Skip to content


You can find the source of this version on GitHub at cloudfoundry/cf-release. It was created based on the commit 5d00be54.

Release Notes

The cf-release v208 was released on May 12th, 2015 - Please see note about merge of UAA/Login server jobs below to maintain zero down time for CC and UAA for existing deployments. - A change in the templates to no longer include resource pool sizes requires a minimum bosh director of v149. - Note: A bug was found where CC and Worker jobs were not updating when using NFS as a blobstore. details


  • [Experimental] Work continues on support for Asynchronous Service Instance Operations details
  • Completed Improvements to Recursive Deletion of Org and Space, in support of Asynchronous Service Operations details
  • [Experimental] Work continues on /v3 and Application Process Types details
  • [Experimental] Work continues on Route API details
  • [Experimental] Work continues on Context Path Routes details
  • Work continues on support for Service Keys details
  • Work continues on support for Arbitrary Service Parameters details
  • Adjusted ephemeral disk sizes on new instance types for AWS template to be more realistic details
  • Including staticfile buildpack v1.0.0 details
  • Removed separate login job from minimal aws deployment details
  • Allow acceptance test timeouts to be set via manifest details
  • Update default cipher list for haproxy and gorouter details
  • Addressed tcpdump CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155 details
  • Upgrading php buildpack to v3.1.1 details
  • Manifest templates no longer include resource pool sizes details
    • Requires minimum bosh director v149
  • Upgrading ruby buildpack to v1.3.1 details
  • Bump CLI to 6.11.1 for CATS and remove darwin CLI details
  • Upgrade cf-release to use ruby 2.1.6 and remove ruby 2.1.4 for CC, Collector, Warden, DEA details
    • Addresses ruby CVE-2015-1855
  • cloudfoundry/cf-release #660: Add security group for cf-mysql subnets to bosh-lite details
  • Adjust VCAP_ID as endpoint/sticky cookie changes details
  • Disable compression when creating proxy connection details
  • cleanup regex details
  • A space developer can create a wildcard route for private domains details
  • Allow commands to be reset to nothing details

UAA Updates

  • Merged UAA & Login Server details
  • Multi-tenant UAA details
    • Registering wildcard routes for *.login and *.uaa details
  • Zero Downtime Upgrade Procedure
    • Perform the cf-release upgrade and keep number of login server of jobs the same as your existing deploy.
    • Change the number of Login Server Job instances to 0 and re-deploy after initial deploy completes.

Note: The combination of Older Login Server jobs and the newly merged UAA/Login Server job is not supported. This should be done only for a short duration to achieve the zero downtime. The Login Server instances should be deleted via a bosh redeploy immediately after a successful upgrade

Used Configuration

  • BOSH Version: 152
  • Stemcell Version: 2889
  • CC Api Version: 2.25.0

Commit summary

Compatible Diego Version

Manifest and Job Spec Changes

  • jobs.login_z1.instances changed to 0
  • jobs.login_z2.instances changed to 0
  • added
    • Set to “true” to allow SSH to Diego apps
    • Not yet supported for configurations using HAProxy
  • Added “staticfile_buildpack” buildpack to cc.system_buildpacks and cc.install_buildpacks
  • ha_proxy.ssl_ciphers Reduced the set of default ciphers
  • Acceptance Test timeouts configurable via manifest properties
    • acceptance_tests.default_timeout
    • acceptance_tests.cf_push_timeout
    • acceptance_tests.long_curl_timeout
    • acceptance_tests.broker_start_timeout


You can reference this release in your deployment manifest from the releases section:

- name: "cf"
  version: "208"
  url: ""
  sha1: "859f8b617b7c1ba857b63f564968aa7b059c53de"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 859f8b617b7c1ba857b63f564968aa7b059c53de \