v206

The cf-release v206 was released on April 9th, 2015

• Note: A bug was found where apps using the python buildpack with cflinuxfs2 stack failed to run in this release. This should be addressed in v207 details
• Note: A bug was found where CC and Worker jobs were not updating when using NFS as a blobstore. details

Runtime

• [Experimental] Work continues on support for Asynchronous Service Instance Operations details
• Work continues on improvements to Recursive Space Deletion details
• [Experimental] Work continues on /v3 and Application Process Types details
• [Experimental] Work continues on Route API details
• Work continues on support for Arbitrary Parameters details
• Work continues on support for Service Keys details
• Updated default aws stemcell and instance types to hvm and newer generation instances details
• Configure disk size of aws resource pools to match older values details
  • There is a bug where Operators are not able to completely remove the ephemeral_disk section of the job definition using spiff. This will be addressed in the next cf-release. details
• cloudfoundry/cf-release #648: Size-up compilation VM disk to 8192 (8GB) to address new buildpack sizes for vsphere details
• Change cloud_controller_ng job spec to disable billing events by default details
• Changed default instances of consul to 0 details
• cloudfoundry/cf-release #646: Expose signRequest and signMetaData via the login job details
• cloudfoundry/cf-release #645: Upgrading nodejs buildpack to v1.2.1 details
• Update rootfs for USN-2540-1 details
• Additional reverts of ca_truster job details
• bump rootfs for Diego details
• Removed the buildpack_cache package from cf-release details
• Remove bcrypt details
• Fixed bug where if there are multiple instances on one DEA when routes are unmapped the instances were not updated properly details
• cloudfoundry/cloud_controller_ng #352: Build the staging messsage on the request thread details
• Added new api endpoint /v2/organizations/:guid/user_roles apidocs details
  • This endpoint simplifies getting all the roles for users on a particular organization
• Fixed an issue where buildpack_cache was not busted when switching stacks details
• Restarting a failed to stage app will gracefuly restage the app details

Loggregator

• Now using Go 1.4 to build all components.

Commit summary

Used Configuration

• BOSH Version: 152
• Stemcell Version: 2889
• CC Api Version: 2.24.0

Compatible Diego Version

• final release 0.1075.0 commit

v205

The cf-release v205 was released on March 20th, 2015

• This release was deployed to our Prod environment on March 23rd, 2015

Runtime

• Update rootfs for lucid64 and cflinuxfs2. This addresses USN-2537-1, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293 details
• [Experimental] Work continues on support for Asynchronous Service Instance Operations details
• Work continues on improvements to Recursive Space Deletion details
• [Experimental] Work continues on /v3 and Application Process Types details
• [Experimental] Work continues on Route API details
• [Experimental] Complete reverting of ca-truster job for adding custom CA Certificates to the trust store on vms in cf-release
• Add debugging statements around quotacheck details
• cloudfoundry/cf-release #638: Remove unneeded notification_templates.admin scope from admin user details

Used Configuration

• BOSH Version: 148
• Stemcell Version: 2859
• CC Api Version: 2.23.0

Commit summary

v204

The cf-release v204 was released on March 19th, 2015

• Note cf-release is now 5.1 GB. BOSH Director's nginx has a 5GB limit on upload size. If you are uploading cf-release into BOSH Director that has never before deployed cf, your upload will fail. Instructions for modifying this configuration on BOSH Director here. For BOSH-Lite here The buildpacks team has a skinny buildpacks epic that should help with this issue.

Runtime

• Upgrading php buildpack to v3.1.0 details
• Upgrading ruby buildpack to v1.3.0 details
• Upgrading python buildpack to v1.2.0 details
• Upgrading nodejs buildpack to v1.2.0 details
• Upgrading go buildpack to v1.2.0 details
• [Experimental] Work continues on support for Asynchronous Service Instance Operations details
  • Bug fixed to prevent long-lived service instances from getting stuck in "update in progress" on bind or unbind details
• [Experimental] Work continues on /v3 and Application Process Types details
• [Experimental] Work continues on Route API details
• [Experimental] Reverting ca-truster job for adding custom CA Certificates to the trust store on vms in cf-release
• Recursive deletion of a space no longer aborts after first failure to delete a resource within (deleting all resources that can be deleted) and deletion of service instances and bindings are not rolled back, preventing orphans. Deletion of applications during recursive deletion of a space remains in a transaction; failure to delete one app will roll back deletion of all apps in the space.
• You can now configure dea_next.allow_host_access property in cf-release manifest. details
  • This allows containers on the same host to be able to communicate with each other assuming security groups allow it.
• Change v2 directory server port to 32766 details
• Add -W interactive to awk so that it does not buffer writing to stdout/stderr details
• Update rootfs blobs in cf-release. Addresses CVE-2014-9680 details
• cloudfoundry/cf-release #635: Removing unnecessary meta.openstack in openstack stub details

