Skip to main content

63.0.0

· 10 min read

Added

  • all services: Introduce the UPGRADE.md file, as a companion to the CHANGELOG entries, which will mention all breaking changes, upgrade requirements, and notes associated to the release.
  • all services: Introduce a script bin/rotate_ca_certificate.rb to handle the interactions with CredHub in each step during the CA rotation. For more information, see Certificate Rotation - CA Certificate Rotation.
  • all services: Introduce an intermediate certificate in all deployment manifests signed by the a9s_private_components_ca CA to simplify the CA certificate rotation via the bin/rotate_ca_certificate.rb script. For more information, see Certificate Rotation - CA Certificate Rotation.
  • all services: a9s Smoke Tests: Introduce a new property, service-smoke-tests.service.graphite_timeout to make the timeout interval for the graphite logs configurable. This addresses the case where streaming the system metrics, under the heavy load of the smoke-tests, would exceed the default graphite timeout, causing the tests to fail. For more information, see General Smoke Tests Properties.
  • a9s MongoDB: a9s MongoDB SPI: Add new custom parameter custom_roles that allows the user to apply additional roles like clusterMonitor to the service-keys and service-bindings. For more information, see a9s MongoDB - Custom Parameters.
  • docs: Application Developer: a9s MongoDB: Add a documentation for the custom_roles parameter to apply custom roles to service-keys and service-bindings. For more information, see a9s MongoDB - Custom Parameters.
  • docs: Platform Operator: Add a note to clarify that generated certificates will be automatically rotated when updating a Service Instance, if the certificate will expire in 30 days or less. For more information, see Generated Certificates.
  • docs: Platform Operator: a9s MongoDB: Add documentation for the custom_roles parameter. For more information, see a9s MongoDB - SPI Configuration
  • docs: Platform Operator: a9s Smoke Tests: Add the service-smoke-tests.service.graphite_timeout property for graphite logs to the documentation. For more information, see General Smoke Tests Properties.

Changed

  • breaking change a9s Elasticsearch: a9s BOSH Deployer:
    • Update Rails to v7.2.
    • Update to the newest database field encryption method. After deploying the newest version, the migrate-deployer-encrypted-database-fields errand needs to be run for each Data Service.
    • The errand migrate-deployer-encrypted-database-fields is now part of the deployer-api instance group and therefore its dedicated instance group has been removed.
  • breaking change a9s LogMe: a9s BOSH Deployer:
    • Update Rails to v7.2.
    • Update to the newest database field encryption method. After deploying the newest version, the migrate-deployer-encrypted-database-fields errand needs to be run for each Data Service.
    • The errand migrate-deployer-encrypted-database-fields is now part of the deployer-api instance group and therefore its dedicated instance group has been removed.
  • breaking change a9s MySQL: a9s BOSH Deployer:
    • Update Rails to v7.2.
    • Update to the newest database field encryption method. After deploying the newest version, the migrate-deployer-encrypted-database-fields errand needs to be run for each Data Service.
    • The errand migrate-deployer-encrypted-database-fields is now part of the deployer-api instance group and therefore its dedicated instance group has been removed.
  • all services: a9s DS API Gateway: Disable the backup download endpoint from a9s Public API v1, as there is an issue with streaming larger backups.
  • all services: a9s Service Dashboard: Revert downloading backups to use a9s Public API V0, as the endpoint from a9s Public API V1 is not available to use.
  • all services: a9s DS API Gateway: Adapt underlying plugins to forward HTTP response status codes to client.
  • all services: a9s Smoke Tests: Refactor smoke tests to use less memory and disk resources.
  • a9s Backup Services: a9s Backup Manager: Limit the amount of queued backups per Service Instance to 1, in order to prevent backup accumulation and, as a result, the overflow of the backups queue.
  • a9s Backup Services: a9s Backup Manager: Update backups' and restores' state to failed for deleted Service Instances, thus improving the reliability of monitoring metrics.
  • a9s Backup Services: a9s Backup Manager: Improve a9s Backup Manager handling of queued tasks to avoid deadlocking the underlying process, which caused the backups to get stuck in queued state indefinitely.
  • a9s Backup Services: a9s Backup Manager: Prevent the deletion of valid WAL files when an older backup exists, thus ensuring proper restoration of said backup in a Service Instance with Continuous Archiving enabled.
  • a9s LogMe2: Improve communication reliability between Fluentd and OpenSearch.
  • a9s LogMe2: a9s DS API Gateway: Enable visualization of the OpenSearch Dashboards in the a9s Service Dashboard via the a9s Public API V1.
  • a9s MariaDB: Simplify the pre-start logic to improve the upgrade and the bootstraping of a new cluster.
  • docs: Application Developer: Add missing status codes to a9s Public API V1 endpoints. For more information, see a9s Public API - API V1 Endpoints.
  • docs: Application Developer: a9s Backup Manager: Update information about used OpenSSL versions for encryption and related limitations. For more information, see Known Issues for a9s Backup Manager.
  • docs: Platform Operator: Improve the color scheme of the release lifecycle table to use color-blind-friendly colors and add a downloadable link. For more information, see a9s Platform Operator - Sunrise Sunset.
  • docs: Platform Operator: Improve the documentation on how to do the CA rotation. For more information, see Certificate Rotation - CA Certificate Rotation.
  • docs: Platform Operator: all services: Update information about supported stemcells. For more information, see Stemcells.
  • docs: Platform Operator: a9s Backup Services: Move the a9s Backup Manager's workers documentation from the Properties page and into the a9s Backup Manager's page. For more information, see a9s Backup Manager - a9s Backup Worker.
  • docs: Platform Operator: a9s Backup Services: Restructure the "a9s Backup Service Properties" pages into a single source of truth. For more information, see a9s Backup Service Properties.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.866 for internal tests of all supported services.

Updated Dependencies

  • all services:
    • a9s Backup Agent: Update internal dependencies.
    • a9s BOSH Deployer: Update internal dependencies.
    • a9s DS API Gateway:
      • krakend-custom-plugins to v2.10.2.
      • krakend to v2.10.2.
    • nginx to v1.29.0.
    • routing to v0.342.0.
    • a9s Service Broker: Update internal dependencies.
    • a9s Smoke Tests: Update internal dependencies.
  • a9s-pg:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • a9s PostgreSQL 15: sqlite to v3.50.1.
  • a9s Backup Services: Update internal dependencies.
  • a9s Billing: Update internal dependencies.
  • a9s CF Service Guard: Update internal dependencies.
  • a9s Elasticsearch: a9s Elasticsearch SPI: Update dependencies.
  • a9s KeyValue:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • a9s KeyValue 8: valkey to v8.1.3.
  • a9s LogMe2:
    • a9s LogMe2:
      • opensearch to v2.19.3.
      • opensearch-dashboards to v2.19.3.
      • opensearch-plugin-repository-azure to v2.19.3.
      • opensearch-plugin-repository-s3 to v2.19.3.
    • a9s LogMe2 SPI: Update internal dependencies.
  • a9s MariaDB:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • a9s MariaDB 10.6: Galera 4-26.4.22.
    • a9s MariaDB 10.11: Galera 4-26.4.22.
  • a9s Messaging:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • a9s Messaging 3.13: erlang to v26.2.5.14.
    • a9s Messaging 4.0:
      • erlang to v26.2.5.14.
      • rabbitmq to v4.1.2.
  • a9s MongoDB: a9s Logstash: Logstash 8: logstash8 to v8.18.3.
  • a9s MongoDB:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • a9s MongoDB 7:
      • mongodb to v7.0.22.
      • mongosh to v2.5.6.
  • a9s MySQL: a9s MySQL SPI: Update internal dependencies.
  • a9s PostgreSQL:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • a9s PostgreSQL 13: sqlite to v3.50.1.
    • a9s PostgreSQL 15: sqlite to v3.50.1.
    • a9s PostgreSQL 17: sqlite to v3.50.1.
  • a9s Prometheus:
    • prometheus2:
      • blackbox_exporter to v0.27.0.
      • prometheus to v2.53.5.
    • prometheus-legacy:
      • blackbox_exporter to v0.27.0.
      • prometheus to v2.53.5.
      • jq to v1.8.1.
    • promgraf2:
      • blackbox_exporter to v0.27.0.
      • prometheus to v2.53.5.
      • jq to v1.8.1.
  • a9s Redis: a9s Redis 7: redis to v7.2.10.
  • a9s Search:
    • a9s Logstash: Logstash 8: logstash8 to v8.18.3.
    • opensearch to v2.19.3.
    • opensearch-dashboards to v2.19.3.
    • opensearch-plugin-repository-azure to v2.19.3.
    • opensearch-plugin-repository-s3 to v2.19.3.

