-
Notifications
You must be signed in to change notification settings - Fork 21
/
windows-stemcell-v1200x.html.md.erb
144 lines (96 loc) · 7.36 KB
/
windows-stemcell-v1200x.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
---
title: Stemcell v1200.x (Windows 2012R2) Release Notes
owner: Windows
---
This topic includes release notes for Windows stemcells used with Pivotal Application Service (PAS) for Windows 2012R2.
To download a stemcell, see the [Stemcells for PCF (Windows)](https://network.pivotal.io/products/stemcells-windows-server) on Pivotal Network.
## <a id="1200.14"></a>1200.14
**Release Date**: February 13, 2018
* [Bug Fix] Fixes issue with OpenSSH 0.0.24
* For vSphere, you must install the patch manually because it was not available through Windows Update when the patch was initially shipped. In addition, you must manually enable the patch. See <a href="https://github.com/cloudfoundry-incubator/bosh-windows-stemcell-builder/wiki/Creating-a-vSphere-Stemcell-by-Hand">Creating a vSphere Stemcell by Hand</a> for information about installing the patch.
## <a id="1200.13"></a>1200.13
**Release Date**: January 17, 2018
* This stemcell is intended for use with <a href="https://support.microsoft.com/en-gb/help/4056898/windows-81-update-kb4056898">KB4056898</a>, which includes security improvements that address <a href="https://support.microsoft.com/en-gb/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution">speculative execution side-channel vulnerabilities</a>. See Microsoft's <a href="https://support.microsoft.com/en-us/help/4056898/windows-81-update-kb4056898">Known Issues</a> for this patch.
* For vSphere, you must install the patch manually because it was not available through Windows Update when the patch was initially shipped. In addition, you must manually enable the patch. See <a href="https://github.com/cloudfoundry-incubator/bosh-windows-stemcell-builder/wiki/Creating-a-vSphere-Stemcell-by-Hand">Creating a vSphere Stemcell by Hand</a> for information about installing the patch.
## <a id="1200.11"></a>1200.11
**Release Date**: December 22, 2017
* For Azure, GCP & AWS Windows Stemcells, the root disk (C Drive) will be automatically resized on creation to the disk size specified in BOSH cloud config. Due to current CPI limitations, vSphere Stemcells are NOT able to resize their root disk on creation.
* Intended for use with December Microsoft security updates.
## <a id="1200.10"></a>1200.10
**Release Date**: December 19, 2017
* You must use <a href="https://github.com/pivotal-cf-experimental/stembuild/releases/tag/0.13">stembuild version 0.13</a> when creating a 1200.10 stemcell by hand.
* AWS stemcells repartition to use entire root disk size as specified in BOSH cloud config.
* Stemcell adds support for multiple CPIs. You can now set `stemcell_formats` in stemcell.MF.
* Intended for use with November Microsoft security updates.
* Updated OpenSSH to 0.0.22.
* The BOSH Agent uses a lock file to ensure that DNS resolvers are updated only on first startup.
## <a id="1200.8"></a>1200.8
**Release Date**: November 10, 2017
* BOSH Agent: Disables port 5985 for WinRM by default.
* [Bug Fix] Fixes an issue where an empty cloud config would remove all DNS resolvers from a Windows host.
* [Bug Fix] Fix for IPsec add-on.
### Known Issues
* File `updates.txt` is not generated for 2016/1709 stemcells.
## <a id="1200.7"></a>1200.7
**Release Date**: October 23, 2017
* [Bug Fix] BOSH Agent timeout fix for high ESX workload scenarios.
* Intended for 2017 Oct Windows Updates roll-up (KB4041685).
## <a id="1200.6"></a>1200.6
**Release Date**: October 18, 2017
* [Security Improvement] Includes [CIS MS-L1 v2.2.1](https://www.cisecurity.org/cis-benchmarks/) security hardening.
* [Security Improvement] The security policies disable RDP by default. To enable RDP, use the `enable_rdp` job in the [windows-utilities-release](https://github.com/cloudfoundry-incubator/windows-utilities-release) (version 0.4.0 or greater).
