Here you will find the release notes for Isolation Segment v2.13.

VMware Tanzu Application Service for VMs (TAS for VMs) is certified by the Cloud Foundry Foundation for 2023.

For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.

Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs containing that patch.

Important

For release 2.13.21 to 2.13.36, CVE-2024-22279 (VMware Tanzu Application Service for VMs GoRouter contains an RFC protocol issue that can lead to a denial of service) has been fixed. For details, see TNZ-2024-0100.


Releases

2.13.37

Release Date: 05/29/2024

  • [Bug Fix] Remove replication-canary
  • [Bug fix] Automatically restart Route Emitter after multiple failed attempts to greet Gorouter. This fixes a rare bug that prevented Route Emitter from being able to register routes.
  • Bump bpm to version 1.2.19
  • Bump diego to version 2.99.0
  • Bump garden-runc to version 1.53.0
  • Bump mapfs to version 1.2.70
  • Bump nfs-volume to version 7.1.66
  • Bump routing to version 0.298.0
  • Bump smb-volume to version 3.1.68
Component Version Release Notes
ubuntu-xenial stemcell 621.958
bpm 1.2.19
cf-networking 3.46.0
cflinuxfs3 0.387.0
cf-cli 1.60.0
count-cores-indicator 2.0.0
diego 2.99.0
v2.99.0
  ## Changes
  - Do not remove evacuating actual LRP during cleanup ([rep#53](https://github.com/cloudfoundry/rep/pull/53))
  - Add additional retries when apps make use of credhub for credentials. ([buildpackapplifecycle#71](https://github.com/cloudfoundry/buildpackapplifecycle/pull/71))
  - Prevent panics in BBS by checking for all types of errors ([bbs#95](https://github.com/cloudfoundry/bbs/pull/95))
  - Add retry logic and more explicit failure in router emitter start-up ([router-emitter#34](https://github.com/cloudfoundry/route-emitter/pull/34))
  - Bump envoy blob version to `1.28.3`
  - Go mod dependency bumps
  ## ✨  Built with go 1.22.3
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.98.0...v2.99.0
  ## Resources
  - [Download release 2.99.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.99.0).
          
garden-runc 1.53.0
v1.53.0
  ## Changes
  - **DEPRECATION NOTICE** The `garden.experimental_use_containerd_mode_for_processes` property and usage of Garden when run in containerd mode for processes is now deprecated and no longer tested.
  -  **DEFAULT CHANGE** - The default mode for garden containers is now containerd. This has been the default in cf-deployment since 2018.
  -  **REMOVAL OF EXPERIMENTAL FUNCTIONALITY NOTICE**  The experimental option to run the garden server process in rootless mode has been removed, as it did not work as expected and was an abandoned feature.
  - Go package dependency bumps
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden-binaries/spec b/jobs/garden-binaries/spec
  index 0433639a..a8a96bae 100644
  --- a/jobs/garden-binaries/spec
  +++ b/jobs/garden-binaries/spec
  @@ -15,7 +15,6 @@ packages:
  - grootfs
  - xfs-progs
  - thresholder
  -  - netplugin-shim
  - dontpanic
  - tini
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index 027df351..093e53e1 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -36,7 +36,6 @@ packages:
  - grootfs
  - xfs-progs
  - thresholder
  -  - netplugin-shim
  - dontpanic
  - tini
  @@ -199,10 +198,6 @@ properties:
  description: AppArmor profile to use for unprivileged container processes
  default: garden-default
  -  garden.experimental_rootless_mode:
  -    description: A boolean stating whether or not to run garden-server as a non-root user
  -    default: false
  -
  # We believe this defaults to false to help concourse: https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.5.0
  # For diego/cf, this should be set to true
  garden.cleanup_process_dirs_on_wait:
  @@ -210,8 +205,8 @@ properties:
  default: false
  garden.containerd_mode:
  -    description: "Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm or rootless"
  -    default: false
  +    description: "Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm"
  +    default: true
  garden.tcp_keepalive_time:
  description: Sets the `net.ipv4.tcp_keepalive_time` kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
  @@ -229,7 +224,7 @@ properties:
  description: Sets the `net.ipv4.tcp_retries2` kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
  garden.experimental_use_containerd_mode_for_processes:
  -    description: "(Under development) Use containerd for container process management. Must be used with containerd_mode also set to true. NOTE: cannot be used in combination with bpm or rootless"
  +    description: "(Deprecated) No longer used/tested."
  default: false
  garden.experimental_cpu_throttling:
  diff --git a/jobs/gats/spec b/jobs/gats/spec
  index 916a35eb..065e3ace 100644
  --- a/jobs/gats/spec
  +++ b/jobs/gats/spec
  @@ -22,12 +22,6 @@ properties:
  garden_test_rootfs:
  description: Test rootfs to use
  default: 'docker:///cloudfoundry/garden-rootfs'
  -  containerd_for_processes:
  -    description: Run GATS with CONTAINERD_FOR_PROCESSES_ENABLED
  -    default: false
  -  rootless:
  -    description: Run GATS with ROOTLESS env var
  -    default: false
  cpu_throttling:
  description: Run GATS with CPU_THROTTLING_ENABLED
  default: false
  ```
  ## ✨  Built with go 1.22.3
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.52.0...v1.53.0
  ## Resources
  - [Download release 1.53.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.53.0).
          
haproxy 11.17.4
loggregator-agent 6.5.19
mapfs 1.2.70
v1.2.70
  ## Changes
  * Golang: Updated to v1.22.3. (#259)
  ## Dependencies
  * **v2:** Updated to v2.17.3.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`0de16f2`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.69
  ## Dependencies
  * **v2:** Updated to v2.17.2.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.33.1.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`7f382bc`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.24
nfs-volume 7.1.66
v7.1.66
  ## Dependencies
  * **v2:** Updated to v2.17.3.
For more information, see [v2](https://github.com/onsi/ginkgo). * **nfsbroker:** Updated to v`90964d1`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`4d13326`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.65
  ## Changes
  * Golang: Updated to v1.22.3 (#920)
  * Bump util-linux from 2.40 to 2.40.1 (#922)
  * Change nfsv3driver statd default port to `41793` (non-ephemeral) (#909)
  * Use newest cf-cli available (#913)
  ## Dependencies
  * **nfsbroker:** Updated to v`071d3d8`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`49ad37b`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.64
  ## Dependencies
  * **gomega:** Updated to v1.33.1.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`33b1b44`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`2e98b36`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.298.0
v0.298.0
  ## Changes
  - :bug: Improve support for requests using the Expect: 100-continue header.
  - :bug: The missing_content_length_header metric introduced in 0.297.0 has been renamed  to empty_content_length_header for more accuracy. Thanks @peanball!
  - :bug: The empty_content_length_header was fixed to more accurately capture events when the content-length header of a request was empty. Previously extra request types were being included erroneously.
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 712a761f..8269440b 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -306,6 +306,9 @@ properties:
  router.keep_alive_probe_interval:
  default: 1s
  description: Interval between TCP keep alive probes. Value is a string (e.g. "10s")
  +  router.keep_alive_100_continue_requests:
  +    description: "If set gorouter reuses backend connection for requests expecting 100-Continue"
  +    default: false
  router.force_forwarded_proto_https:
  description: "Enables setting X-Forwarded-Proto header if SSL termination happened upstream and incorrectly set the header value. When this property is set to true gorouter sets the header X-Forwarded-Proto to https. When this value set to false, gorouter set the header X-Forwarded-Proto to the protocol of the incoming request"
  default: false
  ```
  ## ✨  Built with go 1.22.3
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.297.0...v0.298.0
  ## Resources
  - [Download release 0.298.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.298.0).
          
v0.297.0
  ## Changes
  - **🐛FIXES KNOWN ISSUE** Gorouter now correctly returns the status code provided by backends for workflows using 100-continue, or other 1xx interim status codes.  Thanks for catching this @plowin @domdom82 and thanks @geofffranks for the quick fix!
  - 🐛The TLS listener for the health status endpoint in gorouter now handles custom cipher-suites that do not include any of the required HTTP/2 ciphers. Thanks @MarcPaquette + @geofffranks!
  - 🐛 Failing to establish a TCP connection to a backend no longer causes a panic when setting up a WebSocket connection. Thanks @domdom82!
  - ✨The health status endpoint for gorouter is now able to log error messages encountered when it starts up, to aid in troubleshooting. Thanks @MarcPaquette and @geofffranks !
  - ✨Gorouter now provides a `missing_content_length_header` metric that will flag requests that would have been hit by Golang 1.22's new check to reject requests that have an empty content-length header. This can be used to determine if an environment will be affected by disabling the `go.httplaxcontentlength` gorouter property. Thanks @mariash!
  - **NOTE:** The metric is counting requests unaffected by the new golang behavior and will be updated in 0.298.0+, where it is also renamed to `empty_content_length_header`.
  - ✨Route registrar now allows operators to specify load blancing algorithms for individual routes. Thanks @b1tamara and @domdom82 !
  - Bumped to golang 1.22.3
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
  index c51dbb9f..de81a0e8 100644
  --- a/jobs/route_registrar/spec
  +++ b/jobs/route_registrar/spec
  @@ -125,7 +125,8 @@ properties:
  with error, the route is unregistered.
  router_group (required, string, for tcp routes): Name of the router group to which the TCP route should be added.
  external_port (required, string, for tcp routes): Port that the TCP router will listen on.
  -        server_cert_domain_name_modifier (optional, string, for sni routes): a regex replace to help with complicated hostnames
  +        server_cert_domain_name_modifier (optional, string, for sni routes): a regex replace to help with complicated hostnames.
  +        options (optional, object, for http routes): Custom per-route options
  health_check object
  name (required, string): Human-readable reference for the healthcheck
  @@ -135,6 +136,9 @@ properties:
  the script is terminated with `SIGKILL` and the route is unregistered. Value is a string (e.g. "10s") and must parse to a positive time duration i.e. "-5s" is not permitted. Must be less than the value of `registration_interval`.
  Default: Half of the value of `registration_interval`
  +      options object
  +        lb_algo (optional, string): Load balancing algorithm for routing incoming requests to the backend: 'round-robin' or 'least-connection'. In cases where this option is not specified, the algorithm defined in gorouter spec is applied.
  +
  example: |
  - name: my-service
  uris:
  @@ -150,6 +154,8 @@ properties:
  script_path: /path/to/script
  timeout: 5s
  route_service_url: https://my-oauth-proxy-route-service.example.com
  +        options:
  +          lb_algo: least-connection
  - name: my-tls-endpoint
  tls_port: 12346
  server_cert_domain_san: "my-tls-endpoint.internal.com"
  ```
  ## ✨  Built with go 1.22.3
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.296.0...v0.297.0
  ## Resources
  - [Download release 0.297.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.297.0).
          
silk 3.46.0
smb-volume 3.1.68
v3.1.68
  ## Changes
  * Golang: Updated to v1.22.3 (#408)
  ## Dependencies
  * **v2:** Updated to v2.17.3.
For more information, see [v2](https://github.com/onsi/ginkgo). * **smbbroker:** Updated to v`17a844f`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`9ccf77c`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.67
  ## Changes
  * Use newest cf-cli available (#405)
  ## Dependencies
  * **v2:** Updated to v2.17.2.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.33.1.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`490615c`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`fa2b5d0`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.10.0
syslog 11.8.18

2.13.36

Release Date: 05/01/2024

Caution This release is susceptible to a known issue where Gorouter returns an incorrect HTTP status code in response to requests with an "HTTP 100 Continue" interim status header. To resolve this issue, see the Broadcom Knowledge Base article Gorouter Returns wrong HTTP response code to client when the request flow uses HTTP 100-continue.

  • Bump cf-networking to version 3.46.0
  • Bump diego to version 2.98.0
  • Bump garden-runc to version 1.52.0
  • Bump mapfs to version 1.2.68
  • Bump nfs-volume to version 7.1.63
  • Bump routing to version 0.296.0
  • Bump silk to version 3.46.0
  • Bump smb-volume to version 3.1.66
Component Version Release Notes
ubuntu-xenial stemcell 621.924
bpm 1.2.18
cf-networking 3.46.0
v3.46.0
  ## Changes
  - Bump Golang to 1.22
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/performance-test-sd/spec b/jobs/performance-test-sd/spec
  index c89d50f5..0583340e 100644
  --- a/jobs/performance-test-sd/spec
  +++ b/jobs/performance-test-sd/spec
  @@ -6,7 +6,7 @@ templates:
  config.json.erb: config.json
  packages:
  -  - golang-1.21-linux
  +  - golang-1.22-linux
  - performance-test-sd
  consumes:
  ```
  ## ✨  Built with go 1.22.2
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.45.0...v3.46.0
  ## Resources
  - [Download release 3.46.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.46.0).
          
cflinuxfs3 0.387.0
cf-cli 1.60.0
count-cores-indicator 2.0.0
diego 2.98.0
v2.98.0
  ## Changes
  - Update Golang to 1.22
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
  index 7eb920159..d61278357 100644
  --- a/jobs/vizzini/spec
  +++ b/jobs/vizzini/spec
  @@ -1,7 +1,7 @@
  ---
  name: vizzini
  packages:
  -  - golang-1.21-linux
  +  - golang-1.22-linux
  - vizzini
  templates:
  ```
  ## ✨  Built with go 1.22.2
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.97.0...v2.98.0
  ## Resources
  - [Download release 2.98.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.98.0).
          
garden-runc 1.52.0
v1.52.0
  ## Changes
  - Bump Golang to 1.22
  ## ✨  Built with go 1.22.2
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.51.0...v1.52.0
  ## Resources
  - [Download release 1.52.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.52.0).
          
haproxy 11.17.4
loggregator-agent 6.5.19
mapfs 1.2.68
v1.2.68
  ## Dependencies
  * **gomega:** Updated to v1.33.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`3fb73af`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.67
  ## Dependencies
  * **mapfs:** Updated to v`b5baec0`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.24
nfs-volume 7.1.63
v7.1.63
  ## Changes
  * Add final release 7.1.62 [ci skip]
  ## Dependencies
  * **gomega:** Updated to v1.33.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`5d71277`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`31062e6`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.62
  ## Changes
  * Bump sqlite from 3.45.2 to 3.45.3 (#881)
  ## Dependencies
  * **nfsbroker:** Updated to v`680bc33`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`279655c`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.296.0
v0.296.0
  ## Changes
  - Pass availability zone in route-registrar for AZ-aware routing of system components
  - Bump Golang to 1.22
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/acceptance_tests/spec b/jobs/acceptance_tests/spec
  index e1a6a9ae..8122ddaf 100644
  --- a/jobs/acceptance_tests/spec
  +++ b/jobs/acceptance_tests/spec
  @@ -7,7 +7,7 @@ templates:
  bpm.yml.erb: config/bpm.yml
  packages:
  - - golang-1.21-linux
  + - golang-1.22-linux
  - acceptance_tests
  - rtr
  - cf-cli-8-linux
  diff --git a/jobs/smoke_tests/spec b/jobs/smoke_tests/spec
  index b230192b..02edfd9d 100644
  --- a/jobs/smoke_tests/spec
  +++ b/jobs/smoke_tests/spec
  @@ -7,7 +7,7 @@ templates:
  bpm.yml.erb: config/bpm.yml
  packages:
  - - golang-1.21-linux
  + - golang-1.22-linux
  - acceptance_tests
  - cf-cli-8-linux
  ```
  ## ✨  Built with go 1.22.2
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.295.0...v0.296.0
  ## Resources
  - [Download release 0.296.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.296.0).
          
silk 3.46.0
v3.46.0
  ## Changes
  - Bump Golang to 1.22
  ## ✨  Built with go 1.22.2
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.45.0...v3.46.0
  ## Resources
  - [Download release 3.46.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.46.0).
          
smb-volume 3.1.66
v3.1.66
  ## Changes
  * Add final release 3.1.65 [ci skip]
  ## Dependencies
  * **smbbroker:** Updated to v`b2fb57d`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`2335f8e`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.10.0
syslog 11.8.18

2.13.35

Release Date: 04/17/2024

Caution This release is susceptible to a known issue where Gorouter returns an incorrect HTTP status code in response to requests with an "HTTP 100 Continue" interim status header. To resolve this issue, see the Broadcom Knowledge Base article Gorouter Returns wrong HTTP response code to client when the request flow uses HTTP 100-continue.

  • [Feature] Add option to enable concurrent read/writes for HTTP/1
  • Bump bpm to version 1.2.18
  • Bump cf-networking to version 3.45.0
  • Bump diego to version 2.97.0
  • Bump garden-runc to version 1.51.0
  • Bump loggregator-agent to version 6.5.19
  • Bump mapfs to version 1.2.66
  • Bump metrics-discovery to version 3.2.24
  • Bump nfs-volume to version 7.1.61
  • Bump routing to version 0.295.0
  • Bump silk to version 3.45.0
  • Bump smb-volume to version 3.1.64
  • Bump smoke-tests to version 4.10.0
  • Bump syslog to version 11.8.18
Component Version Release Notes
ubuntu-xenial stemcell 621.924
bpm 1.2.18
cf-networking 3.45.0
v3.45.0
  ## Changes
  - Go dependency bumps
  - Added config for staticcheck
  - Removed references to consul from documentation
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/policy-server-asg-syncer/spec b/jobs/policy-server-asg-syncer/spec
  index 748c39a7..4c6c9a4e 100644
  --- a/jobs/policy-server-asg-syncer/spec
  +++ b/jobs/policy-server-asg-syncer/spec
  @@ -109,7 +109,7 @@ properties:
  description: "Trusted CA for UAA server."
  uaa_hostname:
  -    description: "Host name for the UAA server.  E.g. the service advertised via Consul DNS.  Must match common name in the UAA server cert. Must be listed in `uaa.zones.internal.hostnames`."
  +    description: "Host name for the UAA server.  E.g. the service advertised via Bosh DNS.  Must match common name in the UAA server cert. Must be listed in `uaa.zones.internal.hostnames`."
  default: uaa.service.cf.internal
  uaa_port:
  diff --git a/jobs/policy-server-internal/spec b/jobs/policy-server-internal/spec
  index 7095775d..029e723f 100644
  --- a/jobs/policy-server-internal/spec
  +++ b/jobs/policy-server-internal/spec
  @@ -41,7 +41,7 @@ properties:
  default: 31946
  health_check_timeout_seconds:
  -    description: "Health check timeout for Consul DNS."
  +    description: "Health check timeout"
  default: 5
  internal_listen_port:
  @@ -52,7 +52,7 @@ properties:
  description: "Trusted CA certificate that was used to sign the vxlan policy agent's client cert and key."
  server_cert:
  -    description: "Server certificate for TLS. Must have common name that matches the Consul DNS name of the policy server, eg `policy-server.service.cf.internal`."
  +    description: "Server certificate for TLS. Must have common name that matches the Bosh DNS name of the policy server, eg `policy-server.service.cf.internal`."
  server_key:
  description: "Server key for TLS."
  diff --git a/jobs/policy-server/spec b/jobs/policy-server/spec
  index 0d9f5157..8e2ccfa8 100644
  --- a/jobs/policy-server/spec
  +++ b/jobs/policy-server/spec
  @@ -101,7 +101,7 @@ properties:
  description: "Trusted CA for UAA server."
  uaa_hostname:
  -    description: "Host name for the UAA server.  E.g. the service advertised via Consul DNS.  Must match common name in the UAA server cert. Must be listed in `uaa.zones.internal.hostnames`."
  +    description: "Host name for the UAA server.  E.g. the service advertised via Bosh DNS.  Must match common name in the UAA server cert. Must be listed in `uaa.zones.internal.hostnames`."
  default: uaa.service.cf.internal
  uaa_port:
  ```
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.44.0...v3.45.0
  ## Resources
  - [Download release 3.45.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.45.0).
          
cflinuxfs3 0.387.0
cf-cli 1.60.0
count-cores-indicator 2.0.0
diego 2.97.0
v2.97.0
  ## Changes
  - Adds support for comma-delimited destinations in ASGs
  - See: https://github.com/cloudfoundry/executor/pull/96 and https://github.com/cloudfoundry/bbs/pull/94
  - Bump bosh package blobs
  - Bumps `jq` to `1.7.1`
  - Bumps `tar`
  - Bump go.mod dependencies
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.96.0...v2.97.0
  ## Resources
  - [Download release 2.97.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.97.0).
          
v2.96.0
  ## Changes
  - Bump to golang 1.21.8
  - Golang package dependency bumps
  - Includes moving from docker v20 to docker v26
  - Includes moving from pgx v3 to pgx v5
  - Remove references to Consul from boshrelease + documentation
  - Many fixes to remove deprecated code and otherwise fix linter violations.
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.95.0...v2.96.0
  ## Resources
  - [Download release 2.96.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.96.0).
          
garden-runc 1.51.0
v1.51.0
  ## Changes
  - Bumped Golang to 1.21.8
  - Golang package dependency bumps
  - Many updates to get codebase passing the staticcheck linker
  - Updated garden-integration-tests to be a little less flakey
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.50.0...v1.51.0
  ## Resources
  - [Download release 1.51.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.51.0).
          
haproxy 11.17.4
loggregator-agent 6.5.19
v6.5.19
  ## What's Changed
  * Bump dependencies
  * Bump to [go1.21.9](https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/m/khALNYGdAAAJ)
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.18...v6.5.19
          
mapfs 1.2.66
v1.2.66
  ## Dependencies
  * **mapfs:** Updated to v`b0b6bfa`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.65
  ## Changes
  * Golang: Updated to v1.22.2. (#241)
  ## Dependencies
  * **mapfs:** Updated to v`a80b833`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.64
  ## Dependencies
  * **v2:** Updated to v2.17.1.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`cd8e7e6`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.63
  ## Dependencies
  * **v2:** Updated to v2.17.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`5381efc`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.24
v3.2.24
  ## What's Changed
  * Bump dependencies
  * Bump to [go1.21.9](https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M/m/khALNYGdAAAJ)
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.23...v3.2.24
          
nfs-volume 7.1.61
v7.1.61
  ## Changes
  * Golang: Updated to v1.22.2 (#860)
  * Bump openssl- from 3.2.1 to 3.3.0 (#871)
  ## Dependencies
  * **nfsbroker:** Updated to v`1a70719`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`35b8c6f`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.60
  ## Dependencies
  * **nfsbroker:** Updated to v`8aec99d`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`fb67285`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.59
  ## Changes
  * Bump util-linux from 2.39.3 to 2.40 (#853)
  ## Dependencies
  * **nfsbroker:** Updated to v`7bc7bb0`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`15c152b`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.58
  ## Dependencies
  * **nfsbroker:** Updated to v`e850d95`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`8af81b5`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.295.0
v0.295.0
  ## Changes
  - Resolves #401 by reverting the removal of the deprecated BuildNameToCertificate() call
  - Bumps to golang 1.21.9 + golang.org/x/net 0.23.0 to patch CVE-2023-45288
  ## ✨  Built with go 1.21.9
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.294.0...v0.295.0
  ## Resources
  - [Download release 0.295.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.295.0).
          
v0.294.0
  ⚠️ This release contains a known issue: gorouter will no longer present the most specific certificate match but rather the first certificate that matches. See https://github.com/cloudfoundry/routing-release/issues/401 for details. Upgrading to routing-release 0.295.0 is advised. ⚠️
  ## Changes
  - [Bump haproxy to 2.8.7](https://github.com/cloudfoundry/routing-release/commit/13b39eb5185656c3557c1ab15b5b13752b2ff6d8)
  - [update templates to not refer to consul](https://github.com/cloudfoundry/routing-release/commit/8216c056b1463bd1d7bf636a749568f70cb924d2)
  - [Default the routing_api.enabled_api_endpoints to mtls](https://github.com/cloudfoundry/routing-release/commit/2e96c2c932f7f945c3c7c15a768d0affc80de446)
  - [Update template test for mTLS routing api default](https://github.com/cloudfoundry/routing-release/commit/469d9e0a4eb0ac6015695ba27c6da80576b29801)
  - [Upgrade cf-cli-8-linux](https://github.com/cloudfoundry/routing-release/commit/b19a25052ed7982c83524ac87d22ed2f316201a2)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/routing-api/spec b/jobs/routing-api/spec
  index 1d7efe3c..2e5cd361 100644
  --- a/jobs/routing-api/spec
  +++ b/jobs/routing-api/spec
  @@ -95,7 +95,7 @@ properties:
  routing_api.enabled_api_endpoints:
  description: "Protocols that the routing api will listen on. Possible values: 'mtls', or 'both' (mTLS + HTTP)"
  -    default: "both"
  +    default: "mtls"
  routing_api.mtls_port:
  description: "Port on which Routing API is running, listening with mTLS."
  default: 3001
  ```
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.293.0...v0.294.0
  ## Resources
  - [Download release 0.294.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.294.0).
          
