release: github.com/cloudfoundry/cf-release / 246

Github source: e49436ed or master branch

The cf-release v246 was released on November 03, 2016.

IMPORTANT - With this release UAA defaults to enforcing signature validation on Incoming SAML Assertions. Please make sure any SAML Identity configured for UAA is sending only signed SAML assertions

Contents: - CC and Service Broker APIs - Identity - Routing - Loggregator - Buildpacks and Stacks - DEA-Warden-HM9000 Runtime - Internal Components - Recommended Versions of Additional Releases - Job Spec Changes - Recommended BOSH Stemcell Versions

CC and Service Broker APIs

Contains CAPI release v1.10.0. Release notes for v1.8.0, v1.9.0, and v1.10.0

Identity

Updated to UAA Release 3.8.0 Spec changes can be found here

Routing

Routing-release bumped to 0.141.0

Loggregator

No changes.

Buildpacks and Stacks

stacks

updated to 1.89.0 (from 1.86.0)

1.89.0

No CVEs present. Notably, this release introduces the libsasl2-dev package.

1.88.0

No CVEs present.

1.87.0

No CVEs present.

binary-buildpack

updated to v1.0.5 (from v1.0.4)

v1.0.5

go-buildpack

updated to v1.7.14 (from v1.7.13)

v1.7.14

Default binary versions: go 1.6.3

java-buildpack

updated to v3.10 (from v3.9)

v3.10

I’m pleased to announce the release of the java-buildpack, version 3.10. This release updates the Dynatrace frameworks. - Updated Dynatrace Frameworks (via Alois Mayr)

For a more detailed look at the changes in 3.10, please take a look at the commit log. Packaged versions of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.

nodejs-buildpack

updated to v1.5.22 (from v1.5.21)

v1.5.22

  • Add node 6.9.0 and 6.8.1, remove node 6.6.0 and 6.7.0
  • Add node 0.10.48, remove node 0.10.46
  • Add node 0.12.17, remove node 0.12.15
  • Add node 4.6.1, remove node 4.5.0
  • Address USN-3087-1: OpenSSL vulnerabilities with node 6.8.1 and 6.9.0
  • NOTICE: Node.js 0.10 will be removed after October 31, 2016 due to end of LTS

Default binary versions: node 4.6.0

php-buildpack

updated to v4.3.21 (from v4.3.20)

v4.3.21

  • Address USN-3095-1 and associated CVEs with PHP 5.6.27 and 7.0.12
  • Add support for rdkafka in PHP 7
  • Add php 5.6.26 and 5.6.27, remove php 5.6.24 and 5.6.25
  • Add php 7.0.11 and 7.0.12, remove php 7.0.9 and 7.0.10
  • Add nginx 1.11.5, remove nginx 1.11.4
  • Add nginx 1.10.2, remove nginx 1.10.1

Default binary versions: php 5.5.38, composer 1.2.1, httpd 2.4.23, newrelic 6.3.0.161, nginx 1.11.5

python-buildpack

updated to v1.5.11 (from v1.5.10)

v1.5.11

Default binary versions: python 2.7.12

ruby-buildpack

updated to v1.6.27 (from v1.6.26)

v1.6.27

  • Add node 4.6.1, remove node 4.6.0
  • Add bundler 1.13.5, remove bundler 1.13.1

Default binary versions: ruby 2.3.1, node 4.6.1

staticfile-buildpack

updated to v1.3.12 (from v1.3.11)

v1.3.12

DEA-Warden-HM9000 Runtime

  • Fixed container startup issues with Linux 4.4
  • Improved HM9000 actual state processing time for large number of instances (> 10k)
  • Reduced connection count to etcd on start when there is a stampede on start ( 35k -> 65)

Internal Components

postgres-release (includes postgres job)

  • No changes.

etcd-release (includes etcd and etcd_metrics_server jobs)

  • Bumped from v73 to v77. Functional changes:
  • Add network diagnostics logging to etcd job details

consul-release (includes consul_agent job)

  • Bumped from v126 to v133. Functional changes:
  • consul_agent job only drains when in server mode, not in client mode. details
  • Set performance raft_multiplier to 1 for Consul process. details
  • Change default value of consul.agent.dns_config.allow_stale to true and consul.agent.dns_config.max_stale to 30s in consul_agent job. details
  • consul_agent job running in mode: server no longer needs to be configured with consul.agent_cert or consul.agent_key properties. details

nats-release (includes nats and nats_stream_forwarder jobs)

  • Bumped from v11 to v14. Functional changes: bump to golang 1.7, enables forwarding of nats logs to a syslog drain

Recommended Versions of Additional Releases

These versions are soft recommendations, as several different versions of these releases may work correctly with this version of cf-release. - Diego release v0.1487.0. Release notes for v0.1487.0. - Garden-Runc release v1.0.0. Release notes for v1.0.0 · v0.9.2 · v0.9.1. - etcd release v78. Release notes for v78 · v77 · v76 · v75 · v74. - cflinuxfs2-rootfs release v1.38.0. Release notes for v1.38.0 · v1.37.0 · v1.36.0.

Job Spec Changes

## Recommended BOSH Stemcell Versions - real IaaS: 3263.8 - BOSH-Lite: 3262.2

Note: For AWS you should use the Xen-HVM stemcells rather than Xen.

These are soft recommendations; several different versions of the stemcells are likely to work fine with this version of cf-release and the corresponding versions of the additional releases listed above.

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=246

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: cf, version: "246"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 50ddad48110e24170b215eec653d407480638c9a release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=246

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=246