v6.47.1

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Adds Support for Windows

In cf CLI 6.47.0, we released without Windows support because of issues with renewing our signing certificate. In this release, we add support for Windows with a new cert.

Fixes regression for cf login

cf CLI 6.47 introduced a regression on cf login. Users on certain platforms (e.g. IBM, Swisscom) reported issues with logging into their CF instance. This release fixes the regression, and users should now be able to log in as expected.

Here is background information about the regression:

• In cf CLI 6.47.0, as part of the cf login refactor, we made changes to the endpoint we use in the config for AuthorizationEndpoint. The older login implementation used the link advertised under /v2/info. In 6.47.0 since v3 CC API does not provide the login endpoint we used the UAA endpoint defined in the CAPI root response. We incorrectly thought there should be no functional difference. In this patch release, we revert back to using the link provided in /v2/info.

v6.47.0

Important Note: A regression has been reported by some users regarding cf login. We are currently reviewing this issue and are likely to release a patch. It is not recommended to use 6.47.0.

Note: this release does not include the Windows installer because we are in the middle of renewing the certificate. We are currently working to include the Windows installer in the next release. Please reach out on Slack Cloud Foundry #cli if you have feedback or questions.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)

Change Log

Installers

Note this release does not include the Windows installer because we are in the middle of renewing the certificate. We are currently working to include the Windows installer in the next release. Please reach out on Slack Cloud Foundry #cli if you have feedback or questions.

CF Login Refactor

In order to prepare for an upcoming feature for cf login, and to support the v7 beta cf CLI effort, the cf CLI embarked on a refactor of cf login.

User-facing changes include:

• cf login is backed by the v3 API for calling resources such as orgs and spaces - this is in accordance with our minimum version policy
• instead of outputting the v2 version of the api in the API endpoint information, we now output the corresponding v3 version
• improving and restructuring error messages where possible to improve user experience and consistency. For example:
  • if we detect your minimum version is outside our window of support, we've added additional text to inform you where to download the newer version of the cf CLI. story
  • when using --skip-ssl-validation, we've added the https protocol to the error message, and we've changed TIP to prompt you to use cf login instead of cf api for for consistency. story
  • moving FAILED after the error output
  • if you have less than 50 orgs and spaces, positive integers at the prompts will always be used as a list index. story
  • if you have more than 50 orgs and spaces, numbers at the space prompt will always be interpreted as a space name. story
• subtle changes to UX. Examples include:
  • replacing > with : for prompts
  • removing flavor text from the > prompts and the final output to confirm API endpoint, User, Org, Space
• warnings and errors will consistently be outputted to stderr instead of stdout
• when using CTRL-C to exit the prompt, the ^C no longer echos in the prompt field. story
• when you attempt to login with cf login, the configuration file is updated once after authentication succeeds, and then again when the entire command completes successfully. For example, if you attempt to login with cf l -a api.cli.fun and you hit CTRL-C at the following prompt, then the CLI will no longer write the api version and endpoint to the config file. If you hit CTRL-C at the prompt to choose an organization, the config file will be updated with the new API endpoints and access tokens [story] (https://www.pivotaltracker.com/story/show/163101114)
• users can now pipe input into username and password prompts for cf login. story

Non user-facing changes of note:

• AuthorizationEndpoint changed from uaa to login in the config changed due to API updates story
• SSHOAuthClient changed from ssh-proxy to "" this field is not configurable by the user story

Deprecation of custom client workflow

This release adds a deprecation notice to login and auth for "custom client workflows". In an early version of the cf CLI, support was added to allow users to extend their refresh token by writing secrets to their config.json. Since this is a security concern, in cf CLI release 6.44.0 onwards we've changed this behavior such that the default refresh token expires within 12 hours, which we believe, is sufficient for most pipelines to run. If users require a longer-lived token, see the UAAC documentation. More details about this can be found here.

In v7 cf CLI, we will completely remove the functionality to write secrets to the config.json in order to obtain a longer-lived refresh token.

