Releases: cloudfoundry/routing-release
Releases · cloudfoundry/routing-release
0.351.0
0.351.0
Release Date: October 14, 2025
Changes
- Upgrade golang-1.25-linux (1.25.3) - Author: App Platform Runtime Working Group CI Bot - SHA: 737c969
Go Package Updates
- Bumped go.mod package 'code.cloudfoundry.org/bbs' from 'v0.0.0-20250731191341-d1ca59879d2a' to 'v0.0.0-20251010175616-3400836a07a7'
- Bumped go.mod package 'code.cloudfoundry.org/locket' from 'v0.0.0-20250423181647-b2b48694f201' to 'v0.0.0-20251009195723-b66b54ffdfa1'
✨ Built with go 1.25.3
Full Changelog: v0.350.0...v0.351.0
Resources
0.350.0
0.350.0
Release Date: October 13, 2025
Changes
- Merge pull request #515 from cloudfoundry/go125-integration - Author: Amelia Downs - SHA: dcfa4d3
- close more conns for websocket apps - Author: Amelia Downs - SHA: ee357d6
- fix test for go 1.25 - Author: Amelia Downs - SHA: 21975f5
- Upgrade golang-1.25-linux (1.25.2) - Author: App Platform Runtime Working Group CI Bot - SHA: 4a23539
- go 1.25 changed the response when a client doesnt send certs - Author: Amelia Downs - SHA: ef399fe
- since go 1.25 you have to close both sides of the connection explicitly - Author: Amelia Downs - SHA: 270b1f0
Go Package Updates
- Bumped go.mod package 'golang.org/x/net' from 'v0.45.0' to 'v0.46.0'
- Bumped go.mod package 'golang.org/x/tools' from 'v0.37.0' to 'v0.38.0'
Bosh Job Spec changes:
diff --git a/jobs/acceptance_tests/spec b/jobs/acceptance_tests/spec
index 109e7e3f4..4e4a14fd1 100644
--- a/jobs/acceptance_tests/spec
+++ b/jobs/acceptance_tests/spec
@@ -7,7 +7,7 @@ templates:
bpm.yml.erb: config/bpm.yml
packages:
- - golang-1.24-linux
+ - golang-1.25-linux
- acceptance_tests
- rtr
- cf-cli-8-linux
diff --git a/jobs/smoke_tests/spec b/jobs/smoke_tests/spec
index 1260ab4fa..66dbe5732 100644
--- a/jobs/smoke_tests/spec
+++ b/jobs/smoke_tests/spec
@@ -7,7 +7,7 @@ templates:
bpm.yml.erb: config/bpm.yml
packages:
- - golang-1.24-linux
+ - golang-1.25-linux
- acceptance_tests
- cf-cli-8-linux
✨ Built with go 1.25.2
Full Changelog: v0.349.0...v0.350.0
Resources
0.349.0
0.349.0
Release Date: October 09, 2025
Changes
- Upgrade golang-1.24-linux (1.24.8) - Author: App Platform Runtime Working Group CI Bot - SHA: 6373305
- [Hash-Based Load Balancing] Implement registration message types (#509) - Author: Alexander Nicke - SHA: f507c68
Blob Updates
- Bumped blob 'haproxy/haproxy-2.8.15.tar.gz' to 'haproxy/haproxy-2.8.16.tar.gz'
Go Package Updates
- Bumped go.mod package 'code.cloudfoundry.org/cfhttp/v2' from 'v2.57.0' to 'v2.59.0'
- Bumped go.mod package 'code.cloudfoundry.org/clock' from 'v1.49.0' to 'v1.51.0'
- Bumped go.mod package 'code.cloudfoundry.org/debugserver' from 'v0.68.0' to 'v0.70.0'
- Bumped go.mod package 'code.cloudfoundry.org/diego-logging-client' from 'v0.70.0' to 'v0.72.0'
- Bumped go.mod package 'code.cloudfoundry.org/durationjson' from 'v0.52.0' to 'v0.54.0'
- Bumped go.mod package 'code.cloudfoundry.org/eventhub' from 'v0.52.0' to 'v0.54.0'
- Bumped go.mod package 'code.cloudfoundry.org/go-diodes' from 'v0.0.0-20250909124000-1dfc755f0d96' to 'v0.0.0-20251008062456-a5530d3e3f80'
- Bumped go.mod package 'code.cloudfoundry.org/lager/v3' from 'v3.49.0' to 'v3.51.0'
- Bumped go.mod package 'code.cloudfoundry.org/localip' from 'v0.51.0' to 'v0.53.0'
- Bumped go.mod package 'github.com/cloudfoundry/sonde-go' from 'v0.0.0-20250915135239-ebea5d8dc26e' to 'v0.0.0-20251008062332-ece9fc2bedb4'
