release: github.com/cloudfoundry/cf-release / 227

Github source: 07527d79 or master branch

The cf-release v227 was released on January 06, 2016.

Important: - The Python buildpack included in this release includes a regression whereby it fails to work in offline environments (disconnected from the Internet). Specifically, it fails to stage applications. A fix for the buildpack has already been released and administrators can use the cf update-buildpack command in their Cloud Foundry installations if they do not wish to wait for the next version of cf-release which will include the buildpack update. Due to this reason, we are marking this release as a pre-release, although there are no other known issues and it should be otherwise safe to use. - This v227 release changes how cf-release consumes the UAA. Rather than having a uaa job defined in cf-release, cf-release now consumes the official uaa-release, and just uses the job provided there. The uaa-release extraction allows the UAA to be used standalone, within BOSH, within Cloud Foundry, etc. And by cf-release consuming it this way, we avoid diverging job specifications. This introduces significant changes to the uaa job spec, but these should be largely immaterial to operators deploying Cloud Foundry using the provided manifest templates. The details for all the spec changes can be located here.

Contents: - CC and Service Broker APIs - Runtime - Buildpacks and Stacks - Identity - Routing - Loggregator - Internal Components - Job Spec Changes - Recommended BOSH Stemcell Versions - Recommended Diego Version - Recommended Garden Linux Version

CC and Service Broker APIs

CC API Version: 2.46.0

Service Broker API Version: 2.8

Cloud Controller

  • [Experimental] Work continues on /v3 and Application Process Types details
  • [Experimental] Work continues on Private Brokers details
  • Fix some field duplication in the api doc details
  • Added script that tells you which cf-release a cloud controller commit is on details
  • cloudfoundry/cloud_controller_ng #475: Use login.protocol instead of uaa.no_ssl details
    • New default property in cc specs.
    • Added in this commit
    • Removed property from cc specs in this commit
    • If nothing is specified in manifest stubs, the protocol will default to https.
  • cloudfoundry/cloud_controller_ng #473: Don’t allow null environment variable groups details
  • Return 202 instead of 201 on buildpack cache delete details
  • Return better errors on /v2/resource_match for invalid input details
  • Remove erroneous params from several list endponts on apidocs details
  • cloudfoundry/cloud_controller_ng #476: Remove ‘builders’ Test Suite From Rake Task. details
  • cloudfoundry/cloud_controller_ng #477: Add Filter To User-Provided Service Instances API. details
  • cloudfoundry/cloud_controller_ng #469: Empty request body documented on update of space quota details
  • removed experimental service migration endpoint details
  • Bump delayed_job_sequel to use merged-in 4.1.0 upstream to attempt to prevent system hangs when delayed job queue is full of failed jobs details
    • Jobs have a default priority of zero, so we first deprioritize it to 1. If it’s been deprioritized in the past, we double its priority.
  • cloudfoundry/cloud_controller_ng #462: Droplet packaging fails after push on asp.net apps details
    • Bumped mime-types gem to Version 2.6.2
  • Remove unnecessary guid field from create route endpoint details
  • Update cloud controller to Ruby 2.2.4 details
  • Update Nokogiri to 1.6.7.1 details

Runtime

DEA

No changes.

Warden

No changes.

HM9000

No changes.

Buildpacks and Stacks

stacks

updated to 1.24.0 (from 1.20.0)

1.24.0

This release contains only non-critical updates to the rootfs. See the receipt changes at this commit for more information.

