pivotal cloud foundry documentationpcf security processes pivotal cloud foundry security overview...
TRANSCRIPT
-
PivotalCloudFoundry
Documentation
Version1.12
Published:19December2018
©2018PivotalSoftware,Inc.
-
21015161962758298100135141142144145147148149173188222223229231245281285288291292296300308323358361364365369372373391394405409446448450
TableofContents
TableofContentsPCFv1.12FeatureHighlightsPivotalCloudFoundryReleaseNotesPCFv1.12BreakingChangesPivotalElasticRuntimev1.12ReleaseNotesPCFOpsManagerv1.12ReleaseNotesPCFRuntimeforWindowsv1.12ReleaseNotesPCFIsolationSegmentv1.12ReleaseNotesStemcellReleaseNotesStemcell(Linux)ReleaseNotesStemcellv1200.x(Windows2012R2)ReleaseNotesInstallingPivotalCloudFoundryPreparingYourFirewallforDeployingPCFPCFIaaSUserRoleGuidelinesInstallingPivotalCloudFoundryonAWSGuidelinesforCreatingUserRolesonAWSInstallingPCFonAWSManuallyConfiguringAWSforPCFConfiguringOpsManagerDirectoronAWSDeployingElasticRuntimeonAWSInstallingPCFonAWSusingCloudFormationDeployingtheCloudFormationTemplateforPCFonAWSConfiguringDNSforPCFonAWSConfiguringOpsManagerDirectoronAWSUsingCloudFormationDeployingElasticRuntimeonAWSUsingCloudFormationDeletinganAWSInstallationfromtheConsoleCreatingaProxyELBforDiegoSSHInstallingPCFonAzureInstallingPCFonAzureManuallyPreparingtoDeployPCFonAzureLaunchinganOpsManagerDirectorInstancewithanARMTemplateDeployingBOSHandOpsManagertoAzureManuallyConfiguringOpsManagerDirectoronAzureDeployingElasticRuntimeonAzureDeployingPCFonAzureGovernmentCloudDeployingPCFinAzureGermanyDeletingaPCFonAzureInstallationUpgradingOpsManagerDirectoronAzureInstallingPCFonGCPRecommendedGCPQuotasPreparingtoDeployPCFonGCPLaunchinganOpsManagerDirectorInstanceonGCPConfiguringOpsManagerDirectoronGCPConfiguringaSharedVPConGCPDeployingElasticRuntimeonGCPDeletingaGCPInstallationfromtheConsoleTroubleshootingPCFonGCPUpgradingOpsManagerDirectoronGCP
©CopyrightPivotalSoftwareInc,2013-2018 2 1.12
-
454457468485520523527530545578580583585587589592606614623631632634636639641642643647653656659669682684687695697699720725729730734746753764766770773775
InstallingPivotalCloudFoundryonOpenStackProvisioningtheOpenStackInfrastructureConfiguringOpsManagerDirectoronOpenStackDeployingElasticRuntimeonOpenStackInstallingPivotalCloudFoundryonvSpherevSphereServiceAccountRequirementsDeployingBOSHandOpsManagertovSphereConfiguringOpsManagerDirectoronvSphereDeployingElasticRuntimeonvSphereProvisioningaVirtualDiskinvSphereUsingtheCiscoNexus1000vSwitchwithOpsManagerUsingOpsManagerResurrectoronVMwarevSphereConfiguringPivotalCloudFoundrySSLTerminationforvSphereDeploymentsUnderstandingAvailabilityZonesinVMwareInstallationsUpdatingNSXSecurityGroupandLoadBalancerInformationInstallingPCFIsolationSegmentGettingStartedwithSmallFootprintRuntimeUpgradingPivotalCloudFoundryUpgradeChecklistforPCFv1.12WhatHappensDuringPASUpgradesPASComponentBehaviorDuringUpgradeUpgradeConsiderationsforSelectingFileStorageinPivotalCloudFoundryPivotalWebServicesPerformanceDuringUpgradeUpgradingElasticRuntimeandOtherPivotalCloudFoundryProductscfpushAvailabilityDuringElasticRuntimeUpgradesReferenceArchitecturesReferenceArchitectureforPivotalCloudFoundryonAWSReferenceArchitectureforPivotalCloudFoundryonAzureReferenceArchitectureforPivotalCloudFoundryonGCPReferenceArchitectureforPivotalCloudFoundryonOpenStackReferenceArchitectureforPivotalCloudFoundryonvSphereUsingEdgeServicesGatewayonVMwareNSXHowtoUpgradevSpherewithoutPCFDowntimeHowtoMigratePCFtoaNewDatastoreinvSphereControlPlaneReferenceArchitecturesPCFDevOverviewMonitoringPivotalCloudFoundryKeyPerformanceIndicatorsKeyCapacityScalingIndicatorsConfiguringaMonitoringSystemBackingUpandRestoringPivotalCloudFoundryDisasterRecoveryinPivotalCloudFoundryBackingUpPivotalCloudFoundrywithBBREnablingExternalBlobstoreBackupsRestoringPCFfromBackupwithBBRSettingUpYourJumpboxforBBRRestoringanERTBackupIn-placeTroubleshootingBBRUsingOpsManagerUnderstandingtheOpsManagerInterface
©CopyrightPivotalSoftwareInc,2013-2018 3 1.12
-
777781782786787789791794796797800803805807815817819826827830832836839844848851858862865867869871880882886891892895896896896897898899901903907910912914
AddingandDeletingProductsApplyingChangestoOpsManagerDirectorRetrievingCredentialsfromYourDeploymentUnderstandingFloatingStemcellsCreatingUAAClientsforBOSHDirectorUsingYourOwnLoadBalancerUnderstandingPivotalCloudFoundryUserTypesCreatingandManagingOpsManagerUserAccountsLoggingintoAppsManagerModifyingYourOpsManagerInstallationandProductTemplateFilesManagingErrandsinOpsManagerLimitingComponentInstancesDuringRestartMonitoringVirtualMachinesinPCFPivotalCloudFoundryTroubleshootingGuideTroubleshootingOpsManagerforVMwarevSphereTroubleshootingPCFonAzureAdvancedTroubleshootingwiththeBOSHCLICloudFoundryConceptsCloudFoundryOverviewHowApplicationsAreStagedHighAvailabilityinCloudFoundryOrgs,Spaces,Roles,andPermissionsUnderstandingCloudFoundrySecurityUnderstandingContainerSecurityUnderstandingContainer-to-ContainerNetworkingUnderstandingApplicationSecurityGroupsUnderstandingGrootFSDiskUsageCloudFoundryComponentsComponent:CloudControllerComponent:Messaging(NATS)Component:GorouterComponent:UserAccountandAuthentication(UAA)ServerComponent:GardenHTTPRoutingDiegoArchitectureUnderstandingApplicationSSHHowtheDiegoAuctionAllocatesJobsOperator'sGuideUnderstandingtheElasticRuntimeNetworkArchitectureLoadBalancerRouterIdentifyingtheAPIEndpointforyourElasticRuntimeInstanceCreatingNewElasticRuntimeUserAccountsConfiguringSSL/TLSTerminationatHAProxyConfiguringProxySettingsforAllApplicationsRestrictingAppAccesstoInternalPCFComponentsConfiguringApplicationSecurityGroupsforEmailNotificationsConfiguringSSHAccessforPCFIdentifyingElasticRuntimeJobsUsingvCenterConfiguringLogginginElasticRuntime
©CopyrightPivotalSoftwareInc,2013-2018 4 1.12
-
918920927929932933935938943945948951955963965967969970972974976982986989992996100210041007100910101011102010231026102810301033103510361038104010411044104610471048105010511055
ConfiguringUAAPasswordPolicyConfiguringAuthenticationandEnterpriseSSOforElasticRuntimeConfiguringADFSasanIdentityProviderConfiguringCAasanIdentityProviderConfiguringPingFederateasanIdentityProviderAddingExistingSAMLorLDAPUserstoaPCFDeploymentSwitchingApplicationDomainsScalingElasticRuntimeScalingDownYourMySQLClusterUsingDockerRegistriesConfiguringCellDiskCleanupSchedulingCustomBrandingAppsManagerMonitoringApp,Task,andServiceInstanceUsageMonitoringInstanceUsagewithAppsManagerProvidingaCertificateforYourSSL/TLSTerminationPointEnablingNFSVolumeServicesAdministeringandOperatingCloudFoundryManagingCustomBuildpacksUsingDockerinCloudFoundryCreatingandManagingUserswiththecfCLICreatingandManagingUserswiththeUAACLI(UAAC)CreatingandModifyingQuotaPlansGettingStartedwiththeNotificationsServiceConfiguringContainer-to-ContainerNetworkingManagingIsolationSegmentsRoutingforIsolationSegmentsUsingFeatureFlagsStoppingandStartingVirtualMachinesManagingDiegoCellLimitsDuringUpgradeSettingaMaximumNumberofStartingContainersEnablingIPv6forHostedApplicationsSecuringTrafficintoCloudFoundryEnablingTCPRoutingTroubleshootingTCPRoutesSupportingWebSocketsConfiguringLoadBalancerHealthchecksforCloudFoundryRoutersTroubleshootingSlowRequestsinCloudFoundryTroubleshootingRouterErrorResponsesRouterBackendKeepaliveConnectionsUsingPCFRuntimeforWindowsUnderstandingWindowsCellsUnderstandingStemcellSecurityDeployingPCFRuntimeforWindowsUsingWindowsStemcellsDeployingonAzureCreatingavSphereStemcellManuallyUpgradingWindowsCellsConfiguringaKMSHostTroubleshootingWindowsCellsDeploying.NETAppstoWindowsCells
©CopyrightPivotalSoftwareInc,2013-2018 5 1.12
-
10581059106110641070108310881092109410971104110511081113111611181121112211301132113511391141114411461147115711581169117211731176118411871192119411991201120212031205120712121214121612181225122712281232
UsingAppsManagerGettingStartedwithAppsManagerManagingOrgsandSpacesUsingAppsManagerManagingUserRoleswithAppsManagerManagingAppsandServiceInstancesUsingAppsManagerScalinganApplicationUsingAppAutoscalerUsingtheAppAutoscalerCLIViewingASGsinAppsManagerConfiguringSpringBootActuatorEndpointsforAppsManagerUsingSpringBootActuatorswithAppsManagerUsingtheCloudFoundryCommandLineInterface(cfCLI)InstallingthecfCLIGettingStartedwiththecfCLIUsingthecfCLIwithanHTTPProxyServerUsingthecfCLIwithaSelf-SignedCertificateUsingcfCLIPluginsDevelopingcfCLIPluginsCloudFoundryCLIReferenceGuideDeveloperGuideConsiderationsforDesigningandRunninganApplicationintheCloudDeployanApplicationDeployingaLargeApplicationDeployanAppwithDockerStarting,Restarting,andRestagingApplicationsApplicationContainerLifecycleRoutesandDomainsChangingStacksDeployingwithApplicationManifestsUsingApplicationHealthChecksScalinganApplicationUsingcfscaleRunningTasksCloudFoundryEnvironmentVariablesUsingBlue-GreenDeploymenttoReduceDowntimeandRiskTroubleshootingApplicationDeploymentandHealthApplicationSSHOverviewAccessingAppswithSSHAccessingServiceswithSSHTrustedSystemCertificatesCloudControllerAPIClientLibrariesUsingExperimentalcfCLICommandsDeliveringServiceCredentialstoanApplicationManagingServiceInstanceswiththecfCLIManagingServiceKeysUser-ProvidedServiceInstancesStreamingApplicationLogstoLogManagementServicesService-SpecificInstructionsforStreamingApplicationLogsStreamingApplicationLogstoSplunkStreamingApplicationLogswithFluentdStreamingApplicationLogstoAzureOMSLogAnalytics(Beta)ConfiguringPlayFrameworkServiceConnections
