cf/235

The cf-release v235 was released on April 19, 2016.

Contents: - CC and Service Broker APIs - DEA-Warden-HM9000 Runtime - Buildpacks and Stacks - Identity - Routing - Loggregator - Internal Components - Job Spec Changes - Recommended BOSH Stemcell Versions - Recommended diego-release Version - Recommended garden-linux-release Version - Recommended etcd-release Version - Recommended cflinuxfs2-rootfs-release Version

CC and Service Broker APIs

CC API Version: 2.54.0

Service Broker API Version: 2.8

IMPORTANT - Added Security Event Logging - CEF formatted logs of all requests to Cloud Controller, off by default. See Job Spec Changes.

CAPI Release

• Bumped to Go 1.6.1 details
• As an operator, I can enable security event logging with a manifest property. details

Cloud Controller

• admins should be able to push docker apps when diego_docker is disabled details
• As an operator, I can configure the blobstore webdav client with a CA cert bundle details
• As an operator, I can discover security event logs for the Cloud Controller details
• As a CF user, I expect to be able to delete an app while it is staging on Diego details
• V3 Experimental
  • As a space developer, I expect the ‘source’ for logging for processes to be [APP/PROC/PROCESS_TYPE/INDEX] details
  • as a space developer, I can specify multiple ports on a process type details
  • As an auditor, I expect app usage events for V3 process STARTED to record the buildpack_guid that was used to stage the droplet. details

Pull Requests and Issues

• cloudfoundry/capi-release#4: No support for Quota definition updates details
• cloudfoundry/cloud_controller_ng#552: CC deploys successfully and then flaps when domains overlap details
• cloudfoundry/cloud_controller_ng#576: Create a Private Domain doc error for owning organization details
• cloudfoundry/cloud_controller_ng#490: document that Files API only supports Diego deployed apps details

DEA-Warden-HM9000 Runtime

• DEA heartbeats to HM9000 over HTTPS
• (optional) CC starts instances over HTTPS
• Added additional DEA metrics, _available_memoryratio, _available_diskratio, _avg_cpuload, uptime
• DEA drains and stops correctly, detects when previous stop fails
• Bumped to latest ruby-nats 0.6.0
• Bumped to Go 1.6.1

Buildpacks and Stacks

stacks

updated to 1.51.0 (from 1.49.0)

1.51.0

This release contains the addition of uuid-dev and non-critical updates to the rootfs.

1.50.0

This release contains no changes and is the same as release 1.49.0

go-buildpack

updated to v1.7.5 (from v1.7.3)

v1.7.5

Notably, this release includes fixes for CVE-2016-3958 and CVE-2016-3959 outlined here - Add godep v62, remove godep v61 (https://www.pivotaltracker.com/story/show/117258211) - Add go 1.5.4, go 1.6.1, remove go 1.5.2 (https://www.pivotaltracker.com/story/show/117405095)

Packaged binaries:

name	version	cf_stacks
go	1.4.2	cflinuxfs2
go	1.4.3	cflinuxfs2
go	1.5.3	cflinuxfs2
go	1.5.4	cflinuxfs2
go	1.6	cflinuxfs2
go	1.6.1	cflinuxfs2
godep	v62	cflinuxfs2

• SHA256: 777f72afa83ba39768be07d42bb4164631d4da62e615078e0bc4dfcb9ec2f8a2

v1.7.4

• Bump Godep version to 0.61 (https://www.pivotaltracker.com/story/show/117078185)
• Uses buildmode=pie for go 1.6+ (https://www.pivotaltracker.com/story/show/113966315)

Packaged binaries:

name	version	cf_stacks
go	1.4.2	cflinuxfs2
go	1.4.3	cflinuxfs2
go	1.5.2	cflinuxfs2
go	1.5.3	cflinuxfs2
go	1.6	cflinuxfs2
godep	v61	cflinuxfs2

• SHA256: 7f41d66ef260525ebd75bee0800638c9d1e4a609a489fef5609fbd057fb98ffc

nodejs-buildpack

updated to v1.5.11 (from v1.5.10)

v1.5.11

• Add node 5.10.1 (https://www.pivotaltracker.com/story/show/117023173)

Packaged binaries:

name	version	cf_stacks
node	0.10.43	cflinuxfs2
node	0.10.44	cflinuxfs2
node	0.12.12	cflinuxfs2
node	0.12.13	cflinuxfs2
node	4.4.2	cflinuxfs2
node	5.10.0	cflinuxfs2
node	5.10.1	cflinuxfs2

• SHA256: 4023010e90b91a641213a1b7680b1d8cf2484dade6b702389ebaf87afa84b323

php-buildpack

updated to v4.3.10 (from v4.3.8)

v4.3.10

• Added extension to configure redis as a persistent store for PHP sessions (https://www.pivotaltracker.com/story/show/117232921)
• Add httpd 2.4.20, remove httpd 2.4.18 (https://www.pivotaltracker.com/story/show/116903551)
• BUGFIX: detect composer.json non-recursively (https://www.pivotaltracker.com/story/show/116521177)

