v280

UPDATE: Several people have asked about the use of uaa-release 52.2 and the fact that it was originally labeled "Do not use." That release has a known issue with the skipSslValidation flag -- specifically that, when set to true, the UAA continued to validate TLS certificates anyway. This should only impact dev and test users, as production operators should always set skipSslValidation: false. In general, we consider this uaa-release 52.2 safe to use.

Contents

• Notices
• Job Spec Changes
• Security Notices
• Compatible Releases and Stemcells
• Subcomponent Updates

Notices

• The runtime-config for forwarding component syslogs contains an update that forwards only logs that are written to /var/vcap/sys/log. Logs pushed to rsyslog using the logger CLI will most likely be dropped, by design.
  Any operators who have overridden their syslog configuration to disable BlackBox should stop doing so as part of upgrading to this version of cf-release.

Job Spec Changes

• Breaking logging change with introduction of property cc.log_db_queries which defaults to false for jobs cloud_controller_ng, cloud_controller_worker, and cloud_controller_clock. This causes DB logs to not be logged by default. If you want to see these logs then you'll need to switch this value to true. An example of the logs in question:

{"timestamp":1510256720.2370548,"message":"(0.001166s) SELECT * FROM `delayed_jobs` WHERE ((((`run_at` <= '2017-11-09 19:45:20') AND (`locked_at` IS NULL)) OR (`locked_at` < '2017-11-09 15:45:20') OR (`locked_by` = 'cc_api_worker.api.0.2')) AND (`failed_at` IS NULL) AND (`queue` IN ('cc-api-0'))) ORDER BY `priority` ASC, `run_at` ASC LIMIT 5","log_level":"info","source":"cc.background","data":{},"thread_id":46994475118420,"fiber_id":46994498232380,"process_id":1759344,"file":"/var/vcap/packages/cloud_controller_ng/cloud_controller_ng/vendor/bundle/ruby/2.4.0/gems/sequel-4.49.0/lib/sequel/database/logging.rb","lineno":88,"method":"block in log_each"}

Security Notices

Affecting v280

• None

Resolved in v280

• None

Subcomponent Updates

• Cloud Controller and Service Broker API:
  • capi-release v1.45.0
• Identity:
  • uaa-release v52.2
• Routing:
  • routing-release v0.166.0
• Loggregator:
  • loggregator v99
  • statsd-injector-release v1.0.30
• Java Buildpack:
  • java-buildpack v4.6
• Ruby Buildpack:
  • ruby-buildpack v1.7.5
• Go Buildpack:
  • go-buildpack v1.8.13
• Node.js Buildpack:
  • nodejs-buildpack v1.6.10
• Python Buildpack:
  • python-buildpack v1.6.1
• PHP Buildpack:
  • php-buildpack v4.3.43
• Staticfile Buildpack:
  • staticfile-buildpack v1.4.18
• Binary Buildpack:
  • binary-buildpack v1.0.15
• .Net Core Buildpack:
  • dotnet-core-buildpack v1.0.30
• Consul:
  • consul-release v181
• NATS:
  • nats-release v22
• Postgres:
  • postgres-release v20

Compatible Releases and Stemcells

• Diego release v1.30.0. Release notes for v1.30.0.
• Garden-Runc release v1.9.6. Release notes for v1.9.6.
• cflinuxfs2 release v1.168.0. Release notes for v1.168.0 · v1.167.0.
• cf-networking release v1.8.1. Release notes for v1.8.1.
• grootfs release v0.30.0. Release notes for v0.30.0.
• stemcell: 3468.5