©CopyrightPivotalSoftwareInc,2013-2018 6 1.12
-
1233
123512351235123612361239124112421243124512481249125012561258126212631266126812691270127212731274127512771278127912841285128512861288128912941295129612971299130113051307131413151322132813341335
MigratingaDatabaseinCloudFoundryDetaileddocumentationtohelpyouinstall,understand,andsucceedwithPivotal'senterprise-gradesoftware.PrerequisiteCreateandBindaServiceInstanceAccesstheVolumeServicefromyourAppNFSVolumeServiceSecurityGuideSecurityConceptsPCFSecurityProcessesPivotalCloudFoundrySecurityOverviewandPolicyPCFTesting,Release,andSecurityLifecycleIdentityManagementPCFInfrastructureSecurityManagingTLSCertificatesAddingaCustomCertificateAuthorityStemcellHardeningFAQNetworkSecurityTLSConnectionsinPCFDeploymentsCloudControllerNetworkCommunicationsConsulNetworkCommunicationsContainer-to-ContainerNetworkingCommunicationsDiegoNetworkCommunicationsLoggregatorNetworkCommunicationsMySQLNetworkCommunicationsNATSNetworkCommunicationsRoutingNetworkCommunicationsUAANetworkCommunicationsSecurity-RelatedPCFTilesGeneralDataProtectionRegulationOtherSecurityTopicsSecurityGuidelinesforYourIaaSProviderHowtoUseThisTopicBuildpacksAboutBuildpacksUnderstandingBuildpacksPushinganApplicationwithMultipleBuildpacksUsingaProxySupportedBinaryDependenciesProductionServerConfigurationBinaryBuildpackGoBuildpackJavaBuildpackTipsforJavaDevelopersGettingStartedDeployingJavaAppsGettingStartedDeployingGrailsAppsGettingStartedDeployingRatpackAppsGettingStartedDeployingSpringAppsConfiguringServiceConnectionsConfiguringServiceConnectionsforGrails
©CopyrightPivotalSoftwareInc,2013-2018 7 1.12
-
13381339134713501355135813611362136413671368137113741376137713781381138413901391139613991400140114041405141014111414141714181423142414261427142814291433143614401441144314441449145014511451145414571460
ConfiguringServiceConnectionsforPlayFrameworkConfiguringServiceConnectionsforSpringCloudFoundryJavaClientLibrary.NETCoreBuildpackNode.jsBuildpackTipsforNode.jsApplicationsEnvironmentVariablesDefinedbytheNodeBuildpackConfiguringServiceConnectionsforNode.jsPHPBuildpackTipsforPHPDevelopersGettingStartedDeployingPHPAppsPHPBuildpackConfigurationComposerSessionsNewRelicPythonBuildpackRubyBuildpackTipsforRubyDevelopersGettingStartedDeployingRubyAppsGettingStartedDeployingRubyAppsGettingStartedDeployingRubyonRailsAppsConfigureRakeTasksforDeployedAppsEnvironmentVariablesDefinedbytheRubyBuildpackConfigureServiceConnectionsforRubySupportforWindowsGemfilesStaticfileBuildpackCustomizingandDevelopingBuildpacksCreatingCustomBuildpacksPackagingDependenciesforOfflineBuildpacksMergingfromUpstreamBuildpacksUpgradingDependencyVersionsUsingCIforBuildpacksReleasingaNewBuildpackVersionUpdatingBuildpack-RelatedGemsServicesOverviewManagingServiceBrokersAccessControlDashboardSingleSign-OnExampleServiceBrokersBindingCredentialsApplicationLogStreamingRouteServicesSupportingMultipleCloudFoundryInstancesLoggingandMetricsOverviewoftheLoggregatorSystemUsingLoggregatorLoggregatorGuideforCloudFoundryOperatorsApplicationLogginginCloudFoundrySecurityEventLoggingforCloudControllerandUAA
©CopyrightPivotalSoftwareInc,2013-2018 8 1.12
-
146414701471147214731478148414871490
DeployingaNozzletotheLoggregatorFirehoseCloudFoundryDataSourcesInstallingtheLoggregatorFirehosePluginforcfCLITroubleshootingandDiagnosticsDiagnosingProblemsinPCFRecoveringFromMySQLClusterDowntimeRunningmysql-diagUsingtheOpsManagerAPIDeployingPCFRuntimeforWindows
©CopyrightPivotalSoftwareInc,2013-2018 9 1.12
-
PCFv1.12FeatureHighlightsThistopichighlightsimportantnewfeaturesincludedinPivotalCloudFoundry(PCF)v1.12.
OpsManagerHighlightsOpsManagerv1.12includesthefollowingmajorfeatures:
MigrateNon-ConfigurableSecretstoCredHubTileAuthorscanwriteaJavaScriptmigrationtomovetheirexistingnon-configurablesecretsintoCredHub.OpsManagerv1.12supportsmigrating secret ,simple_credential , rsa_pkey_credential ,and salted_credential types.
Formoreinformationaboutthisfeature,seeMigratingExistingCredentialstoCredHub inthePCFTileDevelopersGuide.
SecureBOSHDirector/AgentHTTPTrafficviaTLSOpsManagercreatesaTLScertificateandpassesittoBOSH.ThisfacilitatesmutuallyauthenticatedandencryptedHTTPtrafficbetweentheBOSHDirectorandtheAgentthatexistsoneachBOSH-createdVM.
FasterUpgradeandInstallationExportOpsManagerdecreasesthetimerequiredtoupgradebyreducingthesizeofthefileproducedbyExportInstallationSettingsbyseveralordersofmagnitude.
Forupgradeinstructions,seeUpgradingPivotalCloudFoundry.
Manifest-onlyWorkflowwithCredHubThisfeatureisrelevantforoperatorswhouseOpsManageronlyformanifestgenerationanddonotclickApplyChanges.
OperatorswhoextractOpsManager-generatedmanifestsinordertomanuallydeployPCFproductswithBOSHcanensurecredentialsaremigratedtoCredHubandcontinuetobeincludedinthedeploy.
OlderOpsManager-generatedmanifestscontainedcredentialsinplaintext.ButasproductsmigratetouseCredHub,manifestsnowcontainplaceholderssothatcredentialsarefetchedatdeploytime.TheextractedmanifestsforsupportingPCFproductreleasesautomaticallycontainareferencetoCredHub-storedcredentials.
ThenewOpsManagerAPIgeneratesafileusedbyCredHubtobulkloadcredentialsfromOpsManager.SubsequentBOSHdeploymentsresultinexistingcredentialscontinuingtobesupplied.ThenewAPIalsoincludesanadditionalendpointthatoperatorscanusetodeletecredentialsfromOpsManagerifneeded.
FormoreinformationaboutusingtheOpsManagerAPI,seeUsingtheOpsManagerAPI.ForthecompleteOpsManagerAPIdocumentation,browsetohttps://YOUR-OPS-MANAGER-FQDN/docs .
BOSHDirectorSupportsMultipleRuntimeConfigsTheBOSHDirectornowsupportsmultiplenamedruntimeconfigs.Operatorscanadd,remove,andupdateeachruntimeconfigfileindependently,inordertomoreeasilyconfigurewhichPivotalCloudFoundryAdd-onsareappliedtowhichdeploymentsandinstancegroups.
Formoreinformationaboutruntimeconfigs,seetheBOSHdocumentation .
MoreAWSRegions
©CopyrightPivotalSoftwareInc,2013-2018 10 1.12
https://docs.pivotal.io/tiledev/migrating-credhub-credentials.htmlhttps://bosh.io/docs/runtime-config.html
-
OperatorscandeployPCFandsupportedproductstoadditionalAWSregions.PCFnowsupportsthefollowingpublicregions:
us-east-1
us-east-2
us-west-1
us-west-2
ca-central-1
ap-south-1
ap-northeast-1
ap-northeast-2
ap-southeast-1
ap-southeast-2
eu-central-1
eu-west-1
eu-west-2
sa-east-1
PivotalpublishesAMIsforalloftheseregions.ThePDFdownloadedfromPivNetcontainthenewAMIIDs.
AWSGovCloud(US)OperatorscandeployOpsManagerv1.12toAWSGovCloud(US) .FormoreinformationaboutdeployingAWSGovCloud(US),seethefollowingAWSinstallationtopics:
DeployingtheCloudFormationTemplateforPivotalCloudFoundryonAWS
ConfiguringAWSforPCF
GoogleSharedVirtualPrivateCloudGoogleSharedVirtualPrivateCloud(VPC),formerlyknownasGoogleCross-ProjectNetworking(XPN),enablesyoutoassignGoogleCloudPlatform(GCP)resourcestoindividualprojectswithinanorganizationbutallowscommunicationandsharedservicesbetweenprojects.
Formoreinformationaboutthisfeature,seeConfiguringaSharedVPConGCP.
BOSHCLIv2+OpsManagerv1.12usesthenewversionoftheBOSHCLI .
TherearetwomajorreleasesoftheBOSHCLI,andtheOpsManagerDirectorVMincludesbothversions.Youcan bosh commandsfortheoldCLIandbosh2 commandsforthenewCLI,butmanyoldCLIcommandsareincompatiblewiththeBOSHDirector.SeethecorrespondingKnowledgeBase articleformoreinformation.
FormoreinformationaboutthedifferencesbetweentheoldandnewversionsoftheBOSHCLI,seetheBOSHdocumentation .
OtherFeaturesForinformationaboutothernewfeaturesinOpsManagerv1.12,seethePivotalCloudFoundryOpsManagerv1.12ReleaseNotes .
ElasticRuntimeHighlightsElasticRuntimev1.12includesthefollowingmajorfeatures:
©CopyrightPivotalSoftwareInc,2013-2018 11 1.12
https://aws.amazon.com/govcloud-us/https://bosh.io/docs/cli-v2.htmlhttps://discuss.pivotal.io/hc/en-us/articles/115012374148-Permissions-error-when-running-BOSH-commands-on-the-Directorhttps://bosh.io/docs/cli-v2-diff.htmlhttps://docs.pivotal.io/pcf-release-notes/opsmanager-rn.html
-
MultipleBuildpackApplicationsDeveloperscandeployapplicationsthatutilizemultiplebuildpacksinsequence.DevelopersspecifythebuildpackseitherwiththeCloudFoundryCommandLineInterface(cfCLI)orthroughanapplicationmanifest.
