agent to version 6.5.0
  • Bump winc to version 2.7.0
  • Bump windowsfs-release to version 2.35.0
Component Version
windows2019 stemcell 2019.44
diego 2.66.3
envoy-nginx 0.11.0
event-log 0.9.0
garden-runc 1.22.2
hwc-offline-buildpack 3.1.25
metrics-discovery 3.2.0
smoke-tests 4.5.0
loggregator-agent 6.5.0
winc 2.7.0
windows-utilities 0.14.0
windowsfs-release 2.36.0

v2.12.11

Release Date: 08/10/2022

  • Bump metrics-discovery to version 3.1.1
  • Bump loggregator-agent to version 6.4.3
Component Version
windows2019 stemcell 2019.44
diego 2.62.0
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.8
hwc-offline-buildpack 3.1.24
metrics-discovery 3.1.1
smoke-tests 4.5.0
loggregator-agent 6.4.3
winc 2.5.0
windows-utilities 0.14.0

v2.12.10

Release Date: 07/19/2022

  • Bump diego to version 2.62.0
  • Bump garden-runc to version 1.20.8
  • Bump metrics-discovery to version 3.1.0
  • Bump loggregator-agent to version 6.4.2
Component Version
windows2019 stemcell 2019.44
diego 2.62.0
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.8
hwc-offline-buildpack 3.1.24
metrics-discovery 3.1.0
smoke-tests 4.5.0
loggregator-agent 6.4.2
winc 2.5.0
windows-utilities 0.14.0
windowsfs-release 2.35.0

v2.12.9

Release Date: 06/23/2022

Warning: Upcoming breaking changes! In future patches, no sooner than July 1st 2022, some components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components using the Go programming language will be updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. However, the pre-existing configuration for "TLS versions supported by the Gorouter" will still work. This change may not arrive all at once, as Go is used in systems throughout TAS for VMs. There will be a VMware Knowledge Base article about this change published prior to the changes rolling out. These changes will be clearly designated in the release notes of the versions they ship in; a version of this warning will appear on all patch versions until we are confident no systems remain to be updated.

  • Bump diego to version 2.62.0
Component Version
windows2019 stemcell 2019.44
diego 2.62.0
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.6
hwc-offline-buildpack 3.1.24
metrics-discovery 3.0.13
smoke-tests 4.5.0
loggregator-agent 6.4.1
winc 2.5.0
windows-utilities 0.14.0
windowsfs-release 2.35.0

v2.12.8

Release Date: 06/09/2022

Warning: Breaking change. This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn't bump to Go 1.18 until July 1, 2022. This TAS for VMs release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS for VMs release with Diego 2.64.0, then you are safe to continue using it.

  • Bump diego to version 2.64.0
  • Bump garden-runc to version 1.20.6
  • Bump metrics-discovery to version 3.0.13
  • Bump loggregator-agent to version 6.4.1
Component Version
windows2019 stemcell 2019.44
diego 2.64.0
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.6
hwc-offline-buildpack 3.1.24
metrics-discovery 3.0.13
smoke-tests 4.5.0
loggregator-agent 6.4.1
winc 2.5.0
windows-utilities 0.14.0
windowsfs-release 2.35.0

v2.12.7

Release Date: 04/20/2022

  • [Breaking Change] Syslog drains configured to use TLS now reject certificates signed with the SHA-1 hash function.
  • Bump diego to version 2.62.0
  • Bump hwc-offline-buildpack to version 3.1.24
  • Bump metrics-discovery to version 3.0.10
  • Bump loggregator-agent to version 6.3.11
  • Bump winc to version 2.5.0
Component Version Release Notes
windows2019 stemcell 2019.44
diego 2.62.0
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.3
hwc-offline-buildpack 3.1.24
metrics-discovery 3.0.10
v3.0.10
  - fix bug with large messages (#22)
  - bump-golang to v0.100.0(now 1.18)
          
smoke-tests 4.5.0
loggregator-agent 6.3.11
v6.3.11
  - fix bug with large messages (#89)
  - bump-golang to v0.100.0(now 1.18)
          