Enhancements:

• Since usernames are not unique, users with the same name can exist in different external identity providers. This release supports a new flag on login: --origin which allow users to disambiguate the user and identity provider they want to log in to. story
• Adds a deprecation warning to cf login and cf auth for custom clients. In CLI V7, we are encouraging users to adopt the client credential workflow because it is more secure (secrets are not written to the config). story and story
• If you are not logged in and attempt to run commands, now a slightly more verbose output appears to prompt the user to run either 'cf login' or 'cf login --sso' to log in.. story
• the CF_DIAL_TIMEOUT default has been updated from 5 to 6 seconds to avoid race conditions story

Bug Fixes:

• create-buildpack will now retry if attempting to create a large buildpack and the fresh token is about to expire story
• now when you push an application with a buildpack, and if you delete the buildpack, and then subsequently push the same app with multiple buildpacks, push should stage your app story

Plugins:

• Updates multiapps plugin to 2.1.2 plugin story
• Updates SCS CF CLI plugin to v1.0.22 story
• Updates cfdev to 0.0.17 story

Note: For users who are scripting using the cf CLI, we advise usage of the cf auth command as cf login is an interactive command which does not lend well to automation.

Contributors: Brendan Smith, Abby Chau, Andrew Crump, Alexander Berezovsky, Steve Taylor, Jenna Goldstrich, Eric Promislow, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin) for all the services-related work, and Simon Seif (thanks for the pull request!),

Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.

v7.0.0-beta.26

Important Note: A regression has been reported by some users regarding cf login. We are currently reviewing this issue and are likely to release a patch.

Note: this release does not include the Windows installer because we are in the middle of renewing the certificate. We are currently working to include the Windows installer in the next release. Please reach out on Slack Cloud Foundry #cli if you have feedback or questions.

Installation

Note: V7 beta binaries will be called cf7 to allow for coexistence with V6 cf binaries.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)

Compatibility

Tested against CC API Release Candidate v1.87.0-rc.73.

Change Log for 7.0.0-beta.26

v3 CC API Resources and backing v7 beta cf CLI commands

Additional the cf7 CLI v7 beta commands backed by the v3 CC API include:

• delete-service-broker story
• rename app command story
• staging-environment-variable-group story - System environment variables can only be strings. This is enforced now on the API. See the Upgrade Guide.
• running-environment-variable-group story - System environment variables can only be strings. This is enforced now on the API. See the Upgrade Guide.
• enable-ssh story
• disable-ssh story
• delete-user story

Enhancements:

• support for setting, unsetting, listing, and querying for labels for the following resources: apps, spaces, orgs, buildpacks, and spaces epic
  • set-label, unset-label, labels, and resource specific querying on the listing commands specified above
  • see official documentation for usage
• support for displaying a sidecar if it exists story. Users are able to add a sidecar to an app process using an app manifest. Now the cf CLI will display the sidecar along with process it is attached to.
• cf restart now supports a --strategy rolling flag which allow users to use a rolling deployment strategy story
  • see official documentation for usage
• Since usernames are not unique, users with the same name can exist in different external identity providers. This release supports a new flag on login and delete-user: --origin which allow users to disambiguate the user and identity provider they want to log in to or delete story
• Adds a deprecation warning to cf login and cf auth for custom clients. In CLI V7, we are encouraging users to adopt the client credential workflow because it is more secure (secrets are not written to the config). story and story
• If you are not logged in and attempt to run commands, now a slightly more verbose output appears to prompt the user to run either 'cf login' or 'cf login --sso' to log in.. story
• • the CF_DIAL_TIMEOUT default has been updated from 5 to 6 seconds to avoid race conditions story

CF Login Refactor

See release notes for v6.47.0 for details.

Deprecation of custom client workflow

See release notes for v6.47.0 for details.

Changes to Exit Codes

• applies the principles of idempotent commands: delete-space and delete-route now correctly exits 0 if the resource does not exist story and story

Bug Fixes for Push:

• --path on cf push supports absolute and relative path story
• updates a permissions error message for cf push story
• given a bad start command, cf push no longer exits if the process is still in the starting state story
• updates cf push help text to include the --no-manifest flag story
• --health-check-type and --endpoint flag options now correctly overrides its equivalent app manifest properties story story

Other Bug Fixes:

• per the cf CLI's style guide, we updated the cf space command to include the isolation segment field, even when the field is empty story
• delete-shared-domain now correctly returns an error if you attempt to delete a private domain story
• adds a helpful TIP if you attempt to enable ssh for an app when ssh has been disabled either at the space or global level story
• create-buildpack will now retry if attempting to create a large buildpack and the fresh token is about to expire story

Gotchas (anything I should watch out for since this is a beta release?)