SupportformultiplebuildpacksenablesdeveloperstousesystembuildpacksratherthancustombuildpacksorDockerpackaging.SystembuildpacksprovidebenefitssuchasautomatedpatchingofapplicationserverCVEs,andassuresaconstantlypatchedrootfilesystemacrossapplications.
ElasticRuntimeUsesCredHubforSimplisticCredentialsTheinternalcredentials( secret and simple_credentials )thatElasticRuntimeusesforintra-componentcommunicationaregeneratedandstoredinCredHubinsteadofOpsManager.
GrootFSinGarden-runCGrootFSreplacespreviouslybuilt-infunctionalityinGarden-runC,including:
Filesystemisolation
Diskquotaenforcement
Containerimagemanagement
ThisispartofongoingworkdesignedtomakePCFcompliantwiththeOpenContainerInitiative(OCI)standards.
ApplicationInstanceIdentityCredentialsEachapplicationinstancehasauniquecertificateandkeyavailabletoitthatcanbeusedtoverifytheidentityoftheapplication.
Thisgivesapplicationsaneasierwaytoasserttheiridentitytootherclientsandservices,sothatappropriateauthenticationandauthorizationdecisionscanbemadeoneithersideofthecommunication.
Formoreinformation,seetheAppInstanceContainerIdentityCredentialssectionoftheTLSConnectionsinPCFDeploymentstopic.
HAProxyReleaseElasticRuntimenowusesthenewlyincubatedhaproxy-boshrelease .ThisreplacementofthisjoballowsthetiletoexposenewHAProxyfeatures.
OtherFeaturesForinformationaboutothernewfeaturesinElasticRuntimev1.12,seethePivotalCloudFoundryElasticRuntimev1.12ReleaseNotes .
AppsManagerHighlightsAppsManagerv1.12includesthefollowingfeatures:
In-ContextServiceCreationDeveloperscancreateserviceswithoutleavingtheapplicationorspaceviewforanacceleratedworkflow.
ServiceConfigurationParameterDiscoveryWhencreatinganewservice,developerscandiscoveradditionalparameteroptionsasfields,oraJSONeditorthatenablesthemtodefinetheparameters.
©CopyrightPivotalSoftwareInc,2013-2018 12 1.12
https://github.com/cloudfoundry-incubator/haproxy-boshreleasehttps://docs.pivotal.io/pcf-release-notes/runtime-rn.html
-
PCFIsolationSegmentHighlightsThePCFIsolationSegmentv1.12tileincludesthefollowingfeatures:
ShardedRoutersOperatorscannowconfigureshardingmodeforrouters.Formoreinformation,seeInstallingPCFIsolationSegment.
HAProxyYoucannowuseanHAProxyfortheIsolationSegmenttilethatisindependentfromtheElasticRuntimeHAProxy.
TheIsolationSegmenttileincludesitsownHAProxyVM,whichusesthehaproxy-boshrelease .Formoreinformation,seeInstallingPCFIsolationSegment.
PCFRuntimeforWindowsHighlightsThePCFRuntimeforWindowsv1.12tileincludesthefollowingfeatures:
OperatorsCanManagetheWindowsAdminPasswordOperatorscannowmanageapasswordstrategyfortheWindowsadminuseronWindowsVMswhenconfiguringthePCFRuntimeforWindowsv1.12tile.TheycanusetheWindowsdefaultpassword,specifyapassword,orgeneraterandompasswordsforeachVM.Formoreinformation,seeDeployingPCFRuntimeforWindows.
WindowsEventLogsConsumableviaSyslogOperatorscannowconfigureasyslogendpointforWindowsEventLogsinthePCFRuntimeforWindowsv1.12tile.WindowsEventsLogsprovideaconsolidated,system-levelloggingmechanismthatisespeciallyusefulintroubleshootingproblemswithrunningapplications.
Formoreinformation,seeDeployingPCFRuntimeforWindows.
ServicesHighlights
PCFMetricsv1.4ThePCFMetricsv1.4tilereleasesalongsidePCFv1.12andincludesthefollowingmajorfeatures:
SupportforSpringBootActuatormetrics
Supportforcustomappmetrics
Instance-levelmetricsvisualization
ImprovedUI
Formoreinformation,seethePCFMetricsv1.4documentation .
SingleSign-Onv1.5TheSingleSign-On(SSO)v1.5tilereleasesalongsidePCFv1.12andincludesthefollowingmajorfeatures:
SupportforenterpriseSSOwithAzureActiveDirectoryusingOpenIDConnect(OIDC)
ImprovedframeworksupportforSSOandtheSSOconnectorforappdevelopersusingSpringBootonPCF
©CopyrightPivotalSoftwareInc,2013-2018 13 1.12
https://github.com/cloudfoundry-incubator/haproxy-boshreleasehttp://docs.pivotal.io/pcf-metrics/1-4/
-
Newsampleappstohelpdeveloperonboarding
Supportfortokenexchangeflow,includingintegrationwithexistingenterpriseidentityproviders
Formoreinformation,seetheSSOv1.5documentation .
PivotalCloudCachev1.2PivotalCloudCachev1.2includesthefollowingfeature:
AsaPCCOperator,youcanuseOperationalMonitoringtomonitormultiplePCCclustersusingadashboardofyourchoicewithoutencounteringaservicedisruption.Thisfeatureincludeslogmonitoringandmetrics.YoucanopttousemetricsforserviceinstancesatthePCCserviceplanlevelonOpsManager.BrokermetricsarealwayssenttotheFirehose.
RabbitMQforPCFv1.10RabbitMQforPCFv1.10offersanon-demandclusterplan.Nowoperatorscanofferthreetypesofplans:
Pre-provisioned
On-demandsinglenode
On-demandcluster
Forapplicationteamsthatrequiremoreisolation,on-demandplansempowerthemtoself-servetheirownRabbitMQonasinglenodeorcluster.
Releasev1.10alsoprovidessmoketestsfortheon-demandplanssothatoperationsteamscanvalidatetheapplicationdeveloperworkflowforon-demandservices.
Formoreinformation,seetheRedisforPCFv1.10documentation .
RedisforPCFv1.10TheRedisforPCFv1.10tileincludesthefollowingmajorfeatures:
Generalmetricsenhancementsforon-demandservices
SyslogenablementwithorwithoutTLSencryption
Formoreinformation,seetheRabbitMQforPCFv1.10documentation .
MySQLforPCFv2.1TheMySQLforPCFv2.1tileincludesthefollowingmajorfeatures:
Providesanewrestoreutilityoneachserviceinstancetomakerestoringfromabackupartifacteasier
Addstheabilitytoenableordisable lower_case_table_names forallMySQLserviceinstancesoronlyspecificserviceinstances,whichhelpswhenmigratingfromlegacysystemsthatneedcaseinsensitivity
ChangesseveralMySQLserverdefaultconfigurationstoprovidebetterconsistencyandexpectedbehaviorwhenmigratingfromtheMySQLforPCFv1series
Formoreinformation,seetheMySQLforPCFv2.1documentation .
©CopyrightPivotalSoftwareInc,2013-2018 14 1.12
https://docs.pivotal.io/p-identity/1-5/https://docs.pivotal.io/redis/1-10/index.htmlhttps://docs.pivotal.io/rabbitmq-cf/1-10/index.htmlhttps://docs.pivotal.io/p-mysql/2-1/
-
PivotalCloudFoundryReleaseNotesPivotalCloudFoundryiscertifiedbytheCloudFoundryFoundationfor2018.
Readmoreaboutthecertifiedproviderprogram andtherequirementsofproviders .
ThistopicprovideslinkstothereleasenotesforPivotalCloudFoundry(PCF)andPCFservices.Releasenotesincludenewfeatures,breakingchanges,bugfixes,andknownissues.
PCFReleaseNotesPCFv1.12BreakingChanges
PCFOpsManagerv1.12ReleaseNotes
PivotalElasticRuntimev1.12ReleaseNotes
PCFRuntimeforWindowsv1.12ReleaseNotes
PCFIsolationSegmentv1.12ReleaseNotes
StemcellReleaseNotes
PCFServicesReleaseNotesAppDistributionServiceforPCF
GemFireforPCF
MySQLforPCF
ApplicationWatchdogforPCF(Beta)
PCFHealthwatch
PCFMetrics
PCFServiceBrokerforAWS
PushNotificationServiceforPCF
RabbitMQ®forPCF
RedisforPCF
SessionStateCachingPoweredbyGemFire
SingleSign-OnforPCF
SpringCloudServicesonPCF
SchedulerforPCF
©CopyrightPivotalSoftwareInc,2013-2018 15 1.12
https://www.cloudfoundry.org/provider-faq/https://www.cloudfoundry.org/provider-requirements/https://docs.pivotal.io/app-dist/release-notes.htmlhttps://docs.pivotal.io/gemfire-cf/relnotes.htmlhttps://docs.pivotal.io/p-mysql/release-notes.htmlhttps://docs.pivotal.io/pcf-appdog/rn-ki.htmlhttps://docs.pivotal.io/pcf-healthwatch/release-notes.htmlhttps://docs.pivotal.io/pcf-metrics/rn-ki.htmlhttps://docs.pivotal.io/aws-services/release-notes.htmlhttps://docs.pivotal.io/push/release-notes.htmlhttps://docs.pivotal.io/rabbitmq-cf/releases.htmlhttps://docs.pivotal.io/redis/release.htmlhttps://docs.pivotal.io/ssc-gemfire/relnotes.htmlhttps://docs.pivotal.io/p-identity/release-notes.htmlhttps://docs.pivotal.io/spring-cloud-services/release-notes.htmlhttps://docs.pivotal.io/pcf-scheduler/release-notes.html
-
PCFv1.12BreakingChangesThistopicdescribesthebreakingchangesyouneedtobeawareofwhenupgradingtoPivotalCloudFoundry(PCF)v1.12.Formoreinformationaboutimportantpreparationstepsyoumustfollowbeforebeginninganupgrade,seeUpgradingPivotalCloudFoundry.
ElasticRuntime
CloudControllerBridgeInpreviousversionsofPCF,theDiegoBrainVMrantheCloudControllerBridgecomponent,whichtranslatedCloudControllerrequestsintoDiegoAPIcommands.TheCloudControllerBridgeconveyedcommunicationsbetweentheCloudControllerandDiegooverplain-textHTTP.
InPCFv1.12,theEnablesecurecommunicationbetweenDiegoandCloudControlleroptionintheCloudControllerpaneoftheElasticRuntimetileallowsyoutoenabledirectcommunicationsbetweentheCloudControllerandDiegooversecureTLSanddeactivatetheCloudControllerBridge.IfyoudeployafreshinstallationofPCFv1.12,theEnablecheckboxisselectedbydefault.
