November 23rd cloud.gov Change Log

November 23, 2022

Happy Thanksgiving Week! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this time include redis and disk quotas!

Change Log

Customer Facing

Noteworthy Changes and features

AWS Elasticache Redis versions

The aws broker now supports newer and multiple redis versions. Default redis is now AWS Elasticache Redis 6.2. Older and other versions can be selected by following https://cloud.gov/docs/services/aws-elasticache/#setting-optional-parameters.

Versions supported:

5.0.6 - previous default
6.0
6.2 - default
7.0

Application Disk Quota

The maximum Disk Quota an application can use is now 7GB up from 6GB. Disk Quota is how much disk space an application instance will have access to.

Note: Disk Quota is not same as your organization’s memory quota.

Find how to specify disk quota here: https://cloud.gov/docs/management/limits/#app

Go Buildpack - v1.10.0 up from v1.9.50

Add support for cflinuxfs4 stack
Add go 1.19.2, remove go 1.19 for stack(s) cflinuxfs4, cflinuxfs3
Update Go Buildpack dependencies to only keep 1 of each patch version (latest)

Java Buildpack - v4.53 up from v4.52

I’m pleased to announce the release of the java-buildpack, version 4.53. It primarily includes new OpenJDK versions, which are based on the Oracle Java Quarterly Updates for Oct 2022.

This release also includes an enhancement to the Sealights framework, more field are supported for a User-Provided service (Thanks to @alonweiss-sl via #964)

🚨 Deprecation of Spring Cloud Connectors & Spring Auto Reconfiguration 🚨

This release reverts the change made in v4.51 which disabled the Spring Auto Reconfiguration framework by default. From this release, it will be enabled by default as per all versions < 4.51. This is to provide users with more time to migrate to the recommended alternative library, java-cfenv. The default of disabled will now happen in a release after March 2023, and the library will be completely removed in a release after March 2024. As before, you may post feedback/comments to this issue.

Nginx Buildpack - v1.1.45 up from v1.1.44

Add nginx 1.23.2, remove nginx 1.23.1 for stack(s) cflinuxfs3
Add nginx 1.22.1, remove nginx 1.22.0 for stack(s) cflinuxfs3

Nodejs Buildpcak - v1.8.3 up from v1.8.2

Add node 18.12.1, remove node 18.9.0 for stack(s) cflinuxfs3, cflinuxfs4
Add node 14.21.1, remove node 14.20.0 for stack(s) cflinuxfs3, cflinuxfs4
Add node 16.18.1, remove node 16.17.1 for stack(s) cflinuxfs3, cflinuxfs4 (https://www.pivotaltracker.com/story/show/183724805)
Bumps go.mod go version to 1.19

Staticfile Buildpack - v1.5.35 up from v1.5.34

Add nginx 1.23.2, remove nginx 1.23.1 for stack(s) cflinuxfs3
Add nginx 1.22.1, remove nginx 1.22.0 for stack(s) cflinuxfs3

Platform Changes

Capi - v1.141.0 up from 1.140.0

Highlights

v3/routes returns shared routes
Cloud Controller processes large manifests with a hard limit of 1MB
Various performance improvements (optimized DB queries)

CC API Version: 2.193.0 and 3.128.0

Service Broker API Version: 2.15

CAPI Release Cloud Controller

v3/routes additionally returns shared routes (cloudfoundry/cloud_controller_ng#3037)
Enable CC to process large manifests (cloudfoundry/cloud_controller_ng#3034)
Add support for multiple certs per syslog_drain_url (cloudfoundry/cloud_controller_ng#3028)
Cut DB query complexity in permissions/visibility checks (cloudfoundry/cloud_controller_ng#3043)
Misc db optimizations (cloudfoundry/cloud_controller_ng#3052)
Use foreign keys more to avoid DB queries (cloudfoundry/cloud_controller_ng#3033)
Check space/org permissions by id, not guid (cloudfoundry/cloud_controller_ng#3021)
More readable checks to see if any row exists (cloudfoundry/cloud_controller_ng#3053)
Clean up unused/unnecessary permissions methods (cloudfoundry/cloud_controller_ng#3038)
Fix v3 upgrade guide for audit_events (cloudfoundry/cloud_controller_ng#3039)
Fix two typos in API docs (cloudfoundry/cloud_controller_ng#3031)
Fix roles table in service instance delete docs (cloudfoundry/cloud_controller_ng#3023)
Allow dependabot to update github actions (cloudfoundry/cloud_controller_ng#3040)

Cflinuxfs3 - v0.332.0 up from v0.331.0

Notably, this release addresses:

USN-5716-1 USN-5716-1: SQLite vulnerability:

CVE-2022-35737: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Log Cache - v2.12.3 up from v2.12.2

Bump to go1.19.3
Bump dependencies

Loggregator - v106.7.3 up from v106.7.2

Bump to go1.19.3
Bump dependencies
Fix: race condition in the v1 ingestor server tests by @ctlong in #468

Metrics-discovery - v3.2.3 up from v3.2.2

Bump to go1.19.3
Bump dependencies

Routing - v0.239.0 up from v0.238.0

Gorouter’s pre-start script now reserves ports used by other CF components when it increases the number of ephemeral ports available via /proc/sys/net/ipv4/ip_local_reserved_ports. This resolves issues when components fail to start up during deploys/monit restarts due to accidental port collisions with outbound traffic from the VM. Thanks @ameowlia !
Routing-release no longer makes use of the deprecated uaa-go-client, and uses go-uaa instead
The routing_utils/nats_client helper utility now supports saving + loading gorouter’s routing tables! Thanks @domdom82 !
Fixed a memory leak with gorouter that resulted in HTTP request objects being held open if a client canceled the connection before the App responded. Thanks @geofffranks !

Stemcell - v1.145 up from v1.122

BOSH Agent Version: 2.468.0
Patched for USN-5715-1: LibRaw vulnerabilities
Patched for USN-5689-1: Perl vulnerability
Patched for USN-5227-3: Pillow vulnerability
Patched for USN-5714-1: LibTIFF vulnerabilities
Patched for USN-5691-1: Linux kernel vulnerabilities

Suggest edits