1. cf-dev@lists.cloudfoundry.org
  2. Messages
   Date   
routing-release 0.189.0

Aidan Obley <aobley@...>
 

Hello cf-dev!

We have cut routing-release 0.189.0.

This release includes several fixes and improvements. Notably, this release encrypts the control plane interactions with the routing-api.

Release Highlights

  • Gorouter is configurable to prune with TTL when using TLS to validate backend identity. This is a temporary mitigation of an issue where a route deregistration message is lost details
  • gorouter_ctl runs correctly on Xenial stemcells details
  • Operator can configure routing-api to support mTLS connections details
  • Routing API provides a bosh link that route registrar consumes to enable mTLS with the routing api details
  • Operator can configure route-registrar to communicate over mTLS to routing-api details
  • gorouter consumes Routing-API Link for mtls properties details
  • Operator can configure gorouter to fetch routes over mTLS from routing-api details
  • TCP Router consumes Routing-API Link for mtls properties details
  • Operator can configure tcp-router to communicate over mTLS to routing-api details
  • Route registrar route_registrar.routing_api.skip_ssl_validation property is now correctly applied details
  • Operator can to configure gorouter with client certs for route services details
  • cloudfoundry/routing-release #146: Deploy does not fail when required property server_cert_domain_san is not configured details

Manifest Property Changes

Job Property 0.188.0 Default 0.189.0 Default
gorouter router.route_services.cert_chain did not exist undefined
gorouter router.route_services.private_key did not exist undefined
gorouter routing_api.uri http://routing-api.service.cf.internal https://routing-api.service.cf.internal
gorouter routing_api.port 3000 from routing_api link
gorouter routing_api.ca_certs did not exist from routing_api link
gorouter routing_api.cert_chain did not exist from routing_api link
gorouter routing_api.private_key did not exist from routing_api link
gorouter router.prune_all_stale_routes did not exist false
gorouter router.set_kernel_parameters did not exist true
route_registrar route_registrar.logging_level did not exist info
route_registrar route_registrar.routing_api.api_url http://routing-api.service.cf.internal:3000 https://routing-api.service.cf.internal:3001
route_registrar route_registrar.routing_api.client_cert did not exist from routing_api link
route_registrar route_registrar.routing_api.client_private_key did not exist from routing_api link
route_registrar route_registrar.routing_api.server_ca_cert did not exist from routing_api link
routing-api routing_api.enabled_api_endpoints did not exist “both”
routing-api routing_api.mtls_port did not exist 3001
routing-api routing_api.mtls_ca did not exist generated by credhub
routing-api routing_api.mtls_server_cert did not exist generated by credhub
routing-api routing_api.mtls_server_key did not exist generated by credhub
routing-api routing_api.mtls_client_cert did not exist generated by credhub
routing-api routing_api.mtls_client_key did not exist generated by credhub
routing-api consul.servers http://127.0.0.1:8500 removed property
routing-api routing_api.skip_consul_lock false removed property
tcp_router routing_api.uri http://routing-api.service.cf.internal https://routing-api.service.cf.internal
tcp_router routing_api.port 3000 from routing_api link
tcp_router routing_api.client_cert did not exist from routing_api link
tcp_router routing_api.client_private_key did not exist from routing_api link
tcp_router routing_api.ca_cert did not exist from routing_api link

Regards,
The Networking Program
Update to CF-Deployment v10.0 scope #cf

Saikiran Yerram
 

Good day everyone,

We have an update on the scope for CF-Deployment v10.0. We are postponing BOSH Service discovery to the next major release. The changes require additional validation and will not be ready for v10 release. I have updated the scope doc accordingly. 

https://docs.google.com/document/d/1qWaFHcquPUaWrVWndJuWt-W_niflN2p4aVqvqy2EyM4/edit#

Please let me know if you have any questions.
Re: Running UAA on Kubernetes behind TLS-enabled ingress controller #uaa

Filip Hanik
 

request.getScheme() can return https properly if you configure the web server (Tomcat/Jetty) to trust the headers X-Forwarded-Proto based on the IP address of the proxy server.

If you're using uaa-release, you can configure

This will ensure that https is returned and line 44 is never invoked.
Filip

On Tue, Jul 16, 2019 at 9:09 AM Enrique Cano <enrique.canocarballar@...> wrote:
Hi

We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http.
The issue we are facing is that the URLs UAA will return to the browser during the OAuth handshake include http instead of https. When we set X-Forwarded-Proto to "https" at the ingress controller, then the returned URLs contain https, but the port is set to 443. We believe this is because of this line of code: https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/FixHttpsSchemeRequest.java#L44
Is there another way of doing this? Basically, instead of redirecting to http://url:8080, we want a redirection to https://url:8443. Currently, what we get is https://url with the X-Forwarded-Proto header set to "https".