Forupgrades,ifyouwanttousethisnewfeature,youmustmanuallyselecttheEnablecheckboxaftertheupgradeiscompleteandthenclickApplyChanges.SelectingthecheckboxbeforetheupgraderesultsinAPIdowntime.
GorouterandHAProxyTLSConfigurationInpreviousversionsofPCF,youhadtheoptionofselectingForwardunencryptedtraffictoElasticRuntimeRouterintheNetworkingpaneofElasticRuntime.Ifyouselectedthisoption,youdidnothavetoprovideacertificateorprivatekeyforGorouterconfiguration.
InPCFv1.12,theGorouterandHAProxynowalwayslistenforTLSrequests.Therefore,youmustconfigureanSSLcertificatefortheGorouterandHAProxyinElasticRuntime.YouconfiguretheGorouterandHAProxyusingthesamefieldandwiththesamecertificate.
Inaddition,youmustspecifyTLSciphersuitesforbothHAProxyandtheGorouter.Theseciphersuitesarespecifiedindependentlyindifferentfields.IfyouconfiguredapreviousinstallationwithTLSciphersuites,theseconfigurationspersistthroughtheupgrade.MakesurethatyouhaveconfiguredthecorrectsetofTLSciphersuitesandminimumTLSversiontosupportyourclientandloadbalancerneeds.
Inbothcases,theHAProxyconfigurationisignoredifyouarenotusingHAProxy.
Formoreinformation,seetheElasticRuntimeinstallationtopicforyourIaaS .
InternalElasticRuntimeCredentialsTheinternalcredentialsthatElasticRuntimeusesforinter-componentcommunicationarenowgeneratedandstoredinCredHubinsteadofOpsManager.ForalistofthecredentialsmigratedtoCredHub,seePivotalElasticRuntimeReleaseNotes.
Ifyouwanttoaccessthesecredentials,youmustusetheCredHubCLIortheOpsManagerAPIinsteadoftheCredentialstaboftheElasticRuntimetile.
CredHubAPICommunicationonPort8844InorderfortheCredHubAPItocommunicatewiththeBOSHDirector,TCPPort8844mustbeopenonthenetworkswhereOpsManagerandElasticRuntimeVMsaredeployed.TCPPort8844mustbeopentoenableinternalnetworkingbetweenVMslocatedinsidethelocalnetwork.Formoreinformation,seePreparingYourFirewallforDeployingPCF.
PostgresThisreleaseremovesthelegacyPostgresdatabaseVMsfortheCloudControllerandUAA.IfyourdeploymentwasoriginallyinstalledbeforePCFv1.6andstillusesPostgres,youmustcontactyourdedicatedSupportEngineerorPlatformArchitectforassistanceinmigratingyourCloudControllerandUAAdatabasestoMySQL.TheyhaveaccesstothePostgreSQL-to-MySQLMigratortoolandinstructionsonPivotalNetwork.
IfyoudonotmigratetoMySQLbeforeupgradingtoElasticRuntimev1.12,theupgradefails.Formoreinformation,seeMigratetheCCandUAADatabases
©CopyrightPivotalSoftwareInc,2013-2018 16 1.12
https://docs.pivotal.io/pivotalcf/1-12/customizing/pas.html
-
fromPostgrestoMySQL.
MySQLforPCFandPCFRuntimeforWindowsIfyourexistingPCFv1.11.xinstallationincludesbothPCFRuntimeforWindows andMySQLforPCFv1.x,youmustupgradetoMySQLforPCFv1.10.3orlaterbeforeyouupgradetoPCFElasticRuntimev1.12.ForinstructionsonhowtoupgradeMySQLforPCF,seetheMySQLforPCF documentation.
IfyoudonotupgradeMySQLforPCF,theupgradefails.Formoreinformation,seeUpgradeMySQLforPCF.
Read-onlyVolumeMountsWeback-portedafixfromNFS1.3.1toNFS1.2.1foranincompatibilitybetweenourNFSVolumereleaseandDiego’scontainerruntime,garden.But,becausethefixwasintheNFSServiceBroker,andservicebindingscreatedbyoldversionsofthisbrokerwon’tgetmigratedduringupgrade,existingNFSservicebindingsthatspecifyread-onlymountswillstillexhibittheincompatibility.
Asaresult,customersupgradingfromversionscontainingnfs-volume-release<1.2.1thathaveNFSservicesboundread-onlytotheirapplicationswillseethattheirapplicationscrashafterupgrade.
Tofixthiscondition,customersshouldunbindtheservice,rebindit,andthenrestagetheapplication.
Alternately,customerswishingtoavoidapplicationdowntimecantemporarilyre-bindtheirapplicationsasread/writebeforeupgrading,andthenswtichtoread-onlyafterwards.
OpsManager
BOSHCLIv2OpsManagerv1.12usestheBOSHCommandLineInterface(CLI)v2.Inv2,theformattingoftheCLIoutputhaschanged.IfyourdeploymentusesscriptsthatrelyonBOSHoutput,youmustrefactorthemtointerpretthecommandoutputoftheBOSHCLIv2.FormoreinformationabouttheBOSHCLIv2,seePivotalOperationsManagerReleaseNotes.
MissingStemcellCausesFailuretoDeployInPCFv1.12andearlier,theBOSHDirectormaydeletestemcellsrequiredbyerrands.ThiscausesdeploymentsorupgradestofailwithError:Stemcelldoesn'texist
.Topreventthiserror,dothefollowingbeforeyouclickApplychangesinOpsManagertoupgrade:
1. DownloadacurrentstemcellfromPivotalNetwork .
2. UploadthestemcellbyclickingImportaProductinOpsManager,orbymanuallyrunning boshupload-stemcell withtheBOSHCLI.
SeethePivotalKnowledgeBasearticleDeployfailswithError:Stemcelldoesn’texist fordetails.
ThisknownissuehasbeenfixedinOpsManagerv2.0andlater.
DirectorCertificateRotationIfyouroriginalElasticRuntimedeploymentwasPCFv1.6orearlier,youmustregeneratethenon-configurableDirectorcertificatestodeployCredHub.Duringadeploy,CredHubattemptstoverifytheconnectiontoUAAontheBOSHDirectorwiththeOpsManagercertificateSubjectAlternativeName(SAN).OpsManagerv1.6andearliergeneratednon-configurablecertificateSANsinaformatthatCredHubdoesnotunderstand.Formoreinformation,seeCredHubRequiresDirectorCertificateRotation.
PCFLogSearchPCFLogSearchisnotcompatiblewithPCFv1.12.IfyourdeploymentcontainsPCFLogSearch,youmustremovetheproducttilebeforeupgradingtoPCF
©CopyrightPivotalSoftwareInc,2013-2018 17 1.12
https://docs.pivotal.io/pivotalcf/1-12/windows/index.htmlhttp://docs.pivotal.io/p-mysql/1-10/index.htmlhttps://network.pivotal.iohttps://community.pivotal.io/s/article/Deploy-fails-with-Error-Stemcell-doesnt-exist
-
v1.12.Failuretoremovethisproductpriortotheupgrademaycauseissueswithyourdeployment.
Formoreinformation,seetheUpgradingPivotalCloudFoundrytopic.
©CopyrightPivotalSoftwareInc,2013-2018 18 1.12
-
PivotalElasticRuntimev1.12ReleaseNotesPivotalCloudFoundryiscertifiedbytheCloudFoundryFoundationfor2018.
Readmoreaboutthecertifiedproviderprogram andtherequirementsofproviders .
Releases
1.12.29[Bugfix]Preventdowntimewhenupgradingfrom1.12to2.0whendeploymentincludesHAProxy
Bumpcf-smoke-teststoversion 40.0.6
Bumpcflinuxfs2toversion 1.228.0
Bumproutingtoversion 0.163.15
Bumpstemcelltoversion 3468.55
Component Version
stemcell 3468.55
binary-offline-buildpack 1.0.21
capi 1.40.54*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.3*
cf-smoke-tests 40.0.6
cflinuxfs2 1.228.0
consul 195
diego 1.25.15
dotnet-core-offline-buildpack 2.1.3
garden-runc 1.13.3
go-offline-buildpack 1.8.25
haproxy 8.4.1
java-offline-buildpack 4.13.1
loggregator 96.5
mysql-backup 2.1.0
mysql-monitoring 8.18.0
nats 24
nfs-volume 1.2.1
nodejs-offline-buildpack 1.6.28
notifications 37
notifications-ui 33
php-offline-buildpack 4.3.57
pivotal-account 1.8.8
push-apps-manager-release 662.0.36
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.18
routing 0.163.15
ruby-offline-buildpack 1.7.21
©CopyrightPivotalSoftwareInc,2013-2018 19 1.12
https://www.cloudfoundry.org/provider-faq/https://www.cloudfoundry.org/provider-requirements/
-
scalablesyslog 12
service-backup 18.1.2
staticfile-offline-buildpack 1.4.29
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.11
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.28[SecurityFix]Bumppivotalaccountto1.8.8
[FeatureImprovment]Bumploggregatortopreventdopplerbackpressureunderhighload
[FeatureImprovement]LoggregatoragentegressespreferredtagsinsteadofDeprecatedTagsinloggregatorenvelopes.ThisfixesahighCPUissueinDopplercluster.
[BugFix]AppsusingaDockerimagefromaninsecureregistryconfiguredinthePrivateDockerInsecureRegistryWhitelistcannowbestagedsuccessfully.
[BugFix]Fixintermittenterrandfailureinpivotalaccount
ErrandsintermittentlyfailwithEOFerrorwhenexecuting‘cfauth’onNetScaler
[BugFix]Dockerimagebasedappresourcereportingcorrectlyincludesimagesizeindiskusage
[BugFix]Setcloudcontrollerstagingtimeoutvalueonallcloudcontrollerjobstoallowlargeappstostagebeforethetimeout.