• help text updates are still required for querying labels for a given resource (cf7 apps, etc)

Documentation

• Official Cloud Foundry documentation notes for v7 beta - includes information about breaking changes and feature development work available on v7
• ADR for push
• Additional cf CLI v7 beta release notes for releases v7.0.0-beta.23 and older

Feedback

Do you have feedback or a bug report for the cf CLI v7 beta? Please file a GitHub issue, or reach out on Cloud Foundry Slack #v3-acceleration-team.

V3 Acceleration Team Core Contributors to v7 CLI beta: Eli Wrenn, Reid Mitchell, Piyali Banerjee, Greg Cobb, Supraja Narasimhan, Abby Chau, Michelle He, Mona Mohebbi, Brian Cunnie, Teal Stannard, Merric de Launey, Seth Boyles

CF CLI - v7 Feature Development Contributors: Brendan Smith, Andrew Crump, Abby Chau, Eric Promislow, Alexander Berezovsky, Steve Taylor, Jenna Goldstrich

Services API/CLI Contributors: Oleksii Fedorov, Aditya Tripathi, George Blue, Felisia Martini

v7.0.0-beta.25

Installation

Note: V7 beta binaries will be called cf7 to allow for coexistence with V6 cf binaries.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Compatibility

Tested against CC API Release Candidate v1.87.0-rc.14.

Change Log for 7.0.0-beta.25

v3 CC API Resources and backing v7 beta cf CLI commands

This release includes additional commands backed by the v3 CC API:

• create-user is backed by the v3 API and includes an additional flag to optionally prompt for a password story

Enhancements

• now cf7 create-user supports a new optional --password-prompt flag which can be used for interactively prompting for a password story
• cf7 push output text updates - for example, Mapping Routes... will no longer appear in the output. spike story
• cf7 push help text updated for --random-route to indicate that if no-route is specified in the manifest and --random-route is used as a flag override, no-route will trump the --random-route flag (this is also existing v6 behavior) story

Gotchas

• none in this release

Bugs

• Fixes installer issue story whereby if you used OSX or Windows, and you have cf installed, if you downloaded cf7, it would replace your cf binary. story
• Fixes a bug where a manifest with values over a quota were not overridden by flag overrides, preventing successful pushes story

Documentation

• Official Cloud Foundry documentation notes for v7 beta - includes information about breaking changes and feature development work available on v7
• Additional cf CLI v7 beta release notes for releases v7.0.0-beta.23 and older

Feedback

Do you have feedback or a bug report for the cf CLI v7 beta? Please file a GitHub issue, or reach out on Slack #v3-acceleration-team.

V3 Acceleration Team Core Contributors to v7 CLI beta

Eli Wrenn, Brian Cunnie, Reid Mitchell, Piyali Banerjee, Greg Cobb, Supraja Narasimhan, Abby Chau, Michelle He, Mona Mohebbi

v6.46.1

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Deprecation of --hostname, --no-hostname, -d, --route-path on cf push

The cf CLI team reached out to the Community back in December 2017 to gather feedback about domains and hostnames app manifest properties. Based on feedback, in cf CLI release v6.34.0, the team moved forward with deprecating domains and hostnames properties in the app manifest in favor of the routes attribute.

At the time, the flag options to override the manifest properties were not deprecated. This release deprecates the flag options on cf push:

• --hostname
• --no-hostname
• -d for domain
• --route-path

When any of the above flag options are passed to cf push, a deprecation warning appears in output text. story

We are seeking feedback on this for the cf7 beta CLI. Please add feedback and comments if you have any concerns.

Update-One Is Generally Available

The SAPI and Services Enablement Team are GA'ing the Update-One Feature in this release. story

• Adds a --force flag to update-service to support automation workflows story
• Adds a helpful message if an upgrade is not available story

Bugs

• Fixes an issue where update-user-provided-service can unset existing
  credentials associated with a service even when the -p flags is not specified story

Plugin Updates

• Adds cf-security-entitlement plugin story
• Updates top plugin to v0.9.4 story
• Updates cf-puppeteer to 1.1.1 story
• Updates html5-plugin to 1.3.0 story
• Updates open plugin to v1.2.2 story

Contributors: Brendan Smith, Abby Chau, Andrew Crump, Alexander Berezovsky, Steve Taylor, Eric Promislow, Supraja Narasimhan, and the SAPI and Services Enablement team (Winna Bridgewater, George Blue, Aditya Tripathi, Oleksii Fedorov) for all the services-related work.

Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.

v7.0.0-beta.24

Introducing the v7 beta cf CLI

Installation

Note: V7 beta binaries will be called cf7 to allow for coexistence with V6 cf binaries.

Package Manager Installation

• apt-get, yum, homebrew

Installers

Important note: Due to a bug with both the Mac and Windows Installer, we are removing the links to the v7 beta for these two Operating Systems. We hope to release 7.0.0-beta.25 with the fix soon.

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X
• Windows

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Compatibility

Tested against CC API Release Candidate 1.86.0-rc.21.

Background

The CC API team have been working on developing the v3 API, which introduced new features including running tasks, defining app processes via a Procfile, advanced deployment strategies, sidecars, and granular control of an application lifecycle.

To expose the v3 API to end users, the CLI team implemented v3 prefixed commands in CLI release v6.32.0; and in CLI release v6.38.0, we updated the cf7 app to use the v3 endpoint.

Whilst working toward this v3 effort, both the CC API and CLI teams came to the realization that development work for the v3 API, and the CLI's adoption of it, is best done as a dual effort.

To this end, both teams contributed engineers to form the V3 Acceleration Team, a team tasked with completing the v3 API, and developing a v7 cf CLI to support it - both of which are under active development.

Goals for v7 beta cf CLI

Release and make generally available cf CLI v7 which is completely backed by the v3 CC API so that we can unlock feature development which was not possible on the v2 CC API. As such, we've purposely kept changes between the v6 cf CLI and the v7 cf CLI to a minimum. Where there are differences, we have documented potentially breaking changes here.

Important Notes about v7 beta CLI

• Since both the v7 beta cf CLI and the backing CC API v3 are both in active development, it is important to note that the v7 beta cf CLI is subject to change as we move toward completing development. Therefore, using the v7 beta cf CLI in scripts is not recommended.
• Not all cf CLI v7 commands are backed by the CC API v3. As a result, commands still fall back to the v2 API. As we release the v7 beta cf CLI, more v3 resources will be developed along with the v7 beta cf CLI support for it.
• In order to complete the v7 beta cf CLI in a timely matter, we develop and test against the latest CAPI release candidate. When v7 cf CLI is generally available, we will start supporting official CC API releases again.

v3 CC API Resources and backing v7 beta cf CLI commands

As of 7.0.0-beta.24, the cf7 CLI beta commands backed by the v3 CC API include:

• push (Not a resource but the bulk of our work has been geared toward building cf7 push that is completely backed by the v3 API) epic
• domains epic
• routes epic
• feature-flags epic
• stacks epic
• buildpacks epic
• spaces epic
• organizations epic
• some v3 Services API support: create-service-broker

Highlights

Rolling Deployments

• cf7 push is completely backed by the v3 API. New features including rolling deployments have been added to cf7 push app --strategy rolling. See New Workflows for more information. epic epic

Labels - metadata support

• labels metadata support (new commands: set-label, unset-label, labels) for the following resources: apps, spaces, orgs. Additional support for buildpacks and stacks and adding annotations and filtering labels coming soon. epic

Commands backed by the v3 API

• Resources mentioned above all completely backed by the v3 API on v7 beta cf CLI. Expect changes to flag options and arguments, removal of commands (kept to a minimum), a change to exit codes for one command (create-buildpack and delete commands where the resource does not exist story), and new error output which comes directly from the v3 API. Errors and warnings print to stderr instead of stdout. For full details regarding changes to commands, please see v6 versus v7 command differences.
• Pre-fixed v3 commands have been removed and are now the default command on v7. story

Please read the official CF documentation for additional information, and changes you might expect for 7.0.0-beta.24.

Gotchas

• cf7 restart has not been updated to use rolling deployments, we hope to start that work soon
• cf7 start does not restage on v7. We hope to update the cf7 restart command and the cf7 start command soon.
• cf7 routes is missing the services column, we are waiting on development of v3 services
• cf7 org is missing the quotas column, we are waiting on development of the quotas resource
• cf7 create-org does not assign the current user roles in the org after creating, since we are waiting on development of v3 users/roles. Roles can still be assigned afterwards with cf7 set-org-role.
• cf7 create-space does not assign the current user roles in the space after creating, since we are waiting on development of v3 users/roles. Roles can still be assigned afterwards with cf7 set-space-role.

