Fixed
- all services: a9s Dashboard: Fix link url when using 'Disable Automatic
Update Modal' dialog.
- a9s-pg: Fix PostgreSQL network relocation that would fail during
pre-start
and would break the update in environments relying only on BOSH DNS, as DNS
resolution is not available during pre-start. - a9s-pg: Fix drain script that would fail to execute when the
start-up lock dir does not exist, causing a stop operation to fail.
- a9s Backup Manager: Adjust the ops file backup-on-alicloud.yml to remove the
configuration for a9s Search service.
- a9s Backup Manager: Adjust the ops file backup-on-generic-s3.yml to remove the
configuration for a9s Search service.
- a9s Service Guard: Fix an issue when the created security groups are not
applied to the
diego-cells and therefore connections between the app and
the service instance were still blocked. This was caused because Cloud
Foundry is moving away from CC API v2 to CC API v3. As a result, some
operations are executed only against CC API v2 are not working as expected. Now
operations regarding security groups also support CC API v3. You can
choose the version of the API via the a9s Service Guard property
cf_service_guard.cloud_foundry.api_version. The default is v3. - a9s PostgreSQL: Fix PostgreSQL network relocation that would fail during
pre-start and would break the update in environments relying only on BOSH
DNS, as DNS resolution is not available during pre-start. - a9s PostgreSQL: Fix drain script that would fail to execute when the
start-up lock dir does not exist, causing a stop operation to fail.
- a9s Messaging: SPI: Fix binding to include Stomp and MQTT information.
- a9s Messaging: SPI: Fix Subject Alternative Names for RabbitMQ Management UI when using SSL Plans.
- a9s Harbor: Fix PostgreSQL network relocation that would fail during
pre-start and would break the update in environments relying only on BOSH
DNS, as DNS resolution is not available during pre-start. - a9s Harbor: Fix drain script that would fail to execute when the start-up
lock dir does not exist, causing a stop operation to fail.
- a9s Harbor: Remove broken link to Harbor log directory, so that
bosh logs
works again.
Added
- breaking change all services: a9s BOSH Deployer: Provide a configuration for the deployment updater to force a recreation of all VMs.
Additionally, instances that are not responsive and would result in an error are now recovered instead.
See Platform Operator documentation.
- breaking change a9s PostgreSQL: We consider PostgreSQL 13 as
stable now.
You have to set the following properties:- postgresql_service.services.a9s-postgresql13.name
- postgresql_service.services.a9s-postgresql13.guid
- postgresql_service.services.a9s-postgresql13.description
- postgresql_service.services.a9s-postgresql13.label
- postgresql_service.services.a9s-postgresql13.version
- postgresql_service.services.a9s-postgresql13.bindable
- postgresql_service.services.a9s-postgresql13.requires
- postgresql_service.services.a9s-postgresql13.tags
- postgresql_service.services.a9s-postgresql13.documentation_url
- postgresql_service.services.a9s-postgresql13.metadata
- postgresql_service.services.a9s-postgresql13.dashboard_client.id
- postgresql_service.services.a9s-postgresql13.plans-to-test
- postgresql_service.services.a9s-postgresql13.planupdates-to-test
- all services: a9s Dashboard: Add 'Restored From' column on Restores table for the a9s Postgresql
service instances with PITR enabled. This column shows the point in time used
to generate the restores.
- all services: a9s Dashboard: Disable 'Set Encryption Key' button on the backups
menu when backups download is not allowed (
allow_downloads is set to false). - all services: a9s Backup Agent: Support backup and restore for a9s MariaDB.
- all services: a9s Logstash: Add a new plugin for a9s MariaDB metrics.
- a9s Service Guard: Add platform operator tasks to cleanup unused security
groups and truncate approvals.
For more information see use_dns_addresses
- a9s Search: Add support for TLS communication. Documentation can be found
here.
- a9s MariaDB: Add a9s MariaDB data service. The a9s MySQL service is being
replaced in favor of the a9s MariaDB data service. The new data service
starts with MariaDB
10.6.
See the platform operator documentation
and application developer documentation. - a9s Prometheus: Add
a9s MariaDB metrics. - docs: Application Developer: Add a9s MariaDB migration page.
For more information see
a9s MariaDB Migration.
- docs: Platform Operator: Add missing
4444 and 4568 ports to a9s MySQL
ports list. See more here - docs: Platform Operator: Add more information on how to configure the wildcard
certificate correctly. See the
Wildcard Certificate section.