silk 3.45.0
v3.45.0
  ## Changes
  - Fixes to stop using deprecated code in tests (`net.Error.Temporary()`)
  - Remove consul references from documentation
  - Fix issues bumping the code.cloudfoundry.org/executor package
  - Go package bumps
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/silk-controller/spec b/jobs/silk-controller/spec
  index a0966a01..cc7529a8 100644
  --- a/jobs/silk-controller/spec
  +++ b/jobs/silk-controller/spec
  @@ -45,11 +45,11 @@ properties:
  default: 46455
  health_check_port:
  -    description: "Health check port for silk controller. Used by the Consul DNS health check."
  +    description: "Health check port for silk controller. Used by the Bosh DNS health check."
  default: 19683
  health_check_timeout_seconds:
  -    description: "Health check timeout for Consul DNS."
  +    description: "Health check timeout"
  default: 5
  listen_ip:
  @@ -64,7 +64,7 @@ properties:
  description: "Trusted CA certificate that was used to sign the silk daemon client cert and key."
  server_cert:
  -    description: "Server certificate for TLS. Must have common name that matches the Consul DNS name of the silk controller, eg silk-controller.service.cf.internal"
  +    description: "Server certificate for TLS. Must have common name that matches the Bosh DNS name of the silk controller, eg silk-controller.service.cf.internal"
  server_key:
  description: "Server key for TLS."
  diff --git a/jobs/silk-daemon/spec b/jobs/silk-daemon/spec
  index 7a1525b3..e3786357 100644
  --- a/jobs/silk-daemon/spec
  +++ b/jobs/silk-daemon/spec
  @@ -70,7 +70,7 @@ properties:
  default: 3457
  silk_controller.hostname:
  -    description: "Host name for the silk controller.  E.g. the service advertised via Consul DNS.  Must match common name in the silk_controller.server_cert"
  +    description: "Host name for the silk controller.  E.g. the service advertised via Bosh DNS.  Must match common name in the silk_controller.server_cert"
  default: "silk-controller.service.cf.internal"
  silk_controller.listen_port:
  diff --git a/jobs/vxlan-policy-agent/spec b/jobs/vxlan-policy-agent/spec
  index 3118022b..802f04bb 100644
  --- a/jobs/vxlan-policy-agent/spec
  +++ b/jobs/vxlan-policy-agent/spec
  @@ -41,7 +41,7 @@ properties:
  default: false
  policy_server.hostname:
  -    description: "Host name for the policy server.  E.g. the service advertised via Consul DNS.  Must match common name in the policy_server.server_cert"
  +    description: "Host name for the policy server.  E.g. the service advertised via Bosh DNS.  Must match common name in the policy_server.server_cert"
  default: "policy-server.service.cf.internal"
  policy_server.internal_listen_port:
  ```
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.44.0...v3.45.0
  ## Resources
  - [Download release 3.45.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.45.0).
          
smb-volume 3.1.64
v3.1.64
  ## Dependencies
  * **smbbroker:** Updated to v`02f340b`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`fb88dd0`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.63
  ## Changes
  * Golang: Updated to v1.22.2 (#381)
  ## Dependencies
  * **smbbroker:** Updated to v`b380e77`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`0c36c10`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.62
  ## Dependencies
  * **v2:** Updated to v2.17.1.
For more information, see [v2](https://github.com/onsi/ginkgo). * **smbbroker:** Updated to v`f176916`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`5ee16dc`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.61
  ## Dependencies
  * **v2:** Updated to v2.17.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.32.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`bab4864`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`7f3242d`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.10.0
4.10.0
  Create bosh final release 4.10.0
          
4.9.5
  Create bosh final release 4.9.5
  ## What's Changed
  * Upgrade Golang to 1.22 by @tas-operability-bot in https://github.com/pivotal/smoke-tests/pull/138
  **Full Changelog**: https://github.com/pivotal/smoke-tests/compare/4.9.5...4.9.5
          
syslog 11.8.18
v11.8.18
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.21.9
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.17...v11.8.18
          

2.13.34

Release Date: 03/22/2024

Caution This release is susceptible to a known issue where Gorouter returns an incorrect HTTP status code in response to requests with an "HTTP 100 Continue" interim status header. To resolve this issue, see the Broadcom Knowledge Base article Gorouter Returns wrong HTTP response code to client when the request flow uses HTTP 100-continue.

  • [Known Issue] A Gorouter bug can cause an incorrect certificate to be presented to clients, depending on the order in which the clients were specified in TAS configuration. This is fixed in routing-release version 0.295.0
  • [Bug Fix] Fix “routine” garden container disk cleanup option
  • Bump bpm to version 1.2.17
  • Bump cf-networking to version 3.44.0
  • Bump cflinuxfs3 to version 0.387.0
  • Bump cf-cli to version 1.60.0
  • Bump diego to version 2.95.0
  • Bump garden-runc to version 1.50.0
  • Bump loggregator-agent to version 6.5.18
  • Bump mapfs to version 1.2.62
  • Bump metrics-discovery to version 3.2.23
  • Bump nfs-volume to version 7.1.57
  • Bump routing to version 0.293.0
  • Bump silk to version 3.44.0
  • Bump smb-volume to version 3.1.60
  • Bump syslog to version 11.8.17
Component Version Release Notes
ubuntu-xenial stemcell 621.897
bpm 1.2.17
cf-networking 3.44.0
v3.44.0
  ## Changes
  - staticcheck improvements
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.43.0...v3.44.0
  ## Resources
  - [Download release 3.44.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.44.0).
          
v3.43.0
  ## Changes
  - Removes deprecated and unused/unworking istio code from the release.
  - Go package dependency bumps
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/bosh-dns-adapter/spec b/jobs/bosh-dns-adapter/spec
  index 8d73a6b4..fba2cdba 100644
  --- a/jobs/bosh-dns-adapter/spec
  +++ b/jobs/bosh-dns-adapter/spec
  @@ -21,9 +21,6 @@ consumes:
  - name: cloud_controller_container_networking_info
  type: cloud_controller_container_networking_info
  optional: true
  -  - name: vip_resolver_conn
  -    type: vip_resolver_conn
  -    optional: true
  properties:
  cf_app_sd_disable:
  ```
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.42.0...v3.43.0
  ## Resources
  - [Download release 3.43.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.43.0).
          
cflinuxfs3 0.387.0
v0.387.0
  This release ships with cflinuxfs3 version 0.387.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.387.0)
          
v0.386.0
  This release ships with cflinuxfs3 version 0.386.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.386.0)
          
cf-cli 1.60.0
1.60.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.7 | [8.7.8](https://github.com/cloudfoundry/cli/releases/tag/v8.7.8)
  v7 | 7.7.7 | [7.7.8](https://github.com/cloudfoundry/cli/releases/tag/v7.7.8)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
count-cores-indicator 2.0.0
diego 2.95.0
v2.95.0
  ## Changes
  - bbs: ([Issue](https://github.com/cloudfoundry/diego-release/issues/883)) Now uses `DesiredLRPSchedulingInfo` instead of the entire `DesiredLRP` when only the scheduling info is needed, resulting in a 95% decrease in time spent for relevant calls.  Thanks @klapkov!
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.94.0...v2.95.0
  ## Resources
  - [Download release 2.95.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.95.0).
          
garden-runc 1.50.0
v1.50.0
  ## Changes
  - Adds `grootfs.routine_gc` property, which allows operators to configure garden to grootfs to clean up unused container image layers whenever new containers are created.
  - Previously, to achieve this, operators had to set `grootfs.reserved_space_for_other_jobs_in_mb` to the same value as the ephemeral disk, which is not always easy to obtain programatically.
  - Bump go dependencies
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index c84b5c43..027df351 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -292,6 +292,10 @@ properties:
  grootfs.tls.ca_cert:
  description: "PEM-encoded tls client CA certificate for asset upload/download"
  +  grootfs.routine_gc:
  +    description: "Set to true if you want grootfs to perform garbage collection on unused container image layers whenever a new container is created."
  +    default: false
  +
  grootfs.reserved_space_for_other_jobs_in_mb:
  description: "Amount of space that will be kept free for other jobs. The GrootFS store will be able to grow up to a maximum size of its disk minus this reserved space. Where the reserved space does not allow sufficient size for GrootFS to store container images and root filesystems (currently 15GB), the limit will be a soft limit, and garbage collection will attempt to keep disk space available for other jobs. -1 disables GC and allows GrootFS to potentially use the whole disk."
  default: 15360
  ```
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.49.0...v1.50.0
  ## Resources
  - [Download release 1.50.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.50.0).
          
haproxy 11.17.4
loggregator-agent 6.5.18
v6.5.18
  ## What's Changed
  * Bump dependencies
  * Bump to [go1.21.8](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg/m/46oA5yPABQAJ)
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.17...v6.5.18
          
mapfs 1.2.62
v1.2.62
  ## Dependencies
  * **mapfs:** Updated to v`599ec1c`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.61
  Maintenance release
          
v1.2.59
  ## Dependencies
  * **mapfs:** Updated to v`535cb52`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.23
v3.2.23
  ## What's Changed
  - Bump dependencies
  - Bump to [go1.21.8](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg/m/46oA5yPABQAJ)
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.22...v3.2.23
          
nfs-volume 7.1.57
v7.1.57
  ## Changes
  * Bump sqlite from 3.45.1 to 3.45.2 (#829)
  ## Dependencies
  * **nfsbroker:** Updated to v`422ac7a`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`b4451c3`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.56
  ## Changes
  * Golang: Updated to v1.22.1 (#815)
  * Bump tcl from nfs-debs/tcl8.6.13-src.tar.gz to 8.6.14 (#809)
  ## Dependencies
  * **nfsbroker:** Updated to v`99e18a3`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`0768dc3`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.55
  ## Dependencies
  * **nfsbroker:** Updated to v`1c94cbf`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`bf42615`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.54
  ## Dependencies
  * **nfsbroker:** Updated to v`f3d20d4`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`380678d`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.293.0
v0.293.0
  ## Changes
  * [Add toggle to allow empty Content-Length headers](https://github.com/cloudfoundry/routing-release/commit/7f8762673e3b7dd564dc368855d053bd3703f895)
  * [fix: Enable syslog forwarding for gorouter](https://github.com/cloudfoundry/routing-release/commit/550c9b2271154c620b43f65037d6558a0437ae9f)
  * [fix: Don't retry more often than endpoints available](https://github.com/cloudfoundry/routing-release/commit/112f971405f85990f79509812afacec67771a5a2)
  * [Add an option to enable concurrent reads and responses in HTTP/1](https://github.com/cloudfoundry/routing-release/commit/be5ea2fb059574f213b8d0739b0ce0f78be68bdb)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index e7c33d66..712a761f 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -161,6 +161,9 @@ properties:
  router.enable_http2:
  description: Enables support for HTTP/2 ingress traffic to the Gorouter. Also enables the option to use the HTTP/2 protocol for traffic to specified backends.
  default: true
  +  router.enable_http1_concurrent_read_write:
  +    description: Enables concurrent request reads and response writes for HTTP/1 requests
  +    default: false
  router.min_tls_version:
  description: Minimum accepted version of TLS protocol. All versions above this, up to the max_tls_version, will also be accepted. Valid values are TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.
  default: TLSv1.2
  @@ -194,8 +197,9 @@ properties:
  router.backends.max_attempts:
  description: |
  Maximum number of attempts on failing requests against backend routes.
  +      The number of attempts per request is limited by the number of endpoints on the route, regardless of this setting.
  This includes CF apps and route-registrar endpoints.
  -      A value of 0 implies indefinite retries, i.e. retry until success or endpoint list is exhausted.
  +      The minimum value for this setting is 1. This prevents gorouter from getting blocked by indefinite retries.
  default: 3
  router.backends.ca:
  description: Certificate authority that was used to sign certificates for TLS-registered backends. In PEM format.
  @@ -274,6 +278,15 @@ properties:
  router.enable_log_attempts_details:
  description: "Log additional fields in the access log that provide more details on the specific timings and attempts performed towards endpoints."
  default: false
  +  router.logging.syslog_tag:
  +    description: "Tag to use when writing syslog messages"
  +    default: "vcap.gorouter"
  +  router.logging.syslog_addr:
  +    description: "Address of a syslog server to send access logs"
  +    default: "localhost:514"
  +  router.logging.syslog_network:
  +    description: "Network protocol to use when connecting to the syslog server. Valid values are 'tcp', 'udp', 
      
       . When choosing an empty string value, the local syslog daemon is used."
  +    default: "udp"
  router.logging.format.timestamp:
  description: |
  Format for timestamp in component logs. Valid values are 'rfc3339', 'deprecated', and 'unix-epoch'."
  @@ -492,6 +505,9 @@ properties:
  router.write_access_logs_locally:
  description: "Enables writing access log to local disk."
  default: true
  +  router.enable_access_log_streaming:
  +    description: "Enables streaming access log to syslog server."
  +    default: false
  router.suspend_pruning_if_nats_unavailable:
  description: |
  Suspend pruning of routes when NATs is unavailable and maintain the
  @@ -583,6 +599,14 @@ properties:
  street_address: []
  postal_code: []
  default: []
  +
  healthchecker.failure_counter_file:
  description: "File used by the healthchecker to monitor consecutive failures."
  default: /var/vcap/data/gorouter/counters/consecutive_healthchecker_failures.count
  +
  +  go.httplaxcontentlength:
  +    description: |
  +        Environment Flag to temporarily allow requests containing an invalid, empty `Content-Length` header for backwards compatibility.
  +        This toggle allows operators to add the `GODEBUG` field `httplaxcontentlength=1`, as allowable per the [go 1.22 release documentation](https://tip.golang.org/doc/go1.22#minor_library_changes).
  +        Defaults to `false` as the default behavior in go 1.22+ is to reject these requests.
  +    default: false
  ```
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.292.0...v0.293.0
  ## Resources
  - [Download release 0.293.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.293.0).
          
      
silk 3.44.0
v3.44.0
  ## Changes
  - [Add property for check-timeout](https://github.com/cloudfoundry/silk-release/commit/1e44df842be2ff6832df5c2a6a5d23fd4db07987)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/silk-daemon/spec b/jobs/silk-daemon/spec
  index 70be43f2..7a1525b3 100644
  --- a/jobs/silk-daemon/spec
  +++ b/jobs/silk-daemon/spec
  @@ -36,6 +36,10 @@ properties:
  description: "Host port used for receiving VXLAN packets"
  default: 4789
  +  container_metadata_file_check_timeout:
  +    description: "Timeout in seconds for checking the container metadata file during drain"
  +    default: 600
  +
  partition_tolerance_hours:
  description: "When silk controller is unavailable, silk daemon will remain healthy and allow creation of new containers for this number of hours.  Should be no larger than cf_networking.subnet_lease_expiration_hours."
  default: 168
  ```
  ## ✨  Built with go 1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.43.0...v3.44.0
  ## Resources
  - [Download release 3.44.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.44.0).
          
smb-volume 3.1.60
v3.1.60
  ## Dependencies
  * **smbbroker:** Updated to v`7d3a9db`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker).
v3.1.59
  ## Changes
  * fix regression for DFS exposed SMB Shares (#366)
  ## Dependencies
  * **smbbroker:** Updated to v`281c0d3`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`803264c`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.58
  ## Changes
  * +Golang: Updated to v1.22.1 (#360)
  ## Dependencies
  * **ginkgo/v2:** Updated to v2.16.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **smbbroker:** Updated to v`d3987c2`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`151a764`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.57
  ## Dependencies
  * **smbbroker:** Updated to v`e379cb9`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`1dd5594`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.56
  ## Dependencies
  * **smbbroker:** Updated to v`1385bd7`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`1c35d30`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.5
syslog 11.8.17
v11.8.17
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.21.8
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.16...v11.8.17
          

2.13.33

Release Date: 03/04/2024

  • [Security Fix] Bump docker to address GHSA-jq35-85cj-fj4p
  • [Feature Improvement] Garden now emits an UnkillableContainers metric to help identify cells that will be unable to redeploy successfully without operator intervention
  • [Feature Improvement] Adds opt-in support for NTLM + other challenge-response based authentication using Authorization: Negotiate flows by automatically enabling sticky sessions for those requests.
  • [Feature Improvement] Adds support for Partitioned cookies to allow for sticky sessions in embedded contexts.
  • Bump bpm to version 1.2.16
  • Bump cf-networking to version 3.42.0
  • Bump cflinuxfs3 to version 0.385.0
  • Bump diego to version 2.94.0
  • Bump garden-runc to version 1.49.0
  • Bump mapfs to version 1.2.58
  • Bump nfs-volume to version 7.1.53
  • Bump routing to version 0.292.0
  • Bump silk to version 3.43.0
  • Bump smb-volume to version 3.1.55
Component Version Release Notes
ubuntu-xenial stemcell 621.872
bpm 1.2.16
cf-networking 3.42.0
v3.42.0
  ## Changes
  - Bump healthchecker package
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.41.0...v3.42.0
  ## Resources
  - [Download release 3.42.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.42.0).
          
cflinuxfs3 0.385.0
v0.385.0
  This release ships with cflinuxfs3 version 0.385.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.385.0)
          
cf-cli 1.59.0
count-cores-indicator 2.0.0
diego 2.94.0
v2.94.0
  ## Changes
  - Fix bosh job spec description for `container_max_cpu_shares`
  - dockerapplifecycle: Add OCI image spec index type to Accept header
  - vizzini: Remove CPUWeight test
  - bbs: Remove cpu_weight limits
  - guardian: Add tests for unkillable containers
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/rep/spec b/jobs/rep/spec
  index 24ce303d4..405f90f46 100644
  --- a/jobs/rep/spec
  +++ b/jobs/rep/spec
  @@ -120,7 +120,7 @@ properties:
  description: "the max concurrent download steps that can be active"
  default: 5
  diego.executor.container_max_cpu_shares:
  -    description: "the maximum number of cpu shares for a container."
  +    description: "number of CPU shares per 100 CPU weight"
  default: 1024
  diego.executor.container_inode_limit:
  description: "the inode limit enforced on each garden container."
  diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
  index bd5e1db9f..0521d1061 100644
  --- a/jobs/rep_windows/spec
  +++ b/jobs/rep_windows/spec
  @@ -116,7 +116,7 @@ properties:
  description: "the max concurrent download steps that can be active"
  default: 5
  diego.executor.container_max_cpu_shares:
  -    description: "the maximum number of cpu shares for a container."
  +    description: "number of CPU shares per 100 CPU weight"
  default: 10000
  diego.executor.container_inode_limit:
  description: "the inode limit enforced on each garden container."
  ```
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.93.0...v2.94.0
  ## Resources
  - [Download release 2.94.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.94.0).
          
v2.93.0
  ## Changes
  -  Add CPU Entitlement gauge metric & Deprecate CPU Entitlement counter metric #897
  -  Bump docker to 20.10.27 to address GHSA-jq35-85cj-fj4p #906
  - [golang-1.21-linux (1.21.7)](https://github.com/cloudfoundry/diego-release/commit/36f42cd578ecc742e9d9ad63af599ded1d939f81)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/rep/spec b/jobs/rep/spec
  index 8fb49517a..24ce303d4 100644
  --- a/jobs/rep/spec
  +++ b/jobs/rep/spec
  @@ -79,6 +79,10 @@ properties:
  description: "Cert used to communicate with local metron agent over gRPC"
  loggregator.key:
  description: "Key used to communicate with local metron agent over gRPC"
  +  loggregator.app_metric_exclusion_filter:
  +    description: "Array of application metrics to not emit"
  +    default:
  +    - cpu_entitlement
  diego.rep.listen_addr_admin:
  description: "serve (insecure) ping and evacuate requests on this address and port"
  diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
  index 023d76f18..bd5e1db9f 100644
  --- a/jobs/rep_windows/spec
  +++ b/jobs/rep_windows/spec
  @@ -75,6 +75,10 @@ properties:
  description: "Cert used to communicate with local metron agent over gRPC"
  loggregator.key:
  description: "Key used to communicate with local metron agent over gRPC"
  +  loggregator.app_metric_exclusion_filter:
  +    description: "Array of application metrics to not emit"
  +    default:
  +    - cpu_entitlement
  diego.rep.advertise_domain:
  description: "base domain at which the rep should advertise its secure API"
  ```
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.92.0...v2.93.0
  ## Resources
  - [Download release 2.93.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.93.0).
          
garden-runc 1.49.0
v1.49.0
  ## Changes
  - ✨guardian is a little more helpful when logging messages about containers that could not be killed, even after sending multiple SIGKILLs. In situations such as this, the only recourse is to reboot the VM, if the container processes are stuck in an unkillable state in the kernel. In addition to making this error stand out more, we've added a new metric for `UnkillableContainers` that guardian emits. When nonzero, there is a container that cannot be killed. See the [CloudFoundrydocs for Component metrics](https://docs.cloudfoundry.org/running/all_metrics.html#garden-linux) for more info.
  - Golang package dependency bumps
  - Bumped to Golang 1.21.7
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.48.0...v1.49.0
  ## Resources
  - [Download release 1.49.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.49.0).
          
haproxy 11.17.4
loggregator-agent 6.5.17
mapfs 1.2.58
v1.2.58
  ## Dependencies
  * **mapfs:** Updated to v`31dcbd6`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.57
  ## Changes
  * Golang: Updated to v1.22.0. (#219)
  ## Dependencies
  * **mapfs:** Updated to v`4f9c679`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.56
  ## Changes
  * Golang: Updated to v1.21.7 (#215)
          
v1.2.55
  ## Changes
  * Add final release 1.2.54 [ci skip]
  * fix bug introduced in 964e4a7 (#214)
          
v1.2.53
  ## Changes
  * Golang: Updated to v1.21.6. (#202)
  ## Dependencies
  * **v2:** Updated to v2.15.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.31.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`c46a740`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.22
nfs-volume 7.1.53
v7.1.53
  ## Changes
  * Golang: Updated to v1.22.0 (#780)
  ## Dependencies
  * **nfsbroker:** Updated to v`539f3a9`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`57c687c`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.52
  ## Changes
  * +Golang: Updated to v1.21.7 (#778)
          
v7.1.48
  ## Changes
  * +Golang: Updated to v1.21.7 (#777)
  * Add final release 7.1.47 [ci skip]
  ## Dependencies
  * **rspec:** Updated to v3.13.0.
For more information, see [rspec](https://github.com/rspec/rspec-metagem). * **nfsv3driver:** Updated to v`c4f5c80`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.292.0
v0.292.0
  ## Changes
  - Dependency updates
  - ✨ Adds support for `Partitioned` cookies to gorouter to allow for sticky sessions in embedded contexts. [More information on 3rd-party cookie deprecation.](https://developers.google.com/privacy-sandbox/3pcd)
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.291.0...v0.292.0
  ## Resources
  - [Download release 0.292.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.292.0).
          
v0.291.0
  ## Changes
  - Bugfix: Mitigates issue when operators set `router.route_service_internal_server_port`. Previously, this configuration parameter was not passed through to the Gorouter configuration.
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.290.0...v0.291.0
  ## Resources
  - [Download release 0.291.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.291.0).
          
v0.290.0
  ## Changes
  - ✨Adds opt-in support for NTLM + other challenge-response based authentication using `Authorization: Negotiate` flows by automatically enabling sticky sessions for those requests.
  - Golang bump to 1.21.7
  - Go package dependency bumps
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index c291be45..e7c33d66 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -123,6 +123,9 @@ properties:
  router.sticky_session_cookie_names:
  description: "The names of the cookies to use for handling sticky sessions"
  default: [ "JSESSIONID" ]
  +  router.sticky_sessions_for_auth_negotiate:
  +    description: "Controls whether or not gorouter will apply sticky sessions to request/response flows using 'Authorization: Negotiate'"
  +    default: false
  router.drain_wait:
  description: |
  Delay in seconds after shut down is initiated before server stops listening.
  ```
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.289.0...v0.290.0
  ## Resources
  - [Download release 0.290.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.290.0).
          
silk 3.43.0
v3.43.0
  ## Changes
  - Go package dependency bumps
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.42.0...v3.43.0
  ## Resources
  - [Download release 3.43.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.43.0).
          
v3.42.0
  ## Changes
  - Bump healthchecker package
  ## ✨  Built with go 1.21.7
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.41.0...v3.42.0
  ## Resources
  - [Download release 3.42.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.42.0).
          
v3.41.0
  ## Changes
  - Go package dependency bumps
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.40.0...v3.41.0
  ## Resources
  - [Download release 3.41.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.41.0).
          
smb-volume 3.1.55
v3.1.55
  ## Dependencies
  * **smbbroker:** Updated to v`635d659`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a3f69fd`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.54
  ## Changes
  * +Golang: Updated to v1.22.0 (#343)
  ## Dependencies
  * **rspec:** Updated to v3.13.0.
For more information, see [rspec](https://github.com/rspec/rspec-metagem). * **smbbroker:** Updated to v`50360ca`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`45257a1`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.53
  ## Changes
  * Bump talloc from 2.4.1 to 2.4.2 (#338)
  ## Dependencies
  * **smbbroker:** Updated to v`21d0744`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker).
smoke-tests 4.8.5
syslog 11.8.16

2.13.32

Release Date: 02/05/2024

  • [Rollback] mapfs rolled back to v1.2.52 for upgrade bug
  • Bump cf-networking to version 3.41.0
  • Bump garden-runc to version 1.48.0
  • Bump metrics-discovery to version 3.2.22
  • Bump nfs-volume to version 7.1.47
  • Bump routing to version 0.289.0
  • Bump smb-volume to version 3.1.52
  • Bump syslog to version 11.8.16
Component Version Release Notes
ubuntu-xenial stemcell 621.813
bpm 1.2.13
cf-networking 3.41.0
v3.41.0
  ## Changes
  - Add GOVERSION env var to example apps
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.40.0...v3.41.0
  ## Resources
  - [Download release 3.41.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.41.0).
          
cflinuxfs3 0.384.0
cf-cli 1.59.0
count-cores-indicator 2.0.0
diego 2.92.0
garden-runc 1.48.0
v1.48.0
  ## Changes
  - 🔒[runc](https://github.com/opencontainers/runc) + [container](https://github.com/containerd/containerd) have been bumped to address [CVE-2024-21626](https://github.com/advisories/GHSA-xr7r-f8xq-vfvv)
  - ✈️Many updates to get garden-runc-release's CI configuration working in the [wg-app-platform-runtime-ci](https://github.com/cloudfoundry/wg-app-platform-runtime-ci) repo Thank you @winkingturtle-vmw @ebroberson @MarcPaquette !!!
  - Docs updates - Thank you @MarcPaquette !!!
  - Many golang package dependency bumps
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.47.0...v1.48.0
  ## Resources
  - [Download release 1.48.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.48.0).
          