Documentation Resources

• Official Cloud Foundry documentation notes for v7 beta - includes information about breaking changes and feature development work available on v7
• Additional cf CLI v7 beta release notes for previous releases

Feedback

Do you have feedback or a bug report for the cf CLI v7 beta? Please file a GitHub issue here, or reach out on Slack #v3-acceleration-team.

Change Log for 7.0.0-beta.24

Below are the release notes for 7.0.0-beta.24. To review previous release notes for older version of the cf CLI v7 beta, go here.

CF Push

• experimental command output removed from cf7 push story
• support for --random-route is added to cf7 push story
• CF_STARTUP_TIMEOUT and CF_STAGING_TIMEOUT environment variables added to cf7 push help text story
• cf7 push is completely backed by the v3 API story story story
• --no-route will now unmap routes including the default route story
• bug fix for when bit service is enabled, cf7 push works as expected story
• bug fix for pushing an app when the directory contains empty files story
• additional cf7 push docker and buildpack-related bug fixes story and story story story

Rolling Deployments

• explorations into updating an app when it is in the Deploying state; we advised users to use cancel-deployment for now and the CC API team will review in the future story

###...

v6.46.0

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Service Instance Upgrade feature

Service authors that have built services using the On-Demand Broker want to allow Service Instances to be upgraded individually after a new version of their Service Broker has been deployed.

Now cf services will inform users that an upgrade is available; running cf service <name> provides additional details. To upgrade a service instance, run cf update-service <name> --upgrade. This flag is in experimental stage and may change without notice.

Users must be on CC API v2.135 to use this feature.

For questions, regarding this feature please reach out to #SAPI on Slack Cloud Foundry. Thank you, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin) who all worked on this feature.

Bugs

• Fixes cf push remove spin lock in PollStart(). This reduces the CPU time when waiting for apps to start. Also affects cf start, cf restart and cf restage story
• Fixes a documentation url in output story
• Fixes an issue whereby if you are logged in as a client, the user name was not printed in the output story
• Targeting a space for cf copy-source is no longer case sensitive story
• Retry plugin uninstall attempt for windows story

Plugin Updates

• Updated Log Stream to v0.4.0 story
• Updated cf-puppeteer to v1.0.0 story

Release Contributors: Brendan Smith, Abby Chau, Andrew Crump, Alexander Berezovsky, Steve Taylor, Simon Seif, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin)

Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.

v6.45.0

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Known Issue with the log-cache-cli plugin

Recently changes (v6.44.0) were made to the CF CLI to no longer refresh authentication tokens in cases where we have an existing authentication token that has not yet expired.

In some circumstances users using the log-cache-cli plugin may see a temporary error when attempting to view logs for an application that has just been pushed. Log Cache maintains a one-minute cache on the server of the current applications associated with a token, and will reject requests for logs associated with an application it is not yet aware of.

As a workaround you can re-authenticate to obtain a new token or wait 60 seconds for the cache entry to be invalidated.

Using client credentials with cf oauth-token

This release adds support for using client credentials with the cf oauth-token command. This functionality was removed in cf CLI release 6.44.0; this release supports the workflow again but with changes in behavior:

• it is no longer possible to re-authenticate and return a new token when using client credentials with cf oauth-token. See this issue for more information.
• if your token is valid, running cf oauth-token returns the current token
• if your token has expired, running cf oauth-token errors with a message to say that your access token has expired

For more information, please review this github issue and this tracker story.

Known issues with using client credentials

To prepare for this release, the cf CLI team did an exhaustive review of the client credential workflow:

• we ran all our integration tests using client credentials story story
• we checked for all the places in our codebase where we refresh the auth token story

We discovered the following issues with using client credentials:

• ssh-code does not currently work with client credentials story
• unrefactored commands will not print the client id in output text story

If you have any feedback about client credentials, please reach out to the UAA team (Cloud Foundry Slack #uaa), or the cf CLI team via a GitHub issue or on Cloud Foundry Slack #cli.

Bug Fixes

• Fixes a regression for v3-push whilst viewing logs when authenticated as a client. Now you are able to see logs if you are logged in as a client and you attempt to view logs (cf logs for example).

Plugin Additions/Updates

• Updated multiapps to 2.1.1 story
• Updated cf-dev to 0.0.16 story

Contributors:

Will Murphy, Brendan Smith, Abby Chau, Andrew Crump, and Alexander Berezovsky

Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.

v6.44.1

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Fixes a regression with client credentials

Fixes a regression for viewing logs when authenticated as a client. Now you are able to see logs if you are logged in as a client and you attempt to view logs (cf logs for example).