winc 2.5.0
windows-utilities 0.14.0
windowsfs-release 2.35.0

v2.12.6

Release Date: 03/31/2022

  • Bump diego to version 2.61.0
  • Bump garden-runc to version 1.20.3
  • Bump hwc-offline-buildpack to version 3.1.23
  • Bump metrics-discovery to version 3.0.9
  • Bump loggregator-agent to version 6.3.10
  • Bump windowsfs-release to version 2.35.0
Component Version
windows2019 stemcell 2019.44
diego 2.61.0
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.3
hwc-offline-buildpack 3.1.23
metrics-discovery 3.0.9
smoke-tests 4.5.0
loggregator-agent 6.3.10
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.35.0

v2.12.5

Release Date: 02/28/2022

  • [Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so syslog drains registered using user-provided services cannot contain IP addresses with leading zeros in any octets. This affects properties that are fed into diego-release, garden-runc-release, winc-release, nats-release, and routing-release.
  • [Bug Fix] Smoke tests support for TLSv1.3 only option
  • Bump diego to version 2.58.1
  • Bump envoy-nginx to version 0.9.0
  • Bump garden-runc to version 1.20.0
  • Bump hwc-offline-buildpack to version 3.1.22
  • Bump metrics-discovery to version 3.0.8
  • Bump smoke-tests to version 4.5.0
  • Bump loggregator-agent to version 6.3.8
Component Version
windows2019 stemcell 2019.44
diego 2.58.1
envoy-nginx 0.9.0
event-log 0.9.0
garden-runc 1.20.0
hwc-offline-buildpack 3.1.22
metrics-discovery 3.0.8
smoke-tests 4.5.0
loggregator-agent 6.3.8
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.33.2

v2.12.4

Release Date: 02/08/2022

  • [Security Fix] Diego - Bump containerd to v1.5.9 to fix CVE-2021-43816
  • [Feature Improvement] TAS for VMs [Windows] supports compiled releases
  • [Feature Improvement] Golang v1.17 contains stricter IP parsing standards, so syslog drains registered using user-provided services cannot contain IP addresses with leading zeros in any octets.
  • [Bug Fix] windowsfs-release compilation issue - Cannot extract through symlink
  • Bump diego to version 2.57.0
  • Bump hwc-offline-buildpack to version 3.1.21
  • Bump smoke-tests to version 4.4.0
  • Bump loggregator-agent to version 6.3.7
  • Bump windowsfs-release to version 2.33.2
Component Version
windows2019 stemcell 2019.44
diego 2.57.0
envoy-nginx 0.7.0
event-log 0.9.0
garden-runc 1.19.30
hwc-offline-buildpack 3.1.21
metrics-discovery 3.0.7
smoke-tests 4.4.0
loggregator-agent 6.3.7
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.33.2

v2.12.3

Release Date: 12/15/2021

Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.

  • [Bug Fix] Diego - Envoy v1.19 uses the original TCP connection pool so that it can accept more than 1024 downstream connections
  • [Bug Fix] Smoke Tests uses specified domain for Isolation Segments
  • Bump diego to version 2.54.0
  • Bump metrics-discovery to version 3.0.7
  • Bump smoke-tests to version 4.3.1
  • Bump loggregator-agent to version 6.3.5
Component Version
windows2019 stemcell ~2019
diego 2.54.0
envoy-nginx 0.7.0
event-log 0.9.0
garden-runc 1.19.30
hwc-offline-buildpack 3.1.20
metrics-discovery 3.0.7
smoke-tests 4.3.1
loggregator-agent 6.3.5
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.31.0

v2.12.2

Release Date: 11/23/2021

Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.

  • Bump diego to version 2.53.1
  • Bump hwc-offline-buildpack to version 3.1.20
  • Bump windowsfs-release to version 2.31.0
Component Version
windows2019 stemcell 2019.0
diego 2.53.1
envoy-nginx 0.7.0
event-log 0.9.0
garden-runc 1.19.30
hwc-offline-buildpack 3.1.20
loggregator-agent 6.3.4
metrics-discovery 3.0.6
smoke-tests 4.3.0
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.31.0

v2.12.1

Release Date: 10/20/2021

Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.