Many thanks in advance

Enrique.

FINAL REMINDER: CAB call for July is next week Wednesday 17th @ 8a Pacific

Michael Maximilien
 

FYI... see below

——
Hi, all,
 
Reminder that the CAB call [0] for July 2019 is next Wednesday 17th @ 8a Pacific.
 
We will have regular highlights, QAs, as well as two planned talks:
 
1. External DNS Connector for Cloud Foundry [1] by David Grizzanti of Comcast
2. Stratos UI Update - now with Kubernetes support [2] by Neil MacDougall of SUSE
 
Please note that talk 1 was in previous agenda but had to be postponed.
 
All other info in agenda [0]. Zoom soon. Best,
 
Running UAA on Kubernetes behind TLS-enabled ingress controller #uaa

Enrique Cano
 

Hi

We are running UAA behind an ingress controller on Kubernetes. The connection to the ingress controller is https on a port other than 443 e.g. 8443. The connection to UAA pod is http.
The issue we are facing is that the URLs UAA will return to the browser during the OAuth handshake include http instead of https. When we set X-Forwarded-Proto to "https" at the ingress controller, then the returned URLs contain https, but the port is set to 443. We believe this is because of this line of code: https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/security/web/FixHttpsSchemeRequest.java#L44
Is there another way of doing this? Basically, instead of redirecting to http://url:8080, we want a redirection to https://url:8443. Currently, what we get is https://url with the X-Forwarded-Proto header set to "https".

Many thanks in advance

Enrique.
Re: Security feed not updating

Chip Childers <cchilders@...>
 

Pivotal doesn't have access. The CFF web team resolved this issue a week ago. Thanks! 


On Mon, Jul 15, 2019 at 6:09 PM Emily Foster <efoster@...> wrote:
Hi Lee,

I'm forwarding your message along to the Pivotal security team to take a look.

Thanks,
Emily

On Tue, Jul 2, 2019 at 12:05 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:
I've seen them on there too, but that's a bit more awkward to put automated monitoring in for.

On Tue, 2 Jul 2019 at 07:28, Dr Nic Williams <drnicwilliams@...> wrote:
Someone else may have a more comprehensive answer, but I’ve seen the CVEs announced on the #security channel on CF slack.

Nic

 
From: cf-dev@... on behalf of Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...>
Sent: Monday, July 1, 2019 10:50 pm
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Security feed not updating
 
Hi,

Has anyone else noticed that https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ is not being updated with new security issues? 

Has it moved? I've not spotted anything via the blog site to indicate either way. We use automated monitoring of this feed to alert us of potential CVEs we need to look at specifically on the platform.

Thanks

Lee

--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292
Re: Security feed not updating

Emily Foster <efoster@...>
 

Hi Lee,

I'm forwarding your message along to the Pivotal security team to take a look.

Thanks,
Emily

On Tue, Jul 2, 2019 at 12:05 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:

I've seen them on there too, but that's a bit more awkward to put automated monitoring in for.

On Tue, 2 Jul 2019 at 07:28, Dr Nic Williams <drnicwilliams@...> wrote:
Someone else may have a more comprehensive answer, but I’ve seen the CVEs announced on the #security channel on CF slack.

Nic

 
From: cf-dev@... on behalf of Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...>
Sent: Monday, July 1, 2019 10:50 pm
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Security feed not updating
 
Hi,

Has anyone else noticed that https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ is not being updated with new security issues? 

Has it moved? I've not spotted anything via the blog site to indicate either way. We use automated monitoring of this feed to alert us of potential CVEs we need to look at specifically on the platform.

Thanks

Lee

--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292
IMPORTANT NOTICE: [go-buildpack] End of support for Go versions 1.11.x after 2019-08-10

Elliott Shanks
 

The first release of the Go buildpack after August 10, 2019 will no longer include Go versions 1.11.x These Go versions will no longer be supported upstream. Please migrate your Go apps to supported versions of Go before that time.


Note: Unless you are manually specifying a version of Go for the buildpack to use, or you have customized your Go buildpack, no action is required.


Thanks,

Elliott Shanks, CF Buildpacks PM
IMPORTANT NOTICE: [php-buildpack] End of support for nginx versions 1.15.x after 2019-08-10

Elliott Shanks
 

The first release of the PHP buildpack after August 10, 2019 will no longer include nginx versions 1.15.x. These nginx versions are no longer supported upstream. Please migrate your PHP apps to supported versions of nginx before that time.