Used Configuration

• BOSH Version: 148
• Stemcell Version: 2859
• CC Api Version: 2.23.0

Commit summary

v203

The cf-release v203 was released on March 12, 2015

Runtime

• Update to Java Buildpack 2.7.1 details release
• Work continues on support for Asynchronous Service Instance Operations details
• [Experimental] Work continues on /v3 and Application Process Types details
• [Experimental] Initial work on route api merged into cf-release details
• [Experimental] Custom CA Certificates can be added to the trust store on vms in cf-release details
  • Still need to fix a race condition where the ca_truster job that installs the CA certs may not run first details
  • Loggregator vms still pending details
• gorouter can now be configured to terminate ssl details
  • See manifest configuration options for gorouter below (next section).
• cloudfoundry/cf-release #632: TCP tuning details
• Moved configuration of lucid64 stack out of a database migration and into manifest configuration details
  • For brand new cf deployments, if cc.stacks is specified in the manifest, then only those stacks specified will be added to the database.
  • If cc.stacks is not specified in the manifest, the default set of stacks will be added, currently lucid64 and cflinuxfs2.
  • For existing deployments, stacks specified in the manifest will be upserted.
• Add content-type to blobstore file creation details
• cloudfoundry/cf-release #627: Adding X-Forwarded-Proto header to HTTP check for UAA and Login details
• As a CF operator, I can specify the default stack in the manifest details
  • Manifest configuration cc.default_stack
• Fixed a bug when an app has a lot of fingerprints matched during resource matching, it should still be able to stage details
• As a cf operator I can specify via manifest "min_cli_version" and "min_recommended_cli_version" for /v2/info details
• Rescue warden client disconnect when doing varz updates details
• Security Groups applied to the space are visible to non-admins with correct permissions details
• cloudfoundry/cf-release #623: Enable explicit configuration of uaa.issuer details

Manifest configurations for gorouter to terminate ssl

properties.router.enable_ssl
properties.router.cipher_suites
properties.router.ssl_cert
properties.router.ssl_key

Loggregator

• Major fix: Doppler and TrafficController no longer leak connections for websocket or syslog disconnects. details
• Default batch size in syslog_drain_binder increased from 10 to 1000. details
• Bug fix to reconnect a syslog drain if the service goes down and then comes back up. details
• Metron now uses identical config set up as Doppler and TC details
• Additional Doppler Reliability tests
  • Service Announcement details
  • Container Metrics details
  • Doppler /firehose endpoint details

Used Configuration

• BOSH Version: 148
• Stemcell Version: 2859
• CC Api Version: 2.23.0

Commit summary

v202

The cf-release v202 was released on March 9th, 2015

NOTE: It is highly recommended that you first deploy stemcell 2859+ before upgrading to this release. We have also found that network traffic on the newer AWS instance types appears to be more stable with the 3.16 kernel that is available as of 2859. details

Runtime

• Fixed a slow query on /v2/apps/:guid/routes introduced in v201 details
• Update collector, login, and uaa to Ruby 2.1.4 and remove Ruby 1.9.3 details
• Work continues on /v3 and Application Process Types details
• Work continues on support for Asynchronous Service Instance Operations details

Used Configuration

• BOSH Version: 148
• Stemcell Version: 2859
• CC Api Version: 2.22.0

Commit summary

v201

The cf-release v201 was released on March 4th, 2015

NOTE: It is highly recommended that you first deploy stemcell 2859+ before upgrading to this release. We have also found that network traffic on the newer AWS instance types appears to be more stable with the 3.16 kernel that is available as of 2859. details

