Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Fixed regressions

• Refactored auth used the "login" endpoint link discovered from the authorization endpoint, instead of the authorization endpoint itself, causing it to fail in cf CLI v6.29.1 on some login server configurations. (#1210)
• Refactored ssh-code used the "login" endpoint link discovered from the authorization endpoint, instead of the "uaa" endpoint link, causing it to fail in cf CLI v6.29.1 on some login server configurations.

Updated commands

• help now displays a more concise tip to use cf help -a to see all commands. (#1200)
• ssh now displays usage in help with uppercase option values consistent with other commands, and clarifies that the pseudo-tty options are mutually exclusive.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Corrupted config.json

There have been reports of the local config.json file getting corrupted, or truncated to 0 bytes. When this happens, most commands fail with an "Error read/writing config: unexpected end of JSON input" message, and deleting the file was the only remedy.
This release includes various improvements to reduce the chance of this file becoming corrupted.
The cf CLI uses this file to persist settings (see e.g. cf config), the targeted API endpoint, org and space, etc.
(#1071, #1199)

Fixed regressions

• Refactored api did not sanitize the API endpoint url, causing cf auth to fail since cf CLI 6.23.0 when the specified endpoint URL had a trailing slash. (#1186)
• Refactored auth used the UAA token endpoint instead of the login server authorization endpoint, causing authentication to fail since cf CLI v6.27.0 on CF targets with a login server not collocated with the UAA server. (#1192)

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output.
For example, warnings and errors will consistently be outputted to stderr instead of stdout and English table and key-value headers displayed in lowercase.
As we iterate through the list of commands, we are also focusing on improving performance and stability.
Please review your scripts if they depend on the output of these commands.

List of improved commands in this release:

• oauth-token
• ssh-code

Updated commands

• set-space-role now displays a usage error message with the right argument names when insufficient arguments are provided.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Org default isolation segments

This release introduces commands to configure a default isolation segment for an org, on which applications are placed from any space that has not explictly been assigned an isolation segment.
The new commands require a target CF release of v254 (CC API v3.11.0) onwards.
Refer to the documentation for details.

Bash tab completion on dash includes long options

Tab completion on a single dash (-) now displays both short and long option names (suppressing short ones when a long one is available) to get a quick overview of all available options to a (sub)command:

$ cf push myapp -
-b                   --health-check-type  --no-hostname        --route-path
-c                   --help               --no-manifest        -s
-d                   --hostname           --no-route           -t
--docker-image       -i                   --no-start           --version
--docker-username    -k                   -p
-f                   -m                   --random-route

An enhancement to our upstream Goflags command parser library was accepted to support this. Previously, tab completion on a single dash would only display short options.

Fixed regressions

• add-plugin-repo did not work if the plugin repo URL contained a path in cf CLI v6.28.0. (#1178)
• Refactored commands could fail when obtaining a new access token from an older CF release. (#1175)

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output.
For example, warnings and errors will consistently be outputted to stderr instead of stdout and English table and key-value headers displayed in lowercase.
As we iterate through the list of commands, we are also focusing on improving performance and stability.
Please review your scripts if they depend on the output of these commands.

List of improved commands in this release:

• restage (when you cf restage and the command fails, the CLI now correctly returns a exit code of 1)
• restart

Updated commands

• set-org-default-isolation-segment
• reset-org-default-isolation-segment
• org
• restage and restart now display a more detailed error message when staging fails
• set-space-isolation-segment and reset-space-isolation-segment now have better command descriptions
• security-groups now won't fail if a security group is deleted while retrieving its details
• enable-feature-flag and disable-feature-flag now have better, concise command descriptions. (#1174)
• set-env now includes unset-env in its SEE ALSO help section. (#1179)

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Space scoped staging application security groups

This release exposes space scoped staging application security groups, adding a --lifecycle option to bind-security-group and unbind-security-group to specify the lifecycle phase ('running' or 'staging') the security group applies to.
Refer to the documentation for details of this feature.
This feature requires a target CF release of v250 (CC API v2.68.0) or higher.

Private Docker repositories (interactive input)

This release implements community feedback from the survey on how to support authentication for private Docker repositories in an interactive way with cf push:
If a Docker image and username are specified to cf push and environment variable CF_DOCKER_PASSWORD is not set, the user is prompted for the password.
The private Docker repo feature requires a target CF release of v260 (CC API v2.82.0) onwards.

$ cf push dockerapp --docker-image docker/image --docker-username johndoe
Environment variable CF_DOCKER_PASSWORD not set.

