cf/223

The cf-release v223 was released on November 04, 2015.

Important: - On November 09, 2015, we identified the source of a memory leak in the doppler job that was introduced in this release. We are marking this as a pre-release, and do not recommend its usage. However, whenever skipping versions of cf-release in your deployments, one should study the release notes for all intermediate releases, including pre-releases, as the changes described in any set of release notes only describe the changes from the previous version, regardless of whether that previous version was an official release or pre-release. The memory leak should be fixed in v224. - The previous release introduced a default value for the login.self_service_links_enabled property that had minor backwards incompatible implications. The default value has now been removed.

Contents: - CC and Service Broker APIs - Runtime - Buildpacks and Stacks - Identity - Routing - Loggregator - Internal Components - Job Spec Changes - Recommended BOSH Release and Stemcell Versions - Recommended Diego Version - Recommended Garden Linux Version

CC and Service Broker APIs

CC API Version: 2.42.0

Service Broker API Version: 2.7

Cloud Controller

• [Experimental] Work continues on /v3 and Application Process Types details
• [Experimental] Work continues on Private Brokers details
• [Experimental] Work continues on Route Services details
• Changed the key for buildpack_cache stored in the blobstore to allow for more consistent deletion details
  • This change in key will orphan some buildpack_cache blobs. It’s recommended to purge the buildpack_cache in order to reclaim this space on the blobstore api
• Attempt to deadlock less on create/delete of service instances details
• Fixed issue that allowed an Org Auditor to share a private domain to another org that user had Org Manager privileges on details
• Fixed issue that blocked deletion of an app that had diego enabled when diego components are down details
• Now return an array of instances in the “DOWN” state from /stats end point for apps when staging on Diego to be more consistent with behavior for apps staging on DEAs details
• Truncated all data related to experimental v3 apps details
  • This will orphan blobs associated with any v3 apps you have pushed.
  • This will remove all v3 apps from cloud controller’s knowledge
• cloudfoundry/cloud_controller_ng #453: Return 204 on successful delete of associations details
  • This affects many end points and is documented in the tracker story. They were previously incorrectly returning 201 responses.

Runtime

DEA

• Bump vcap_common gem to v4.0.3 to use 1.2.3.4 as destination for detecting local IP. details
• Switch to dropsonde protocol. details

Warden

• Use 1.2.3.4 as destination for detecting local IP. details

HM9000

No changes.

Buildpacks and Stacks

Buildpacks and Stacks

stacks

updated to 1.15.0 (from 1.11.0)

1.15.0

Notably, this release addresses USN-2788-1 “unzip vulnerabilities”, which is related to: - CVE-2015-7696 “Heap buffer overflow when extracting password-protected archive” - CVE-2015-7697 “Infinite loop when extracting password-protected archive”

1.14.0

Notably, this release addresses USN-2787-1, “audiofile vulnerability”, which is related to: - CVE-2015-7747 “made to crash or run programs as your login if it opened a specially crafted file”

1.13.0

This release contains only non-critical updates to the rootfs. See the receipt changes at this commit for more information.

1.12.0

This release contains only non-critical updates to the rootfs. See the receipt changes at this commit for more information.

go-buildpack

updated to v1.6.3 (from v1.6.2)

v1.6.3

• adding support for Go 1.4.1 for upgrade paths (https://www.pivotaltracker.com/story/show/105722210)
• Adding Godep binary to the manifest (https://www.pivotaltracker.com/story/show/103326142)
• use new linker -X option format for go1.5

Packaged binaries:

name	version	cf_stacks
go	1.2.1	cflinuxfs2
go	1.2.2	cflinuxfs2
go	1.3.2	cflinuxfs2
go	1.3.3	cflinuxfs2
go	1.4.1	cflinuxfs2
go	1.4.2	cflinuxfs2
go	1.4.3	cflinuxfs2
go	1.5	cflinuxfs2
go	1.5.1	cflinuxfs2
godep	v14	cflinuxfs2

• SHA256: cdf380c423b0ba8f66ba0f24d85120a6279a05b37319aa7de10fafec5f487d27

java-buildpack

updated to v3.3.1 (from v3.3)

v3.3.1

This release contains a new debug framework and ensures that the dependencies contained in the offline buildpack are up to date.

For a more detailed look at the changes in 3.3.1, please take a look at the commit log. Packaged versions of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.

