Skip to main content

32.0.0

· 7 min read

Fixed

  • all services: a9s Dashboard: Fix link url when using 'Disable Automatic Update Modal' dialog.
  • a9s-pg: Fix PostgreSQL network relocation that would fail during pre-start and would break the update in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s-pg: Fix drain script that would fail to execute when the start-up lock dir does not exist, causing a stop operation to fail.
  • a9s Backup Manager: Adjust the ops file backup-on-alicloud.yml to remove the configuration for a9s Search service.
  • a9s Backup Manager: Adjust the ops file backup-on-generic-s3.yml to remove the configuration for a9s Search service.
  • a9s Service Guard: Fix an issue when the created security groups are not applied to the diego-cells and therefore connections between the app and the service instance were still blocked. This was caused because Cloud Foundry is moving away from CC API v2 to CC API v3. As a result, some operations are executed only against CC API v2 are not working as expected. Now operations regarding security groups also support CC API v3. You can choose the version of the API via the a9s Service Guard property cf_service_guard.cloud_foundry.api_version. The default is v3.
  • a9s PostgreSQL: Fix PostgreSQL network relocation that would fail during pre-start and would break the update in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s PostgreSQL: Fix drain script that would fail to execute when the start-up lock dir does not exist, causing a stop operation to fail.
  • a9s Messaging: SPI: Fix binding to include Stomp and MQTT information.
  • a9s Messaging: SPI: Fix Subject Alternative Names for RabbitMQ Management UI when using SSL Plans.
  • a9s Harbor: Fix PostgreSQL network relocation that would fail during pre-start and would break the update in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s Harbor: Fix drain script that would fail to execute when the start-up lock dir does not exist, causing a stop operation to fail.
  • a9s Harbor: Remove broken link to Harbor log directory, so that bosh logs works again.

Added

  • breaking change all services: a9s BOSH Deployer: Provide a configuration for the deployment updater to force a recreation of all VMs. Additionally, instances that are not responsive and would result in an error are now recovered instead. See Platform Operator documentation.
  • breaking change a9s PostgreSQL: We consider PostgreSQL 13 as stable now. You have to set the following properties:
    • postgresql_service.services.a9s-postgresql13.name
    • postgresql_service.services.a9s-postgresql13.guid
    • postgresql_service.services.a9s-postgresql13.description
    • postgresql_service.services.a9s-postgresql13.label
    • postgresql_service.services.a9s-postgresql13.version
    • postgresql_service.services.a9s-postgresql13.bindable
    • postgresql_service.services.a9s-postgresql13.requires
    • postgresql_service.services.a9s-postgresql13.tags
    • postgresql_service.services.a9s-postgresql13.documentation_url
    • postgresql_service.services.a9s-postgresql13.metadata
    • postgresql_service.services.a9s-postgresql13.dashboard_client.id
    • postgresql_service.services.a9s-postgresql13.plans-to-test
    • postgresql_service.services.a9s-postgresql13.planupdates-to-test
  • all services: a9s Dashboard: Add 'Restored From' column on Restores table for the a9s Postgresql service instances with PITR enabled. This column shows the point in time used to generate the restores.
  • all services: a9s Dashboard: Disable 'Set Encryption Key' button on the backups menu when backups download is not allowed (allow_downloads is set to false).
  • all services: a9s Backup Agent: Support backup and restore for a9s MariaDB.
  • all services: a9s Logstash: Add a new plugin for a9s MariaDB metrics.
  • a9s Service Guard: Add platform operator tasks to cleanup unused security groups and truncate approvals. For more information see use_dns_addresses
  • a9s Search: Add support for TLS communication. Documentation can be found here.
  • a9s MariaDB: Add a9s MariaDB data service. The a9s MySQL service is being replaced in favor of the a9s MariaDB data service. The new data service starts with MariaDB 10.6. See the platform operator documentation and application developer documentation.
  • a9s Prometheus: Add a9s MariaDB metrics.
  • docs: Application Developer: Add a9s MariaDB migration page. For more information see a9s MariaDB Migration.
  • docs: Platform Operator: Add missing 4444 and 4568 ports to a9s MySQL ports list. See more here
  • docs: Platform Operator: Add more information on how to configure the wildcard certificate correctly. See the Wildcard Certificate section.
  • docs: Platform Operator: Add note to installation instructions informing clients to disable use_dns_addresses. and additional section to explain issue with use_dns_addresses property.
  • docs: Platform Operator: Add missing information regarding the configuration of cdns_encrypt key, which is needed to deploy a9s Consul, to the a9s Data Services Installation Guide.
  • INTERNAL RELEASE a9s Harbor: Add dns_servers BOSH property to the docker job to configure custom DNS servers.

