From 645d834f07a4f10eae88c6828c9df201858aede9 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 12 Dec 2023 11:59:09 -0500 Subject: [PATCH] Adding release notes for last sprint --- _posts/2023-12-12-release-notes.md | 281 +++++++++++++++++++++++++++++ 1 file changed, 281 insertions(+) create mode 100644 _posts/2023-12-12-release-notes.md diff --git a/_posts/2023-12-12-release-notes.md b/_posts/2023-12-12-release-notes.md new file mode 100644 index 000000000..055efbb82 --- /dev/null +++ b/_posts/2023-12-12-release-notes.md @@ -0,0 +1,281 @@ +--- +layout: post +date: December 12th 2023 +title: "December 12th cloud.gov Change Log" +excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates. +--- + +# Change Log - Enjoy the season and gather with family and friends! + +## Customer Facing Changes +--- + +The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes. + +### CF-Deployment - v33.10.0 to v34.2.0 + +* Changes below are broken down by component + + +### Go-Buildpack 1.10.13 to 1.10.14 + +* Add go 1.21.4, remove go 1.21.3 +* Add go 1.20.11, remove go 1.20.10 +* Add go 1.21.3, remove go 1.21.2 +* Add go 1.20.10, remove go 1.20.9 + +Packaged binaries: + + * dep 0.5.4 + * glide 0.13.3 + * go 1.20.11 + * go 1.21.4 + * godep 80 + +Default binary versions: +* 1.20.x + +### Nginx-Buildpack 1.2.7 to 1.2.8 + +* Add nginx 1.25.3, remove nginx 1.25.2 + +Packaged binaries: + +* nginx 1.24.0 +* nginx 1.25.3 +* openresty 1.19.9.1 +* openresty 1.21.4.2 + +Default binary versions: + +* 1.25.x + +### Nodejs-Buildpack 1.8.19 to 1.8.20 + +* Updating github-config ([#673](https://github.com/cloudfoundry/nodejs-buildpack/pull/673)) + +Packaged binaries: + +* node 18.18.0 +* node 18.18.2 +* node 20.8.1 +* node 20.9.0 +* python 3.11.6 +* yarn 1.22.19 + +Default binary versions: + +* python 3.11.x +* node 18.x + + + +### PHP-Buildpack 4.6.11 to 4.6.12 + +* Add php 8.1.25, remove php 8.1.23 +* Add php 8.2.12, remove php 8.2.10 +* Add nginx 1.25.3, remove nginx 1.25.2 +* Add httpd 2.4.58, remove httpd 2.4.57 + +Packaged binaries: + +* appdynamics 23.7.1-751 +* composer 2.6.5 +* httpd 2.4.58 +* newrelic 10.11.0.3 +* nginx 1.24.0 +* nginx 1.25.3 +* php 8.1.24 +* php 8.1.25 +* php 8.2.11 +* php 8.2.12 +* python 2.7.18 +* ruby 3.0.5 + +Default binary versions: + +* php 8.1.25 +* httpd 2.4.58 +* newrelic 10.11.0.3 +* nginx 1.25.3 +* composer 2.6.5 + + +### Python-Buildpack 1.8.15 to 1.8.16 + +* Add setuptools 69.0.0, remove setuptools 68.2.2 +* Add pipenv 2023.11.15, remove pipenv 2023.10.3 +* Add miniconda3-py39 23.10.0, remove miniconda3-py39 23.5.2 +* Add pip 23.3.1, remove pip 23.2.1 + +Packaged binaries: + +* libffi 3.2.1 +* libmemcache 1.0.18 +* miniconda3-py39 23.10.0 +* pip 23.3.1 +* pipenv 2023.11.15 +* python 3.8.18 +* python 3.9.18 +* python 3.10.13 +* python 3.11.6 +* python 3.12.0 +* setuptools 69.0.0 + +Default binary versions: + +* 3.10.x + + + +### r-Buildpack 1.2.6 to 1.2.7 + +* Add r 4.3.2, remove r 4.3.1 +* Update r 4.2.3 dependencies: + * shiny from 1.7.5 to 1.8.0 + +Packaged binaries: + +* 4.2.3 - Modules: forecast, plumber, rserve, shiny +* 4.3.2 - Modules: forecast, plumber, rserve, shiny + + + + +### Ruby-Buildpack 1.10.5 to 1.10.6 + +* Add jruby 9.4.5.0, remove jruby 9.4.3.0 +* Add jruby 9.3.13.0, remove jruby 9.3.11.0 +* Add yarn 1.22.21, remove yarn 1.22.19 +* Add bundler 2.4.22, remove bundler 2.4.21 +* Add rubygems 3.4.22, remove rubygems 3.4.21 +* Add node 20.9.0, remove node 18.18.2 + +Packaged binaries: + +* bundler 2.4.22 +* jruby 9.3.13.0 +* jruby 9.4.5.0 +* node 20.9.0 +* openjdk1.8-latest 1.8.0 +* ruby 3.0.5 +* ruby 3.0.6 +* ruby 3.1.3 +* ruby 3.1.4 +* ruby 3.2.1 +* ruby 3.2.2 +* rubygems 3.4.22 +* yarn 1.22.21 + +Default binary versions: + +* 3.2.x + + +### Staticfile-Buildpack 1.6.7 to 1.6.8 + +* Add nginx 1.25.3, remove nginx 1.25.2 + +Packaged binaries: + +* nginx 1.24.0 +* nginx 1.25.3 + +Default binary versions: + +* 1.25.x + + + +### CFLinuxfs4 - 1.54.0 up from 1.51.0 + +Notably, this bump addresses: + +* `USN-6505-1` USN-6505-1: nghttp2 vulnerability: + * `CVE-2023-44487`: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. +* `USN-6499-1` USN-6499-1: GnuTLS vulnerability: + * `CVE-2023-5981`: [timing side-channel inside RSA-PSK key exchange] + + * `USN-6517-1` USN-6517-1: Perl vulnerabilities: + + * `CVE-2022-48522`: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. + * `CVE-2023-47038`: [A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer] + * `CVE-2022-48522`: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. + * `CVE-2023-47038`: [A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer] + +* USN-6512-1 USN-6512-1: LibTIFF vulnerabilities: + * `CVE-2022-40090`: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. + * `CVE-2023-3576`: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. + * `CVE-2023-3576`: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. + * `CVE-2022-40090`: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. + + +## Platform Changes +--- + +This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform. + + +### BOSH DNS - v1.36.10 to v1.36.11 + +* Updates golang package golang-1-linux to 1.21.5 +* Updates golang package golang-1-windows to 1.21.5 + + +### CAPI - v1.165.0 to v1.166.0 + +* CC API Version: 2.217.0 and 3.152.0 +* Service Broker API Version: 2.15 + +CAPI Release + +* Add config flag to disable prom_scraper +* Add statsd_host + statsd_port to cloud_controller_clock job +* Dependency Bumps + * Bump postgres to v11.22 + +Cloud Controller + +* Fix/Improve PumaRunner Setup and Configuration +* Prometheus on Thin +* Refactoring UAA client +* Remove unreachable rescue +* Enable Rails/EnvLocal rubocop +* Dependency Bumps + * bump spring from 4.1.2 to 4.1.3 + * bump rspec-rails from 6.0.3 to 6.1.0 + * bump puma from 5.6.7 to 6.4.0 + * bump nokogiri from 1.15.4 to 1.15.5 + * bump rubocop-rails from 2.22.1 to 2.22.2 + * bump public_suffix from 5.0.3 to 5.0.4 + * bump spring from 4.1.1 to 4.1.2 + * bump mock_redis from 0.39.0 to 0.40.0 + +Cloud Controller Database Migrations + +* None + +### CF-Smoketests 42.0.113 to 42.0.117 + +* Bump golang, cf-cli and smoke_tests packages + + +### Garden-Runc 1.44.0 to 1.45.0 + +* Resolved an issue where container networking statistics could not be retrieved for apps running in containers that did not have a `bash` executable. +* Removed the garden-healthchecker package after it had been removed from the boshrelease in v1.43.0 + + +### loggregator-agent 7.7.1 to 7.7.2 + +Experimental OTel Collector changes + * Bump otel-collector to v0.89.0. See the [opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector/releases/tag/v0.89.0) and [opentelemetry-collector-contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.89.0) release notes for more details. + + +### UAA 76.25.0 to 76.26.0 + +* Bump github.com/cloudfoundry/bosh-utils from 0.0.414 to 0.0.415 in /src/acceptance_tests + +## Final Note + +Remember to keep your eggnog refrigerated until consumed.