1.23.0

Notably, this release addresses [USN-2837-1] “Bind vulnerability” and [USN-2835-1] “Git vulnerability” which address: - CVE-2015-8000 “Responses with a malformed class attribute can trigger an assertion failure in db.c” - CVE-2015-7545 “arbitrary code execution issues via URLs”

1.22.0

Notably, this release addresses USN-2834-1 “libxml2 vulnerabilities” which address: - CVE-2015-5312 “It is one case where the code in place to detect entities expansions failed to exit when the situation was detected, leading to DoS” - CVE-2015-7497 “heap buffer overflow in xmlDictComputeFastQKey” - CVE-2015-7499 “Add xmlHaltParser() to stop the parser The problem is doing it in a consistent and safe fashion It’s more complex than just setting ctxt->instate = XML_PARSER_EOF Update the public function to reuse that new internal routine. Detect incoherency on GROW, the current pointer to the input has to be between the base and end if not stop everything we have an internal state error.” - CVE-2015-7500 “memory access error due to incorrect entities boundaries” - CVE-2015-8241 “Buffer overread with XML parser in xmlNextChar” - CVE-2015-8242 “Buffer overread with HTML parser in push mode in xmlSAX2TextNode” - CVE-2015-8317 “out of bounds read issues in the xmlParseXMLDecl function”

1.21.0

Notably, this release addresses USN-2830-1 “OpenSSL vulnerabilities” which address: - CVE-2015-1794 “Anon DH ServerKeyExchange with 0 p parameter” - CVE-2015-3193 “BN_mod_exp may produce incorrect results on x86_64” - CVE-2015-3194 “Certificate verify crash with missing PSS parameter” - CVE-2015-3195 “X509_ATTRIBUTE memory leak”

go-buildpack

updated to v1.7.1 (from v1.7.0)

v1.7.1

Packaged binaries:

name version cf_stacks
go 1.4.1 cflinuxfs2
go 1.4.2 cflinuxfs2
go 1.4.3 cflinuxfs2
go 1.5.1 cflinuxfs2
go 1.5.2 cflinuxfs2
godep v39 cflinuxfs2
  • SHA256: 117b106343846618cbeeac9cd68cac7283604f9e7b0fbe81d5ad7da3a816f7c1

nodejs-buildpack

updated to v1.5.4 (from v1.5.3)

v1.5.4

Notably this release addresses several CVEs that were patched upstream in Node. - Versions 4.2.2 and 5.1.1 statically link openssl as discussed in RFC (https://github.com/cloudfoundry/nodejs-buildpack/issues/32) - Versions 0.10 and 0.12 match upstream versions but require an updated rootfs to address openssl CVEs. We expect 1.21 to contain these patches.

Changes: - Add support for Node 0.10.41, 0.12.9, 4.2.3, and 5.1.1 - Remove support for Node 0.10.38, 0.12.6, and 4.2.2 (https://www.pivotaltracker.com/story/show/109526542)

Packaged binaries:

name version cf_stacks
node 0.10.40 cflinuxfs2
node 0.10.41 cflinuxfs2
node 0.11.15 cflinuxfs2
node 0.11.16 cflinuxfs2
node 0.12.7 cflinuxfs2
node 0.12.9 cflinuxfs2
node 4.2.3 cflinuxfs2
node 5.1.1 cflinuxfs2
  • SHA256: 88acfa8e135f5e8f1da0afea9458a7ffb97bbe11ba7b21becee359ddef54a6e8

php-buildpack

updated to v4.3.1 (from v4.3.0)

v4.3.1

Packaged binaries:

name version cf_stacks modules
php 5.5.29 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php 5.5.30 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php 5.6.15 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php 5.6.16 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
hhvm 3.5.0 cflinuxfs2
hhvm 3.5.1 cflinuxfs2
hhvm 3.6.0 cflinuxfs2
hhvm 3.6.1 cflinuxfs2
composer 1.0.0-alpha10 cflinuxfs2
httpd 2.4.17 cflinuxfs2
newrelic 4.23.3.111 cflinuxfs2
nginx 1.8.0 cflinuxfs2
nginx 1.9.7 cflinuxfs2
  • SHA256: cbcab7f12163f4fac5fcc8f84caaa3d48243d6e41dceb0732ebf0d684053efc8

python-buildpack

updated to v1.5.3 (from v1.5.2)