In addition, the default version of nginx will be bumped to 1.17.x at this time.


Note: Unless you are manually specifying a version of nginx for the buildpack to use, or you have customized your PHP buildpack, no action is required.


Thanks,

Elliott Shanks, CF Buildpacks PM
IMPORTANT NOTICE: [staticfile-buildpack] End of support for nginx versions 1.15.x after 2019-08-10

Elliott Shanks
 

The first release of the staticfile buildpack after August 10, 2019 will no longer include nginx versions 1.15.x. These nginx versions are no longer supported upstream. Please migrate your staticfile apps to supported versions of nginx before that time.


In addition, the default version of nginx will be bumped to 1.17.x at this time.


Note: Unless you are manually specifying a version of nginx for the buildpack to use, or you have customized your staticfile buildpack, no action is required.


Thanks,

Elliott Shanks, CF Buildpacks PM
IMPORTANT NOTICE: [r-buildpack] End of support for R versions 3.4.x and 3.5.x after 2019-08-10

Elliott Shanks
 

The first release of the R buildpack after August 10, 2019 will no longer include R versions 3.4.x and 3.5.x. These R versions are no longer supported upstream. Please migrate your R apps to supported versions of R before that time.


Note: Unless you are manually specifying a version of R for the buildpack to use, or you have customized your R buildpack, no action is required.


Thanks,

Elliott Shanks, CF Buildpacks PM
IMPORTANT NOTICE: [dotnet-core-buildpack] End of support for dotnet-runtime versions 1.0.x and 1.1.x after 2019-08-10

Elliott Shanks
 

The first release of the .NET Core buildpack after August 10, 2019 will no longer include dotnet-runtime versions 1.0.x and 1.1.x. These dotnet-runtime versions are no longer supported upstream. Please migrate your .NET Core apps to supported versions of dotnet-runtime before that time.


Note: Unless you are manually specifying a version of dotnet-runtime for the buildpack to use, or you have customized your .NET Core buildpack, no action is required.


Thanks,

Elliott Shanks, CF Buildpacks PM
REMINDER: CAB call for July is next week Wednesday 17th @ 8a Pacific

Michael Maximilien
 

Hi, all,
 
Reminder that the CAB call [0] for July 2019 is next Wednesday 17th @ 8a Pacific.
 
We will have regular highlights, QAs, as well as two planned talks:
 
1. External DNS Connector for Cloud Foundry [1] by David Grizzanti of Comcast
2. Stratos UI Update - now with Kubernetes support [2] by Neil MacDougall of SUSE
 
Please note that talk 1 was in previous agenda but had to be postponed.
 
All other info in agenda [0]. Zoom soon. Best,
 
[2] https://github.com/cloudfoundry-incubator/stratos-ui
CF CLI v6.46.0 Released

Alexander Berezovsky
 

Hey everyone,

The CF CLI team released cf CLI v6.46.0 ; please see release notes for full details.

Highlights Include


Service Instance Upgrade feature

Service authors that have built services using the On-Demand Broker want to allow Service Instances to be upgraded individually after a new version of their Service Broker has been deployed.

Now cf services will inform users that an upgrade is available; running cf service <name> provides additional details. To upgrade a service instance, run cf update-service <name> --upgrade. This flag is in experimental stage and may change without notice.

Users must be on CC API v2.135 to use this feature.

For questions, regarding this feature please reach out to #SAPI on Slack Cloud Foundry. Thank you, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin) who all worked on this feature.

Bugs

  • Fixes cf push remove spin lock in PollStart(). This reduces the CPU time when waiting for apps to start. Also affects cf startcf restart and cf restage story
  • Fixes a documentation url in output story
  • Fixes an issue whereby if you are logged in as a client, the user name was not printed in the output story
  • Targeting a space for cf copy-source is no longer case sensitive story
  • Retry plugin uninstall attempt for windows story

Plugin Updates

  • Updated Log Stream to v0.4.0 story
  • Updated cf-puppeteer to v1.0.0 story

Release Contributors: Brendan Smith, Abby Chau, Andrew Crump, Alexander Berezovsky, Steve Taylor, Simon Seif, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin)

Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.


Thanks,
CF CLI Team
Request for Feedback - Advanced Deployment Strategies support in CAPI

Scott Sisil
 

Hi CF Community,

The CAPI team has been working on a proposal for supporting more advanced deployment strategies in Cloud Foundry. We are looking for feedback from the Cloud Foundry Community on what we have proposed so far.