- Bumped go.mod package 'github.com/google/pprof' from 'v0.0.0-20250923004556-9e5a51aed1e8' to 'v0.0.0-20251007162407-5df77e3f7d1d'
- Bumped go.mod package 'github.com/nats-io/nats.go' from 'v1.46.0' to 'v1.46.1'
- Bumped go.mod package 'github.com/onsi/ginkgo/v2' from 'v2.25.3' to 'v2.26.0'
- Bumped go.mod package 'github.com/prometheus/common' from 'v0.66.1' to 'v0.67.1'
- Bumped go.mod package 'golang.org/x/crypto' from 'v0.42.0' to 'v0.43.0'
- Bumped go.mod package 'golang.org/x/mod' from 'v0.28.0' to 'v0.29.0'
- Bumped go.mod package 'golang.org/x/net' from 'v0.44.0' to 'v0.45.0'
- Bumped go.mod package 'golang.org/x/oauth2' from 'v0.31.0' to 'v0.32.0'
- Bumped go.mod package 'golang.org/x/sys' from 'v0.36.0' to 'v0.37.0'
- Bumped go.mod package 'golang.org/x/text' from 'v0.29.0' to 'v0.30.0'
- Bumped go.mod package 'golang.org/x/time' from 'v0.13.0' to 'v0.14.0'
- Bumped go.mod package 'google.golang.org/genproto/googleapis/rpc' from 'v0.0.0-20250922171735-9219d122eba9' to 'v0.0.0-20251007200510-49b9836ed3ff'
- Bumped go.mod package 'google.golang.org/grpc' from 'v1.75.1' to 'v1.76.0'
- Bumped go.mod package 'google.golang.org/protobuf' from 'v1.36.9' to 'v1.36.10'
Go Package Updates for 'nats-client'
- Bumped go.mod package 'github.com/nats-io/nats.go' from 'v1.46.0' to 'v1.46.1'
- Bumped go.mod package 'golang.org/x/crypto' from 'v0.42.0' to 'v0.43.0'
- Bumped go.mod package 'golang.org/x/sys' from 'v0.36.0' to 'v0.37.0'
✨ Built with go 1.24.8
Full Changelog: v0.348.0...v0.349.0
Resources
0.348.0
0.348.0
Release Date: September 29, 2025
Changes
- Enable logs unconditionally (#514) - Author: Clemens Hoffmann - SHA: ecb3d13
- fix go vet issues - Author: Amelia Downs - SHA: 890e2ef
- fix go vet issues - Author: Amelia Downs - SHA: a3d2cb5
- Merge pull request #513 from cloudfoundry/maxmoehl/fix-trace-race - Author: Amelia Downs - SHA: 8626267
- test: fix vet inspection for host-port joining - Author: Maximilian Moehl - SHA: f43a801
- fix: prevent race conditions in request tracing - Author: Maximilian Moehl - SHA: 5089e93
- Merge branch 'develop' of github.com:cloudfoundry/routing-release into HEAD - Author: git - SHA: df741e6
Go Package Updates
- Bumped go.mod package 'code.cloudfoundry.org/cfhttp/v2' from 'v2.51.0' to 'v2.57.0'
- Bumped go.mod package 'code.cloudfoundry.org/clock' from 'v1.43.0' to 'v1.49.0'
- Bumped go.mod package 'code.cloudfoundry.org/debugserver' from 'v0.62.0' to 'v0.68.0'
- Bumped go.mod package 'code.cloudfoundry.org/diego-logging-client' from 'v0.63.0' to 'v0.70.0'
- Bumped go.mod package 'code.cloudfoundry.org/durationjson' from 'v0.46.0' to 'v0.52.0'
- Bumped go.mod package 'code.cloudfoundry.org/eventhub' from 'v0.46.0' to 'v0.52.0'
- Bumped go.mod package 'code.cloudfoundry.org/go-diodes' from 'v0.0.0-20250728062316-2a591619c2ae' to 'v0.0.0-20250909124000-1dfc755f0d96'
- Bumped go.mod package 'code.cloudfoundry.org/go-metric-registry' from 'v0.0.0-20250812104215-8101fb25fe80' to 'v0.0.0-20250910081605-f8a5859593c1'
- Bumped go.mod package 'code.cloudfoundry.org/lager/v3' from 'v3.43.0' to 'v3.49.0'
- Bumped go.mod package 'code.cloudfoundry.org/localip' from 'v0.45.0' to 'v0.51.0'
- Bumped go.mod package 'code.cloudfoundry.org/tlsconfig' from 'v0.33.0' to 'v0.35.0'
- Added go.mod package 'github.com/Masterminds/semver/v3' version 'v3.4.0'
- Added go.mod package 'github.com/antithesishq/antithesis-sdk-go' version 'v0.5.0'
- Bumped go.mod package 'github.com/cloudfoundry/sonde-go' from 'v0.0.0-20250811070242-4f9472e98427' to 'v0.0.0-20250915135239-ebea5d8dc26e'
