cf/247
You can find the source of this version on GitHub at cloudfoundry/cf-release. It was created based on the commit af4efe9f
.
Release Notes¶
The cf-release v247 was released on November 17, 2016.
Contents: - CC and Service Broker APIs - Identity - Routing - Loggregator - Buildpacks and Stacks - DEA-Warden-HM9000 Runtime - Internal Components - Recommended Versions of Additional Releases - Job Spec Changes - Recommended BOSH Stemcell Versions
CC and Service Broker APIs
Contains CAPI release v1.11.0. Release notes for v1.11.0
Identity
Updated to UAA 3.9.0
Routing
No changes
Loggregator
This release includes support for gRPC which enables TLS. For notes about setting up certs see: https://github.com/cloudfoundry/loggregator#generating-tls-certificates
Buildpacks and Stacks
stacks
updated to 1.90.0 (from 1.89.0)
1.90.0
Notably, this release addresses:
USN-3116-1: DBus vulnerabilities Ubuntu Security Notice USN-3116-1: - CVE-2015-0245: D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds.
USN-3117-1: GD library vulnerabilities Ubuntu Security Notice USN-3117-1: - CVE-2016-6911: invalid read in gdImageCreateFromTiffPtr() - CVE-2016-7568: Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf
USN-3119-1: Bind vulnerability Ubuntu Security Notice USN-3119-1: - CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure
USN-3123-1: curl vulnerabilities Ubuntu Security Notice USN-3123-1: - CVE-2016-7141: curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. - CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. - CVE-2016-8615: cookie injection for other servers - CVE-2016-8616: case insensitive password comparison - CVE-2016-8617: OOB write via unchecked multiplication - CVE-2016-8618: double-free in curl_maprintf - CVE-2016-8619: double-free in krb5 code - CVE-2016-8620: glob parser write/read out of bounds - CVE-2016-8621: curl_getdate read out of bounds - CVE-2016-8622: URL unescape heap overflow via integer truncation - CVE-2016-8623: Use-after-free via shared cookies - CVE-2016-8624: invalid URL parsing with ‘#’
dotnet-core-buildpack
v1.0.5
CF v247 is the first CF release to include the .NET Core buildpack. This buildpack adds support for .NET Core apps on the cflinuxfs2 stack.
DEA-Warden-HM9000 Runtime
This section will be updated soon. If this section is not yet up-to-date, please reach out for information: - direct team email: [email protected] - CF Dev mailing list: https://lists.cloudfoundry.org/archives/list/[email protected]/ - Slack channel: https://cloudfoundry.slack.com/messages/runtime_og/ - GitHub issues: https://github.com/cloudfoundry/dea-hm-workspace/issues
Internal Components
postgres-release
(includes postgres
job)
No changes.
etcd-release
(includes etcd
and etcd_metrics_server
jobs)
- Bumped from v77 to v85. Functional changes:
consul-release
(includes consul_agent
job)
nats-release
(includes nats
and nats_stream_forwarder
jobs)
- No changes.
Recommended Versions of Additional Releases
These versions are soft recommendations, as several different versions of these releases may work correctly with this version of cf-release. - Diego release v0.1489.0. Release notes for v0.1489.0 · v0.1488.0. - Garden-Runc release v1.0.3. Release notes for v1.0.3 · v1.0.2 · v1.0.1. - etcd release v85. Release notes for v85 · v84 · v83 · v82 · v81 · v80 · v79. - cflinuxfs2-rootfs release v1.39.0. Release notes for v1.39.0.
Although it’s still considered experimental, we have started to test CF against the new netman release. It’s not recommended for production, but for those deploying it, here is the information for netman-release: - netman release v0.6.0. Release notes for v0.6.0.
Job Spec Changes
- Add
etcd.client_ip
andetcd.peer_ip
to allow specifying the bind address for the etcd server details - Add
etcd_proxy.ip
to allow specifying the bind address the the etcd proxy server details
Recommended BOSH Stemcell Versions
- real IaaS: 3309
- BOSH-Lite: 3309
Note: For AWS you should use the Xen-HVM stemcells rather than Xen.
These are soft recommendations; several different versions of the stemcells are likely to work fine with this version of cf-release and the corresponding versions of the additional releases listed above.
Usage¶
You can reference this release in your deployment manifest from the releases
section:
- name: "cf" version: "247" url: "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=247" sha1: "5ce865925ed3696453a4bc0a8a54d076b01061b7"
Or upload it to your director with the upload-release
command:
bosh upload-release --sha1 5ce865925ed3696453a4bc0a8a54d076b01061b7 \ "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=247"
Jobs¶
- acceptance-tests
- binary-buildpack
- blobstore
- cc_uploader
- cloud_controller_clock
- cloud_controller_ng
- cloud_controller_worker
- collector
- consul_agent
- consul_agent_windows
- dea_logging_agent
- dea_next
- debian_nfs_server
- doppler
- dotnet-core-buildpack
- etcd
- etcd_metrics_server
- go-buildpack
- gorouter
- haproxy
- hm9000
- java-buildpack
- java-offline-buildpack
- loggregator_trafficcontroller
- metron_agent
- metron_agent_windows
- nats
- nats_stream_forwarder
- nfs_mounter
- nodejs-buildpack
- nsync
- php-buildpack
- postgres
- python-buildpack
- route_registrar
- ruby-buildpack
- smoke-tests
- stager
- staticfile-buildpack
- statsd-injector
- syslog_drain_binder
- tps
- uaa
Packages¶
- acceptance-tests
- binary-buildpack
- blobstore_url_signer
- capi_utils
- cc_uploader
- cli
- cloud_controller_ng
- collector
- common
- confab
- confab-windows
- consul
- consul-windows
- dea_logging_agent
- dea_next
- debian_nfs_server
- doppler
- dotnet-core-buildpack
- etcd
- etcd-common
- etcd-consistency-checker
- etcd-dns-checker
- etcd_metrics_server
- gnatsd
- go-buildpack
- golang1.6
- golang1.7
- golang1.7-windows
- gorouter
- haproxy
- hm9000
- java-buildpack
- java-offline-buildpack
- libmariadb
- libpq
- loggregator_common
- loggregator_trafficcontroller
- metron_agent
- metron_agent_windows
- nats
- nats-common
- nginx
- nginx_newrelic_plugin
- nginx_webdav
- nodejs-buildpack
- nsync
- php-buildpack
- postgres-9.4.9
- postgres-common
- python-buildpack
- rootfs_cflinuxfs2
- route_registrar
- routing_utils
- ruby-2.1.8
- ruby-2.2.5
- ruby-2.3
- ruby-buildpack
- smoke-tests
- stager
- staticfile-buildpack
- statsd-injector
- syslog_drain_binder
- tps
- uaa
- uaa_utils
- warden