diff --git a/content/news/articles/2015-05-29-week-update.md b/content/news/articles/2015-05-29-week-update.md
new file mode 100644
index 0000000..2f69aa2
--- /dev/null
+++ b/content/news/articles/2015-05-29-week-update.md
@@ -0,0 +1,18 @@
+---
+layout: layouts/post
+tags: news
+date: 2015-05-29
+title: "Updates for the week of 5/29/2015"
+redirect_from:
+  - /updates/2015-05-29-week-update/
+---
+
+Platform:
+
+- Upgraded to release [210](https://github.com/cloudfoundry/cf-release/releases/tag/v210)
+- Binary and Static buildpacks are now built in the deployment
+- Added Newrelic Insights and Plugins for platform monitoring data
+
+Services:
+
+- The rds service now encrypts the passwords
diff --git a/content/news/articles/2015-09-01-sprint-4-update.md b/content/news/articles/2015-09-01-sprint-4-update.md
new file mode 100644
index 0000000..547620f
--- /dev/null
+++ b/content/news/articles/2015-09-01-sprint-4-update.md
@@ -0,0 +1,45 @@
+---
+layout: layouts/post
+tags: news
+date: 2015-09-01
+title: "Status page and console additions"
+redirect_from:
+  - /updates/2015-09-01-sprint-4-update/
+---
+
+We've added a new status page to show you the state of the cloud.gov platform, and we've made significant upgrades in your ability to manage your apps via the web.
+<!--more-->
+
+### Status Page
+As production use of cloud.gov ramps up, it's important that you have a constant picture of the platform's status, which may affect your product's operations and availability.
+
+We're now providing this visibility via the [cloud.gov Status Page](https://cloudgov.statuspage.io/), where you'll be able to see at a glance:
+
+- When there are any ongoing or recent degradations in service
+- When any maintenance is planned or recently completed
+
+We've proactively subscribed existing users to that page, so there's no need for any action on your part... You'll be notified via e-mail whenever problems are identified, or when planned maintenance is expected to impact your application's availability. However, you can also use the subscription control at the upper-right of the page to subscribe to updates via texts or Atom/RSS feed if you so choose.
+
+### Console Improvements
+In addition to the command-line client, the [cloud.gov web-based console](https://console.cloud.gov/) has now entered an alpha state. You can use the console to **review your organizations and spaces**, and **manage the state of your applications, services, and routes**. Creation of accounts, orgs, and spaces is still managed [via GitHub request]({{ site.baseurl }}/getting-started/setup/).
+
+Here are examples of actions now possible via the magic of your Interweb-capable browsing apparatus:
+
+- Traverse the layout of your accessible organizations and spaces
+- Control access to your owned orgs and spaces for other accounts
+- Browse a list of available services and provision new instances
+- Bind service instances with specific applications
+- Edit the routes that will bring user traffic to an application
+- Inspect the live resource utilization of a running application
+- Restart stopped or misbehaving applications
+
+If you've not taken a look in a while, please [check it out](https://console.cloud.gov/)!
+
+Note I said above the console is in "alpha" state, and really it's more of an MVP. Please [report problems or feature requests](https://github.com/18F/cf-deck/issues) or better yet, [make pull-requests](https://github.com/18F/cf-deck/pulls) via GitHub. (Side note: **We are short-handed on front-end/design/UI resources**, so any quick help anyone can offer, even if it's just some help with our IA, would be very **VERY** welcome!)
+
+### Other stuff
+We're now publishing our [roadmap](https://18f.storiesonboard.com/m/gov-dev) in [story-map form](http://jpattonassociates.com/wp-content/uploads/2015/03/story_mapping.pdf) in case anyone wants to get a peek at what we're focused on now and what we're juggling for the future. Our focus right now is: **Buttoning up loose ends that prevent us from offering cloud.gov to other agencies.**
+
+Our [intra-sprint kanban board](https://trello.com/b/ChGzyepo/gov-dev) is also visible, as is the [calendar of cloud.gov team rituals](https://www.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks%40group.calendar.google.com&ctz=America/Los_Angeles) for anyone who would like to attend.
+
+That's all for now...
diff --git a/content/news/articles/2015-09-14-sprint-5-update.md b/content/news/articles/2015-09-14-sprint-5-update.md
new file mode 100644
index 0000000..e159a2b
--- /dev/null
+++ b/content/news/articles/2015-09-14-sprint-5-update.md
@@ -0,0 +1,42 @@
+---
+layout: layouts/post
+tags: news
+date: 2015-09-14
+title: "Even more console features and a new home for updates"
+redirect_from:
+  - /updates/2015-09-14-sprint-5-update/
+---
+
+Now you can view log and event data for your apps and adjust permissions for your org and spaces via the web. We're also publishing these updates via [cloud.gov](http://cloud.gov/updates/).
+<!--more-->
+
+### View log and event data for your apps in the console
+When you take a look at the details for an application via the [cloud.gov console](http://console.cloud.gov), you'll now be able to see any recent logs generated by your application, as well as a list of recent deployment events from cloud.gov itself.
+
+<!--
+![Viewing logs for an app]({{site.baseurl}}/img/view-app-logs.png)
+
+![Viewing events for an app]({{site.baseurl}}/img/view-app-events.png)
+-->
+
+### Adjust permissions for your orgs and spaces in the console
+It's now possible to inspect and adjust the permissions for the individual orgs and spaces you control.
+
+<!--
+![Managing users for a space]({{site.baseurl}}/img/manage-space-users.png)
+
+![Adjusting a single user's permissions]({{site.baseurl}}/img/adjust-a-single-user.png)
+-->
+
+### Updates now published via the cloud.gov website
+We've also started consolidating announcement about updates to cloud.gov, like this one, on cloud.gov! [Check it out.](http://cloud.gov/updates/)
+
+### Want to know more?
+Follow our team:
+
+- Our [roadmap](https://18f.storiesonboard.com/m/gov-dev) in [story-map form](http://jpattonassociates.com/wp-content/uploads/2015/03/story_mapping.pdf)
+  - Current milestone: M2: Buttoning up loose ends that prevent us from offering cloud.gov to other agencies.
+- Our [kanban board for the current sprint](https://trello.com/b/ChGzyepo/gov-dev)
+- Our [calendar of team rituals](https://www.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks%40group.calendar.google.com&ctz=America/Los_Angeles)
+
+That’s all for now...
diff --git a/content/news/articles/2016-02-12-logs-update.md b/content/news/articles/2016-02-12-logs-update.md
new file mode 100644
index 0000000..2b9f362
--- /dev/null
+++ b/content/news/articles/2016-02-12-logs-update.md
@@ -0,0 +1,19 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-02-12
+title: "Logging service"
+redirect_from:
+  - /updates/2016-02-12-logs-update/
+---
+
+New feature: Zero-setup persistent logs.
+<!--more-->
+
+Given the universal need for compliant logging, we've recently added a common logging facility to cloud.gov. Now, logs and events for every cloud.gov application are stored and indexed automatically, with zero setup required. 
+
+For more information about this feature, please see [our documentation about logging]({{ site.baseurl }}/apps/logs/#historic-logs:6d6e87c8985e9c9e781f22ee066f5a45).
+
+Now that cloud.gov provides platform-level logging, the ELK service we previously provided will be deprecated. If you are still using it, we recommend you delete the instance whenever is convenient to reduce your resource usage (and hence costs).
+
+If you have feedback about this service, please don't hesitate to [contact us](mailto:support@cloud.gov).
diff --git a/content/news/articles/2016-06-15-auth-ssh-changes.md b/content/news/articles/2016-06-15-auth-ssh-changes.md
new file mode 100644
index 0000000..e6fa9f0
--- /dev/null
+++ b/content/news/articles/2016-06-15-auth-ssh-changes.md
@@ -0,0 +1,32 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-06-15
+title: "Changes to login and cf-ssh"
+redirect_from:
+  - /updates/2016-06-15-auth-ssh-changes/
+---
+
+Earlier this month we updated **cloud.gov login** and **`cf-ssh`** in ways that mean most cloud.gov users need to change how they use them. You've probably already made these changes if you need to (we sent email notifications to people who should log in using the new system), but here are the details as a handy reference.
+<!--more-->
+
+### For GSA and EPA, your cloud.gov login is now your agency login
+
+We updated how @gsa.gov and @epa.gov accounts authenticate with cloud.gov. When you log in, use your official agency credentials instead of your old cloud.gov-specific username and password. Here's how:
+
+* **On the web:** At [https://login.cloud.gov/](https://login.cloud.gov/), select the button for your agency and enter your agency credentials (the same credentials you use for your agency's own services).
+* **On the command line:** Use the new command listed at [Setting up the command line]({{ site.baseurl }}/getting-started/setup/) for agency accounts: `cf login -a api.cloud.gov --sso`
+
+This update improves the security of these accounts because you're now using your agency's existing multi-factor authentication system. This is a step in our progress toward FedRAMP compliance and certification for cloud.gov.
+
+### Use the new version of `cf-ssh`
+
+If you use [`cf-ssh` for running one-off commands](https://cloud.gov/docs/management/using-ssh/), we released [version 3 on June 2](https://github.com/18F/cf-ssh/releases/). Please download and use that latest version.
+
+If you haven't updated `cf-ssh`, you may get this error when you try to use it:
+```shell
+Initiating tmate connection...success
+ssh: Could not resolve hostname tmate.18f.us: nodename nor servname provided, or not known
+```
+
+That usually means you need to update `cf-ssh` to our latest version.
diff --git a/content/news/articles/2016-07-07-deck-update.md b/content/news/articles/2016-07-07-deck-update.md
new file mode 100644
index 0000000..70315ba
--- /dev/null
+++ b/content/news/articles/2016-07-07-deck-update.md
@@ -0,0 +1,42 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-07-07
+title: "Today’s Dashboard update (formerly the “Deck”)"
+redirect_from:
+  - /updates/2016-07-07-deck-update/
+---
+
+Today we released a new version of the [cloud.gov Deck (now Dashboard)](https://dashboard.cloud.gov/). The best part is invisible: we refactored the codebase so we can improve it much faster than we could with the old version. But it has visible changes too, so here’s what’s new, what we have in mind, and how to tell us what you think.
+<!--more-->
+
+We'll keep the [old Deck](https://console.cloud.gov/) around for about a week and then will redirect it to this new version. Let us know if this would cause problems for you.
+
+### What's new and different
+
+* **Name:** We took this opportunity to rename it from the “Deck” to the “Dashboard”, since that’s what people usually call it.
+* **Style:** It fits into the overall cloud.gov style and navigation! So for example, when you’re in the Dashboard troubleshooting something, you can easily go look at [documentation]({{ site.baseurl }}/docs/) and [status](https://cloudgov.statuspage.io/).
+* **Navigation:** Navigating to your orgs, spaces, and apps is simpler: the sidebar displays a straightforward list of the orgs and spaces in your account, along with the marketplaces available for your orgs. You won’t have to click as many menus to do common tasks.
+* **Labels:** Data about your apps has unit labels to identify whether numbers are in GB or MB.
+* **Code:** The Dashboard's refactored codebase has better tests and less repetition.
+* **More potential for open source collaboration:** This improved codebase will help us encourage reuse and contributions by outside-18F teams that are also building tools on top of Cloud Foundry.