Unsupported

  • breaking change all services: Ubuntu Bionic stemcell: End of Support: Terminate support for the following deprecated stemcell version:

    • Ubuntu Bionic stemcell: Ubuntu Bionic has been marked as end-of-life by their vendor since April 2023.

    We no longer provide support for this stemcell. The corresponding documentation has been removed. We strongly recommend migrating to a newer stemcell (Ubuntu Jammy).

    Although we will not intentionally break running Service Instances using this stemcell, it cannot be guaranteed that they still work as expected after an update to this release.

Removed

  • docs: Platform Operator: Remove outdated admonition from the "Stemcells" page. For more information, see Getting Started - Stemcells.
  • docs: Platform Operator: all services: Remove outdated information about upgrading stemcells to Ubuntu Jammy.
  • docs: Platform Operator: all services: Remove outdated Ubuntu Bionic templates.

Fixed

  • all services: a9s Backup Agent: Interrupt a restore or disaster recovery process when failing to download a file from an S3 backup store.
  • a9s Billing: Change the way the cf_billing_api_password password is set by using a BOSH variable as a credential property instead of dynamically generating it, to reduce the time it takes to deploy.
  • a9s MariaDB: Fix an issue in the bootstrap logic, when there is a need to sync a large amount of data between nodes, that would lead the State Snapshot Transfer(SST) to time out during the regular start, leaving the node in a failed state and requiring manual intervention.
  • a9s Service Dashboard: Fix the refreshing of restores in the UI during a backup restore and reload.
  • docs: all services: Fix broken anchors and links in both documentation paths.
  • docs: Application Developer: a9s KeyValue: Fix typos in the migrate_manual_dump_restore.rb script and add missing information in the a9s KeyValue migration documentation. For more information, see Service Instance Migration.
  • docs: Application Developer: a9s Redis: Fix typos in the migrate_manual_dump_restore.rb script and add missing information in the a9s Redis migration documentation. For more information, see Service Instance Migration.

Security

  • all services:
    • a9s Backup Agent: Fix CVEs:
      • CVE-2025-49794
      • CVE-2025-49795
      • CVE-2025-49796
      • CVE-2025-6021
      • CVE-2025-6170
    • a9s BOSH Deployer: Fix CVEs:
      • CVE-2025-49794
      • CVE-2025-49795
      • CVE-2025-49796
      • CVE-2025-6021
      • CVE-2025-6170
    • a9s Service Broker:
      • Fix basic auth bypass, which allowed for unrestricted access to the a9s Service Broker API to anyone who had direct network access to it.
      • Fix CVEs:
        • CVE-2025-49794
        • CVE-2025-49795
        • CVE-2025-49796
        • CVE-2025-6021
        • CVE-2025-6170
    • a9s Service Dashboard: Fix CVE: CVE-2025-7783
    • a9s Smoke Tests:
      • CVE-2025-49794
      • CVE-2025-49795
      • CVE-2025-49796
      • CVE-2025-6021
      • CVE-2025-6170
  • a9s-pg: a9s PostgreSQL 15: Fix CVE: CVE-2025-29087
  • a9s Backup Services:
    • a9s Backup Manager:
      • CVE-2025-49794
      • CVE-2025-49795
      • CVE-2025-49796
      • CVE-2025-6021
      • CVE-2025-6170
    • a9s Backup Monit:
      • CVE-2025-49794
      • CVE-2025-49795
      • CVE-2025-49796
      • CVE-2025-6021
      • CVE-2025-6170
  • a9s Billing: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-32414
    • CVE-2025-32415
    • CVE-2025-46727
    • CVE-2025-49794
    • CVE-2025-49795
    • CVE-2025-49796
    • CVE-2025-6021
    • CVE-2025-6170
  • a9s CF Service Guard:
    • Fix basic auth bypass, which allowed for unrestricted access to the a9s CF Service Guard API to anyone who had direct network access to it.
    • Fix CVEs:
      • CVE-2025-49794
      • CVE-2025-49795
      • CVE-2025-49796
      • CVE-2025-6021
      • CVE-2025-6170
  • a9s DS API Gateway:
    • CVE-2020-28483
  • a9s Elasticsearch: a9s Elasticsearch SPI:
    • CVE-2025-46727
    • CVE-2025-27610
    • CVE-2024-25126
    • CVE-2024-26141
    • CVE-2024-26146
  • a9s LogMe2: a9s LogMe2 SPI:
    • CVE-2025-46727
    • CVE-2025-27610
    • CVE-2024-25126
    • CVE-2024-26141
    • CVE-2024-26146
  • a9s MySQL: a9s MySQL SPI:
    • CVE-2025-46727
    • CVE-2025-27610
    • CVE-2024-25126
    • CVE-2024-26141
    • CVE-2024-26146
  • a9s PostgreSQL:
    • a9s PostgreSQL 13: Fix CVE: CVE-2025-29087
    • a9s PostgreSQL 15: Fix CVE: CVE-2025-29087
    • a9s PostgreSQL 17: Fix CVE: CVE-2025-29087

62.0.0

· 10 min read

Added

  • breaking change all services: Add Ops File disable-instance-recreate.yml to replace ops/allow-instance-recreate-via-dashboard.yml. This Ops File disables the corresponding endpoint in the a9s API v1 as well as the feature in the a9s Service Dashboard.
  • breaking change all services: Add Ops File disable-instance-restart.yml to replace ops/allow-instance-restart-via-dashboard.yml. This Ops File disables the corresponding endpoint in the a9s API v1 as well as the feature in the a9s Service Dashboard.
  • breaking change all services: Add Ops File disable-backup-download.yml to replace ops/disable-dashboard-backup-downloads.yml. This Ops File disables the corresponding endpoint in the a9s API v1 as well as the feature in the a9s Service Dashboard.
  • breaking change all services: a9s Smoke Tests: Rework framework of backup tests to improve robustness and observability, and update its configuration settings. For more information, see a9s Smoke Tests.
  • all services: a9s SSO Proxy: Add uaa_checkup_interval to configure the UAA polling rate. For more information, see a9s SSO Proxy.
  • a9s PostgreSQL: a9s Smoke Tests: Introduce point-in-time recovery(PITR) tests for currently supported versions.
  • docs: Application Developer: Add a dedicated page on how to access the a9s Public API. For more information, see a9s Public API - Accessing.
  • docs: Platform Operator: a9s SSO Proxy: Add the uaa_checkup_interval section on a9s SSO Proxy page. For more information, see a9s SSO Proxy BOSH properties.