Packaged Dependencies:

Dependency	Version
AppDynamics Agent	4.1.5_3
GemFire	8.0.0
GemFire Modules	8.0.0.1
GemFire Modules Tomcat7	8.0.0.1
GemFire Security	8.0.0
Groovy	2.4.5
JRebel	6.2.6
MariaDB JDBC	1.2.3
Memory Calculator (mountainlion)	2.0.0.RELEASE
Memory Calculator (precise)	2.0.0.RELEASE
Memory Calculator (trusty)	2.0.0.RELEASE
New Relic Agent	3.21.0
OpenJDK JRE (mountainlion)	1.8.0_65
OpenJDK JRE (precise)	1.8.0_65
OpenJDK JRE (trusty)	1.8.0_65
Play Framework JPA Plugin	1.10.0.RELEASE
PostgreSQL JDBC	9.4.1204
RedisStore	1.2.0_RELEASE
SLF4J API	1.5.8
SLF4J JDK14	1.5.8
Spring Auto-reconfiguration	1.10.0_RELEASE
Spring Boot CLI	1.2.7_RELEASE
Tomcat Access Logging Support	2.4.0_RELEASE
Tomcat Lifecycle Support	2.4.0_RELEASE
Tomcat Logging Support	2.4.0_RELEASE
Tomcat	8.0.28

php-buildpack

updated to v4.2.0 (from v4.1.5)

v4.2.0

• Drop support for PHP 5.4. Please note PHP 5.4 has reached “End Of Life” on 2015-09-14. (https://www.pivotaltracker.com/story/show/105514114)
• Update httpd to 2.4.17, drop 2.4.16 (https://www.pivotaltracker.com/story/show/105332752)

Packaged binaries:

name	version	cf_stacks	modules
php	5.5.29	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.5.30	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.6.13	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xsl, yaf, zip, zlib
php	5.6.14	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, intl, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
hhvm	3.5.0	cflinuxfs2
hhvm	3.5.1	cflinuxfs2
hhvm	3.6.0	cflinuxfs2
hhvm	3.6.1	cflinuxfs2
composer	1.0.0-alpha10	cflinuxfs2
httpd	2.4.17	cflinuxfs2
newrelic	4.23.3.111	cflinuxfs2
nginx	1.6.3	cflinuxfs2
nginx	1.8.0	cflinuxfs2
nginx	1.9.5	cflinuxfs2

• SHA256: a63b88d3550037a90dc05577e54eef2af0c1321a9e90c27dc7f180f7b0d9a18e

staticfile-buildpack

updated to v1.2.2 (from v1.2.1)

v1.2.2

• Improve error messages for alternate root directory issues (https://www.pivotaltracker.com/story/show/106553928)
• bin/detect script emits buildpack name and version (https://www.pivotaltracker.com/story/show/100757820)
• Log the location of downloaded resources (https://www.pivotaltracker.com/story/show/100853260)

Packaged binaries:

name	version	cf_stacks
nginx	1.8.0	cflinuxfs2

• SHA256: 76cdaade9d5778e4c388940460455c7cee00a13c65ebf6304a7f0124c4bad706

Identity

Bumped to UAA version 2.7.1 Details

Routing

Loggregator

• Refactoring and work toward Metron->Doppler TCP channel
• The number of dropped log messages is now correctly reported

Internal Components

consul

No changes.

etcd

No changes.

etcd-metrics-server

No changes.

route_registrar

No functional changes.

Job Spec Changes

• Removed metron_endpoint.shared_secret property from dea_next job. details
• Changed default value of metron_endpoint.port property in dea_next job from 3456 to 3457. details
• Added doppler.enable_tls_transport, doppler.tls_listener.port, doppler.tls_listener.cert, and doppler.tls_listener.key properties to doppler job. details
• Added routing-api.auth_disabled property to gorouter and routing-api jobs. details
• Added hm9000.sender_message_limit property to hm9000 job. details
• Added syslog_daemon_config.max_message_size property to metron_agent job. details
• Removed metron_agent.etcd_query_interval_milliseconds property from metron_agent job. details
• Added databases.collect_statement_statistics property to postgres job. details
• Added nats.machines, nats.port, nats.user, and nats.password properties to route_registrar job. details
• Added uaa.scim.groups property to uaa job. details
• Added uaa.ldap.emailDomain and uaa.ldap.attributeMappings properties to uaa job. details
• Removed default false value for login.self_service_links_enabled property on uaa job. details
• Changed router.route_services_secret and router.route_services_secret_decrypt_only properties on gorouter job to no longer require a base64-encoded symmetric key of a specific length. details

Recommended BOSH Release and Stemcell Versions

• BOSH Release Version: bosh/219
• BOSH Stemcell Version(s): bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3104

These are soft recommendations; several different versions of the BOSH release and stemcell are likely to work fine with this version of cf-release.

Recommended Diego Version

• Diego final release v0.1439.0 · release notes

This is a soft recommendation; several different versions of the diego-release may work fine with this version of cf-release.

Recommended Garden Linux Version

• Garden-linux final release v0.316.0 · release notes

This is a soft recommendation; several different versions of the garden-linux release may work fine with this version of cf-release and the aforementioned version of diego-release.

Recommended ETCD Version for Diego Deployment

• Etcd final release 18

This is a soft recommendation; several different versions of the etcd release may work fine with this version of cf-release and the aforementioned version of diego-release.

- name: "cf"
  version: "223"
  url: "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=223"
  sha1: "c5ac82ac0c249fddd9a2f78218131ece3c6c1e2a"

bosh upload-release --sha1 c5ac82ac0c249fddd9a2f78218131ece3c6c1e2a \
  "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=223"