Updated

  • all services: Update bpm BOSH release to latest version 1.1.19.
  • all services: Update routing BOSH release to latest version 0.238.0.
  • a9s Search: Update repository-azure and repository-s3 plugins to latest version 1.3.4.
  • a9s Prometheus: promgraf2 BOSH release now includes:
    • Prometheus 2.38.0
    • Grafana 8.5.11
    • blackbox_exporter 0.22.0
    • bosh_exporter 3.4.0
    • cadvisor 0.45.0
    • elasticsearch_exporter 1.5.0
    • graphite_exporter 0.12.3
    • influxdb_exporter 0.10.0
    • postgres_exporter 0.11.1
    • statsd_exporter 0.22.7
  • a9s Prometheus: prometheus2 BOSH release now includes:
    • Prometheus 2.37.0
    • blackbox_exporter 0.22.0
    • bosh_exporter 3.4.0
    • cadvisor 0.45.0
    • elasticsearch_exporter 1.5.0
    • graphite_exporter 0.12.3
    • influxdb_exporter 0.10.0
    • postgres_exporter 0.11.0
    • statsd_exporter 0.22.7
  • a9s Messaging:
    • a9s Messaging 3.10
      • Erlang 24.3.4.3
      • RabbitMQ 3.10.7
  • a9s MySQL: MariaDB 10.4.26
  • a9s Backup Agent: Several CVE fixes:
    • Update puma to version 4.3.12. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update tzinfo to version 1.2.10. Fixes:
      • CVE-2022-31163
  • a9s Backup Manager: Several CVE fixes:
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update puma to version 4.3.12. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
  • a9s Backup Monit: Several CVE fixes:
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update puma to version 4.3.12. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
  • a9s SSO Proxy: Several CVE fixes
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update puma to version 5.6.5. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update sinatra to version 2.2.2. Fixes:
      • CVE-2022-29970
  • a9s Smoke Tests: Several CVE fixes:
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30122
      • CVE-2022-30123
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
  • a9s Harbor SPI: Several CVE fixes:
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update jmespath to version 1.6.1. Fixes:
      • CVE-2022-32511
  • a9s BOSH Deployer: Several CVE fixes:
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
  • a9s Service Broker: Several CVE fixes:
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
    • Update puma to version 5.6.5. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
  • addons/mongodbsspl: MongoDB 5.0.12
  • docs: Application Developer: Move a9s MySQL documentation to a9s MariaDB documentation. For more information see a9s MySQL.
  • docs: Platform Operator: Move a9s MySQL documentation to a9s MariaDB documentation. For more information see a9s MySQL.
  • INTERNAL RELEASE a9s Messaging SPI: Consolidate Code of Service Bindings for non-SSL and SSL Plans.

Removed

  • docs: Platform Operator: Remove hints about a9s Cloud Config Wizard.
  • docs: Platform Operator: Remove --vars-store secrets/creds.yml usage from installation instructions.
  • docs: Platform Operator: Remove all documentation about setting backup stores for a9s-pg deployment. This is not needed anymore as backups of a9s-pg are managed by a9s Backup Manager.
  • docs: Platform Operator: Remove incorrect statement from page Cleanup Purged Service Instances