Bumpdiegotoversion 1.25.15
Bumpjava-offline-buildpacktoversion 4.13.1
Bumploggregatortoversion 96.5
Bumppivotal-accounttoversion 1.8.8
Bumpstemcelltoversion 3468.54
Component Version
stemcell 3468.54
binary-offline-buildpack 1.0.21
capi 1.40.54*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.3*
cf-smoke-tests 40.0.5
cflinuxfs2 1.227.0
consul 195
diego 1.25.15
dotnet-core-offline-buildpack 2.1.3
garden-runc 1.13.3
go-offline-buildpack 1.8.25
haproxy 8.4.1
java-offline-buildpack 4.13.1
loggregator 96.5
mysql-backup 2.1.0
mysql-monitoring 8.18.0
nats 24
nfs-volume 1.2.1
nodejs-offline-buildpack 1.6.28*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 20 1.12
https://community.pivotal.io/s/article/Errands-intermittently-fail-with-EOF-error-when-executing-cf-auth-on-NetScaler
-
notifications 37
notifications-ui 33
php-offline-buildpack 4.3.57
pivotal-account 1.8.8
push-apps-manager-release 662.0.36
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.18
routing 0.163.14*
ruby-offline-buildpack 1.7.21
scalablesyslog 12
service-backup 18.1.2
staticfile-offline-buildpack 1.4.29
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.11
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.27[FeatureImprovement]AddabilitytoconfigureHAproxyclientcertificateverification
[SecurityFix]BumpUAAfor[CVE-2018-11047(https://www.cloudfoundry.org/blog/cve-2018-11047/ )
Bumpcflinuxfs2version 1.227.0
Bumpjava-offline-buildpackversion 4.13
Bumpuaaversion 45.11
Component Version
stemcell 3468.51
binary-offline-buildpack 1.0.21
capi 1.40.54*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.3*
cf-smoke-tests 40.0-.5
cflinuxfs2 1.227.0
consul 195
diego 1.25.14
dotnet-core-offline-buildpack 2.1.3
garden-runc 1.13.3
go-offline-buildpack 1.8.25
haproxy 8.4.1
java-offline-buildpack 4.13
loggregator 96.2.0*
mysql-backup 2.1.0
mysql-monitoring 8.18.0
nats 24
nfs-volume 1.2.1
nodejs-offline-buildpack 1.6.28
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 21 1.12
https://www.cloudfoundry.org/blog/cve-2018-11047/
-
notifications 37
notifications-ui 33
php-offline-buildpack 4.3.57
pivotal-account 1.8.5
push-apps-manager-release 662.0.36
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.18
routing 0.163.14*
ruby-offline-buildpack 1.7.21
scalablesyslog 12
service-backup 18.1.2
staticfile-offline-buildpack 1.4.29
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.11
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.26[FeatureImprovement]AllowsPCFMetricstobeinstalledwithbothv1.5andv1.4versionstopreventdataloss.
[BugFix]Bumpcf-smoke-tests-releaseto40.0.5tofixsomeflakiness
[SecurityFix]BumpUAAforCVE2018-11041
[SecurityFix]BumpappsmanagerforCVE-2018-11044
OrgManagersandAdminscanleaveorganizations
[BugFix]bumpconsultov195
Includesgolang1.9.7,removesgolang1.8.*.Deployingv193couldfailonsomedeploymentsduetoaconflictwithothertilesthatcompiledthereleasedifferentlyFixesintermittentconsulDNSissuesonWindowsCells
Bumpbinary-offline-buildpacktoversion 1.0.21
Bumpcf-smoke-teststoversion 40.0.5
Bumpcflinuxfs2toversion 1.223.0
Bumpconsultoversion 195
Bumpdotnet-core-offline-buildpacktoversion 2.1.3
Bumpgo-offline-buildpacktoversion 1.8.25
Bumpnodejs-offline-buildpacktoversion 1.6.28
Bumpphp-offline-buildpacktoversion 4.3.57
Bumppush-apps-manager-releasetoversion 662.0.36
Bumppython-offline-buildpacktoversion 1.6.18
Bumpruby-offline-buildpacktoversion 1.7.21
Bumpstaticfile-offline-buildpacktoversion 1.4.29
Bumpuaatoversion 45.10
Bumpstemceslltoversion 3468.51
Component Version
stemcell 3468.51
binary-offline-buildpack 1.0.21
capi 1.40.54*
cf-autoscaling 96.2
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 22 1.12
-
cf-backup-and-restore 0.0.9cf-mysql 36.11.0
cf-networking 1.4.3*
cf-smoke-tests 40.0-.5
cflinuxfs2 1.223.0
consul 195
diego 1.25.14
dotnet-core-offline-buildpack 2.1.3
garden-runc 1.13.3
go-offline-buildpack 1.8.25
haproxy 8.4.1
java-offline-buildpack 4.12.1
loggregator 96.2.0*
mysql-backup 2.1.0
mysql-monitoring 8.18.0
nats 24
nfs-volume 1.2.1
nodejs-offline-buildpack 1.6.28
notifications 37
notifications-ui 33
php-offline-buildpack 4.3.57
pivotal-account 1.8.5
push-apps-manager-release 662.0.36
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.18
routing 0.163.14*
ruby-offline-buildpack 1.7.21
scalablesyslog 12
service-backup 18.1.2
staticfile-offline-buildpack 1.4.29
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.10
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.25[SecurityFix]Bumpdiegotoversion 1.25.14
CVE-2018-1265
[SecurityFix]Bumppivotal-accounttoversion 1.8.5
CVE-142112 CVE-130424
[Bugfix]bumpnfs-volume-releasetoversion 1.2.1
Fixincompatibilitywithnewgarden-runcreleasewhenusingread-onlyNFSvolumemounts
[BugFix]Bumpgardentoversion 1.13.3
Fixissuewithdeletedfilesinapplicationcontainerscreatedfromdockerimages
©CopyrightPivotalSoftwareInc,2013-2018 23 1.12
https://www.cloudfoundry.org/blog/cve-2018-1265/https://nodesecurity.io/advisories/130https://www.kb.cert.org/vuls/id/576313
-
[FeatureImprovement]Bumpnotifications-uitoversion 33
Addcookiesettingtonotifications-uiforGDPRcompliance
[FeatureImprovement]CFNetworkingdatabaseconnectiontimeoutsarenowconfigurable
[FeatureImprovement]MaxconnectionsfortheInternalMySQLDatabasearenowconfigurable
[FeatureImprovement]Bumpscalablesyslogtoversion 12
Removesnoisydebuglogmessages
Bumpcflinuxfs2toversion 1.218.0
Bumpconsultoversion 193 tousego 1.9
Bumpdotnet-core-offline-buildpacktoversion 2.0.7
Bumpgo-offline-buildpacktoversion 1.8.23
Bumpjava-offline-buildpacktoversion 4.12.1
Bumpnodejs-offline-buildpacktoversion 1.6.25
Bumpphp-offline-buildpacktoversion 4.3.56
Bumppython-offline-buildpacktoversion 1.6.17
Bumpruby-offline-buildpacktoversion 1.7.19
Bumpstaticfile-offline-buildpacktoversion 1.4.28
Bumpstemcelltoversion 3468.46
Component Version
Stemcell 3468.46
binary-offline-buildpack 1.0.18
capi 1.40.54*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.3*
cf-smoke-tests 38
cflinuxfs2 1.218.0
consul 193
diego 1.25.14
dotnet-core-offline-buildpack 2.0.7
garden-runc 1.13.3
go-offline-buildpack 1.8.23
haproxy 8.4.1
java-offline-buildpack 4.12.1
loggregator 96.2.0*
mysql-backup 2.1.0
mysql-monitoring 8.18.0
nats 24
nfs-volume 1.2.1
nodejs-offline-buildpack 1.6.25
notifications 37
notifications-ui 33
php-offline-buildpack 4.3.56
pivotal-account 1.8.5
push-apps-manager-release 662.0.34
push-usage-service-release 663.0.8
©CopyrightPivotalSoftwareInc,2013-2018 24 1.12
-
python-offline-buildpack 1.6.17
routing 0.163.14*
ruby-offline-buildpack 1.7.19
scalablesyslog 12
service-backup 18.1.2
staticfile-offline-buildpack 1.4.28
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.24[SecurityFix]Bumpcflinuxfs2toversion 1.210.0 :
USN-3643-1
UpdategrootfscheckboxtoindicatetherecreatingVMsisrecommended
Bumpcapitoversion 1.40.54
Updatedazurefoggemstoimprovereliabilitywhenusinganazureblobstore
Bumpcf-networkingtoversion 1.4.3
Bumpnatstoversion 24
Bumpgoto1.10.1
Bumppush-apps-manager-releasetoversion 662.0.34
UsagereportpagetakesintoaccountrenamedspacesFixbugthatcausesapptocrashonapppagesettingstab
Bumpjava-offline-buildpacktoversion 4.12
Component Version
Stemcell 3468.42
binary-offline-buildpack 1.0.18
capi 1.40.54*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.3*
cf-smoke-tests 38
cflinuxfs2 1.210.0
consul 187
diego 1.25.13
dotnet-core-offline-buildpack 2.0.6
garden-runc 1.13.1
go-offline-buildpack 1.8.21
haproxy 8.4.1
java-offline-buildpack 4.12.0
loggregator 96.2.0*
mysql-backup 2.1.0
mysql-monitoring 8.18.0
©CopyrightPivotalSoftwareInc,2013-2018 25 1.12
https://usn.ubuntu.com/3643-1/
-
nats 24
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.23
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.54
pivotal-account 1.8.2
push-apps-manager-release 662.0.34
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.15
routing 0.163.14*
ruby-offline-buildpack 1.7.18
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.27
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.23[SecurityFix]Bumpstemcelltov3468.42:
USN-3641 USN-3631-2 USN-3628-1 USN-3625-1 USN-3624-1
[SecurityFix]Bumpcflinuxfs2-releasetov1.201.0:
USN-3628-1 USN-3625-1 USN-3624-1 USN-3622-1
[FeatureImprovement]Bumprouting-releasetov0.163.14toenableoperatortodisableloggingofclientIPs,incompliancewiththeEUGeneralDataProtectionRegulation(GDPR).
[FeatureImprovement]Bumpapps-manager-releasetov662.0.33:
Whenbindingaserviceinstance,notifytheusertorestagetheirappfromtheCLI.Whenlogged-inusercanseenoapps,show“Noresults”insteadof“Loading…”intheappsearch.
[BugFix]ProvidetheOpsManagerrootCAcertificateandanyotheroperator-providedtrustedcertificatestoallcontainersinthe/etc/cf-system-certificates directory.
[BugFix]Bumploggregator-releasetov96.2topreventTrafficControllerfromfailingwhenconsulDNSisstoppedfirstduringaBOSHstoporrestart.
Bumpmysql-monitoring-releasetov8.18.0.
Bumpsthefollowingbuildpacks:
Nodejs-offline-buildpacktov1.6.23.Php-offline-buildpacktov4.3.54.Python-offline-buildpacktov1.6.15.Ruby-offline-buildpacktov1.7.18.
Component Version
Stemcell 3468.42
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 26 1.12
https://usn.ubuntu.com/3641-1/https://usn.ubuntu.com/3631-2/https://usn.ubuntu.com/3628-1/https://usn.ubuntu.com/3625-1/https://usn.ubuntu.com/3624-1/https://usn.ubuntu.com/3628-1/https://usn.ubuntu.com/3625-1/https://usn.ubuntu.com/3624-1/https://usn.ubuntu.com/3622-1/
-
binary-offline-buildpack 1.0.18capi 1.40.53*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.201.0
consul 187
diego 1.25.13
dotnet-core-offline-buildpack 2.0.6
garden-runc 1.13.1
go-offline-buildpack 1.8.21
haproxy 8.4.1
java-offline-buildpack 4.10.0
loggregator 96.2.0*
mysql-backup 2.1.0
mysql-monitoring 8.18.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.23
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.54
pivotal-account 1.8.2
push-apps-manager-release 662.0.33
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.15
routing 0.163.14*
ruby-offline-buildpack 1.7.18
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.27
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.22[SecurityFix]Bumpsgarden-releasetov1.13.1forCVE-2018-1277 .