Changed

  • breaking change all services: a9s Service Dashboard: The feature to Recreate a Service Instance is now enabled by default. If you want to disable this feature, you have to apply the Ops File disable-instance-recreate.yml.
  • breaking change all services: a9s Service Dashboard: The feature to Restart a Service Instance is now enabled by default. If you want to disable this feature, you have to apply the Ops File disable-instance-restart.yml.
  • breaking change all services: a9s Service Dashboard: Update the BOSH property names regarding the color theme customization of the a9s Service Dashboard. For more information, see Customize Color Theme.
  • breaking change all services: a9s Service Dashboard: Update the BOSH property names regarding the customization of the Disable Automatic Update Modal in the Updates page of the a9s Service Dashboard. For more information, see Allow to Block Automatic Updates.
  • breaking change all services: a9s SSO Proxy: Update the authorization mechanism of a9s Public API v1 endpoints to eliminate the use of cookies and redirects.
  • all services: a9s BOSH Deployer:
    • Update Rails to v7.2.
    • Update to the newest database field encryption method. After deploying the newest version, the migrate-deployer-encrypted-database-fields errand needs to be run for each Data Service.
    • The errand migrate-deployer-encrypted-database-fields is now part of the deployer-api instance group and therefore its dedicated instance group has been removed.
  • all services: a9s DS API Gateway: Adapt the KrakenD configuration to disable the endpoint to download a Service Instance's backup when the property platform.backup_download_allowed is set to false.
  • all services: a9s DS API Gateway: Adapt the KrakenD configuration to disable the endpoint to recreate a Service Instance when the property platform.recreate_allowed is set to false.
  • all services: a9s DS API Gateway: Adapt the KrakenD configuration to disable the endpoint to restart a Service Instance when the property platform.restart_allowed is set to false.
  • all services: a9s Service Broker: Remove anynines_service_broker.jobs.update_instances_locked_state_interval property in favor of the BOSH release's default, which is 60 seconds.
  • all services: a9s SSO Proxy: Adapt configuration to set a9s DS API Gateway target to localhost.
  • all services: a9s Service Dashboard: Set the minimum length for the backups' encryption key through the a9s Backup Manager instead of setting it in the a9s Service Dashboards configuration.
  • all services: a9s Template Uploader Errand: a9s MariaDB: Minor improvements to better support a9s Parachute 2.
  • a9s Backup Services: CF Disaster Recovery Plugin
    • Update internal go dependencies to the latest versions.
    • Update the internals of the plugin to use the a9s Public API V1 endpoints.
  • a9s Backup Services: a9s Backup Manager: Extend the restores endpoint response to include a metadata field containing the restored_from date. For more information, see API V1 Endpoints - List All Restores.
  • a9s MariaDB: Minor code improvements for the a9s Parachute 2 plugin.
  • a9s Messaging: Adapt the Ops file rabbitmq-enable-management-ui-as-route.yml to reflect the new configuration.
  • docs: Application Developer: Add a section on how to set the backup encryption key in the a9s Service Dashboard. For more information, see a9s Service Dashboard - Set a personal Backup Encryption Key.
  • docs: Application Developer: Add missing HTTP Status Code when updating the backups configuration via the a9s Public API. For more information, see a9s Service Dashboard - Update Backups Configuration.
  • docs: Application Developer: Restructure the content of the "API V1 Endpoints" page for better readability. For more information, see API V1 Endpoints.
  • docs: Application Developer: Restructure the a9s Public API section. For more information, see a9s Public API. For more information, see API V1 endpoints authorization.
  • docs: Application Developer: Update the download links of the CF Disaster Recovery Plugin to match the latest version. For more information, see Disaster Recovery - Downloading and Installing the a9s Cloud Foundry CLI Plugin.
  • docs: Application Developer: all services: Update the documentation of Public API v1 endpoints to remove the use of cookies and redirects from the authorization flow. For more information, see a9s Public API - Accessing.
  • docs: Platform Operator: Update Opensearch version on Release Lifecycle Table. For more information, see a9s Data Service Release Lifecycle Table.
  • docs: Platform Operator: Update the content about backup encryption keys in "Custom Backup Encryption Key". For more information, see Custom Backup Encryption Key.
  • docs: Platform Operator: a9s-pg: Update the documentation of a9s-pg to remove the usage of cookies and redirects from the backup recovery APIs. For more information, see a9s-pg manual logical backup recovery.
  • docs: Platform Operator: a9s LogMe2: Add a documentation page regarding the recovery of a9s LogMe 2 clusters. For more informations, see a9s LogMe2 Cluster Recovery
  • docs: Platform Operator: a9s Search: Add a documentation page regarding the recovery of a9s Search clusters. For more informations, see a9s LogMe2 Cluster Recovery
  • docs: Platform Operator: a9s Service Dashboard: Update the documentation page regarding the color theme customization of the a9s Service Dashboard to contain the new BOSH property names. For more information, see Customize Color Theme.
  • docs: Platform Operator: a9s Service Dashboard: Update the documentation page regarding the customization of the Disable Automatic Update Modal in the Updates page of the a9s Service Dashboard to contain the new BOSH property names. For more information, see Allow to Block Automatic Updates.
  • docs: Platform Operator: a9s Service Dashboard: Update the documentation page regarding the static navigation entries of the a9s Service Dashboard to reflect the new configuration. For more information, see Static Navigation Entries.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.829 for internal tests of all supported services.

Updated Dependencies

  • all services:
    • a9s DS API Gateway:
      • krakend-custom-plugins to v2.10.1.
      • krakend to v2.10.1.
    • routing to v0.340.0.
  • a9s-pg: a9s Logstash: Logstash 8: logstash8 to v8.18.2.
  • a9s KeyValue: a9s Logstash: Logstash 8: logstash8 to v8.18.2.
  • a9s MariaDB:
    • a9s Logstash: logstash8 to v8.18.2.
    • a9s MariaDB 10.11: MariaDB to v10.11.13.
  • a9s Messaging:
    • a9s Logstash: logstash8 to v8.18.2.
    • a9s Messaging 3.13: erlang to v26.2.5.13.
    • a9s Messaging 4.0:
      • erlang to v26.2.5.13.
      • rabbitmq to v4.1.1.
  • a9s MongoDB:
    • a9s Logstash: logstash8 to v8.18.2.
    • a9s MongoDB 7:
      • mongodb to v7.0.21.
      • mongosh to v2.5.2.
  • a9s PostgreSQL:
    • a9s Logstash: logstash8 to v8.18.2.
    • a9s PostgreSQL 13:
      • cmake3 to v3.31.8.
      • postgresql13 to v13.21.
    • a9s PostgreSQL 15: postgresql15 to v15.13.
    • a9s PostgreSQL 17: postgresql17 to v17.5.
  • a9s Prometheus:
    • prometheus2:
      • grafana to v10.4.19.
      • bosh_exporter to v3.7.1.
      • cadvisor to v0.53.0.
      • memcached_exporter to v0.15.3.
      • libxml2 to v2.14.3.
    • prometheus-legacy:
      • bosh_exporter to v3.7.1.
      • jq to v1.8.0.
      • memcached_exporter to v0.15.3.
      • cadvisor to v0.53.0.
      • libxml2 to v2.14.3.
    • promgraf2:
      • bosh_exporter to v3.7.1.
      • jq to v1.8.0.
      • memcached_exporter to v0.15.3.
      • cadvisor to v0.53.0.
      • libxml2 to v2.14.3.
  • a9s Search: a9s Logstash: logstash8 to v8.18.2.

