Releases: cloudfoundry/routing-release
Releases · cloudfoundry/routing-release
0.160.0
Release Highlights
This release includes a fix to a security vulnerability. We recommend all deployments upgrade to this release asap.
Mutual TLS and X-Forwarded-Client-Cert (XFCC)
- Gorouter now uses certificate authorities installed using BOSH Trusted Certs to validate certificates provided by clients in mTLS handshakes details
- Operators may now configure Gorouter with a configurable list of certificate authorities used to validate certificates provided by clients in mutual TLS handshakes details
- Operators may now configure Gorouter to overwrite the XFCC header with the client certificate received in mTLS handshakes details
- Operators may now configure Gorouter to forward the XFCC header only when the client connection is mTLS details
Mutual Certificates / SNI
- Operators may now configure Gorouter with multiple certificate chains. Gorouter will use SNI, when supported by the client, to serve the appropriate certificate details
Misc
- Route services authors may now modify context path and query parameters as long as the route matching new URI is not bound to a route service details
- Operators may now configure Gorouter with a limit for concurrent connections per backend details
- Operators may now configure the minimum TLS version Gorouter will support details
- Routing-API will now reclaim its Locket lock if it unexpectedly crashes without releasing the lock details
- Operators may now configure Gorouter cipher suites using either RFC or OpenSSL names details
- Gorouter will now close idle frontend TCP connections with clients after 5 seconds details
Manifest Property Changes
gorouter
| 0.159.0 | 0.160.0 | Default Value |
|---|---|---|
| did not exist | router.min_tls_version |
TLSv1.2 |
router.ssl_cert |
removed in favor of tls_pem |
|
router.ssl_key |
removed in favor of tls_pem |
|
| did not exist | router.tls_pem |
Required when enable_ssl: true |
| did not exist | router.ca_certs |
|
| did not exist | router.forwarded_client_cert |
always_forward |
| did not exist | router.backends.max_conns |
0 |
0.159.0
Highlights
This release includes a security fix.
Manifest Changes
None
0.158.0
Highlights
- All components have been upgraded to 1.8.x details
- Removed redundant content from Gorouter log message
backend-endpoint-faileddetails - Routing API returns a 204 response when deleting a tcp route that does not exist details
- Simplified start delays:
/healthwill report200 OKafter the value ofrouter.requested_route_registration_interval_in_secondsin seconds, and BOSH will consider Gorouter started (and allow the next instance to update) after an additional duration ofrouter.load_balancer_healthy_thresholdin seconds details - Gorouter now emits a metric
file_descriptorsto help operators monitor file descriptor consumption details - Manifest generation scripts support overriding release versions from a spiff stub details
- Gorouter now emits counter metrics periodically, regardless of whether they are incremented details
- Routing API now support updating the isolation segment for a TCP route details
Manifest Property Changes
None
0.157.0
Release Highlights
- Gorouter now emits app instance index as
instanceIndexwith HttpStartStop metric events details - Routing API now supports creation of TCP Routes with an isolation segment details
- Routing API now supports use of Locket for its distributed lock instead of Consul details
Manifest Property Changes
routing-api
| 0.156.0 | 0.157.0 | Default Value |
|---|---|---|
| did not exist | routing_api.locket.api_location |
|
| did not exist | routing_api.locket.ca_cert |
|
| did not exist | routing_api.locket.client_cert |
|
| did not exist | routing_api.locket.client_key |
|
| did not exist | routing_api.skip_consul_lock |
false |
0.156.0
Release Highlights
- Fixed bug which caused Gorouter latency metric for websockets/TCP connections to have large negative values details
property_overrides.acceptance_tests.default_timeoutis no longer required in spiff stubs details- Routing API now supports query parameter
isolation_segmentto filter list of TCP routes details
0.155.0
Release Highlights
- API client authors can now create router groups of
type: tcpdetails - Minor bug fix for spiff template to make routing release compatible with cf-release v260 such that now
metron_endpoint.shared_secretis an optional field
Performance Comparison
Performance comparison of 0.154.0 vs 0.155.0 can be found in the attachment below. Raw results for the performance tests can be found in the following files:
Epic in progress:
- Tcp Router can filter routes from the Routing API by isolation segment name details
Manifest Property Changes
tcp_router
| 0.156.0 | 0.157.0 | Default Value |
|---|---|---|
| did not exist | isolation_segments |
0.154.0
- Fixes a bug whereby router logs stopped appearing in
cf logsdetails - Includes a fix to
access.logsuch that logs with high latency now include response codes details
Performance Comparison
Performance comparison of 0.153.0 vs 0.154.0 can be found in the attachment below. Raw results for the performance tests can be found in the following files:
Manifest Property Changes
No changes
0.153.0
Release Highlights
- Includes a bug fix for an unintentional change to how Gorouter measures latency. Gorouter once again measures latency as it did in routing release v147 and prior, by calculating the time between when a request was received by Gorouter and when a backend app sends the first byte of the response details
- API client authors can now create HTTP router groups details
- Gorouter logs now include a new
isolation_segmentproperty upon startup, and forregistry,unregistry, andpruned-routeevents details - Operator can now configure Gorouter to register routes only for specified isolation segments or for those which do not have a specified isolation segment using new property
routing_table_sharding_modedetails, details, details
Performance Comparison
Performance comparison of 0.152.0 vs 0.153.0 can be found in the attachment below. Raw results for the performance tests can be found in the following files:
Manifest Property Changes
Gorouter
| 0.152.0 | 0.153.0 | Default Value |
|---|---|---|
| did not exist | isolation_segments |
|
| did not exist | routing_table_sharding_mode |
all |
0.152.0
Release Highlights
- When a route service is run as an application on CF, Gorouter now forwards requests to it directly details
- Consul links are ignored in the routing-release template details
Known Issues
- There is a latency measurement bug whereby instead of calculating when a request was received by Gorouter and when a backend app sends the first byte of the response, we started calculating the time between when a request was received by Gorouter and when the last byte of the response was returned from Gorouter. Fix will be in v153.
Performance Comparison
Performance comparison of 0.151.0 vs 0.152.0 can be found in the attachment below. Raw results for the performance tests can be found in the following files:
Epic in progress:
Gorouter shards routes by isolation segment name details
Manifest Property Changes
No changes
0.151.0
Release Highlights
- Routing acceptance and smoke tests no longer fail when multiple router groups have been seeded details
- Gorouter now provides its address via Links for other jobs to consume details
Known Issues
- There is a latency measurement bug whereby instead of calculating when a request was received by Gorouter and when a backend app sends the first byte of the response, we started calculating the time between when a request was received by Gorouter and when the last byte of the response was returned from Gorouter. Fix will be in v153.
Performance Comparison
Performance comparison of 0.150.0 vs 0.151.0 can be found in the attachment below. Raw results for the performance tests can be found in the following files:
Manifest Property Changes
Gorouter
Note: Gorouter now provides its address from BOSH via Links