Skip to content

cf/256

You can find the source of this version on GitHub at cloudfoundry/cf-release. It was created based on the commit b6343b5a.

Release Notes

Contents - Notices - Job Spec Changes - CVEs - Compatible Releases and Stemcells - Subcomponent Updates

Notices

  • Updating GrootFS to v0.16.0, if running with GrootFS already, will require recreating the Diego cells.
  • The Postgres job will upgrade PostgreSQL to version 9.6.2. NOTE: this drops support for upgrading from PostgreSQL 9.4.5 Only upgrades from PostgreSQL 9.4.6 (since cf v232) and PostgreSQL 9.4.9 (since cf v241) are supported. Before deploying, please review considerations at postgres-release v15.
  • If you are running cf-networking-release, the value for cf_networking.garden_external_networker.cni_plugin_dir must be updated to /var/vcap/packages/silk/bin

Job Spec Changes

  • The router status endpoint is no longer optional. As such, router.status.password (which has been configurable for a long time) is now required.
  • cc_uploader now requires the following properties to be configured:
    • properties.capi.cc_uploader.cc.ca_cert
    • properties.capi.cc_uploader.cc.client_cert
    • properties.capi.cc_uploader.cc.client_key Diego manifest generation (as of Diego 1.11.0) has already required this property to be configured, so it’s likely that most deployers have already set these values. For deployers building their manifests some other way, these properties are now required by the components themselves.
  • In the postgres job, the default value for the databases.monit_timeout has been changed to 90 seconds.
  • The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Security Notices

Affecting v256

None recorded as of 2017-04-11.

Resolved in v256

  • CVE-2017-4970 in Staticfile buildpack versions v1.4.0 – v1.4.3 (high severity)

Known Issues

  • Users that belong to any space containing a user provided service instance are unable to view any specific service plan: /v2/service_plans/:guid. Users are still able to view the marketplace and provision service instances.

Subcomponent Updates

Compatible Releases and Stemcells

  • diego-release: v1.12.0. Release notes for v1.12.0.
  • garden-runc-release: v1.4.0. Release notes for v1.4.0.
  • cflinuxfs2-rootfs release v1.60.0. Release notes for v1.60.0
  • cf-networking-release: v0.19.0. Release notes for v0.19.0.
  • grootfs-release v0.16.0. Release notes for v0.16.0. Updating GrootFS to v0.16.0, if running with GrootFS already, will require recreating the Diego cells.
  • stemcell: 3363.15

Usage

You can reference this release in your deployment manifest from the releases section:

- name: "cf"
  version: "256"
  url: "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=256"
  sha1: "7eb583eb6dd08dfce8858d891b2571aebeb6b52c"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 7eb583eb6dd08dfce8858d891b2571aebeb6b52c \
  https://bosh.io/d/github.com/cloudfoundry/cf-release?v=256

Jobs

Packages