+
+### What’s missing in this version
+
+* **App management options:** This version doesn’t include all the earlier Deck’s options for managing apps (such as starting/stopping them, binding services, and updating routes). Instead, it links to documentation for those tasks on the command line. These web options weren’t used much, and we’re researching whether we should prioritize rebuilding them. (We’re curious what you think.)
+* **App logs and events:** The Dashboard now points to [logs.cloud.gov](https://login.cloud.gov/) for viewing app logs and events, instead of duplicating it.
+* **Quota meter:** We didn’t re-implement the small quota indicator from the old Deck, since it was mostly mysterious to people. We’re researching how to helpfully explain your quota usage.
+* **Perfectly bug-free experience:** We have a list of [known bugs](https://github.com/18F/cg-deck/issues?q=is%3Aopen+is%3Aissue+label%3Abug) — please feel free to file more if you notice something weird or broken.
+
+### What we’ve heard that people want
+
+As we figure out next steps, we know that people want the Dashboard to help them:
+
+* Understand how to use cloud.gov
+* Troubleshoot apps that are having problems
+* Do more tasks that are only available on the command line
+* Get insight into quotas and billing
+
+### We’d like your thoughts
+
+Everyone can [file issues](https://github.com/18F/cg-deck/issues) for bugs and suggestions. If you're in 18F, come talk to us about the Dashboard in [#cloud-gov-navigator](https://gsa-tts.slack.com/messages/cloud-gov-navigator/). If you're a cloud.gov user outside 18F, you can send thoughts and questions to us at [support@cloud.gov](mailto:support@cloud.gov).
diff --git a/content/news/articles/2016-07-19-fedramp-ready.md b/content/news/articles/2016-07-19-fedramp-ready.md
new file mode 100644
index 0000000..f19535a
--- /dev/null
+++ b/content/news/articles/2016-07-19-fedramp-ready.md
@@ -0,0 +1,10 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-07-19
+title: "Full steam ahead on FedRAMP assessment"
+redirect_from:
+  - /updates/2016-07-19-fedramp-ready/
+---
+
+Over on the 18F team blog, [we've posted an update on cloud.gov's FedRAMP assessment progress](https://18f.gsa.gov/2016/07/18/cloud-gov-full-steam-ahead-fedramp-assessment-process/). In short: we've passed the FedRAMP Ready milestone, and we expect to receive FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) in November. [More details in the post!](https://18f.gsa.gov/2016/07/18/cloud-gov-full-steam-ahead-fedramp-assessment-process/)
diff --git a/content/news/articles/2016-11-18-release-notes.md b/content/news/articles/2016-11-18-release-notes.md
new file mode 100644
index 0000000..12ee3e4
--- /dev/null
+++ b/content/news/articles/2016-11-18-release-notes.md
@@ -0,0 +1,27 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-11-18
+title: "Platform Release Notes"
+redirect_from:
+  - /updates/2016-11-18-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past four weeks.
+<!--more-->
+
+### Added
+- cloud.gov supports the [.NET Core buildpack](https://docs.cloudfoundry.org/buildpacks/dotnet-core/index.html) ([learn about buildpacks]({{ site.baseurl }}/docs/getting-started/concepts#buildpacks)).
+- You can [invite](https://account.fr.cloud.gov/invite) teammates who aren’t in agencies with supported single-sign-on authentication (GSA, EPA, FDIC). After you invite them, they can log in by creating a cloud.gov account with multi-factor authentication.
+- The [dashboard](https://dashboard.fr.cloud.gov) shows the current memory, disk usage and quota limits for apps.
+- You can create [deployer accounts]({{ site.baseurl }}/docs/apps/continuous-deployment#govcloud-environment-deployer-account-broker) programmatically.
+- For FDIC users: you can log into cloud.gov using your agency single-sign-on credentials.
+
+### Changed
+- We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to [Release v246](https://github.com/cloudfoundry/cf-release/releases/tag/v246), which includes updates to buildpacks and improvements for internal components.
+
+### Security
+You can [restage](https://docs.cloudfoundry.org/devguide/deploy-apps/start-restart-restage.html#restage) your application to incorporate the latest security fixes and ensure you’re running the most recent language version supported.
+
+- The PHP buildpack update addresses [USN-3095-1](https://www.ubuntu.com/usn/usn-3095-1/) (assorted PHP vulnerabilities) with PHP 5.6.27 and 7.0.12. The associated CVEs are [CVE-2016-7124](https://ubuntu.com/security/CVE-2016-7124), [CVE-2016-7125](https://ubuntu.com/security/CVE-2016-7125), [CVE-2016-7127](https://ubuntu.com/security/CVE-2016-7127), [CVE-2016-7128](https://ubuntu.com/security/CVE-2016-7128), [CVE-2016-7129](https://ubuntu.com/security/CVE-2016-7129), [CVE-2016-7130](https://ubuntu.com/security/CVE-2016-7130), [CVE-2016-7131](https://ubuntu.com/security/CVE-2016-7131), [CVE-2016-7132](https://ubuntu.com/security/CVE-2016-7132), [CVE-2016-7133](https://ubuntu.com/security/CVE-2016-7133), [CVE-2016-7134](https://ubuntu.com/security/CVE-2016-7134), [CVE-2016-7411](https://ubuntu.com/security/CVE-2016-7411), [CVE-2016-7412](https://ubuntu.com/security/CVE-2016-7412), [CVE-2016-7413](https://ubuntu.com/security/CVE-2016-7413), [CVE-2016-7414](https://ubuntu.com/security/CVE-2016-7414), [CVE-2016-7416](https://ubuntu.com/security/CVE-2016-7416), [CVE-2016-7417](https://ubuntu.com/security/CVE-2016-7418), [CVE-2016-7418](https://ubuntu.com/security/CVE-2016-7418)
+- The Node buildpack update addresses [USN-3087-1](https://www.ubuntu.com/usn/usn-3087-1/) (assorted OpenSSL vulnerabilities) with node 6.8.1 and 6.9.0. The associated CVEs are [CVE-2016-2177](https://ubuntu.com/security/CVE-2016-2177), [CVE-2016-2178](https://ubuntu.com/security/CVE-2016-2178), [CVE-2016-2179](https://ubuntu.com/security/CVE-2016-2179), [CVE-2016-2180](https://ubuntu.com/security/CVE-2016-2180), [CVE-2016-2181](https://ubuntu.com/security/CVE-2016-2181), [CVE-2016-2182](https://ubuntu.com/security/CVE-2016-2182), [CVE-2016-2183](https://ubuntu.com/security/CVE-2016-2183), [CVE-2016-6302](https://ubuntu.com/security/CVE-2016-6302), [CVE-2016-6303](https://ubuntu.com/security/CVE-2016-6303), [CVE-2016-6304](https://ubuntu.com/security/CVE-2016-6304), [CVE-2016-6306](https://ubuntu.com/security/CVE-2016-6306)
diff --git a/content/news/articles/2016-11-30-release-notes.md b/content/news/articles/2016-11-30-release-notes.md
new file mode 100644
index 0000000..11cd26e
--- /dev/null
+++ b/content/news/articles/2016-11-30-release-notes.md
@@ -0,0 +1,28 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-11-30
+title: "Platform Release Notes"
+redirect_from:
+  - /updates/2016-11-30-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Added
+- The [dashboard](https://dashboard.fr.cloud.gov) now allows restarting of apps from the app page.
+
+### Changed
+- We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to [Release v247](https://github.com/cloudfoundry/cf-release/releases/tag/v247), which includes updates to buildpacks and improvements for internal components. 
+
+### Fixed
+- **Dashboard**: We fixed an [issue](https://github.com/18F/cg-dashboard/issues/672) that prevented creating service instances on the marketplace page.
+
+### Security
+The base filesystem used for running your application has been updated to address several security vulnerabilities. You can [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to ensure you [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and are running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+- [USN-3116-1: DBus vulnerabilities](https://www.ubuntu.com/usn/usn-3116-1/). The associated CVE is [CVE-2015-0245](https://ubuntu.com/security/CVE-2015-0245)
+- [USN-3117-1: GD library vulnerabilities](https://www.ubuntu.com/usn/usn-3117-1/). The associated CVEs are [CVE-2016-6911](https://ubuntu.com/security/CVE-2016-6911), [CVE-2016-7568](https://ubuntu.com/security/CVE-2016-7568), [CVE-2016-8670](https://ubuntu.com/security/CVE-2016-8670)
+- [USN-3119-1: Bind vulnerability](https://www.ubuntu.com/usn/usn-3119-1/). The associated CVE is [CVE-2016-8864](https://ubuntu.com/security/CVE-2016-8864)
+- [USN-3123-1: curl vulnerabilities](https://www.ubuntu.com/usn/usn-3123-1/). The associated CVEs are [CVE-2016-7141](https://ubuntu.com/security/CVE-2016-7141), [CVE-2016-7167](https://ubuntu.com/security/CVE-2016-7167), [CVE-2016-8615](https://ubuntu.com/security/CVE-2016-8615), [CVE-2016-8616](https://ubuntu.com/security/CVE-2016-8616), [CVE-2016-8617](https://ubuntu.com/security/CVE-2016-8617), [CVE-2016-8618](https://ubuntu.com/security/CVE-2016-8618), [CVE-2016-8619](https://ubuntu.com/security/CVE-2016-8619), [CVE-2016-8620](https://ubuntu.com/security/CVE-2016-8620), [CVE-2016-8621](https://ubuntu.com/security/CVE-2016-8621), [CVE-2016-8622](https://ubuntu.com/security/CVE-2016-8622), [CVE-2016-8623](https://ubuntu.com/security/CVE-2016-8623), [CVE-2016-8624](https://ubuntu.com/security/CVE-2016-8624)
diff --git a/content/news/articles/2016-12-14-release-notes.md b/content/news/articles/2016-12-14-release-notes.md
new file mode 100644
index 0000000..20afabb
--- /dev/null
+++ b/content/news/articles/2016-12-14-release-notes.md
@@ -0,0 +1,36 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-12-14
+title: "Platform Release Notes"
+redirect_from:
+  - /updates/2016-12-14-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Added
+- New [dashboard](https://dashboard.fr.cloud.gov) features:
+  - On an application page, you can now edit the number of application instances, instance memory, and disk quota.
+  - Org and space level views now include a quick overview of the health of application instances.
+
+### Changed
+- We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to [Release v249](https://github.com/cloudfoundry/cf-release/releases/tag/v249) (see also [Release v248](https://github.com/cloudfoundry/cf-release/releases/tag/v248)), which includes updates to buildpacks and improvements for internal components.
+- Changes in Cloud Foundry require an upgrade to the latest version of the command line interface (CLI) client (`cf`) in order for `cf logs` to work properly. Please upgrade your local version to the [latest version](https://github.com/cloudfoundry/cli/releases/latest) ([installation instructions](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html)).
+
+### Fixed
+- The latest Cloud Foundry command line interface client ([available here](https://github.com/cloudfoundry/cli/releases/latest)) addresses an issue where inspecting application logs returned errors.
+- We updated the cloud.gov account creation form to include previously-missing information about password requirements.