Removed

  • breaking change all services: Remove Ops File ops/allow-instance-recreate-via-dashboard.yml in favor of disable-instance-recreate.yml.
  • breaking change all services: Remove Ops File ops/allow-instance-restart-via-dashboard.yml in favor of disable-instance-restart.yml.
  • breaking change all services: Remove Ops File ops/disable-dashboard-backup-downloads.yml in favor of disable-backup-download.yml.
  • breaking change all services: Remove Ops File ops/dashboard-app-min-key-length.yml in favor of backup-service-min-key-length.yml.
  • breaking change all services: a9s Smoke Tests: Remove without-graphite-tests.yml and with-graphite-tests.yml Ops files.
  • breaking change all services: a9s SSO Proxy: Remove token_expiration_time configuration, as it is no longer needed due to introduction of the uaa_checkup_interval property.
  • docs: Application Developer: Remove the "a9s Public API - API V0 Endpoints" page and all references to it.
  • docs: Application Developer: Remove non-existing anchors the from the "a9s Public API" section.
  • docs: Application Developer: Remove the obsolete service_guid field from sample response in a9s Public API section.
  • docs: Platform Operator: a9s Smoke Tests: Update the smoke-test errand configuration documentation. For more information, see a9s Smoke Tests
  • docs: Platform Operator: a9s SSO Proxy: Remove the token_expiration_time section from a9s SSO Proxy page and all references to it.

Fixed

  • all services: a9s Backup Agent: Fix retry logic for network errors when there is temporary network disturbance, to prevent backups from failing.
  • a9s Backup Services: a9s Backup Manager: Fix heartbeat logic, so that an initial heartbeat is set when creating a task in order to avoid stalling the task_handler after a parallel backup's wait time has been reached.
  • a9s LogMe2: Fix a logic issue that caused the OpenSearch readiness check to be stuck in an infinite loop in post-start script.
  • a9s PostgreSQL: Fix variable escaping so that the copy_from functionality allows the use of quotation marks in the database's name.
  • docs: Application Developer: Fix broken links to the a9s Public API section as well as broken anchors in it. For more information, see a9s Public API.
  • docs: Application Developer: a9s LogMe2: Fix the name of the custom parameters in a9s LogMe2 TLS documentation. For more information, see a9s LogMe2 TLS custom parameters.

Security

  • all services: a9s Service Dashboard: Fix CVE: CVE-2025-23166
  • a9s Prometheus: a9s Grafana: Fix CVEs:
    • CVE-2025-4123
    • CVE-2025-27113

Upcoming

  • a9s Messaging: End of Support: Terminate support, starting from anynines deployment v65.0.0 (expected end of September 2025), for the following deprecated a9s Data Service versions:

    • a9s Messaging 3.12: RabbitMQ 3.12 is end-of-life by their vendor since June 2024
    • a9s Messaging 3.13: RabbitMQ 3.13 is end-of-life by their vendor since Sept 2024

    The creation of new a9s Data Service Instances for these deprecated versions will be disabled by default in the a9s Data Service Bundle and we will not provide regular support for these versions. The corresponding documentation will also be removed. Although we will not intentionally break running Service Instances of these unsupported versions, it cannot be guaranteed that they still work as expected after an update to v65.0.0.

61.0.0

· 5 min read

Added

  • a9s MariaDB: a9s MariaDB SPI: Add a new custom parameter grant_performance_schema_permissions that grants the user the necessary permissions to access the performance_schema feature.
  • docs: Application Developer: a9s MariaDB: Extend the "Custom Parameter" page with information regarding the new parameter grant_performance_schema_permissions. For more information, see a9s MariaDB - Custom Parameters.
  • docs: Platform Operator: all services: Add missing ports between a9s Backup Manager and a9s Service Broker to the corresponding tables. For more information, see a9s Platform Required Ports.

Changed

  • all services: Adapt the prepare.sh script to not fail, when a9s-pg is not deployed.
  • all services: a9s Bee: Update internal go dependencies to the latest minor version.
  • all services: Update
    • bpm to v1.4.20.
    • nginx to v1.28.0.
    • routing to v0.338.0.
  • all services: a9s Service Broker:
    • Update Rails to v7.2.
    • Update to the newest database field encryption method. After deploying the newest version, the migrate-service-broker-encrypted-database-fields errand needs to be run for each Data Service.
    • The errand migrate-service-broker-encrypted-database-fields is now part of the broker instance group and therefore its dedicated instance group has been removed.
  • a9s-pg: a9s Logstash: Logstash 8: Update logstash8 to v8.18.1.
  • a9s Backup Manager:
    • Update ruby on rails to v7.2.
    • Update to the newest database field encryption method. After deploying the newest version, the migrate-backup-manager-encrypted-database-fields errand needs to be run.
    • The errand migrate-backup-manager-encrypted-database-fields is now part of the backup-manager instance group and therefore its dedicated instance group is removed.
  • a9s Billing:
    • Update Ruby to v3.4.1.
    • Add missing Consul job to the Add a9s Invoices Ops File to fix connection problems with a9s-pg.
    • Add missing bpm job to the grafana instance group of the Add Grafana Route Ops File to fix an issue with the route_registrar.
  • a9s CF Service Guard: Update Rails to v7.2.
  • a9s KeyValue: a9s Logstash: Logstash 8: Update logstash8 to v8.18.1.
  • a9s MariaDB: Update
    • a9s Logstash: logstash8 to v8.18.1.
    • MariaDB 10.6: MariaDB 10.6.22.
    • MariaDB 10.11: MariaDB 10.11.12
  • a9s Messaging: a9s Logstash: Update logstash8 to v8.18.1.
  • a9s MongoDB: Update
    • a9s Logstash:
      • logstash8 to v8.18.1.
    • a9s MongoDB 7:
      • mongodb to v7.0.20.
      • mongosh to v2.5.1.
  • a9s PostgreSQL: a9s Logstash: Update logstash8 to v8.18.1.
  • a9s Prometheus: Update
    • prometheus2:
      • grafana to v10.4.18.
      • bosh_exporter to v3.7.0
    • prometheus-legacy:
      • bosh_exporter to v3.7.0
    • promgraf2:
      • bosh_exporter to v3.7.0
  • a9s Redis: Update
    • a9s Redis 6:
      • redis to v6.2.18
    • a9s Redis 7:
      • redis to v7.2.8
  • a9s Search: a9s Logstash: Update logstash8 to v8.18.1.
  • docs: all services: Fix multiple links, typos, metadata issues and leftover anchors from the recent documentation restructuring.
  • docs: all services: Update all the a9s Data Services logos across all affected index pages to the new style.
  • docs: Application Developer: a9s Prometheus: Fix cross-reference links between the "a9s Prometheus - Service Instance Access" page and the "Grafana Dashboard" page. For more information, see a9s Prometheus - Grapahana Dashboard.
  • docs: Application Developer: a9s Search: Rename misleading id in the "a9s Search - Service Instance Access" page's metadata. For more information, see a9s Search - Service Instance Access.
  • docs: Platform Operator: Update the EOL in Vendor column. For more information, see a9s Platform Operator - Sunrise Sunset.
  • docs: Platform Operator: all services: Fix erroneous a9s Billing Command in "Getting Started" section. For more information, see a9s Data Services Installation - 12. Deploy a9s Billing (optional).
  • docs: Platform Operator: a9s PostgreSQL: Add instructions on how to handle unarchived WAL files after a cluster, with Continuous Archiving enabled, crashes. For more information, see a9s PostgreSQL - Cluster Recovery.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.824 for internal tests of all supported services.

Removed

  • a9s Prometheus: Remove PostgresDatabaseSize alert as it, due to its misconfiguration, was triggered based on a global threshold for all Service Plans, which can cause premature alerts on Service Instances with large disks.

