release: / 255

Github source: e9fde070 or master branch

Contents - Notices - Job Spec Changes - CVEs - Compatible Releases and Stemcells - Subcomponent Updates


  • MySQL UAA databases that were operating prior to UAA version 1.5.2 (released in early 2014) may be incompatible with migrations in this release, causing failures during the UAA job update. A manual fix for affected deployments can be found here.
  • The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Job Spec Changes

  • Diego’s cc_uploader job has new required properties. Read here for details.

Security Notices

Affecting v255

  • CVE-2017-4970 in Staticfile buildpack versions v1.4.0 – v1.4.3 (high severity)

Known Issues

  • Users that belong to any space containing a user provided service instance are unable to view any specific service plan: /v2/service_plans/:guid. Users are still able to view the marketplace and provision service instances.

Subcomponent Updates

Compatible Releases and Stemcells

Upload this release version to the Director:

$ bosh upload-release --sha1 d6a12c6c581265f920b74bb89dbf2f8f0b64225a

Modify deployment manifest to use this release in addition to any other used releases:

- name: cf
  version: "255"

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: d6a12c6c581265f920b74bb89dbf2f8f0b64225a release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O

# or with wget...
$ wget --content-disposition