0.235.0

What's Changed

• Gorouter healthchecker retries connection instead of monit (#275)

✨ Built with go 1.17.11

Full Changelog: 0.234.0...0.235.0

0.234.0

What's Changed

• Gorouter: the metrics package now uses lsof to monitor file descriptors on MacOS @domdom82 cloudfoundry/gorouter#312
• 🐛 Bumped the lager dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable. Thanks @ameowlia!
• Now tested with the bionic stemcell in CI

✨ Built with go 1.17.11

Full Changelog: 0.233.0...0.234.0

0.233.0

What's Changed

• TCP Router: Add locking to the haproxy_reloader script to avoid haproxy reload/restart race conditions by @geofffranks in #269
• TCP Router: Bump HAProxy from 1.8.13 to 2.5.4 by @cunnie in #266
• Gorouter: fix proxy round tripper race condition by @ameowlia and @geofffranks in cloudfoundry/gorouter#318
• Routing API: fix timestamp precision issue that caused routes to be pruned unexpectedly by @geofffranks in cloudfoundry/routing-api#24
• Routing API: remove golang.x509ignoreCN bosh property by @geofffranks and @mariash
• Routing API: fix bug that caused TCP Router's HAProxy to reload every minute by @jrussett in cloudfoundry/routing-api#26.

Manifest Property Changes

Job	Property	Notes
routing-api	golang.x509ignoreCN	This property exposed a go debug flag for go version 1.15. Since go 1.16 this go debug flag has had no affect. Removing this bosh property is part of our effort to keep our code base free of cruft.

✨ Built with go 1.17.10

Full Changelog: 0.232.0...0.233.0

0.232.0

What's Changed

• Fixing issue #250: Return a 503 not a 404 when all instances down by @kecirlotfi in #268 and cloudfoundry/gorouter#314
• Fixing issue cloudfoundry/gorouter#315: Fix route service pruning by @geofffranks

Manifest Property Changes

Job	Property	default	notes
gorouter	for_backwards_compatibility_only.empty_pool_response_code_503	0s	This property was added to enable #268

New Contributors 🎉

• @kecirlotfi made their first contribution! Thanks so much!

✨ Built with golang 1.17.9

Full Changelog: 0.231.0...0.232.0

0.231.0

Bug Fixes

• Removed the x509ignoreCN property. Now that gorouter is built on golang 1.17, it
no longer has any effect on gorouter behavior, and was only adding to confusion in
the properties
• Resolve an issue with route-registrar using the same TTL as it's RegistrationInterval
for tcp routes, leading to unnecessary churn of pruned + re-registered routes.
• Resolve an issue with Routing API where upserts to tcp routes were causing change
events to be emitted when the only change was a bump in TTL. This led to an issue
where tcp-router was constantly reloading haproxy with every route's heartbeat
registration call.

Manifest Property Changes


Job	Property	0.230.0	0.231.0
gorouter	golang.x509ignoreCN	false	No longer exists
route_registrar	golang.x509ignoreCN	false	No longer exists
tcp_router	golang.x509ignoreCN	false	No longer exists

✨ Built with golang 1.17.8


Full Changelog: 0.230.0...0.231.0

0.230.0

Feature

• update gorouter for prometheus scraping by @Benjamintf1 in #258

Bug Fix

• Invalid seeded router group manifest values should no longer cause breaking changes by default by @ameowlia in #261

✨ Built with golang 1.17.7

Full Changelog: 0.229.0...0.230.0

0.229.0

⚠️ Routing-Release is Now Built with Golang 1.17.x! ⚠️

What this means:

• All certs MUST contain a SAN entry to be considered valid.
  • Since routing-release 0.226.0, any certificates provided to routing-release without a SAN would cause a template rendering failure.
  • The golang.x509ignoreCN property no longer has any affect, as Golang 1.17 has removed support for that workaround
• IP/CIDRs cannot contain leading zeros (e.g. 10.00.0.01). Template rendering failures will now occur if any are specified in this way. Simply remove the leading zeros to work around this
• Query parameters with non-percent-encoded semi-colons (https://app.example.com/endpoint?param1;param2) will no longer be parsed. More information on on this change can be found here
  • While Gorouter will not modify the requests with semicolons, this may affect downstream apps or components.
  • Gorouter has been updated add a deprecated-semicolon-params message in its standard output, along with the vcap_request_id. This can be cross-referenced with the access logs, and app logs to determine the sources of the invalid requests.

