Releases: cloudfoundry/bosh
Releases · cloudfoundry/bosh
v282.1.6
Package Updates:
- Updates nginx from 1.29.6 to 1.29.7
Updates:
- Updates nats-server from 2.12.5 to 2.12.6
What's Changed
- Switch custom resource types to registry-image by @selzoc in #2696
- Add dynamic disks support by @mariash in #2652
- Remove deploy key from CVE check by @selzoc in #2697
- Fix the worker startup command in integration support by @mariash in #2698
- Fix expectations with VM lock events by @mariash in #2699
- Fix non-deterministic event ordering in CreateVmStep unit test by @Alphasite in #2700
Full Changelog: v282.1.5...v282.1.6
Contributors
mariash, selzoc, and Alphasite
Assets 2
v282.1.5
What's Changed
- Remove -z flag from validate_tgz in package_persister by @mdzhigarov in #2695
- Unit spec flakes by @aramprice in #2690
Full Changelog: v282.1.4...v282.1.5
Contributors
aramprice and mdzhigarov
Assets 2
v282.1.4
Package Updates:
- Updates nginx from 1.29.5 to 1.29.6
What's Changed
- Fix race condition in bats-fips cleanup by @mariash in #2688
- Add startup resilience for bosh create-env race conditions by @rkoster in #2689
- update Docker CPI dockerfile to work without bosh repo by @mkocher in #2691
- Docker dockerfile fixes part 2 by @mkocher in #2692
- Pick a non-conflicting env name for fips bats by @selzoc in #2693
Full Changelog: v282.1.3...v282.1.4
Contributors
mariash, mkocher, and 2 other contributors
Assets 2
v282.1.3
Fixed CVEs:
- CVE-2026-22860: rubygem-rack: Rack Directory Traversal via Rack:Directory
Package Updates:
- Updates director-ruby-3.3 from 3.3.9 to 3.3.10
- Updates nginx from 1.29.3 to 1.29.5
Updates:
- Updates mariadb-connector from 3.4.7 to 3.4.8
- Updates nats-server from 2.11.2 to 2.12.5
- Updates postgresql-13 from 13.22 to 13.23
- Updates postgresql-15 from 15.14 to 15.17
What's Changed
- Log response body if config server returns non-JSON by @jochenehret in #2638
- Remove unnecessary -z flag from tar extraction commands by @mdzhigarov in #2635
- Bump golangci/golangci-lint-action from 8 to 9 by @dependabot[bot] in #2639
- Fix CLI Output for prefix ip addresses by @fmoehler in #2637
- add prefix to network settings for dynamic and vip network by @fmoehler in #2641
- ci: build warden-cpi noble image by @KauzClay in #2643
- CI: residual fixes for Jammy -> Noble by @aramprice in #2645
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in #2644
- CI: stop installing clang on integration image by @aramprice in #2646
- CI: use the source bpm-release for Jammy tests by @aramprice in #2648
- Fix OS detection in DirectorStemcellOwner to read from system files by @s4heid in #2640
- CI: pass setmcell-os to BDRATs specs by @aramprice in #2650
- Spec: remove error class from spec expectation by @aramprice in #2653
- Add metrics for VM states by @yuriadam-sap in #2649
- Noble cut over by @aramprice in #2655
- Replace "magic" strings with constants or StringInquirer by @aramprice in #2659
- Fix failing heartbeat related tests by @yuriadam-sap in #2660
- Fix undefined method
detached?for String by @neddp in #2662 - Add a new option to allow vm recreation filter based on vm age by @Alphasite in #2656
- Fix regex operator typo in health monitor spec by @neddp in #2666
- CI: fix deprecated property by @aramprice in #2667
- Add scheduled metrics cleanup job by @neddp in #2654
- CI: update start-bosh for cgroupsv2 by @aramprice in #2668
- CI: update docker-cpi for cgroups v2 by @aramprice in #2669
- CI: set default-cgroupns-mode mode in daemon.json by @aramprice in #2670
- Ci docker cpi fixes by @aramprice in #2671
- Ci docker cpi fixes by @aramprice in #2672
- CI: increase spec timeouts by @aramprice in #2674
- docker-cpi: fix for container dns on noble by @aramprice in #2673
- CI: order expected results from db to prevent flakes by @aramprice in #2675
- CI: explicitly set DNS for the docker daemon by @aramprice in #2677
- Add nic_group handling for VIP networks by @neddp in #2658
- Fix missing instance metrics_dir method by @neddp in #2679
- Use local stemcell file by @mariash in #2680
- Fix unit spec flakes by @aramprice in #2681
- Fix stemcell os by @mariash in #2682
- bump CI timouts for upgrade tests by @mkocher in #2684
- Ci fix brats by @aramprice in #2683
- CI: Rename bats-fips to fips-bats by @mariash in #2686
New Contributors
- @jochenehret made their first contribution in #2638
- @mdzhigarov made their first contribution in #2635
- @KauzClay made their first contribution in #2643
- @yuriadam-sap made their first contribution in #2649
- @neddp made their first contribution in #2662
- @Alphasite made their first contribution in #2656
Full Changelog: v282.1.2...v282.1.3
Contributors
aramprice, mariash, and 10 other contributors
Assets 2
v282.1.2
v282.1.1
What's Changed
- CI: switch internal CIDR away from 10.0.0.0 by @aramprice in #2634
- adapt create_vm and attach_disk call for new cpi version 3 by @fmoehler in #2633
- remove duplicate ip addresses with smaller prefix by @fmoehler in #2636
Full Changelog: v282.1.0...v282.1.1
Contributors
aramprice and fmoehler
Assets 2
v282.1.0
Full Changelog: v282.0.10...v282.1.0
Same as v282.0.10 which should be a minor release update.
Fixed CVEs:
- CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- CVE-2025-61772: rack: Rack memory exhaustion denial of service
- CVE-2025-61919: rubygem-rack: Unbounded read in
Rack::Requestform parsing can lead to memory exhaustion
Package Updates:
- Updates nginx from 1.29.1 to 1.29.2
What's Changed
Contributors
dependabot and fmoehler
Assets 2
v282.0.10
Fixed CVEs:
- CVE-2025-61770: rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- CVE-2025-61771: rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
- CVE-2025-61772: rack: Rack memory exhaustion denial of service
- CVE-2025-61919: rubygem-rack: Unbounded read in
Rack::Requestform parsing can lead to memory exhaustion
Package Updates:
- Updates nginx from 1.29.1 to 1.29.2
What's Changed
- Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2624
- [RFC0038] Introduce prefix allocation by @fmoehler in #2611
- Fix regression issues by @fmoehler in #2626
- add missing expectations for integration tests by @fmoehler in #2628
- Update workstation_setup.md by @fmoehler in #2627
- stringify prefix for networks and not only its subnets by @fmoehler in #2629
- fix test expectation by @fmoehler in #2630
- Avoid unnecessary redeploys by @fmoehler in #2631
Full Changelog: v282.0.9...v282.0.10
Contributors
dependabot and fmoehler
Assets 2
v282.0.9
Fixed CVEs:
- CVE-2025-58767: rexml: REXML denial of service
What's Changed
- Add 'file' package to Dockerfile dependencies for intergration by @ramonskie in #2621
Full Changelog: v282.0.8...v282.0.9
Contributors
ramonskie