Skip to content


You can find the source of this version on GitHub at cloudfoundry/cf-release. It was created based on the commit 646e1471.

Release Notes

Contents - Notices - Job Spec Changes - CVEs - Compatible Releases and Stemcells - Subcomponent Updates


  • Upcoming changes may require an update to your BOSH Director. Please update to BOSH v261.3 to ensure that future versions of cf-release can successfully deploy. Details: Specifically, if your BOSH director uses a MySQL database as its data store, a version of cf-release that contains links for consul jobs will fail to deploy due to a bug in the database schema. BOSH v261.3 contains the necessary fix. We will likely wait until CF v256 to introduce the breaking change, so that operators can update their BOSH directors to 261.3 or greater.
  • This release adds functionality to allow multiple instances of the Cloud Controller clock job. If you’re using the spiff templates, you’ll see clock_global job replaces by clock_z1 and clock_z2 jobs.
  • This release is using an experimental new Loggreator-API when deploying to bosh-lite. It has been noted that metron is using unusually high CPU when utilizing this new API. This does not normal bosh deployments.
  • The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Job Spec Changes

  • Cloud Controller Clock now requires SSL configuration with the following properties, these properties became required for Cloud Controller in CF 253 so they may already be present in your deployment:
    • cc.mutual_tls.ca_cert: PEM-encoded CA certificate for secure, mutually authenticated TLS communication
    • cc.mutual_tls.public_cert: PEM-encoded certificate for secure, mutually authenticated TLS communication
    • cc.mutual_tls.private_key: PEM-encoded key for secure, mutually authenticated TLS communication


  • None

Subcomponent Updates

Compatible Releases and Stemcells


You can reference this release in your deployment manifest from the releases section:

- name: "cf"
  version: "254"
  url: ""
  sha1: "2b1b4de54927fb0b92c6ace83df353969b1fa69b"

Or upload it to your director with the upload-release command:

bosh upload-release --sha1 2b1b4de54927fb0b92c6ace83df353969b1fa69b \