[BugFix]WhenupgradingfromElasticRuntimev1.11tov.12,theEnablesecurecommunicationbetweenDiegoandCloudControlleroptionintheCloudControllertabshouldbedisabledbydefault,insteadofenabledbydefault.
[BugFix]Bumpsautoscaling-releasetov96.2touseCFCLIv6.36.1.
[BugFix]Bumpscapi-releasetov1.40.53topreventduplicateappusageevents.
[FeatureImprovement]Bumpsdiego-releasetov1.25.13toaddcellandinstanceidentifiersinthecontainerlifecyclelogs.
[FeatureImprovement]Bumpsapps-manager-releasetov662.0.32:
IntroducecustommemorylimitsettingforAppsManagerandinvitationapps.
©CopyrightPivotalSoftwareInc,2013-2018 27 1.12
https://www.cloudfoundry.org/blog/cve-2018-1277/
-
Showfullpageerrorwhencriticalenvvarsarenotset.Applastpushtimenowreflectstimeofmostrecentreadypackage.Introduceflagtohideappsearchbar.Appsearchbarqueriesappsonlywhenfocused.Tellusertore-stageappafterbindingaservice.
Bumpsthefollowingbuildpacks:
Binary-offine-buildpacktov1.0.18.Dotnet-core-offline-buildpacktov2.0.6.Go-offline-buildpacktov1.8.21.Java-offline-buildpacktov4.10.0.Nodejs-offline-buildpacktov1.6.22.Php-offline-buildpacktov4.3.53.Python-offline-buildpacktov1.6.14.Ruby-offline-buildpacktov1.7.16.Staticfile-offline-buildpacktov1.4.27.
Component Version
Stemcell 3468.30
binary-offline-buildpack 1.0.18
capi 1.40.53*
cf-autoscaling 96.2
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.196.0
consul 187
diego 1.25.13
dotnet-core-offline-buildpack 2.0.6
garden-runc 1.13.1
go-offline-buildpack 1.8.21
haproxy 8.4.1
java-offline-buildpack 4.10.0
loggregator 96.0.17*
mysql-backup 2.1.0
mysql-monitoring 8.16.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.22
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.53
pivotal-account 1.8.2
push-apps-manager-release 662.0.32
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.14
routing 0.163.13*
ruby-offline-buildpack 1.7.16
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.27*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 28 1.12
-
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.21[BugFix]WhenupgradingfromElasticRuntimev1.11tov1.12,theEnablesecurecommunicationbetweenDiegoandCloudControlleroptionintheCloudControllertabshouldbedisabledbydefault,insteadofenabledbydefault.OnlynewinstallationsofElasticRuntimev1.12shouldenablesecurecommunicationbydefault.
[SecurityFix]Bumpscflinuxfs2tov1.196.0:
USN-3611-1 USN-3610-1
[SecurityFix]Bumpsstemcelltov3468.30:
USN-3619-2 USN-3611-1 USN-3610-1 USN-3598-1 USN-3586-1 USN-3584-1
[BugFix]Bumpssyslog-migration-releasetov8.0.2:
Preventlogsfromblackboxfrombeingwrittentothedefaultsysloglogfilestopreventlogsfrombeingwrittentothedisk3additionaltimes.Fixrfc5424compatibilitybyensuringonly1spaceoccursbetweenthemessageandthestructureddata.
[BugFix]FixesabugthatcausedtheCloudControllersyncjobtofailwhenpushinganappwithTCProutingenabled,whichcausesDiegotonotknowifitsdesiredstateisconsistentwithCloudController.
[FeatureImprovement]Bumpscapi-releasetov1.40.52toimprovedatabaseconnectionvalidation.
[FeatureImprovement]AddsfieldCustomsyslogConfigurationtospecifycustomloggingrulesintheSystemLoggingtab.Formoreinformation,seecustomsyslogrules .
Component Version
Stemcell 3468.30
binary-offline-buildpack 1.0.15
capi 1.40.52*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.196.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.12.1
go-offline-buildpack 1.8.16
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96.0.17*
mysql-backup 2.1.0
mysql-monitoring 8.16.0
nats 22*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 29 1.12
https://usn.ubuntu.com/3611-1/https://usn.ubuntu.com/3610-1/https://usn.ubuntu.com/3619-2/https://usn.ubuntu.com/3611-1/https://usn.ubuntu.com/3610-1/https://usn.ubuntu.com/3598-1/https://usn.ubuntu.com/3586-1/https://usn.ubuntu.com/3584-1/https://docs.pivotal.io/pivotalcf/1-12/customizing/custom-syslog-rules.html
-
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.28
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.13*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.2
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.20[BugFix]Bumpscapi-releasetov1.40.51to:
Preventappuploadfromfailingwhentheapphasbrokensymlinks.FixbrokencfsshforDockerapps.
[BugFix]Bumpscf-mysql-releasetov36.11.0.ReleaseNotes
[FeatureImprovement]Bumpsmysql-monitoring-releasetov8.16.0.ReleaseNotes
[FeatureImprovement]Bumpsloggregator-releasetov96.0.17toaddstricterappidvalidationinTrafficController.
[FeatureImprovement]TheSSOOperatorDashboardnowallowsplanadministratortosendpasswordresetemails.
[BugFix]Bumpspush-apps-manager-releasetov662.0.28
Reintroducecachebustingforjs/cssfilesFixedabugthatwouldcauseappsmanagertofailtoloadwhenenvironmentvariablescontainednewlinesFixheadersforendpointsthatweserveUpdatedtheCFCLIthatisusedtopushAppsManagerandInvitations
Component Version
Stemcell 3468.25
binary-offline-buildpack 1.0.15
capi 1.40.51*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.11.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.188.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.12.1
©CopyrightPivotalSoftwareInc,2013-2018 30 1.12
https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v36.11.0http://docs.pivotal.io/p-mysql/1-10/mysql-components-release-notes.html#monitoring-8.16.0
-
go-offline-buildpack 1.8.16
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96.0.17*
mysql-backup 2.1.0
mysql-monitoring 8.16.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.28
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.13*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.19[Bugfix]Bumpsapps-manager-releasetov662.0.25:
[IE]Fixesalignmentoftheappsearchbarintheheader.Fixesabugthatpreventedmid-levelfetchtasksfrombeingclearedwhenswitchingroutesandonthe30secondrefresh.Fixesabugthatcausedmarketplaceserviceplanstoshow“Nopriceavailable”.
[Bugfix]Bumpsuaa-releasetov45.8:
UpdatesJDKversionto8u162.
[SecurityFix]Bumpscapi-releaseto1.40.49:
CVE-2018-1266 :Fixesrandomnumberguessingexploit.Fixesbuildpackpagination.
Component Version
Stemcell 3468.25
binary-offline-buildpack 1.0.15
capi 1.40.49*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.188.0
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 31 1.12
https://www.cloudfoundry.org/blog/cve-2018-1266
-
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.12.1
go-offline-buildpack 1.8.16
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96*
mysql-backup 2.1.0
mysql-monitoring 8.14.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.25
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.13*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.8
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.18[FeatureImprovment]Bumpsgarden-runc-releasetov1.12.1:
Includesfixforbugwhereusers’filescouldgomissingindocker-basedapplications.
[Bugfix]Bumpsrouting-releaseto0.163.13:
Removesbackendsonanyerrortoprevent502errorsfrombeingreturnedtoclients.Updatesgolangtov1.9.4.
[BugFix]Removesunneededpersistentdiskfromdiegobrainvms.
Component Version
Stemcell 3468.25
binary-offline-buildpack 1.0.15
capi 1.40.47*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 32 1.12
-
cflinuxfs2 1.188.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.12.1
go-offline-buildpack 1.8.16
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96*
mysql-backup 2.1.0
mysql-monitoring 8.14.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.24
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.13*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.17[FeatureImprovement]Bumpsapps-managerto662.0.24,whichusesnginxandthestaticfilebuildpack.
[BugFix]Bumpscapi-releasetoversion1.40.47:
APInolongerloadsallusersintoanarrayinmemory.
[BugFix]Cloudcontrollerisconfiguredtoset cc.diego.pid_limit to0(unlimited)sothatapplicationinstanceswhichcreatedmanythreadsdonotcrash.Thepreviouslimitwasdefaultingto1024.
Component Version
Stemcell 3468.25
binary-offline-buildpack 1.0.15
capi 1.40.47*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 33 1.12
-
cf-smoke-tests 38
cflinuxfs2 1.188.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.11.1
go-offline-buildpack 1.8.16
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96*
mysql-backup 2.1.0
mysql-monitoring 8.14.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.24
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.0*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.16Note:itisrecommendedthatyoure-createallVMswhenupgradingtothisrelease,duetotheupdateto garden-runc-release .Thiswillhappenautomaticallyifyouareupdatingyourstemcell.Ifnot,youcancheckthe“RecreateAllVMs”checkboxontheOpsManagerDirector>DirectorConfigtab.
[SecurityFix]Bumpsstemcellfromversion3468.21toversion3468.25toaddressissues:
USN-3582-2
[SecurityFix]Bumpscflinuxfs2-releasefromv181.0tov1.188.0toaddressissues:
USN-3577-1 USN-3569-1 USN-3554-1 USN-3547-1 USN-3543-1 USN-3540-2 USN-3538-1
[FeatureImprovement]Bumpsgarden-runc-releasetov1.11.1 whichincludesgrootfsrootfilesystembydefault.
[FeatureImprovement]Patchescloudcontrollersouserswith admin_read_only scopecanviewstatsforapps,whichisneededbythe cf v3-apps
©CopyrightPivotalSoftwareInc,2013-2018 34 1.12
http://www.ubuntu.com/usn/usn-3581-2/http://www.ubuntu.com/usn/usn-3577-1/http://www.ubuntu.com/usn/usn-3569-1/http://www.ubuntu.com/usn/usn-3554-1/http://www.ubuntu.com/usn/usn-3547-1/http://www.ubuntu.com/usn/usn-3543-1/http://www.ubuntu.com/usn/usn-3540-2/http://www.ubuntu.com/usn/usn-3538-1/https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.11.1
-
command.
[BugFix]Patchescloudcontrollernginxhttpuploadmoduletofixissuewhereincorrectinitializationoftheuploadpathcouldcausesegmentationfaults.
Component Version
Stemcell 3468.25
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.188.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.11.1
go-offline-buildpack 1.8.16
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96*
mysql-backup 2.1.0
mysql-monitoring 8.14.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.22
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.0*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
1.12.15[SecurityFix]Patchesrouting-releaseforCVE-2018-1221 .
[BugFix]Bumpspush-usage-servicetoincreasememoryfootprint,toavoidoccasionalcrashesthatsomeuserswereseeing.
©CopyrightPivotalSoftwareInc,2013-2018 35 1.12
https://www.cloudfoundry.org/blog/cve-2018-1221/
-
[BugFix]EnablesprivilegedcontainerstosupportupgradingfromERT1.11withappsthatspecifyprivilegedcontainers.