Runtime

• A new stack cflinuxfs2 derived from Ubuntu 14.04.2 (Trusty Tahr) is now available
  • Work is in progress by the Buildpacks team to update buildpacks to support the new stack. details
  • The Java buildpack already works with the new stack.
  • The default stack for newly pushed apps will remain lucid64 by default until the buildpacks have all been updated.
  • If configured, users can then opt-in to the new stack with cf push APP-NAME -s cflinuxfs2. See manifest configuration options for stacks below (next section).
• Upgrading the php buildpack to v3.0.4 details
• Upgrading the Java Buildpack to version 2.7 details
• Org Managers can now share private domains across specific organizations details
• Work continues on /v3 and Application Process Types details
• Work continues on support for Asynchronous Service Instance Operations details
  • Improved error handling and descriptive error messages
  • Operations are block while in progress
  • Brokers can declare a polling interval, admins can configure a default interval and max attempts
  • Audit events created for async operations
  • API docs being published, changes for this feature are marked Experimental and subject to backward incompatible change
• Renaming a service instance no longer causes instance to become stuck in 'update in progress' details
• Add default value for dea_next.advertise_interval_in_seconds in cc spec details
• Updated LoggregatorEmitter to 4.0.0 * Rescue all exceptions when emitting. details
• VCAP_SERVICES, DATABASE_URL, and VCAP_APPLICATION no longer does BASH variable substitution details
• cloudfoundry/cf-release #616: Added networks properties for postgres and nfs details
• cloudfoundry/cloud_controller_ng #331: Allow db:rollback to roll back multiple migrations details
• cloudfoundry/dea_ng #161: startup script evals user environment variables before .profile.d details
• cloudfoundry/cf-release #622: Set default to 64000 max conn details
• pruneThresholdInSeconds added to router.start and router.greet messages details
• cloudfoundry/gorouter #75: Allow keepalives to the front-end proxy details
• Fixed an issue where deleting a route bound to a running app with multiple routes would actually result in a small amount of downtime for the app details
• Changed limit parameter for fog to a string instead of a symbol to fix issues with use of blobstores using aws_signature_version: 2 detail
• Updated lucid64 and cflinuxfs2 to address CVE-2013-7423, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473 detail
• Updated ca-certificates for lucid64 to address USN-2509-1 detail
• Upgraded gorouter,hm9000 to golang 1.4.2 details
• Upgraded DEA and Warden to Ruby 2.1.4 details

Manifest configuration options for stacks

• It is not yet possible to specify via manifest to change the default stack. We hope to make that available in the next cf-release details
• If nothing is specified for cc.stacks in your manifest then lucid64 and cflinuxfs2 stacks will both be available and lucid64 is the default stack if no stack specified when pushing an app.
• lucid64 will currently always be available as a stack whether explicitly specified or not. There is a story in the Runtime backlog allow it to be removed via manifest configuration. details
• If you have another stack already specified in cc.stacks you will need to add cflinuxfs2 explicitly.

cc:  
  stacks:
  - name: cflinuxfs2
    description: Cloud Foundry Linux-based filesystem
  - name: otherstack
    description: Another stack       

Loggregator

• Fixed several go routine leaks in doppler. details
• Fixed use cases around use_ssl_flag. details
• Merged github pull request for making envelope.Origin a getter. details
• New integration-level test suites for doppler to improve reliability.
  • Harness. details
  • Streaming Logs. details
  • Syslog Drain Binding. - doppler side.

Used Configuration

• BOSH Version: 148
• Stemcell Version: 2859
• CC Api Version: 2.22.0

Commit summary

v200

The cf-release v200 was released on February 18th, 2015

Runtime

• Work continues on /v3 and Application Process Types details
• Work continues on support for Asynchronous Service Instance Operations details

Loggregator

• Doppler now uses safer channel operations to prevent regular crashes details
• Traffic Controller can now receive container metrics from Doppler details
• NOAA can now receive container metrics from Traffic Controller details
• Metron tracks the cumulative values of counters details
• Corrected path of protobuf package after source moved to github
  • ...in Loggregator details
  • ...in Loggregator consumer details
  • ...in Loggregator lib details
  • ...and in Dropsonde details

Used Configuration

• BOSH Version: 134
• Stemcell Version: 2818
• CC Api Version: 2.22.0

Commit summary

v199

The cf-release v199 was released on February 12th, 2015

• Note: Known issue with doppler introduced in v198 and present in v199 details

Runtime

• Work continues on /v3 and Application Process Types details
• Work continues on support for Asynchronous Service Instance Operations details
• Allow admins to create wildcard routes details
  • This feature allows cf admins to specify a wildcard route cf create-route SPACE DOMAIN -n "*"
  • The host name must be specified exactly as "*"
  • If you map this wildcard route to an app, requests to any matching routes will be routed to the app. Exact matches of routes will take precedence over the wildcard route.
• Configurable file_descriptors limit for warden container details
  • cc.instance_file_descriptor_limit
• disable colorized ginkgo output for acceptance_tests errand details
• Escape VCAP_SERVICES and VCAP_APPLICATION env variables details
• Avoid large query when logging auth errors details
• Send logs for cloud controller worker, clock to logs instead of STDOUT details

