Important Note: A regression has been reported by some users regarding cf login. We are currently reviewing this issue and are likely to release a patch. It is not recommended to use 6.47.0.
Note: this release does not include the Windows installer because we are in the middle of renewing the certificate. We are currently working to include the Windows installer in the next release. Please reach out on Slack Cloud Foundry #cli if you have feedback or questions.
Package Manager Installation
Installers
Binaries
Change Log
Installers
Note this release does not include the Windows installer because we are in the middle of renewing the certificate. We are currently working to include the Windows installer in the next release. Please reach out on Slack Cloud Foundry #cli if you have feedback or questions.
CF Login Refactor
In order to prepare for an upcoming feature for cf login, and to support the v7 beta cf CLI effort, the cf CLI embarked on a refactor of cf login.
User-facing changes include:
cf loginis backed by the v3 API for calling resources such asorgsandspaces- this is in accordance with our minimum version policy- instead of outputting the
v2version of the api in theAPI endpointinformation, we now output the correspondingv3version - improving and restructuring error messages where possible to improve user experience and consistency. For example:
- if we detect your minimum version is outside our window of support, we've added additional text to inform you where to download the newer version of the cf CLI. story
- when using
--skip-ssl-validation, we've added thehttpsprotocol to the error message, and we've changedTIPto prompt you to usecf logininstead ofcf apifor for consistency. story - moving
FAILEDafter the error output - if you have less than 50 orgs and spaces, positive integers at the prompts will always be used as a list index. story
- if you have more than 50 orgs and spaces, numbers at the space prompt will always be interpreted as a space name. story
- subtle changes to UX. Examples include:
- replacing
>with:for prompts - removing flavor text from the
>prompts and the final output to confirmAPI endpoint,User,Org,Space
- replacing
- warnings and errors will consistently be outputted to stderr instead of stdout
- when using
CTRL-Cto exit the prompt, the^Cno longer echos in the prompt field. story - when you attempt to login with
cf login, the configuration file is updated once after authentication succeeds, and then again when the entire command completes successfully. For example, if you attempt to login withcf l -a api.cli.funand you hitCTRL-Cat the following prompt, then the CLI will no longer write the api version and endpoint to the config file. If you hitCTRL-Cat the prompt to choose an organization, the config file will be updated with the new API endpoints and access tokens [story] (https://www.pivotaltracker.com/story/show/163101114) - users can now pipe input into username and password prompts for
cf login. story
Non user-facing changes of note:
AuthorizationEndpointchanged fromuaatologinin the config changed due to API updates storySSHOAuthClientchanged fromssh-proxyto""this field is not configurable by the user story
Deprecation of custom client workflow
This release adds a deprecation notice to login and auth for "custom client workflows". In an early version of the cf CLI, support was added to allow users to extend their refresh token by writing secrets to their config.json. Since this is a security concern, in cf CLI release 6.44.0 onwards we've changed this behavior such that the default refresh token expires within 12 hours, which we believe, is sufficient for most pipelines to run. If users require a longer-lived token, see the UAAC documentation. More details about this can be found here.
In v7 cf CLI, we will completely remove the functionality to write secrets to the config.json in order to obtain a longer-lived refresh token.
Enhancements:
- Since usernames are not unique, users with the same name can exist in different external identity providers. This release supports a new flag on
login:--originwhich allow users to disambiguate the user and identity provider they want to log in to. story - Adds a deprecation warning to
cf loginandcf authfor custom clients. In CLI V7, we are encouraging users to adopt the client credential workflow because it is more secure (secrets are not written to the config). story and story - If you are not logged in and attempt to run commands, now a slightly more verbose output appears to prompt the user to run either
'cf login' or 'cf login --sso' to log in.. story - the
CF_DIAL_TIMEOUTdefault has been updated from5to6seconds to avoid race conditions story
Bug Fixes:
create-buildpackwill now retry if attempting to create a large buildpack and the fresh token is about to expire story- now when you push an application with a buildpack, and if you delete the buildpack, and then subsequently push the same app with multiple buildpacks,
pushshould stage your app story
Plugins:
- Updates multiapps plugin to 2.1.2 plugin story
- Updates SCS CF CLI plugin to v1.0.22 story
- Updates cfdev to 0.0.17 story
Note: For users who are scripting using the cf CLI, we advise usage of the cf auth command as cf login is an interactive command which does not lend well to automation.
Contributors: Brendan Smith, Abby Chau, Andrew Crump, Alexander Berezovsky, Steve Taylor, Jenna Goldstrich, Eric Promislow, SAPI team (Aarti Kriplani, Alex Blease, George Blue, Georgi Lozev, Henry Stanley, Nikolay Maslarski, Will Martin) for all the services-related work, and Simon Seif (thanks for the pull request!),
Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). See our minimum supported version policy for more information.