v1.5.3

Packaged binaries:

name version cf_stacks
python 2.7.10 cflinuxfs2
python 2.7.11 cflinuxfs2
python 3.3.5 cflinuxfs2
python 3.3.6 cflinuxfs2
python 3.4.2 cflinuxfs2
python 3.4.3 cflinuxfs2
python 3.5.0 cflinuxfs2
python 3.5.1 cflinuxfs2
libffi 3.1 cflinuxfs2
libmemcache 1.0.18 cflinuxfs2
  • SHA256: 61c570658e6b769c2cc0dbcbb600e60626ba78cb37359d73163493157f7b95df

ruby-buildpack

updated to v1.6.11 (from v1.6.9)

v1.6.11

Notably, the following CVE was fixed in this release: CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL - Added Ruby 2.2.4, 2.1.8, 2.0.0p648, Dropped 2.2.2, 2.1.6, 2.0.0p647 (https://www.pivotaltracker.com/story/show/110307648) - Removed manifest-including-unsupported (https://www.pivotaltracker.com/story/show/109537822)

Packaged binaries:

name version cf_stacks
ruby 2.0.0 cflinuxfs2
ruby 2.1.7 cflinuxfs2
ruby 2.1.8 cflinuxfs2
ruby 2.2.3 cflinuxfs2
ruby 2.2.4 cflinuxfs2
jruby ruby-1.9.3-jruby-1.7.23 cflinuxfs2
jruby ruby-2.0.0-jruby-1.7.23 cflinuxfs2
jruby ruby-2.2.2-jruby-9.0.4.0 cflinuxfs2
node 0.12.7 cflinuxfs2
bundler 1.9.7 cflinuxfs2
libyaml 0.1.6 cflinuxfs2
openjdk1.8-latest 1.8.0_65 cflinuxfs2
rails3_serve_static_assets - cflinuxfs2
rails_log_stdout - cflinuxfs2
  • SHA256: 5a94c4a4359c30bb1ddbd0b1f50c986d0a1fd8a1e8a51b05d00d1e2ecbdc97b6

v1.6.10

Packaged binaries:

name version cf_stacks
ruby 2.0.0 cflinuxfs2
ruby 2.1.6 cflinuxfs2
ruby 2.1.7 cflinuxfs2
ruby 2.2.2 cflinuxfs2
ruby 2.2.3 cflinuxfs2
jruby ruby-1.9.3-jruby-1.7.23 cflinuxfs2
jruby ruby-2.0.0-jruby-1.7.23 cflinuxfs2
jruby ruby-2.2.2-jruby-9.0.4.0 cflinuxfs2
node 0.12.7 cflinuxfs2
bundler 1.9.7 cflinuxfs2
libyaml 0.1.6 cflinuxfs2
openjdk1.8-latest 1.8.0_65 cflinuxfs2
rails3_serve_static_assets - cflinuxfs2
rails_log_stdout - cflinuxfs2
  • SHA256: c583cba0917e34e99646ab5159ccd5e3ff0a95d4af23635de998fbadf7ea32c6

staticfile-buildpack

updated to v1.3.0 (from v1.2.3)

v1.3.0

Item of note: - We’ve updated the version of this release to 1.3.0 to represent a new milestone of tracking nginx mainline releases. - added nginx 1.9.9, drop 1.8.0 (https://www.pivotaltracker.com/story/show/110627622) - correctly redirect http to https

Packaged binaries:

name version cf_stacks
nginx 1.9.9 cflinuxfs2
  • SHA256: 7616b0339149743cf18b36cd87ae83ffc76095aa9221465c8d27e244a3be4c27

stacks

updated to 1.24.0 (from 1.20.0)

1.24.0

This release contains only non-critical updates to the rootfs. See the receipt changes at this commit for more information.

