1200.14

Note

• The patch needs to be installed & enabled manually as it wasn't available via Windows Update when the patch was initially shipped. See instructions for installing the patch

Improvements

• Intended for use with KB4056898 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.

Fixes

• Mitigates CVE-2018-1197: GCP Metadata Endpoint Accessible from Application Containers on Windows
• Fixes issue with OpenSSH 0.0.24

1200.13

Note

• The patch needs to be installed & enabled manually as it wasn't available via Windows Update when the patch was initially shipped. See instructions for installing the patch

Improvements

• Intended for use with KB4056898 that addresses Microsoft's guidance for protection against speculative execution side-channel vulnerabilities. Please see Microsoft's Known Issues that apply to their patch.

1200.11

Note

• Due to current CPI limitations, vSphere Stemcells are NOT able to resize their root disk on creation.
• Azure CPI v26+ sets the root disk size to a minimum value of 128GB. A larger disk size can be set in the BOSH cloud config.

Features

• For Azure, GCP & AWS Windows Stemcells, the root disk (C Drive) will be automatically resized on creation to the disk size specified in BOSH cloud config.

Improvements

• Intended for use with December Microsoft security updates

1200.10

Note

• You must use stembuild version 0.13 when creating a 1200.10 stemcell by hand.

Features

• AWS stemcells repartition to use entire root disk size as specified in BOSH cloud config.
• Stemcell adds support for multiple CPIs ( Set stemcell_formats in stemcell.MF )

Improvements

• Intended for use with November Microsoft security updates
• Updated OpenSSH to 0.0.22

Fixes

• The BOSH Agent uses a lock file to ensure that DNS resolvers are updated only on first startup.

1200.8

• BOSH Agent: Disables port 5985 for WinRM by default.
• Fixes an issue where an empty cloud config would remove all DNS resolvers from a Windows host.
• Fix for IPsec add-on

1200.7

• BOSH Agent timeout fix for high ESX workload scenarios.
• Intended for 2017 Oct Windows Updates roll-up (KB4041685).

1200.6

• Includes CIS MS-L1 v2.2.1 security hardening.
• The security policies disable RDP by default. If you would like to enable RDP, use the enable_rdp job in the windows-utilities-release (version 0.4.0 or greater).
• Fixes an issue in the BOSH Agent regarding DNS resolvers that can cause application downtime when a BOSH Director is unavailable (e.g. during upgrades) when deployed on Cloud Foundry.

Known Issues

• In the case of an empty cloud config, the Windows host DNS list will be cleared on BOSH Agent restarts.
• CIS policies break the IPsec bosh add-on.

1200.5

• Install-CFFeatures is now Install-CFFeatures2012.
• BOSH Agent randomizes password for Administrator user on bootup. If you need to set the password, use the set_password job in the windows-utilities-release.
• Removes Windows Defender for all IaaSes in Windows Server 2016/1709
• No longer installs Docker on Windows 2016/1709

1200.4

General Notes:

• The BOSH-Agent now disables automatic updates during its bootstrap process.
• Do not remove Powershell-ISE when building stemcell.
• Added better error checking when applying group policies.
• Intended for 2017 Sep Windows Updates roll-up.

GCP 2016:

• Set smaller MTU of network interfaces created by Docker

Windows 1709

• Skip sysprep until official 1709 build is available due to bug in insider build

1200.3

What’s changed since 1200.0:

• Agent backs off exponentially when unable to reach the director, moving from 5 seconds to 160 seconds over 6 connection attempts to reduce the impact on small-footprint BOSH VMs (resolves cloudfoundry/bosh-agent#137).
• BOSH SSH is now supported as a beta feature. Users can enable connecting to a cmd session using the bosh ssh command by running the relevant job from windows-utilities-release.
• Fixed an issue where jobs were being stopped synchronously rather than concurrently, preventing stop scripts that waited on other stop scripts from ever finishing.
• Fixed an issue where jobs that failed to start on the first attempt weren’t being retried.
• Other minor bug fixes and performance improvements.