Security

  • all services: a9s Backup Agent: Fix CVEs:
    • CVE-2025-46727
    • CVE-2025-32414
    • CVE-2025-32415
  • all services: a9s BOSH Deployer: Fix CVEs:
    • CVE-2025-32414
    • CVE-2025-32415
  • all services: a9s Service Broker: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
    • CVE-2025-46727
    • CVE-2025-32414
    • CVE-2025-32415
    • CVE-2025-24855
    • CVE-2024-55549
  • all services: a9s Smoke Tests: Fix CVEs:
    • CVE-2025-22869
    • CVE-2025-46727
  • all services: a9s Deployment Updater: Fix CVE: CVE-2025-46727
  • all services: a9s SSO Proxy: Fix CVE: CVE-2025-46727
  • all services: a9s Bee: Fix CVE: CVE-2025-22869
  • all services: a9s CF Service Guard: Fix CVEs:
    • CVE-2025-46727
    • CVE-2025-32414
    • CVE-2025-32415
  • a9s-pg: Fix CVE: CVE-2025-22869
  • a9s Backup Services:
    • a9s Backup Monit: Fix CVEs:
      • CVE-2025-46727
      • CVE-2025-32414
      • CVE-2025-32415
    • a9s Backup Manager: Fix CVEs:
      • CVE-2025-46727
      • CVE-2025-32414
      • CVE-2025-32415
  • a9s Billing: Fix CVEs:
    • CVE-2024-55549
    • CVE-2025-24855
  • a9s KeyValue: a9s KeyValue SPI: Fix CVE: CVE-2025-46727
  • a9s LogMe2: a9s LogMe2 SPI: Fix CVE: CVE-2025-46727
  • a9s MariaDB:
    • a9s MariaDB 10.11: Fix CVE: CVE-2025-22869
    • a9s MariaDB 10.6: Fix CVE: CVE-2025-22869
    • a9s MariaDB SPI: Fix CVE: CVE-2025-46727
  • a9s Messaging: a9s Messaging SPI: Fix CVE: CVE-2025-46727
  • a9s MongoDB: a9s MongoDB SPI: Fix CVE: CVE-2025-46727
  • a9s PostgreSQL: a9s PostgreSQL SPI: Fix CVE: CVE-2025-46727
  • a9s Prometheus: a9s Prometheus SPI: Fix CVE: CVE-2025-46727
  • a9s Redis:
    • a9s Redis SPI: Fix CVE: CVE-2025-46727
    • a9s Redis 7: Fix CVE: CVE-2025-21605
  • a9s Search: a9s Search SPI: Fix CVE: CVE-2025-46727

60.0.0

· 5 min read

Added

  • all services: a9s Template Uploader Errand: Replace Logstash6 with Logstash8 in the a9s MariaDB templates.
  • docs: Application Developer: all services: Add list of a9s Data Services that require the legacy syslog custom parameter. For more information, see Set Up Monitoring - Add a Syslog Endpoint.
  • docs: Platform Operator: Add a page to detail concerns regarding scalability with a9s Consul, particularly with the amount of Consul client agents, as well as the recommended actions for such cases. For more information, see a9s Consul - Known Issues.
  • docs: Platform Operator: all services: Update the "Prepare Environment" section to reflect the latest changes of the prepare.sh script. For more information, see Prepare Environment.

Changed

  • breaking change all services: a9s Smoke Tests: Change Graphite metrics tests to no longer depend on an external Prometheus Service Instance.
  • breaking change a9s-pg: Modify the manifest of a9s-pg to use a9s PostgreSQL 15 by default. It requires the manual upgrade of a9s-pg from a9s PostgreSQL 11 to a9s PostgreSQL 15, if not already executed. Otherwise, the update to anynines-deployment v60.0.0 will be aborted automatically, as a forced and unattended update of a9s-pg could lead to misbehavior and data loss. The necessary steps to upgrade a9s-pg are described in our documentation.
  • all services: Update
    • bpm to v1.4.17.
    • nginx to v1.27.5.
    • routing to v0.334.0.
  • all services: a9s DS API Gateway: Update
    • krakend-custom-plugins to v2.9.4.
    • krakend to v2.9.4.
  • a9s-pg: a9s Logstash: Logstash 8: Update logstash8 to v8.17.4.
  • a9s KeyValue:
    • a9s Logstash: Logstash 8: Update logstash8 to v8.17.4.
    • a9s KeyValue 8: Update valkey to v8.1.0.
  • a9s MariaDB: a9s Logstash: Logstash 8: Update logstash8 to v8.17.4.
  • a9s Messaging:
    • a9s Logstash: Update logstash8 to v8.17.4.
    • a9s Messaging 3.12: Update erlang to v25.3.2.20.
    • a9s Messaging 3.13: Update erlang to v26.2.5.11.
    • a9s Messaging 4.0: Update
      • erlang to v26.2.5.11.
      • rabbitmq to v4.1.0.
  • a9s MongoDB: a9s Logstash:
    • Logstash 8:
      • Update logstash8 to v8.17.4.
    • a9s MongoDB 7:
      • Update mongodb to v7.0.18.
      • Update mongosh to v2.5.0.
  • a9s PostgreSQL:
    • a9s Logstash: Logstash 8:
      • Update logstash8 to v8.17.4.
    • a9s PostgreSQL 13:
      • Update cmake3 v3.31.7.
  • a9s Prometheus: a9s Prometheus SPI: Update dependencies.
  • a9s Search: a9s Logstash: Logstash 8: Update logstash8 to v8.17.4.
  • docs: Application Developer: a9s PostgreSQL: Add missing information regarding Forking via Disaster Recovery feature. For more information, see a9s PostgreSQL Forking & Migration.
  • docs: Platform Operator: Extend the certificate rotation admonition of the TLS Encryption documentation to urge the Platform Operator to rotate and clean up before the certificates expire. For more information, see TLS Encryption.
  • docs: Platform Operator: Update ports used by a9s Smoke Tests. For more information, see a9s Platform Required Ports.
  • docs: Platform Operator: a9s-pg: Update the documentation of a9s-pg to set a9s PostgreSQL 15 as the new default.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.822 for internal tests of all supported services.

Unsupported

  • a9s-pg: End of Support: Terminate support for the a9s Data Service Framework Component a9s-pg using a9s PostgreSQL 11, as PostgreSQL 11 has been marked as end-of-life by their vendor since November 2023.

    The a9s-pg Data Service Framework Component needs to be upgraded to use a9s PostgreSQL v15 before the update to anynines-deployment v60.0.0 can be done. The necessary steps to upgrade a9s-pg are described in our documentation.

    Important: Please note that an attempt to upgrade to anynines-deployment v60.0.0 will be aborted automatically if a9s-pg is still using a9s PostgreSQL v11, as a forced and unattended update of a9s-pg could lead to misbehavior and data loss.

  • a9s MongoDB: End of Support: Terminate support for the following deprecated a9s Data Service version:

    • a9s MongoDB 5: MongoDB 5 has been marked as end-of-life by their vendor since October 2024.

    The creation of new a9s Data Service Instances for this deprecated version is now disabled by default in the a9s Data Service Bundle, and we no longer provide regular support for this version. The corresponding documentation has been removed.

    Although we will not intentionally break running Service Instances of this unsupported version, it cannot be guaranteed that they still work as expected after an update to this release.

Removed

  • docs: all services: Remove outdated information about a9s MongoDB 5 within the scope of unsupporting a9s MongoDB 5.

Fixed

  • a9s Backup Services: a9s Backup Manager: Fix the population of the msg field for BackupAgentTask, to ensure the error messages do not return as nil.

Upcoming

  • all services: Ubuntu Bionic stemcell: End of Support: Terminate support, starting from anynines deployment v63.0.0 (expected end of July 2025), for the following deprecated Stemcell version:

    • Ubuntu Bionic Stemcell: Ubuntu Bionic has been marked as end-of-life by their vendor since April 2023.

    The creation of new a9s Data Service Instances for this deprecated version will be disabled by default in the a9s Data Service Bundle, and we will not provide regular support for this stemcell anymore. The corresponding documentation will also be removed. We strongly recommend migrating to a newer Stemcell (Jammy).

    Although we will not intentionally break running Service Instances using this stemcell, it cannot be guaranteed that they still work as expected after an update to v63.0.0.

