Skip to main content
U.S. flag

An official website of the United States government

November 9th Change Log

November 09, 2023

Change Log - Happy almost Turkey Day!

Customer Facing Changes

CF-Deployment - v33.1.0 to v33.4.0

  • Changes below are broken down by component

CFLinuxfs4 - 1.49.0 up from 1.46.0

Notably, this bump addresses:

  • USN-6452-1 USN-6452-1: Vim vulnerabilities:
  • USN-6450-1 USN-6450-1: OpenSSL vulnerabilities:

Java-Buildpack 4.63.0 up from 4.62.0

This release includes the Java quarterly patch releases, as well as updates to the following frameworks/agents:

  • AppDynamics
  • Azure App Insights
  • Datadog
  • Elastic APM
  • JRebel
  • Java CfEnv
  • Splunk Otel
  • Tomcat

Working on adding Java 21 support by default, for the moment users can add 21 as a version line in the config file - since the binaries are already available, bundling the buildpack will then include this version.

For a more detailed look at the changes in 4.63.0, please take a look at the commit log. The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.

NodeJS Buildpack v1.8.19 up from v1.8.18

  • Add node 20.9.0, remove node 20.8.0 for stack(s) cflinuxfs4, cflinuxfs3
  • Uncached buildpack SHA256: 61cc8acec791d0b4014b252811d841ac5c569b3fd003b194135f248c4bbec260
  • Uncached buildpack SHA256: cf9cab4597267890f03b746134e0af4c8af9bcfc4ba9c146148d9c978c23ff35

CF CLI 1.50.0 up from 1.49.0

This release contains the following versions of the CF CLI

Major Version Prior Version Current Version
v8 8.7.3 8.7.4
v7 7.7.3 7.7.4
v6 6.53.0 6.53.0

Platform Changes

CAPI - v1.164.0 up from v1.163.0

CF-Networking 3.35.0 up from 3.34.0

  • Increase default value for max_policies_per_app_source from 50 to 150.
  • Bug fix: update the policy-server last_updated timestamp to have microsecond precision. Previously it had second level precision, this created a race condition when multiple c2c policies were updated at nearly the same time, but the vxlan-policy-agent would only pick up the first update.

Diego 2.84.0 up from 2.83.0

  • Bumps envoy to v1.28.0
  • BBS DesiredLRPHandler now sends Stop/Update LRP requests to rep in parallel
  • Log rate limit metrics are no longer generated for tasks
  • App Logs will now emit messages for when they run pre-start scripts and when they invoke the startup command, to make troubleshooting just that much easier

Garden-Runc 1.43.0 up from 1.41.0

  • The garden-healthchecker process was found to be too aggressive when evaluating and acting upon failed healthchecks. It has been removed.
  • Built with go 1.21.3
  • Bump golang dependencies
  • Bump ruby testing dependencies

Routing 0.283.0 up from 0.282.0

  • Adds missing timings to non-http backend requests, e.g. websockets. (cloudfoundry/gorouter#363
  • Adds ability for gorouter to verify mTLS Client Certificate metadata (#355)
  • CI Enhancements and updates
  • Package Dependency bumps

Syslog v12.2.0 up from v12.1.10

  • Features
    • Add a new, optional, structured data param key, environment, to instance@47450. This is useful for cases where log lines should be tagged with an operator provided string but need to vary from the director name. Maintenance
    • Bump blackbox dependencies.

UAA 76.24.0 up from 76.23.0

  • New UAA
    • Bump to UAA v76.24.0
    • The versions 76.22.0 and 76.23.0 contain a regression regarding the empty secret change. If you need to have an empty secret in your clients and you create them later via REST calls, use this version.
  • Runtime
    • Upgrade Java version 11 -> 17 (Bellsoft JDK 17.0.9+11)
  • Dependency Bumps
    • Bump from 0.0.406 to 0.0.407
    • Bump mini_portile2 from 2.8.4 to 2.8.5 by @dependabot
    • Bump from 1.28.0 to 1.28.1 in /src/acceptance_tests by @dependabot
    • Bump from 0.0.407 to 0.0.408 in /src/acceptance_tests by @dependabot

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?