+
+### Security
+The Cloud Foundry upgrade included updates for the base filesystem used for running your application, addressing several security vulnerabilities in that filesystem. You can [restage your application](https://cli.cloudfoundry.org/en-US/cf/restage.html) to ensure you [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and are running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+- [CVE-2016-6659: UAA Privilege Escalation](https://pivotal.io/security/cve-2016-6659).
+- [CVE-2016-6816: Apache Tomcat Information Disclosure, UAA Tomcat updated to 8.0.39](https://tomcat.apache.org/security-9.html).
+- [USN-3142-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3142-1/). The associated CVEs are [CVE-2016-7799](https://ubuntu.com/security/CVE-2016-7799), [CVE-2016-7906](https://ubuntu.com/security/CVE-2016-7906), [CVE-2016-8677](https://ubuntu.com/security/CVE-2016-8677), [CVE-2016-8862](https://ubuntu.com/security/CVE-2016-8862), [CVE-2016-9556](https://ubuntu.com/security/CVE-2016-9556).
+- [USN-3139-1: Vim vulnerability](https://www.ubuntu.com/usn/USN-3139-1/). The associated CVE is [CVE-2016-1248](https://ubuntu.com/security/CVE-2016-1248).
+- [USN-3134-1: Python vulnerabilities](https://www.ubuntu.com/usn/USN-3134-1/). The associated CVEs are [CVE-2016-0772](https://ubuntu.com/security/CVE-2016-0772), [CVE-2016-1000110](https://ubuntu.com/security/CVE-2016-1000110), [CVE-2016-5636](https://ubuntu.com/security/CVE-2016-5636), [CVE-2016-5699](https://ubuntu.com/security/CVE-2016-5699).
+- [USN-3132-1: tar vulnerability](https://www.ubuntu.com/usn/USN-3132-1/). The associated CVE is [CVE-2016-6321](https://ubuntu.com/security/CVE-2016-6321).
+- [USN-3131-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3131-1/). The associated CVEs are [CVE-2014-8354](https://ubuntu.com/security/CVE-2014-8354), [CVE-2014-8355](https://ubuntu.com/security/CVE-2014-8355), [CVE-2014-8562](https://ubuntu.com/security/CVE-2014-8562), [CVE-2014-8716](https://ubuntu.com/security/CVE-2014-8716), [CVE-2014-9805](https://ubuntu.com/security/CVE-2014-9805), [CVE-2014-9806](https://ubuntu.com/security/CVE-2014-9806), [CVE-2014-9807](https://ubuntu.com/security/CVE-2014-9807), [CVE-2014-9808](https://ubuntu.com/security/CVE-2014-9808), [CVE-2014-9809](https://ubuntu.com/security/CVE-2014-9809), [CVE-2014-9810](https://ubuntu.com/security/CVE-2014-9810), [CVE-2014-9811](https://ubuntu.com/security/CVE-2014-9811), [CVE-2014-9812](https://ubuntu.com/security/CVE-2014-9812), [CVE-2014-9813](https://ubuntu.com/security/CVE-2014-9813), [CVE-2014-9814](https://ubuntu.com/security/CVE-2014-9814), [CVE-2014-9815](https://ubuntu.com/security/CVE-2014-9815), [CVE-2014-9816](https://ubuntu.com/security/CVE-2014-9816), [CVE-2014-9817](https://ubuntu.com/security/CVE-2014-9817), [CVE-2014-9818](https://ubuntu.com/security/CVE-2014-9818), [CVE-2014-9819](https://ubuntu.com/security/CVE-2014-9819), [CVE-2014-9820](https://ubuntu.com/security/CVE-2014-9820), [CVE-2014-9821](https://ubuntu.com/security/CVE-2014-9821), [CVE-2014-9822](https://ubuntu.com/security/CVE-2014-9822), [CVE-2014-9823](https://ubuntu.com/security/CVE-2014-9823), [CVE-2014-9826](https://ubuntu.com/security/CVE-2014-9826), [CVE-2014-9828](https://ubuntu.com/security/CVE-2014-9828), [CVE-2014-9829](https://ubuntu.com/security/CVE-2014-9829), [CVE-2014-9830](https://ubuntu.com/security/CVE-2014-9830), [CVE-2014-9831](https://ubuntu.com/security/CVE-2014-9831), [CVE-2014-9833](https://ubuntu.com/security/CVE-2014-9833), [CVE-2014-9834](https://ubuntu.com/security/CVE-2014-9834), [CVE-2014-9835](https://ubuntu.com/security/CVE-2014-9835), [CVE-2014-9836](https://ubuntu.com/security/CVE-2014-9836), [CVE-2014-9837](https://ubuntu.com/security/CVE-2014-9837), [CVE-2014-9838](https://ubuntu.com/security/CVE-2014-9838), [CVE-2014-9839](https://ubuntu.com/security/CVE-2014-9839), [CVE-2014-9840](https://ubuntu.com/security/CVE-2014-9840), [CVE-2014-9841](https://ubuntu.com/security/CVE-2014-9841), [CVE-2014-9843](https://ubuntu.com/security/CVE-2014-9843), [CVE-2014-9844](https://ubuntu.com/security/CVE-2014-9844), [CVE-2014-9845](https://ubuntu.com/security/CVE-2014-9845), [CVE-2014-9846](https://ubuntu.com/security/CVE-2014-9846), [CVE-2014-9847](https://ubuntu.com/security/CVE-2014-9847), [CVE-2014-9848](https://ubuntu.com/security/CVE-2014-9848), [CVE-2014-9849](https://ubuntu.com/security/CVE-2014-9849), [CVE-2014-9850](https://ubuntu.com/security/CVE-2014-9850), [CVE-2014-9851](https://ubuntu.com/security/CVE-2014-9851), [CVE-2014-9853](https://ubuntu.com/security/CVE-2014-9853), [CVE-2014-9854](https://ubuntu.com/security/CVE-2014-9854), [CVE-2014-9907](https://ubuntu.com/security/CVE-2014-9907), [CVE-2015-8894](https://ubuntu.com/security/CVE-2015-8894), [CVE-2015-8895](https://ubuntu.com/security/CVE-2015-8895), [CVE-2015-8896](https://ubuntu.com/security/CVE-2015-8896), [CVE-2015-8897](https://ubuntu.com/security/CVE-2015-8897), [CVE-2015-8898](https://ubuntu.com/security/CVE-2015-8898), [CVE-2015-8900](https://ubuntu.com/security/CVE-2015-8900), [CVE-2015-8901](https://ubuntu.com/security/CVE-2015-8901), [CVE-2015-8902](https://ubuntu.com/security/CVE-2015-8902), [CVE-2015-8903](https://ubuntu.com/security/CVE-2015-8903), [CVE-2015-8957](https://ubuntu.com/security/CVE-2015-8957), [CVE-2015-8958](https://ubuntu.com/security/CVE-2015-8958), [CVE-2015-8959](https://ubuntu.com/security/CVE-2015-8959), [CVE-2016-4562](https://ubuntu.com/security/CVE-2016-4562), [CVE-2016-4563](https://ubuntu.com/security/CVE-2016-4563), [CVE-2016-4564](https://ubuntu.com/security/CVE-2016-4564), [CVE-2016-5010](https://ubuntu.com/security/CVE-2016-5010), [CVE-2016-5687](https://ubuntu.com/security/CVE-2016-5687), [CVE-2016-5688](https://ubuntu.com/security/CVE-2016-5688), [CVE-2016-5689](https://ubuntu.com/security/CVE-2016-5689), [CVE-2016-5690](https://ubuntu.com/security/CVE-2016-5690), [CVE-2016-5691](https://ubuntu.com/security/CVE-2016-5691), [CVE-2016-5841](https://ubuntu.com/security/CVE-2016-5841), [CVE-2016-5842](https://ubuntu.com/security/CVE-2016-5842), [CVE-2016-6491](https://ubuntu.com/security/CVE-2016-6491), [CVE-2016-6823](https://ubuntu.com/security/CVE-2016-6823), [CVE-2016-7101](https://ubuntu.com/security/CVE-2016-7101), [CVE-2016-7513](https://ubuntu.com/security/CVE-2016-7513), [CVE-2016-7514](https://ubuntu.com/security/CVE-2016-7514), [CVE-2016-7515](https://ubuntu.com/security/CVE-2016-7515), [CVE-2016-7516](https://ubuntu.com/security/CVE-2016-7516), [CVE-2016-7517](https://ubuntu.com/security/CVE-2016-7517), [CVE-2016-7518](https://ubuntu.com/security/CVE-2016-7518), [CVE-2016-7519](https://ubuntu.com/security/CVE-2016-7519), [CVE-2016-7520](https://ubuntu.com/security/CVE-2016-7520), [CVE-2016-7521](https://ubuntu.com/security/CVE-2016-7521), [CVE-2016-7522](https://ubuntu.com/security/CVE-2016-7522), [CVE-2016-7523](https://ubuntu.com/security/CVE-2016-7523), [CVE-2016-7524](https://ubuntu.com/security/CVE-2016-7524), [CVE-2016-7525](https://ubuntu.com/security/CVE-2016-7525), [CVE-2016-7526](https://ubuntu.com/security/CVE-2016-7526), [CVE-2016-7527](https://ubuntu.com/security/CVE-2016-7527), [CVE-2016-7528](https://ubuntu.com/security/CVE-2016-7528), [CVE-2016-7529](https://ubuntu.com/security/CVE-2016-7529), [CVE-2016-7530](https://ubuntu.com/security/CVE-2016-7530), [CVE-2016-7531](https://ubuntu.com/security/CVE-2016-7531), [CVE-2016-7532](https://ubuntu.com/security/CVE-2016-7532), [CVE-2016-7533](https://ubuntu.com/security/CVE-2016-7533), [CVE-2016-7534](https://ubuntu.com/security/CVE-2016-7534), [CVE-2016-7535](https://ubuntu.com/security/CVE-2016-7535), [CVE-2016-7536](https://ubuntu.com/security/CVE-2016-7536), [CVE-2016-7537](https://ubuntu.com/security/CVE-2016-7537), [CVE-2016-7538](https://ubuntu.com/security/CVE-2016-7538), [CVE-2016-7539](https://ubuntu.com/security/CVE-2016-7539), [CVE-2016-7540](https://ubuntu.com/security/CVE-2016-7540).
+
diff --git a/content/news/articles/2016-12-20-ew-sandbox-deprecation.md b/content/news/articles/2016-12-20-ew-sandbox-deprecation.md
new file mode 100644
index 0000000..c43f184
--- /dev/null
+++ b/content/news/articles/2016-12-20-ew-sandbox-deprecation.md
@@ -0,0 +1,25 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-12-21
+title: "East/West Sandbox Deprecation Notice"
+redirect_from:
+  - /updates/2016-12-20-ew-sandbox-deprecation/
+---
+
+Update: since the time of this posting, we have postponed the cutoff date from January 15th to a new date that we expect to confirm and announce soon. 
+
+The original cloud.gov environment in AWS East/West is now officially deprecated and will be retired. We will be in touch to assist with migration of Prototyping, FISMA Moderate, and FISMA Low organizations to the new environment shortly.
+
+Sandbox organizations in AWS East/West will be retired as of January 15. We will be deleting these sandbox organizations after this date. If you have hosted anything in a sandbox space that you would like to preserve, you must back it up or migrate it to the new environment yourself.