59.0.0

· 13 min read

Added

  • breaking change a9s PostgreSQL: We consider PostgreSQL 17 as stable now. You have to set the following properties:
    • postgresql_service.services.a9s-postgresql17.name
    • postgresql_service.services.a9s-postgresql17.guid
    • postgresql_service.services.a9s-postgresql17.description
    • postgresql_service.services.a9s-postgresql17.label
    • postgresql_service.services.a9s-postgresql17.version
    • postgresql_service.services.a9s-postgresql17.bindable
    • postgresql_service.services.a9s-postgresql17.requires
    • postgresql_service.services.a9s-postgresql17.tags
    • postgresql_service.services.a9s-postgresql17.documentation_url
    • postgresql_service.services.a9s-postgresql17.metadata
    • postgresql_service.services.a9s-postgresql17.dashboard_client.id
    • postgresql_service.services.a9s-postgresql17.plans-to-test
    • postgresql_service.services.a9s-postgresql17.planupdates-to-test
  • all services: a9s Bee: Add NGINX as reverse proxy in front of a9s Bee to handle handle TLS termination in the future.
  • all services: a9s BOSH Deployer: Add NGINX as reverse proxy in front of a9s BOSH Deployer to handle TLS termination.
  • all services: a9s Service Broker: Add NGINX as reverse proxy in front of a9s Service Broker to handle TLS termination.
  • all services: a9s SPIs: Add NGINX as reverse proxy in front of a9s SPIs to handle TLS termination.
  • a9s Backup Services: a9s Backup Manager: Extend the response of the Public API v1 endpoint list_backups to return the backup_id, which can be used to specify a backup to restore from, via the Disaster Recovery API or CF Plugin.
  • a9s Backup Services: a9s Backup Manager: Update dependencies.
  • a9s CF Service Guard: Add NGINX as reverse proxy in front of a9s CF Service Guard to handle TLS termination.
  • a9s MariaDB: a9s MariaDB SPI: Introduce reconcile logic to update the value of the default_database attribute in the a9s Service Broker database after restoring an external backup. This enables the Disaster Recovery feature.
  • a9s Prometheus: Introduce a static landing page for the dashboard URL, providing quick access to the following web UIs: Alert Manager, Grafana, and Prometheus.
  • docs: Application Developer: Add a page detailing how Data Service Forking via the Disaster Recovery funcionality works, as there are small but critical differences between them. For more information, see Forking a Service Instancce.
  • docs: Application Developer: all services: Add a "Getting Started" section to host the common functionality from across the a9s Data Services documents. For more information, see Getting Started.
  • docs: Platform Operator: all services: Add a "Getting Started" section to host the overall installation of the a9s Data Services and its framework. For more information, see Getting Started.
  • docs: Platform Operator: a9s PostgreSQL: Add a9s PostgreSQL 17 as a9s General Availability. For more information, see a9s Platform Operator Sunrise Sunset.
  • docs: Platform Operator: a9s PostgreSQL: Add information about the wal_receivers parameter. For more information, see Cluster Status - Status Script.

Changed

  • all services: Extract the renaming of the a9s Service Broker endpoint for the a9s Service DashboardRefactor from the ops/rename-service-deployment.yml Ops file into the dedicated ops/dashboard-rename-broker-endpoint.yml.
  • all services:
    • a9s DS API Gateway:
      • Update KrakenD to v2.9.3.
      • Update krakend-custom-plugins to v2.9.3.
    • Update bpm to v1.4.16.
    • Update routing to v0.331.0.
  • all services: a9s Backup Agent: Update Ruby to v3.4.1.
  • all services: a9s Backup Agent: Extend the support for special characters when setting the backup encryption key via the a9s Dashboard or the a9s Public API v1.
  • all services: a9s Bee: Change the bind_address property to listen only on localhost, following the introduction of NGINX as reverse proxy in front of it.
  • all services: a9s BOSH Deployer: Update Ruby to v3.4.1.
  • all services: a9s BOSH Deployer: Change the bind_address property to listen only on localhost, following the introduction of NGINX as reverse proxy in front of it.
  • all services: a9s CF Service Guard: Update Ruby to v3.4.1.
  • all services: a9s Deployment Updater Errand: Update Ruby to v3.4.1.
  • all services: a9s Logstash: Logstash 6: Update Ruby to v3.4.1.
  • all services: a9s Service Broker: Update Ruby to v3.4.1.
  • all services: a9s Service Broker: Change the bind_address property to listen only on localhost, following the introduction of NGINX as reverse proxy in front of it.
  • all services: a9s SSO Proxy: Update Ruby to v3.4.1.
  • all services: a9s Smoke Tests: Update Ruby to v3.4.1.
  • all services: a9s SPIs: Change the bind_address property to listen only on localhost, following the introduction of NGINX as reverse proxy in front of them.
  • all services: a9s SPIs: Update dependencies.
  • all services: a9s Template Uploader Errand: Replace Logstash6 with Logstash8 in the a9s MongoDB templates.
  • all services: a9s Template Uploader Errand: Update Ruby to v3.4.1.
  • a9s-pg: a9s Logstash:
    • Logstash 8:
      • Update logstash8 to v8.17.3.
      • Update Ruby to v3.4.1.
  • a9s Backup Services: a9s Backup Manager: Update Ruby to v3.4.1.
  • a9s Backup Services: a9s Backup Monit: Update Ruby to v3.4.1.
  • a9s Backup Services: a9s Backup Monit: Change the bind_address property to listen only on localhost, following the introduction of NGINX as reverse proxy in front of it, and adapt the related Logstash configuration accordingly.
  • a9s Backup Services: a9s Backup Monit: Update a9s Backup Manager related configuration to use the TLS encrypted port for communication.
  • a9s CF Service Guard: Change the bind_address property to listen only on localhost, following the introduction of NGINX as reverse proxy in front of it.
  • a9s KeyValue: a9s Logstash:
    • Logstash 8:
      • Update logstash8 to v8.17.3.
      • Update Ruby to v3.4.1.
  • a9s LogMe2:
    • Fluentd:
      • Update Ruby to v3.4.1.
  • a9s MariaDB:
    • MariaDB 10.6: Update Ruby to v3.4.1.
    • MariaDB 10.11: Update Ruby to v3.4.1.
  • a9s Messaging:
    • a9s Logstash:
      • Logstash 8:
        • Update logstash8 to v8.17.3.
        • Update Ruby to v3.4.1.
    • a9s Messaging 4: Update rabbitmq to v4.0.7.
  • a9s MongoDB: Replace Logstash6 with Logstash8.
  • a9s MongoDB:
    • a9s MongoDB 7: Update mongosh to v2.4.2.
  • a9s PostgreSQL:
    • a9s Logstash:
      • Logstash 8:
        • Update logstash8 to v8.17.3.
        • Update Ruby to v3.4.1.
    • a9s PostgreSQL SPI: Update rack to v3.1.12.
    • a9s PostgreSQL 17: Update PostgreSQL to v17.4.
    • a9s PostgreSQL 13: Update PostgreSQL to v3.13.0.
  • a9s Prometheus:
    • prometheus2: Update
      • alertmanager to v0.28.1.
      • blackbox_exporter to v0.26.0.
      • cadvisor to v0.52.1.
      • elasticsearch_exporter to v1.9.0.
      • mysqld_exporter to v0.17.2.
      • postgres_exporter to v0.17.1.
      • prometheus to v2.53.4.
    • prometheus-legacy: Update
      • alertmanager to v0.28.1.
      • blackbox_exporter to v0.26.0.
      • cadvisor to v0.52.1.
      • elasticsearch_exporter to v1.9.0.
      • mysqld_exporter to v0.17.2.
      • postgres_exporter to v0.17.1.
      • prometheus to v2.53.4.
    • promgraf2: Update
      • alertmanager to v0.28.1.
      • blackbox_exporter to v0.26.0.
      • cadvisor to v0.52.1.
      • elasticsearch_exporter to v1.9.0.
      • mysqld_exporter to v0.17.2.
      • postgres_exporter to v0.17.1.
      • prometheus to v2.53.4.
  • a9s Redis: a9s Redis SPI: Update Ruby to v3.4.1.
  • a9s Search: a9s Logstash:
    • Logstash 8: Update
      • logstash8 to v8.17.3.
      • opensearch2 to v2.24.0.
      • Ruby to v3.4.1.
  • docs: Application Developer: Add a9s MariaDB to the list of Data Services that support the Disaster Recovery feature. For more information, see Disaster Recovery.
  • docs: Application Developer: Add backup_id property description to the list_backup endpoint of the Public API V1 with examples of the response. For more information, see API V1 Endpoints - List All Backups.
  • docs: Application Developer: all services: Restructure overall layout and provide more granularity to each a9s Data Services section. For more information, see Application Developer.
  • docs: Application Developer: a9s KeyValue: Reorganize the Custom Parameters page into topics rather than using the parameters themselves as sections. For more information, see Custom Parameters.
  • docs: Application Developer: a9s PostgreSQL: Improve the information regarding a9s PostgreSQL migration caveats.
  • docs: Application Developer: a9s Prometheus: Add information about the newly added index page that enables easier access to the Service Instance's dashboards. For more information, see Service Instance Access.
  • docs: Platform Operator: Add a9s MariaDB to the list of Data Services that support the Disaster Recovery feature. For more information, see Disaster Recovery.
  • docs: Platform Operator: Extend the TLS Encryption with a list of the certificates in use, and a detailed overview of the different use cases for certificate rotation. For more information, see TLS Encryption.
  • docs: Platform Operator: all services: Extend the "Block Automatic Updates" documentation by cross-referencing the individual pages in the a9s Service Broker and a9s Service Dashboard sections. For more information, see a9s Service Broker - Block Automatic Updates and a9s Service Dashboard - Allow Automatic Updates.
  • docs: Platform Operator: all services: Restructure overall layout and provide more granularity to all major components and the general configuration of the a9s Data Services. For more information, see Platform Operator.
  • docs: Platform Operator: a9s Backup Monit: Add link to the Retention Policy section in the a9s Backup Manager Metrics. For more information, see Retention Policy.
  • docs: Platform Operator: a9s Backup Services: Improve the Retention Policy section by adding information about the backup deletion process, fixing typos, and restructuring the section. For more information, see Retention Policy.
  • docs: Platform Operator: a9s PostgreSQL: Add information about resource requirements in face of piled-up WAL files. For more information, see a9s PostgreSQL - Resource Considerations.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.785 for internal tests of all supported services.

