Platform Release Notes: June 1, 2017

Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past week and a half.

Fixed

• TLS certificates (for custom domains) provided by the CDN Route service are now automatically obtained with less risk of rate-limiting.
• We improved monitoring and reliability for the Redis and Elasticsearch services, enabling them to automatically restart if non-responsive.

Removed

• cloud.gov documentation no longer provides instructions for using the deprecated East/West environment, because all customer applications have migrated to the GovCloud environment.

Platform releases

cloud.gov now includes the following releases and upgrades. You will need to restage your application to incorporate fixes in the base filesystem and ensure you’re running the most recent language version supported by your buildpack.

We upgraded the Cloud Foundry deployment to v262. This upgrade addresses this security vulnerability: CVE-2017-4991: UAA password reset vulnerability

Additional upgrades

• PHP buildpack 4.3.33
• .NET Core Buildpack 1.0.18
• Binary Buildpack 1.0.12
• NodeJS Buildpack 1.5.34
• Go Buildpack 1.8.2
• Staticfile Buildpack 1.4.6
• Ruby Buildpack 1.6.39
• Diego 1.16.1
• Stemcell 3312.26
• RootFS cflinuxfs2 1.123.0, which address vulnerabilities described in these security notices:
  • USN-3271-1: Libxslt vulnerabilities
  • USN-3274-1: ICU vulnerabilities
  • USN-3276-1: shadow vulnerabilities
  • USN-3276-2: shadow regression
  • USN-3282-1: FreeType vulnerabilities
  • USN-3283-1: rtmpdump vulnerabilities
  • USN-3287-1: Git vulnerability
  • USN-3294-1: Bash vulnerabilities
  • USN-3295-1: JasPer vulnerabilities