Used Configuration

• BOSH Version: 134
• Stemcell Version: 2818
• CC Api Version: 2.22.0

Commit summary

v198

The cf-release v198 was released on February 10th, 2015

Runtime

• Updated the rootfs. This addresses CVE-2014-9636 details
• Improved instructions for minimal AWS example details
• Updated python buildpack to v1.1.2 details
• Updated go buildpack to v1.1.2 details
• Updated java buildpack to v2.6.1 details
• Updated ruby buildpack to v1.2.1 details
• Updated cf cli to 6.9.0 details
• Updated fog to 1.27 details
• Work continues on /v3 and Application Process Types details
• Work continues on support for Asynchronous Service Instance Operations details
• Service Instance Orphan Mitigation improvements details
• /v2/managed_service_instances is now deprecated details
• Renaming broker does not cause CC to fetch service broker catalog details
• Application Security Groups now support logging of the first packet of outbound tcp traffic details apidoc
• Enabled wildcard routes to be published to NATS details
• Users can now specify via the api longer start commands details
• /v2/routes can now be queried by organization guid details
• nginx_status endpoint is always enabled details
• Org Auditors can now see space related /v2/events details
• no need to pre-provision errand VMs; bosh will auto-create details
• Catch socket error during staging causing CATS to be flaky details
• DEA no longer crashes if loggregator emitter fails to emit details
• cloud controller worker and clock jobs now logs to files instead of STDOUT details
• /v2/info no longer rejects requests that have invalid tokens (this change was in v197 only) details

Loggregator

Features

• Changing syslog drain location no longer requires application restaging. details
• Diego-enabled doppler endpoints
  details
• Diego-enabled dropsonde emitter
  details
• Moved lamb manifest-template configuration out of cf-release details
• Improved documentation
  • Firehose Metrics details
  • Dropsonde
    details
  • Syslog Drains
    details
  • Spelling errors details

Bug fixes

• Hard-code doppler dropsondeOrigin to "doppler"
  details
• Doppler continues to attempt to contact failed syslog drain after app is deleted
  details
• Dropsonde emitter no longer nil on initialization.
  details
• Fixed firehose deadlock condition in doppler.
  details
• Enable SIGTRAPS to get goroutine info.
  details
• Enable unicode character support in emitters.
  details
• Dropsonde InstrumentedRoundTripper now supports CancelRequests.
  details
• Buffer more messages in doppler to increase reliability under load.
  details
• Enable kernel log redirection
  details
• Improved CAT tests for reliability.

Used Configuration

• BOSH Version: 134
• Stemcell Version: 2818
• CC Api Version: 2.22.0

Commit summary

v197

The cf-release v197 was released on January 28th, 2015

Runtime

• Updated the rootfs. This addresses GHOST CVE-2015-0235 details
• Work continues on Application Process Types details
• Cloud Controller now always rejects calls with an invalid token in the Authorization header. Some endpoints support different responses for authenticated and unauthenticated responses. Clients desiring the unauthenticated response should not include a token details
• Cloud Controller now correctly returns a 502 when broker returns a malformed response details
• Work has begun on support for Asynchronous Service Instance Provisioning details
• Legacy UAA client removed from spiff templates details
• Work continues on Service Instance Orphan Mitigation details
• Service Broker client in Cloud Controller now uses a different library to prevent retry on timeout, as retries are now handled by orphan mitigation mechanisms details
• Added default_env bosh password to manifests details
  • By default, the password is still c1oudc0w
  • This PR simplifies changing passwords for all the vms or by resource pool with spiff.
• Output timestamps in all ctl logs details
• Updated default cipher string for HAProxy details
• Fixed time consistency in cloud controller details
• /v2/apps should be filterable by organization_guid details
• Allow smoke tests cleanup to be disabled details
• Include job descriptions in cf-release details
• Provide an extremely minimal aws manifest example for cf-release and instructions on how to deploy it on aws. details
  • We plan to keep the manifest example up to date with each cf-release.
  • See cf-release/example_manifests

UAA and Login

• Bump Login Server to 1.14 details

Used Configuration

• BOSH Director v117
• Stemcell v2778
• CC API v2.21.0

Commit summary.