- docs: Platform Operator: Add note to installation instructions informing clients to disable
use_dns_addresses.
and additional section to explain issue with use_dns_addresses property. - docs: Platform Operator: Add missing information regarding the configuration
of
cdns_encrypt key, which is needed to deploy a9s Consul, to the
a9s Data Services Installation Guide. - INTERNAL RELEASE a9s Harbor: Add
dns_servers BOSH property to the docker job to configure custom DNS servers.
Updated
- all services: Update bpm BOSH release to latest version
1.1.19. - all services: Update routing BOSH release to latest version
0.238.0. - a9s Search: Update
repository-azure and repository-s3 plugins to latest version 1.3.4. - a9s Prometheus:
promgraf2 BOSH release now includes:- Prometheus 2.38.0
- Grafana 8.5.11
- blackbox_exporter 0.22.0
- bosh_exporter 3.4.0
- cadvisor 0.45.0
- elasticsearch_exporter 1.5.0
- graphite_exporter 0.12.3
- influxdb_exporter 0.10.0
- postgres_exporter 0.11.1
- statsd_exporter 0.22.7
- a9s Prometheus:
prometheus2 BOSH release now includes:- Prometheus 2.37.0
- blackbox_exporter 0.22.0
- bosh_exporter 3.4.0
- cadvisor 0.45.0
- elasticsearch_exporter 1.5.0
- graphite_exporter 0.12.3
- influxdb_exporter 0.10.0
- postgres_exporter 0.11.0
- statsd_exporter 0.22.7
- a9s Messaging:
- a9s Messaging 3.10
- Erlang 24.3.4.3
- RabbitMQ 3.10.7
- a9s MySQL: MariaDB 10.4.26
- a9s Backup Agent: Several CVE fixes:
- Update puma to version 4.3.12. Fixes:
- CVE-2022-24790
- CVE-2022-23634
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30123
- CVE-2022-30122
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- Update tzinfo to version 1.2.10. Fixes:
- a9s Backup Manager: Several CVE fixes:
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30123
- CVE-2022-30122
- Update puma to version 4.3.12. Fixes:
- CVE-2022-24790
- CVE-2022-23634
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- Update rails-html-sanitizer to version 1.4.3. Fixes:
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- a9s Backup Monit: Several CVE fixes:
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30123
- CVE-2022-30122
- Update puma to version 4.3.12. Fixes:
- CVE-2022-24790
- CVE-2022-23634
- Update rails-html-sanitizer to version 1.4.3. Fixes:
- a9s SSO Proxy: Several CVE fixes
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30123
- CVE-2022-30122
- Update puma to version 5.6.5. Fixes:
- CVE-2022-24790
- CVE-2022-23634
- Update sinatra to version 2.2.2. Fixes:
- a9s Smoke Tests: Several CVE fixes:
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30122
- CVE-2022-30123
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- a9s Harbor SPI: Several CVE fixes:
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- Update jmespath to version 1.6.1. Fixes:
- a9s BOSH Deployer: Several CVE fixes:
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- Update rails-html-sanitizer to version 1.4.3. Fixes:
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30123
- CVE-2022-30122
- a9s Service Broker: Several CVE fixes:
- Update nokogiri to version 1.13.8. Fixes:
- GHSA-cgx6-hpwq-fhv5
- GHSA-gx8x-g87m-h5q6
- GHSA-xxx9-3xcr-gjj3
- GHSA-fq42-c5rg-92c2
- GHSA-v6gp-9mmm-c6p5
- CVE-2022-29181
- CVE-2022-24836
- Update rack to version 2.2.4. Fixes:
- CVE-2022-30123
- CVE-2022-30122
- Update rails-html-sanitizer to version 1.4.3. Fixes:
- Update puma to version 5.6.5. Fixes:
- CVE-2022-24790
- CVE-2022-23634
- addons/mongodbsspl: MongoDB 5.0.12
- docs: Application Developer: Move a9s MySQL documentation to a9s MariaDB
documentation. For more information see
a9s MySQL.
- docs: Platform Operator: Move a9s MySQL documentation to a9s MariaDB
documentation. For more information see
a9s MySQL.
- INTERNAL RELEASE a9s Messaging SPI: Consolidate Code of Service Bindings for non-SSL and SSL
Plans.
Removed
- docs: Platform Operator: Remove hints about a9s Cloud Config Wizard.
- docs: Platform Operator: Remove
--vars-store secrets/creds.yml usage from
installation instructions. - docs: Platform Operator: Remove all documentation about setting backup stores
for a9s-pg deployment. This is not needed anymore as backups of a9s-pg are managed by a9s Backup Manager.
- docs: Platform Operator: Remove incorrect statement from page
Cleanup Purged Service Instances