- Bumped go.mod package 'github.com/google/go-tpm' from 'v0.9.5' to 'v0.9.6'
- Bumped go.mod package 'github.com/google/pprof' from 'v0.0.0-20250630185457-6e76a2b096b5' to 'v0.0.0-20250923004556-9e5a51aed1e8'
- Bumped go.mod package 'github.com/honeycombio/libhoney-go' from 'v1.25.0' to 'v1.26.0'
- Bumped go.mod package 'github.com/jackc/pgx/v5' from 'v5.7.5' to 'v5.7.6'
- Bumped go.mod package 'github.com/nats-io/nats-server/v2' from 'v2.11.8' to 'v2.12.0'
- Bumped go.mod package 'github.com/nats-io/nats.go' from 'v1.44.0' to 'v1.46.0'
- Bumped go.mod package 'github.com/onsi/ginkgo/v2' from 'v2.23.4' to 'v2.25.3'
- Bumped go.mod package 'github.com/onsi/gomega' from 'v1.38.0' to 'v1.38.2'
- Bumped go.mod package 'github.com/prometheus/client_golang' from 'v1.23.0' to 'v1.23.2'
- Bumped go.mod package 'github.com/prometheus/common' from 'v0.65.0' to 'v0.66.1'
- Bumped go.mod package 'go.step.sm/crypto' from 'v0.69.0' to 'v0.70.0'
- Added go.mod package 'go.yaml.in/yaml/v2' version 'v2.4.3'
- Added go.mod package 'go.yaml.in/yaml/v3' version 'v3.0.4'
- Bumped go.mod package 'golang.org/x/crypto' from 'v0.41.0' to 'v0.42.0'
- Bumped go.mod package 'golang.org/x/mod' from 'v0.27.0' to 'v0.28.0'
- Bumped go.mod package 'golang.org/x/net' from 'v0.43.0' to 'v0.44.0'
- Bumped go.mod package 'golang.org/x/oauth2' from 'v0.30.0' to 'v0.31.0'
- Bumped go.mod package 'golang.org/x/sync' from 'v0.16.0' to 'v0.17.0'
- Bumped go.mod package 'golang.org/x/sys' from 'v0.35.0' to 'v0.36.0'
- Bumped go.mod package 'golang.org/x/text' from 'v0.28.0' to 'v0.29.0'
- Bumped go.mod package 'golang.org/x/time' from 'v0.12.0' to 'v0.13.0'
- Bumped go.mod package 'golang.org/x/tools' from 'v0.36.0' to 'v0.37.0'
- Bumped go.mod package 'google.golang.org/genproto/googleapis/rpc' from 'v0.0.0-20250811230008-5f3141c8851a' to 'v0.0.0-20250922171735-9219d122eba9'
- Bumped go.mod package 'google.golang.org/grpc' from 'v1.74.2' to 'v1.75.1'
- Bumped go.mod package 'google.golang.org/protobuf' from 'v1.36.7' to 'v1.36.9'
Go Package Updates for 'nats-client'
- Bumped go.mod package 'code.cloudfoundry.org/tlsconfig' from 'v0.33.0' to 'v0.35.0'
- Bumped go.mod package 'github.com/nats-io/nats.go' from 'v1.44.0' to 'v1.46.0'
- Bumped go.mod package 'golang.org/x/crypto' from 'v0.41.0' to 'v0.42.0'
- Bumped go.mod package 'golang.org/x/sys' from 'v0.35.0' to 'v0.36.0'
✨ Built with go 1.24.7
Full Changelog: v0.347.0...v0.348.0
Resources
0.347.0
0.347.0
Release Date: September 19, 2025
Changes
- No updates
✨ Built with go 1.24.7
Full Changelog: v0.346.0...v0.347.0
Resources
0.346.0
0.346.0
Release Date: September 10, 2025
Changes
- Bug Fix: fix tcp_router drain script when tcp_router is turned off - Author: Matthew Kocher - SHA: b148cc7
✨ Built with go 1.24.7
Full Changelog: v0.345.0...v0.346.0
Resources
0.345.0
0.345.0
Release Date: September 05, 2025
Changes
- Bump dependencies
- Thanks to @neowulf for the following:
- Thanks @ameowlia for this one:
- #512: add a flag to turn off tcp_router
Bosh Job Spec changes:
diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
index f575e1006..dbd015e19 100644
--- a/jobs/route_registrar/spec
+++ b/jobs/route_registrar/spec
@@ -130,6 +130,8 @@ properties:
options (optional, object, for http routes): Custom per-route options
terminate_frontend_tls (optional, boolean): When true, the router will terminate TLS before forwarding requests to the backend. Default: false
alpns (optional, array): Application Layer Protocol Negotiation strings.
