0.225.0

Release Highlights



• Improved health checking for gorouter
- monit will now restart the gorouter process if the gorouter stops responding to http requests on its health port
• Switched from vendoring golang-1-linux to golang-1.16-linux to keep us pinned at Go 1.16 for the time being
• Go 1.16 has GO111Module on by default. This release converts routing-release to be compatible with those changes
• As a result of the conversion to a Go module release, we updated and moved away from having many of our external dependencies in a submodule to a vendored package.
• Security Fix: Update golang to resolve CVE-2021-39293 where specially crafted inputs could cause panics/fatal errors in archive/zip

Manifest Property Changes



None





✨ Built with golang 1.16.8

0.224.0

Release Highlights

HTTP/2 Support

router.enable_http2 bosh property set to true by default. Now, HTTP/2 requests are supported both on ingress traffic to the gorouter and, if defined as HTTP/2 in the routing table, on traffic to app backends.

Please see notes for routing-release 0.222.0 and 0.218.0 for additional context on using this feature in your foundation.

Manifest Property Changes

Job	Property	0.219.0	0.220.0
gorouter	router.enable_http2	defaults to false	defaults to true

✨ Built with golang 1.16.7

0.223.0

Release Highlights

• PR to remove the deprecated nats.tls.hostname property from @46bit. Thanks Miki
• Gorouter will now fail to start if it is unable to listen on the health/status port

Manifest Property Changes

Job	Property	0.221.0 Default	0.222.0 Default
route-registrar	nats.tls.hostname	""	property removed

✨ Built with golang 1.16.7

0.222.0

Release Highlights

🎉 We merged five (👏 👏 👏 👏 👏 ) PRs from the community. Thank you so much everyone for your hard work!

Debugging

• PR to enhance accesslogs with InstanceId for better debugging from @thomas-kaltenbach. Thank you Thomas!
• PR to enhance registry logs with appId, instanceId and domainSans from @thomas-kaltenbach. Thank you again Thomas!!
• PR to enhance backend-endpoint-failed logs with the retriable and num-endpoints fields from @46bit. Thank you Miki!

HTTP/2

• Two PRs (1 and 2) to add HTTP/2 functionality from gorouter to backends. Now if routes are registered with the "http2" protocol and if the router.enable_http2 bosh property is set to true , then gorouter will connect to the backend app with http/2 with prior knowledge.
• HTTP/2 support is still a beta feature.
• The ability to set routes as "http2" in Cloud Foundry is not yet complete. You can follow this work in cloud_controller_ng in this PR.
• 🎉 Thank you to everyone involved in this work: @Gerg, @mkocher, @moleske, @mariash, @ctlong

NATS

• PR to support the nats-tls bosh link, and remove reliance on the nats.tls.hostname property.

🐛 Bug

• Fixed this issue where gorouter was logging httpstartstop envelopes with incorrect information.

✨ Built with golang 1.16.7

0.221.0

Release Highlights

• Security Fix: Update Golang to fix for CVE-2021-36221. Prevent race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort

✨ Built with golang 1.16.7

0.220.0

Release Highlights

Gorouter open file handles now configurable

The number of open file handles for the gorouter job is now configurable and defaults to its previous value. Thank you @h0nIg for the contribution (PR #213) 🎉 🎉 🎉

⚠️ Foundation TLS certificates encouraged to have Subject Alternative Names (SANs) as soon as possible

Certificates used by the foundation to serve TLS traffic, either by gorouter directly or via a Load Balancer in front of the foundation, will require at least one Subject Alternative Name due to a deprecation in golang 1.15 that will be permanent after golang 1.17 is released. By default, the routing-release jobs will not strictly check certificates for the existence of a SAN unless operators opt-in to the feature by configuring the golang.x509ignoreCN flag to false.

For more information on the context of this change and what operators need to do, please refer to the golang 1.15 X.509 CommonName deprecation doc.

Manifest Property Changes

Job	Property	0.219.0	0.220.0
gorouter	router.max_open_files	did not exist	configurable and defaults to 100000
gorouter	golang.x509ignoreCN	did not exist	configurable and defaults to true
route_registrar	golang.x509ignoreCN	did not exist	configurable and defaults to true
routing-api	golang.x509ignoreCN	did not exist	configurable and defaults to true
tcp_router	golang.x509ignoreCN	did not exist	configurable and defaults to true

✨ Built with golang 1.16.6

0.219.0

Release Highlights

• gorouter now accepts TLSv1.3 as a minimum TLS version
• routing-release can set TLSv1.3 as the minimum TLS version via router.min_tls_version

✨ Built with Golang 1.16.6

0.218.0

Release Highlights

🎉 Beta feature: Gorouter now accepts HTTP2 traffic.

• When router.enable_http2: true then the following is enabled:
  • Client sends http/2 request to LB with http/2 support
  • LB sends http/2 request to Gorouter
  • Gorouter accepts http/2 traffic
  • Gorouter sends h1 traffic to backends
• More work coming soon to get the last hop from gorouter -> apps to support http/2.
• This work was from this routing-release PR and this gorouter PR.

✨ Built with Golang 1.16.6

0.217.0

Release Highlights

Lots of great community work in this release!

• 🎉 Gorouter now consistently returns a 499 when client disconnects. Thank you so much @randomtask1155 for submitting this PR.
• 🎉 Gorouter now respects and retries idempotent requests. Thank you @peterellisjones for this PR!
• 🎉 Gorouter can now speak to NATS using TLS. Thanks for your great work on this PR @46bit.

✨ Built with Golang 1.16.6

0.216.0

Release Highlights

🚨 Reverts the following features 🚨

• ⚠️ Foundation TLS certificates require Subject Alternative Names (SANs)
  • This was added in routing-release 0.215.0
  • We are working on writing clear docs about how this will affect users and how users can prepare for this change

✨ Built with Golang 1.16.5