The cf-release v247 was released on November 17, 2016.
Contents: - CC and Service Broker APIs - Identity - Routing - Loggregator - Buildpacks and Stacks - DEA-Warden-HM9000 Runtime - Internal Components - Recommended Versions of Additional Releases - Job Spec Changes - Recommended BOSH Stemcell Versions
CC and Service Broker APIs
Updated to UAA 3.9.0
This release includes support for gRPC which enables TLS. For notes about setting up certs see: https://github.com/cloudfoundry/loggregator#generating-tls-certificates
Buildpacks and Stacks
updated to 1.90.0 (from 1.89.0)
Notably, this release addresses:
USN-3116-1: DBus vulnerabilities Ubuntu Security Notice USN-3116-1: - CVE-2015-0245: D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
USN-3117-1: GD library vulnerabilities Ubuntu Security Notice USN-3117-1: - CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr() - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf
USN-3123-1: curl vulnerabilities Ubuntu Security Notice USN-3123-1: - CVE-2016-7141: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. - CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. - CVE-2016-8615: cookie injection for other servers - CVE-2016-8616: case insensitive password comparison - CVE-2016-8617: OOB write via unchecked multiplication - CVE-2016-8618: double-free in curl_maprintf - CVE-2016-8619: double-free in krb5 code - CVE-2016-8620: glob parser write/read out of bounds - CVE-2016-8621: curl_getdate read out of bounds - CVE-2016-8622: URL unescape heap overflow via integer truncation - CVE-2016-8623: Use-after-free via shared cookies - CVE-2016-8624: invalid URL parsing with ‘#’
CF v247 is the first CF release to include the .NET Core buildpack. This buildpack adds support for .NET Core apps on the cflinuxfs2 stack.
This section will be updated soon. If this section is not yet up-to-date, please reach out for information: - direct team email: firstname.lastname@example.org - CF Dev mailing list: https://email@example.com/ - Slack channel: https://cloudfoundry.slack.com/messages/runtime_og/ - GitHub issues: https://github.com/cloudfoundry/dea-hm-workspace/issues
- Bumped from v77 to v85. Functional changes:
- No changes.
Recommended Versions of Additional Releases
These versions are soft recommendations, as several different versions of these releases may work correctly with this version of cf-release. - Diego release v0.1489.0. Release notes for v0.1489.0 · v0.1488.0. - Garden-Runc release v1.0.3. Release notes for v1.0.3 · v1.0.2 · v1.0.1. - etcd release v85. Release notes for v85 · v84 · v83 · v82 · v81 · v80 · v79. - cflinuxfs2-rootfs release v1.39.0. Release notes for v1.39.0.
Although it’s still considered experimental, we have started to test CF against the new netman release. It’s not recommended for production, but for those deploying it, here is the information for netman-release: - netman release v0.6.0. Release notes for v0.6.0.
Job Spec Changes
etcd.peer_ipto allow specifying the bind address for the etcd server details
etcd_proxy.ipto allow specifying the bind address the the etcd proxy server details
Recommended BOSH Stemcell Versions
- real IaaS: 3309
- BOSH-Lite: 3309
Note: For AWS you should use the Xen-HVM stemcells rather than Xen.
These are soft recommendations; several different versions of the stemcells are likely to work fine with this version of cf-release and the corresponding versions of the additional releases listed above.
Upload this release version to the Director:
$ bosh upload-release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=247 --sha1 5ce865925ed3696453a4bc0a8a54d076b01061b7
Modify deployment manifest to use this release in addition to any other used releases:
releases: - name: cf version: "247"
Finally add needed deployment jobs and specify values for required properties.
Optionally download sha1: 5ce865925ed3696453a4bc0a8a54d076b01061b7 release tarball locally:
# ...or download it directly using curl $ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=247 # or with wget... $ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=247