+ sni_routable_san(optional, string): is the SAN used to route the request to the appropriate backend.
+ Required when `type` is `sni` and `terminate_frontend_tls` is enabled.
health_check object
name (required, string): Human-readable reference for the healthcheck
diff --git a/jobs/tcp_router/spec b/jobs/tcp_router/spec
index 7d1df979f..14d10ee7f 100644
--- a/jobs/tcp_router/spec
+++ b/jobs/tcp_router/spec
@@ -3,7 +3,7 @@ name: tcp_router
templates:
tcp_router_ctl.erb: bin/tcp_router_ctl
- haproxy_reloader: bin/haproxy_reloader
+ haproxy_reloader.erb: bin/haproxy_reloader
bpm-pre-start.erb: bin/bpm-pre-start
tcp_router.yml.erb: config/tcp_router.yml
uaa_ca.crt.erb: config/certs/uaa/ca.crt
@@ -39,6 +39,9 @@ consumes:
optional: true
properties:
+ tcp_router.disable:
+ description: "Disable this monit job. It will not run."
+ default: false
tcp_router.debug_address:
description: "Address at which to serve debug info"
default: "127.0.0.1:17002"
✨ Built with go 1.24.7
Full Changelog: v0.344.0...v0.345.0
Resources
Contributors
neowulf and ameowlia
Assets 3
0.344.0
0.344.0
Release Date: August 20, 2025
Changes for 'routing-api'
- Update docs/02-api-docs.md - Author: Ashish Naware - SHA: 2d65717a2eb59650c3a46dc27cc1a6d5789b8b41
- docs: updated docs with changes for tls termination at tcprouter - Author: Ashish Naware - SHA: 4a6e366bf6c9fdde67ce2371c76335ded246a684
Go Package Updates
- Bumped go.mod package 'code.cloudfoundry.org/debugserver' from 'v0.60.0' to 'v0.61.0'
- Bumped go.mod package 'code.cloudfoundry.org/go-metric-registry' from 'v0.0.0-20250729050323-25d4495e6610' to 'v0.0.0-20250805174920-6a3c5cac5be3'
- Bumped go.mod package 'code.cloudfoundry.org/tlsconfig' from 'v0.31.0' to 'v0.32.0'
- Bumped go.mod package 'go.step.sm/crypto' from 'v0.68.0' to 'v0.69.0'
- Bumped go.mod package 'golang.org/x/crypto' from 'v0.40.0' to 'v0.41.0'
- Bumped go.mod package 'golang.org/x/net' from 'v0.42.0' to 'v0.43.0'
- Bumped go.mod package 'golang.org/x/tools' from 'v0.35.0' to 'v0.36.0'
- Bumped go.mod package 'google.golang.org/protobuf' from 'v1.36.6' to 'v1.36.7'
- Bumped go.mod package 'github.com/nats-io/jwt/v2' from 'v2.7.4' to 'v2.8.0'
- Bumped go.mod package 'golang.org/x/mod' from 'v0.26.0' to 'v0.27.0'
- Bumped go.mod package 'golang.org/x/sys' from 'v0.34.0' to 'v0.35.0'
- Bumped go.mod package 'golang.org/x/text' from 'v0.27.0' to 'v0.28.0'
- Bumped go.mod package 'google.golang.org/genproto/googleapis/rpc' from 'v0.0.0-20250728155136-f173205681a0' to 'v0.0.0-20250804133106-a7a43d27e69b'
Go Package Updates for 'nats-client'
- Bumped go.mod package 'code.cloudfoundry.org/tlsconfig' from 'v0.31.0' to 'v0.32.0'
- Bumped go.mod package 'golang.org/x/crypto' from 'v0.40.0' to 'v0.41.0'
- Bumped go.mod package 'golang.org/x/sys' from 'v0.34.0' to 'v0.35.0'
✨ Built with go 1.24.6
Full Changelog: v0.343.0...v0.344.0
Resources
0.343.0
0.343.0
Release Date: August 07, 2025
Changes
- Dependency Bumps
- Bumped to Golang 1.24.5
- Changed some redundant log messages to Debug. Thanks @hoffmaen!
