2.10.1

Added

• Enabled router.forwarded_client_cert variable for router
• New syslog roles can have anti-affinity
• mysql-proxy healthcheck timeouts are configurable
• cfdot added to all diego roles

Changed

• Bumped UAA to v56.0
• Bumped cf-deployment to v1.21
• Bump PHP buildpack to v4.3.53.1 to address MS-ISAC ADVISORY NUMBER 2018-046
• Bumped SLE12 & openSUSE stacks
• Rotateable secrets are now immutable
• Removed time stamp check for rsyslog

Fixed

• Immutable config variables will not be regenerated
• Upgrades for legacy versions that were using an older secrets generation model
• Upgrades will handle certificates better by having the required SAN metadata
• Apps will come back up and run after upgrade
• MySQL HA scaling up works better

Important Notes

• Upgrading now rotates all internal passwords and certificates which may cause some downtime (e.g. users will be unable to push applications) as the roles are restarted. This should not impact the availability of hosted applications running multiple instances.
• If you are using the bundled UAA release, upgrade this first and pass the new certificate to the SCF upgrade command as per the upgrade instructions below.