Releases · pivotal/credhub-release

Enhance BBR backup and restore functionality
- Backup and restore now works with non-local databases
- Backup and restore now supports PostgreSQL 9.4 and MariaDB 10.1
- Backup and restore respect configured settings for database TLS connection
- Backup and restore works with multi-instance deployments
Update API to allow static username to be set via BOSH manifest
Enable regeneration of user type credentials

Dependency Updates

Bumped OpenJDK from 1.8.0_131 to 1.8.0_141
Bumped Spring Boot from 1.4.6 to 1.5.6

Bug Fixes

Resolved BBR backup and restore failures in v1.2.0 due to package version incompatibility

Known Issues

CredHub must be restarted after a BBR restore on a new installation. Before restarting the application, you will see an encryption key mismatch error.

Changes from v1.2.0

Assets 3

18 Aug 20:36

pcf-sec-eng-bot

1.0.4

80c5407

1.0.4

Dependency Updates

Bumped OpenJDK from 1.8.0_131 to 1.8.0_141
Bumped Spring Boot from 1.4.6 to 1.4.7

Changes from v1.0.3

Assets 3

28 Jul 18:04

pcf-sec-eng-bot

1.2.0

52cf20b

1.2.0

Known Issues

BBR backup and restore fails in v1.2.0 due to package version incompatibility. Please upgrade to 1.3.0 to resolve this issue.

Notices

Credential names now must only contain alpha, numeric, forward slash, dash and underscore characters. Existing credentials with disallowed characters will remain accessible, but cannot be updated. The below scripts will identify any credentials in your environment with disallowed characters.

Mac and Linux

credhub find --output-json | jq -r '.credentials[].name' | grep -E '[^A-Za-z0-9\_\/\-]+'

Windows Powershell

.\credhub.exe f /output-json | jq -r credentials[].name | select-string -pattern "[^A-Za-z0-9\/_\-]+"

New Features

Credential names now must contain only alpha, numeric, forward slash, dash and underscore characters
Certificate generation now enforces maximum field lengths per x509 spec

Bug Fixes

CVE-2017-8038 Interpolate endpoint was not appropriately respecting credential ACLs

Changes from v1.1.2

Assets 3

18 Jul 23:32

ishustava

1.1.2

a804d22

1.1.2

Bug fix

Incorrect version displayed at /info endpoint

Changes from v1.1.1

Application commit log (no change)
Release commit log (no change)

NOTE: Release has been removed due to bug. Please use release version 1.2.0.

Assets 2

12 Jul 19:39

ishustava

1.1.1

a804d22

1.1.1

Bug Fix

Fixed job template rendering error which affected bosh create-env deployments

Changes from v1.1.0

Application commit log (no change)
Release commit log

NOTE: Release has been removed due to bug. Please use release version 1.2.0.

Assets 2

12 Jul 18:47

pcf-sec-eng-bot

1.1.0

beb5613

1.1.0

Notices

Users of Postgres databases must provide a valid tls_ca for their connection or disable TLS prior to deploying this version.
The TLS CA of UAA must be provided in the manifest at authentication.uaa.ca_certs prior to deployment

New Features

Mutual TLS is now supported for application authentication - more here
ACL authorization is now supported for automation use-cases, such as the secure service credential architecture. This is currently disabled by default.
- Supported authenticated identities
  - UAA password grant
  - UAA client credentials grant
  - Mutual TLS application
- Supported credential operations
  - read
  - write
  - delete
  - read_acl
  - write_acl
Multi-instance deployments are now supported
Postgres database connections now support TLS (enabled by default)
Tomcat chooses cipher suite order during TLS negotiation
JVM max heap size is configurable via deployment manifest property
Tomcat can now be configured to enable Java 7 supported CBC ciphers (disabled by default)
Bouncy Castle updated from 1.52 to 1.57

Changes from v1.0.0

NOTE: Release has been removed due to bug. Please use release version 1.1.1.

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Releases: pivotal/credhub-release

1.3.2

1.0.6

1.3.1

1.0.5

1.3.0

1.0.4

1.2.0

1.1.2

1.1.1

1.1.0