You can find the proposal here.

Looking forward to hearing from you.

Thanks

Scott Sisil 
CAPI PM 
Re: Security feed not updating

Guillaume Berche
 

Thanks Caitlyn for the fix! This is much appreciated.

Best regards,

Guillaume.


On Tue, Jul 9, 2019 at 9:10 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:

Hi Caitlyn,

I can confirm that all is working at this end.

Thanks for resolving

Lee

On Mon, 8 Jul 2019 at 19:24, Caitlyn O'Connell <coconnell@...> wrote:
Hi folks,

Everything should be in working order now. Check out the link now (https://www.cloudfoundry.org/foundryblog/security-advisory/feed/). Note that you may need to click Shift + Reload to properly refresh the page.

Thanks again for flagging. This is a valuable resource for our community so we want to make sure it's in working order!

Thanks,
Caitlyn

On Mon, Jul 8, 2019 at 11:29 AM Caitlyn O'Connell via Lists.Cloudfoundry.Org <coconnell=cloudfoundry.org@...> wrote:
Hey folks,

Apologies for the delay on this -- I was on vacation. I'm consulting with our web team now to find out what happened to the RSS feed. Thanks for alerting us to this issue! Stay tuned for an update.

Many thanks,
Caitlyn

On Mon, Jul 8, 2019 at 4:30 AM Guillaume Berche <bercheg@...> wrote:
I was also relying on the CFF rss feed, and observed it is now returning an empty stream.

Copying the CFF content team and Dan Janhner from CFF security team in case this email thread got unnoticed and a recent wordpress update/config change broke the CSS feed.

Thanks in advance to them for their help,

Guillaume.


On Tue, Jul 2, 2019 at 9:05 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:
I've seen them on there too, but that's a bit more awkward to put automated monitoring in for.

On Tue, 2 Jul 2019 at 07:28, Dr Nic Williams <drnicwilliams@...> wrote:
Someone else may have a more comprehensive answer, but I’ve seen the CVEs announced on the #security channel on CF slack.

Nic

 
From: cf-dev@... on behalf of Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...>
Sent: Monday, July 1, 2019 10:50 pm
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Security feed not updating
 
Hi,

Has anyone else noticed that https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ is not being updated with new security issues? 

Has it moved? I've not spotted anything via the blog site to indicate either way. We use automated monitoring of this feed to alert us of potential CVEs we need to look at specifically on the platform.

Thanks

Lee

--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292
‪020 3920 6036‬
Re: Security feed not updating

Lee Porte
 

Hi Caitlyn,

I can confirm that all is working at this end.

Thanks for resolving

Lee

On Mon, 8 Jul 2019 at 19:24, Caitlyn O'Connell <coconnell@...> wrote:
Hi folks,

Everything should be in working order now. Check out the link now (https://www.cloudfoundry.org/foundryblog/security-advisory/feed/). Note that you may need to click Shift + Reload to properly refresh the page.

Thanks again for flagging. This is a valuable resource for our community so we want to make sure it's in working order!

Thanks,
Caitlyn

On Mon, Jul 8, 2019 at 11:29 AM Caitlyn O'Connell via Lists.Cloudfoundry.Org <coconnell=cloudfoundry.org@...> wrote:
Hey folks,

Apologies for the delay on this -- I was on vacation. I'm consulting with our web team now to find out what happened to the RSS feed. Thanks for alerting us to this issue! Stay tuned for an update.

Many thanks,
Caitlyn

On Mon, Jul 8, 2019 at 4:30 AM Guillaume Berche <bercheg@...> wrote:
I was also relying on the CFF rss feed, and observed it is now returning an empty stream.

Copying the CFF content team and Dan Janhner from CFF security team in case this email thread got unnoticed and a recent wordpress update/config change broke the CSS feed.

Thanks in advance to them for their help,

Guillaume.


On Tue, Jul 2, 2019 at 9:05 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:
I've seen them on there too, but that's a bit more awkward to put automated monitoring in for.

On Tue, 2 Jul 2019 at 07:28, Dr Nic Williams <drnicwilliams@...> wrote:
Someone else may have a more comprehensive answer, but I’ve seen the CVEs announced on the #security channel on CF slack.

Nic

 
From: cf-dev@... on behalf of Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...>
Sent: Monday, July 1, 2019 10:50 pm
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Security feed not updating
 
Hi,

Has anyone else noticed that https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ is not being updated with new security issues? 