Packaged binaries:

name	version	cf_stacks	modules
php	5.5.33	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.5.34	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.6.19	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.6.20	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	7.0.4	cflinuxfs2	bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, imagick, imap, ldap, lua, mailparse, mbstring, mcrypt, mongodb, msgpack, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, pspell, snmp, soap, sockets, xdebug, xsl, yaf, zip, zlib
php	7.0.5	cflinuxfs2	bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, imagick, imap, ldap, lua, mailparse, mbstring, mcrypt, mongodb, msgpack, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, pspell, snmp, soap, sockets, xdebug, xsl, yaf, zip, zlib
composer	1.0.0	cflinuxfs2
httpd	2.4.20	cflinuxfs2
newrelic	4.23.3.111	cflinuxfs2
nginx	1.8.1	cflinuxfs2
nginx	1.9.14	cflinuxfs2

• SHA256: 654cfa833c8e77d082ff54f48b03264872f2e2de0a377de56b5102eacb3f0f16

v4.3.9

• Update php 7.0.4 and add 7.0.5 with new recompiled PHP binaries that include the xdebug and imagick extensions (https://www.pivotaltracker.com/story/show/116842725)
• Add composer 1.0.0, remove composer 1.0.0-beta2 (https://www.pivotaltracker.com/story/show/116972309)
• Add nginx 1.9.14, remove nginx 1.9.12 (https://www.pivotaltracker.com/story/show/116842725)
• Add PHP 5.6.20, 5.5.34, 7.0.5, remove PHP 5.6.18, 5.5.32, 7.0.3 (https://www.pivotaltracker.com/story/show/116662205)
• Add helpful error message and early exit when user specifies an invalid webserver (https://www.pivotaltracker.com/story/show/116450447)

Packaged binaries:

name	version	cf_stacks	modules
php	5.5.33	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.5.34	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.6.19	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	5.6.20	cflinuxfs2	amqp, bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, igbinary, imagick, imap, ioncube, ldap, lua, mailparse, mbstring, mcrypt, memcache, memcached, mongo, msgpack, mysql, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, phalcon, phpiredis, protobuf, protocolbuffers, pspell, readline, redis, snmp, soap, sockets, suhosin, sundown, twig, xcache, xdebug, xhprof, xsl, yaf, zip, zlib
php	7.0.4	cflinuxfs2	bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, imagick, imap, ldap, lua, mailparse, mbstring, mcrypt, mongodb, msgpack, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, pspell, snmp, soap, sockets, xdebug, xsl, yaf, zip, zlib
php	7.0.5	cflinuxfs2	bz2, curl, dba, exif, fileinfo, ftp, gd, gettext, gmp, imagick, imap, ldap, lua, mailparse, mbstring, mcrypt, mongodb, msgpack, mysqli, opcache, openssl, pcntl, pdo, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, pspell, snmp, soap, sockets, xdebug, xsl, yaf, zip, zlib
composer	1.0.0	cflinuxfs2
httpd	2.4.18	cflinuxfs2
newrelic	4.23.3.111	cflinuxfs2
nginx	1.8.1	cflinuxfs2
nginx	1.9.14	cflinuxfs2

• SHA256: 6f171d0f6ed732e6f0c4c6984dd691e2c8301e7a2c9fb7e5b5fa61cd0e653a59

ruby-buildpack

updated to v1.6.16 (from v1.6.14)

v1.6.16

• Add jruby from 1.7.25, remove jruby 1.7.24 (https://www.pivotaltracker.com/story/show/117647027)
• Fix checksum for OpenJDK due to rebuild (https://www.pivotaltracker.com/story/show/117700771)

Packaged binaries:

name	version	cf_stacks
ruby	2.1.8	cflinuxfs2
ruby	2.1.9	cflinuxfs2
ruby	2.2.3	cflinuxfs2
ruby	2.2.4	cflinuxfs2
ruby	2.3.0	cflinuxfs2
jruby	ruby-1.9.3-jruby-1.7.25	cflinuxfs2
jruby	ruby-2.0.0-jruby-1.7.25	cflinuxfs2
jruby	ruby-2.2.3-jruby-9.0.5.0	cflinuxfs2
node	0.12.7	cflinuxfs2
bundler	1.11.2	cflinuxfs2
libyaml	0.1.6	cflinuxfs2
openjdk1.8-latest	1.8.0_77	cflinuxfs2
rails3_serve_static_assets	-	cflinuxfs2
rails_log_stdout	-	cflinuxfs2

• SHA256: f3ee8cd0cf53b6c84e7ceb0949c7fcaa416b99bcd3662910cc004c0be80595f7

v1.6.15

Note: openjdk within this release has a non-matching checksum due to an upstream rebuild. If you experience an issue, please use 1.6.16 - Remove non-CF specific Procfile and default web server warning (https://www.pivotaltracker.com/story/show/113193737) - Add openjdk 1.8.0_77, remove openjdk 1.8.0_73 (https://www.pivotaltracker.com/story/show/116890851) - Add ruby 2.1.9, remove ruby 2.1.7 (https://www.pivotaltracker.com/story/show/116842687)