  • [Feature Improvement] HTTP/2 toggle disables Diego container proxy ALPN
  • No BOSH release bumps
Component Version
windows2019 stemcell 2019.0
diego 2.53.0
envoy-nginx 0.7.0
event-log 0.9.0
garden-runc 1.19.30
hwc-offline-buildpack 3.1.18
loggregator-agent 6.3.4
metrics-discovery 3.0.6
smoke-tests 4.3.0
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.29.0

v2.12.0

Release Date: October 4, 2021

Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.

Component Version
windows2019 stemcell 2019.0
diego 2.53.0
envoy-nginx 0.7.0
event-log 0.9.0
garden-runc 1.19.30
hwc-offline-buildpack 3.1.18
loggregator-agent 6.3.4
metrics-discovery 3.0.6
smoke-tests 4.3.0
winc 2.3.0
windows-utilities 0.14.0
windowsfs-release 2.29.0

How to Upgrade

The TAS for VMs [Windows] v2.12 tile is available with the release of VMware Tanzu Application Service for VMs (TAS for VMs) v2.12. To use the TAS for VMs [Windows] v2.12 tile, you must install VMware Tanzu Operations Manager v2.10 or later and TAS for VMs v2.12 or later.

New Features in TAS for VMs [Windows] v2.12

TAS for VMs [Windows] v2.12 includes the following major feature:

Gorouter Supports TLS v1.3

In TAS for VMs [Windows] v2.12, the Gorouter supports TLS v1.3. New installations of TAS for VMs use TLS v1.3 for the Gorouter by default. If you are upgrading to TAS for VMs v2.12, the Gorouter uses TLS v1.2 by default.

For more information, see Gorouter Supports TLS v1.3 in VMware Tanzu Application Service for VMs v2.12 Release Notes.

Breaking Changes

TAS for VMs [Windows] v2.12 includes the following breaking changes:

(Beta) Gorouter Can Support TLS v1.3 Connections Only

TLS v1.3 is not compatible with some versions of Java. If you configure TAS for VMs [Windows] to support TLS v1.3 only, you might encounter errors with Java apps. For more information, see JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3 in the JDK Bug System.

The tile property that controls the TLS version in TAS for VMs [Windows] changes in TAS for VMs v2.12. You must update any stored configuration files to reflect the change.

Diego Drops App Logs That Exceed the App Log Rate Limit

As of TAS for VMs [Windows] v2.12.12, if you have configured an app log rate limit that measures app log rates in lines per second, Diego immediately drops app logs that exceed the app log rate limit.

In TAS for VMs [Windows] v2.12.11 and earlier, Diego buffers and releases approximately 5 MB to 10 MB of app logs that exceed the app log rate limit. This behavior has changed in TAS for VMs [Windows] v2.12.12 because Diego has been upgraded to a newer version.

If this change in behavior causes parts of your deployment to fail, VMware recommends that you either modify any automated scripts that rely on app log output or increase the app log rate limit.

For more information about app log rate limits, see App Log Rate Limiting.

Optional TAS for VMs [Windows] 3.0 compatible syslog option

TAS for VMs [Windows] 3.0 includes changes to syslog forwarding. These changes include:

  • Changes in syslog format to better match other tiles.
  • Allows securely forwarding logs with tls enabled.
  • Includes bosh logs to match other tiles and to aid in debugging and auditing the system.

These changes will only be enabled if you turn off compatibility_mode in the system logging window of the settings.

The formatting changes are detailed as follows:

  • The priority is changed from kernel/debug(7) to user/info(14).
  • The app name is changed from Microsoft-Windows-Security-Auditing to event_logger.
  • The process number is changed from a numerical process ID to rs2.
  • Logs contain structured data for instance and deployment details.
  • The event log JSON string includes additional fields.
  • In the event log JSON string, field names are written in camel case.
  • In the event log JSON string, fields may appear in a different order.