Other Notable Changes

• ➕ Improvement: Request URLs are now included in Gorouter's route-service-connection-failed log messages. Thanks for the improvement @plowin! 🎉
• ➕ Improvement: Gorouter's endpoint_dial_timeout is now configurable. It affects the time to establish a TCP connection with backends (http or websocket), but prior to any TLS negotiation.
• 🐛 Bug Fix: A bug in Gorouter was resolved that caused incorrect counts when calculating backend-connection limits for app endpoints
• 🐛 Bug Fix: Gorouter now honors the router.min_tls_version and router.max_tls_version properties when making requests to route-services
• 🐛 Bug Fix: Resolves an issue introduced in routing-release v0.227.0 where the b3_spanid header was incorrectly being set to 16 bytes. It now is set to 8-bytes. Thanks @stijnvet for the fix! 🎉

Manifest Property Changes

Job	Property	0.228.0	0.229.0
gorouter	endpoint_dial_timeout_in_seconds	not configurable, hardcoded to 5 seconds	defaults to 5

✨ Built with Golang v1.17.6

0.228.0

Release Highlights

New Features

• Only use password auth if NATS requires it; with the introduction of nats-tls, the use of password authentication is no longer needed. Instead we can rely on mTLS for trust. 🎉 🎉 Thanks @domdom82 for the PR! 🎉 🎉 🎉

Security Fixes

• Update golang to address CVE-2021-44716: Limit growth of header canonicalization cache on incoming HTTP/2 requests.

✨ Built with golang 1.16.12

0.227.0

Release Highlights

Changes

• TraceID now complies with the w3 Standard.

Bugfix

• TCP router correctly health-checks and restarts HAproxy as necessary. (#245)

✨ Built with golang 1.16.10

0.226.0

Release Highlights

New Features

• The tcp-router now emits connection error metrics on a per app basis, to assist troubleshooting when apps start having connectivity issues
• The X-Cf-Router-Error header now contains more details for endpoint_failure errors, to indicate what type of failure occurred 🎉 🎉 🎉 Thanks @thomas-kaltenbach for the PR! 🎉 🎉 🎉
• Backend TLS handshake timeouts are now configurable via the tls_handshake_timeout_in_seconds property. 🎉 🎉 🎉 Thanks @ywei2017 for the PR! 🎉 🎉 🎉

X509 Subject Alt Name Requirements

The gorouter job will now fail to render its template on BOSH deploys if a tls_pem contains a cert_chain that does not have a SubjectAltName (SAN) extension on the certificate. This started being required in Golang 1.15, but we have been working around this using the golang.x509ignoreCN property. This property now defaults to false, so operators are made aware of any certs that need to be regenerated. When routing-release is built against golang 1.17, the golang.x509ignoreCN workaround will cease to function, and environments will need to have certs updated by then.

If encountered, the template rendering error will match: tls_pem[<cert index>].cert_chain must include a subjectAltName extension

For more information, see Golang 1.15's release notes

Bugfixes

• The gorouter template is now generated in a way that is compatible with BOSH Directors built with Ruby 3 (#225)
• Resolves an issue where a stale route for an app using route services with an out of date route-service URL could result in all requests going to the out-of-date route-service URL, and failing.
• Clarifies gorouter logs and routing tables to reflect http1 as the protocol when HTTP/2 is disabled, even if the route was registered indicating it supported HTTP/2.

Manifest Property Changes

Job	Property	0.225.0	0.226.0
gorouter	tls_handshake_timeout_in_seconds	does not exist	defaults to 10
gorouter	golang.x509ignoreCN	true	false

✨ Built with golang 1.16.9