0.195.0

Release Highlights

• Platform Operators can continue routing to applications and system components even during a control plane outage details

• Application Developers can ensure that their Java apps communicate to the gorouter successfully and do not experience any error caused due to TLS1.3 details

• Routing Release is built with Go 1.13, which includes TLS 1.3. However, TLS 1.3 is turned off for now for the GoRouter as a result of this issue: golang/go#35722

Manifest Property Changes

Job	Property	0.193.0 Default	0.195.0 Default
gorouter	router.prune_all_stale_routes	false	property removed

Test release

this is a release to test our pipelines.

0.193.0 -- DO NOT USE -- contains TLS 1.3 bug

Release Highlights

• GoRouter return a 503 not a 404 when no endpoint available details
• Gorouter supports cookies (which are not JSESSIONID) to trigger sticky sessions details
• Lookup handler does not expose LB IP details
• Gorouter returns a friendly error on incorrect nonce details
• Components of networking subsystems are built with golang 1.13.x details

Manifest Property Changes

Job	Property	0.192.0 Default	0.193.0 Default
gorouter	proxy net.Dialer KeepAlive	15s	1s
gorouter	keep alive probe interval	non-configurable	configurable
gorouter	sticky_session_cookies name	non-configurable	configurable

0.192.0 -- DO NOT USE -- contains TLS 1.3 bug

Release Highlights

• Operator can see an error logged when the GoRouter panics serving a request details
• GoRouter restarts gracefully when encountering an unrecoverable error details
• Route-registrar can toggle to mTLS or plain-text details
• Routing registrar set based on routing API: mTLS /plaintext details
• GoRouter includes App, Org, and Space names when emitting access log messages to loggregator details
• CF-Deployment has a value greater than 0 for idle connections details

Manifest Property Changes

Job	Property	0.191.0 Default	0.192.0 Default
gorouter	drain_timeout	did not exist	configurable and defaults to 900s
gorouter	max_idle_connections	0	100

0.191.0

Release Highlights

• GoRouter supports indicator protocol to self-declare and self-document the monitoring and alerting behavior details
• Fixed goroutine leak when WebSocket Requests timed out: cloudfoundry/routing-release #153 details
• Fixed a bug that caused a disabled routing-api job to update the api VM on deploy: cloudfoundry/routing-release #155 details
• Update go version to 1.12.9

0.190.0

Release Highlights

• Jobs consuming the routing-api link do not fail when routing-api is not present details
• Routing-API supports deletion of Router Groups details
• Gorouter does not set the VCAP_ID stickyness cookie if provided by backend details
• HTTP stop/start metrics emit all tags provided during route registration details

0.189.0

Release Highlights

• Gorouter is configurable to prune with TTL when using TLS to validate backend identity. This is a temporary mitigation of an issue where a route deregistration message is lost details
• gorouter_ctl runs correctly on Xenial stemcells details
• Operator can configure routing-api to support mTLS connections details
• Routing API provides a bosh link that route registrar consumes to enable mTLS with the routing api details
• Operator can configure route-registrar to communicate over mTLS to routing-api details
• gorouter consumes Routing-API Link for mtls properties details
• Operator can configure gorouter to fetch routes over mTLS from routing-api details
• TCP Router consumes Routing-API Link for mtls properties details
• Operator can configure tcp-router to communicate over mTLS to routing-api details
• Route registrar route_registrar.routing_api.skip_ssl_validation property is now correctly applied details
• Operator can to configure gorouter with client certs for route services details
• cloudfoundry/routing-release #146: Deploy does not fail when required property server_cert_domain_san is not configured details

Note: This new release requires that properties are configured for the routing-api mtls. If this isn't being consumed as part of cf-deployment, which has these properties as of v9.4.0, you will need to apply this ops file

Manifest Property Changes

Job	Property	0.188.0 Default	0.189.0 Default
gorouter	router.route_services.cert_chain	did not exist	undefined
gorouter	router.route_services.private_key	did not exist	undefined
gorouter	routing_api.uri	http://routing-api.service.cf.internal	https://routing-api.service.cf.internal
gorouter	routing_api.port	3000	from routing_api link
gorouter	routing_api.ca_certs	did not exist	from routing_api link
gorouter	routing_api.cert_chain	did not exist	from routing_api link
gorouter	routing_api.private_key	did not exist	from routing_api link
gorouter	router.prune_all_stale_routes	did not exist	false
gorouter	router.set_kernel_parameters	did not exist	true
route_registrar	route_registrar.logging_level	did not exist	info
route_registrar	route_registrar.routing_api.api_url	http://routing-api.service.cf.internal:3000	https://routing-api.service.cf.internal:3001
route_registrar	route_registrar.routing_api.client_cert	did not exist	from routing_api link
route_registrar	route_registrar.routing_api.client_private_key	did not exist	from routing_api link
route_registrar	route_registrar.routing_api.server_ca_cert	did not exist	from routing_api link
routing-api	routing_api.enabled_api_endpoints	did not exist	"both"
routing-api	routing_api.mtls_port	did not exist	3001
routing-api	routing_api.mtls_ca	did not exist	generated by credhub
routing-api	routing_api.mtls_server_cert	did not exist	generated by credhub
routing-api	routing_api.mtls_server_key	did not exist	generated by credhub
routing-api	routing_api.mtls_client_cert	did not exist	generated by credhub
routing-api	routing_api.mtls_client_key	did not exist	generated by credhub
routing-api	consul.servers	http://127.0.0.1:8500	removed property
routing-api	routing_api.skip_consul_lock	false	removed property
tcp_router	routing_api.uri	http://routing-api.service.cf.internal	https://routing-api.service.cf.internal
tcp_router	routing_api.port	3000	from routing_api link
tcp_router	routing_api.client_cert	did not exist	from routing_api link
tcp_router	routing_api.client_private_key	did not exist	from routing_api link
tcp_router	routing_api.ca_cert	did not exist	from routing_api link

0.188.0

Release Highlights

• golang version bumped to 1.12.1
• Fix for CVE-2019-3789: Gorouter allows space developer to hijack route services hosted outside the platform. The new default behavior will use DNS to make a new connection to the Load Balancer for internal route services.

Manifest Property Changes

0.187.0	0.188.0	Default Value
did not exist	router.route_services_internal_lookup	false

0.187.0

Release Highlights

• golang version bumped to 1.11.5
• cf-tcp-router supports truly seamless reloads details
• Fix url parsing for forwarded url after route-service pass details
• ms_since_last_registry_update metric will emit -1 when no routes have been created details
• cf-tcp-router, route-registrar, and routing-api log human-readable RFC3339 timestamps details
• Operator can configure a manifest property routing_api.sqldb.skip_hostname_validation to skip hostname verification when routing-api communicates with a mysql server that does not provide a valid hostname in its certificate details

Manifest Property Changes

0.186.0	0.187.0	Default Value
did not exist	routing_api.sqldb.skip_hostname_validation	false

0.186.0

Release Highlights

• Fix for Gorouter panics details
• Fix for fatal errors fatal error: sync: Unlock of unlocked RWMutex that led to the Gorouter crashing details
• operator can now expect a single b3 header, and separate b3 headers (TraceId, SpanID, ParentSpanID) when tracing support is enabled in gorouter access logs as per the spec. Story details

Manifest Property Changes

None