Deprecated

  • a9s Messaging: Deprecation: Deprecate the following a9s Data Service versions:

    • a9s Messaging 3.12: RabbitMQ 3.12 is end-of-life by their vendor since June 2024
    • a9s Messaging 3.13: RabbitMQ 3.13 is end-of-life by their vendor since Sept 2024

    Please ensure that you organize the migration of your existing Service Instances to a more up-to-date version of the same a9s Data Service:

    • for a9s Messaging 3.12: a9s Messaging 4.0 is available as GA version.
    • for a9s Messaging 3.13: a9s Messaging 4.0 is available as GA version.

    This deprecation follows the announcement in v56.0.0. The deprecation phase is planned to last until v62.0.0 (expected end of June 2024), in which the unsupport phase of the deprecated versions will start. The creation of new a9s Data Service Instances for these particular versions will then be disabled by default in the a9s Data Service Bundle and we will not provide regular support for these versions. The corresponding documentation will also be removed. Therefore, we strongly recommend that you start your migrations to a supported GA version as soon as possible and complete them until the end of the deprecation phase. For more information see a9s Platform Operator - Sunrise Sunset.

    To inquire about extended support for a deprecated version, please get in contact with our sales department at sales@anynines.com.

Unsupported

  • a9s MySQL: End of Support: Terminate support for the following deprecated a9s Data Service version:

    • a9s MySQL 10.4: MariaDB 10.4 is end-of-life by their vendor since June 2024

    The creation of new a9s Data Service Instances for this deprecated version is now disabled by default in the a9s Data Service Bundle and we no longer provide regular support for this version. The corresponding documentation has been removed.

    Although we will not intentionally break running Service Instances of this unsupported version, it cannot be guaranteed that they still work as expected after an update to this release.

Removed

  • docs: all services: Remove outdated information about a9s MySQL within the scope of unsupporting a9s MySQL.

Fixed

  • a9s-pg: a9s PostgreSQL 15: Fix race condition in the a9s PostgreSQL Info Webservice Switchover, where during the switchover operation, the checkpoint LSN location would change while a9s PostgreSQL Info Webservice is executing the election to promote a new node to primary. This could cause an extended downtime during the deployment update and could even lead, in some situations, to an unhealthy cluster after a failover.
  • a9s-pg: a9s PostgreSQL: Fix race condition between the a9s PostgreSQL Info Webservice Failover Monitor and repmgrd, where during a repmgrd failover that could make repmgrd lose track of the correct view cluster sometimes led to a broken cluster with a standby that is not able to follow the new primary.
  • a9s PostgreSQL: a9s PostgreSQL 17: Fix the issue where, during the failover, the checkpoint LSN location would change while repmgrd is executing the election to promote a new node to primary, this could cause an extended downtime during the deployment update, and could even lead, in some situations, to an unhealthy cluster after a failover. This is fixed by enabling repmgr's standby_disconnect_on_failover configuration property.
  • a9s PostgreSQL: a9s Logstash: Fix connection initialization logic causing the Logstash process in a9s PostgreSQL Service Instances to fail during upgrades from single Service Instances to cluster Service Instances. This issue prevented instances from being marked healthy from the director, and occurred during the time in which the replica nodes synchronize with the primary node in the cluster.
  • a9s PostgreSQL: Fix race condition between the a9s PostgreSQL Info Webservice Failover Monitor and repmgrd, where a repmgrd failover could cause repmgrd to lose track of the correct view of the cluster, potentially led to a broken cluster with a standby that is not able to follow the new primary.
  • a9s PostgreSQL: Fix race condition in the a9s PostgreSQL Info Webservice Switchover, where during the switchover operation, the checkpoint LSN location would change while a9s PostgreSQL Info Webservice is executing the election to promote a new node to primary. This could cause an extended downtime during the deployment update and could even lead, in some situations, to an unhealthy cluster after a failover.
  • docs: Application Developer: all services: Fix recurring typos across all the a9s Data Services' index pages.

