Releases: cloudfoundry/bosh-windows-stemcell-builder
Releases · cloudfoundry/bosh-windows-stemcell-builder
1709.4
Note
- The Meltdown & Spectre patch needs to be enabled for it to be functional. See instructions for enabling the patch
Improvements
- Intended for use with March 2018 Microsoft security updates
- Intended for use with KB4056892 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.
1200.16
Note
- The patch needs to be installed & enabled manually as it wasn't available via Windows Update when the patch was initially shipped. See instructions for installing the patch
Improvements
- Intended for use with March 2018 Microsoft security updates
- Increase Window's Service Start timeout Tracker Story
- Intended for use with KB4056898 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.
1709.3
Note
- The Meltdown & Spectre patch needs to be enabled for it to be functional. See instructions for enabling the patch
Improvements
- Intended for use with February 2018 Microsoft security updates
- Intended for use with KB4056892 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.
Fixes
- Fix BOSH ssh when stemcell is operating as a Diego Cell
1200.15
Note
- The patch needs to be installed & enabled manually as it wasn't available via Windows Update when the patch was initially shipped. See instructions for installing the patch
Improvements
- Intended for use with February 2018 Microsoft security updates
- Intended for use with KB4056898 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.
1200.14
Note
- The patch needs to be installed & enabled manually as it wasn't available via Windows Update when the patch was initially shipped. See instructions for installing the patch
Improvements
- Intended for use with KB4056898 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.
Fixes
- Mitigates CVE-2018-1197: GCP Metadata Endpoint Accessible from Application Containers on Windows
- Fixes issue with OpenSSH 0.0.24
1200.13
Note
- The patch needs to be installed & enabled manually as it wasn't available via Windows Update when the patch was initially shipped. See instructions for installing the patch
Improvements
- Intended for use with KB4056898 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.
1200.11
Note
- Due to current CPI limitations, vSphere Stemcells are NOT able to resize their root disk on creation.
- Azure CPI v26+ sets the root disk size to a minimum value of 128GB. A larger disk size can be set in the BOSH cloud config.
Features
- For Azure, GCP & AWS Windows Stemcells, the root disk (C Drive) will be automatically resized on creation to the disk size specified in BOSH cloud config.
Improvements
- Intended for use with December Microsoft security updates
1200.10
Note
- You must use stembuild version 0.13 when creating a 1200.10 stemcell by hand.
Features
- AWS stemcells repartition to use entire root disk size as specified in BOSH cloud config.
- Stemcell adds support for multiple CPIs ( Set stemcell_formats in stemcell.MF )
Improvements
- Intended for use with November Microsoft security updates
- Updated OpenSSH to 0.0.22
Fixes
- The BOSH Agent uses a lock file to ensure that DNS resolvers are updated only on first startup.
1200.8
- BOSH Agent: Disables port 5985 for WinRM by default.
- Fixes an issue where an empty cloud config would remove all DNS resolvers from a Windows host.
- Fix for IPsec add-on
1200.7
- BOSH Agent timeout fix for high ESX workload scenarios.
- Intended for 2017 Oct Windows Updates roll-up (KB4041685).