[BugFix]FixtoensurethatDiegorepwillalwaysexitduringevacuation,evenifGarden destroy hangsduringevacuation.
[BugFix]Patchessyslogtopreventduplicationfromblackboxlogforwarding.
[FeatureImprovements]Bumpmysql-backup-releasetov2inrecognitionofthefactthatv1.38.0requiredTLS.Seeotherchangeshere
[FeatureImprovements]NewoptionintheNetworkingpagetoallowoperatorstoenableGoroutersupportforthePROXYprotocol.Thisisdisabledbydefault.
[FeatureImprovement]EnableGarden debug_listen_address tolistenonalocalinterface.
[FeatureImprovement]AddscredentialsforHealthwatchalerts.
Component Version
Stemcell 3468.21
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.181.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.10.0
go-offline-buildpack 1.8.16
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96*
mysql-backup 2.1.0
mysql-monitoring 8.14.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.22
push-usage-service-release 663.0.8
python-offline-buildpack 1.6.7
routing 0.163.0*
ruby-offline-buildpack 1.7.11
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 36 1.12
http://docs.pivotal.io/p-mysql/1-10/mysql-components-release-notes.html#backup-2.1.0
-
Component Version
1.12.14[SecurityFix]Bumpsapps-manager-releasetov662.0.22tofixvulnerabilitythatallowedarbitraryfileaccessonserver.
[BugFix]Patchesdiego-releasetoallowHTTP-basedhealthcheckonanHTTPendpointthatexpectsTLS-terminatedtraffic.
[BugFix]Bumpsjava-offline-buildpacktov4.8toaddressanissuewithmultiplejava-offline-buildpacksbeingincluded,whichmaycausedeploymentstohavedifferentversionsofjava-offline-buildpackinstalled.
Bumpbuildpackstolatestversions,including:
dotnet-core-offline-buildpacktov2.0.1.go-offline-buildpacktov1.8.16.java-offline-buildpacktov4.8.nodejs-offline-buildpacktov1.6.15.php-offline-buildpacktov4.3.48.python-offline-buildpacktov1.6.7.ruby-offline-buildpacktov1.7.11.staticfile-offline-buildpacktov1.4.21.
Component Version
Stemcell 3468.21
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.181.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 2.0.1
garden-runc 1.10.0
go-offline-buildpack 1.8.16
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.8
loggregator 96*
mysql-backup 1.38.0
mysql-monitoring 8.14.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.15
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.48
pivotal-account 1.8.2
push-apps-manager-release 662.0.22
push-usage-service-release 663.0.7
python-offline-buildpack 1.6.7
routing 0.163.0*
ruby-offline-buildpack 1.7.11
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 37 1.12
-
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.21
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.13[SecurityFix]Bumpsstemcelltoversion3468.21toaddressissues:
USN-3534-1 USN-3540-2
[SecurityFix]Bumpscflinuxfs2-releasetov1.181.0toaddressissues:
USN-3532-1 USN-3534-1 USN-3535-1
[SecurityFix]Bumpsapps-manager-releasetov662.0.19
Addsnewsecurityheaders:'Strict-Transport-Security’,'X-Content-Type-Options’,and'X-XSS-Protection’
[SecurityFix]Patchescapi-releasetofixissuewhererefreshtokensarenotacceptedwhereaccesstokensarerequired.
CVE-2018-1195
[BugFix]Bumpsmysql-monitoring-releasetov8.14.0
[BugFix]Patchescapi-releasetousedelayedjobqueuetoknowwhenajobisinprogress
[FeatureImprovement]Bumpssyslog-migration-releasetov8.0.1andaddacheckboxforlogfileforwardingthroughTCPtoworkaroundtheTruncatedSyslogMessagesissue.
NOTE:UsingTCPinsteadofthedefaultUDPconfigurationmayhaveanegativeimpactonperformance.
Component Version
Stemcell 3468.21
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.181.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 1.0.30
garden-runc 1.10.0
go-offline-buildpack 1.8.13
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.6
loggregator 96*
mysql-backup 1.38.0
mysql-monitoring 8.14.0*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 38 1.12
http://www.ubuntu.com/usn/usn-3534-1/http://www.ubuntu.com/usn/usn-3540-2/http://www.ubuntu.com/usn/usn-3532-1/http://www.ubuntu.com/usn/usn-3534-1/http://www.ubuntu.com/usn/usn-3535-1/https://www.cloudfoundry.org/cve-2017-14388/
-
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.10
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.43
pivotal-account 1.8.2
push-apps-manager-release 662.0.19
push-usage-service-release 663.0.6
python-offline-buildpack 1.6.1
routing 0.163.0*
ruby-offline-buildpack 1.7.5
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.18
statsd-injector 1.0.29
syslog-migration 8.0.1
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.12[BugFix]Bumpsuaa-releasetov45.7.
[BugFix]PatchtoallowtheBBStomaintainitslockwhentheMySQLVMsarebeingupgraded.
[BugFix]Bumpsapps-manager-releasetov662.0.18toresolveanumberofissues:
Ifinstancehealthisnotloaded,donotrenderrowdraweronappstatustable.Whendeletingapps,usecapiv3endpoint.FixedbugwhereusingDockerwouldcrashAppsManagerbecauseofnon-existentbuildpackinfo.Forappthreadstab,handlewhentherearenoappinstances.FixeddownloadofSpringthreadsonIE.HidenativeselectdropdownonIEandFirefox.DisplayformattedcostwithallcurrenciesinsteadofjustUSDinplansummary.Fixedwiringissuethatcausestheflyouttoalwaysbelievenon-basicserviceswerenotallowed.Fixedselectvsupgradeyouraccountbuttonwhencomingfromappservicestabpanelheader.Loadapphealthafterscaling.Updatedgitandbuildpacktexttomatchaccessibilitystandards.Showv3appscalingeventsontheapppageeventpanel.Loadeventsafterscalingapp.Whenacallto/cloudfoundryapplicationfails,donotcontinuetocheckiftheappisaspringapp.Addclickjackingprotection,whilestillallowingAppsManagertoloadsingular.Longorgnamesinthenavbarorgdropdownareellipsified.Whencheckingenvvariables,donotthrowifuserdoesnothavepermission.Spacememberstabshouldshowallmembersintheorgeveniftheyarenotpermittedtothespace.Fixed404pagefooterinIE.Fixedstylinginaccountingreportdownloadbutton.Fetchallroutesforspacesinsteadofjustthefirstpage.
[BugFix]Addsmissingdefaultdomain streaming-mysql-backup-tool tomysql-backupcertificate.Note:ifyouinstalled1.12.10or1.12.11,youwillhavetorotatecertificates.SeethisKBarticleformoredetails:PivotalApplicationServiceBackupandRestorefailsduetoMissingStreamingmysql-backup-toolDomain
[BugFix]Bumpspivotal-account-releasetov1.8.2tofixbugthatpreventederrandsfromrunningmorethanonce.
[FeatureImprovement]TheSAML'EntityIdOverride’fieldhasbeenmovedfromtheAuthenticationandEnterpriseSSOtabtotheUAAtabinOpsManager,toaccompanytheotherSAMLfieldsintheUAAtab.
Component Version
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 39 1.12
https://discuss.pivotal.io/hc/en-us/articles/360000139954
-
Stemcell 3445.22
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.176.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 1.0.30
garden-runc 1.10.0
go-offline-buildpack 1.8.13
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.6
loggregator 96*
mysql-backup 1.38.0
mysql-monitoring 8.13.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.10
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.43
pivotal-account 1.8.2
push-apps-manager-release 662.0.18
push-usage-service-release 663.0.6
python-offline-buildpack 1.6.1
routing 0.163.0*
ruby-offline-buildpack 1.7.5
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.18
statsd-injector 1.0.29
syslog-migration 8
uaa 45.7
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.11
[SecurityFix]Bumpsstemcellversionto3445.22forUSN-3544-2 andUSN-3544-4
Component Version
ThisreleaseintroducesabugthatcausesBBRbackupstofailduetoamissingdefaultdomaininthemysql-backupcertificate.Werecommendskippingthisreleaseandupgradingto1.12.12orhigher,whichresolvesthisissue.SeethecorrespondingKnowledgeBase formoreinformation.
©CopyrightPivotalSoftwareInc,2013-2018 40 1.12
https://discuss.pivotal.io/hc/en-us/articles/360000139954http://www.ubuntu.com/usn/usn-3522-2/http://www.ubuntu.com/usn/usn-3522-4/
-
Stemcell 3445.22
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.176.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 1.0.30
garden-runc 1.10.0
go-offline-buildpack 1.8.13
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.6
loggregator 96*
mysql-backup 1.38.0
mysql-monitoring 8.13.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.10
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.43
pivotal-account 1.6.5
push-apps-manager-release 662.0.17
push-usage-service-release 663.0.6
python-offline-buildpack 1.6.1
routing 0.163.0*
ruby-offline-buildpack 1.7.5
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.18
statsd-injector 1.0.29
syslog-migration 8
uaa 45.4
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.10
[SecurityFix]Bumpscflinuxfs2-releasetov1.176.0forUSN-3513-1 .
[BugFix]Resolvesanissueincontainer-networkingwhereacomponentinthesamenetworkwithmTLScancauseansqlinjectiononthe
ThisreleaseintroducesabugthatcausesBBRbackupstofailduetoamissingdefaultdomaininthemysql-backupcertificate.Werecommendskippingthisreleaseandupgradingto1.12.12orhigher,whichresolvesthisissue.SeethecorrespondingKnowledgeBase formoreinformation.
©CopyrightPivotalSoftwareInc,2013-2018 41 1.12
https://discuss.pivotal.io/hc/en-us/articles/360000139954https://usn.ubuntu.com/usn/usn-3513-1/
-
DeleteEntry databasehandler.
[BugFix]Resolvesabugwheretaskstatesarenotupdatedwhendropletsaredeleted.
[FeatureImprovement]OpsManagernowallowsoperatorstospecifyanAzureenvironmentnameotherthanthedefault'AzureCloud’.TheoptionisintabFileStorage,undertheExternalAzureStorageintheEnvironmentfield.
[FeatureImprovement]Bumpsmysql-monitoring-releasetov8.13.0toadddiskusagemetricsasapercentage.
[FeatureImprovement]Bumpsmysql-backup-releasetov1.38.0whichenablesmutualTLSbetweenthebackupnodeandserver.
[Feature]Bumpsgarden-runc-releasetov1.10.0:
Itisnowpossibletospecifya ProcessSpec.Image .Processescannowhavetheirownfilesystemview.Limitation:Itisonlypossibletouse ProcessSpec.Image and ProcessSpec.OverrideContainerLimits withunprivilegedcontainers.Thiswillbefixedinfuturereleases.Limitation:APIssuchas BulkMetrics and Process.Signal maynotworkimmediatelyafter container.Run(ProcessSpec) returnsforprocesseswith Image and/or OverrideContainerLimits specified.Thiswillbefixedinfuturereleases.Reducedlogvolumein BulkMetrics forlargeenvironments.CorrectlydeclaresthatbundlesitcreatesareOCIRuntimeSpecversion1.0.0compliant.