Has it moved? I've not spotted anything via the blog site to indicate either way. We use automated monitoring of this feed to alert us of potential CVEs we need to look at specifically on the platform.

Thanks

Lee

--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292
‪020 3920 6036‬
Using X.509 certificates as a mechanism for OAuth client authentication #uaa

brian.sung@...
 

I do not think UAA currently supports the draft-ietf-oauth-mtls-04 to use a TLS client certificate instead of using client-id/client-secret to authenticate the OAuth client.

Is this or something similar on UAA's future roadmap? 

 
Re: Security feed not updating

Caitlyn O'Connell <coconnell@...>
 

Hi folks,

Everything should be in working order now. Check out the link now (https://www.cloudfoundry.org/foundryblog/security-advisory/feed/). Note that you may need to click Shift + Reload to properly refresh the page.

Thanks again for flagging. This is a valuable resource for our community so we want to make sure it's in working order!

Thanks,
Caitlyn

On Mon, Jul 8, 2019 at 11:29 AM Caitlyn O'Connell via Lists.Cloudfoundry.Org <coconnell=cloudfoundry.org@...> wrote:

Hey folks,

Apologies for the delay on this -- I was on vacation. I'm consulting with our web team now to find out what happened to the RSS feed. Thanks for alerting us to this issue! Stay tuned for an update.

Many thanks,
Caitlyn

On Mon, Jul 8, 2019 at 4:30 AM Guillaume Berche <bercheg@...> wrote:
I was also relying on the CFF rss feed, and observed it is now returning an empty stream.

Copying the CFF content team and Dan Janhner from CFF security team in case this email thread got unnoticed and a recent wordpress update/config change broke the CSS feed.

Thanks in advance to them for their help,

Guillaume.


On Tue, Jul 2, 2019 at 9:05 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:
I've seen them on there too, but that's a bit more awkward to put automated monitoring in for.

On Tue, 2 Jul 2019 at 07:28, Dr Nic Williams <drnicwilliams@...> wrote:
Someone else may have a more comprehensive answer, but I’ve seen the CVEs announced on the #security channel on CF slack.

Nic

 
From: cf-dev@... on behalf of Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...>
Sent: Monday, July 1, 2019 10:50 pm
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Security feed not updating
 
Hi,

Has anyone else noticed that https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ is not being updated with new security issues? 

Has it moved? I've not spotted anything via the blog site to indicate either way. We use automated monitoring of this feed to alert us of potential CVEs we need to look at specifically on the platform.

Thanks

Lee

--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.
Re: Security feed not updating

Caitlyn O'Connell <coconnell@...>
 

Hey folks,

Apologies for the delay on this -- I was on vacation. I'm consulting with our web team now to find out what happened to the RSS feed. Thanks for alerting us to this issue! Stay tuned for an update.

Many thanks,
Caitlyn

On Mon, Jul 8, 2019 at 4:30 AM Guillaume Berche <bercheg@...> wrote:
I was also relying on the CFF rss feed, and observed it is now returning an empty stream.

Copying the CFF content team and Dan Janhner from CFF security team in case this email thread got unnoticed and a recent wordpress update/config change broke the CSS feed.

Thanks in advance to them for their help,

Guillaume.


On Tue, Jul 2, 2019 at 9:05 AM Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...> wrote:
I've seen them on there too, but that's a bit more awkward to put automated monitoring in for.

On Tue, 2 Jul 2019 at 07:28, Dr Nic Williams <drnicwilliams@...> wrote:
Someone else may have a more comprehensive answer, but I’ve seen the CVEs announced on the #security channel on CF slack.

Nic

 
From: cf-dev@... on behalf of Lee Porte via Lists.Cloudfoundry.Org <lee.porte=digital.cabinet-office.gov.uk@...>
Sent: Monday, July 1, 2019 10:50 pm
To: Discussions about Cloud Foundry projects and the system overall.
Subject: [cf-dev] Security feed not updating
 
Hi,

Has anyone else noticed that https://www.cloudfoundry.org/foundryblog/security-advisory/feed/ is not being updated with new security issues? 

Has it moved? I've not spotted anything via the blog site to indicate either way. We use automated monitoring of this feed to alert us of potential CVEs we need to look at specifically on the platform.

Thanks

Lee

--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Lee Porte
Reliability Engineer 
GOV.UK PaaS Team
07785 449292



--
Caitlyn O'Connell
Senior Marketing Manager
Pronouns: She/Her
Time Zone: Eastern Time

Register for Cloud Foundry EU Summit! September 11-12 in the Hague, Netherlands.
761 - 780 of 9432