Note: We have not fixed this regression on experimental v3-push, if you are authenticated as a client, and you are using v3-push you will not be able to view logs. Please reach out with any feedback.

v6.44.0

UPDATE: A regression has been detected for this release. The bug affect users using client credentials - logs will not appear for commands such as cf push or cf logs.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Client credentials update to address security concerns

Changes to the client credential workflow

In CF CLI v6.35.0, we added support for client-credentials. During the implementation of the feature, the client secret was written config.json file to allow for token refresh in a pipeline workflow. In this release, we have reimplemented this feature to not write the client secret to the config.json.

Changes our users should expect from this change: if you are using cf auth --client-credentials and you upgrade to the CLI v6.44.0, you will be logged out of your session after 12 hours and be prompted to log back in.

We've decided to change this implementation because:

1. Writing secrets to disk is a a security vulnerability we do not want to persist
2. The default refresh token expiration is 12 hours. We believe a 12 hour refresh token should be sufficient for most pipeline-related activity and if users require a longer lived token, they can generate one using the uaac - see documentation here

Note: cf oauth-token does not work with client credentials. Please reach out if there's a use case for this workflow.

Deprecation Notice for CF CLI Commands story

The following commands were deprecated because the V1 Broker API was deprecated as of January 2015. The CF CLI currently supports CC API 3.35.0/ Service Broker API Version 2.13.

• create-service-auth-token
• delete-service-auth-token
• update-service-auth-token
• service-auth-tokens
• migrate-service-instances
• cf files

Using client credential for setting org and space roles

This release supports setting roles for a client. Updates include:

• a new optional --client flag for cf set-org-role story
• a new optional --client flag for cf set-space-role story
• cf org-users now display the client name story
• cf space-users now display the client name story

Note:

• More information about the client credentials feature: API docs, UAA docs here and here
• If you are on an older version of cf-deployment (7.9.0 or lower) the CLI does not check to see if the client exists when we set orgs and spaces. Starting with cf-deployment 7.9.0, we added specific scopes to cf deployment to allow us to validate that a provided client exists when attempting to set an org or space role for a client. story

Minimum Version Warning

Our minimum version policy changed in January 2019 to support CC API 2.100/3.35. In this release, we will start outputting a warning when users are on a unsupported version of the CC API. cf api, cf auth and all rewritten code will display this warning.

Built with Golang 1.12.1

Updated to Golang 1.12.1 See the Golang release summaries for details on the bug fixes. story

New Translations

New translations are included in this release - thanks to IBM who contributed updated translations of CLI output and help text. As usual, the update came in mid-release and a number of message strings may have changed since, but will be included in the next release. story

Enhancements

• A new flag --no-plans added to cf marketplace to view the table without the plans column story

Minor Enhancements

• cf help now displays a more prominent TIP so that users can discover cf help -a
• Roles for the set-org-role and set-space-role commands are case insensitive story
• Piping a multi-line file to cf login now works as expected story
• Updated the help text for cf delete-orphaned-routes to clarify that the command is spaced-scoped story

Bug Fixes

• Fixes a bug for cf update-buildpack for assigning stacks story
• Fixes an issue with cf-bind-route-service whereby if a user does not have a org or space targeted, instead of returning a useful error, the CLI would attempt to GET the private_domains endpoint story
• v3-apply-manifest now works for defining environment variables in a multi-app manifest story
• Now the CLI checks the expiration time of an access token and refreshes it automatically before making a call the CF API story

Plugin Additions/Updates

• Updated html5-plugin to 1.2.0 story
• Updated CF Dev to 0.0.15 story
• Updated cf-puppeteer to 0.0.13 story
• Updated Create-Service-Push to 1.3.1 story
• Updated conduit to 0.0.7 story
• Adds push-with-vault story
• Adds set-weights story
• Adds multi-apps plugin story

Contributors:

Thomas Viehman, Will Murphy, Brendan Smith, Abby Chau, Andrew Crump, Alexander Berezovsky, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin) for all the services-related work, Simon Seif (thanks for the pull request!), V3 Acceleration Team, IBM (for Translations work)

Thank you to all our Community contributors, we appreciate the pull requests!

Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.