Packaged binaries:

name	version	cf_stacks
ruby	2.1.8	cflinuxfs2
ruby	2.1.9	cflinuxfs2
ruby	2.2.3	cflinuxfs2
ruby	2.2.4	cflinuxfs2
ruby	2.3.0	cflinuxfs2
jruby	ruby-1.9.3-jruby-1.7.24	cflinuxfs2
jruby	ruby-2.0.0-jruby-1.7.24	cflinuxfs2
jruby	ruby-2.2.3-jruby-9.0.5.0	cflinuxfs2
node	0.12.7	cflinuxfs2
bundler	1.11.2	cflinuxfs2
libyaml	0.1.6	cflinuxfs2
openjdk1.8-latest	1.8.0_77	cflinuxfs2
rails3_serve_static_assets	-	cflinuxfs2
rails_log_stdout	-	cflinuxfs2

• SHA256: f6734dfe1c0f1c0ebe1c4f37c5559e824efae1af884469e8894795d20b7c637e

staticfile-buildpack

updated to v1.3.6 (from v1.3.5)

v1.3.6

• Add nginx 1.9.14, remove nginx 1.9.12 (https://www.pivotaltracker.com/story/show/116842725)

Packaged binaries:

name	version	cf_stacks
nginx	1.9.14	cflinuxfs2

• SHA256: 6e001a28e39642194a705b4b2e31c016de6a84a6af14dce5baf6f520dc33e382

Identity

No Changes

Routing

• Fixed bug whereby manifest property router.requested_route_registration_interval_in_seconds was not correctly setting minimumRegisterIntervalInSeconds, a message sent to route registration clients via NATS, nor was it correctly setting the delay after startup Gorouter waits before listening for requests, in order to populate the routing table and prevent unnecessary 404 responses details
• When NATs is unresponsive, GoRouter now attempts to reconnect to another NATs server before pruning routes details

Loggregator

• Security logging added to log accesses to external API endpoints
  • /apps/APP_ID/stream
  • /apps/APP_ID/recentlogs
  • /apps/APP_ID/containermetrics
  • /firehose/SUBSCRIPTION_ID
• Fixed connection leak between NOAA library and Traffic Controller
• golang 1.6.1
• NOAA library augmented to better connection dynamics. noaa.consumer is now deprecated in favor of the consumer package. See sample code.

Internal Components

consul

• consul-release was bumped from v75 to v80
• consul-release now uses Golang 1.6.1, but the consul and consul-template binaries are still built with older versions of Golang. details

etcd and etcd-metrics-server

• etcd-release was bumped from v42 to v45.
• etcd and etcd-metrics-server now use Golang 1.6.1 details

Job Spec Changes

• HM9000 must be have configured certificates (use scripts/generate-hm9000-certs): hm9000.ca_cert, hm9000.server_cert, hm9000.server_key, hm9000.client_cert, hm9000.client_key
• Optional: DEA instances can be started over HTTPS. You must generate certificates (use scripts/generate-dea-certs). cc.dea_use_https and dea_next.enable_ssl must be true dea_next.ca_cert, dea_next.server_cert, dea_next.server_key, dea_next.client_cert, dea_next.client_key
• Optional: Cloud Controller can send security event logs in CEF format to the configured syslog_daemon_config: cc.security_event_logging.enabled - boolean - defaults to false

Recommended BOSH Stemcell Versions

• AWS: light-bosh-stemcell-3215.4-aws-xen-hvm-ubuntu-trusty-go_agent
• vSphere: bosh-stemcell-3215.4-vsphere-esxi-ubuntu-trusty-go_agent
• OpenStack: N/A
• BOSH-Lite: bosh-stemcell-3147-warden-boshlite-ubuntu-trusty-go_agent

These are soft recommendations; several different versions of the stemcells are likely to work fine with this version of cf-release and the corresponding versions of diego-release, garden-linux-release, and etcd-release.

Recommended diego-release Version

• Diego final release v0.1467.0 · release notes

This is a soft recommendation; several different versions of the diego-release may work fine with this version of cf-release.

Recommended garden-linux-release Version

• Garden-linux final release v0.337.0 · release notes

This is a soft recommendation; several different versions of the garden-linux-release may work fine with this version of cf-release and the aforementioned version of diego-release.

Recommended etcd-release Version

• etcd final release v45 · release notes

This is a soft recommendation; several different versions of the etcd-release may work fine with this version of cf-release and the aforementioned version of diego-release.

Recommended cflinuxfs2-rootfs-release Version

• cflinuxfs2-rootfs final release v0.2.0 · release notes

This is a soft recommendation; several different versions of the cflinuxfs2-rootfs-release may work fine with this version of cf-release and the aforementioned version of diego-release.

- name: "cf"
  version: "235"
  url: "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=235"
  sha1: "a4ab2d7a2912b8c700ef4b8a45e7f688127930b6"

bosh upload-release --sha1 a4ab2d7a2912b8c700ef4b8a45e7f688127930b6 \
  "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=235"