Docker password> 
Creating app dockerapp in org myorg / space dev as john...
...

Fixed regressions

• Plugin commands could not be executed if the plugin binary was installed under $CF_HOME (introduced in 6.27.0).

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output.
For example, warnings and errors will consistently be outputted to stderr instead of stdout; and English table and key-value headers displayed in lowercase.
As we iterate through the list of commands, we are also focused on improving performance and stability.
Please review your scripts if they depend on the output of these commands.

List of improved commands in this release:

• security-groups
• unbind-security-group
• delete-space

Updated commands

• bind-security-group and unbind-security-group now accept a flag to indicate the lifecycle phase the security group should be applied to. Flag and values support Bash tab completion.
• security-groups now displays the lifecycle phase each security group applies to.
• space now displays both staging and running application security groups.
• delete-org's confirmation prompt no longer wraps at 80 characters regardless of terminal width.
• api and login command names are no longer displayed translated into French inside login related error messages. (#1169)

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Plugin installation improvements

This release incorporates various community requested improvements around plugin installation and management, mainly having the ability to check which plugins have a newer version out in a repo, and upgrading a plugin in one step.
Also, the styling of the CF community plugin site has been updated.

Private Docker repositories

This release implements community feedback from the survey on how to support authentication for private Docker repositories in a non-interactive way with cf push.
This feature requires a target CF release of v260 (CC API v2.82.0) onwards.

$ env CF_DOCKER_PASSWORD=$(pass docker/image) cf push dockerapp --docker-image docker/image --docker-username johndoe
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Creating app dockerapp in org myorg / space dev as john...
...

The interactive use case is targeted for implementation in a subsequent release.

DEA End of Life Impact

It remains the cf CLI team’s aim to deliver a CLI that can be used by all Cloud Foundry users; a single tool to talk to all your Cloud Foundry deployments. (See our policy here.)
As such, cf CLI releases (in the v6.* stream) can be expected to keep working with CF releases with DEAs.

That said, the cross-project phase-out of DEAs does entail the following, starting with this cf CLI release:

1. cf CLI releases are tested on Diego backed CF releases only.
2. Feature requests for the cf CLI relating to DEAs and not applicable to Diego are no longer considered.
3. Reported issues with the cf CLI relating to DEAs are still considered but given less attention.
4. The Diego-Enabler plugin is no longer supported and will be removed from the CF-Community plugin repo.

Built with Golang 1.8.3

Golang 1.8 addresses an issue that could cause problems when pushing files with long paths on Windows. (#1158)

Tab completion of ~/

All commands and options taking paths now also tab complete on paths starting with ~/.

Fixed regressions

• cf-unset-space-role failed with a no such host error when feature flag "unset_roles_by_username" was disabled. (#1134)

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output.
For example, warnings and errors will consistently be outputted to stderr instead of stdout and (English) table and key-value headers displayed in lowercase.
As we iterate through the list of commands, we are also focusing on improving performance and stability.
Please review your scripts if they depend on the output of these commands.

List of improved commands in this release:

• plugins
• install-plugin
• uninstall-plugin
• add-plugin-repo
• auth
• bind-service

Updated commands

• plugins introduces a flag --outdated to inspect all registered plugin repos and search for later versions to currently installed plugins. (#924)
• plugins now includes a tip to use cf repo-plugins to view plugins available in registered plugin repos.
• plugins, help and other plugin commands now first check environment variables $CF_PLUGINS_HOME, then $CF_HOME and then $HOME
  for the user's custom plugins storage folder. (#1137)
• install-plugin now displays a progress indicator when downloading a plugin binary.
• install-plugin now searches all registered plugin repositories when specifying a plugin name without a repository.
• install-plugin now uninstalls the current plugin when installing a same-named plugin when confirmation is disabled (-f), or when installing from a plugin repo.
• install-plugin now installs a plugin successfully even if its binary does not have execute permissions.
• install-plugin now supports tab completion of local files. (#1099)
• install-plugin now aborts installation when the checksum of a downloaded plugin binary does not match the checksum reported by the repo.
• install-plugin now aborts when specifying a non-existing repository name.
• install-plugin now aborts when a binary of the right platform is not available in the plugin repository.
• uninstall-plugin now resumes uninstallation if it cannot remove the plugin binary, enabling the user to manually resolve the issue.
• uninstall-plugin now accepts a case insensitive plugin name, aligned with install-plugin.
• add-plugin-repo now returns with exit code 0 when attempting to add a plugin repo that is already registered, so scripts do not fail on re-runs.
• add-plugin-repo now respects the casing of the URL specified (#1058)
• ssh now prints a better error message when there is no app instance at the specified index (#1131)
• ssh help now clarifies that the default app instance is 0 (i.e. instance counter starts at zero) (#1130)
• create-org now adds double quotes around the org name in the tip to use cf target to target the org, enabling easy copy & pasting when the org contains spaces. (#1149)
• start, delete-org and other refactored commands that poll the API endpoint until it has completed its operation now have a reduced polling interval of 3 seconds (was 5s), making them slightly faster in some cases.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 64 bit / 32 bit (deb)
• Redhat 64 bit / 32 bit (rpm)
• Mac OS X 64 bit (pkg)
• Windows 64 bit / 32 bit (zip)