Security

  • all services: a9s Backup Agent: Fix CVEs:
    • CVE-2024-56171
    • CVE-2025-24928
    • CVE-2025-27610
    • CVE-2025-27788
  • all services: a9s BOSH Deployer: Fix CVEs:
    • CVE-2024-56171
    • CVE-2025-24928
    • CVE-2025-27788
  • all services: a9s CF Service Guard: Fix CVEs:
    • CVE-2024-56171
    • CVE-2025-24928
    • CVE-2025-27610
  • all services: a9s Deployment Updater:
    • CVE-2025-27788
  • all services: a9s Service Broker: Fix CVEs:
    • CVE-2024-56171
    • CVE-2025-24928
  • all services: a9s Smoke-Tests: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • all services: a9s SSO Proxy: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s Backup Services: a9s Backup Monit: Fix CVEs:
    • CVE-2024-56171
    • CVE-2025-24928
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s Backup Services: a9s Backup Manager: Fix CVEs:
    • CVE-2025-27788
    • CVE-2025-27610
  • a9s Billing: Fix CVEs:
    • CVE-2024-56171
    • CVE-2025-24928
  • a9s KeyValue: a9s KeyValue SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s LogMe2: a9s LogMe2 SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s MariaDB: a9s MariaDB SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s Messaging: a9s Messaging SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s MongoDB: a9s MongoDB SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s PostgreSQL: a9s PostgreSQL SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27111
    • CVE-2025-25184
  • a9s Prometheus: a9s Prometheus SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s Redis: a9s Redis SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788
  • a9s Search: a9s Search SPI: Fix CVEs:
    • CVE-2025-27610
    • CVE-2025-27788

58.0.0

· 6 min read

Added

  • all services: a9s Deployment Updater Errand: Add a new property to allow the configuration of the amount of retries when a Service Instance's update is blocked due to already running operations. For more information, see a9s Deployment Updater - Properties.
  • all services: a9s Service Broker: Ensure that a Service Instance has no running backup or restore actions when starting an update for said Service Instance. For more information, see a9s Service Broker - Update a Service Instance.
  • a9s MongoDB: a9s MongoDB SPI: Add new custom parameter set_stream_parameters that allows the user to configure the cluster parameters. The only supported cluster parameter is changeStreamOptions.preAndPostImages.expireAfterSeconds. For more information, see Using a9s MongoDB - MongoDB Custom Parameters.
  • docs: Platform Operator: a9s KeyValue: Add missing Valkey-Sentinel port to the list of required ports. For more information, see a9s Platform Required Ports.
  • docs: Platform Operator: a9s Redis®*: Add missing table for the required ports of a9s Redis®. For more information, see a9s Platform Required Ports - a9s-redis7-instance.
  • docs: Platform Operator: a9s Redis®: Add the Redis®-Sentinel port to the list of required ports. For more information, see a9s Platform Required Ports.
  • INTERNAL RELEASE a9s Backup Services: a9s Backup Manager: Add a new API endpoint that allows the a9s Service Broker to verify if any of its Service Instances is currently running a backup or restore action.

Changed

  • all services:
    • BPM to v1.4.15.
    • routing to v0.330.0.
  • all services: a9s Logstash: a9s Logstash 8: Update Logstash to v8.17.1.
  • all services: a9s Service Dashboard: Update NodeJS to v22.13.1.
  • all services: a9s SSO Proxy: Update
    • NGINX to v1.27.4.
    • PCRE2 to v10.45.
  • all services: a9s Deployment Updater Errand: Update Ruby to v3.4.1.
  • all services: a9s Service Broker: Update Ruby to v3.4.1.
  • a9s-pg: Improve cleanup after in-place major upgrade.
  • consul-dns: Dnsmasq: Update Ruby to v3.4.1.
  • a9s Backup Services: a9s Backup Manager: Extend list of the logs' allowed keys to facilitate analysis.
  • a9s Backup Services: a9s Backup Manager: Update Ruby to v3.4.1.
  • a9s Elasticsearch: a9s Elasticsearch SPI: Update Ruby to v3.4.1.
  • a9s KeyValue: a9s KeyValue SPI: Update Ruby to v3.4.1.
  • a9s LogMe: a9s LogMe SPI: Update Ruby to v3.4.1.
  • a9s LogMe2: a9s LogMe2 SPI: Update Ruby to v3.4.1.
  • a9s MariaDB:
    • a9s MariaDB 10.11: Update mariadb to v10.11.11.
    • a9s MariaDB 10.6: Update mariadb to v10.6.21.
    • a9s MariaDB SPI: Update Ruby to version 3.4.1.
  • a9s Messaging:
    • a9s Messaging 3.12: Update erlang to v25.3.2.18.
    • a9s Messaging 3.13: Update erlang to v26.2.5.9.
    • a9s Messaging 4.0: Update
      • erlang to v26.2.5.9.
      • rabbitmq to v4.0.6.
    • a9s Messaging SPI: Update Ruby to version 3.4.1.
  • a9s MongoDB:
    • a9s MongoDB 5: Update mongosh to v5.0.31.
    • a9s MongoDB 7: Update mongosh to v2.4.0.
    • a9s MongoDB SPI: Update Ruby to version 3.4.1.
  • a9s MySQL: a9s MySQL SPI: Update Ruby to version 3.4.1.
  • a9s PostgreSQL:
    • a9s PostgreSQL 13: Update
      • cmake to v3.31.5.
      • PostgreSQL to v13.20.
    • a9s PostgreSQL 15: Update PostgreSQL to v15.12.
    • a9s postgreSQL 17: Update PostgreSQL to v17.3.
    • a9s PostgreSQL SPI: Update Ruby to version 3.4.1.
  • a9s Prometheus:
    • a9s Prometheus SPI: Update Ruby to version 3.4.1.
    • prometheus-legacy: Update
      • mysqld_exporter to v0.17.1.
      • postgres_exporter to v0.17.0.
      • stackdriver_exporter to v0.18.0.
    • prometheus2: Update
      • grafana to v10.4.16.
      • mysqld_exporter to v0.17.1.
      • postgres_exporter to v0.17.0.
      • stackdriver_exporter to v0.18.0.
    • promgraf2: Update
      • mysqld_exporter to v0.17.1.
      • postgres_exporter to v0.17.0.
      • stackdriver_exporter to v0.18.0.
  • a9s Search: a9s Search SPI: Update Ruby to version 3.4.1.
  • docs: Platform Operator: a9s MongoDB: Extend the Custom Parameter documentation with information regarding the new parameter set_cluster_parameter. For more information, see Default Custom Parameter Configuration.
  • docs: Platform Operator: Update the Vendor DS Version. For more information, see a9s Platform Operator - Sunrise Sunset.
  • BOSH stemcell: all services: Update Jammy stemcell to version 1.737 for internal tests of all supported services.

Removed

  • docs: Platform Operator: all services: Remove obsolete memory limit threshold documentation.

Fixed

  • all services: a9s Backup Agent: Fix issue with a9s LogMe2 and a9s Search where the a9s Backup Agent could not connect to the underlying OpenSearch because the leaf certificate could not be verified when a certificate chain with intermediate certificates was used.
  • a9s-pg: Fix the handling of the version lock directory, where after the upgrade from a9s PostgreSQL 11 to a9s PostgreSQL 15 the previous version lock directory (/var/vcap/store/postgresql11-locks) would be kept. This directory is now properely removed.
  • a9s-pg: a9s PostgreSQL 15: Fix the issue where, during the failover, the checkpoint LSN location would change while the repmgrd is executing the election to promote a new node to primary, this could cause an extended downtime during the deployment update, and could even lead in some situations to an unhealthy cluster after a failover. This is fixed by enabling the repmgr standby_disconnect_on_failover configuration property.
  • a9s PostgreSQL: a9s PostgreSQL 15: Fix the issue where, during the failover, the checkpoint LSN location would change while the repmgrd is executing the election to promote a new node to primary, this could cause an extended downtime during the deployment update, and could even lead in some situations to an unhealthy cluster after a failover. This is fixed by enabling the repmgr standby_disconnect_on_failover configuration property.
  • docs: all services: Fix admonitions, internal guidelines non-conformities, and typos across all documentation pages.

Security

  • all services: a9s Service Dashboard: Fix CVEs:
    • CVE-2025-1094
    • CVE-2025-23083
    • CVE-2025-23084
    • CVE-2025-23085
  • a9s-pg: a9s PostgreSQL 15: Give SUPERUSER privileges to the role used by repmgrd to ensure that, during an failover, the cluster is not led to an unhealthy state. For more information, see the Fixed section of this CHANGELOG.
  • a9s PostgreSQL: a9s PostgreSQL 15: Give SUPERUSER privileges to the role used by repmgrd to ensure that, during an failover, the cluster is not led to an unhealthy state. For more information, see the Fixed section of this CHANGELOG.