* [Bug Fix] Fixes an issue in the BOSH Agent regarding DNS resolvers that can cause application downtime when a BOSH Director is unavailable (e.g. during upgrades) when deployed on Cloud Foundry.
### Known Issues
* In the case of an empty cloud config, the Windows host DNS list will be cleared on BOSH Agent restarts.
* CIS policies break the IPsec add-on.
## <a id="1200.5"></a>1200.5
**Release Date**: October 11, 2017
* Install-CFFeatures is now Install-CFFeatures2012.
* [Security Improvement] BOSH Agent randomizes password for Administrator user on bootup. To set the password, use the `set_password` job in the [windows-utilities-release](https://github.com/cloudfoundry-incubator/windows-utilities-release).
* Removes Windows Defender for all IaaSes in Windows Server 2016/1709.
* [Improvement] No longer installs Docker on Windows 2016/1709.
## <a id="1200.4"></a>1200.4
**Release Date**: September 14, 2017
* The BOSH-Agent now disables automatic updates during its bootstrap process.
* Do not remove Powershell-ISE when building stemcell.
* Added better error checking when applying group policies.
* Intended for 2017 Sep Windows Updates roll-up.
* Sets smaller MTU of network interfaces created by Docker on GCP for Windows 2016.
* Skip sysprep until official Windows 1709 build is available due to bug in insider build.
## <a id="1200.3"></a>1200.3
**Release Date**: August 22, 2017
* Agent backs off exponentially when unable to reach the director, moving from 5 seconds to 160 seconds over 6 connection attempts, to reduce the impact on small-footprint BOSH VMs. This resolves BOSH Agent [Open Issue #137](https://github.com/cloudfoundry/bosh-agent/issues/137).
* BOSH SSH is now supported as a beta feature. Users can enable connecting to a cmd session using the `bosh ssh` command by running the relevant job from windows-utilities-release.
* Fixed an issue where jobs were being stopped synchronously rather than concurrently, preventing stop scripts that waited on other stop scripts from ever finishing.
* Fixed an issue where jobs that failed to start on the first attempt weren't being retried.
* Other minor bug fixes and performance improvements.
## <a id="1200.0"></a>1200.0
**Release Date**: July 14, 2017
* Includes July 2017 Windows Security Updates.
* Fixes an error where Windows stemcells were incompatible with bosh director setting 'enable\_nats\_delivered\_templates' set to true.
* Fixed startup issue on GCP.
* Fixed issue where the Windows Agent would reset DNS settings whenever the HTTPMetadataService was invoked on AWS.
* Upgrades included .NET version to 4.7.
## <a id="1079.0"></a>1079.0
**Release Date**: June 5, 2017
* Based on Windows Server 2012R2.
* Includes .NET Framework 4.6.1.
* Available for AWS, GCP, and Azure.
* Includes all Windows Updates and security patches up through April 2017.
* To be used with Pivotal Cloud Foundry (PCF) Runtime for Windows v1.9.3+, v1.10.2+, and v1.11.0.
## <a id="1056.1"></a>1056.1
**Release Date**: June 1, 2017
* Based on Windows Server 2012R2.
* Includes .NET Framework 4.6.1.
* Available for AWS, GCP, and Azure.
* Includes all Windows Updates and security patches up through March 2017.
* To be used with Pivotal Cloud Foundry (PCF) Runtime for Windows v1.9.0, v1.9.1, v1.9.2, v1.10.0, v1.10.1.
## <a id="1056.0"></a>1056.0
**Release Date**: April 5, 2017
* Based on Windows Server 2012R2.
* Includes .NET Framework 4.6.1.
* Available for AWS, GCP, and Azure.
* Includes all Windows Updates and security patches up through March 2017.
* To be used with Pivotal Cloud Foundry (PCF) Runtime for Windows v1.9.0, v1.9.1, v1.9.2, v1.10.0, v1.10.1.
### Known Limitations
* Does not support BOSH SSH or persistent disks.