haproxy 11.17.4
loggregator-agent 6.5.17
mapfs 1.2.52
metrics-discovery 3.2.22
v3.2.22
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.21...v3.2.22
          
nfs-volume 7.1.47
v7.1.47
  ## Dependencies
  * **nfsbroker:** Updated to v`364dcca`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker).
routing 0.289.0
v0.289.0
  ## ❗**BREAKING CHANGES** ❗
  -  A new reserved port 7070 had been added - Thanks @domdom82!
  - Before deploying, please double-check your [reserved ports settings](https://github.com/cloudfoundry/routing-release/blob/develop/jobs/gorouter/templates/pre-start.erb) for any clashes with port 7070, especially the `router.prometheus.port` property.
  ## Changes
  - (Feature) [Add route_services_internal_server_port property](https://github.com/cloudfoundry/routing-release/pull/382)
  - (Bug) [Add cipher-suites for TLS 1.3](https://github.com/cloudfoundry/gorouter/pull/390) and [auto-generate the list from now on](https://github.com/cloudfoundry/gorouter/pull/391)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 30f535b8..c291be45 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -207,7 +207,7 @@ properties:
  description:
  An ordered, colon-delimited list of golang supported TLS cipher suites in OpenSSL or RFC format.
  The selected cipher suite will be negotiated according to the order of this list during a TLS handshake.
  -      See https://github.com/golang/go/blob/release-branch.go1.9/src/crypto/tls/cipher_suites.go#L369-L390 for golang supported cipher suites.
  +      See https://github.com/golang/go/blob/release-branch.go1.21/src/crypto/tls/cipher_suites.go#L663-L690 for golang supported cipher suites.
  The first four of these are supported for TLSv1.0/1.1 only.
  See https://www.openssl.org/docs/man1.1.0/apps/ciphers.html for a mapping of OpenSSL and RFC suite names.
  default: "ECDHE-RSA-AES128-GCM-SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  @@ -243,6 +243,9 @@ properties:
  router.route_services_internal_lookup_allowlist:
  description: "a list of host names for route services that should be resolved internally. Each entry can be a fully qualified domain name or DNS wildcard (i.e. wildcard on 1 segment of a subdomain). If the list is empty, it is not in effect and internal lookup will be attempted for all host names, which can lead to CVE-2019-3789. Please turn on internal lookup only with an allowlist."
  default: []
  +  router.route_services_internal_server_port:
  +    description: "Gorouter will use this port for internal route services."
  +    default: 7070
  router.route_services_secret_decrypt_only:
  description: "To rotate keys, add your new key here and deploy. Then swap this key with the value of route_services_secret and deploy again."
  default: ""
  ```
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.288.0...v0.289.0
  ## Resources
  - [Download release 0.289.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.289.0).
          
silk 3.40.0
smb-volume 3.1.52
v3.1.52
  ## Dependencies
  * **gomega:** Updated to v1.31.1.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`832a8cf`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`12dc1ba`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.5
syslog 11.8.16
v11.8.16
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.15...v11.8.16
          

2.13.31

Release Date: 01/31/2024

  • [Known Issue] We recommend upgrading from this version alongside a stemcell upgrade due to an issue in our mapfs release, causing possible failures in pre-start during an Apply Changes.
  • [Feature] Adds Diego support for Docker workloads using OCI images
  • Bump cflinuxfs3 to version 0.384.0
  • Bump diego to version 2.92.0
  • Bump loggregator-agent to version 6.5.17
  • Bump mapfs to version 1.2.53
  • Bump nfs-volume to version 7.1.46
  • Bump routing to version 0.288.0
  • Bump smb-volume to version 3.1.51
Component Version Release Notes
ubuntu-xenial stemcell 621.809
bpm 1.2.13
cf-networking 3.40.0
cflinuxfs3 0.384.0
v0.384.0
  This release ships with cflinuxfs3 version 0.384.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.384.0)
          
cf-cli 1.59.0
count-cores-indicator 2.0.0
diego 2.92.0
v2.92.0
  ## Changes
  - Buildpack path cache hash has 16 bytes
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.91.0...v2.92.0
  ## Resources
  - [Download release 2.92.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.92.0).
          
v2.91.0
  ## Changes
  ✨  The `dockerapplifecycle` now supports workloads using the OCI image format. Thanks @jrussett and @ebroberson!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
  index a3bbc5fb2..7eb920159 100644
  --- a/jobs/vizzini/spec
  +++ b/jobs/vizzini/spec
  @@ -85,3 +85,7 @@ properties:
  grace_busybox_image_url:
  description: "grace test asset busybox container image"
  default: "docker:///cloudfoundry/grace"
  +
  +  diego_docker_oci_image_url:
  +    description: "diego docker app in OCI image format"
  +    default: "docker:///cloudfoundry/diego-docker-app:oci"
  ```
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.90.0...v2.91.0
  ## Resources
  - [Download release 2.91.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.91.0).
          
v2.90.0
  ## Changes
  - Set Content-Digest header when uploading droplets to support environment that don't have md5 available
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.89.0...v2.90.0
  ## Resources
  - [Download release 2.90.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.90.0).
          
v2.89.0
  ## Changes
  - Fix BBS Port issues(https://github.com/cloudfoundry/diego-release/pull/878 & https://github.com/cloudfoundry/diego-release/pull/879)
  - Make `max_containers` configurable (https://github.com/cloudfoundry/diego-release/pull/876)
  - Add xxhash as a dependency (https://github.com/cloudfoundry/diego-release/pull/885)
  - Use major/minor versions of Go, instead of specific versions (https://github.com/cloudfoundry/diego-release/pull/891)
  - Make jitter interval configurable. Add new config parameter: JitterFactor  (https://github.com/cloudfoundry/route-emitter/pull/31)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/rep/spec b/jobs/rep/spec
  index 1383b67c0..8fb49517a 100644
  --- a/jobs/rep/spec
  +++ b/jobs/rep/spec
  @@ -224,6 +224,10 @@ properties:
  description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
  default: 22
  +  diego.rep.max_containers:
  +    description: "Maximum container capacity per rep"
  +    default: 250
  +
  enable_declarative_healthcheck:
  description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
  default: false
  diff --git a/jobs/route_emitter/spec b/jobs/route_emitter/spec
  index faac3b0c5..11dae3aec 100644
  --- a/jobs/route_emitter/spec
  +++ b/jobs/route_emitter/spec
  @@ -93,6 +93,10 @@ properties:
  diego.route_emitter.bbs.max_idle_conns_per_host:
  description: "maximum number of idle http connections"
  +  diego.route_emitter.jitter_factor:
  +    description: "The jitter factor is the percentage of register interval used in determining the jitter interval (the time for which the emitter sleeps)"
  +    default: 0.2
  +
  diego.route_emitter.job_name:
  description: "The name of the Diego job referenced by this spec (DO NOT override)"
  default: "route_emitter"
  diff --git a/jobs/route_emitter_windows/spec b/jobs/route_emitter_windows/spec
  index 404c9f518..cec39c995 100644
  --- a/jobs/route_emitter_windows/spec
  +++ b/jobs/route_emitter_windows/spec
  @@ -83,6 +83,10 @@ properties:
  diego.route_emitter.bbs.max_idle_conns_per_host:
  description: "maximum number of idle http connections"
  +  diego.route_emitter.jitter_factor:
  +    description: "The jitter factor is the percentage of register interval used in determining the jitter interval (the time for which the emitter sleeps)"
  +    default: 0.2
  +
  diego.route_emitter.job_name:
  description: "The name of the Diego job referenced by this spec (DO NOT override)"
  default: "route_emitter_windows"
  ```
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.88.0...v2.89.0
  ## Resources
  - [Download release 2.89.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.89.0).
          
garden-runc 1.47.0
haproxy 11.17.4
loggregator-agent 6.5.17
v6.5.17
  ## What's Changed
  ### Fixes
  * Bump dependencies
  * Bump packaged Go version to go1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.16...v6.5.17
          
mapfs 1.2.53
v1.2.53
  ## Changes
  * Golang: Updated to v1.21.6. (#202)
  ## Dependencies
  * **v2:** Updated to v2.15.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.31.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`c46a740`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.21
nfs-volume 7.1.46
v7.1.46
  ## Dependencies
  * **gomega:** Updated to v1.31.1.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`6a5502a`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`68cd846`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.45
  ## Changes
  * +Golang: Updated to v1.21.6 (#732)
  * Bump Tcl to v8.6.13 (#707)
  * Bump openssl- from 3.1.4 to 3.2.0 (#694)
  * Bump sqlite from 3.44.0 to 3.44.2 (#702)
  * Bump sqlite from 3.44.2 to 3.45.0 (#742)
  * Bump util-linux from 2.39 to 2.39.3 (#736)
  ## Dependencies
  * **nfsbroker:** Updated to v`b71f08d`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`12df0a5`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.288.0
v0.288.0
  ## Changes
  - ✨ **[Feature]** Operators can now configure to prefer AZ-local backends before proxying to backends in other availability zones (https://github.com/cloudfoundry/routing-release/issues/356)
  - Protect against data race when ReverseProxy modifies response headers
  - Fix ability to start gorouter with the default config (cloudfoundry/gorouter#387)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 8fc23a78..30f535b8 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -101,6 +101,16 @@ properties:
  router.balancing_algorithm:
  description: "Algorithm used to distribute requests for a route across backends. Supported values are round-robin and least-connection"
  default: round-robin
  +  router.balancing_algorithm_az_preference:
  +    description: |
  +      Configuration option used in conjunction with the `router.balancing_algorithm` to decide from which
  +      availability zone to pick a suitable backend. Defaults to "None".
  +      "none" - There is no preference regarding availability zones. The router uses the
  +        `router.balancing_algorithm` across all possible backends in all existing AZs.
  +      "locally-optimistic" - On the initial attempt to pick a backend, the router will use
  +        `router.balancing_algorithm` across all backends in the same AZ as the router itself. Subsequent
  +        retries, in the case of failure or unavailability, will use _all_ available AZs.
  +    default: "none"
  router.number_of_cpus:
  description: "Number of CPUs to utilize, the default (-1) will equal the number of available CPUs"
  default: -1
  ```
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.287.0...v0.288.0
  ## Resources
  - [Download release 0.288.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.288.0).
          
v0.287.0
  ## Changes
  - Route-Registrar now supports specifying a nats server CA via the `nats.tls.ca_cert` property if it is not present via a BOSH link. (https://github.com/cloudfoundry/routing-release/pull/379) Thanks @benjaminguttmann-avtq!!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
  index be708025..c51dbb9f 100644
  --- a/jobs/route_registrar/spec
  +++ b/jobs/route_registrar/spec
  @@ -53,6 +53,8 @@ properties:
  description: "PEM-encoded certificate for the route-registrar to present to NATS for verification when connecting via TLS."
  nats.tls.client_key:
  description: "PEM-encoded private key for the route-registrar to present to NATS for verification when connecting via TLS."
  +  nats.tls.ca_cert:
  +    description: "The certificate authority certificate used for the route registrar"
  nats.fail_if_using_nats_without_tls:
  description: |
  Connecting to nats (instead of nats-tls) is deprecated. The nats
  ```
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.286.0...v0.287.0
  ## Resources
  - [Download release 0.287.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.287.0).
          
silk 3.40.0
smb-volume 3.1.51
v3.1.51
  ## Dependencies
  * **v2:** Updated to v2.15.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.31.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`633ba64`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`34861d5`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.5
syslog 11.8.15

2.13.30

Release Date: 01/25/2024

  • Bump bpm to version 1.2.13
  • Bump cf-networking to version 3.40.0
  • Bump cflinuxfs3 to version 0.383.0
  • Bump cf-cli to version 1.59.0
  • Bump diego to version 2.88.0
  • Bump garden-runc to version 1.47.0
  • Bump routing to version 0.286.0
  • Bump silk to version 3.40.0
  • Bump smb-volume to version 3.1.50
  • Bump smoke-tests to version 4.8.5
Component Version Release Notes
ubuntu-xenial stemcell 621.793
bpm 1.2.13
cf-networking 3.40.0
v3.40.0
  ## Changes
  - nothing significant
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.39.0...v3.40.0
  ## Resources
  - [Download release 3.40.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.40.0).
          
v3.39.0
  ## Changes
  - Bump to go 1.21.5
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.38.0...v3.39.0
  ## Resources
  - [Download release 3.39.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.39.0).
          
cflinuxfs3 0.383.0
v0.383.0
  This release ships with cflinuxfs3 version 0.383.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.383.0)
          
v0.382.0
  This release ships with cflinuxfs3 version 0.382.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.382.0)
          
v0.381.0
  This release ships with cflinuxfs3 version 0.381.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.381.0)
          
cf-cli 1.59.0
v1.59.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.6 | [8.7.7](https://github.com/cloudfoundry/cli/releases/tag/v8.7.7)
  v7 | 7.7.6 | [7.7.7](https://github.com/cloudfoundry/cli/releases/tag/v7.7.7)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
v1.56.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.5 | [8.7.6](https://github.com/cloudfoundry/cli/releases/tag/v8.7.6)
  v7 | 7.7.5 | [7.7.6](https://github.com/cloudfoundry/cli/releases/tag/v7.7.6)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
count-cores-indicator 2.0.0
diego 2.88.0
v2.88.0
  ## Changes
  -Bumps golang.org/x/crypto/ssh to v0.17.0 to address CVE-2023-48795.
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.87.0...v2.88.0
  ## Resources
  - [Download release 2.88.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.88.0).
          
v2.87.0
  ## Changes
  Reverted max_containers changes https://github.com/cloudfoundry/diego-release/pull/873
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/rep/spec b/jobs/rep/spec
  index 5c0ec9576..1383b67c0 100644
  --- a/jobs/rep/spec
  +++ b/jobs/rep/spec
  @@ -30,11 +30,6 @@ packages:
  - proxy
  - certsplitter
  -consumes:
  -- name: max_containers
  -  type: max_containers
  -  optional: true
  -
  properties:
  bpm.enabled:
  description: "use the BOSH Process Manager to manage the cell rep process."
  ```
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.86.0...v2.87.0
  ## Resources
  - [Download release 2.87.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.87.0).
          
v2.86.0
  ## Changes
  - BBS [Run migration and save migration version in single transaction](https://github.com/cloudfoundry/bbs/pull/76)
  - Rep [Make max_containers configurable](https://github.com/cloudfoundry/diego-release/pull/868)
  - Executor [Ignore EntryNotFound and AlreadyClosed errors when cleaning up cache](https://github.com/cloudfoundry/executor/pull/89)
  - Route-emitter [Add AZ to registry message](https://github.com/cloudfoundry/route-emitter/pull/29)
  - Rep [Send AZ in StartActualLRP/EvacuateRunningActualLRP requests to BBS](https://github.com/cloudfoundry/rep/pull/48)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/rep/spec b/jobs/rep/spec
  index 1383b67c0..5c0ec9576 100644
  --- a/jobs/rep/spec
  +++ b/jobs/rep/spec
  @@ -30,6 +30,11 @@ packages:
  - proxy
  - certsplitter
  +consumes:
  +- name: max_containers
  +  type: max_containers
  +  optional: true
  +
  properties:
  bpm.enabled:
  description: "use the BOSH Process Manager to manage the cell rep process."
  ```
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.85.0...v2.86.0
  ## Resources
  - [Download release 2.86.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.86.0).
          
garden-runc 1.47.0
v1.47.0
  ## Changes
  - [Revert "Add max_containers bosh link](https://github.com/cloudfoundry/garden-runc-release/pull/327)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index abf22f8a..c84b5c43 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -45,11 +45,6 @@ provides:
  type: iptables
  properties:
  - garden.iptables_bin_dir
  -
  -- name: max_containers
  -  type: max_containers
  -  properties:
  -  - garden.max_containers
  properties:
  garden.listen_network:
  ```
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.46.0...v1.47.0
  ## Resources
  - [Download release 1.47.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.47.0).
          
v1.46.0
  ## Changes
  - https://github.com/cloudfoundry/garden-runc-release/pull/314 - Add `max_containers` property. It is provided in a link so it is used in rep as well. Now you can increase containers past 250! Thanks @klapkov!
  - https://github.com/cloudfoundry/garden-runc-release/pull/323 - Lots of refactoring by @winkingturtle-vmw, including the ability to run the test suite in parallel! Thank you!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index c84b5c43..abf22f8a 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -45,6 +45,11 @@ provides:
  type: iptables
  properties:
  - garden.iptables_bin_dir
  +
  +- name: max_containers
  +  type: max_containers
  +  properties:
  +  - garden.max_containers
  properties:
  garden.listen_network:
  diff --git a/jobs/gats/spec b/jobs/gats/spec
  index 4f59d675..916a35eb 100644
  --- a/jobs/gats/spec
  +++ b/jobs/gats/spec
  @@ -19,6 +19,9 @@ properties:
  garden_port:
  description: Port Garden is listening on
  default: 7777
  +  garden_test_rootfs:
  +    description: Test rootfs to use
  +    default: 'docker:///cloudfoundry/garden-rootfs'
  containerd_for_processes:
  description: Run GATS with CONTAINERD_FOR_PROCESSES_ENABLED
  default: false
  @@ -28,6 +31,9 @@ properties:
  cpu_throttling:
  description: Run GATS with CPU_THROTTLING_ENABLED
  default: false
  +  limits_test_uri:
  +    description: Limists Test rootfs to use
  +    default: 'docker:///busybox'
  windows_rootfs:
  description: URL to pull the windows rootfs from
  default: ""
  ```
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.45.0...v1.46.0
  ## Resources
  - [Download release 1.46.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.46.0).
          
haproxy 11.17.4
loggregator-agent 6.5.16
mapfs 1.2.52
metrics-discovery 3.2.21
nfs-volume 7.1.44
routing 0.286.0
v0.286.0
  ## ❗**BREAKING CHANGES** ❗
  -  The deprecated `/varz` and `/healthz` endpoints for gorouter on port 8080 have been removed - Thanks @ameowlia and @geofffranks!
  -  The `/routes` endpoint on gorouter's port 8080 has been moved to port 8082, and is available only on localhost - Thanks @ameowlia and @geofffranks!
  - TLS certificates for gorouter + tcp_router's health endpoints are now required to deploy. Fortunately this is provided automatically in cf-deployment - Thanks @ameowlia and @geofffranks!
  ## Changes
  - 🐛 Fix a nil panic in gorouter https://github.com/cloudfoundry/gorouter/pull/372 - Thanks @maxmoehl + @domdom82!
  - ✨ Adds availability zone info to endpoint data in gorouter https://github.com/cloudfoundry/gorouter/pull/381 - Thanks @ameowlia!
  - ✨ Speed up gorouter's route registry https://github.com/cloudfoundry/gorouter/pull/379 - Thanks @peanball and @domdom82 !
  - ✨ Also more performance improvements to gorouter's route registry https://github.com/cloudfoundry/gorouter/pull/378 - Thanks @peanball and @domdom82!
  - ✨ Adds an always-on TLS capable healthcheck endpoint for gorouter on port 8443 - Thanks @marc and @geofffranks!
  - ✨ Adds an always-on TLS capable healthcheck endpoint for tcp_router on port 443  - Thanks @ameowlia and @geofffranks!
  - ✨ Operators can now toggle off the non-tls healthcheck endpoint for gorouter via `router.status.enable_nontls_health_checks` - Thanks @ameowlia and @geofffranks!
  - ✨ Operators can now toggle off the non-tls healthcheck endpoint for tcp_router via `tcp_router.enable_nontls_health_checks` - Thanks @ameowlia  and @geofffranks!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 35576742..8fc23a78 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -57,11 +57,21 @@ properties:
  default: router-status
  router.status.password:
  description: "Password for HTTP basic auth to the /varz and /routes endpoints."
  +  router.status.enable_nontls_health_checks:
  +    description: "Toggles whether or not gorouter will listen on a non-tls endpoint for load balancer health checks."
  +    default: true
  +  router.status.enable_deprecated_varz_healthz_endpoints:
  +    description: |
  +      Toggles whether or not gorouter will respond to the deprecated /healthz,
  +      /varz, and /routes endpoints on its non-tls load balancer status port.
  +      Requires 'router.status.enable_nontls_health_checks' to be true.
  +    default: false
  router.status.routes.port:
  description: "Port used for the /routes endpoint (available on localhost-only)"
  default: 8082
  router.status.tls.port:
  description: "Port used for the TLS listener of the LB healthcheck endpoint"
  +    default: 8443
  router.status.tls.certificate:
  description: "TLS Certificate used for the TLS listener of the LB healthcheck endpoint"
  router.status.tls.key:
  diff --git a/jobs/tcp_router/spec b/jobs/tcp_router/spec
  index dd3b8a4e..44fbb41a 100644
  --- a/jobs/tcp_router/spec
  +++ b/jobs/tcp_router/spec
  @@ -10,6 +10,7 @@ templates:
  routing_api_client_certificate.crt.erb: config/certs/routing-api/client.crt
  routing_api_client_private.key.erb: config/keys/routing-api/client.key
  routing_api_ca_certificate.crt.erb: config/certs/routing-api/ca_cert.crt
  +  tcp_router_health_check_certificate.pem.erb: config/certs/health.pem
  haproxy.conf.erb: config/haproxy.conf
  haproxy.conf.template.erb: config/haproxy.conf.template
  bpm.yml.erb: config/bpm.yml
  @@ -66,9 +67,20 @@ properties:
  tcp_router.request_timeout_in_seconds:
  description: "Server and client timeouts in seconds"
  default: 300
  +
  +  tcp_router.enable_nontls_health_checks:
  +    description: "Toggles on/off whether or not to listen for load balancer health check requests on the non-tls `tcp_router.health_check_port` port"
  +    default: true
  tcp_router.health_check_port:
  description: "Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TCP connection on this port"
  default: 80
  +  tcp_router.tls_health_check_port:
  +    description: "Load balancer in front of TCP Routers should be configured to check the health of TCP Router instances by establishing a TLS connection on this port"
  +    default: 443
  +  tcp_router.tls_health_check_cert:
  +    description: "TLS certificate to use on the TCP Router's TLS health check port"
  +  tcp_router.tls_health_check_key:
  +    description: "TLS private key to use on the TCP Router's TLS health check port"
  tcp_router.fail_on_router_port_conflicts:
  description: "Fail the tcp router if routing_api.reserved_system_component_ports conflict with ports in existing router groups."
  ```
  ## ✨  Built with go 1.21.6
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.285.0...v0.286.0
  ## Resources
  - [Download release 0.286.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.286.0).
          
silk 3.40.0
v3.40.0
  ## Changes
  - Bug fix: silk-datastore-syncer: fix assignment to entry in nil map in Metadata field. https://github.com/cloudfoundry/silk-release/pull/105.  Thank you @gmllt!
  - Bug fix: Deduplicate Iptables Rules with Dynamic ASG's. https://github.com/cloudfoundry/silk-release/issues/102 https://github.com/cloudfoundry/silk-release/pull/101. Thanks @klapkov!
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.39.0...v3.40.0
  ## Resources
  - [Download release 3.40.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.40.0).
          
v3.39.0
  ## Changes
  - Bump to go 1.21.5
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.38.0...v3.39.0
  ## Resources
  - [Download release 3.39.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.39.0).
          
smb-volume 3.1.50
v3.1.50
  ## Dependencies
  * **smbbroker:** Updated to v`76db942`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`9cfc27f`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.49
  ## Changes
  * Golang: Updated to v1.21.6 (#320)
  * Bump autoconf from 2.71 to 2.72 (#319)
          
v3.1.48
  ## Dependencies
  * **smbbroker:** Updated to v`a270727`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker).
v3.1.47
  ## Dependencies
  * **smbbroker:** Updated to v`e8e4f6b`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`5a80eb0`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.46
  ## Dependencies
  * **smbbroker:** Updated to v`3110e8f`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a6bc3af`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.45
  ## Changes
  * +Golang: Updated to v1.21.5 (#306)
  ## Dependencies
  * **smbbroker:** Updated to v`6b485cb`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a11c976`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.5
4.8.5
  Create bosh final release 4.8.5
  ## What's Changed
  * Upgrade Golang by @tas-operability-bot in https://github.com/pivotal/smoke-tests/pull/126
  * Upgrade Golang by @tas-operability-bot in https://github.com/pivotal/smoke-tests/pull/127
  **Full Changelog**: https://github.com/pivotal/smoke-tests/compare/4.8.4...4.8.5
          
syslog 11.8.15

2.13.29

Release Date: 12/08/2023

  • Bump bpm to version 1.2.12
  • Bump cflinuxfs3 to version 0.380.0
  • Bump garden-runc to version 1.45.0
  • Bump loggregator-agent to version 6.5.16
  • Bump metrics-discovery to version 3.2.21
  • Bump routing to version 0.285.0
  • Bump smb-volume to version 3.1.44
  • Bump syslog to version 11.8.15
Component Version Release Notes
ubuntu-xenial stemcell 621.759
bpm 1.2.12
cf-networking 3.38.0
cflinuxfs3 0.380.0
v0.380.0
  This release ships with cflinuxfs3 version 0.380.0. For more information, see the [release notes](https://github.com/cloudfoundry/cflinuxfs3/releases/tag/0.380.0)
          
cf-cli 1.53.0
count-cores-indicator 2.0.0
diego 2.85.0
garden-runc 1.45.0
v1.45.0
  ## Changes
  - Resolved an issue where container networking statistics could not be retrieved for apps running in containers that did not have a `bash` executable. Thanks @JVecsei1!
  - Removed the garden-healthchecker package after it had been removed from the boshrelease in v1.43.0
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index 0d2a8fb4..c84b5c43 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -39,7 +39,6 @@ packages:
  - netplugin-shim
  - dontpanic
  - tini
  -  - garden-runc-healthchecker
  provides:
  - name: iptables
  ```
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.44.0...v1.45.0
  ## Resources
  - [Download release 1.45.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.45.0).
          
haproxy 11.17.4
loggregator-agent 6.5.16
v6.5.16
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.20.12
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.15...v6.5.16
          
mapfs 1.2.52
metrics-discovery 3.2.21
v3.2.21
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.20.12
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.20...v3.2.21
          
nfs-volume 7.1.44
routing 0.285.0
v0.285.0
  ## Changes
  - A new `localhost:8082` endpoint has been added for retrieving the routing table on gorouter. This is in preparation of removing non-LB-health check endpoints from the public `:8080` listener for increased security.  `/var/vcap/jobs/gorouter/bin/retrieve-local-routes` is updated and still the official way to retrieve the local routing table on a gorouter. The port this listens on can be configured via the `router.status.routes.port` property.
  - A new TLS-enabled endpoint for LB health checks has been added on `:8443`. This can be configured via the `router.status.tls.port`, `router.status.tls.certificate` and `router.status.tls.key` properties.
  - routing-api has been updated to work towards supporting a TLS-only CF deployment. Thanks @reneighbor!
  - gorouter's `proxy` package received some test enhancements for increased test stability. Thanks @domdom82!
  - gorouter's `pool.Endpoint.Equals()` received a performance improvement thanks to @peanball!
  - Route-registrar will now fail if it configured to talk to NATS without using TLS. This can be toggled via the `nats.fail_if_using_nats_without_tls` property. thanks @ameowlia!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index e9a9dd73..35576742 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -57,6 +57,15 @@ properties:
  default: router-status
  router.status.password:
  description: "Password for HTTP basic auth to the /varz and /routes endpoints."
  +  router.status.routes.port:
  +    description: "Port used for the /routes endpoint (available on localhost-only)"
  +    default: 8082
  +  router.status.tls.port:
  +    description: "Port used for the TLS listener of the LB healthcheck endpoint"
  +  router.status.tls.certificate:
  +    description: "TLS Certificate used for the TLS listener of the LB healthcheck endpoint"
  +  router.status.tls.key:
  +    description: "Private Key used for the TLS listener of the LB healthcheck endpoint"
  router.prometheus.port:
  description: "Port for the prometheus endpoint."
  router.prometheus.server_name:
  diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
  index bf3d9a03..be708025 100644
  --- a/jobs/route_registrar/spec
  +++ b/jobs/route_registrar/spec
  @@ -53,6 +53,13 @@ properties:
  description: "PEM-encoded certificate for the route-registrar to present to NATS for verification when connecting via TLS."
  nats.tls.client_key:
  description: "PEM-encoded private key for the route-registrar to present to NATS for verification when connecting via TLS."
  +  nats.fail_if_using_nats_without_tls:
  +    description: |
  +        Connecting to nats (instead of nats-tls) is deprecated. The nats
  +        process will be removed soon. Please migrate to using nats-tls as soon
  +        as possible. If you must continue using nats for a short time you can
  +        set this flag to false.
  +    default: true
  host:
  description: (string, optional) By default, route_registrar will detect the IP of the VM and use it, in combination with port as the backend destination for each uri being registered. This property enables overriding the destination hostname or IP.
  ```
  ## ✨  Built with go 1.21.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.284.0...v0.285.0
  ## Resources
  - [Download release 0.285.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.285.0).
          
