CF 254

Contents

• Notices
• Job Spec Changes
• CVEs
• Compatible Releases and Stemcells
• Subcomponent Updates

Notices

• Upcoming changes may require an update to your BOSH Director. Please update to BOSH v261.3 to ensure that future versions of cf-release can successfully deploy.
  Details: Specifically, if your BOSH director uses a MySQL database as its data store, a version of cf-release that contains links for consul jobs will fail to deploy due to a bug in the database schema. BOSH v261.3 contains the necessary fix. We will likely wait until CF v256 to introduce the breaking change, so that operators can update their BOSH directors to 261.3 or greater.
• This release adds functionality to allow multiple instances of the Cloud Controller clock job. If you're using the spiff templates, you'll see clock_global job replaces by clock_z1 and clock_z2 jobs.
• This release is using an experimental new Loggreator-API when deploying to bosh-lite. It has been noted that metron is using unusually high CPU when utilizing this new API. This does not normal bosh deployments.
• The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85
  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Job Spec Changes

• Cloud Controller Clock now requires SSL configuration with the following properties, these properties became required for Cloud Controller in CF 253 so they may already be present in your deployment:
  • cc.mutual_tls.ca_cert: PEM-encoded CA certificate for secure, mutually authenticated TLS communication
  • cc.mutual_tls.public_cert: PEM-encoded certificate for secure, mutually authenticated TLS communication
  • cc.mutual_tls.private_key: PEM-encoded key for secure, mutually authenticated TLS communication

CVEs

• None

Subcomponent Updates

• Cloud Controller and Service Broker API:
  • capi-release 1.22.0
  • capi-release 1.23.0
• Identity:
  • uaa-release v28
• Routing:
  • routing-release 0.147.0
• Loggregator:
  • Loggregator v81, and statsd-injector v1.0.22
• Buildpacks and Stacks:
  • Java:
    • java-buildpack v3.14
  • Ruby:
    • ruby-buildpack v1.6.35
  • Go:
    • go-buildpack v1.7.19
  • Node.js:
    • nodejs-buildpack v1.5.30
  • Python:
    • python-buildpack v1.5.16
  • PHP:
    • php-buildpack v4.3.28
  • Staticfile:
    • staticfile-buildpack v1.3.18
  • Binary:
    • binary-buildpack v1.0.10
  • .NET Core:
    • dotnet-core-buildpack v1.0.12
  • Stacks:
    • stacks v1.108.0
    • stacks v1.107.0
    • stacks v1.106.0
    • stacks v1.105.0
• Consul:
  • No changes.
• Etcd:
  • No changes.
• NATS:
  • No changes.
• Postgres:
  • postgres-release v14
• DEA-Warden-HM9000:
  • No changes.

Compatible Releases and Stemcells

• Diego release v1.10.1. Release notes for v1.10.1 · v1.10.0 · v1.9.0.
• Garden-Runc release v1.3.0. Release notes for v1.3.0 · v1.2.0.
• cflinuxfs2-rootfs release v1.57.0. Release notes for v1.57.0 · v1.56.0 · v1.55.0 · v1.54.0.
• cf-networking release v0.18.0. Release notes for v0.18.0 · v0.17.0.
• grootfs release v0.15.0. Release notes for v0.15.0
• stemcell: 3363.12