Component Version
Stemcell 3445.19
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.176.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 1.0.30
garden-runc 1.10.0
go-offline-buildpack 1.8.13
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.6
loggregator 96*
mysql-backup 1.38.0
mysql-monitoring 8.13.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.10
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.43
pivotal-account 1.6.5
push-apps-manager-release 662.0.17
push-usage-service-release 663.0.6
python-offline-buildpack 1.6.1
routing 0.163.0*
ruby-offline-buildpack 1.7.5
scalablesyslog 11
service-backup 18.1.2
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 42 1.12
-
staticfile-offline-buildpack 1.4.18
statsd-injector 1.0.29
syslog-migration 8
uaa 45.4
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.9[SecurityFix]Bumpsstemcellversionto3445.19forUSN-3509-2 .
[SecurityFix]Bumpscflinuxfs2-releasetov1.171.0toresolveseveralsecurityvulnerabilities:
USN-3489-1:BerkeleyDBvulnerability USN-3496-1:Pythonvulnerability USN-3496-3:Pythonvulnerability USN-3498-1:curlvulnerabilities USN-3501-1:libxcursorvulnerability
[BugFix]Bumpsapps-manager-releasetov662.0.17toresolvesomebugs:
Longorgnamesinthenavbarorgdropdownareellipsified.FixthelookoftheselectcomponentinFirefox.Fixapagecrashthatcouldoccurwhenrefreshinganapppageasaspaceauditor.ImprovedtheresiliencyoftheAppsManagerserverwhenaproxyerroroccurs.Showallorgandspacemembersinthespacememberstableontheorg/spacepagememberstabs.
[BugFix]Bumpscf-mysql-releasetov36.10.0tofinalizeafixforconfigurationandmanagementofsyslog.ReleaseNotes
[BugFix]Bumpsmysql-monitoring-releasetov8.12.0tofinalizeafixforconfigurationandmanagementofsyslog.
[BugFix]OperatorscannowoptionallydisableRouterAccesslogs.ThiswillpreventtheRouterlocaldiskfrombecomingfilledwhentheRoutersareexperiencingincreasedincomingtraffic.
[FeatureImprovement]OperatorscannowspecifythemutualTLScertificatevalidationbehaviorfortheRouter.TheRouterwillrequestcertificatesbydefaultandvalidatethemifprovided.OperatorscanoptionallyconfiguretheRouternottorequestcertificatesortorequirethemwitheveryrequest.
[FeatureImprovement]OperatorscannowoverridetheirSAMLEntityIDwhenconfigurationSAMLasanIdentityProvider.
Component Version
Stemcell 3445.19
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.10.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.171.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 1.0.30
garden-runc 1.9.4
go-offline-buildpack 1.8.13
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.6*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
WARNING:RequeststotheplatformwillfailuponupgradeifyourloadbalancerisconfiguredwithclientcertificatesandGorouterdoesnothavethecertificateauthority.Tomitigatethisissue,selectRouterdoesnotrequestclientcertificatesforRouterbehaviorforClientCertificateValidationintheNetworkingpane.
©CopyrightPivotalSoftwareInc,2013-2018 43 1.12
https://www.cloudfoundry.org/usn-3509-2/https://usn.ubuntu.com/usn/usn-3489-1/https://usn.ubuntu.com/usn/usn-3496-1/https://usn.ubuntu.com/usn/usn-3496-3/https://usn.ubuntu.com/usn/usn-3498-1/https://usn.ubuntu.com/usn/usn-3501-1/https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v36.10.0
-
loggregator 96*
mysql-backup 1.35.0
mysql-monitoring 8.12.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.10
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.43
pivotal-account 1.6.1
push-apps-manager-release 662.0.17
push-usage-service-release 663.0.6
python-offline-buildpack 1.6.1
routing 0.163.0*
ruby-offline-buildpack 1.7.5
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.18
statsd-injector 1.0.29
syslog-migration 8
uaa 45.4
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.8[SecurityFix]Bumpsapps-manager-releasetov662.0.16toresolveanumberofissues:
Upgradestonodejsv8.0toresolveanumberofsecurityissues.WhenviewingaSpringApp’sThreadstab,andtherearenorunninginstances,thereisnowtexttoconveythis.FixdownloadingofSpringthreadsinInternetExplorer.FixappearanceofselectinputsinInternetExplorer.FormatserviceplancostsaccordingtosupportedcurrenciesinAppsManagerconfigurationonthespacepage,servicestabFixbugwherepaidplanswouldnotbeallowedwhentryingtoaddaservicefromthespaceorapppage.Whenscalinganapp,showupdatedapphealthmorequickly.Showappscalingeventsintheeventspanelontheapppage.Changecolorofbuildpacktexttomeetaccessibilitystandards.PreventAppsManagerfrombeingrenderedinaniframe.
[SecurityFix]Bumpsbuildpackreleasesversionstopickupsecurityandbugfixes:
binary-buildpackv1.0.15 dotnet-core-buildpackv1.0.30 go-buildpackv1.8.13 java-buildpackv4.6 nodejs-buildpackv1.6.10 php-buildpackv4.3.43 python-buildpackv1.6.1 ruby-buildpackv1.7.5 staticfile-buildpackv1.4.18
[SecurityFix]Bumpsthestemcelltov3445.17toresolvethefollowingsecurityissues:
USN-3457-1:curlvulnerability USN-3458-1:ICUvulnerability USN-3464-1:Wgetvulnerabilities USN-3469-2:Linuxkernel(XenialHWE)vulnerabilities USN-3475-1:OpenSSLvulnerabilities
©CopyrightPivotalSoftwareInc,2013-2018 44 1.12
https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.15https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.30https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.13https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.6https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.10https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.43https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.6.1https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.7.5https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.18https://usn.ubuntu.com/usn/usn-3457-1/https://usn.ubuntu.com/usn/usn-3458-1/https://usn.ubuntu.com/usn/usn-3464-1/https://usn.ubuntu.com/usn/usn-3469-2/https://usn.ubuntu.com/usn/usn-3475-1/
-
USN-3478-1:Perlvulnerabilities USN-3485-2:Linuxkernel(XenialHWE)vulnerabilities
[SecurityFix]Bumpscflinuxfs2-releasetov1.168.0toresolveUSN-3478-1:Perlvulnerabilities .
[SecurityFix]PatchesCloudControllertopreventusersfrombeingabletocreateaprivatesubdomainofarouteinanorganizationtheydonothaveaccessto.
[BugFix]RevertsthepreviouspatchereleasechangetotheSAMLEntityIDfield.Thefieldisonceagainusing http foritsURLscheme.
[Improvement]Thecustombrandingfieldsforthesquarelogoandfaviconarenowseparatefields.
Component Version
Stemcell 3445.17
binary-offline-buildpack 1.0.15
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.9.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.168.0
consul 187
diego 1.25.3
dotnet-core-offline-buildpack 1.0.30
garden-runc 1.9.4
go-offline-buildpack 1.8.13
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.6
loggregator 96*
mysql-backup 1.35.0
mysql-monitoring 8.8.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.10
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.43
pivotal-account 1.6.1
push-apps-manager-release 662.0.16
push-usage-service-release 663.0.6
python-offline-buildpack 1.6.1
routing 0.163.0
ruby-offline-buildpack 1.7.5
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.18
statsd-injector 1.0.29
syslog-migration 8
uaa 45.4
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
©CopyrightPivotalSoftwareInc,2013-2018 45 1.12
https://usn.ubuntu.com/usn/usn-3478-1/https://usn.ubuntu.com/usn/usn-3485-2/https://usn.ubuntu.com/usn/usn-3478-1/
-
1.12.7
[SecurityFix]Bumpscflinuxfs2-releasetov1.166.0toresolveUSN-3475-1 .ReleaseNotes
[BugFix]Bumpscf-mysql-releasetov36.9.0toresolveanissuewhereIPseccausesmariadb_ctrltobeleftinan Execution Failed state.ReleaseNotes
[SecurityFix]Bumpsusage-service-releasetov663.0.6tohidesensitivecredentialinformationwhentheUsageServicedeploymenterrandisrun.
[SecurityFix]Bumpsgrootfs-releasetov0.30.0toresolveCVE-2017-14388 .ReleaseNotes .
[BugFix]ChangestheschemefortheSAMLEntityIDfrom http to https .
Component Version
Stemcell 3445.16
binary-offline-buildpack 1.0.14
capi 1.40.0*
cf-autoscaling 95
cf-backup-and-restore 0.0.9
cf-mysql 36.9.0
cf-networking 1.4.0*
cf-smoke-tests 38
cflinuxfs2 1.166.0
consul 181
diego 1.25.3
dotnet-core-offline-buildpack 1.0.24
garden-runc 1.9.4
go-offline-buildpack 1.8.6
grootfs 0.30.0
haproxy 8.4.1
java-offline-buildpack 4.5
loggregator 96*
mysql-backup 1.35.0
mysql-monitoring 8.8.0
nats 22
nfs-volume 1.0.9
nodejs-offline-buildpack 1.6.6
notifications 37
notifications-ui 29
php-offline-buildpack 4.3.40
pivotal-account 1.6.1
push-apps-manager-release 662.0.14
push-usage-service-release 663.0.6
python-offline-buildpack 1.5.24
routing 0.163.0
ruby-offline-buildpack 1.6.47
scalablesyslog 11
service-backup 18.1.2
staticfile-offline-buildpack 1.4.14
statsd-injector 1.0.29
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
ThisreleasehasbeenpulledduetoaregressionintroducedintheSAMLidentityproviderinterface.Pleaseupgradeto1.12.8orhighertoresolvethisissuewiththeSAMLentityID.
©CopyrightPivotalSoftwareInc,2013-2018 46 1.12
http://www.ubuntu.com/usn/usn-3475-1/https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.166.0https://github.com/cloudfoundry/cf-mysql-release/releases/tag/v36.9.0https://www.cloudfoundry.org/cve-2017-14388/https://github.com/cloudfoundry/grootfs-release/releases/tag/v0.30.0
-
syslog-migration 8uaa 45.4
*Componentsmarkedwithanasteriskhavebeenpatchedtoresolvesecurityvulnerabilitiesorfixcomponentbehavior.
Component Version
1.12.6[SecurityFix]Bumpsthestemcelltov3445.16toresolveseveralsecurityvulnerabilities:
USN-3424-1 USN-3432-1 USN-3434-1 USN-3441-1 USN-3444-2
[SecurityFix]Bumpsthecflinuxfs2-releasetov1.165.0toresolveseveralsecurityvulnerabilities:
USN-3457-1 USN-3458-1 USN-3464-1
[BugFix]Bumpsuaa-releasetov45.4topreventadenialofserviceattackagainstthetokenrevocationendpoint.
[BugFix]Patchesloggregator-releasetoremovethe totalReceivedMessageCount metricfromthev2API.
ThelogginglevelfortheCloudController