The following example shows the previous log format:

<7>1 2022-07-06T22:19:38.1413061Z 10.0.4.14 Microsoft-Windows-Security-Auditing 160 - - {"message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-7F65ECCF-0D0$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1f7c\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x248\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","source":"Microsoft-Windows-Security-Auditing"}

The following example shows the new log format:

<14>1 2022-07-11T22:27:08.279742Z 10.0.4.12 event_logger rs2 - [instance@47450 az="us-central1-b" deployment="pas-windows-dfc8956c7081f9369571" director="" group="windows_diego_cell" id="d0564a0e-684f-4b58-99ee-6a59d1e7caf8"] {"MachineName":"vm-c5547227-c4fa-44ae-79d0-ee56f96e82a4","Data":[],"Index":162257,"Category":"(13312)","CategoryNumber":13312,"EventID":4688,"EntryType":8,"Message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-C5547227-C4F$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1590\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x1120\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","Source":"Microsoft-Windows-Security-Auditing","ReplacementStrings":["S-1-5-18","VM-C5547227-C4F$","WORKGROUP","0x3e7","0x1590","C:\Windows\System32\wbem\WMIC.exe","%%1936","0x1120","","S-1-0-0","-","-","0x0","C:\bosh\bosh-agent.exe","S-1-16-16384"],"InstanceId":4688,"TimeGenerated":"\/Date(1657578421000)\/","TimeWritten":"\/Date(1657578421000)\/","UserName":null,"Site":null,"Container":null}

Known Issues

TAS for VMs [Windows] v2.12 includes the following known issues:

Upgrades Fail When the Stemcell Does Not Change

If you upgrade to a version of TAS for VMs [Windows] that uses the same stemcell, TAS for VMs [Windows] can fail to create containers, causing the deployment to fail. If there are stemcell changes or if the Microsoft base layer changes, this error is unlikely to occur.

For more information, see Failure to create containers when upgrading with shared Microsoft base image in the VMware Tanzu Knowledge Base.

Smoke Tests Fail When Isolation Segment is Deployed

The Smoke Test errand runs extra, failing tests when TAS for VMs [Windows] is deployed with Isolation Segment. They are “Compute isolation disabled” and “Application Workflow Linux Applications”.

To work around this issue, disable Smoke Tests. For more information, see Windows Tile smoke-tests fails for isolation segment segments in the VMware Tanzu Knowledge Base.

Windows Stemcell v2019.44 is Incompatible with winfs2019-release v2.33.1 and Earlier

Windows stemcells v2019.44 and later include a newer version of tar that is incompatible with winfs2019-release v2.33.1 and earlier. TAS for VMs [Windows] deployments that use Windows stemcells v2019.44 and later cannot untar winfs2019-release v2.33.1 and earlier. Compatible Windows stemcells for winfs2019-release v2.33.1 and earlier include v2019.0 through v2019.43.

Windows Stemcells Without Git Installed Cause VSC Stamping Failures

If Git is not installed either on your Windows stemcell or in the PATH environment variable for your Windows stemcell when you deploy TAS for VMs [Windows] v2.12.12, you may see the following error:

Stderr: 	Use -buildvcs=false to disable VCS stamping.

This occurs because some TAS for VMs [Windows] v2.12.12 use Go v1.18, which embeds VSC information in binaries. As a result, releases that contain .git files require that Git is installed either on your Windows stemcell or in the PATH for your Windows stemcell. If you do not have Git installed in either location and have not set the buildvcs property to false, Go v1.18 fails to build the release.

TAS for VMs [Windows] v2.12.12 contains windows2019fs-release. Because windows2019fs-release contains .git files, deployments of TAS for VMs [Windows] v2.12.12 using Windows stemcells that do not have Git installed on them or in their PATH fail with the VSC stamping error above.

check-circle-line exclamation-circle-line close-line
Scroll to top icon