1.23.0

Notably, this release addresses [USN-2837-1] “Bind vulnerability” and [USN-2835-1] “Git vulnerability” which address: - CVE-2015-8000 “Responses with a malformed class attribute can trigger an assertion failure in db.c” - CVE-2015-7545 “arbitrary code execution issues via URLs”

1.22.0

Notably, this release addresses USN-2834-1 “libxml2 vulnerabilities” which address: - CVE-2015-5312 “It is one case where the code in place to detect entities expansions failed to exit when the situation was detected, leading to DoS” - CVE-2015-7497 “heap buffer overflow in xmlDictComputeFastQKey” - CVE-2015-7499 “Add xmlHaltParser() to stop the parser The problem is doing it in a consistent and safe fashion It’s more complex than just setting ctxt->instate = XML_PARSER_EOF Update the public function to reuse that new internal routine. Detect incoherency on GROW, the current pointer to the input has to be between the base and end if not stop everything we have an internal state error.” - CVE-2015-7500 “memory access error due to incorrect entities boundaries” - CVE-2015-8241 “Buffer overread with XML parser in xmlNextChar” - CVE-2015-8242 “Buffer overread with HTML parser in push mode in xmlSAX2TextNode” - CVE-2015-8317 “out of bounds read issues in the xmlParseXMLDecl function”

1.21.0

Notably, this release addresses USN-2830-1 “OpenSSL vulnerabilities” which address: - CVE-2015-1794 “Anon DH ServerKeyExchange with 0 p parameter” - CVE-2015-3193 “BN_mod_exp may produce incorrect results on x86_64” - CVE-2015-3194 “Certificate verify crash with missing PSS parameter” - CVE-2015-3195 “X509_ATTRIBUTE memory leak”

go-buildpack

updated to v1.7.1 (from v1.7.0)

v1.7.1

Packaged binaries:

name version cf_stacks
go 1.4.1 cflinuxfs2
go 1.4.2 cflinuxfs2
go 1.4.3 cflinuxfs2
go 1.5.1 cflinuxfs2
go 1.5.2 cflinuxfs2
godep v39 cflinuxfs2
  • SHA256: 117b106343846618cbeeac9cd68cac7283604f9e7b0fbe81d5ad7da3a816f7c1

nodejs-buildpack

updated to v1.5.4 (from v1.5.3)

v1.5.4

Notably this release addresses several CVEs that were patched upstream in Node. - Versions 4.2.2 and 5.1.1 statically link openssl as discussed in RFC (https://github.com/cloudfoundry/nodejs-buildpack/issues/32) - Versions 0.10 and 0.12 match upstream versions but require an updated rootfs to address openssl CVEs. We expect 1.21 to contain these patches.

Changes: - Add support for Node 0.10.41, 0.12.9, 4.2.3, and 5.1.1 - Remove support for Node 0.10.38, 0.12.6, and 4.2.2 (https://www.pivotaltracker.com/story/show/109526542)

Packaged binaries:

name version cf_stacks
node 0.10.40 cflinuxfs2
node 0.10.41 cflinuxfs2
node 0.11.15 cflinuxfs2
node 0.11.16 cflinuxfs2
node 0.12.7 cflinuxfs2
node 0.12.9 cflinuxfs2
node 4.2.3 cflinuxfs2
node 5.1.1 cflinuxfs2
  • SHA256: 88acfa8e135f5e8f1da0afea9458a7ffb97bbe11ba7b21becee359ddef54a6e8

php-buildpack

updated to v4.3.1 (from v4.3.0)

v4.3.1

Packaged binaries:

name version cf_stacks modules
php 5.5.29 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php 5.5.30 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php 5.6.15 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php 5.6.16 cflinuxfs2 amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
hhvm 3.5.0 cflinuxfs2
hhvm 3.5.1 cflinuxfs2
hhvm 3.6.0 cflinuxfs2
hhvm 3.6.1 cflinuxfs2
composer 1.0.0-alpha10 cflinuxfs2
httpd 2.4.17 cflinuxfs2
newrelic 4.23.3.111 cflinuxfs2
nginx 1.8.0 cflinuxfs2
nginx 1.9.7 cflinuxfs2
  • SHA256: cbcab7f12163f4fac5fcc8f84caaa3d48243d6e41dceb0732ebf0d684053efc8