+<!--more-->
+### Required steps
+
+1. Create a GovCloud sandbox space.
+  - EPA, FDIC and GSA users log into [dashboard.fr.cloud.gov](https://dashboard.fr.cloud.gov).
+  - All others please request an invitation by contacting [inquiries@cloud.gov](mailto:inquiries@cloud.gov).
+1. Using the Cloud Foundry command line interface (CLI) `cf` run the command `cf login -a api.fr.cloud.gov --sso` and follow the instructions.
+1. (Optional) Migrate your application.
+
+### Background
+We heard loud and clear that a FedRAMP Moderate JAB P-ATO for cloud.gov would be critical to ensuring cloud.gov could be used in production for most federal agencies. Getting that ATO required hosting on AWS GovCloud instead of AWS East/West so we have created a new and improved version of cloud.gov there. We anticipate receiving JAB P-ATO for cloud.gov in January, 2017. The new version of cloud.gov includes additional features that many have asked for, including: more reliable and faster SSH, better services, easy custom domains and IPv6 support. We are now opening access to this new environment to everyone.
\ No newline at end of file
diff --git a/content/news/articles/2016-12-28-release-notes.md b/content/news/articles/2016-12-28-release-notes.md
new file mode 100644
index 0000000..32c2f41
--- /dev/null
+++ b/content/news/articles/2016-12-28-release-notes.md
@@ -0,0 +1,22 @@
+---
+layout: layouts/post
+tags: news
+date: 2016-12-28
+title: "Platform Release Notes"
+redirect_from:
+  - /updates/2016-12-28-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Added
+- You can now create [S3 service keys]({{ site.baseurl }}/docs/services/s3#get-s3-bucket-credentials) to get direct access to your cloud.gov S3 buckets.
+
+### Changed
+- We upgraded Cloud Foundry (the underlying open source project that powers cloud.gov) to [Release v250](https://github.com/cloudfoundry/cf-release/releases/tag/v250), which includes updates to buildpacks and improvements for internal components.
+
+### Security
+The Cloud Foundry upgrade included updates for the base filesystem used for running your application, addressing several security vulnerabilities in that filesystem. You can [restage your application](https://cli.cloudfoundry.org/en-US/cf/restage.html) to ensure you [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and are running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+- [USN-3156-1: APT vulnerability](https://www.ubuntu.com/usn/USN-3156-1/). The associated CVE is [CVE-2016-1252](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1252).
diff --git a/content/news/articles/2017-02-01-release-notes.md b/content/news/articles/2017-02-01-release-notes.md
new file mode 100644
index 0000000..a1430ec
--- /dev/null
+++ b/content/news/articles/2017-02-01-release-notes.md
@@ -0,0 +1,30 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-02-01
+title: "Platform Release Notes: February 1, 2017"
+redirect_from:
+  - /updates/2017-02-01-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past six weeks.
+<!--more-->
+
+### Added
+- cloud.gov account holders in the GovCloud environment get automated notifications of expiring passwords, starting ten days before expiration.
+- The dashboard provides a start button for stopped apps (on the app page).
+
+### Changed
+- The dashboard homepage shows a more detailed summary of all your orgs, spaces, and apps.
+
+### Fixed
+- In the dashboard on the app page’s route creation panel, available domains now appear instead of returning an error.
+
+### Security
+We upgraded the Cloud Foundry deployment to [v251](https://github.com/cloudfoundry/cf-release/releases/tag/v251). The base filesystem used for running your application has been updated to address several security vulnerabilities. You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your buildpack.
+
+- [USN-3172-1: Bind vulnerabilities](https://www.ubuntu.com/usn/USN-3172-1/). The associated CVEs are [CVE-2016-9131](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9131),  [CVE-2016-9147](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9147),  [CVE-2016-9444](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9444).
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-02-02-fedramp-authorized.md b/content/news/articles/2017-02-02-fedramp-authorized.md
new file mode 100644
index 0000000..85449a0
--- /dev/null
+++ b/content/news/articles/2017-02-02-fedramp-authorized.md
@@ -0,0 +1,35 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-02-02
+title: "cloud.gov is now FedRAMP Authorized."
+redirect_from:
+  - /updates/2017-02-02-fedramp-authorized/
+---
+
+### Now it’s easier than ever to get started with cloud.gov.
+We’re delighted to announce that cloud.gov has received a FedRAMP Joint Authorization Board (JAB) Provisional Authority to Operate (P-ATO) at the Moderate impact level. This means that cloud.gov successfully completed a comprehensive security and compliance assessment performed by a board of the CIOs and their teams from the General Services Administration, the Department of Defense, and the Department of Homeland Security. cloud.gov is the [first completely open source service to receive FedRAMP authorization](https://www.gsa.gov/blog/2017/02/02/cloudgov-becomes-first-fully-open-source-fedramp-solution). Teams can now use cloud.gov with less upfront work, so they can use cloud.gov to deliver services even faster.
+
+[Read more about how this new authorization can help your team.](https://18f.gsa.gov/2017/02/02/cloud-gov-is-now-fedramp-authorized/)
+<!--more-->
+
+### Other new and improved features
+
+#### Native multifactor authentication
+For teams that cannot integrate their agency single sign-on authentication provider with cloud.gov, or for teammates who don’t have access to agency accounts (such as some contractors), cloud.gov now provides a [built-in authentication option]({{ site.baseurl }}/docs/getting-started/accounts#to-log-into-cloud-gov) with multifactor authentication. This is not yet included in the FedRAMP Authorization, but teams can use it if their agency approves.
+
+#### Clearer pricing and product information
+We’ve been making changes to the cloud.gov website in order to make our [pricing model]({{ site.baseurl }}/docs/pricing/pricing-model) and our offerings clearer. We will continue to make improvements to the website and can only do so with feedback from our visitors. If you have anything to share with us, drop us a line at [inquiries@cloud.gov](mailto:inquiries@cloud.gov).
+
+#### A more functional dashboard for using cloud.gov without using the command line
+Our web-based [dashboard](https://dashboard.fr.cloud.gov/) gives people an easy web-based way to manage their applications. You can see an overview of your apps, spaces, and their current state. The dashboard now offers more visual clarity between activities. And now you can edit limits on your applications with a few clicks.
+
+![Demonstration of edit mode on the cloud.gov dashboard app panel. User clicks “Modify allocation and scale” to change their application’s allocated memory and disk space.]({{site.baseurl}}/img/cloud-gov_editapplimits.gif "Editing app limits in the dashboard")
+
+### Interested in using cloud.gov?
+
+#### We can help you figure out whether the platform meets your needs.
+Please complete [this interest survey](https://docs.google.com/a/gsa.gov/forms/d/e/1FAIpQLSevZfuJ_4KE-MZlm9gttYfsXQp0PJL7OR6k6LbZ9XnFn-oA6g/viewform) and we will contact you with next steps shortly.
+
+#### You can also try a free Sandbox account.
+If you’re curious to see how the platform works, explore cloud.gov on your own with a limited free Sandbox account. If you have a GSA or EPA email address, you can just [log in](https://login.fr.cloud.gov/). Anyone else with a .gov or .mil email address can request an invitation by emailing [inquiries@cloud.gov](mailto:inquiries@cloud.gov). No paperwork required.
diff --git a/content/news/articles/2017-02-10-release-notes.md b/content/news/articles/2017-02-10-release-notes.md
new file mode 100644
index 0000000..6e0a951
--- /dev/null
+++ b/content/news/articles/2017-02-10-release-notes.md
@@ -0,0 +1,26 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-02-10
+title: "Platform Release Notes: February 10, 2017"
+redirect_from:
+  - /updates/2017-02-10-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Added
+You can download the [cloud.gov Control Implementation Summary + Customer Responsibility Matrix]({{ site.baseurl }}/docs/security/fedramp-tracker.md#how-you-can-use-this), a summary from the FedRAMP JAB P-ATO documentation. It lists whether each Low and Moderate security control is handled by cloud.gov, shared responsibility, or customer responsibility.
+
+### Fixed
+- In the dashboard, when you reach the end of your activity log, the log no longer displays a “Show more” button. Previously this button implied there might be more content when there was not.
+- If you’re a member of many organizations, the dashboard can now display all of the spaces and apps for which you're a member. Previously, on the overview page, some organizations would appear empty or with some spaces and apps missing.
+
+### Security
+
+cloud.gov is now included in the [18F vulnerability disclosure policy](https://18f.gsa.gov/vulnerability-disclosure-policy/), which gives guidelines for security researchers from the public.
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-02-28-release-notes.md b/content/news/articles/2017-02-28-release-notes.md
new file mode 100644
index 0000000..95eb5f9
--- /dev/null
+++ b/content/news/articles/2017-02-28-release-notes.md
@@ -0,0 +1,25 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-02-28
+title: "Platform Release Notes: February 28, 2017"
+redirect_from:
+  - /updates/2017-02-28-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+
+<!--more-->
+
+### Added
+People who have a federal government email address can create a free sandbox space using https://account.fr.cloud.gov/signup. Previously, they had to send an email requesting an invite.
+
+### Changed
+- You can configure CDN instances that pass the original host to your application. This lets you set up relative redirects with your own domain name rather than with `*.app.cloud.gov`. Related, the [commands for creating a new CDN service instance]({{ site.baseurl }}/docs/services/cdn-route#how-to-create-an-instance-of-this-service) have changed slightly.
+- To accept a cloud.gov invitation, you have to click a button after visiting the link in the invitation email. This prevents invitations from expiring before use. Some government agencies use services that scan URLs in incoming emails by automatically clicking them, which caused earlier invites to expire before they could be used.
+
+### Fixed
+Available services appear consistently in the [cloud.gov dashboard](https://dashboard.fr.cloud.gov). Previously, the UI sometimes acted as though it was loading them without ever serving them to you.
+
+### See also
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-03-14-release-notes.md b/content/news/articles/2017-03-14-release-notes.md
new file mode 100644
index 0000000..72e5c40
--- /dev/null
+++ b/content/news/articles/2017-03-14-release-notes.md
@@ -0,0 +1,46 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-03-14
+title: "Platform Release Notes: March 14, 2017"
+redirect_from:
+  - /updates/2017-03-14-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+
+<!--more-->
+
+### Added
+The [cloud.gov dashboard](https://dashboard.fr.cloud.gov) now alerts you when it’s unable to fetch recent data. This can help you when you’re troubleshooting problems with your application.
+
+### Changed
+
+[`cf logs`]({{ site.baseurl }}/docs/apps/logs/) now accesses logs over port 443 instead of the previous port 4443, to increase the number of people who can use `cf logs` without errors. In many workplaces port 4443 is blocked, which leads `cf logs` to return an error.