silk 3.38.0
smb-volume 3.1.44
v3.1.44
  ## Changes
  * Bump talloc from 2.4.0 to 2.4.1 (#303)
  * Update keyutils tarball blob to 1.6.3 (#299)
  * compile keyutils from source (#292)
  ## Dependencies
  * **v2:** Updated to v2.13.2.
For more information, see [v2](https://github.com/onsi/ginkgo). * **smbbroker:** Updated to v`8ed0417`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`99bb693`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.4
syslog 11.8.15
v11.8.15
  ## What's Changed
  * Bump dependencies
  * Bump packaged Golang to go1.20.12
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.14...v11.8.15
          

2.13.28

Release Date: 11/29/2023

  • Bump cf-networking to version 3.38.0
  • Bump cflinuxfs3 to version 0.379.0
  • Bump cf-cli to version 1.53.0
  • Bump diego to version 2.85.0
  • Bump mapfs to version 1.2.52
  • Bump nfs-volume to version 7.1.44
  • Bump silk to version 3.38.0
  • Bump smb-volume to version 3.1.43
Component Version Release Notes
ubuntu-xenial stemcell 621.759
bpm 1.2.11
cf-networking 3.38.0
v3.38.0
  ## Changes
  - The `policy-server-internal` job's healthcheck endpoint is now available only via localhost.
  - Go package dependency bumps
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.37.0...v3.38.0
  ## Resources
  - [Download release 3.38.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.38.0).
          
v3.37.0
  ## Changes
  - Bump dependencies
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.36.0...v3.37.0
  ## Resources
  - [Download release 3.37.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.37.0).
          
v3.36.0
  ## Changes
  - Bump golang to 1.21.4
  - Package Dependency Bumps
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.35.0...v3.36.0
  ## Resources
  - [Download release 3.36.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.36.0).
          
cflinuxfs3 0.379.0
v0.379.0
  This release ships with cflinuxfs3 version 0.379.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.379.0)
          
cf-cli 1.53.0
v1.53.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.4 | [8.7.5](https://github.com/cloudfoundry/cli/releases/tag/v8.7.5)
  v7 | 7.7.4 | [7.7.5](https://github.com/cloudfoundry/cli/releases/tag/v7.7.5)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
count-cores-indicator 2.0.0
diego 2.85.0
v2.85.0
  ## Changes
  - Bump garden Grootfs, Guardian, and idmapper
  - Bump golang to 1.21.4
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.84.0...v2.85.0
  ## Resources
  - [Download release v2.85.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.85.0).
          
garden-runc 1.44.0
haproxy 11.17.4
loggregator-agent 6.5.15
mapfs 1.2.52
v1.2.52
  ## Dependencies
  * **mapfs:** Updated to v`9134eb1`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.51
  ## Dependencies
  * **v2:** Updated to v2.13.1.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`cf4b116`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.50
  ## Changes
  * Golang: Updated to v1.21.4. (#179)
  ## Dependencies
  * **gomega:** Updated to v1.30.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`df4bcf6`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.20
nfs-volume 7.1.44
v7.1.44
  ## Changes
  * +Golang: Updated to v1.21.4 (#662)
  * Bump Openldap to v2.6.6 (#659)
  ## Dependencies
  * **gomega:** Updated to v1.30.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`250fde5`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`c86b604`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.42
  ## Changes
  * +Golang: Updated to v1.21.4 (#661)
  * Bump openssl- from  to 3.1.4 (#657)
          
routing 0.284.0
silk 3.38.0
v3.38.0
  ## Changes
  - Go package dependency bumps
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.37.0...v3.38.0
  ## Resources
  - [Download release 3.38.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.38.0).
          
v3.37.0
  ## Changes
  - [Remove unused property rep_listen_addr_admin](https://github.com/cloudfoundry/silk-release/commit/ee98f5a9d1e1f7c82a3c8055b0e5aacf087538f8)
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/silk-daemon/spec b/jobs/silk-daemon/spec
  index 7a070202..70be43f2 100644
  --- a/jobs/silk-daemon/spec
  +++ b/jobs/silk-daemon/spec
  @@ -36,10 +36,6 @@ properties:
  description: "Host port used for receiving VXLAN packets"
  default: 4789
  -  rep_listen_addr_admin:
  -    description: "Admin endpoint on diego rep.  Silk daemon job drain waits for the rep to exit before tearing down the network.  See diego.rep.listen_addr_admin"
  -    default: 127.0.0.1:1800
  -
  partition_tolerance_hours:
  description: "When silk controller is unavailable, silk daemon will remain healthy and allow creation of new containers for this number of hours.  Should be no larger than cf_networking.subnet_lease_expiration_hours."
  default: 168
  ```
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.35.0...v3.37.0
  ## Resources
  - [Download release 3.37.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.37.0).
          
v3.36.0
  ## Changes
  - Bump golang to 1.21.4
  - Package dependency bumps
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.35.0...v3.36.0
  ## Resources
  - [Download release 3.36.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.36.0).
          
smb-volume 3.1.43
v3.1.43
  ## Dependencies
  * **smbbroker:** Updated to v`0733e9b`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`f26f28c`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.42
  ## Dependencies
  * **v2:** Updated to v2.13.1.
For more information, see [v2](https://github.com/onsi/ginkgo). * **smbbroker:** Updated to v`f6a3803`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`42b0a5b`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.41
  ## Changes
  * +Golang: Updated to v1.21.4 (#278)
  ## Dependencies
  * **gomega:** Updated to v1.30.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`bbf9c45`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`c919855`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.4
syslog 11.8.14

2.13.27

Release Date: 11/10/2023

  • [Feature Improvement] Allow to configure w3c tracing headers in router
  • [Bug Fix] Remove inoperative errand syslog drains
  • Bump bpm to version 1.2.11
  • Bump cf-networking to version 3.35.0
  • Bump cflinuxfs3 to version 0.378.0
  • Bump diego to version 2.84.0
  • Bump garden-runc to version 1.44.0
  • Bump mapfs to version 1.2.49
  • Bump metrics-discovery to version 3.2.20
  • Bump nfs-volume to version 7.1.41
  • Bump routing to version 0.284.0
  • Bump silk to version 3.35.0
  • Bump smb-volume to version 3.1.40
  • Bump syslog to version 11.8.14
Component Version Release Notes
ubuntu-xenial stemcell 621.730
bpm 1.2.11
cf-networking 3.35.0
v3.35.0
  ## Changes
  - Increase default value for `max_policies_per_app_source` from 50 to 150. Thanks SO MUCH @ameowlia !
  - 🐛 Bug fix: update the policy-server `last_updated` timestamp to have microsecond precision. Previously it had second level precision, this created a race condition when multiple c2c policies were updated at nearly the same time, but the vxlan-policy-agent would only pick up the first update. Thank you @geofffranks [for this PR](https://github.com/cloudfoundry/cf-networking-release/pull/247)!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/policy-server/spec b/jobs/policy-server/spec
  index a6043136..0d9f5157 100644
  --- a/jobs/policy-server/spec
  +++ b/jobs/policy-server/spec
  @@ -58,7 +58,7 @@ properties:
  max_policies_per_app_source:
  description: "Maximum policies a space developer may configure for an application source. Does not affect admin users."
  -    default: 50
  +    default: 150
  ```
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.34.0...v3.35.0
  ## Resources
  - [Download release 3.35.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.35.0).
          
cflinuxfs3 0.378.0
v0.378.0
  This release ships with cflinuxfs3 version 0.378.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.378.0)
          
v0.377.0
  This release ships with cflinuxfs3 version 0.377.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.377.0)
          
cf-cli 1.50.0
count-cores-indicator 2.0.0
diego 2.84.0
v2.84.0
  ## Changes
  - Bumps envoy to [v1.28.0](https://github.com/envoyproxy/envoy/releases/tag/v1.28.0)
  - BBS DesiredLRPHandler now sends Stop/Update LRP requests to rep in parallel - Thanks @vlast3k!
  - Log rate limit metrics are no longer generated for tasks - Thanks @mkocher!
  - App Logs will now emit messages for when they run pre-start scripts and when they invoke the startup command, to make troubleshooting just that much easier - Thanks @Gerg!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
  index 6ff53c654..a3bbc5fb2 100644
  --- a/jobs/vizzini/spec
  +++ b/jobs/vizzini/spec
  @@ -1,7 +1,7 @@
  ---
  name: vizzini
  packages:
  -  - golang-1-linux
  +  - golang-1.21-linux
  - vizzini
  templates:
  ```
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.83.0...v2.84.0
  ## Resources
  - [Download release v2.84.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.84.0).
          
garden-runc 1.44.0
v1.44.0
  ## Changes
  - Change user for grootfs test
  - Bump golang to 1.21.4
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.43.0...v1.44.0
  ## Resources
  - [Download release v1.44.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.44.0).
          
v1.43.0
  ## Changes
  - The `garden-healthchecker` process was found to be too aggressive when evaluating and acting upon failed healthchecks. It has been removed.
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index 125909ed..0d2a8fb4 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -23,7 +23,6 @@ templates:
  bin/containerd_utils.erb:                 bin/containerd_utils
  bin/pre-start:                            bin/pre-start
  bin/post-start:                           bin/post-start
  -  config/healthchecker.yml.erb:             config/healthchecker.yml
  packages:
  - guardian
  @@ -309,7 +308,3 @@ properties:
  logging.format.timestamp:
  description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
  default: "unix-epoch"
  -
  -  healthchecker.failure_counter_file:
  -    description: "File used by the healthchecker to monitor consecutive failures."
  -    default: /var/vcap/data/garden/counters/consecutive_healthchecker_failures.count
  ```
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.42.0...v1.43.0
  ## Resources
  - [Download release v1.43.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.43.0).
          
v1.42.0
  ## Changes
  - Bump golang dependencies
  - Bump ruby testing dependencies
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.41.0...v1.42.0
  ## Resources
  - [Download release v1.42.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.42.0).
          
haproxy 11.17.4
loggregator-agent 6.5.15
mapfs 1.2.49
v1.2.49
  ## Dependencies
  * **mapfs:** Updated to v`039d1ca`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.48
  ## Dependencies
  * **gomega:** Updated to v1.29.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`5063acb`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.20
v3.2.20
  ## What's Changed
  * Bump to [go1.20.11](https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY/m/d-jSKR_jBwAJ)
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.19...v3.2.20
          
v3.2.19
  ## What's Changed
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.18...v3.2.19
          
nfs-volume 7.1.41
v7.1.41
  ## Dependencies
  * **gomega:** Updated to v1.29.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`ca836db`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`6e621fa`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.40
  ## Dependencies
  * **gomega:** Updated to v1.28.1.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`ddbeba7`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`838f6cf`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.284.0
v0.284.0
  ## Changes
  - Upgrade to Golang 1.21.4
  - Bump dependencies
  ## ✨  Built with go 1.21.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.283.0...v0.284.0
  ## Resources
  - [Download release 0.284.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.284.0).
          
silk 3.35.0
v3.35.0
  ## Changes
  - no big changes :)
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.34.0...v3.35.0
  ## Resources
  - [Download release 3.35.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.35.0).
          
smb-volume 3.1.40
v3.1.40
  ## Dependencies
  * **smbbroker:** Updated to v`c94aea7`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`96b0506`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.39
  ## Dependencies
  * **gomega:** Updated to v1.29.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`b1ed82a`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a8e9a2f`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.4
syslog 11.8.14
v11.8.14
  ## What's Changed
  * Update golang packages to use go1.20.10
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.13...v11.8.14
          

2.13.26

Release Date: 10/25/2023

  • [Feature Improvement] Option to enable w3c tracing headers in router
  • [Bug Fix] Prevent retired app instances from receiving traffic by ensuring rep emits events to cleanup routes when cf restart-app-instance is invoked.
  • Bump bpm to version 1.2.9
  • Bump cf-networking to version 3.34.0
  • Bump cflinuxfs3 to version 0.376.0
  • Bump cf-cli to version 1.50.0
  • Bump diego to version 2.83.0
  • Bump garden-runc to version 1.41.0
  • Bump loggregator-agent to version 6.5.15
  • Bump mapfs to version 1.2.47
  • Bump metrics-discovery to version 3.2.18
  • Bump nfs-volume to version 7.1.38
  • Bump routing to version 0.283.0
  • Bump silk to version 3.34.0
  • Bump smb-volume to version 3.1.38
Component Version Release Notes
ubuntu-xenial stemcell 621.730
bpm 1.2.9
cf-networking 3.34.0
v3.34.0
  ## Changes
  - Bumped to golang 1.21.3
  - Testing updates
  - CI Enhancements
  - Package dependency bumps
  - The `proxy` test/example app's `/dumprequest` endpoint will now return headers back to client via the `returnHeaders` query parameter. It also adds an `X-Proxy-Settable-Debug-Header` header if the upstream server doesn't set it explicitly, and `X-Proxy-Immutable-Debug-Header` which will override any value set by upstream servers.
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/performance-test-sd/spec b/jobs/performance-test-sd/spec
  index 0223d87e..c89d50f5 100644
  --- a/jobs/performance-test-sd/spec
  +++ b/jobs/performance-test-sd/spec
  @@ -6,7 +6,7 @@ templates:
  config.json.erb: config.json
  packages:
  -  - golang-1.20-linux
  +  - golang-1.21-linux
  - performance-test-sd
  consumes:
  ```
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.33.0...v3.34.0
  ## Resources
  - [Download release 3.34.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.34.0).
          
v3.33.0
  ## Changes
  - Bumped to golang 1.20.7
  - The `garden-cni` job's `garden-external-networker` has been updated to support returning interface name data handling CNI v0.4.0 data from CNI plugins it wraps. This allows for garden-runc-release to make use of the interface info for pulling networking statistics. (https://github.com/cloudfoundry/cf-networking-release/pull/229)
  - Thanks @JVecsei1, @geigerj0!
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.32.0...v3.33.0
  ## Resources
  - [Download release v3.33.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.33.0).
          
cflinuxfs3 0.376.0
v0.376.0
  This release ships with cflinuxfs3 version 0.376.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.376.0)
          
cf-cli 1.50.0
v1.50.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.3 | [8.7.4](https://github.com/cloudfoundry/cli/releases/tag/v8.7.4)
  v7 | 7.7.3 | [7.7.4](https://github.com/cloudfoundry/cli/releases/tag/v7.7.4)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
v1.49.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.2 | [8.7.3](https://github.com/cloudfoundry/cli/releases/tag/v8.7.3)
  v7 | 7.7.2 | [7.7.3](https://github.com/cloudfoundry/cli/releases/tag/v7.7.3)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
v1.47.0
  ### This release contains the following versions of the CF CLI
  Major version | Prior version | Current version
  -- | -- | --
  v8 | 8.7.1 | [8.7.2](https://github.com/cloudfoundry/cli/releases/tag/v8.7.2)
  v7 | 7.7.1 | [7.7.2](https://github.com/cloudfoundry/cli/releases/tag/v7.7.2)
  v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0)
          
count-cores-indicator 2.0.0
diego 2.83.0
v2.83.0
  ## Changes
  - **[Bug Fix]** Prevent retired app instances from receiving traffic by ensuring rep emits events to cleanup routes when RetireActualLRP is called. (https://github.com/cloudfoundry/bbs/pull/72) (Fixes #820)
  - Thanks @vlast3k!
  - Cleans up stderr output from rep's `setup_mounted_data_dirs` script (#689)
  -  Thanks @romain-dartigues!
  - Docs updates for the container metrics changes from 2.82.0 (https://github.com/cloudfoundry/diego-release/pull/813)
  - Thanks @geigerj0!
  - Bump Golang to 1.21.3
  - Bump Envoy to 1.25.9
  - Bump Package Dependencies
  - CI Enhancments
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.82.0...v2.83.0
  ## Resources
  - [Download release v2.83.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.83.0).
          
v2.82.0
  ## Changes
  - Diego now supports reading container networking metrics from garden, and publishing them along with other app container metrics. (https://github.com/cloudfoundry/diego-logging-client/pull/82, https://github.com/cloudfoundry/executor/pull/83)
  - Requires [garden-runc-release v1.38.0](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.38.0) and [cf-networking-release v3.33.0](https://github.com/cloudfoundry/cf-networking-release/releases/tag/v3.33.0).
  - Thanks @geigerj0 and @jvecsei1!
  - Removed usage of the `code.cloudfoundry.org/systemcerts` package in favor of golang's builtin functionality.
  - Bumped to golang 1.21.0
  ## ✨  Built with go 1.21.0
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.81.0...v2.82.0
  ## Resources
  - [Download release v2.82.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.82.0).
          
garden-runc 1.41.0
v1.41.0
  ## Changes
  - Bump go to 1.21.3
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.40.0...v1.41.0
  ## Resources
  - [Download release v1.41.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.41.0).
          
v1.40.0
  ## Changes
  - Bump Golang to 1.21.1
  ## ✨  Built with go 1.21.1
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.39.0...v1.40.0
  ## Resources
  - [Download release v1.40.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.40.0).
          
v1.39.0
  ## Changes
  - Garden on Linux now supports propagating extended attributes from root filesystem images + when adding filesystem data to an existing container.
  - Bumped to golang 1.21.1
  ## ✨  Built with go 1.21.1
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.38.0...v1.39.0
  ## Resources
  - [Download release v1.39.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.39.0).
          
v1.38.0
  ## Changes
  - Garden now supports advertising container networking metrics on Linux containers via the `garden.enable_container_network_metrics` property.
  - Requires [cf-networking-release v3.33.0](https://github.com/cloudfoundry/cf-networking-release/releases/tag/v3.33.0) or newer, and [diego v2.82.0](https://github.com/cloudfoundry/diego-release/releases/tag/v2.82.0) or newer.
  - Thanks @JVecsei1 and @geigerj0!!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index 3bffb2f7..125909ed 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -119,6 +119,10 @@ properties:
  description: "Additional hosts file entries to be used in containers."
  default: []
  +  garden.enable_container_network_metrics:
  +    description: "Enable container network metrics. This feature is only available on Linux."
  +    default: false
  +
  garden.insecure_docker_registry_list:
  description: "DEPRECATED in favour of grootfs property."
  default: []
  ```
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.37.0...v1.38.0
  ## Resources
  - [Download release v1.38.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.38.0).
          
haproxy 11.17.4
loggregator-agent 6.5.15
v6.5.15
  ## What's Changed
  * Bump dependencies
  * Bump golang to v1.20.10
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.14...v6.5.15
          
mapfs 1.2.47
v1.2.47
  ## Dependencies
  * **mapfs:** Updated to v`9fead8e`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.46
  ## Changes
  * Golang: Updated to v1.21.3 (#162)
  ## Dependencies
  * **v2:** Updated to v2.13.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **net:** Updated to v0.17.0.
For more information, see [net](https://github.com/golang/net). * **mapfs:** Updated to v`6375877`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.45
  ## Changes
  * Golang: Updated to v1.21.1. (#149)
  ## Dependencies
  * **gomega:** Updated to v1.28.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`6142d67`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.41
  ## Changes
  ## Dependencies
  * **mapfs:** Updated to v`dd24f4a`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.40
  ## Dependencies
  * **mapfs:** Updated to v`1eb4e0c`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.39
  ## Dependencies
  * **mapfs:** Updated to v`799c2e9`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.38
  ## Changes
  * Golang: Updated to v1.21.1. (#140)
  ## Dependencies
  * **mapfs:** Updated to v`641ed35`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.37
  ## Changes
  * Golang: Updated to v1.21.0. (#135)
  ## Dependencies
  * **mapfs:** Updated to v`9758d39`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.36
  ## Dependencies
  * **v2:** Updated to v2.12.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`06a8605`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.18
v3.2.18
  ## What's Changed
  * Bump golang to v1.20.10
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.17...v3.2.18
          
v3.2.17
  ## What's Changed
  * Don't configure prom scraper to scrape when metrics-discovery-registrar or metrics-agent are disabled.
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.16...v3.2.17
          
nfs-volume 7.1.38
v7.1.38
  ## Dependencies
  * **nfsbroker:** Updated to v`08fd348`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`2dcf257`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.37
  ## Changes
  * Golang: Updated to v1.21.3 (#607)
  ## Dependencies
  * **gomega:** Updated to v1.28.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`77b6d24`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`6e0ee23`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.35
  ## Dependencies
  * **nfsbroker:** Updated to v`4fe73b5`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`c89a0a6`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.34
  ## Changes
  ## Dependencies
  * **nfsbroker:** Updated to v`75e8459`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`e323fee`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.33
  ## Changes
  * +Golang: Updated to v1.21.1 (#558)
  ## Dependencies
  * **nfsbroker:** Updated to v`4974c87`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`34863b7`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.32
  ## Changes
  * +Golang: Updated to v1.21.0 (#541)
  * Update README.md (#549)
  ## Dependencies
  * **nfsbroker:** Updated to v`64e07ac`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`964ff24`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.31
  ## Changes
  ## Dependencies
  * **nfsbroker:** Updated to v`ca7c06c`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`09ac66c`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.283.0
v0.283.0
  ## Changes
  - Adds missing timings to non-http backend requests, e.g. websockets. (https://github.com/cloudfoundry/gorouter/pull/363) (Fixes: https://github.com/cloudfoundry/routing-release/issues/278)
  - Thanks @domdom82!
  - Adds ability for gorouter to verify mTLS Client Certificate metadata (https://github.com/cloudfoundry/routing-release/pull/355)
  - Thanks @peanball!
  - CI Enhancements and updates
  - Package Dependency bumps
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 2bb394e9..e9a9dd73 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -415,7 +415,7 @@ properties:
  default: 5
  websocket_dial_timeout_in_seconds:
  description: |
  -      Maximum time in seconds for gorouter to establish a websocket upgrade for the websocket ForwardIO connection with a backend.
  +      Maximum time in seconds for gorouter to establish a websocket upgrade for the websocket ForwardIO connection with a backend.
  This timeout comes before `tls_handshake_timeout_in_seconds` and `request_timeout_in_seconds`. When not set, defaults to `endpoint_dial_timeout_in_seconds`.
  default: endpoint_dial_timeout_in_seconds
  tls_handshake_timeout_in_seconds:
  @@ -518,6 +518,36 @@ properties:
  description: "The number of file descriptors a router can have open at one time"
  default: 100000
  +  router.enable_verify_client_certificate_metadata:
  +    description: |
  +        Enable additional client certificate verification via verify_client_certificate_metadata (see below).
  +    default: false
  +  router.verify_client_certificate_metadata:
  +    description: |
  +      Additional client certificate verification, after the certificate was validated using the regular mTLS mechanism and is issued using one of the CAs in `client_ca_certs`.
  +      The additional verification limits the allowed client certificates for a given signing CA (identified by its distinguished name) to certificates with subjects provided in the list of valid subjects. Within the certificate chain there may be more than one CA certificates (e.g. intermediate CA certificates). The `issuer_in_chain` must match one of the CA certificates in the chain.
  +      Each list entry contains an issuer_in_chain with a corresponding list of valid subjects. Each issuer_in_chain must match one of the certificates in `client_ca_certs`. When an issuer_in_chain is defined that does not match, this raises an error during templating time and at startup in gorouter.
  +      - issuer_in_chain:
  +          common_name: ""
  +          serial_number: ""
  +          country: []
  +          organization: []
  +          organizational_unit: []
  +          locality: []
  +          province: []
  +          street_address: []
  +          postal_code: []
  +        valid_cert_subjects:
  +          - common_name: ""
  +            serial_number: ""
  +            country: []
  +            organization: []
  +            organizational_unit: []
  +            locality: []
  +            province: []
  +            street_address: []
  +            postal_code: []
  +    default: []
  healthchecker.failure_counter_file:
  description: "File used by the healthchecker to monitor consecutive failures."
  default: /var/vcap/data/gorouter/counters/consecutive_healthchecker_failures.count
  ```
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.282.0...v0.283.0
  ## Resources
  - [Download release 0.283.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.283.0).
          
silk 3.34.0
v3.34.0
  ## Changes
  - Bumped to golang 1.21.3
  - Fixes a crash in `silk-datastore-syncer` when garden listed containers not present in the CNI metadata file managed by silk.
  - CI Enhancements
  - Package dependency bumps
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.33.0...v3.34.0
  ## Resources
  - [Download release 3.34.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.34.0).
          
v3.33.0
  ## Changes
  - Bumped to golang 1.20.7
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.32.0...v3.33.0
  ## Resources
  - [Download release v3.33.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.33.0).
          
smb-volume 3.1.38
v3.1.38
  ## Dependencies
  * **v2:** Updated to v2.13.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.28.0.
For more information, see [gomega](https://github.com/onsi/gomega). * **smbbroker:** Updated to v`6144d48`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`ba5d545`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.37
  ## Changes
  * Golang: Updated to v1.21.3 (#254)
  ## Dependencies
  * **smbbroker:** Updated to v`47d1912`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`3b7fd5f`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.36
  ## Changes
  * +Golang: Updated to v1.21.2 (#247)
  ## Dependencies
  * **smbbroker:** Updated to v`af9461b`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`425638f`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.35
  ## Dependencies
  * **smbbroker:** Updated to v`6d1303d`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`c4ca5be`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.34
  ## Dependencies
  * **smbbroker:** Updated to v`91e5d63`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`6eb0047`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.33
  ## Changes
  * fix race condition (#225)
  ## Dependencies
  * **smbbroker:** Updated to v`4be065e`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a8e248b`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.32
  ## Changes
  * +Golang: Updated to v1.21.0 (#220)
  * Add final release 3.1.31 [ci skip]
  ## Dependencies
  * **smbbroker:** Updated to v`c6764c2`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`44ac537`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.31
  ## Changes
  ## Dependencies
  * **smbbroker:** Updated to v`d8cd6a7`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`47fe692`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.4
syslog 11.8.13

2.13.25

Release Date: 10/12/2023

  • [Security Fix] Bump routing-release to v0.282.0
  • Bump cflinuxfs3 to version 0.375.0
  • Bump routing to version 0.282.0
Component Version Release Notes
ubuntu-xenial stemcell 621.699
bpm 1.2.6
cf-networking 3.32.0
cflinuxfs3 0.375.0
v0.375.0
  This release ships with cflinuxfs3 version 0.375.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.375.0)
          
cf-cli 1.45.0
count-cores-indicator 2.0.0
diego 2.81.0
garden-runc 1.37.0
haproxy 11.17.4
loggregator-agent 6.5.14
mapfs 1.2.35
metrics-discovery 3.2.16
nfs-volume 7.1.30
routing 0.282.0
v0.282.0
  ## Changes
  - Bumped to golang 1.21.3
  - CI Enhancements and updates
  - Package Dependency bumps
  - Resolves [gorouter/#346](https://github.com/cloudfoundry/routing-release/issues/346) by validating trace ID length prior to parsing it as a UUID
  ## ✨  Built with go 1.21.3
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.281.0...0.282.0
  ## Resources
  - [Download release 0.282.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.282.0).
          
v0.281.0
  ## Changes
  - Check trace ID length before parsing the UUID (#365)
  - Bump go to 1.21.1
  ## ✨  Built with go 1.21.1
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.280.0...v0.281.0
  ## Resources
  - [Download release 0.281.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.281.0).
          
v0.280.0
  ## Changes
  - Bumped CF CLI to v8.7.2
  - Gorouter now logs the IP of the NATS server its connecting to/disconnecting from (instead of just the BOSH DNS name) for troubleshooting clarity. Thanks @domdom82!!
  ## ✨  Built with go 1.21.0
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.279.0...v0.280.0
  ## Resources
  - [Download release v0.280.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.280.0).
          
v0.279.0
  ## Changes
  - Bumped to golang 1.21.0!
  - Refactor of proxy config properties. Thanks @domdom82!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/acceptance_tests/spec b/jobs/acceptance_tests/spec
  index db508ca3..e1a6a9ae 100644
  --- a/jobs/acceptance_tests/spec
  +++ b/jobs/acceptance_tests/spec
  @@ -7,7 +7,7 @@ templates:
  bpm.yml.erb: config/bpm.yml
  packages:
  - - golang-1.20-linux
  + - golang-1.21-linux
  - acceptance_tests
  - rtr
  - cf-cli-8-linux
  diff --git a/jobs/smoke_tests/spec b/jobs/smoke_tests/spec
  index 5776a9c8..b230192b 100644
  --- a/jobs/smoke_tests/spec
  +++ b/jobs/smoke_tests/spec
  @@ -7,7 +7,7 @@ templates:
  bpm.yml.erb: config/bpm.yml
  packages:
  - - golang-1.20-linux
  + - golang-1.21-linux
  - acceptance_tests
  - cf-cli-8-linux
  ```
  ## ✨  Built with go 1.21.0
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.278.0...v0.279.0
  ## Resources
  - [Download release v0.279.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.279.0).
          
