cf/256
You can find the source of this version on GitHub at cloudfoundry/cf-release. It was created based on the commit b6343b5a.
Release Notes¶
Contents - Notices - Job Spec Changes - CVEs - Compatible Releases and Stemcells - Subcomponent Updates
Notices
- Updating GrootFS to v0.16.0, if running with GrootFS already, will require recreating the Diego cells.
- The Postgres job will upgrade PostgreSQL to version 9.6.2. NOTE: this drops support for upgrading from PostgreSQL 9.4.5 Only upgrades from PostgreSQL 9.4.6 (since cf v232) and PostgreSQL 9.4.9 (since cf v241) are supported. Before deploying, please review considerations at postgres-release v15.
- If you are running cf-networking-release, the value for
cf_networking.garden_external_networker.cni_plugin_dirmust be updated to/var/vcap/packages/silk/bin
Job Spec Changes
- The router status endpoint is no longer optional. As such,
router.status.password(which has been configurable for a long time) is now required. - cc_uploader now requires the following properties to be configured:
properties.capi.cc_uploader.cc.ca_certproperties.capi.cc_uploader.cc.client_certproperties.capi.cc_uploader.cc.client_keyDiego manifest generation (as of Diego 1.11.0) has already required this property to be configured, so it’s likely that most deployers have already set these values. For deployers building their manifests some other way, these properties are now required by the components themselves.
- In the postgres job, the default value for the
databases.monit_timeouthas been changed to 90 seconds. - The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Security Notices
Affecting v256
None recorded as of 2017-04-11.
Resolved in v256
- CVE-2017-4970 in Staticfile buildpack versions v1.4.0 – v1.4.3 (high severity)
Known Issues
- Users that belong to any space containing a user provided service instance are unable to view any specific service plan:
/v2/service_plans/:guid. Users are still able to view the marketplace and provision service instances.
Subcomponent Updates
- Cloud Controller and Service Broker API:
- no change
- Identity:
- no change
- Routing:
- Loggregator:
- Java Buildpack:
- Ruby Buildpack:
- Go Buildpack:
- go-buildpack v1.7.19 (no change)
- Node.js Buildpack:
- Python Buildpack:
- PHP Buildpack:
- Staticfile Buildpack:
- Binary Buildpack:
- binary-buildpack v1.0.11 (no change)
- .Net Core Buildpack:
- RootFS:
- Consul:
- consul-release v152 (unchanged)
- Etcd:
- etcd-release v93 (unchanged)
- NATS:
- No changes
- Postgres:
- DEA-Warden-HM9000:
- No changes.
Compatible Releases and Stemcells
- diego-release: v1.12.0. Release notes for v1.12.0.
- garden-runc-release: v1.4.0. Release notes for v1.4.0.
- cflinuxfs2-rootfs release v1.60.0. Release notes for v1.60.0
- cf-networking-release: v0.19.0. Release notes for v0.19.0.
- grootfs-release v0.16.0. Release notes for v0.16.0. Updating GrootFS to v0.16.0, if running with GrootFS already, will require recreating the Diego cells.
- stemcell: 3363.15
Usage¶
You can reference this release in your deployment manifest from the releases section:
- name: "cf" version: "256" url: "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=256" sha1: "7eb583eb6dd08dfce8858d891b2571aebeb6b52c"
Or upload it to your director with the upload-release command:
bosh upload-release --sha1 7eb583eb6dd08dfce8858d891b2571aebeb6b52c \ "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=256"
Jobs¶
- acceptance-tests
- binary-buildpack
- blobstore
- cc_uploader
- cloud_controller_clock
- cloud_controller_ng
- cloud_controller_worker
- collector
- consul_agent
- consul_agent_windows
- dea_logging_agent
- dea_next
- debian_nfs_server
- doppler
- dotnet-core-buildpack
- etcd
- etcd_metrics_server
- go-buildpack
- gorouter
- haproxy
- hm9000
- java-buildpack
- java-offline-buildpack
- loggregator_trafficcontroller
- metron_agent
- metron_agent_windows
- nats
- nats_stream_forwarder
- nfs_mounter
- nodejs-buildpack
- nsync
- php-buildpack
- postgres
- python-buildpack
- route_registrar
- ruby-buildpack
- smoke-tests
- smoke-tests-windows
- stager
- staticfile-buildpack
- statsd_injector
- syslog_drain_binder
- tps
- uaa
Packages¶
- acceptance-tests
- binary-buildpack
- blobstore_url_signer
- capi_utils
- cc_uploader
- cli
- cli-network-policy-plugin
- cli-windows
- cloud_controller_ng
- collector
- common
- confab
- confab-windows
- consul
- consul-windows
- dea_logging_agent
- dea_next
- debian_nfs_server
- doppler
- dotnet-core-buildpack
- etcd
- etcd-common
- etcd-consistency-checker
- etcd-dns-checker
- etcd_metrics_server
- gnatsd
- go-buildpack
- golang1.7
- golang1.7-windows
- gorouter
- haproxy
- hm9000
- java-buildpack
- java-offline-buildpack
- libmariadb
- libpq
- loggregator_common
- loggregator_trafficcontroller
- metron_agent
- metron_agent_windows
- nats
- nats-common
- nginx
- nginx_newrelic_plugin
- nginx_webdav
- nodejs-buildpack
- nsync
- php-buildpack
- postgres-9.4.9
- postgres-9.6.2
- postgres-common
- python-buildpack
- rootfs_cflinuxfs2
- route_registrar
- routing_utils
- ruby-2.1.8
- ruby-2.2.5
- ruby-2.3
- ruby-buildpack
- smoke-tests
- smoke-tests-windows
- stager
- staticfile-buildpack
- statsd_injector
- syslog_drain_binder
- tps
- uaa
- uaa_utils
- warden