+
+### Security
+
+We upgraded the Cloud Foundry deployment to [v252](https://github.com/cloudfoundry/cf-release/releases/tag/v252). We have also upgraded the following buildpacks to versions newer than the buildpacks included in CF v252:
+
+- [staticfile-buildpack 1.3.17](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.3.17)
+- [java-buildpack 3.13](https://github.com/cloudfoundry/java-buildpack/releases/tag/v3.13)
+- [ruby-buildpack 1.6.34](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.34)
+- [nodejs-buildpack 1.5.29](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.5.29)
+- [go-buildpack 1.7.18](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.7.18)
+- [python-buildpack 1.5.15](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.15)
+- [php-buildpack 4.3.27](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.27)
+- [binary-buildpack 1.0.9](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.9)
+
+As part of the Cloud Foundry upgrade, the base filesystem used for running your application has been updated to address several security vulnerabilities. You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+- [USN-3142-2: ImageMagick Regression](https://www.ubuntu.com/usn/USN-3142-2/)
+- [USN-3181-1: OpenSSL vulnerabilities](https://www.ubuntu.com/usn/USN-3181-1/)
+- [USN-3183-1: GnuTLS vulnerabilities](https://www.ubuntu.com/usn/USN-3183-1/)
+- [USN-3185-1: libXpm vulnerability](https://www.ubuntu.com/usn/USN-3185-1/)
+- [USN-3193-1: Nettle vulnerability](https://www.ubuntu.com/usn/USN-3193-1/)
+- [USN-3205-1: tcpdump vulnerabilities](https://www.ubuntu.com/usn/USN-3205-1/)
+- [USN-3212-1: LibTIFF vulnerabilities](https://www.ubuntu.com/usn/USN-3212-1/)
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-03-27-release-notes.md b/content/news/articles/2017-03-27-release-notes.md
new file mode 100644
index 0000000..c7db7fd
--- /dev/null
+++ b/content/news/articles/2017-03-27-release-notes.md
@@ -0,0 +1,52 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-03-27
+title: "Platform Release Notes: March 27, 2017"
+redirect_from:
+  - /updates/2017-03-27-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+
+<!--more-->
+
+### Added
+When you create a [cloud.gov identity provider service instance]({{ site.baseurl }}/docs/services/cloud-gov-identity-provider/), you can now add scopes from a whitelist of approved scopes. This makes it easier to enable specific permissions and access for additional types of users in your applications.
+
+### Changed
+We recommend updating to the [latest version (6.25)](https://github.com/cloudfoundry/cli/releases/tag/v6.25.0) of the Cloud Foundry command line interface (CLI). This can prevent errors when using the cf CLI. You can check your currently-installed version using `cf -v`
+
+### Fixed
+The cloud.gov dashboard’s loading icon no longer displays after pages finish loading. Before, they would continue indefinitely.
+
+### Deprecated
+- On March 15th, we deprecated support for building and deployment on the cloud.gov East/West environment. This is in preparation for an upcoming shutdown of that environment. We are supporting a few customers in the process of migrating from East/West to GovCloud, but in all other cases we now support the GovCloud environment exclusively.
+- The latest Go buildpack deprecates support for Go 1.6. The next Go release will remove support for 1.6.
+
+### Removed
+The latest Go buildpack no longer supports Go 1.5.
+
+### Security
+We upgraded the Cloud Foundry deployment to [v254](https://github.com/cloudfoundry/cf-release/releases/tag/v254). We have also upgraded the following buildpacks to versions newer than the buildpacks included in CF v254:
+
+- [php buildpack 4.3.29](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.29)
+- [.NET Core buildpack 1.0.13](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.13)
+
+As part of the Cloud Foundry upgrade, the base filesystem used for running your application has been updated to address several security vulnerabilities. You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+- [USN-3183-2: GnuTLS vulnerability](https://www.ubuntu.com/usn/usn-3183-2/)
+- [USN-3189-2: Linux kernel (Xenial HWE) vulnerabilities](https://ubuntu.com/security/notices/USN-3189-2)
+- [USN-3213-1: GD library vulnerabilities](https://www.ubuntu.com/usn/USN-3213-1/)
+- [USN-3220-2: Linux kernel (Xenial HWE) vulnerability](https://www.ubuntu.com/usn/usn-3220-2/)
+- [USN-3222-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3222-1/)
+- [USN-3225-1: libarchive vulnerabilities](https://www.ubuntu.com/usn/USN-3225-1/)
+- [USN-3227-1: ICU vulnerabilities](https://www.ubuntu.com/usn/USN-3227-1/)
+- [USN-3232-1: ImageMagick vulnerabilities](https://www.ubuntu.com/usn/USN-3232-1/)
+- [USN-3235-1: libxml2 vulnerabilities](https://www.ubuntu.com/usn/USN-3235-1/)
+- [USN-3237-1: FreeType vulnerability](https://www.ubuntu.com/usn/usn-3237-1/)
+- [USN-3239-1: GNU C Library vulnerabilities](https://www.ubuntu.com/usn/usn-3239-1/)
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-05-05-release-notes.md b/content/news/articles/2017-05-05-release-notes.md
new file mode 100644
index 0000000..361c0ef
--- /dev/null
+++ b/content/news/articles/2017-05-05-release-notes.md
@@ -0,0 +1,47 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-05-05
+title: "Platform Release Notes: May 5, 2017"
+redirect_from:
+  - /updates/2017-05-05-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past five weeks.
+
+<!--more-->
+
+### Changed
+- [logs.fr.cloud.gov](https://logs.fr.cloud.gov), where you can view and search your logs on the web, has been upgraded to a newer version of Kibana (the open source project that powers the log viewer). The new version includes bug fixes and provides a slightly different look. For help navigating the new interface, [start with our logs documentation]({{ site.baseurl }}/docs/apps/logs/#web-based-logs-with-historic-log-data). The [Kibana user guide](https://www.elastic.co/guide/en/kibana/current/index.html) provides more information about the most recent version.
+- You can now [migrate to the cloud.gov CDN broker]({{ site.baseurl }}/docs/services/cdn-route/#how-to-set-up-dns) with zero downtime. You can create a TXT record to be validated by Let’s Encrypt before you migrate, whereas before you needed to start by pointing your domain at the cloud.gov CDN to create a certificate.
+- cloud.gov’s web-based [dashboard](https://dashboard.fr.cloud.gov/) now provides more useful information if you have an empty org or space. For example, if you’re the only user in your organization, the dashboard gives you more information about inviting new users.
+
+### Deprecated
+Python 3.3 has been deprecated with an anticipated end-of-life (EOL) in October 2017. The latest Python buildpacks no longer include 3.3.
+
+### Removed
+[Ruby 2.1 is now at EOL.](https://www.ruby-lang.org/en/news/2017/04/01/support-of-ruby-2-1-has-ended/) If your app relies on Ruby 2.1 it will stop working following your next push. You should upgrade as soon as possible.
+
+### Production releases
+We upgraded the Cloud Foundry deployment to [v257](https://github.com/cloudfoundry/cf-release/releases/tag/v257). This addresses several security vulnerabilities. You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your buildpack.
+
+#### Additional upgrades
+- [PHP buildpack 4.3.30](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.30)
+- [.NET Core buildpack 1.0.15](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.15)
+- [NodeJS buildpack 1.5.32](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.5.32)
+- [Go buildpack 1.8.0](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.0)
+- [Python buildpack 1.5.17](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.17)
+- [Staticfile buildpack 1.4.4](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.4)
+- [Ruby buildpack 1.6.37](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.37)
+- [Diego 1.14.1](https://github.com/cloudfoundry/diego-release/releases/tag/v1.14.1)
+- [RootFS cflinuxfs2 1.115.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.115.0), which address vulnerabilities described in these security notices:
+    - [USN-3246-1: Eject vulnerability](https://www.ubuntu.com/usn/usn-3246-1/)
+    - [USN-3259-1: Bind vulnerabilities](https://ubuntu.com/security/notices/USN-3259-1)
+    - [USN-3263-1: FreeType vulnerability](https://www.ubuntu.com/usn/usn-3263-1/)
+- Stemcell 3312.23, which address vulnerabilities described in these security notices:
+  - [USN-3249-2: Linux kernel (Xenial HWE) vulnerability](https://www.ubuntu.com/usn/usn-3249-2/)
+  - [USN-3256-1: Linux kernel vulnerability](https://www.ubuntu.com/usn/usn-3256-1/)
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-05-22-release-notes.md b/content/news/articles/2017-05-22-release-notes.md
new file mode 100644
index 0000000..2a7863d
--- /dev/null
+++ b/content/news/articles/2017-05-22-release-notes.md
@@ -0,0 +1,52 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-05-22
+title: "Platform Release Notes: May 22, 2017"
+redirect_from:
+  - /updates/2017-05-22-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Volunteers needed
+The cloud.gov team is looking to make the cloud.gov platform easier to evaluate and use, and we’re recruiting volunteers to help us do that. If you’re interested, let us know at [inquiries@cloud.gov](mailto:inquiries@cloud.gov). We’ll ask you a few questions and ask you to walk us through using some aspect of the platform via screenshare.
+
+### Added
+- We’ve published a cost estimator spreadsheet (in [XLSX]({{ site.baseurl }}/resources/cloudgov_cost_estimator.xlsx) and [ODS]({{ site.baseurl }}/resources/cloudgov_cost_estimator.ods) formats) that your team can use to get a sense of how much cloud.gov will cost for your organization. If you’re interested in switching from a sandbox to a paid cloud.gov package, or if you want to expand your use of the platform to additional applications, use the estimator to get a sense of what the access package and usage quota fees will be across all your cloud.gov systems.
+- The Defense Information Systems Agency (DISA) has issued a [provisional authorization for Department of Defense teams]({{ site.baseurl }}/docs/security/fedramp-tracker#how-this-p-ato-helps-your-team) to use cloud.gov’s FedRAMP P-ATO for systems at the DISA level 2 impact level. This is a followup to the P-ATO; Level 2 is equivalent to FedRAMP Moderate.
+- The latest version of the PHP buildpack supports PHP 7.1.4 and 7.0.18.
+
+### Fixed
+We’ve improved our automated process for updating the part of cloud.gov that routes traffic to your application. Previously, you might have seen occasional 502 errors in your application when we made updates.
+
+### Removed
+The latest version of the PHP buildpack removes support for PHP 7.1.2 and 7.0.16. If your applications rely on one of these versions, **update your application** to use a supported version of PHP.
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v258](https://github.com/cloudfoundry/cf-release/releases/tag/v258). This upgrade addresses these security vulnerabilities:
+- [CVE-2017-4972: Blind SQL Injection in UAA](https://www.cloudfoundry.org/cve-2017-4972/)
+- [CVE-2017-4973: Privilege Escalation in UAA](https://www.cloudfoundry.org/cve-2017-4973/)
+
+**[Restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html)** to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your buildpack.