silk 3.32.0
smb-volume 3.1.30
smoke-tests 4.8.4
syslog 11.8.13

2.13.24

Release Date: 09/26/2023

  • [Security Fix] Bump smoke-tests to address Go CVE-2023-39533
  • Bump cflinuxfs3 to version 0.374.0
  • Bump loggregator-agent to version 6.5.14
  • Bump metrics-discovery to version 3.2.16
  • Bump smoke-tests to version 4.8.4
  • Bump syslog to version 11.8.13
Component Version Release Notes
ubuntu-xenial stemcell 621.676
bpm 1.2.6
cf-networking 3.32.0
cflinuxfs3 0.374.0
v0.374.0
  This release ships with cflinuxfs3 version 0.374.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.374.0)
          
cf-cli 1.45.0
count-cores-indicator 2.0.0
diego 2.81.0
garden-runc 1.37.0
haproxy 11.17.4
loggregator-agent 6.5.14
v6.5.14
  ## What's Changed
  * Bump to [go1.20.8](https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM/m/F5bwBlXMAQAJ)
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.13...v6.5.14
          
mapfs 1.2.35
metrics-discovery 3.2.16
v3.2.16
  ## What's Changed
  * Add check for disable flag for metrics agent ingress_port
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.15...v3.2.16
          
v3.2.15
  ## What's Changed
  * Bump to [go1.20.8](https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM/m/F5bwBlXMAQAJ)
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.14...v3.2.15
          
nfs-volume 7.1.30
routing 0.278.0
silk 3.32.0
smb-volume 3.1.30
smoke-tests 4.8.4
4.8.4
  Create bosh final release 4.8.4
  ## What's Changed
  * feat: CI to autobump golang by @pabloarodas in https://github.com/pivotal/smoke-tests/pull/106
  * Upgrade Golang by @pvaramballypivot in https://github.com/pivotal/smoke-tests/pull/111
  * test: skip jobs to test automerge by @pabloarodas in https://github.com/pivotal/smoke-tests/pull/113
  * Upgrade Golang by @pvaramballypivot in https://github.com/pivotal/smoke-tests/pull/114
  * Upgrade Golang by @pvaramballypivot in https://github.com/pivotal/smoke-tests/pull/116
  * Bump cf-cli to 8.7.3 by @xtremerui in https://github.com/pivotal/smoke-tests/pull/117
  **Full Changelog**: https://github.com/pivotal/smoke-tests/compare/4.8.3...4.8.4
          
syslog 11.8.13
v11.8.13
  ## What's Changed
  * Update golang packages to use go1.20.8
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.12...v11.8.13
          

2.13.23

Release Date: 09/11/2023

  • [Security Fix] Continue to forward relevant headers by removing hop-by-hop headers that could interfere with gorouter when proxying client requests
  • [Bug Fix] Garden Healthchecks have been re-enabled after fixing a bug during deployments causing failed diego-cells.
  • Bump bpm to version 1.2.6
  • Bump cflinuxfs3 to version 0.373.0
  • Bump diego to version 2.81.0
  • Bump garden-runc to version 1.37.0
  • Bump loggregator-agent to version 6.5.13
  • Bump mapfs to version 1.2.35
  • Bump metrics-discovery to version 3.2.14
  • Bump nfs-volume to version 7.1.30
  • Bump routing to version 0.278.0
  • Bump smb-volume to version 3.1.30
  • Bump syslog to version 11.8.12
Component Version Release Notes
ubuntu-xenial stemcell 621.655
bpm 1.2.6
cf-networking 3.32.0
cflinuxfs3 0.373.0
v0.373.0
  This release ships with cflinuxfs3 version 0.373.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.373.0)
          
cf-cli 1.45.0
count-cores-indicator 2.0.0
diego 2.81.0
v2.81.0
  ## Changes
  - Healthchecks for process startup have been renamed from "readiness" to "startup" to better indicate that it is the initial liveness check to ensure the process has started. After completing, it is superceded by the liveness check, which has had no changes.
  - Adds support for "readiness" checks on processes. The purpose of readiness checks are to determine whether a process is capable of serving traffic or not. This is contrasted now with liveness checks which determine if the process is in a state that requires it to be restarted. Readiness checks can be used to pull a process out of service when they fail, while not restarting the process. Once readiness is passing again, the process will be re-added into the service pool. Removal/addition of processes to the service pool is done via route-emitter.
  - `cfdot actual-lrps` now behaves in a more expected behavior regarding the display of `host_tls_proxy_port`. It should always be preset, even if the value is `0`.
  - Bumped to golang 1.20.7.
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.80.0...v2.81.0
  ## Resources
  - [Download release v2.81.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.81.0).
          
garden-runc 1.37.0
v1.37.0
  ## Changes
  - 🐛Fixed a bug with garden-windows where process directories were being leaked in the garden depot. This adds a `garden.cleanup_process_dirs_on_wait` property to mimic cleanup logic from garden-linux. This property is defaulted to true on garden-windows, to keep the desired behavior for CF/Diego. If garden-windows is ever used with Concourse, users will want to set this to false.
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden-windows/spec b/jobs/garden-windows/spec
  index ef1ce54e..004e4e7f 100644
  --- a/jobs/garden-windows/spec
  +++ b/jobs/garden-windows/spec
  @@ -69,6 +69,12 @@ properties:
  description: "path to the rootfs to use when a container specifies no rootfs"
  default: ""
  +  # Since garden-windows is not currently used in Concourse, we are setting this to 'true' to make life easier for diego/cf users.
  +  # https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.5.0
  +  garden.cleanup_process_dirs_on_wait:
  +    description: A boolean stating whether or not to cleanup process state after waiting for it. If set a process can be waited for only once.
  +    default: true
  +
  logging.format.timestamp:
  description: "Format for timestamp in component logs. Valid values are 'unix-epoch' and 'rfc3339'."
  default: "unix-epoch"
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index 259bba46..3bffb2f7 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -201,6 +201,8 @@ properties:
  description: A boolean stating whether or not to run garden-server as a non-root user
  default: false
  +  # We believe this defaults to false to help concourse: https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.5.0
  +  # For diego/cf, this should be set to true
  garden.cleanup_process_dirs_on_wait:
  description: A boolean stating whether or not to cleanup process state after waiting for it. If set a process can be waited for only once.
  default: false
  ```
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.36.0...v1.37.0
  ## Resources
  - [Download release v1.37.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.37.0).
          
v1.36.0
  ## Changes
  - [Pin opencontainer/runc to version v1.1.7](https://github.com/cloudfoundry/guardian/commit/f2b3d5ec72dee482f63068124cd6b3592dd6d74b)
  - Resolves a compilation issue with `xenial` stemcells
  - Dependency bumps
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.35.0...v1.36.0
  ## Resources
  - [Download release v1.36.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.36.0).
          
v1.35.0
  # ⚠️ We recommend skipping to [1.36.0](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.35.0)
  Especially if you're still running `xenial` stemcells, in which this release version will fail to compile.
  ## Changes
  - [Bug Fix] Re-implemented HTTP health checks of the `gdn` process in the `garden` job.
  - These were disabled in [1.29.0](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.29.0) due to issues during deployment.
  - Bumped golang to 1.20.7
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.34.0...v1.35.0
  ## Resources
  - [Download release v1.35.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.35.0).
          
haproxy 11.17.4
loggregator-agent 6.5.13
v6.5.13
  ## What's Changed
  * Bump to [go1.20.7](https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ)
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.12...v6.5.13
          
mapfs 1.2.35
v1.2.35
  ## Dependencies
  * **mapfs:** Updated to v`53ab9fc`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.34
  ## Changes
  ## Dependencies
  * **mapfs:** Updated to v`b83d1af`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.14
v3.2.14
  ## What's Changed
  * add disable property to metrics-agent & metrics-discovery-registrar by @mkocher in https://github.com/cloudfoundry/metrics-discovery-release/pull/169
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.13...v3.2.14
          
v3.2.13
  ## What's Changed
  * Fix metrics-agent on windows
  * Bump to [go1.20.7](https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ)
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.12...v3.2.13
          
nfs-volume 7.1.30
v7.1.30
  ## Dependencies
  * **nfsbroker:** Updated to v`90b8c05`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`4930b63`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.29
  ## Changes
  * **nfsbroker:** Updated to v`af16846`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`e295222`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.28
  ## Changes
  * +Golang: Updated to v1.20.7 (#511)
  ## Dependencies
  * **nfsbroker:** Updated to v`7a437dc`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`98bed5a`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.278.0
v0.278.0
  ## Changes
  - Continue to forward relevant headers by removing hop-by-hop headers that could interfere with gorouter when proxying client requests
  - See: https://github.com/cloudfoundry/gorouter/pull/356, https://github.com/cloudfoundry/routing-release/pull/331
  - Go mod dependency updates
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index a14133ed..2bb394e9 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -282,6 +282,27 @@ properties:
  example:
  - name: X-Vcap-Request-Id
  - name: Accept-Ranges
  +  router.hop_by_hop_headers_to_filter:
  +    description: |
  +        (optional, array value) List of HTTP Headers that are filtered for
  +        Hop-By-Hop Connection header.
  +        When clients make requests to the gorouter and the gorouter proxies
  +        their request, these HTTP Headers will be automatically be removed from
  +        the request's Connection header and sent as normal headers to the
  +        target backend. This list *also* specificies the Headers that can be
  +        returned by the backend; i.e. if a client attempts to send one of these
  +        Headers in their Connection Header to gorouter and it's *NOT* filtered,
  +        the header will *NOT* be returned to client properly after proxying the
  +        request.
  +    default:
  +    - X-Forwarded-For
  +    - X-Forwarded-Proto
  +    - B3
  +    - X-B3
  +    - X-B3-SpanID
  +    - X-B3-TraceID
  +    - X-Request-Start
  +    - X-Forwarded-Client-Cert
  router.frontend_idle_timeout:
  description: |
  (optional, integer) Duration in seconds to maintain an open connection when client supports keep-alive.
  ```
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.277.0...v0.278.0
  ## Resources
  - [Download release v0.278.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.278.0).
          
v0.277.0
  ## Changes
  - Additional metrics/logging component ports have been reserved from gorouter's ephemeral port range.
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.276.0...v0.277.0
  ## Resources
  - [Download release v0.277.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.277.0).
          
v0.276.0
  ## Changes
  - Bumped golang to 1.20.7
  - 🐛 Added new loggregator ports to gorouter's list of ports to exclude from ephemeral ranges. Thanks @ctlong!
  ## ✨  Built with go 1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.275.0...v0.276.0
  ## Resources
  - [Download release v0.276.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.276.0).
          
silk 3.32.0
smb-volume 3.1.30
v3.1.30
  ## Changes
  ## Dependencies
  * **smbbroker:** Updated to v`9ab3087`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`184cbe3`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.29
  ## Changes
  ## Dependencies
  * **smbbroker:** Updated to v`6d49181`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`cd6db37`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.3
syslog 11.8.12
v11.8.12
  ## What's Changed
  * Bump Go to v1.20.7
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.11...v11.8.12
          

2.13.22

Release Date: 08/18/2023

  • [Feature Improvement] Allow to configure Silk policy polling interval
  • Bump bpm to version 1.2.5
  • Bump cf-networking to version 3.32.0
  • Bump loggregator-agent to version 6.5.12
  • Bump mapfs to version 1.2.33
  • Bump nfs-volume to version 7.1.27
  • Bump silk to version 3.32.0
  • Bump smb-volume to version 3.1.28
  • Bump syslog to version 11.8.11
Component Version Release Notes
ubuntu-xenial stemcell 621.615
bpm 1.2.5
cf-networking 3.32.0
v3.32.0
  ## Changes
  - [Feature Improvement/Bug Fix] C2C Networking Policies are synced _only_ if they were actually updated to minimize load on the system (#231)
  - Also see related `silk-release` PR: https://github.com/cloudfoundry/silk-release/pull/88
  - And related `policy_client` PR: https://github.com/cloudfoundry/policy_client/pull/6
  - Bumps dependencies
  - Fixes a typo in [contributing.md](/docs/contributing.md) (#228)
  - Thanks @geigerj0!
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.31.0...v3.32.0
  ## Resources
  - [Download release v3.32.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.32.0).
          
v3.31.0
  ## Changes
  - Updates a DB schema used with dynamic ASGs to resolve/prevent issues when frequently syncing hundreds of thousands of ASGs. Thanks @ZPascal!
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.30.0...v3.31.0
  ## Resources
  - [Download release v3.31.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.31.0).
          
cflinuxfs3 0.372.0
cf-cli 1.45.0
count-cores-indicator 2.0.0
diego 2.80.0
garden-runc 1.34.0
haproxy 11.17.4
loggregator-agent 6.5.12
v6.5.12
  ## What's Changed
  * Bump dependencies
  * Update packaged Golang version to v1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.11...v6.5.12
          
mapfs 1.2.33
v1.2.33
  ## Changes
  * Golang: Updated to v1.20.7. (#120)
  ## Dependencies
  * **mapfs:** Updated to v`055c79a`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.32
  ## Dependencies
  * **gomega:** Updated to v1.27.10.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`d33b44a`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.31
  ## Dependencies
  * **mapfs:** Updated to v`ea4d3ff`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.30
  ## Changes
  * Golang: Updated to v1.20.6.
  ## Dependencies
  * **mapfs:** Updated to v`0e79358`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.12
nfs-volume 7.1.27
v7.1.27
  ## Changes
  * use latest available linuxfs  stack for push (#500)
  ## Dependencies
  * **nfsbroker:** Updated to v`ca6114b`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`7d7d083`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.26
  ## Dependencies
  * **gomega:** Updated to v1.27.9.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`e8d3359`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`a5d216c`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.25
  ## Changes
  * +Golang: Updated to v1.20.6
  ## Dependencies
  * **nfsbroker:** Updated to v`0affd58`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`d5b93a7`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.275.0
silk 3.32.0
v3.32.0
  ## Changes
  - [Feature Improvement/Bug Fix] C2C Networking Policies are synced _only_ if they were actually updated to minimize load on the system (#88)
  - Also see related `cf-networking` release PR: https://github.com/cloudfoundry/cf-networking-release/pull/231
  - And related `policy_client` PR: https://github.com/cloudfoundry/policy_client/pull/6
  - Bumps dependencies
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.31.0...v3.32.0
  ## Resources
  - [Download release v3.32.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.32.0).
          
v3.31.0
  ## Changes
  - No changes, released along cf-networking 3.31.0
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.30.0...v3.31.0
  ## Resources
  - [Download release v3.31.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.31.0).
          
smb-volume 3.1.28
v3.1.28
  ## Changes
  * +Golang: Updated to v1.20.7 (#206)
  ## Dependencies
  * **smbbroker:** Updated to v`f869023`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`870da3a`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.27
  ## Changes
  * use latest available linuxfs  stack for push (#201)
  ## Dependencies
  * **smbbroker:** Updated to v`2463ad2`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`878386b`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.26
  ## Changes
  * Bump autoconf from 2.69 to 2.71
  ## Dependencies
  * **smbbroker:** Updated to v`25e62f9`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`14056ca`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.25
  ## Dependencies
  * **smbbroker:** Updated to v`1e068da`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a607cfc`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.3
syslog 11.8.11
v11.8.11
  ## What's Changed
  * Update packaged Golang version to v1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.10...v11.8.11
          

2.13.21

Release Date: 07/21/2023

  • [Feature Improvement] Use routing_info for desired_lrps when there are missing actual_lrps.
  • [Feature] Add distributed tracing to Diego component logs.
  • [Bug Fix] Prevents cachedownloader from erroneously deleting old entries.
  • [Bug Fix] Resolves a race condition in BBS when the replacement for a suspect LRP has started.
  • [Bug Fix] Resolves a bug in gorouter where path-based routes could return 503s when no backend endpoints remain, rather than falling back to non-path (hostname-only) routes.
  • [Bug Fix] Resolves a known issue around multiple “Expect 100-Continue” responses
  • Bump bpm to version 1.2.3
  • Bump cf-networking to version 3.30.0
  • Bump cflinuxfs3 to version 0.372.0
  • Bump cf-cli to version 1.45.0
  • Bump diego to version 2.80.0
  • Bump garden-runc to version 1.34.0
  • Bump mapfs to version 1.2.29
  • Bump metrics-discovery to version 3.2.12
  • Bump nfs-volume to version 7.1.24
  • Bump routing to version 0.275.0
  • Bump silk to version 3.30.0
  • Bump smb-volume to version 3.1.24
  • Bump smoke-tests to version 4.8.3
  • Bump syslog to version 11.8.10
Component Version Release Notes
ubuntu-xenial stemcell 621.584
bpm 1.2.3
cf-networking 3.30.0
v3.30.0
  ## Changes
  - Bumped golang to 1.20.6
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.29.0...v3.30.0
  ## Resources
  - [Download release v3.30.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.30.0).
          
v3.29.0
  ## Changes
  - Updated dependancies.
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.28.0...v3.29.0
  ## Resources
  - [Download release v3.29.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.29.0).
          
cflinuxfs3 0.372.0
v0.372.0
  This release ships with cflinuxfs3 version 0.372.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.372.0)
          
v0.371.0
  This release ships with cflinuxfs3 version 0.371.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.371.0)
          
v0.370.0
  This release ships with cflinuxfs3 version 0.370.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.370.0)
          
v0.368.0
  This release ships with cflinuxfs3 version 0.368.0. For more information, see the [release notes](https://github.com/pivotal-cf/tanzu-cflinuxfs3/releases/tag/0.368.0)
          
cf-cli 1.45.0
count-cores-indicator 2.0.0
diego 2.80.0
v2.80.0
  ## Changes
  - Bumped to golang 1.20.6
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.79.0...v2.80.0
  ## Resources
  - [Download release v2.80.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.80.0).
          
v2.79.0
  ## Changes
  - [Feature Improvement]: Use routing_info for desired_lrp's when there are missing actual_lrp's https://github.com/cloudfoundry/route-emitter/pull/26. Thank you for this contribution @klapkov!
  - [Feature]: Support distributed tracing https://github.com/cloudfoundry/route-emitter/pull/24. Thank you @mariash for this contribution!
  - [Bug Fix]: Fix bug with cachedownloader in PR https://github.com/cloudfoundry/cacheddownloader/pull/26.  Fixes issue https://github.com/cloudfoundry/diego-release/issues/773. Thank you @vlast3k for this contribution!
  - [Bug Fix]: Resolves a race condition in BBS when the replacement for a suspect LRP has started.
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.78.0...v2.79.0
  ## Resources
  - [Download release v2.79.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.79.0).
          
garden-runc 1.34.0
v1.34.0
  ## Changes
  - Bumped golang to 1.20.6
  - Refactors, enhancements, and fixes to CI scripts and garden-integration-tests
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.33.0...v1.34.0
  ## Resources
  - [Download release v1.34.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.34.0).
          
haproxy 11.17.4
loggregator-agent 6.5.11
mapfs 1.2.29
v1.2.29
  ## Dependencies
  * **mapfs:** Updated to v`725be75`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.28
  ## Dependencies
  * **mapfs:** Updated to v`ae0c0a5`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.27
  ## Dependencies
  * **ginkgo** Updated to v2.11.0.
For more information, see [ginkgo](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`19ab355`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.26
  ## Dependencies
  * **mapfs:** Updated to v`8b733f2`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.25
  ## Changes
  * Golang: Updated to v1.20.5. (#96)
  ## Dependencies
  * **v2:** Updated to v2.10.0.
For more information, see [v2](https://github.com/onsi/ginkgo). * **gomega:** Updated to v1.27.8.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`d3ee28f`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.12
v3.2.12
  ## What's Changed
  * Bump dependencies
  * Bump Go to v1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.11...v3.2.12
          
v3.2.11
  ## What's Changed
  * bump dependencies by @mkocher in https://github.com/cloudfoundry/metrics-discovery-release/pull/151
  ## New Contributors
  * @mkocher made their first contribution in https://github.com/cloudfoundry/metrics-discovery-release/pull/151
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.10...v3.2.11
          
v3.2.10
  ## What's Changed
  * Add CODEOWNERS file in preparation for branch protection rules by @geofffranks in https://github.com/cloudfoundry/metrics-discovery-release/pull/144
  * Bump dependencies
  * Bump to golang 1.20.5
  ## New Contributors
  * @geofffranks made their first contribution in https://github.com/cloudfoundry/metrics-discovery-release/pull/144
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.9...v3.2.10
          
nfs-volume 7.1.24
v7.1.24
  ## Changes
  * Add final release 7.1.23 [ci skip]
  ## Dependencies
  * **nfsbroker:** Updated to v`65ba4de`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker).
v7.1.23
  ## Dependencies
  * **nfsbroker:** Updated to v`4e37165`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`3c0b479`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.22
  ## Dependencies
  * **nfsbroker:** Updated to v`48619ba`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`059a95a`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
v7.1.21
  ## Changes
  * +Golang: Updated to v1.20.5 (#446)
  ## Dependencies
  * **gomega:** Updated to v1.27.8.
For more information, see [gomega](https://github.com/onsi/gomega). * **nfsbroker:** Updated to v`58e000f`.
For more information, see [nfsbroker](https://github.com/cloudfoundry/nfsbroker). * **nfsv3driver:** Updated to v`1516ec7`.
For more information, see [nfsv3driver](https://github.com/cloudfoundry/nfsv3driver).
routing 0.275.0
v0.275.0
  ## Changes
  - Bumps golang to 1.20.6
  - Resolves a bug in gorouter where path-based routes could return 503s when no backend endpoints remain, rather than falling back to non-path (hostname-only) routes. Thanks @domdom82!
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.274.0...v0.275.0
  ## Resources
  - [Download release v0.275.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.275.0).
          
v0.274.0
  ## Changes
  - 🐛 **Bug Fix:**  This release fixes [this known issue](https://github.com/cloudfoundry/routing-release/blob/develop/docs/go-1.20-expect-100-continue-known-issue.md) around multiple expect 100-continue responses.
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.273.0...v0.274.0
  ## Resources
  - [Download release v0.274.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.274.0).
          
v0.273.0
  ## Known Issue
  ⚠️ This release is vulnerable to [this known issue](https://github.com/cloudfoundry/routing-release/blob/develop/docs/go-1.20-expect-100-continue-known-issue.md) around handling expect 100-continue responses. We recommend skipping this version and upgrading to 0.274.0 instead.
  ## Changes
  - **Bug Fix**: Set Gorouter's ExpectContinueTimeout to 1 sec. This fixes bug 1 of [this known issue](https://github.com/cloudfoundry/routing-release/blob/develop/docs/go-1.20-expect-100-continue-known-issue.md)
  - **Dependency Bump**: Bump the cf cli version in the acceptance test errand and the smoke test errand from v6 to v8.
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/acceptance_tests/spec b/jobs/acceptance_tests/spec
  index 6a73b9ae..db508ca3 100644
  --- a/jobs/acceptance_tests/spec
  +++ b/jobs/acceptance_tests/spec
  @@ -10,7 +10,7 @@ packages:
  - golang-1.20-linux
  - acceptance_tests
  - rtr
  - - cf-cli-6-linux
  + - cf-cli-8-linux
  properties:
  acceptance_tests.nodes:
  diff --git a/jobs/smoke_tests/spec b/jobs/smoke_tests/spec
  index 0426dc99..5776a9c8 100644
  --- a/jobs/smoke_tests/spec
  +++ b/jobs/smoke_tests/spec
  @@ -9,7 +9,7 @@ templates:
  packages:
  - golang-1.20-linux
  - acceptance_tests
  - - cf-cli-6-linux
  + - cf-cli-8-linux
  properties:
  acceptance_tests.verbose:
  ```
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.272.0...v0.273.0
  ## Resources
  - [Download release v0.273.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.273.0).
          
v0.272.0
  ## Known issue
  ⚠️ This release is vulnerable to [this known issue](https://github.com/cloudfoundry/routing-release/blob/develop/docs/go-1.20-expect-100-continue-known-issue.md) around handling expect 100-continue responses. We recommend skipping this version and upgrading to 0.274.0 instead.
  ## Changes
  - ✨ `route_registrar` now emites route registration events immediately upon startup, rather than waiting for a full registration interval to pass. This will cut down on accidental TTL expiry incurred by restarting route-registrar.
  - ✨ The `router.enable_log_attempts_details` property has been added to allow operators to configure Gorouter to log additional information about retried attempts to send requests to backends. Thanks @maxmoehl!
  - 🐛Specifying multiple CA certs to route_registrar via `route_registrar.routing_api.ca_certs` will now render correctly as multiple certs in a single CA file.
  - 🐛 Routing API clients now correctly refresh their UAA tokens prior to expiry. This should help prevent `route_registrar` from crashing whenever the token expires.
  - Golang package dependency bumps
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 0f61e044..a14133ed 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -236,6 +236,9 @@ properties:
  router.logging_level:
  description: "Log level for router"
  default: "info"
  +  router.enable_log_attempts_details:
  +    description: "Log additional fields in the access log that provide more details on the specific timings and attempts performed towards endpoints."
  +    default: false
  router.logging.format.timestamp:
  description: |
  Format for timestamp in component logs. Valid values are 'rfc3339', 'deprecated', and 'unix-epoch'."
  ```
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.271.0...v0.272.0
  ## Resources
  - [Download release v0.272.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.272.0).
          
silk 3.30.0
v3.30.0
  ## Changes
  - Bumped to golang 1.20.6
  ## ✨  Built with go 1.20.6
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.29.0...v3.30.0
  ## Resources
  - [Download release v3.30.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.30.0).
          
v3.29.0
  ## Changes
  - Updated dependancies.
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.28.0...v3.29.0
  ## Resources
  - [Download release v3.29.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.29.0).
          
smb-volume 3.1.24
v3.1.24
  ## Changes
  * Golang: Updated to v1.20.6 (#188)
  ## Dependencies
  * **smbbroker:** Updated to v`a6df845`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`6b73465`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.23
  ## Dependencies
  * **smbbroker:** Updated to v`784a01e`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`8ee8d46`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.22
  ## Changes
  * remove python, update dependencies (#178)
  * update xenial talloc to 2.3.1 (#181)
  ## Dependencies
  * **smbbroker:** Updated to v`c6c8767`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`b2512f3`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.21
  ## Changes
  * +Golang: Updated to v1.20.5 (#169)
  ## Dependencies
  * **smbbroker:** Updated to v`64a5e57`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`bdb8ad4`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.20
  ## Dependencies
  * **smbbroker:** Updated to v`23b4700`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`08e3fef`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.3
4.8.3
  Create bosh final release 4.8.3
          
syslog 11.8.10
v11.8.10
  ## What's Changed
  * Dependency bumps
  * Update packaged Golang version to v1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.9...v11.8.10
          

2.13.20

Release Date: 06/26/2023

Caution This release is susceptible to a known issue around multiple "HTTP 100 Continue" responses. For information about this issue, see Multiple HTTP Expect: 100-continue responses sent from gorouter to client may cause unexpected failures in the VMware Tanzu Support Hub. To address this issue, VMware advises upgrading to Tanzu Application Service v2.13.24 and Isolation Segment Tile v2.13.21 instead.