python-buildpack

updated to v1.5.3 (from v1.5.2)

v1.5.3

Packaged binaries:

name version cf_stacks
python 2.7.10 cflinuxfs2
python 2.7.11 cflinuxfs2
python 3.3.5 cflinuxfs2
python 3.3.6 cflinuxfs2
python 3.4.2 cflinuxfs2
python 3.4.3 cflinuxfs2
python 3.5.0 cflinuxfs2
python 3.5.1 cflinuxfs2
libffi 3.1 cflinuxfs2
libmemcache 1.0.18 cflinuxfs2
  • SHA256: 61c570658e6b769c2cc0dbcbb600e60626ba78cb37359d73163493157f7b95df

ruby-buildpack

updated to v1.6.11 (from v1.6.9)

v1.6.11

Notably, the following CVE was fixed in this release: CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL - Added Ruby 2.2.4, 2.1.8, 2.0.0p648, Dropped 2.2.2, 2.1.6, 2.0.0p647 (https://www.pivotaltracker.com/story/show/110307648) - Removed manifest-including-unsupported (https://www.pivotaltracker.com/story/show/109537822)

Packaged binaries:

name version cf_stacks
ruby 2.0.0 cflinuxfs2
ruby 2.1.7 cflinuxfs2
ruby 2.1.8 cflinuxfs2
ruby 2.2.3 cflinuxfs2
ruby 2.2.4 cflinuxfs2
jruby ruby-1.9.3-jruby-1.7.23 cflinuxfs2
jruby ruby-2.0.0-jruby-1.7.23 cflinuxfs2
jruby ruby-2.2.2-jruby-9.0.4.0 cflinuxfs2
node 0.12.7 cflinuxfs2
bundler 1.9.7 cflinuxfs2
libyaml 0.1.6 cflinuxfs2
openjdk1.8-latest 1.8.0_65 cflinuxfs2
rails3_serve_static_assets - cflinuxfs2
rails_log_stdout - cflinuxfs2
  • SHA256: 5a94c4a4359c30bb1ddbd0b1f50c986d0a1fd8a1e8a51b05d00d1e2ecbdc97b6

v1.6.10

Packaged binaries:

name version cf_stacks
ruby 2.0.0 cflinuxfs2
ruby 2.1.6 cflinuxfs2
ruby 2.1.7 cflinuxfs2
ruby 2.2.2 cflinuxfs2
ruby 2.2.3 cflinuxfs2
jruby ruby-1.9.3-jruby-1.7.23 cflinuxfs2
jruby ruby-2.0.0-jruby-1.7.23 cflinuxfs2
jruby ruby-2.2.2-jruby-9.0.4.0 cflinuxfs2
node 0.12.7 cflinuxfs2
bundler 1.9.7 cflinuxfs2
libyaml 0.1.6 cflinuxfs2
openjdk1.8-latest 1.8.0_65 cflinuxfs2
rails3_serve_static_assets - cflinuxfs2
rails_log_stdout - cflinuxfs2
  • SHA256: c583cba0917e34e99646ab5159ccd5e3ff0a95d4af23635de998fbadf7ea32c6

Identity

  • UAA Version 2.7.3 - No Changes
  • This v227 release changes how cf-release consumes the UAA. Rather than having a uaa job defined in cf-release, cf-release now consumes the official uaa-release, and just uses the job provided there. The uaa-release extraction allows the UAA to be used standalone, within BOSH, within Cloud Foundry, etc. And by cf-release consuming it this way, we avoid diverging job specifications. This introduces significant changes to the uaa job spec, but these should be largely immaterial to operators deploying Cloud Foundry using the provided manifest templates. The details for all the spec changes can be located here.

