Skip to main content
U.S. flag

An official website of the United States government

November 27th Change Log

November 27, 2023

Change Log - Enjoy the Turkey Day leftovers!

Customer Facing Changes

The audience for this section is developers who maintain applications on and may need to respond to stack or buildpack changes.

CF-Deployment - v33.4.0 to v33.10.0

  • Changes below are broken down by component

CFLinuxfs4 - 1.51.0 up from 1.49.0

Notably, this bump addresses:

  • USN-6467-2: Kerberos vulnerability: CVE-2023-36054: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
  • USN-6477-1: procps-ng vulnerability: CVE-2023-4016: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.

Java-Buildpack 4.63.1 up from 4.63.0

  • This release includes some agent framework dependency bumps, including a bug fix in Java CFEnv when using DB2, see this issue for more information.

  • For a more detailed look at the changes in 4.63.1, please take a look at the commit log. The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.

CF CLI 1.53.0 up from 1.50.0

This release contains the following versions of the CF CLI:

Major Version Prior Version Current Version
v8 8.7.5 8.7.5
v7 7.7.5 7.7.5
v6 6.53.0 6.53.0

Platform Changes

This section is for the platform operators at to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.

BOSH DNS - v1.36.10 from 1.36.9

  • Updates golang package golang-1-linux to 1.21.4
  • Updates golang package golang-1-windows to 1.21.4

BPM - 1.2.11 from 1.2.9

CAPI - v1.165.0 up from v1.164.0

CF-Networking 3.38.0 up from 3.35.0

  • Bump golang to 1.21.4
  • The policy-server-internal job’s healthcheck endpoint is now available only via localhost.
  • Go package dependency bumps

Diego 2.85.0 up from 2.84.0

  • Bump garden Grootfs, Guardian, and idmapper
  • Bump golang to 1.21.4

Garden-Runc 1.44.0 up from 1.43.0

  • Change user for grootfs test
  • Bump golang to 1.21.4

log-cache 3.0.8 up from 3.0.7

  • Bump dependencies
  • Bump Golang to v1.20.11

loggregator-agent 7.7.1 up 7.6.4 from

  • Added warn_on_invalid_drains property to Syslog Agent to allow warnings for invalid drains to be suppressed.
  • Bump dependencies.
  • Added warn_on_invalid_drains property to Windows Syslog Agent to allow warnings for invalid drains to be suppressed.
  • Bump to go1.20.11
  • Bump dependencies.

metrics-discovery 3.2.20 up from 3.2.18

  • Bump to go1.20.11
  • Bump dependencies

nats 56.12.0 up from 56.11.0

  • Bump Golang to 1.21.4

node-exporter 5.5.0 up from 5.4.0

  • add missing collectors to boshrelease by @Houlistonm in #17

prometheus 29.6.0 up grom 29.5.0

  • add retro_compat.disable property by @mchabane in #484
  • various bumps:
    • Bump Credhub-Exporter to v0.32.0
    • Bump Grafana to v9.5.13
    • Bump Grafana Worldmap Panel to v1.0.6
    • Bump Postgres-Exporter to 0.14.0
    • Bump Bosh-Exporter to v3.6.1
    • Bump CF-Exporter to v1.2.3
    • Bump Firehose-Exporter to v7.1.2
    • Bump Redis-Exporter to v1.55.0
    • Bump Prometheus to 2.47.0
    • Bump Statsd-Exporter to 0.25.0

Routing 0.284.0 up from 0.283.0

  • Upgrade to Golang 1.21.4
  • Bump dependencies

silk 3.38.0 up from 3.35.0

statsd-injector 1.11.36 up from 1.11.35

  • Bump dependencies
  • Bump packaged Golang to go1.20.11

UAA 76.25.0 up from 76.24.0

  • Bump from 1.28.1 to 1.29.0 in /src/acceptance_tests by @dependabot in #694
  • Bump rake from 13.0.6 to 13.1.0 by @dependabot in #698
  • Bump from 0.0.408 to 0.0.409 in /src/acceptance_tests by @dependabot in #695
  • Bump racc from 1.7.1 to 1.7.2 by @dependabot in #700

Final Note

You may want to throw out the stuffing at this point.

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?