Binaries

• Linux 64 bit / 32 bit (tgz)
• Mac OS X 64 bit (tgz)
• Windows 64 bit / 32 bit (zip)

Change Log

Isolation segments

This release introduces commands to manage isolation segments, enabling one to run applications in a dedicated resource pool.
The new commands require a target CF release of v254 (CC API v3.11.0) onwards.

Refer to the documentation for details of this feature.

Fixed regressions

• create-buildpack and update-buildpack did not accept a URL to a buildpack in cf CLI v6.25.0. (#1085)
• ssh failed when transferring more than 2GB since cf CLI v6.24.0. (#1098)
• logs and start ignored https_proxy environment variable when trying to connect to the loggregator doppler endpoint since cf CLI v6.17.1, causing a failure to retrieve logs when behind an HTTP proxy (only http_proxy was inspected). (cloudfoundry/docs-cf-cli#24)

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output. For example, warnings and errors will consistently be outputted to stderr instead of stdout. As we iterate through the list of commands, we are also focusing on improving performance and stability.

List of improved commands in this release:

• org
• space
• app
• start
• logs
• bind-security-group

Updated commands

• start now displays a more detailed error message when staging fails.
• delete-org and delete-shared-domain now display in more detail what else gets deleted in their confirmation messages. (#1082)
• delete-user now displays a better error message when several users of the same name (from different origins) exist. (#1097)

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 32 bit
• Debian 64 bit
• Redhat 32 bit
• Redhat 64 bit
• Mac OS X 64 bit
• Windows 32 bit
• Windows 64 bit

Binaries

• Linux 32 bit binary
• Linux 64 bit binary
• Mac OS X 64 bit binary
• Windows 32 bit binary
• Windows 64 bit binary

Change Log

Tab completion

The cf CLI now supports tab completion on systems where that is enabled.
Completion is provided of cf native subcommands and option names as well as arguments & option values that are available locally to the CLI, i.e. filepaths and e.g. true/false and process/port/http enumerations.

Examples

$ cf <tab><tab>
Display all 156 possibilities? (y or n)

$ cf i<tab>
->
$ cf install-plugin 

$ cf set-org-role user myorg o<tab>m<tab>
->
$ cf set-org-role user myorg OrgManager

To enable Bash tab completion, the bash-completion package needs to be installed. Run sudo apt-get install bash-completion , sudo yum install bash-completion or homebrew install bash-completion on Debian, RPM, Homebrew based system respectively.
The Debian, RPM and Homebrew installers of the cf CLI bundle a Bash tab completion file that is copied to a standard location (e.g. /usr/share/bash-completion/completions/ or /etc/bash_completion.d/), where it should be picked up automatically on Bash completion enabled environments the next time you open a Bash shell. If it's not, open ~/.bashrc and ensure the tab completion file is sourced from it. Refer to your shell & operating system's documentation for details.
For downloaders of the binary releases or the Mac OS X package, download the above file and ensure it is executed when you open a shell (e.g. by sourcing it from your shell profile (~/.bash_profile)).

CLI binary 30% smaller

The file size of the cf CLI binaries has been reduced by about 30%.
Previously, the binaries included additional data useful in debugging and profiling the CLI. The CLI team never used these tools, so it made sense to remove them.
This change should not affect the execution of the actual program. They only affect whether you can debug or analyze the binary with other tools, which you still can if you rebuild the binary to include this data.

Plugin Framework Changes

• The GetApp_RouteSummary API now includes fields to retrieve a route''s path or port.