+
+#### Additional upgrades
+- [PHP buildpack 4.3.31](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.31)
+- [Go buildpack 1.8.1](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.1)
+- [Python buildpack 1.5.18](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.18)
+- [Staticfile buildpack 1.4.5](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.5)
+- [Java buildpack 3.16](https://github.com/cloudfoundry/java-buildpack/releases/tag/v3.16)
+- [RootFS cflinuxfs2 1.119.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.119.0), which address vulnerabilities described in these security notices:
+  - [USN-3271-1: Libxslt vulnerabilities](https://www.ubuntu.com/usn/USN-3271-1/)
+  - [USN-3274-1: ICU vulnerabilities](https://www.ubuntu.com/usn/USN-3274-1/)
+  - [USN-3276-1: shadow vulnerabilities](https://www.ubuntu.com/usn/USN-3276-1/)
+  - [USN-3282-1: FreeType vulnerabilities](https://www.ubuntu.com/usn/USN-3282-1/)
+  - [USN-3283-1: rtmpdump vulnerabilities](https://www.ubuntu.com/usn/USN-3283-1/)
+- [Diego 1.15.3](https://github.com/cloudfoundry/diego-release/releases/tag/v1.15.3)
+- Stemcell 3312.24, which address vulnerabilities described in this security notice:
+  - [USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities](https://www.ubuntu.com/usn/usn-3265-2/)
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-05-24-get-what-you-need.md b/content/news/articles/2017-05-24-get-what-you-need.md
new file mode 100644
index 0000000..d09979f
--- /dev/null
+++ b/content/news/articles/2017-05-24-get-what-you-need.md
@@ -0,0 +1,42 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-05-24
+title: "Get what you need from cloud.gov"
+redirect_from:
+  - /updates/2017-05-24-get-what-you-need/
+---
+
+### What’s new
+
+#### The web interface helps you learn and use cloud.gov concepts
+
+The dashboard is the web-based interface for managing apps and services on cloud.gov. With the dashboard, you don’t need to use the command line to handle some of the basic tasks of managing applications on the platform. You can orient yourself more easily now with information we’ve added to some of the dashboard’s core tools. Meaningful error messages (for example, alerts about data retrieval issues) can help you troubleshoot. Prompts in empty fields (for example, an empty list of applications or users) help you figure out how to get started. If you have a cloud.gov account, [log in to get started](https://dashboard.fr.cloud.gov/). If you don’t but you have a federal government email address, you can [create a free sandbox](https://account.fr.cloud.gov/signup) to explore.  
+
+![Example of the text prompt that appears to someone who is the only user in their organization. It describes the user's ability to invite other users and then offers a link to more information about how to do so.]({{site.baseurl}}/img/only_org_user.png)
+_If you’re the only user in your organization, this prompt helps you figure out how to add more users. cloud.gov now has more information like this to help you orient yourself._
+
+#### Strengthen your cloud.gov know-how with Cloud Foundry
+
+cloud.gov is built on the open source Cloud Foundry project, which means Cloud Foundry materials will help you learn about cloud.gov, as well. The Cloud Foundry Foundation is creating new training resources that you might want to check out. The first is a free [Intro to Cloud Foundry](https://www.edx.org/course/introduction-cloud-foundry-cloud-native-linuxfoundationx-lfs132x#!) course that can help you learn more about building and hosting applications on the platform. And next month they’re launching [additional courses](https://www.cloudfoundry.org/training/). And if you’d like to meet other users or learn what’s coming next in cloud platforms, [check out an upcoming event](https://www.cloudfoundry.org/events/), whether it’s the Cloud Foundry Summit or a smaller event near you.
+
+
+#### Build tools for managing and auditing cloud.gov usage
+
+cloud.gov was built with compliance in mind. We want the tools your agency uses to meet your management and compliance needs to work as seamlessly as they can with your cloud.gov applications and spaces. Now you can share specific information about your cloud.gov usage [with a cloud.gov identity provider service instance]({{ site.baseurl }}/docs/services/cloud-gov-identity-provider). When you create that instance, you can configure it to ask people who use your tools to surface information about their cloud.gov accounts to those tools. This is just one option for building tools that work with cloud.gov data; you can also use [the Cloud Foundry API](https://apidocs.cloudfoundry.org/258/).
+
+
+### Interested in using cloud.gov?
+
+#### We can help you figure out whether the platform meets your needs.
+
+Email us at [inquiries@cloud.gov](mailto:inquiries@cloud.gov) and we will contact you with next steps shortly.
+
+#### You can also try a free sandbox space.
+
+Anyone with a federal government email address can now create [a free, limited sandbox space]({{ site.baseurl }}/docs/pricing/free-limited-sandbox) for themselves. Instead of getting an invite from the cloud.gov team or someone else at your organization, you can now go to [https://account.fr.cloud.gov/signup](https://account.fr.cloud.gov/signup) and send yourself an invite. You don’t need paperwork with us; you don’t even need to know what sort of app you want to build. Sandboxes are for experimenting, not for production or information with security requirements. But if you’re considering cloud.gov, or you’re already a user and want to explore doing something new, a sandbox is a great place to get started.
+
+
+### Help us make cloud.gov better
+
+The cloud.gov team is looking to make the cloud.gov platform easier to evaluate and use, and we’re recruiting volunteers to help us do that. Usually this takes the form of walking through a few aspects of the platform or changes we’re working on and sharing your feedback with us. If you’d be interested in talking with us, let us know at [inquiries@cloud.gov](mailto:inquiries@cloud.gov).
diff --git a/content/news/articles/2017-06-01-release-notes.md b/content/news/articles/2017-06-01-release-notes.md
new file mode 100644
index 0000000..cb657cd
--- /dev/null
+++ b/content/news/articles/2017-06-01-release-notes.md
@@ -0,0 +1,45 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-06-01
+title: "Platform Release Notes: June 1, 2017"
+redirect_from:
+  - /updates/2017-06-01-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past week and a half.
+<!--more-->
+
+### Fixed
+- TLS certificates (for custom domains) provided by the [CDN Route service]({{ site.baseurl }}/docs/services/cdn-route) are now automatically obtained with [less risk of rate-limiting](https://cloudgov.statuspage.io/incidents/z49pkl4ms21j).
+- We improved monitoring and reliability for the [Redis]({{ site.baseurl }}/docs/services/redis) and [Elasticsearch](https://github.com/cloud-gov/cg-site/blob/6418e8e933f887896a102d8575f1c7af468d1d2f/content/docs/services/elasticsearch24.md) services, enabling them to automatically restart if non-responsive.
+
+### Removed
+- cloud.gov documentation no longer provides instructions for using the deprecated East/West environment, because all customer applications have migrated to the GovCloud environment.
+
+### Platform releases
+cloud.gov now includes the following releases and upgrades. You will need to [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your buildpack.
+
+We upgraded the Cloud Foundry deployment to [v262](https://github.com/cloudfoundry/cf-release/releases/tag/v262). This upgrade addresses this security vulnerability:
+[CVE-2017-4991: UAA password reset vulnerability](https://cloudfoundry.org/cve-2017-4991/)
+
+#### Additional upgrades
+- [PHP buildpack 4.3.33](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.33)
+- [.NET Core Buildpack 1.0.18](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.18)
+- [Binary Buildpack 1.0.12](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.12)
+- [NodeJS Buildpack 1.5.34](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.5.34)
+- [Go Buildpack 1.8.2](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.2)
+- [Staticfile Buildpack 1.4.6](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.6)
+- [Ruby Buildpack 1.6.39](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.39)
+- [Diego 1.16.1](https://github.com/cloudfoundry/diego-release/releases/tag/v1.16.1)
+- Stemcell 3312.26
+- [RootFS cflinuxfs2 1.123.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.123.0), which address vulnerabilities described in these security notices:
+  - [USN-3271-1: Libxslt vulnerabilities](https://www.ubuntu.com/usn/USN-3271-1/)
+  - [USN-3274-1: ICU vulnerabilities](https://www.ubuntu.com/usn/USN-3274-1/)
+  - [USN-3276-1: shadow vulnerabilities](https://www.ubuntu.com/usn/USN-3276-1/)
+  - [USN-3276-2: shadow regression](https://www.ubuntu.com/usn/USN-3276-2/)
+  - [USN-3282-1: FreeType vulnerabilities](https://www.ubuntu.com/usn/USN-3282-1/)
+  - [USN-3283-1: rtmpdump vulnerabilities](https://www.ubuntu.com/usn/USN-3283-1/)
+  - [USN-3287-1: Git vulnerability](https://www.ubuntu.com/usn/USN-3287-1/)
+  - [USN-3294-1: Bash vulnerabilities](https://ubuntu.com/security/notices/USN-3294-1)
+  - [USN-3295-1: JasPer vulnerabilities](https://www.ubuntu.com/usn/USN-3295-1/)
diff --git a/content/news/articles/2017-07-07-changes-to-credentials-broker.md b/content/news/articles/2017-07-07-changes-to-credentials-broker.md
new file mode 100644
index 0000000..76af643
--- /dev/null
+++ b/content/news/articles/2017-07-07-changes-to-credentials-broker.md
@@ -0,0 +1,22 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-07-07
+title: "New instructions for service account and identity provider services"
+redirect_from:
+  - /updates/2017-07-07-changes-to-credentials-broker/
+---
+
+If you use the [cloud.gov identity provider]({{ site.baseurl }}/docs/services/cloud-gov-identity-provider)
+or [cloud.gov service account]({{ site.baseurl }}/docs/services/cloud-gov-service-account) services, check out their new instructions for obtaining credentials from new instances of these services.
+
+We've updated these services to give you credentials directly (using "service keys"), without needing to use temporary links from [Toaster (formerly Fugacious)](https://fugacious.18f.gov/). This simplifies how you set up these services, and it enables you to access the service credentials any time you need to.
+
+**Previously:** You provisioned a service instance to create a service account or identity provider, then accessed the credentials using a temporary link from Toaster (Fugacious).
+
+**Now:** Now you provision a service instance, then bind it to a service key to create a service account or identity provider. You access credentials for that service key directly from the cloud.gov command line (CF CLI). If you want another service account or identity provider for the same space, you can bind it to another service key.
+
+Existing service accounts and identity providers will continue to work as normal (your existing credentials for existing service instances continue to work, so your deployments and authentication won’t be disrupted).
+
+To switch to using this new method for getting credentials, delete your service instances and create new ones.
+
diff --git a/content/news/articles/2017-07-07-release-notes.md b/content/news/articles/2017-07-07-release-notes.md
new file mode 100644
index 0000000..3d1b488
--- /dev/null
+++ b/content/news/articles/2017-07-07-release-notes.md
@@ -0,0 +1,51 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-07-10
+title: "Platform Release Notes: July 10, 2017"
+redirect_from:
+  - /updates/2017-07-07-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov application developer? Here are highlights from our platform updates over the past six weeks.
+<!--more-->
+
+### Added
+* Organization managers can now [add new teammates to your org]({{ site.baseurl }}/docs/apps/managing-teammates.md#give-roles-to-a-teammate) and manage user permissions right from the [dashboard](https://dashboard.fr.cloud.gov/).
+* [cf-service-connect]({{ site.baseurl }}/docs/services/relational-database.md#manually-access-a-database) now supports Windows. [See how to install it here.](https://github.com/18F/cf-service-connect#local-installation)
+
+### Changed
+
+- When you make a new service account or identity provider service instance, you will now [get the credentials using a service key]({{ site.baseurl }}/updates/2017-07-07-changes-to-credentials-broker.md), instead of getting the credentials from a Toaster (formerly Fugacious) link. This doesn’t change existing service account and identity provider instances, but you can delete and recreate them to use this new method.
+- [Static IP addresses for communicating with external apps]({{ site.baseurl }}/docs/apps/static-egress.md): Outbound traffic from cloud.gov now comes from specific IP addresses to help customers open up a connection between cloud.gov and outside data centers.
+- We recommend you upgrade your Cloud Foundry CLI to [the latest version](https://github.com/cloudfoundry/cli/releases) to get the latest bug fixes.
+- We improved the responsiveness of the dashboard to better reflect actions that happen on the backend.
