- Manifest changes: netman-release has been renamed to cf-networking-release. If you’re deploying netman-release (which is still experimental), there will be some necessary changes to your manifest.
- Slow API responses during deployment: Cloud Controller will be performing a migration on the events table to allow tracking additional user information on audit events. Because this table is often very large, some requests may be slower than normal. Additionally, there is a change to background processing that may cause asynchronous requests such as app and space deletion to take slightly longer until workers finish deploying.
- The default transport for
syslog_daemon_confighas changed from TCP to UDP for both the
metron_agent_windowsjobs. This change was done on the metron_agent_windows job to enable Windows to write syslog. The change was also made to the metron_agent job to remain consistent between the two. These changes result in the same behavior for mixed windows and linux deployments. If you require TCP transport for component logs, you will need to explicitly set the property
tcpin your deployment manifest. Otherwise your syslog server will have to be configured to accept syslog over UDP.
- The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Job Spec Changes
- Cloud Controller now requires SSL configuration with the following properties, the CA cert should match the diego bbs ca cert and that ca cert should be used to sign the newly required public cert:
cc.mutual_tls.ca_cert: PEM-encoded CA certificate for secure, mutually authenticated TLS communication
cc.mutual_tls.public_cert: PEM-encoded certificate for secure, mutually authenticated TLS communication
cc.mutual_tls.private_key: PEM-encoded key for secure, mutually authenticated TLS communication
- Postgres v10 job spec changes
- Loggregator now requires properties set for mutual auth with Cloud Controller. This is used for retrieving application names for inclusion in syslog drains and is set with the following new properties.
loggregator.tls.syslogdrainbinder.cert: TLS certificate for syslogdrainbinder, signed by diego bbs CA
loggregator.tls.syslogdrainbinder.key: TLS key for syslogdrainbinder, signed by diego bbs CA
generate-loggregator-certs. The diego BBS CA cert and key are typically generated separately from this script.
- See the Loggregator README for more details on the new flag
- Stacks version 1.99.0, included in v252, is vulnerable to USN-3193-1
- Cloud Controller and Service Broker API:
- Buildpacks and Stacks:
- Java: java-buildpack v3.12
- Ruby: ruby-buildpack v1.6.32 (no change)
- Go: go-buildpack v1.7.17 (no change)
- Node.js: nodejs-buildpack v1.5.27 (no change)
- Python: python-buildpack v1.5.14 (no change)
- PHP: php-buildpack v4.3.25 (no change)
- Staticfile: staticfile-buildpack v1.3.16 (no change)
- Binary: binary-buildpack v1.0.7 (no change)
- .Net Core: dotnet-core-buildpack v1.0.9 (no change)
- Stacks: stacks v1.99.0, stacks v1.98.0, stacks v1.97.0
- No changes.
- No changes.
Compatible Releases and Stemcells
- Diego release v1.6.2. Release notes for v1.6.2 · v1.6.1 · v1.6.0 · v1.5.4.
- Garden-Runc release v1.1.1. Release notes for v1.1.1.
- cflinuxfs2-rootfs release v1.48.0. Release notes for v1.48.0 · v1.47.0 · v1.46.0.
- cf-networking release v0.16.0. Release notes for v0.16.0 · v0.15.0 · v0.14.0.
- Stemcell Version: 3312.17
Upload this release version to the Director:
$ bosh upload-release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=252 --sha1 ca31edd1a0fa3460692af70565145146d056aa86
Modify deployment manifest to use this release in addition to any other used releases:
releases: - name: cf version: "252"
Finally add needed deployment jobs and specify values for required properties.
Optionally download sha1: ca31edd1a0fa3460692af70565145146d056aa86 release tarball locally:
# ...or download it directly using curl $ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=252 # or with wget... $ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=252