0.175.0

Release Highlights

• Operators can now configure the manifest property router.sanitize_forwarded_proto: true to sanitize the X-Forwarded-Proto HTTP header in a request when router.force_forwarded_proto_https is set to false. We recommend setting the property to true if the Gorouter is the first component to terminate TLS, and setting it to false when your load balancer is terminating TLS and setting the X-Forwarded-Proto header details

Bug fixes:

• Fixed an issue where the Gorouter was temporarily(for 30 seconds) removing backends from the pool of available backends when a downstream client closes the connection while the request is still being processed. This could lead to temporary application unavailability details
• Fixed a bug where request_timeout_in_seconds was being set per connection and not per request, leading to requests timing out while the request is still being processed details
• Fixed a bug where the router was temporarily(for 30 seconds) not removing a backend from the pool of available backends when a backend application instance was misbehaving (e.g. closing the connection or crashing). Operators would see 502 errors in the Gorouter logs details

Golang update:

• Gorouter and dependencies have been updated to Golang 1.10.1 details

Manifest Property Changes

0.174.0	0.175.0	Default Value
did not exist	router.sanitize_forwarded_proto	false

0.174.0

Release Highlights

• When a connection to a TLS enabled backend fails, Gorouter tries to send a request to another backend of the app before returning a response to the client. In an environment where some backends are TLS enabled and some are not, if the Gorouter first chooses a TLS enabled backend and fails, and if it subsequently chooses a non TLS backend, then it will appropriately use a plain text request. details

Manifest Property Changes

• No manifest property changes

0.173.0

Release Highlights

• Previously if an operator sets router.disable_http: true in the Gorouter manifest, requests for a route bound to a route service running as an app on the platform would return a 502. This has now been fixed, route services will work as expected when router.disable_http: true details
• Golang version updated from 1.9.1 to 1.9.4 details

Manifest Property Changes

• No manifest property changes

0.172.0

Release Highlights

• Fixes vulnerability https://www.cloudfoundry.org/blog/cve-2018-1221/
• We now accept a list and a range of ports for reservable ports for TCP routing. Details here

0.171.0

Release Highlights

• Gorouter now supports websocket connections to backend applications for routes registered with tls_ports details
• routing-release now enables operators to expose available UAA clients via BOSH links in cf-deployment details
• We see a performance degradation in this release, on further investigation we are confident this is not related to routing-release changes or stemcell changes. This strongly suggests it might be due to underlying IaaS performance. We see a 10% decrease in peak latency from 4150 requests/s to 3750 requests/s and an increase in latency at throughput above 2750 requests/s.

Manifest Property Changes

• No manifest property changes

0.170.0

Release Highlights

• Fix for RATs failure with CF CLI 6.33.1 details
• The performance report included with this release shows a performance degradation since the last release. This can be attributed to the hypervisor patches on AWS and the BOSH stemcell patch for Meltdown. On our test environment we observed less than a 5% decrease in peak throughput from 4300 requests/s to 4150 requests/s, and latency increased marginally at throughput levels of 3500 requests/s and more.

Manifest Property Changes

• No manifest property changes

0.169.0

Release Highlights

• Gorouter now emits a metric total_dropped_messages that gives the total number of messages dropped by the NATs client details
• Gorouter now emits a metric buffered_messages that gives the size of the number of messages in the NATs client buffer details
• In 0.168.0 support was added to Gorouter for three configurable behaviors regarding validation of client certificates. In this release the default was changed from none to request details

Manifest Property Changes

router

0.168.0	0.169.0	Default Value
'router.client_cert_validation`	default changed	Changed to request from none

0.168.0

Release Highlights

• Gorouter now immediately prunes backends registered with tls_port when TLS handshake fails because backend doesn't support TLS details
• Gorouter now supports three configurable behaviors regarding validation of client certificates: validation disabled, validate if present but not required, and client cert required details

Manifest Property Changes

router

0.167.0	0.168.0	Default Value
did not exist	router.client_cert_validation	none. The default will be changed to request in the next version.

0.167.0

Release Highlights

• Routing Acceptance Tests no longer leak verbose-level output details
• Routes registered with tls_port and server_cert_domain_san are only pruned when validation of application identity (using server_cert_domain_san) fails details
• Route registrar now supports registration of backends with TLS; this causes Gorouter to initiate TLS sessions with backends details
• README updated with documentation explaining log levels details
• Operator may now disable writing access logs locally using the router.write_access_logs_locally property details
• Gorouter now depends on the bosh logrotate cron job details

Manifest Property Changes

router

0.166.0	0.167.0	Default Value
router.logrotate.freq_min	removed
router.logrotate.rotate	removed
router.logrotate.size	removed
did not exist	router.write_access_logs_locally	true

route-registrar

0.166.0	0.167.0	Default Value
route_registrar.routes	Objects in the routes array now support optional fields tls_port and server_cert_domain_san

0.166.0

Release Highlights

• Routing API can now be backed up and restored using BOSH Backup & Restore (epic)
• Routing API now supports TLS to database details
• Routing API no longer supports migration from etcd details
• Gorouter now logs a 499 status code when client connection disconnected before response sent details
• Route Integrity (In progress) (epic)

Manifest Property Changes

routing_api

0.165.0	0.166.0	Default Value
routing_api.etcd.servers	no longer supported
routing_api.etcd.client_cert	no longer supported
routing_api.etcd.client_key	no longer supported
routing_api.etcd.ca_cert	no longer supported
routing_api.etcd.require_ssl	no longer supported
did not exist	routing_api.sqldb.ca_cert
did not exist	routing_api.admin_port	15897
did not exist	release_level_backup	false