  • [Feature] Adds support for W3C Trace ID logging across Diego component requests
  • [Bug Fix] Timeouts in for executor’s uploader have been increased to 500ms
  • [Bug Fix] Byte-based logging limits for LRPs and Tasks now emit only once per second
  • [Bug Fix/Improvement] Garden now ships with Busybox 1.36.1 as the default filesystem

  • Bump bpm to version 1.2.2

  • Bump cf-networking to version 3.28.0
  • Bump diego to version 2.78.0
  • Bump garden-runc to version 1.33.0
  • Bump loggregator-agent to version 6.5.11
  • Bump mapfs to version 1.2.24
  • Bump nfs-volume to version 7.1.20
  • Bump routing to version 0.271.0
  • Bump silk to version 3.28.0
  • Bump smb-volume to version 3.1.19
Component Version Release Notes
ubuntu-xenial stemcell 621.553
bpm 1.2.2
cf-networking 3.28.0
v3.28.0
  ## Changes
  - Bumped to golang 1.20.5
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.27.0...v3.28.0
  ## Resources
  - [Download release v3.28.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.28.0).
          
cflinuxfs3 0.367.0
count-cores-indicator 2.0.0
diego 2.78.0
v2.78.0
  ## Changes
  - Bumped to golang 1.20.5
  - Vizzini now defaults to cflinuxfs4
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
  index 40b5eb74b..6ff53c654 100644
  --- a/jobs/vizzini/spec
  +++ b/jobs/vizzini/spec
  @@ -73,7 +73,7 @@ properties:
  default_rootfs:
  description: "Default preloaded rootfs to target for running Tasks and LRPs"
  -    default: "preloaded:cflinuxfs3"
  +    default: "preloaded:cflinuxfs4"
  grace_tarball_url:
  description: "URL for the grace test asset"
  ```
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.77.0...v2.78.0
  ## Resources
  - [Download release v2.78.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.78.0).
          
v2.77.0
  ## Changes
  - Adds support for W3C Trace ID logging across diego component requests
  - Timeouts in for executor's uploader have been increased to 500ms
  - Byte-based logging limits for LRPs and Tasks now emit only once per second
  -  LRPs can now have liveness and readiness check intervals defined when the LRP is created.
  - Dependency Bumps:
  - code.cloudfoundry.org/archiver a23cadd462ce
  - code.cloudfoundry.org/certsplitter a2c6caf14c29
  - code.cloudfoundry.org/cf-tcp-router ecebe81f2c0c
  - code.cloudfoundry.org/credhub-cli 439bdb2
  - code.cloudfoundry.org/debugserver 70a733dc508f
  - code.cloudfoundry.org/diego-logging-client 40495b68ac2e
  - code.cloudfoundry.org/durationjson 7a601daf48ee
  - code.cloudfoundry.org/eventhub 8efdeac72e14
  - code.cloudfoundry.org/garden 8444ff5a31d7
  - code.cloudfoundry.org/goshims v0.17.0
  - code.cloudfoundry.org/grootfs 79fecf24
  - code.cloudfoundry.org/guardian 98f55817772e
  - code.cloudfoundry.org/idmapper a410520
  - code.cloudfoundry.org/localip 2ea90d997658
  - github.com/aws/aws-sdk-go v1.44.269
  - github.com/awslabs/amazon-ecr-credential-helper/ecr-login 7f2db5bd753e
  - github.com/cloudfoundry/dropsonde v1.1.0
  - github.com/docker/docker v24.0.1+incompatible
  - github.com/envoyproxy/go-control-plane ba92d50b6596
  - github.com/nats-io/nats-server/v2 v2.9.17
  - github.com/nats-io/nats.go v1.26.0
  - github.com/onsi/ginkgo/v2 v2.9.5
  - github.com/onsi/gomega v1.27.7
  - github.com/tedsuo/ifrit 7862c310ad26
  - golang.org/x/sys v0.8.0
  - google.golang.org/grpc v1.55.0
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.76.0...v2.77.0
  ## Resources
  - [Download release v2.77.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.77.0).
          
garden-runc 1.33.0
v1.33.0
  ## Changes
  - Bumped to golang 1.20.5
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.32.0...v1.33.0
  ## Resources
  - [Download release v1.33.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.33.0).
          
v1.32.0
  ## Changes
  - The grootfs package no longer ships with test asset tarballs (those are only used for unit tests and don't need to be installed as part of the package).
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.31.0...v1.32.0
  ## Resources
  - [Download release v1.32.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.32.0).
          
v1.31.0
  ## Changes
  - Garden now ships with Busybox 1.36.1 as the default filesystem
  - Dependency Bumps
  - healthchecker boshrelease  v0.8.0
  - github.com/onsi/gomega v1.27.7
  - go.opentelemetry.io/otel v1.15.1
  - github.com/burntsushi/toml v1.3.0
  - github.com/docker/docker v24.0.2+incompatible
  - github.com/urfave/cli/v2 v2.25.5
  - github.com/cloudfoundry/dropsonde v1.1.0
  - github.com/sirupsen/logrus v1.9.2
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/garden/spec b/jobs/garden/spec
  index c69f4080..259bba46 100644
  --- a/jobs/garden/spec
  +++ b/jobs/garden/spec
  @@ -89,7 +89,7 @@ properties:
  garden.default_container_rootfs:
  description: "path to the rootfs to use when a container specifies no rootfs"
  -    default: /var/vcap/packages/busybox/busybox-1.35.0.tar
  +    default: /var/vcap/packages/busybox/busybox-1.36.1.tar
  garden.graph_cleanup_threshold_in_mb:
  description: "DEPRECATED in favour of grootfs.reserved_space_for_other_jobs_in_mb."
  ```
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.30.0...v1.31.0
  ## Resources
  - [Download release v1.31.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.31.0).
          
haproxy 11.17.4
loggregator-agent 6.5.11
v6.5.11
  ## What's Changed
  * bump dependencies
  * bump to golang 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.10...v6.5.11
          
mapfs 1.2.24
v1.2.24
  ## Dependencies
  * **ginkgo:** Updated to v2.9.7.
For more information, see [ginkgo](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`1bc5ebc`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.9
nfs-volume 7.1.20
routing 0.271.0
v0.271.0
  ## Changes
  - Bumped to golang 1.20.5
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.270.0...v0.271.0
  ## Resources
  - [Download release v0.271.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.271.0).
          
silk 3.28.0
v3.28.0
  ## Changes
  - Bumped to golang 1.20.5
  ## ✨  Built with go 1.20.5
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.27.0...v3.28.0
  ## Resources
  - [Download release v3.28.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.28.0).
          
smb-volume 3.1.19
v3.1.19
  ## Changes
  * Fix possible log cred leak (#442) (#124)
  ## Dependencies
  * **smbbroker:** Updated to v`73b69db`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`1267799`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.18
  ## Dependencies
  * **smbbroker:** Updated to v`01e4eb6`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker).
smoke-tests 4.8.2
syslog 11.8.9

2.13.19

Release Date: 06/02/2023

Caution This release is susceptible to a known issue around multiple "HTTP 100 Continue" responses. For information about this issue, see Multiple HTTP Expect: 100-continue responses sent from gorouter to client may cause unexpected failures in the VMware Tanzu Support Hub. To address this issue, VMware advises upgrading to Tanzu Application Service v2.13.24 and Isolation Segment Tile v2.13.21 instead.

  • [Bug Fix] Operators can disable gorouter request timeouts (i.e. for streaming applications) by configuring them to 0
  • [Bug Fix/Improvement] “Back end request timeout for the Gorouter” property no longer affects idle timeout of long lived requests. Idle timeouts now configurable by “Front end idle timeout for the Gorouter” property.
  • Bump cf-networking to version 3.27.0
  • Bump cflinuxfs3 to version 0.367.0
  • Bump garden-runc to version 1.30.0
  • Bump mapfs to version 1.2.23
  • Bump nfs-volume to version 7.1.18
  • Bump routing to version 0.270.0
  • Bump silk to version 3.27.0
  • Bump smb-volume to version 3.1.17
Component Version Release Notes
ubuntu-xenial stemcell 621.543
bpm 1.2.0
cf-networking 3.27.0
v3.27.0
  ## Changes
  - Bumped vendored healthchecker-release to v0.8.0
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/v3.26.0...v3.27.0
  ## Resources
  - [Download release v3.27.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.27.0).
          
v3.26.0
  ## Changes
  - Dependency Updates:
  - code.cloudfoundry.org/bbs 08ff19fb906a
  - code.cloudfoundry.org/cf-networking-helpers ebb4c931f5d5
  - code.cloudfoundry.org/clock v1.1.0
  - code.cloudfoundry.org/debugserver c4fc5f67e21e
  - code.cloudfoundry.org/filelock 470838d066c5
  - code.cloudfoundry.org/garden 234178722499
  - code.cloudfoundry.org/locket 6cd5416498b6
  - github.com/containernetworking/cni v1.1.2
  - github.com/containernetworking/plugin v1.3.0
  - github.com/nats-io/go-nats v1.8.1
  - github.com/onsi/ginkgo/v2 2.9.5
  - github.com/onsi/gomega v1.27.7
  - golang.org/x/net v0.10.0
  - golang.org/x/sys v0.8.0
  - google.golang.org/grpc v1.55.0
  - github.com/st3v/glager v0.4.0
  - github.com/tedsuo/ifrit 7862c310ad26
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/3.25.1...v3.26.0
  ## Resources
  - [Download release v3.26.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.26.0).
          
cflinuxfs3 0.367.0
count-cores-indicator 2.0.0
diego 2.76.0
garden-runc 1.30.0
v1.30.0
  ## Changes
  - Bump dependencies:
  - github.com/onsi/ginkgo 2.9.5
  - golang.org/x/sys 0.8.0
  - Add support for including request trace IDs in garden/guardian
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.29.0...v1.30.0
  ## Resources
  - [Download release v1.30.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.30.0).
          
haproxy 11.17.4
loggregator-agent 6.5.10
mapfs 1.2.23
v1.2.23
  ## Dependencies
  * **gomega:** Updated to v1.27.7.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`7e641a0`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.9
nfs-volume 7.1.18
routing 0.270.0
v0.270.0
  ## Changes
  - CI now tests CATS + RATS against cflinuxfs4
  - 🐛Gorouter's `request_timeout_in_seconds` now only affects request timeout and is not used for idle timeout, which is set by `frontend_idle_timeout`
  - routing-utils now passes `go vet`
  - Dependency Bumps:
  - The vendored healthchecker boshrelease is now v0.8.0
  - go.step.sm/crypto v0.31.0
  -
  - Go dependency bumps for the routing-utils package:
  -  code.cloudfoundry.org/tlsconfig 8f91c367795b
  - github.com/nats-io/nats.go v1.26.0
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/gorouter/spec b/jobs/gorouter/spec
  index 4fa13ae3..0f61e044 100644
  --- a/jobs/gorouter/spec
  +++ b/jobs/gorouter/spec
  @@ -380,11 +380,9 @@ properties:
  default: 22
  request_timeout_in_seconds:
  description: |
  -      This configures a "request timeout" and a "backend idle timeout".
  +      This configures an entire request timeout.
  Requests from router to backend endpoints that are longer than this duration will be canceled and logged as
  -      `backend-request-timeout` errors. In addition, TCP connections between router and backend endpoints that
  -      are idle for longer than this duration will be closed. Related properties: `router.max_idle_connections`
  -      and `router.keep_alive_probe_interval`.
  +      `backend-request-timeout` errors. If set to 0 this timeout is disabled.
  default: 900
  endpoint_dial_timeout_in_seconds:
  description: |
  ```
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.269.0...v0.270.0
  ## Resources
  - [Download release v0.270.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.270.0).
          
v0.269.0
  ## Changes
  - Update sync-package-specs to install gosub
  - Remove `trace-logger` update in sync-submodule-config
  - Remove unused files
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.268.0...v0.269.0
  ## Resources
  - [Download release v0.269.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.269.0).
          
silk 3.27.0
v3.27.0
  ## Changes
  - Bumped vendored healthchecker release to v0.8.0
  - Updated silk, silk-cni, and cni-wrapper-plugin for compatibility with v1.0.0 of the CNI spec
  - Bumped github.com/containernetworking/cni to 1.1.2 and github.com/containernetworking/plugins to 1.3.0
  - Removed the `externalmods` code as it's no longer needed now that everything is on the latest CNI versions.
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/v3.26.0...v3.27.0
  ## Resources
  - [Download release v3.27.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.27.0).
          
v3.26.0
  ## Changes
  - Dependency Bumps:
  - code.cloudfoundry.org/cf-networking-helpers ebb4c931f5d5
  - code.cloudfoundry.org/debugserver c4fc5f67e21e
  - code.cloudfoundry.org/diego-logging-client efc368ee68d3
  - code.cloudfoundry.org/filelock 470838d066c5
  - code.cloudfoundry.org/garden234178722499
  - code.cloudfoundry.org/runtimeschema 5366865eed76
  - code.cloudfoundry.org/silk 886eb5a013ef
  - github.com/containernetworking/cni v1.1.2
  - github.com/onsi/ginkgo/v2 v2.9.5
  - github.com/onsi/gomega v1.27.7
  - github.com/tedsuo/ifrit 7862c310ad26
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/3.25.1...v3.26.0
  ## Resources
  - [Download release v3.26.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.26.0).
          
smb-volume 3.1.17
v3.1.17
  ## Dependencies
  * **smbbroker:** Updated to v`de6049f`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`fc409f6`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.2
syslog 11.8.9

2.13.18

Release Date: 05/25/2023

Caution This release is susceptible to a known issue around multiple "HTTP 100 Continue" responses. For information about this issue, see Multiple HTTP Expect: 100-continue responses sent from gorouter to client may cause unexpected failures in the VMware Tanzu Support Hub. To address this issue, VMware advises upgrading to Tanzu Application Service v2.13.24 and Isolation Segment Tile v2.13.21 instead.

  • Bump cflinuxfs3 to version 0.366.0
  • Bump mapfs to version 1.2.22
  • Bump nfs-volume to version 7.1.16
  • Bump routing to version 0.268.0
  • Bump silk to version 3.25.1
  • Bump smb-volume to version 3.1.16
Component Version Release Notes
ubuntu-xenial stemcell 621.508
bpm 1.2.0
cf-networking 3.25.1
cflinuxfs3 0.366.0
count-cores-indicator 2.0.0
diego 2.76.0
garden-runc 1.29.0
haproxy 11.17.4
loggregator-agent 6.5.10
mapfs 1.2.22
v1.2.22
  ## Dependencies
  * **v2:** Updated to v2.9.5.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`83b48da`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.21
  ## Dependencies
  * **ginkgo v2:** Updated ginkgo to v2.9.4.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`4a99f4a`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.9
nfs-volume 7.1.16
routing 0.268.0
v0.268.0
  ## Changes
  - Adds support for `route_registrar` to advertise HTTP2 based routes to gorouter. If not specified on a route, http1 is used by default. Thanks @peanball @plowin and @b1tamara!!
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
  index 595f2075..bf3d9a03 100644
  --- a/jobs/route_registrar/spec
  +++ b/jobs/route_registrar/spec
  @@ -101,6 +101,7 @@ properties:
  tls_port (required, integer, for http routes): Either `port` or `tls_port` are required; if both are provided, Gorouter will prefer tls_port.
  Requests for associated URIs will be forwarded over TLS by the router to this port.
  The IP is determined automatically from the host on which route-registrar is run.
  +        protocol (optional, string): 'http1' or 'http2'. If not provided, Gorouter uses 'http1' as default.
  route_service_url (optional, string, for http routes): When valid route service URL is provided, Gorouter will proxy requests received for the uris above to the specified route service URL.
  server_cert_domain_san (conditional, string, for http routes): Required if tls_port is present.
  Gorouter will validate that the TLS certificate presented by the destination host contains this as a Subject Alternative Name (SAN).
  ```
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.267.0...v0.268.0
  ## Resources
  - [Download release v0.268.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.268.0).
          
v0.267.0
  ## Changes
  - The veresion of HAProxy used in tcp-router was bumped from 2.7.6 to 2.7.8.
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.266.0...v0.267.0
  ## Resources
  - [Download release v0.267.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.267.0).
          
silk 3.25.1
3.25.1
  ## Changes
  - Fixes compilation errors for `silk-datastore-syncer`
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/3.24.0...v3.25.1
  ## Resources
  - [Download release v3.25.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.25.1).
          
3.24.0
  ## Changes
  - ⚠️ The new `silk-data-syncer` job is missing some files that cause compilation to fail. This is not a problem if you are deploying without that job. If you need the job, please upgrade to 3.25.1.
  - Add new `silk-datastore-syncer` job to sync app log metadata from garden to silk datastore
  - Bump to Go 1.20.4
  - Bump to Silk 20230501162532-6ab8d30026c6
  - Bump dependencies such that Ginkgo V2 and Lager V3 are used
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/silk-datastore-syncer/spec b/jobs/silk-datastore-syncer/spec
  new file mode 100644
  index 0000000..9aa1813
  --- /dev/null
  +++ b/jobs/silk-datastore-syncer/spec
  @@ -0,0 +1,26 @@
  +---
  +name: silk-datastore-syncer
  +
  +templates:
  +  bpm.yml.erb: config/bpm.yml
  +  start.erb: bin/start
  +
  +packages:
  +  - silk-datastore-syncer
  +
  +properties:
  +  disable:
  +    description: "Disable this monit job. It will not run. Required for backwards compatability."
  +    default: false
  +  sync_interval_in_seconds:
  +    description: "Interval to check garden for new metadata."
  +    default: 30
  +  garden.address:
  +    description: "Garden server listening address."
  +    default: /var/vcap/data/garden/garden.sock
  +  garden.network:
  +    description: "Network type for the garden server connection (tcp or unix)."
  +    default: unix
  +  log_level:
  +    description: "Logging level (debug, info, warn, error)."
  +    default: info
  ```
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/silk-release/compare/3.23.0...v3.24.0
  ## Resources
  - [Download release v3.24.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/silk-release?version=3.24.0).
          
smb-volume 3.1.16
v3.1.16
  ## Dependencies
  * **smbbroker:** Updated to v`e30a49e`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`a10f57f`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.15
  ## Changes
  * +Golang: Updated to v1.20.4 (#144)
  * Use default CF stack when pushing smbbroker (#149)
  ## Dependencies
  * **smbbroker:** Updated to v`a586257`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`17ef13d`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.2
syslog 11.8.9

2.13.17

Release Date: 05/15/2023

Caution This release is susceptible to a known issue around multiple "HTTP 100 Continue" responses. For information about this issue, see Multiple HTTP Expect: 100-continue responses sent from gorouter to client may cause unexpected failures in the VMware Tanzu Support Hub. To address this issue, VMware advises upgrading to Tanzu Application Service v2.13.24 and Isolation Segment Tile v2.13.21 instead.

  • [Security Fix] Resolve issue in gorouter where canceled requests can result in apps becoming unavailable (CVE-2023-20882)
  • [Bug Fix] Fixes an issue in gorouter where requests that should have returned 496, 499, 503, 525, or 526 HTTP status codes may instead have returned as 502s, potentially preventing stale route pruning.
  • [Bug Fix] Resolve Issue where Garden failed during BOSH/OpsMan deploys due to healthcheck
  • Bump bpm to version 1.2.0
  • Bump cf-networking to version 3.25.1
  • Bump cflinuxfs3 to version 0.364.0
  • Bump count-cores-indicator to version 2.0.0
  • Bump diego to version 2.76.0
  • Bump garden-runc to version 1.29.0
  • Bump loggregator-agent to version 6.5.10
  • Bump mapfs to version 1.2.20
  • Bump metrics-discovery to version 3.2.9
  • Bump nfs-volume to version 7.1.14
  • Bump routing to version 0.266.0
  • Bump smb-volume to version 3.1.14
  • Bump syslog to version 11.8.9
Component Version Release Notes
ubuntu-xenial stemcell 621.508
bpm 1.2.0
cf-networking 3.25.1
3.25.1
  ## Changes
  - None!
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/3.24.0...v3.25.1
  ## Resources
  - [Download release v3.25.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.25.1).
          
3.24.0
  ## Changes
  - Bump to Go 1.20.4
  - Bump all dependencies such that only Ginkgo V2 and Lager V3 are used
  - Use [new docker images](https://github.com/cloudfoundry/cf-networking-release/commit/4b69f0a5690611dfa730a70e641f5c1f8145c66c) for local testing
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/cf-networking-release/compare/3.23.0...v3.24.0
  ## Resources
  - [Download release v3.24.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/cf-networking-release?version=3.24.0).
          
cflinuxfs3 0.364.0
count-cores-indicator 2.0.0
diego 2.76.0
v2.76.0
  ## Changes
  - Bump to Go 1.20.4
  - Bump dependencies
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/auctioneer/spec b/jobs/auctioneer/spec
  index ae685ceb9..1fac48936 100644
  --- a/jobs/auctioneer/spec
  +++ b/jobs/auctioneer/spec
  @@ -88,6 +88,12 @@ properties:
  diego.auctioneer.locket.api_location:
  description: "Hostname and port of the Locket server. When set, the auctioneer attempts to claim a lock from the Locket API."
  default: locket.service.cf.internal:8891
  +  diego.auctioneer.locket.client_keepalive_time:
  +    description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
  +    default: 10
  +  diego.auctioneer.locket.client_keepalive_timeout:
  +    description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
  +    default: 22
  locks.locket.enabled:
  description: When set, the auctioneer attempts to claim a lock from the Locket API.
  diff --git a/jobs/bbs/spec b/jobs/bbs/spec
  index b6f1040c2..9204a8d4c 100644
  --- a/jobs/bbs/spec
  +++ b/jobs/bbs/spec
  @@ -140,6 +140,12 @@ properties:
  diego.bbs.locket.api_location:
  description: "Hostname and port of the Locket server. When set, the BBS attempts to claim a lock from the Locket API and will detect Diego cells registered with the Locket API."
  default: locket.service.cf.internal:8891
  +  diego.bbs.locket.client_keepalive_time:
  +    description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
  +    default: 10
  +  diego.bbs.locket.client_keepalive_timeout:
  +    description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
  +    default: 22
  limits.open_files:
  description: Maximum number of files (including sockets) the BBS process may have open.
  diff --git a/jobs/rep/spec b/jobs/rep/spec
  index df7bd7c49..1383b67c0 100644
  --- a/jobs/rep/spec
  +++ b/jobs/rep/spec
  @@ -217,6 +217,12 @@ properties:
  diego.rep.locket.api_location:
  description: "Hostname and port of the Locket server. When set, the cell rep will establish its cell registration in the Locket API."
  default: locket.service.cf.internal:8891
  +  diego.rep.locket.client_keepalive_time:
  +    description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
  +    default: 10
  +  diego.rep.locket.client_keepalive_timeout:
  +    description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
  +    default: 22
  enable_declarative_healthcheck:
  description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action. Requires Garden-Runc v1.10.0+"
  diff --git a/jobs/rep_windows/spec b/jobs/rep_windows/spec
  index 4fc4504bf..023d76f18 100644
  --- a/jobs/rep_windows/spec
  +++ b/jobs/rep_windows/spec
  @@ -227,7 +227,13 @@ properties:
  diego.rep.locket.api_location:
  description: "Hostname and port of the locket server"
  default: locket.service.cf.internal:8891
  -
  +  diego.rep.locket.client_keepalive_time:
  +    description: "Period in seconds after which the locket gRPC client sends keepalive ping requests to the locket server it is connected to."
  +    default: 10
  +  diego.rep.locket.client_keepalive_timeout:
  +    description: "Timeout in seconds to receive a response to the keepalive ping. If a response is not received within this time, the locket client will reconnect to another server."
  +    default: 22
  +
  enable_declarative_healthcheck:
  description: "When set, enables the rep to prefer the LRP CheckDefinition to healthcheck instances over the Monitor action."
  default: false
  diff --git a/jobs/vizzini/spec b/jobs/vizzini/spec
  index fa6c8d0d0..40b5eb74b 100644
  --- a/jobs/vizzini/spec
  +++ b/jobs/vizzini/spec
  @@ -47,9 +47,6 @@ properties:
  vizzini.verbose:
  description: Run tests in verbose mode
  default: false
  -  vizzini.stream:
  -    description: Stream output from parallel test nodes. This option will lead to less coherent output but is useful when debugging
  -    default: false
  enable_declarative_healthcheck:
  description: "When set, enables the declarative check tests in vizzini"
  ```
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.75.0...v2.76.0
  ## Resources
  - [Download release v2.76.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.76.0).
          