Routing

GoRouter - Gorouter now caches oauth token for use with Routing API details - Gorouter only obtain necessary permissions for Routing API details - Changed default log level for Gorouter from info to debug details - Gorouter no longer severs open client connections prematurely on shutdown; connections are allowed to drain details - When manifest property router.secure_cookies:false, the secure property for the VCAP_ID cookie now matches the secure property for JSESSIONID details - GoRouter no longer supports RC4 ciphers for TLS by default details - Merged GoRouter PR #104: Update dropsonde details - Merged cf-release PR #624: Adding optional config to HAProxy for logging, buffer size, and stats socket. details

Route Services (in progress) - Route services manifest property name changed from route_service_timeout to route_services_timeout to be consistent with other properties details - CC now validates valid format of route_service_url for user-provided service instances details - CC now returns an error when attempting to modify service_instance_guid with a PUT to /v2/routes/:guid. Routes should be bound to service instances using PUT /v2/service_instances/:guid/routes/:guid details - CC now returns a error when attempting to bind the same route and service instance a second time; a different error is returned when attempting to bind the service instance to a different route details - CC now returns a warning (with success) when registering a broker that offers a route service but support for route services is disabled details - CC now returns a warning (with success) when creating a service instance for which the broker has declared “requires”:[“route_forwarding] but support for route services is disabled details - CC now returns an error when binding a service instance to route but route services is disabled details

Multiple App Ports (in progress) - /v2/apps now lists ports enabled for docker apps details - CC clients can now update the ports for a Diego app details - CC now returns an error when ports requested for a Diego app are <1024 details

Routing API (in progress) - Routing API is now disabled by default; GoRouter will not fetch configuration from Routing API, nor will the route for the Routing API be registered with GoRouter details - Routing API acceptance tests are an optional suite separate from the routing suite for CATS details

Loggregator

  • Major Feature Metron->Doppler TCP

Internal Components

consul

  • Consul agents support DNS recursion. details

etcd

No changes.

etcd-metrics-server

No changes.

route_registrar

No changes.

Job Spec Changes

  • By consuming the uaa job from uaa-release, this release introduces a large number of job spec changes for uaa, as well as a few other jobs that depend on properties defined in the uaa job spec. details
  • Added router.route_services_secret property to gorouter job. details
  • Added doppler.websocket_write_timeout_seconds property to doppler job. details
  • Changed default value of router.enable_routing_api property in gorouter job from true to false. details
  • Renamed router.route_service_timeout property in gorouter job to router.route_services_timeout. details
  • Added metron_agent.enable_buffer and metron_agent.buffer_size properties to metron_agent job. details

Recommended BOSH Stemcell Versions

  • AWS: light-bosh-stemcell-3163-aws-xen-hvm-ubuntu-trusty-go_agent
  • vSphere: bosh-stemcell-3163-vsphere-esxi-ubuntu-trusty-go_agent
  • OpenStack: bosh-stemcell-3163-openstack-kvm-ubuntu-trusty-go_agent
  • BOSH-Lite: bosh-stemcell-3147-warden-boshlite-ubuntu-trusty-go_agent

These are soft recommendations; several different versions of the BOSH and stemcells are likely to work fine with this version of cf-release and the corresponding versions of diego-release, garden-linux-release, and etcd-release.

Recommended Diego Version

This is a soft recommendation; several different versions of the diego-release may work fine with this version of cf-release.

Recommended Garden Linux Version

This is a soft recommendation; several different versions of the garden-linux release may work fine with this version of cf-release and the aforementioned version of diego-release.

Recommended ETCD Version for Diego Deployment

  • Etcd final release v20

This is a soft recommendation; several different versions of the etcd release may work fine with this version of cf-release and the aforementioned version of diego-release.

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=227

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: cf, version: "227"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 008b6f796a15905189ef53b06d58d78f2125a13b release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=227

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=227