Updated commands

• run-task now accepts parameters to configure the memory and disk space limits for a task.
• push options -f and -p and other commands accepting a path to a file or folder now display a friendlier parsing error when the filepath is not found. (#1030)
• help now displays the alias of plugin commands, and accepts them to display its command help text. (#1048)
• login now accepts the SSO passcode on the command line. (#1052)
• ssh now accept base64 encoded SHA256 SSH fingerprints exposed by /v2/info. (#1072)

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 32 bit
• Debian 64 bit
• Redhat 32 bit
• Redhat 64 bit
• Mac OS X 64 bit
• Windows 32 bit
• Windows 64 bit

Binaries

• Linux 32 bit binary
• Linux 64 bit binary
• Mac OS X 64 bit binary
• Windows 32 bit binary
• Windows 64 bit binary

Change Log

Doppler endpoint only

This release no longer bundles the deprecated loggregator consumer library, which was used to talk to the loggregator endpoint on CF releases before v212. Now, regardless of the CF release version targeted, the noaa library will be used to talk to the doppler endpoint.
This endpoint was deemed stable around CF v203: if targeting an earlier CF release and experiencing issues with commands that interact with the loggregator (e.g. logs, push), please stay on a previous release of the cf CLI until your target CF is upgraded.

Targeting CF releases before v197

Due to the removal of code branches only followed when targeting very old CF releases, the following commands may show degraded functionality:

• Commands that interact with domains are affected when targeting CC API versions <v2.0.1 (cf push, routes & domains commands)
  It is difficult to determine the exact CF release version and impact as the published CC V2 API docs don’t go back that far. CC API 2.0.1 was incorporated somewhere before CF v190 (released in Oct 2014).
• The cf space-users command is affected when targeting CC API <v2.21.0 (CF release v197, released in Jan 2015) and will return an error.

Health check type 'http'

In addition to the current port and process types of health checks for your application, there is now an http health check, which periodically sends an HTTP request to a specific endpoint on our application and monitors the response code.
The push, create-app-manifest and set-health-check commands have been updated to support this new health check type.
Push the app with an app manifest, or use the set-health-check command, to specify a custom path.

Note also that the above commands now prefer the better named value 'process' to identify the process health check (the deprecated 'none' is still accepted).
See http://docs.cloudfoundry.org/devguide/deploy-apps/healthchecks.html for details.

Built with Golang 1.7.5

Golang 1.7.5 was released last month, addressing an issue that could have caused API server certificate validation to fail on Mac OS Sierra.
See this announcement for details.

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output. For example, warnings and errors will consistently be outputted to stderr instead of stdout. As we iterate through the list of commands, we are also focusing on improving performance and stability.

List of improved commands in this release:

• get-health-check
• set-health-check
• target

Updated commands

• push now accepts http as well as process as health check type, both to the -u flag and in the app manifest "health-check-type" attribute. The app manifest also accepts a new "health-check-http-endpoint" attribute to customize the endpoint monitored in case of the http health check type.
• create-app-manifest now writes out the two health check related attributes mentioned above. (#1038)
• set-health-check now accepts http as well as process as health check type, as well as an endpoint to monitor in case of the http health check type.
• get-health-check now displays the endpoint in case of http health check type.
• push help text now better describes the -t option.
• delete-org now clears the targeted org after a successful deletion.
• target now clears the targeted org and/or space on an error. (#1061)
• api now aligns the row headers properly in locales that use multi-byte characters.

Package Manager Installation

• apt-get, yum, homebrew

Installers

• Debian 32 bit
• Debian 64 bit
• Redhat 32 bit
• Redhat 64 bit
• Mac OS X 64 bit
• Windows 32 bit
• Windows 64 bit

Binaries

• Linux 32 bit binary
• Linux 64 bit binary
• Mac OS X 64 bit binary
• Windows 32 bit binary
• Windows 64 bit binary

Change Log

Reminder: 6.23.x is the last release to bundle the deprecated loggregator consumer library, which is used to talk to the loggregator endpoint on CF releases before v212.

In the next minor cf CLI release (6.24.0) this library is scheduled to be removed; regardless of the CF release version targeted, the noaa library will be used to talk to the doppler endpoint.
This endpoint was deemed stable around CF v203: if targeting an earlier CF release and experiencing issues with commands that interact with the loggregator (e.g. logs, push), please stay on a 6.23.x release of the cf CLI until your target CF is upgraded.

Request Ids in error messages

Where available, error messages from 5xx responses from API endpoints now include the request id, which can be helpful for platform operators to look up details on the interaction in CF's internal logs. (#998)

License and copyright attributions

All binaries and installers now include up to date license and copyright attributions.