+
+
+### Platform releases
+
+We upgraded the Cloud Foundry deployment to [v264](https://github.com/cloudfoundry/cf-release/releases/tag/v264). This upgrade addresses this security vulnerability: [CVE-2017-4994: Forwarded Headers in UAA](https://www.cloudfoundry.org/cve-2017-4994/).
+
+You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+- [RootFS cflinuxfs2 1.133.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.133.0), which address vulnerabilities described in these security notices:
+  - [USN-3309-1: Libtasn1 vulnerability](https://www.ubuntu.com/usn/USN-3309-1/)
+  - [USN-3304-1: Sudo vulnerability](https://www.ubuntu.com/usn/USN-3304-1/)
+  - [USN-3212-2: LibTIFF regression](https://www.ubuntu.com/usn/USN-3212-2/)
+  - [USN-3302-1: ImageMagick vulnerabilities](https://ubuntu.com/security/notices/USN-3302-1)
+- [Diego 1.19.0](https://github.com/cloudfoundry/diego-release/releases/tag/v1.19.0)
+- Stemcell 3312.29
+- Buildpack updates:
+  - [Java v3.17](https://github.com/cloudfoundry/java-buildpack/releases/tag/v3.17)
+  - [Ruby v1.6.40](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.40)
+  - [Go v1.8.4](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.4)
+  - [NodeJS v 1.5.36](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.5.36)
+  - [Python v1.5.19](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.19)
+  - [PHP v4.3.34](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.34)
+  - [Binary v1.0.13](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.13)
+  - [.NET core v1.0.19](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.19)
+
+### See Also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-07-18-release-notes.md b/content/news/articles/2017-07-18-release-notes.md
new file mode 100644
index 0000000..c34f9e2
--- /dev/null
+++ b/content/news/articles/2017-07-18-release-notes.md
@@ -0,0 +1,41 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-07-18
+title: "Platform Release Notes: July 18, 2017"
+redirect_from:
+  - /updates/2017-07-18-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Added
+* If you need to access multiple S3 buckets using the same credentials — for example to copy files between buckets — you can use the `additional_instances` option when binding. Read the docs to [learn more about how this works]({{ site.baseurl }}/docs/services/s3.md#using-s3-from-your-application).
+* cloud.gov supports Oracle SE1 for relational databases. This is by request only until AWS GovCloud eventually supports SE2. You can read more about [relational database plans and how to request access to the Oracle service plan]({{ site.baseurl }}/docs/services/relational-database.md).
+* We created [a page explaining prototyping packages]({{ site.baseurl }}/docs/pricing/prototyping.md), how you might use them, and what they cost.
+
+### Changed
+* If you have .NET applications you’re interested in running on cloud.gov, the updated [.NET Core buildpack](https://docs.cloudfoundry.org/buildpacks/dotnet-core/index.html) supports [.NET Core 2 Preview (currently in alpha)](https://blogs.msdn.microsoft.com/dotnet/2017/06/28/announcing-net-core-2-0-preview-2/). It’s ready for you to prototype with your .NET applications.
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v267](https://github.com/cloudfoundry/cf-release/releases/tag/v267).
+
+You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+* [RootFS cflinuxfs2 1.138.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.138.0), which addresses this security vulnerability:
+  * [CVE-2017-11103](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11103), service impersonation attack only affecting applications using or embedding Heimdal code before 7.4.
+* [Diego v1.22.0](https://github.com/cloudfoundry/diego-release/releases/tag/v1.22.0)
+* Stemcell
+* Buildpack updates:
+  * [PHP v4.3.29](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.29)
+  * [.NET Core v1.0.21](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.21)
+  * [NodeJS v1.6.2](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.2), which remediates [CVE-2017-1000381 - c-ares NAPTR parser out of bounds access](https://ubuntu.com/security/CVE-2017-1000381.html)
+  * [Python v1.5.20](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.20)
+  * [Staticfile v1.4.10](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.10)
+  * [Ruby v1.6.43](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.43)
+
+### See Also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-08-02-release-notes.md b/content/news/articles/2017-08-02-release-notes.md
new file mode 100644
index 0000000..843e1bc
--- /dev/null
+++ b/content/news/articles/2017-08-02-release-notes.md
@@ -0,0 +1,41 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-08-02
+title: "Platform Release Notes: August 2, 2017"
+redirect_from:
+  - /updates/2017-08-02-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.
+<!--more-->
+
+### Added
+You can [add people to spaces]({{ site.baseurl }}/docs/apps/managing-teammates.md#give-roles-to-a-teammate) from the [dashboard](https://dashboard.fr.cloud.gov/#/) if you’re an Org Manager. For example, this makes it easier for program managers to add developers to projects without using the command line tool.
+
+### Changed
+In the dashboard, Org Managers and Space Managers can [remove a person from a space]({{ site.baseurl }}/docs/apps/managing-teammates.md#space-users) with one click on "Remove All Space Roles".
+Org Managers must remove a person from all spaces before removing them from the Org otherwise. If you try to remove them with the dashboard, you’ll see an error if the user still belongs to any space.
+
+### In case you missed it
+We presented at two events during the Amazon Web Services Public Sector summit: [Deliver your agency mission faster with cloud.gov](https://www.youtube.com/watch?v=NGmDhWEfMuo&list=PLhr1KZpdzukePsKIUofhgp50b63-5yr1V&index=78) and [FedRAMP Accelerated: An update with GSA and cloud.gov](https://www.youtube.com/watch?v=iXqbIxtiwQY&index=87&list=PLhr1KZpdzukePsKIUofhgp50b63-5yr1V).
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v268](https://github.com/cloudfoundry/cf-release/releases/tag/v268#v268-security-notices).
+
+You should [restage your application](http://cli.cloudfoundry.org/en-US/cf/restage.html) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+* [RootFS cflinuxfs2 v1.141.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.141.0) which remediates all 19 CVEs related to [USN-3363-1: ImageMagick vulnerabilities](https://usn.ubuntu.com/usn/USN-3363-1/)
+* [Diego v1.23.1](https://github.com/cloudfoundry/diego-release/releases/tag/v1.23.1)
+* Buildpack updates:
+  * [PHP v4.3.38](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.38) removes PHP versions 5.6.19, 7.0.19, 7.1.5; adds PHP versions 5.6.21, 7.0.21, 7.1.7
+  * [.NET Core v1.0.22](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.22)
+ * [NodeJS v1.6.3](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.3)
+  * [Staticfile v1.4.11](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.11)
+  * [Java v3.19](https://github.com/cloudfoundry/java-buildpack/releases/tag/v3.19) including new Java frameworks
+  * [Ruby v1.6.44](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.44)
+
+### See also
+
+If you’re interested in details about recent dashboard updates, you can also see the [dashboard release notes](https://github.com/18F/cg-dashboard/releases).
diff --git a/content/news/articles/2017-08-11-continuous-improvement-more-tools-help-use-cloud-gov.md b/content/news/articles/2017-08-11-continuous-improvement-more-tools-help-use-cloud-gov.md
new file mode 100644
index 0000000..ce546cd
--- /dev/null
+++ b/content/news/articles/2017-08-11-continuous-improvement-more-tools-help-use-cloud-gov.md
@@ -0,0 +1,58 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-08-11
+title: "Quarterly update: Continuous improvement, more tools to help you use cloud.gov"
+redirect_from:
+  - /updates/2017-08-11-continuous-improvement-more-tools-help-use-cloud-gov/
+---
+
+Every quarter we update you with the important news about new features and updates to the cloud.gov platform. In this edition of the newsletter we have updates about the cloud.gov dashboard and other features for our users as well as stories from our customers, and links to recent presentations about cloud.gov.
+
+### What’s new
+
+#### Use the dashboard to invite new users to your team
+
+Managing users in your organization and granting them the permissions they need should be a straightforward process so your team can get to work building your app on cloud.gov. To make it easier for you and us, we built new features for inviting new users and giving them roles within your organization using the dashboard. With these changes, it's easy for even the least technical people on your team to invite new folks and manage their roles.
+
+!["The user invitation screen with notification"]({{site.baseurl}}/img/invite-users.png){:width=624,height=272}
+
+#### Continuous improvement
+
+Staying compliant with federal laws is crucial to us and to you, but compliant simply isn’t good enough, or fast enough, for us. That’s why [cloud.gov is designed and operated to routinely provide apps the latest security updates]({{ site.baseurl }}/overview/overview/cloudgov-benefits/) within a day of their release. When there’s a major vulnerability in a component managed by cloud.gov, our team makes these updates across the entire platform, so you don’t have to spend time doing it. For updates to the buildpack, operating system, or [any other component we manage]({{ site.baseurl }}/overview/technology/responsibilities/), all that’s typically required is a [restage of your apps]({{ site.baseurl }}/docs/apps/app-maintenance/#restaging-your-app), even as they scale and grow.
+
+#### Improved support and documentation to help you use cloud.gov
+
+We want to make cloud.gov a platform that can successfully support your team and mission. So, we improved our documentation and training to help you find and understand the information you need from the start. For example, we added and documented [support for Oracle SE2 databases]({{ site.baseurl }}/docs/services/relational-database/) and updated the demos for commonly used government applications like [Drupal](https://github.com/18F/cf-ex-drupal) and [WordPress](https://github.com/18f/cf-ex-wordpress).
+
+We also added and documented smaller features like setting up [specific IP addresses to use]({{ site.baseurl }}/docs/apps/static-egress/) when communicating with cloud.gov from apps outside the platform. This will help agencies wanting to use cloud.gov for apps that need to communicate with a system that can’t currently be hosted by us or would be difficult to migrate.
+
+#### Learn about cloud.gov from the AWS Public Sector Summit
+
+cloud.gov recently presented at the AWS Public Sector Summit. We did two sessions, both have been posted to YouTube. The first, [Deliver your agency mission faster with cloud.gov](https://www.youtube.com/watch?v=NGmDhWEfMuo&list=PLhr1KZpdzukePsKIUofhgp50b63-5yr1V&index=78), was about how your agency can use cloud.gov to save time. For the second, we were joined by members of the FedRAMP team to talk more specifically about [cloud.gov's moderate-level P-ATO and the FedRAMP process](https://www.youtube.com/watch?v=iXqbIxtiwQY&index=87&list=PLhr1KZpdzukePsKIUofhgp50b63-5yr1V).
+
+### Interested in using cloud.gov?
+
+#### We can help you figure out whether the platform meets your needs.
+
+Whether a legacy system or new development, we’d love to learn about your apps and websites. Email us at [inquiries@cloud.gov](mailto:inquiries@cloud.gov) and we will contact you to discuss cloud.gov benefits, pricing, and any questions you might have.
+
+#### Prototyping accounts benefit multiple teams
+
+[Prototyping packages are a great way to get started on cloud.gov with real applications]({{ site.baseurl }}/overview/pricing/prototyping/). If you’re thinking about launching a new product, migrating an existing system to the cloud, or want to benefit from the convenience of a platform as a service, you can test your applications and fully evaluate cloud.gov with a prototyping package. $15,000 gets your development team unlimited access to a FedRAMP authorized environment to try experiments, launch new demos, and test as many applications as you need. cloud.gov prototyping packages can’t host production data but once you’re ready, you’ll be able to easily transfer it to a production-ready system.