v2.75.0
  ## Changes
  * Bump ginkgo to v2 and lager to v3
  * [Bug fix] Rep does not clean up resources when deleting container fails
  ## ✨  Built with go 1.20.3
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.73.0...v2.75.0
  ## Resources
  - [Download release v2.75.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.75.0).
          
garden-runc 1.29.0
v1.29.0
  ## Changes
  ⚠️We have removed the garden-healthcheck job from garden while we investigate a way to make it less painful. From v1.22.6 through v1.28.0, garden restarts with a high container count could result in BOSH deploys failing due to a race condition between garden, bpm, monit, and garden-healthchecker. This will be re-enabled at a later time when we resolve the race condition.
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.28.0...v1.29.0
  ## Resources
  - [Download release v1.29.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.29.0).
          
v1.28.0
  ## Changes
  - Bump to golang 1.20.4
  - Bump dependencies
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/garden-runc-release/compare/v1.27.0...v1.28.0
  ## Resources
  - [Download release v1.28.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/garden-runc-release?version=1.28.0).
          
haproxy 11.17.4
loggregator-agent 6.5.10
v6.5.10
  ## What's Changed
  * Bump to [go1.20.4](https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU/m/QvrjqM4XAgAJ)
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.9...v6.5.10
          
mapfs 1.2.20
v1.2.20
  ## Changes
  * Golang: Updated to v1.20.4 (#77, #78)
  ## Dependencies
  * **ginkgo v2:** Updated to v2.9.3.
For more information, see [v2](https://github.com/onsi/ginkgo). * **mapfs:** Updated to v`25c1e86`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
v1.2.16
  ## Changes
  * Golang: Updated to v1.20.3 (#64, #65, #71)
  ## Dependencies
  * **gomega:** Updated to v1.27.6.
For more information, see [gomega](https://github.com/onsi/gomega). * **mapfs:** Updated to v`4c0a84d`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.9
v3.2.9
  ## What's Changed
  * Bump to [go1.20.4](https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU/m/QvrjqM4XAgAJ)
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.8...v3.2.9
          
nfs-volume 7.1.14
routing 0.266.0
v0.266.0
  ## Change
  - 🐛Fixes a bug that may cause routing failures to apps. Thanks @maxmoehl and @domdom82!!
  - Many go dependency updates across all routing packages. Thanks @winkingturtle-vmw!!
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.265.1...v0.266.0
  ## Resources
  - [Download release v0.266.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.266.0).
          
v0.265.1
  :warning::warning::warning:
  **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.**
  ## Changes
  - Bump healthchecker
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.265.0...v0.265.1
  ## Resources
  - [Download release v0.265.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.265.1).
          
v0.265.0
  :warning::warning::warning:
  **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.**
  ## Changes
  - Bump to Go 1.20.4
  ## ✨  Built with go 1.20.4
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.264.0...v0.265.0
  ## Resources
  - [Download release v0.265.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.265.0).
          
v0.264.0
  :warning::warning::warning:
  **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.**
  ## Changes
  - Addresses the issue in routing-release 0.263.0 where `bosh export-releases` would fail to compile the `acceptance-tests` package.
  ## ✨  Built with go 1.20.3
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.263.0...v0.264.0
  ## Resources
  - [Download release v0.264.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.264.0).
          
v0.263.0
  ⚠️⚠️⚠️
  **This version does not compile, it will be fixed with the next release**
  **There is a known issue with this release’s routing logic which may cause routing failures to apps. It is advised to use routing-release [0.266.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.266.0) or later instead of this release.**
  ## Changes
  - 🐛Fixed a bug present since v0.262.0 that caused CATs to intermittently fail on apps using `nc` as their server.
  - 🐛Bumped haproxy to 2.7.6 in cf-tcp-router, to resolve a bug preventing haproxy from properly transferring open connections to the new haproxy process when a reload occurred - [haproxy/#1883](https://github.com/haproxy/haproxy/issues/1883)
  ## ✨  Built with go 1.20.3
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.262.0...v0.263.0
  ## Resources
  - [Download release v0.263.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.263.0).
          
silk 3.23.0
smb-volume 3.1.14
v3.1.14
  ## Dependencies
  * **smbbroker:** Updated to v`6b6727c`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`9923294`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.13
  ## Dependencies
  * **smbbroker:** Updated to v`62b84b6`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`124f398`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.12
  ## Changes
  * Golang: Updated to v1.20.3 (#120, #128, #129)
  * Fix potential cred leak (#119)
  ## Dependencies
  * **smbbroker:** Updated to v`093c496`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`b7faa12`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.2
syslog 11.8.9
v11.8.9
  * Upgrade packaged Golang version to 1.20.4
  * Bump dependencies
          

2.13.16

Caution: This release is susceptible to CVE-2023-20882, which may cause routing failures to apps. To address this issue, VMware advises using Tanzu Application Service v2.13.20 and Isolation Segment Tile v2.13.17 instead.

Caution This release is susceptible to a known issue around multiple "HTTP 100 Continue" responses. For information about this issue, see Multiple HTTP Expect: 100-continue responses sent from gorouter to client may cause unexpected failures in the VMware Tanzu Support Hub. To address this issue, VMware advises upgrading to Tanzu Application Service v2.13.24 and Isolation Segment Tile v2.13.21 instead.

  • [Bug Fix] Fixed issues in route_registrar and tcp_router that led to unnecessary haproxy reloads
  • Bump bpm to version 1.1.23
  • Bump cflinuxfs3 to version 0.361.0
  • Bump diego to version 2.73.0
  • Bump garden-runc to version 1.27.0
  • Bump haproxy to version 11.17.4
  • Bump loggregator-agent to version 6.5.9
  • Bump metrics-discovery to version 3.2.8
  • Bump nfs-volume to version 7.1.10
  • Bump routing to version 0.262.0
  • Bump smb-volume to version 3.1.11
Component Version Release Notes
ubuntu-xenial stemcell 621.488
bpm 1.1.23
cf-networking 3.23.0
cflinuxfs3 0.361.0
diego 2.73.0
garden-runc 1.27.0
haproxy 11.17.4
loggregator-agent 6.5.9
v6.5.9
  * Upgrade to go 1.20.2
  * Bump dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.8...v6.5.9
          
mapfs 1.2.13
metrics-discovery 3.2.8
v3.2.8
  * Upgrade to go1.20.2.
  * Bump dependencies.
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.7...v3.2.8
          
nfs-volume 7.1.10
routing 0.262.0
v0.262.0
  ## Changes
  - 🐛Fixes the of golang has a known issue that causes backend request failures which previously returned 496, 499, 503, 525, or 526 to instead return a 502. Additionally stale routes may not have been pruned properly. Thanks @domdom82!!
  - 🚗Gorouter now retries requests which fail prior to any HTTP content being sent (since no backend received the HTTP content, they're by definition retriable). Thanks for the [PR](https://github.com/cloudfoundry/gorouter/pull/337). Thanks @maxmoehl and @domdom82!!
  ## ✨  Built with go 1.20.2
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.261.0...v0.262.0
  ## Resources
  - [Download release v0.262.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.262.0).
          