Fixed regressions

• delete-org immediately followed by a command/operation that depends on the deletion to have completed could fail in cf CLI 6.23.0 because delete-org returned without polling to wait for the deletion process to complete.

Updated commands

• push now continues with deployment even if the resource matching operation times out. (#1042)
• run-task now prints a tip in its help page how to inspect logs for a running task. (#1034)
• run-task now prints the (specified or generated) task name when it submits it.
• install-plugin no longer displays a localised (J oder N) with the confirmation prompt as it only responds to the English abbreviations. (As part of the refactor of all commands, all locales will eventually display a [yN] in confirmation prompts). (#994)
• help now clarifies it displays only the most common, app developer focussed commands. (#1009)
• version now separates the build metadata (sha and build date) with a period (e.g. 6.23.0+3c307aa.2017-01-11) to make it easier to parse with SemVer libraries, and build the binary from source. (#992, #1036)

Installers

• Debian 32 bit
• Debian 64 bit
• Redhat 32 bit
• Redhat 64 bit
• Mac OS X 64 bit
• Windows 32 bit
• Windows 64 bit

Binaries

• Linux 32 bit binary
• Linux 64 bit binary
• Mac OS X 64 bit binary
• Windows 32 bit binary
• Windows 64 bit binary

Change Log

6.23.x are the last minor release to bundle the deprecated loggregator consumer library, which is used to talk to the loggregator endpoint on CF releases before v212.

In the next minor cf CLI release (6.24.0) this library is scheduled to be removed; regardless of the CF release version targeted, the noaa library will be used to talk to the doppler endpoint.
This endpoint was deemed stable around CF v203: if targeting an earlier CF release and experiencing issues with commands that interact with the loggregator (e.g. logs, push), please stay on this release of the cf CLI until your target CF is upgraded.

One-off tasks

This release introduces commands to run, terminate and list tasks, available from CF release v247 (CC API v3.0.0) onwards.

A task is an application or script whose code is included as part of a deployed application, but runs independently in its own container.
It can be used to perform one-off jobs, such as:

• Migrating a database
• Sending an email
• Running a batch job
• Running a data processing script

Refer to the Running Tasks documentation for details.

Creating users with external identity providers

The create-user command has been enhanced to allow the creation of users mapped to users in an external identity provider, such as LDAP. (#822)

$ cf create-user j.smith@example.com --origin ldap  # LDAP user

CLI client id and secret no longer hard-coded

The client id and secret used by the cf CLI for certain UAA requests are now stored in the local config.json file, making it possible to configure custom ids and secrets, for example to use long-lived tokens for scripts in CI environments.
We're working on proper documentation. For now, refer to #919 (comment).

Built with Golang 1.7.4

Golang 1.7.4 was released this month, addressing a vulnerability that could affect cf CLI users on Darwin with trust preferences for root certificates.
See this announcement for details.

Refactored commands

We are in the process of creating a more consistent user experience; our goal is to standardize UI output. For example, warnings and errors will consistently be outputted to stderr instead of stdout. As we iterate through the list of commands, we are also focusing on improving performance and stability.

List of improved commands in this release:

• api
• create-user
• delete-org
• delete-orphaned-routes
• unbind-service
• version

Fixed regressions

• 32 bit binaries of cf CLI 6.22.2 panic on 32 bit systems for commands that interact with loggregator (such as push) due to 64 bit-only code in the doppler library. (#991)
• Commands that interact with loggregator (such as push) could panic if the connection with the loggegrator was interrupted (e.g. in the case of a loggregator restart) due to an issue in retry logic. (#1019)

Updated commands

• create-security-group and update-security-group now include the new "description" field in the JSON example in their help pages. This field is accepted from CF release v238 (CC API v2.57.0) onwards.
• push now treats values of environment variables specified in the app manifest as strings so big integers do not unintentionally get converted into (harder to read) scientific numbers. (#996)
• push no longer panics when loggregator restarts while collecting app logs. (#1019)
• delete-space now takes an optional org parameter to allow deletion of a space without targeting it. (#957)
• unbind-service no longer fails with an error saying the app is not bound when unbinding a service that is bound to more than 50 apps. (#948)
• delete-orphaned-routes now deletes all orphaned routes instead of stopping after deleting 50, and no longer exits with return code 0 when an error occurs. (https://www.pivotaltracker.com/story/show/131127157, #978)