- Added support to routing-api, tcp-router to allow route-registrar based TCP routes to request frontend TLS termination by tcp-router, using ALPNS to host multiple services behind a single TLS port, to reducing the number of TCP Routes needed for backend services. Thanks @AshishNaware @neowulf !
Bosh Job Spec changes:
diff --git a/jobs/route_registrar/spec b/jobs/route_registrar/spec
index c39eac917..f575e1006 100644
--- a/jobs/route_registrar/spec
+++ b/jobs/route_registrar/spec
@@ -104,7 +104,7 @@ properties:
type (optional, string, for all routes): Defaults to http, can specify http, sni, or tcp.
uris (required, array, for http routes): When Gorouter receives a request that matches one of these URIs,
it will forward them to the IP of the host on which route_registrar runs, and either port or tls_port.
- sni_port (required, integer, for sni rotues): When sni type provided, this is the downstream port to route to
+ sni_port (required, integer, for sni routes): When sni type provided, this is the downstream port to route to
port (required, integer, for all routes): Either `port` or `tls_port` are required; if both are provided, Gorouter will prefer tls_port.
Requests for associated URIs will be forwarded unencypted by the router to this port.
The IP is determined automatically from the host on which route-registrar is run.
@@ -128,6 +128,8 @@ properties:
external_port (required, string, for tcp routes): Port that the TCP router will listen on.
server_cert_domain_name_modifier (optional, string, for sni routes): a regex replace to help with complicated hostnames.
options (optional, object, for http routes): Custom per-route options
+ terminate_frontend_tls (optional, boolean): When true, the router will terminate TLS before forwarding requests to the backend. Default: false
+ alpns (optional, array): Application Layer Protocol Negotiation strings.
health_check object
name (required, string): Human-readable reference for the healthcheck
@@ -161,6 +163,10 @@ properties:
script_path: /path/to/script
timeout: 5s
route_service_url: https://my-oauth-proxy-route-service.example.com
+ terminate_frontend_tls: true
+ alpns:
+ - h2
+ - http/1.1
options:
loadbalancing: least-connection
- name: my-tls-endpoint
diff --git a/jobs/tcp_router/spec b/jobs/tcp_router/spec
index 234e3db92..7d1df979f 100644
--- a/jobs/tcp_router/spec
+++ b/jobs/tcp_router/spec
@@ -59,6 +59,21 @@ properties:
be set. For mTLS also set tcp_router.backend_tls.client_cert and
tcp_router.backend_tls.client_key.
default: false
+ tcp_router.frontend_tls_pem.certificate_path:
+ description: Path to the certs and key store
+ tcp_router.frontend_tls:
+ description: "Array of private keys, certificates and names for serving TLS requests. Each element in the array is an object containing fields 'private_key' and 'cert_chain', each of which supports a PEM block."
+ example: |
+ - cert_chain: |
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+ private_key: |
+ -----BEGIN RSA PRIVATE KEY-----
+ -----END RSA PRIVATE KEY-----
+ name: |
+ name of the cert
tcp_router.backend_tls.client_cert:
description: "TCP Router's TLS client cert used for mTLS with route backends"
tcp_router.backend_tls.client_key:
✨ Built with go 1.24.6
Full Changelog: v0.342.0...v0.343.0
Resources
Contributors
neowulf, AshishNaware, and hoffmaen
Assets 3
0.342.0
0.342.0
Release Date: July 07, 2025
Changes
- Bump blob
jqfrom 1.8.0 to 1.8.1 - Bump go package
tlsconfigfrom v0.29.0 to v0.30.0 - Bump go package
github.com/cloudfoundry/cf-test-helpers/v2from v2.12.0to v2.13.0 - Bump go package
github.com/nats-io/nats-server/v2from v2.11.4 to v2.11.5 - Bump go package
code.cloudfoundry.org/bbsfromv0.0.0-20250414163106-a163a3b524d2tov0.0.0-20250627143703-e88b3ec8cd1e - Bump go package
github.com/prometheus/commonfrom v0.64.0 to v0.65.0
✨ Built with go 1.24.4
Full Changelog: v0.341.0...v0.342.0