v0.261.0
  ⚠️⚠️⚠️
  **This version of golang has a known issue that may cause backend request failures that previously returned 496, 499, 503, 525, or 526 to instead return a 502. Additionally stale routes may not get pruned properly. This will be addressed in an upcoming release.**
  ## Changes
  - Bug fix: add healthcheck to routing-api for route-registrar
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/routing-api/spec b/jobs/routing-api/spec
  index 5717f88f..f6a2175d 100644
  --- a/jobs/routing-api/spec
  +++ b/jobs/routing-api/spec
  @@ -6,12 +6,15 @@ templates:
  uaa_ca.crt.erb: config/certs/uaa/ca.crt
  routing-api.yml.erb: config/routing-api.yml
  +  routing_api_health_check.erb: bin/routing_api_health_check
  locket_ca.crt.erb: config/certs/locket/ca.crt
  locket_client.crt.erb: config/certs/locket/client.crt
  locket_client.key.erb: config/certs/locket/client.key
  api_mtls_client_ca.crt.erb: config/certs/routing-api/client_ca.crt
  +  api_mtls_client.crt.erb: config/certs/routing-api/client.crt
  +  api_mtls_client.key.erb: config/certs/routing-api/client.key
  api_mtls_server.crt.erb: config/certs/routing-api/server.crt
  api_mtls_server.key.erb: config/certs/routing-api/server.key
  @@ -107,6 +110,13 @@ properties:
  routing_api.mtls_client_key:
  description: "Routing API client key (provided to clients by bosh link)"
  +  routing_api.health_check_timeout_per_retry:
  +    default: 2
  +    description: "Maximum health check timeout (in seconds) for each retry attempt in the Routing API's route registration health check"
  +  routing_api.health_check_total_timeout:
  +    default: 6
  +    description: "Maximum health check timeout (in seconds). Health checks will be retried until this time limit is reached. This should be less than or equal to your route_registrar.routes.api.health_check.timeout"
  +
  metron.port:
  description: "The port used to emit dropsonde messages to the Metron agent."
  default: 3457
  ```
  ## ✨  Built with go 1.20.2
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.260.0...v0.261.0
  ## Resources
  - [Download release v0.261.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.261.0).
          
v0.260.0
  ⚠️⚠️⚠️
  **This version of golang has a known issue that may cause backend request failures that previously returned 496, 499, 503, 525, or 526 to instead return a 502. Additionally stale routes may not get pruned properly. This will be addressed in an upcoming release.**
  ## Changes
  - Dependency updates (cf cli, healthchecker, golang)
  - Many CI Updates - Thanks @jrussett!
  - 🐛[#310]The routing_utils route loader now sets the route service url when loading. Thanks @domdom82 !
  - 🐛Two issues in route_registrar were fixed that led to routes expiring and then being re-registered with the same details:
  - Starting in v0.x.x, route_registrar no longer retried UAA connections when getting a token from UAA. Instead, the failure would cause route_registrar to restart, and reset it's emitter intervals.
  - The built in route expiry has been increased from RegistrationInterval + 2 seconds to 2.1 * RegistrationInterval. This prevent routes from expiring during the course of a route_registrar restart.
  - 🐛If tcp_router received routing events during its BulkSync cycle, it would always rewrite the haproxy configuration, and reload the haproxy process. This would occur regardless of whether the events required a new haproxy config. It now only updates the config + reloads haproxy if changes are necessary.
  ## ✨  Built with go 1.20.2
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.259.0...v0.260.0
  ## Resources
  - [Download release v0.260.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.260.0).
          
silk 3.23.0
smb-volume 3.1.11
v3.1.11
  ## Changes
  ## Dependencies
  * **smbbroker:** Updated to v`c5b6f5e`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`73a24c2`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.2
syslog 11.8.8

2.13.15

Release Date: 03/21/2023

ImportantThis version of TAS for VMs contains a known issue with Gorouter error handling for backend app requests. Failures that previously returned HTTP Status Codes of 496, 499, 503, 525, or 526 might instead return 502. Additionally, stale routes might fail to be pruned properly, which could cause apps to unexpectedly return HTTP Status Code 502.

Caution This release is susceptible to a known issue around multiple "HTTP 100 Continue" responses. For information about this issue, see Multiple HTTP Expect: 100-continue responses sent from gorouter to client may cause unexpected failures in the VMware Tanzu Support Hub. To address this issue, VMware advises upgrading to Tanzu Application Service v2.13.24 and Isolation Segment Tile v2.13.21 instead.

  • Bump cf-networking to version 3.23.0
  • Bump cflinuxfs3 to version 0.356.0
  • Bump diego to version 2.72.0
  • Bump garden-runc to version 1.25.0
  • Bump mapfs to version 1.2.13
  • Bump nfs-volume to version 7.1.9
  • Bump routing to version 0.259.0
  • Bump silk to version 3.23.0
  • Bump smb-volume to version 3.1.10
Component Version Release Notes
ubuntu-xenial stemcell 621.448
bpm 1.1.21
cf-networking 3.23.0
cflinuxfs3 0.356.0
diego 2.72.0
garden-runc 1.25.0
haproxy 11.17.2
loggregator-agent 6.5.8
mapfs 1.2.13
v1.2.13
  ## Changes
  * Golang: Updated to v1.19.4 (#32)
  * Golang: Updated to v1.19.5 (#37)
  * Golang: Updated to v1.19.5 (#44)
  * Golang: Updated to v1.20.1 (#48)
  ## Dependencies
  * **mapfs:** Updated to v`98da9f0`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.7
nfs-volume 7.1.9
routing 0.259.0
v0.259.0
  ## Changes
  - No changes from last version.
  - Fixing CI so that artifacts are generated correctly for github release.
  ## ✨  Built with go 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.258.0...v0.259.0
  ## Resources
  - [Download release v0.259.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.259.0).
          
v0.258.0
  ## Changes
  - Update healthchecker to [0.4.0](https://github.com/cloudfoundry/healthchecker-release/releases/tag/v0.4.0)
  - Increase startup delay default to 30 seconds [PR](https://github.com/cloudfoundry/healthchecker-release/pull/2)
  - Upgrade golang to 1.20.1
  ## Bosh Job Spec changes:
  ```diff
  diff --git a/jobs/acceptance_tests/spec b/jobs/acceptance_tests/spec
  index 65bf4c30..6a73b9ae 100644
  --- a/jobs/acceptance_tests/spec
  +++ b/jobs/acceptance_tests/spec
  @@ -7,7 +7,7 @@ templates:
  bpm.yml.erb: config/bpm.yml
  packages:
  - - golang-1.19-linux
  + - golang-1.20-linux
  - acceptance_tests
  - rtr
  - cf-cli-6-linux
  diff --git a/jobs/smoke_tests/spec b/jobs/smoke_tests/spec
  index b16357ed..0426dc99 100644
  --- a/jobs/smoke_tests/spec
  +++ b/jobs/smoke_tests/spec
  @@ -7,7 +7,7 @@ templates:
  bpm.yml.erb: config/bpm.yml
  packages:
  - - golang-1.19-linux
  + - golang-1.20-linux
  - acceptance_tests
  - cf-cli-6-linux
  ```
  ## ✨  Built with go 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.257.0...v0.258.0
  ## Resources
  - [Download release v0.258.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.258.0).
          
silk 3.23.0
smb-volume 3.1.10
v3.1.10
  ## Changes
  * Backfill property tests for force_noserverino (#103)
  ## Dependencies
  * **smbbroker:** Updated to v`17e471d`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`fcb9ca4`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.2
syslog 11.8.8

2.13.14

Release Date: 02/27/2023

  • Bump cf-networking to version 3.22.0
  • Bump cflinuxfs3 to version 0.352.0
  • Bump garden-runc to version 1.23.0
  • Bump haproxy to version 11.17.2
  • Bump loggregator-agent to version 6.5.8
  • Bump metrics-discovery to version 3.2.7
  • Bump routing to version 0.257.0
  • Bump silk to version 3.22.0
  • Bump smb-volume to version 3.1.9
  • Bump syslog to version 11.8.8
Component Version Release Notes
ubuntu-xenial stemcell 621.418
bpm 1.1.21
cf-networking 3.22.0
cflinuxfs3 0.352.0
diego 2.71.0
garden-runc 1.23.0
haproxy 11.17.2
loggregator-agent 6.5.8
v6.5.8
  ## What's Changed
  * update dependencies
  * Upgrade to go 1.20.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/224
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.7...v6.5.8
          
mapfs 1.2.12
metrics-discovery 3.2.7
v3.2.7
  * update golang to 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.6...v3.2.7###
          
v3.2.6
  ## What's Changed
  * Upgrade to go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/104
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.5...v3.2.6
          
v3.2.5
  ## What's Changed
  * Update dependencies
  * Expire individual metrics by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/103
  **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.4...v3.2.5
          
nfs-volume 7.1.8
routing 0.257.0
v0.257.0
  ## Changes
  - Bumped to build with golang 1.19.6
  ## ✨  Built with go 1.19.6
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.256.0...v0.257.0
  ## Resources
  - [Download release v0.257.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.257.0).
          
v0.256.0
  ## Changes
  - Update healthchecker in release to stable version
  ## ✨  Built with go 1.19.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.255.0...v0.256.0
  ## Resources
  - [Download release v0.256.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/routing-release?version=0.256.0).
          
silk 3.22.0
smb-volume 3.1.9
v3.1.9
  ## Changes
  * Add force_noserverino property in smbdriver job (#102)
  ## Dependencies
  * **bosh-template:** Updated to v2.4.0.
For more information, see [bosh-template](https://github.com/cloudfoundry/bosh). * **smbdriver:** Updated to v`adc77c7`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.8
  ## Dependencies
  * **smbdriver:** Updated to v`6cc617a`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
v3.1.7
  ## Changes
  * Golang: Updated to v1.19.4 (#76)
  ## Dependencies
  * **rspec:** Updated to v3.12.0.
For more information, see [rspec](https://github.com/rspec/rspec-metagem). * **smbbroker:** Updated to v`114bb05`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`f0b92e3`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.2
syslog 11.8.8
v11.8.8
  * update to golang 1.20.1
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.7...v11.8.8
          
v11.8.7
  ## What's Changed
  * use go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/syslog-release/pull/117
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.6...v11.8.7
          

v2.13.13

Release Date: 02/09/2023

  • [Bug Fix] Allows docker app workloads without a sh binary in the docker image to execute properly.
  • Bump haproxy to version 11.17.0
  • Bump loggregator-agent to version 6.5.7
  • Bump routing to version 0.255.0
Component Version Release Notes
ubuntu-xenial stemcell 621.401
bpm 1.1.21
cf-networking 3.19.0
cflinuxfs3 0.350.0
diego 2.71.0
garden-runc 1.22.9
haproxy 11.17.0
loggregator-agent 6.5.7
v6.5.7
  ## What's Changed
  * Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/202
  * Update dependencies
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.6...v6.5.7
          
mapfs 1.2.12
metrics-discovery 3.2.4
nfs-volume 7.1.8
routing 0.255.0
v0.255.0
  [Upgrade healthchecker in release](https://github.com/cloudfoundry/routing-release/commit/ddb43e9e746b009d0ea6e6cf8cf8e7eb059ffafc). In order to limit the scope of packages brought in with the introduction of http healthchecker, we migrated the healthchecker package out of cf-networking-helpers into its own release.
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.254.0...v0.255.0
  ✨ Built with go 1.19.5
          
silk 3.19.0
smb-volume 3.1.6
smoke-tests 4.8.2
syslog 11.8.6

v2.13.12

Release Date: 01/31/2023

  • Bump cf-networking to version 3.19.0
  • Bump cflinuxfs3 to version 0.350.0
  • Bump garden-runc to version 1.22.9
  • Bump routing to version 0.254.0
  • Bump silk to version 3.19.0
Component Version Release Notes
ubuntu-xenial stemcell 621.376
bpm 1.1.21
cf-networking 3.19.0
cflinuxfs3 0.350.0
diego 2.71.0
garden-runc 1.22.9
haproxy 11.16.1
loggregator-agent 6.5.6
mapfs 1.2.12
metrics-discovery 3.2.4
nfs-volume 7.1.8
routing 0.254.0
v0.254.0
  ✨ Built with go 1.19.5
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.253.0...v0.254.0
          
v0.253.0
  ## What's Changed
  * Specs to make maxRetries configurable for endpoints and route-services by @domdom82 in https://github.com/cloudfoundry/routing-release/pull/298
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.252.0...v0.253.0
          
silk 3.19.0
smb-volume 3.1.6
smoke-tests 4.8.2
syslog 11.8.6

v2.13.11

Release Date: 01/16/2023

  • [Feature Improvement] vxlan-policy-agent logs when asgs are updated
  • Bump cf-networking to version 3.17.0
  • Bump cflinuxfs3 to version 0.347.0
  • Bump diego to version 2.71.0
  • Bump garden-runc to version 1.22.7
  • Bump loggregator-agent to version 6.5.6
  • Bump routing to version 0.252.0
  • Bump silk to version 3.17.0
  • Bump smoke-tests to version 4.8.2
Component Version Release Notes
ubuntu-xenial stemcell 621.364
bpm 1.1.21
cf-networking 3.17.0
cflinuxfs3 0.347.0
diego 2.71.0
garden-runc 1.22.7
haproxy 11.16.1
loggregator-agent 6.5.6
v6.5.6
  ## What's Changed
  * fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174
  * updated some dependencies.
  **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6
          
mapfs 1.2.12
metrics-discovery 3.2.4
nfs-volume 7.1.8
routing 0.252.0
v0.252.0
  ## What's Changed
  - Improve random source for least connection pool to be thread safe. Thanks Daniel Lynch!
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.251.0...v0.252.0
          
silk 3.17.0
smb-volume 3.1.6
smoke-tests 4.8.2
4.8.2
  Port assets/ruby_simple to Ruby 3
          
syslog 11.8.6

v2.13.10

Release Date: 12/15/2022

  • [Security Fix] Fix CVE-2022-31733: Unsecured Application Port
  • Bump bpm to version 1.1.21
  • Bump cf-networking to version 3.16.0
  • Bump cflinuxfs3 to version 0.345.0
  • Bump diego to version 2.70.0
  • Bump haproxy to version 11.16.1
  • Bump loggregator-agent to version 6.5.5
  • Bump metrics-discovery to version 3.2.4
  • Bump routing to version 0.251.0
  • Bump silk to version 3.16.0
  • Bump syslog to version 11.8.6
Component Version Release Notes
ubuntu-xenial stemcell 621.364
bpm 1.1.21
cf-networking 3.16.0
cflinuxfs3 0.345.0
diego 2.70.0
garden-runc 1.22.5
haproxy 11.16.1
loggregator-agent 6.5.5
v6.5.5
  - bump-golang to v0.114.0 for golang 1.19.4
  - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
  - Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src
  - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
  - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
  - Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src
  - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
          
mapfs 1.2.12
metrics-discovery 3.2.4
v3.2.4
  - bump-golang to v0.114.0 for golang 1.19.4
  - Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src
  - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src
  - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src
  - Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src
  - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src
  - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1
          
nfs-volume 7.1.8
routing 0.251.0
v0.251.0
  ## What's Changed
  - When the `router.ca_certs` property switched from a multi-line string of certs, to an array of certs, gorouter started failing to start up if any of the certs provided were invalid. Previously they were ignored. This has been reverted, so that any invalid CA certs are ignored during startup. Thanks @ameowlia!
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.250.0...v0.251.0
          
v0.250.0
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.249.0...v0.250.0
  ## ✨  Built with go 1.19.4
          
v0.249.0
  ## What's Changed
  * Switch to healthecker package in cf-networking-helpers by @mariash in https://github.com/cloudfoundry/routing-release/pull/302
  * Add healthchecker package to sync-package-specs file by @mariash in https://github.com/cloudfoundry/routing-release/pull/303
  * **Potential Breaking Change:** In preperation for mtls between gorouter and routing api, add gorouter backends ca to routing-api. Rendering these certs depends on routing-api consuming a link from gorouter. If you have multiple gorouter instance groups (for example in the case of isolation segments), you will need to rename bosh links to prevent the error "Multiple link providers found. For an example of link renaming, see [this ops file](https://github.com/cloudfoundry/cf-deployment/blob/main/operations/add-persistent-isolation-segment-router.yml#L74) by @reneighbor in https://github.com/cloudfoundry/routing-release/pull/300
  * Ensure gorouter-healthchecker doesn't restart gorouter forever on failure by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/305
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.248.0...v0.249.0
          
v0.248.0
  ## What's Changed
  * Handle nil ca cert in ca_certs property list
          
v0.247.0
  ## What's Changed
  * gorouter template cleans `router.ca_certs` property to remove empty certificates
          
v0.246.0
  ## What's Changed
  * Update `router.ca_certs` property to accept and array of certificates instead of a string block. Thanks @peanball!
          
v0.245.0
  ## What's Changed
  * Gorouter's pre-start script now reserves ports used by other CF components when it increases the number of ephemeral ports available via `/proc/sys/net/ipv4/ip_local_reserved_ports`. This resolves issues when components fail to start up during deploys/monit restarts due to accidental port collisions with outbound traffic from the VM. Thanks @ameowlia !
  * Routing-release no longer makes use of the deprecated uaa-go-client, and uses go-uaa instead
  * The `routing_utils/nats_client` helper utility now supports saving + loading gorouter's routing tables! Thanks @domdom82 !
  * Fixed a memory leak with `gorouter` that resulted in HTTP request objects being held open if a client canceled the connection before the App responded.  Thanks @geofffranks !
  * **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.244.0...v0.245.0
  ## ✨  Built with go 1.19.3
          
silk 3.16.0
smb-volume 3.1.6
smoke-tests 4.8.1
syslog 11.8.6
v11.8.6
  Update golang to 1.19.4
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.5...v11.8.6
          

v2.13.9

Release Date: 12/01/2022

  • Bump nfs-volume to version 7.1.8
  • Bump syslog to version 11.8.5
Component Version Release Notes
ubuntu-xenial stemcell 621.305
bpm 1.1.19
cf-networking 3.12.0
cflinuxfs3 0.332.0
diego 2.69.0
garden-runc 1.22.5
haproxy 11.16.0
loggregator-agent 6.5.4
mapfs 1.2.12
metrics-discovery 3.2.3
nfs-volume 7.1.8
routing 0.244.0
silk 3.12.0
smb-volume 3.1.6
smoke-tests 4.8.1
syslog 11.8.5
v11.8.5
  * update dependencies
  * update golang to 1.19.3
  **Full Changelog**: https://github.com/cloudfoundry/syslog-release/compare/v11.8.4...v11.8.5
          

v2.13.8

Release Date: 11/10/2022

  • [Feature] Add “Max request header size in kb” property to Networking tab to allow operators to specify a limit on the aggregate size of request headers. Requests over this limit receive a 431 status code.
  • Bump cflinuxfs3 to version 0.332.0
  • Bump diego to version 2.69.0
  • Bump garden-runc to version 1.22.5
  • Bump haproxy to version 11.16.0
  • Bump loggregator-agent to version 6.5.4
  • Bump mapfs to version 1.2.12
  • Bump metrics-discovery to version 3.2.3
  • Bump routing to version 0.244.0
  • Bump smb-volume to version 3.1.6
  • Bump smoke-tests to version 4.8.1
  • Bump syslog to version 11.8.4
Component Version Release Notes
ubuntu-xenial stemcell 621.305
bpm 1.1.19
cf-networking 3.12.0
cflinuxfs3 0.332.0
diego 2.69.0
v2.69.0
  ## Changes
  - Bump Golang to go1.19.2 @cf-diego (#642)
  ### ✨ Built with go 1.19.2
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.68.0...v2.69.0
  ## Resources
  - [Download release v2.69.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.69.0).
  - Verified with [cloudfoundry/cf-deployment @ `6ec2aca405f23a2eb32ec4108d3385edcfdb9b22`](https://github.com/cloudfoundry/cf-deployment/commit/6ec2aca405f23a2eb32ec4108d3385edcfdb9b22).
          
v2.68.0
  ## Changes
  * Bump to go 1.19.1! Thanks @mariash!
  * Add buildvcs=false to all windows package compilation. Thanks @geofffranks!
  ### ✨ Built with go 1.19.1
  **Full Changelog**: https://github.com/cloudfoundry/diego-release/compare/v2.67.0...v2.68.0
          
v2.67.0
  ## Changes
  - `cacheddownloader` now has a backoff algorithm when retrying failed downloads. This was provided as a way to work around thundering herds of cells downloading and overwhelming rate-limited blobstores. Thanks for the PR @prycey77!
  - Bump natsclient + route-emitter dependencies
  ## ✨ Built with go 1.18.5
  ## Resources
  - [Download release v2.67.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.67.0).
  - Verified with [cloudfoundry/cf-deployment @ `e639b051fdd968f5931f1c14e80cb7d4cbc32ea6`](https://github.com/cloudfoundry/cf-deployment/commit/e639b051fdd968f5931f1c14e80cb7d4cbc32ea6).
          
v2.66.4
  This release was created by mistake via CI. See v2.67.0 instead
          
garden-runc 1.22.5
haproxy 11.16.0
loggregator-agent 6.5.4
mapfs 1.2.12
v1.2.12
  ## Changes
  * Replace `go get` with `go install` (#23)
  * Update vendored package golang-1-linux (#26)
  * Update vendored package golang-1-linux (#27)
  ## Dependencies
  * **mapfs:** Updated to v`27f8711`.
For more information, see [mapfs](https://github.com/cloudfoundry/mapfs).
metrics-discovery 3.2.3
nfs-volume 7.1.3
routing 0.244.0
v0.244.0
  ## What's Changed
  * Emit access logs for 431 responses to Loggegator [gorouter PR #331](https://github.com/cloudfoundry/gorouter/pull/331). Thanks @dsabeti !
  * Always suspend pruning when nats is down https://github.com/cloudfoundry/routing-release/pull/287. Thanks @ameowlia !
  * **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.243.0...v0.244.0
  ## ✨  Built with go 1.19.2
          
v0.243.0
  🎉 Bumped to go1.19.2
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.242.0...v0.243.0
          
v0.242.0
  ## What's Changed
  -  `tcp_router` is now more verbose when running `haproxy_reloader` to assist in diagnosting failed reloads. Thanks @geofffranks! 🎉 ([PR 9](https://github.com/cloudfoundry/cf-tcp-router/pull/9))
  - `gorouter` will now truncate access logs that exceed loggregator + UDP packet limits, so that we no longer drop access log messages sent to the firehose. Thanks @ameowlia @ebroberson! 😻 ([PR 328](https://github.com/cloudfoundry/gorouter/pull/328) and [PR 329](https://github.com/cloudfoundry/gorouter/pull/329))
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.241.0...v0.242.0
  ## ✨  Built with go 1.18
  * despite what the docs/go.version says
  * because the go 1.18 package is present
          
v0.241.0
  🎉 ~~Bumped to go1.19.1~~
  * Still using go 1.18
  * despite what the docs/go.version says
  * because the go 1.18 package is present
  * @plowin submitted [gorouter PR 327](https://github.com/cloudfoundry/gorouter/pull/327) to adjust endpoint-not-unregistered log-level to 'info'
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.240.0...v0.241.0
          
v0.240.0
  ## What's Changed
  * @geofffranks and @ameowlia added property `router.max_header_bytes` to the gorouter job.
  * This value controls the maximum number of bytes the gorouter will read parsing the request header's keys and values, including the request line.
  * It does not limit the size of the request body.
  * An additional padding of 4096 bytes is added to this value by go.
  * Requests with larger headers will result in a 431 status code.
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.239.0...v0.240.0
  ## Manifest Property Changes
  | Job | Property | 0.237.0 | 0.238.0 |
  | --- | --- | --- | --- |
  | `gorouter` | `router.max_header_bytes` | didn't exist | 1048576 (1MB) |
  ## ✨  Built with go 1.18.6
          
silk 3.12.0
smb-volume 3.1.6
v3.1.6
  ## Changes
  * Update vendored package golang-1-linux (#67)
  * Update vendored package golang-1-linux (#70)
  ## Dependencies
  * **bosh-template:** Updated to v2.3.0.
For more information, see [bosh-template](https://github.com/cloudfoundry/bosh). * **smbbroker:** Updated to v`89a0251`.
For more information, see [smbbroker](https://github.com/cloudfoundry/smbbroker). * **smbdriver:** Updated to v`68ff9d8`.
For more information, see [smbdriver](https://github.com/cloudfoundry/smbdriver).
smoke-tests 4.8.1
4.8.1
  Create bosh final release 4.8.1
          
4.8.0
  Create bosh final release 4.8.0
          
syslog 11.8.4

v2.13.7

Release Date: 10/20/2022

  • [Breaking Change] A change in behavior to line-based log rate limits has been made. Previously, logs were buffered and released at the allowed rate, now logs exceeding the limit will be dropped.
  • Bump diego to version 2.66.3
  • Bump mapfs to version 1.2.11
  • Bump nfs-volume to version 7.1.3
  • Bump routing to version 0.239.0
  • Bump smb-volume to version 3.1.5
  • Bump smoke-tests to version 4.7.0
Component Version Release Notes
ubuntu-xenial stemcell 621.265
bpm 1.1.19
cf-networking 3.12.0
cflinuxfs3 0.319.0
diego 2.66.3
v2.66.3
  ## Changes
  - Bump x/crypto
  - Update garden, guardian, idmapper, and grootfs submodules
  ## ✨ Built with go 1.18.5
  ## Resources
  - [Download release v2.66.3 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.66.3).
  - Verified with [cloudfoundry/cf-deployment @ `47f3c89570b73e415af5ccf3f0a93dd293d7ac24`](https://github.com/cloudfoundry/cf-deployment/commit/47f3c89570b73e415af5ccf3f0a93dd293d7ac24).
          
v2.66.2
  ## Changes
  * Cancel other download of other dependencies when one of them fails
  ## ✨  Built with go 1.18.5
          
v2.66.1
  ## Bugfixes
  * Fixes an issue with log rate limiting and stack traces with empty lines
  ## ✨  Built with go 1.18.5
  ## Resources
  - [Download release v2.66.1 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.66.1).
  - Verified with [cloudfoundry/cf-deployment @ `47f3c89570b73e415af5ccf3f0a93dd293d7ac24`](https://github.com/cloudfoundry/cf-deployment/commit/47f3c89570b73e415af5ccf3f0a93dd293d7ac24).
          
v2.66.0
  ## Changes
  * Adds support for a new byte-based log rate limiting mechanism with per-LRP limits.
  * Behavior of existing line-based log rate limiting has also changed to drop log messages immediately rather than releasing them from a buffer with a delay. Therefore timestamps of the logs will now match when they were output.
  ## ✨  Built with go 1.18.5
  ## Resources
  - [Download release v2.66.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.66.0).
  - Verified with [cloudfoundry/cf-deployment @ `47f3c89570b73e415af5ccf3f0a93dd293d7ac24`](https://github.com/cloudfoundry/cf-deployment/commit/47f3c89570b73e415af5ccf3f0a93dd293d7ac24).
          
v2.65.0
  ## Changes
  - Replace GinkgoParallelNode with GinkgoParallelProcess @ebroberson (#630)
  - Bump Golang to go1.18.4 @cf-diego (#625)
  **Breaking Changes**: The diego components are now more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. These components have been updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases.
  ## Resources
  - [Download release v2.65.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.65.0).
  - Verified with [cloudfoundry/cf-deployment @ `3b04e79bd33220a117c4543b1c8074bc13bf7c24`](https://github.com/cloudfoundry/cf-deployment/commit/3b04e79bd33220a117c4543b1c8074bc13bf7c24).
  ## ✨  Built with go 1.18.4
          
v2.64.0
  ## Changes
  - Bump Golang to go1.18.linux-amd64 (#622)
  ## Resources
  - [Download release v2.64.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.64.0).
  - Verified with [cloudfoundry/cf-deployment @ `6e06b9d09aab84101ba9f5ca5aa4e8b6344cc5c7`](https://github.com/cloudfoundry/cf-deployment/commit/6e06b9d09aab84101ba9f5ca5aa4e8b6344cc5c7).
          
v2.63.0
  ## Changes
  - Pass log config in container spec to garden, so that vxlan-policy-agent can send app logs
  ## Resources
  - [Download release v2.63.0 from bosh.io](https://bosh.io/releases/github.com/cloudfoundry/diego-release?version=2.63.0).
  - Verified with [cloudfoundry/cf-deployment @ `d816bd14c9ca957f020381643f362d062ef60550`](https://github.com/cloudfoundry/cf-deployment/commit/d816bd14c9ca957f020381643f362d062ef60550).
          
garden-runc 1.22.0
haproxy 11.13.0
loggregator-agent 6.4.4
mapfs 1.2.11
v1.2.11
  ## Changes
  * Update vendored package golang-1-linux (#21)
          
v1.2.8
  ## What's Changed
  * Bump src/mapfs to `0ee84aa` #18
          
v1.2.7
  - [Bumps mapfs submodule to master@1600494](https://github.com/cloudfoundry/mapfs/commit/160049400a47577b0f3a8b2948974bc38ce76f18)
  - [Bump golang from 1.13 to 1.17](https://github.com/cloudfoundry/mapfs-release/commit/c287adda5cbdf345ff1b4985ae93cb72f1618f95)
          
metrics-discovery 3.1.2
nfs-volume 7.1.3
routing 0.239.0
v0.239.0
  ## What's Changed
  - Bumped Golang to 1.18.6 to mitigate [CVE-2022-27664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664)
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.238.0...v0.239.0
  ## ✨  Built with go 1.18.6
          
v0.238.0
  ## What's Changed
  - Gorouter once again supports hairpinning for route-service requests, for more information, see [the proposed update.](https://github.com/cloudfoundry/routing-release/issues/281) `router.route_services_internal_lookup_allowlist` can be used to control which domains of route services can be hairpinned. Thanks @peanball!!
  - Gorouter has a new websocket-specific dial timeout (`websocket_dial_timeout`), configurable separately from the default endpoint dial timeout. Thanks @peanball  for this one too!!
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.237.0...v0.238.0
  ## Manifest Property Changes
  | Job | Property | 0.237.0 | 0.238.0 |
  | --- | --- | --- | --- |
  | `gorouter` | `websocket_dial_timeout_in_seconds` | didn't exist | Defaults to `endpoint_dial_timeout_in_seconds`'s value |
  | `gorouter` | `router.route_services_internal_lookup_allowlist` | didn't exist | No internal lookups allowed for route services. |
  ## ✨  Built with go 1.18.5
          
v0.237.0
  ## What's Changed
  - ⚠️ Bump to golang 1.18 🎉
  **Breaking Changes:** The routing components are now more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. These components have been updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases.
  Please see this golang 1.18 release notes [section](https://tip.golang.org/doc/go1.18#tls10) for more information about the golang 1.18 change.
  ###
  * Update uaa-go-client; by @joergdw in https://github.com/cloudfoundry/routing-release/pull/277
  * updated spec files to match packages by @ebroberson in https://github.com/cloudfoundry/routing-release/pull/282
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/v0.236.0...v0.237.0
  ## New Contributors
  * @joergdw made their first contribution in https://github.com/cloudfoundry/routing-release/pull/277
  * @ebroberson made their first contribution in https://github.com/cloudfoundry/routing-release/pull/282
  ## ✨  Built with go 1.18.4
          
silk 3.12.0
smb-volume 3.1.5
v3.1.5
  ## Changes
  * Update vendored package golang-1-linux (#58)
          
v3.1.4
  ## Release Notes
  - Fix issue when multiple cf versions are included  (#55)
  ## Dependencies
  - The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM.
          
v3.1.3
  ## Release Notes
  - Added support for CF CLI v8 to errands (#45)
  - Fixed Jammy compilation issues (#53)
  ## Dependencies
  - Bump [src/code.cloudfoundry.org/smbbroker](https://github.com/cloudfoundry/smbbroker) (#41, #50)
  - Bump [src/code.cloudfoundry.org/smbdriver](https://github.com/cloudfoundry/smbdriver) (#47, #48, #51)
          
v3.1.2
  ## Release Notes
  - Support Bionic Stemcell #16
  - Add blobs for the `keyutils` package for both `bionic` and `jammy`.
  - We now install this package on any VM that runs the `smbdriver` bosh job iff that VM uses a `bionic` or `jammy` stemcell
  - This should allow the `smbdriver` to reliably mount SMB volumes on those stemcells, as discussed in #16
  ## Dependencies
  - The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM.
          
v3.1.1
  ## Release Notes
  * Bumps [bosh-template](https://github.com/cloudfoundry/bosh) from 2.2.0 to 2.2.1 (#22)
  * Bumps [rspec-its](https://github.com/rspec/rspec-its) from 1.2.0 to 1.3.0 (#23)
  * Bumps [rspec](https://github.com/rspec/rspec-metagem) to 3.11.0. (#37)
  * Bumps [src/code.cloudfoundry.org/smbdriver](https://github.com/cloudfoundry/smbdriver) to `1e97c5d` (#34)
  * Bumps [src/code.cloudfoundry.org/smbbroker](https://github.com/cloudfoundry/smbbroker) to `64ba567` (#36)
  * Bumps automake from 1.15 to 1.15.1 (#43 - fixes Bionic compilation)
  ## Dependencies
  - The `smbbrokerpush` and `bbr-smbbroker` errands require either the `cf-cli-7-linux` or `cf-cli-6-linux` job from [cf-cli-release](https://bosh.io/releases/github.com/bosh-packages/cf-cli-release?all=1) to be colocated on the errand VM.
          
smoke-tests 4.7.0
4.7.0
  Create bosh final release 4.7.0
          
syslog 11.8.2

v2.13.6

Release Date: 09/21/2022

  • [Feature] TAS for VMs v2.13 is a long-term support track (LTS-T) release. It is to be supported through March of
  • The version number is to receive a +LTS-T metadata addition in a future patch.
  • [Feature] Enables jumpgrade from TAS 2.11, attendant to LTS-T status.
  • [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
  • Bump bpm to version 1.1.19
  • Bump cf-networking to version 3.12.0
  • Bump cflinuxfs3 to version 0.319.0
  • Bump garden-runc to version 1.22.0
  • Bump haproxy to version 11.13.0
  • Bump loggregator-agent to version 6.4.4
  • Bump metrics-discovery to version 3.1.2
  • Bump silk to version 3.12.0
  • Bump syslog to version 11.8.2
Component Version
ubuntu-xenial stemcell 621.265
bpm 1.1.19
cf-networking 3.12.0
cflinuxfs3 0.319.0
diego 2.62.0
garden-runc 1.22.0
haproxy 11.13.0
loggregator-agent 6.4.4
mapfs 1.2.6
metrics-discovery 3.1.2
nfs-volume 7.1.1
routing 0.236.0
silk 3.12.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.8.2

v2.13.5

Release Date: 08/10/2022

  • Bump cf-networking to version 3.11.0
  • Bump cflinuxfs3 to version 0.312.0
  • Bump haproxy to version 11.12.0
  • Bump loggregator-agent to version 6.4.3
  • Bump metrics-discovery to version 3.1.1
  • Bump routing to version 0.236.0
  • Bump silk to version 3.11.0
  • Bump syslog to version 11.8.1
Component Version Release Notes
ubuntu-xenial stemcell 621.261
bpm 1.1.18
cf-networking 3.11.0
cflinuxfs3 0.312.0
diego 2.62.0
garden-runc 1.20.6
haproxy 11.12.0
loggregator-agent 6.4.3
mapfs 1.2.6
metrics-discovery 3.1.1
nfs-volume 7.1.1
routing 0.236.0
v0.236.0
  ## What's Changed
  * Gorouter restart script waits for the gorouter to be running before reloading monit
  ## ✨  Built with go 1.17.12
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.235.0...0.236.0
          
silk 3.11.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.8.1

v2.13.4

Release Date: 07/19/2022

  • [Feature] Enable telemetry for iptables rules on Diego cells
  • [Bug Fix] Resolves an issue with HAProxy log rotation creating null bytes and not freeing disk space after rotation
  • Bump cf-networking to version 3.9.0
  • Bump cflinuxfs3 to version 0.309.0
  • Bump diego to version 2.62.0
  • Bump haproxy to version 11.11.0
  • Bump loggregator-agent to version 6.4.2
  • Bump metrics-discovery to version 3.1.0
  • Bump routing to version 0.235.0
  • Bump silk to version 3.9.0
  • Bump syslog to version 11.8.0
Component Version Release Notes
ubuntu-xenial stemcell 621.252
bpm 1.1.18
cf-networking 3.9.0
cflinuxfs3 0.309.0
diego 2.62.0
garden-runc 1.20.6
haproxy 11.11.0
loggregator-agent 6.4.2
mapfs 1.2.6
metrics-discovery 3.1.0
nfs-volume 7.1.1
routing 0.235.0
0.235.0
  ## What's Changed
  * Gorouter healthchecker retries connection instead of monit (https://github.com/cloudfoundry/routing-release/pull/275)
  ## ✨  Built with go 1.17.11
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.234.0...0.235.0
          
0.234.0
  ## What's Changed
  * Gorouter: the metrics package now uses `lsof` to monitor file descriptors on MacOS @domdom82 https://github.com/cloudfoundry/gorouter/pull/312
  * 🐛 Bumped the `lager` dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable. Thanks @ameowlia!
  * Now tested with the bionic stemcell in CI
  ## ✨  Built with go 1.17.11
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.233.0...0.234.0
          
silk 3.9.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.8.0

v2.13.3

Release Date: 06/24/2022

Warning: Upcoming reduction in maintenance and security release coverage! In future patches, no sooner than July 1st 2022, some TAS components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components built using the Go programming language will no longer support TLS 1.0 or 1.1, or certificates using SHA-1. In order to avoid breaking changes in this version line, (which has reached its End of General Support,) these components will no longer be updated with bug and security fixes in any patches that may be released. To continue receiving maintenance and security releases, upgrade to a version of TAS that remains in general support.

  • Bump diego to version 2.62.0
Component Version
ubuntu-xenial stemcell 621.244
bpm 1.1.18
cf-networking 3.6.0
cflinuxfs3 0.301.0
diego 2.62.0
garden-runc 1.20.6
haproxy 11.10.2
loggregator-agent 6.4.1
mapfs 1.2.6
metrics-discovery 3.0.13
nfs-volume 7.1.1
routing 0.233.0
silk 3.6.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.7.10

v2.13.2

Release Date: 06/09/2022

Warning: Breaking change. This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn't bump to Go 1.18 until July 1, 2022. This TAS release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS release with Diego 2.64.0, then you are safe to continue using it.

  • [Bug Fix] Fix metric registrar secure scraping with isolation segments
  • [Bug Fix] Resolves an issue with Dynamic ASGs and ASG containing ‘ICMP any’ rules causing apps not to start
  • [Bug Fix] Sticky sessions no longer break when used with route-services that return HTTP 4xx/5xx responses
  • [Breaking Change] Syslog drains configured to use TLS now reject certificates signed with the SHA-1 hash function.
  • Bump bpm to version 1.1.18
  • Bump cf-networking to version 3.6.0
  • Bump cflinuxfs3 to version 0.301.0
  • Bump diego to version 2.64.0
  • Bump garden-runc to version 1.20.6
  • Bump haproxy to version 11.10.2
  • Bump loggregator-agent to version 6.4.1
  • Bump metrics-discovery to version 3.0.13
  • Bump routing to version 0.233.0
  • Bump silk to version 3.6.0
  • Bump syslog to version 11.7.10
Component Version Release Notes
ubuntu-xenial stemcell 621.244
bpm 1.1.18
cf-networking 3.6.0
cflinuxfs3 0.301.0
diego 2.64.0
garden-runc 1.20.6
haproxy 11.10.2
loggregator-agent 6.4.1
mapfs 1.2.6
metrics-discovery 3.0.13
nfs-volume 7.1.1
routing 0.233.0
0.233.0
  ## What's Changed
  * TCP Router: Add locking to the haproxy_reloader script to avoid haproxy reload/restart race conditions by @geofffranks in https://github.com/cloudfoundry/routing-release/pull/269
  * TCP Router: Bump HAProxy from 1.8.13 to 2.5.4 by @cunnie in https://github.com/cloudfoundry/routing-release/pull/266
  * Gorouter: fix proxy round tripper race condition by @ameowlia and @geofffranks  in https://github.com/cloudfoundry/gorouter/pull/318
  * Routing API: fix timestamp precision issue that caused routes to be pruned unexpectedly by @geofffranks in https://github.com/cloudfoundry/routing-api/pull/24
  *  Routing API: remove `golang.x509ignoreCN` bosh property by @geofffranks and @mariash
  * Routing API: fix bug that caused TCP Router's HAProxy to reload every minute by @jrussett in https://github.com/cloudfoundry/routing-api/pull/26.
  ## Manifest Property Changes
  | Job | Property  | Notes |
  | --- | --- | --- |
  | `routing-api` | `golang.x509ignoreCN` | This property exposed a go debug flag for go version 1.15. Since go 1.16 this go debug flag has had no affect. Removing this bosh property is part of our effort to keep our code base free of cruft. |
  ## ✨  Built with go 1.17.10
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.232.0...0.233.0
          
0.232.0
  ## What's Changed
  * Fixing issue #250: Return a 503 not a 404 when all instances down by @kecirlotfi in https://github.com/cloudfoundry/routing-release/pull/268 and https://github.com/cloudfoundry/gorouter/pull/314
  * Fixing issue https://github.com/cloudfoundry/gorouter/pull/315: Fix route service pruning by @geofffranks
  ## Manifest Property Changes
  | Job | Property | default | notes |
  | --- | --- | --- | --- |
  | `gorouter` | `for_backwards_compatibility_only.empty_pool_response_code_503` | `0s` | This property was added to enable https://github.com/cloudfoundry/routing-release/pull/268 |
  ## New Contributors 🎉
  * @kecirlotfi made their first contribution! Thanks so much!
  ## ✨  Built with go 1.17.9
  **Full Changelog**: https://github.com/cloudfoundry/routing-release/compare/0.231.0...0.232.0
          
silk 3.6.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.7.10

v2.13.1

Release Date: 04/20/2022

  • [Security Fix] This release fixes CVE-2022-23806 and CVE-2022-23772.
  • Bump cflinuxfs3 to version 0.285.0
  • Bump diego to version 2.62.0
  • Bump garden-runc to version 1.20.3
  • Bump haproxy to version 11.10.1
Component Version
ubuntu-xenial stemcell 621.224
bpm 1.1.16
cf-networking 3.3.0
cflinuxfs3 0.285.0
diego 2.62.0
garden-runc 1.20.3
haproxy 11.10.1
loggregator-agent 6.3.8
mapfs 1.2.6
metrics-discovery 3.0.8
nfs-volume 7.1.1
routing 0.231.0
silk 3.3.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.7.7

v2.13.0

Release Date: March 29, 2022

Component Version
ubuntu-xenial stemcell 621.211
bpm 1.1.16
cf-networking 3.3.0
cflinuxfs3 0.274.0
diego 2.58.1
garden-runc 1.20.0
haproxy 11.9.3
loggregator-agent 6.3.8
mapfs 1.2.6
metrics-discovery 3.0.8
nfs-volume 7.1.1
routing 0.231.0
silk 3.3.0
smb-volume 3.1.0
smoke-tests 4.5.0
syslog 11.7.7

How to Install

To install Isolation Segment v2.13, see Installing Isolation Segment.

To install Isolation Segment v2.13, you must first install Ops Manager v2.10. For more information, see the Ops Manager documentation.

New Features in Isolation Segment v2.13

Isolation Segment v2.13 includes the following major features:

Dynamic App Security Group Rules

TAS for VMs v2.13 introduces dynamic App Security Groups (ASGs).

ASGs are a collection of egress rules that specify the protocols, ports, and IP address ranges where app or task instances send traffic. Previously, updating an existing ASG required you to restart the app before the ASG went into effect.

Dynamic ASGs can automatically update security groups without requiring an app restart. If you have existing ASGs, you can run any of the security group cf CLI commands, including cf bind-security-group and update-security-group, and the changes apply automatically to any running apps.

For more information about ASGs, see App Security Groups.

Breaking Changes

Isolation Segment v2.13 includes the following breaking changes:

Gorouter Certificates Require a SAN Extension

In Isolation Segment v2.13, all Gorouter certificates require a valid subjectAltName (SAN) extension. If any Gorouter certificates lack a SAN, Go clients cannot connect to servers and deployment fails.

Before you upgrade to Isolation Segment v2.13, you must do the following:

  1. Verify that all certificates in Ops Manager use a valid SAN. If they do not, rotate your certificates using a valid SAN.

  2. Verify that all external systems that the Gorouter connects to have certificates with a valid SAN. If you use route services, this includes either the route services themselves or the load balancer in front of the route service.

If you need to complete a deployment before configuring new Gorouter certificates, activate the Enable temporary workaround for certs without SANs checkbox in the Networking pane of the TAS for VMs tile.

For more information about updating certificates, see Routing and Golang 1.15 X.509 CommonName deprecation in the Knowledge Base.

Golang v1.17 Rejects IP Addresses with Leading Zeros

Golang v1.17 contains stricter IP parsing standards, so IP addresses with leading zeros in any octets cause a BOSH template failure. Operators can remove the leading zeros and try deploying again. This affects properties that feed into all releases that use Golang v1.17. For a complete list, see TAS for VMs Components Use Golang v1.17 in VMware Tanzu Application Service for VMs v2.13 Release Notes.

Syslog drains and metric registrar endpoints that are registered using user-provided services might also be affected.

Known Issues

Isolation Segment v2.13 currently has no known issues.

check-circle-line exclamation-circle-line close-line
Scroll to top icon