+
+If you have leftover funds at the end of the fiscal year and need a prototyping account, you can buy one now, start right away and continue to use it for the next 12 months. Contact us right away at [inquiries@cloud.gov](mailto:inquiries@cloud.gov) to get started.
+
+### Featured customers:
+
+#### FBI: Crime Data Explorer
+
+The Federal Bureau of Investigation (FBI) recently launched their new Crime Data Explorer (CDE) on cloud.gov. 18F and the FBI partnered to make crime data more accessible to the American public. The CDE enables users to visualize national, state, and local crime trends and offers bulk datasets and an open API for more detailed views of the data. Check it out at: [https://crime-data-explorer.fr.cloud.gov/](https://crime-data-explorer.fr.cloud.gov/)
+
+!["the fbi crime data explorer homepage" width="624" height="320"]({{site.baseurl}}/img/ fbi-crime-data.png)
+
+#### Federal Election Commission
+
+The Federal Election Commission (FEC) recently relaunched their flagship website, fec.gov, with cloud.gov. The FEC collects financial reports for all federal elections and discloses fundraising figures to the public. By hosting FEC.gov on cloud.gov and moving its data to the cloud, the FEC anticipates saving 85% in hosting costs and is better prepared for peak traffic events. Read a case study about the FEC here: [{{ site.baseurl }}/overview/customer-stories/fec/]({{ site.baseurl }}/overview/customer-stories/fec/) and check out their new, cloud.gov-hosted website at [https://www.fec.gov](https://www.fec.gov)
+
+!["the new cloud.gov hosted fec homepage" width="624" height="320"]({{site.baseurl}}/img/ fec-screen.png)
diff --git a/content/news/articles/2017-08-16-release-notes.md b/content/news/articles/2017-08-16-release-notes.md
new file mode 100644
index 0000000..fe99f5a
--- /dev/null
+++ b/content/news/articles/2017-08-16-release-notes.md
@@ -0,0 +1,52 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-08-16
+title: "Platform Release Notes: August 16, 2017"
+redirect_from:
+  - /updates/2017-08-16-release-notes/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.
+
+### Added
+
+* Space managers can [add any member of your organization to a space from the dashboard]({{ site.baseurl }}/docs/apps/managing-teammates#space-users).
+* Documentation for how to take [snapshots and restore backups of your ElasticSearch service data](https://github.com/cloud-gov/cg-site/blob/6418e8e933f887896a102d8575f1c7af468d1d2f/content/docs/services/elasticsearch24.md).
+* All customers can now use [Oracle’s SE2 relational database]({{ site.baseurl }}/docs/services/relational-database).
+
+### Changed
+
+* On the dashboard, new error messages alert you when you try to remove someone from your organization who still has roles in your spaces.
+<br/>![remove space user dashboard screen]({{site.baseurl}}/img/remove-space-user.png)
+* Visualization of platform uptime available from the [cloud.gov status page](https://cloudgov.statuspage.io/). You can see current and the previous 90 days uptime for customer applications, API, dashboard, and many other components of the cloud.gov platform.
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v270](https://github.com/cloudfoundry/cf-release/releases/tag/v270), which remediates the following vulnerabilities:
+
+* [USN-3378-2: Linux kernel (Xenial HWE) vulnerabilities](https://usn.ubuntu.com/usn/usn-3378-2/)
+* [USN-3346-1: bind9 vulnerabilities](https://usn.ubuntu.com/usn/usn-3346-1/)
+* [USN-3347-1: Libgcrypt vulnerabilities](https://usn.ubuntu.com/usn/usn-3347-1/)
+* [USN-3349-1: NTP vulnerabilities](https://usn.ubuntu.com/usn/usn-3349-1/)
+* [USN-3353-1: Heimdal vulnerability](https://usn.ubuntu.com/usn/usn-3353-1/)
+* [USN-3356-1: Expat vulnerability](https://ubuntu.com/security/notices/USN-3356-1)
+* [USN-3363-1: ImageMagick vulnerabilities](https://usn.ubuntu.com/usn/usn-3363-1/)
+* [USN-3363-2: ImageMagick regression](https://usn.ubuntu.com/usn/usn-3363-2/)
+* [USN-3364-2: Linux kernel (Xenial HWE) vulnerabilities](https://usn.ubuntu.com/usn/usn-3364-2/)
+* [USN-3367-1: gdb vulnerabilities](https://usn.ubuntu.com/usn/usn-3367-1/)
+
+Check out our new page on [application maintenance]({{ site.baseurl }}/docs/apps/app-maintenance). It explains how to restage your application and what else you should do to keep your app up to date and secure. Restaging will [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) included with this release and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+* [RootFS cflinuxfs2 v1.146.0](https://github.com/cloudfoundry/stacks/releases/tag/1.146.0)
+* [Diego v1.24.0](https://github.com/cloudfoundry/diego-release/releases/tag/v1.24.0)
+* Stemcell 3431.13
+* Buildpack updates
+  * [PHP v4.3.39](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.39)
+  * [.NET Core v1.0.23](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.23)
+  * [Binary v1.0.14](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.14)
+  * [NodeJS v1.6.4](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.4)
+  * [Go v1.8.6](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.6)
+  * [Python v1.5.22](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.22)
+  * [Staticfile v1.4.12](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.12)
+  * [Ruby v1.6.46](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.46)
diff --git a/content/news/articles/2017-08-21-max-gov-migration-instructions.md b/content/news/articles/2017-08-21-max-gov-migration-instructions.md
new file mode 100644
index 0000000..04a5169
--- /dev/null
+++ b/content/news/articles/2017-08-21-max-gov-migration-instructions.md
@@ -0,0 +1,51 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-08-22
+title: "Announcement: cloud.gov accounts will migrate to OMB MAX"
+redirect_from:
+  - /updates/2017-08-21-max-gov-migration-instructions/
+---
+
+## Note: This page is out of date as of Nov. 2017. cloud.gov is no longer migrating any users to OMB MAX.
+
+cloud.gov is migrating all users with native cloud.gov accounts (not users with an agency single sign on provider) to use OMB MAX for authentication to the platform. This page is a guide to what will change and how you can prepare for this transition. **We will post future updates on timing at [{{ site.baseurl }}/updates/]({{ site.baseurl }}/updates/) and by email.**
+
+## What’s changing?
+
+Right now, there are two ways to log in to cloud.gov: either you use your agency’s credentials or a cloud.gov account. This change *only affects users with a cloud.gov account*.
+
+Soon, we will switch these users to use OMB MAX to log in to cloud.gov. We’re making this change to make managing your account easier for you and your agency. We don't have a definitive deadline yet but we will give you __at least three weeks notice__ before we make the switch.
+
+## What does this mean for me?
+
+**If you already use your agency’s single sign-on (SSO) to log in to cloud.gov:** There is nothing further you need to do. Currently agencies using SSO are EPA, GSA, and FDIC. These customers will continue to log in as usual.
+
+**If you use a cloud.gov account and already have a MAX account:** Double check that you can log in successfully to MAX using a PIV/CAC card or username and password with a Secure+ SMS 2-factor device.
+
+**If you use a cloud.gov account to log in and don’t have a MAX account:** You need to create a MAX account with your PIV/CAC card or username and password with a Secure+ 2-factor device. Once we switch, you’ll be required to use that account to login to cloud.gov and all associated services. *You can create your account at any time.*
+
+To create a MAX account:
+
+* Go to [login.max.gov](https://login.max.gov), if you see your agency's logo, click it and sign in with your agency credentials.
+* Go to [login.max.gov](https://login.max.gov), if you don't see your agency's logo, click the green Register Now button in the top right corner.
+  * Register with a PIV/CAC card if you have one and a working card reader
+  * Register with a username, password, and a Secure+ 2-factor device to your account if you don't have a card reader.
+
+### What about contractors?
+
+If you're a contractor with a federal agency email address, you should be able to self-register just like federal employees. If you're a contractors or working with cloud.gov without a government email address, you’ll need to ask your agency to [contact OMB MAX directly](https://max.gov/maxportal/home.action) to create your account for you.
+
+## Prepare for the switch
+
+You can create your account anytime and it only takes a few minutes. We encourage you to do it soon so you're prepared when we do switch.
+
+After the switch, you won’t be able to login with your cloud.gov account. If you don’t make a MAX account before then, your apps, orgs, and spaces will not go away but you won’t be able to login to either the dashboard or the CLI. Once you create a MAX account, you’ll regain access.
+
+## What is OMB MAX?
+
+OMB MAX is a governmentwide collaboration platform with an authentication system agencies can use to log in to other shared services. MAX.gov also enables using a PIV/CAC card to log in to web services.
+
+Though we currently use multi-factor authentication for all cloud.gov accounts, switching to MAX accounts enables agencies which require PIV/CAC cards for login to use cloud.gov more easily. MAX also makes it easier for agencies to meet their own compliance requirements for users of cloud.gov by implementing single sign-on with agency services. For most users, this will provide a better user experience by not having a separate login and second factor to keep track of for cloud.gov.
+
+If you have questions about logging into cloud.gov, please [email us]({{ site.baseurl }}/docs/help/). For questions about MAX.gov and setting up your account, [contact OMB MAX directly](https://max.gov/maxportal/webPage/contactUs.action). We appreciate your patience and cooperation as we work to implement MAX authentication with cloud.gov.
diff --git a/content/news/articles/2017-08-31-release-notes-plus-join-september-workshop.md b/content/news/articles/2017-08-31-release-notes-plus-join-september-workshop.md
new file mode 100644
index 0000000..87d0176
--- /dev/null
+++ b/content/news/articles/2017-08-31-release-notes-plus-join-september-workshop.md
@@ -0,0 +1,50 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-08-31
+title: "cloud.gov platform release notes, plus join our workshop on September 28"
+redirect_from:
+  - /updates/2017-08-31-release-notes-plus-join-september-workshop/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.
+
+### Announcements
+
+**cloud.gov Workshop:** [You’re invited to our free cloud.gov workshop on September 28th](https://www.digitalgov.gov/event/hands-on-workshop-with-cloud-gov/). If you’re evaluating cloud.gov or getting started with it, you will learn how to use cloud.gov to launch applications and get the power and advantages that come from using a Platform as a Service. Bring a laptop if you're coming in-person or join us online to learn how cloud.gov can work for you.
+
+**cloud.gov authentication moving to OMB MAX:** If you use a cloud.gov account (not if you use EPA, FDIC, or GSA single sign-on login), [read our August 22 update about our plan to migrate your account’s authentication to OMB MAX]({{ site.baseurl }}/updates/2017-08-21-max-gov-migration-instructions/). We’ll notify you at least three weeks before we make the switch. You can create your MAX account any time. We encourage you to do it soon so you’re set well in advance.
+
+### Added
+
+* Inline messages provide guidance on what roles are required to add or modify users on the dashboard.
+
+### Fixed
+
+* In the dashboard, users who are already added to your spaces will not show up in the drop down list of users.
+* Previously, users who were added to cloud.gov from a space page on the dashboard did not immediately appear in the list of users for that space
+
+### In case you missed it
+
+[Our latest quarterly newsletter is out]({{ site.baseurl }}/updates/2017-08-11-continuous-improvement-more-tools-help-use-cloud-gov/) and features stories about how two of our customers, FEC and FBI, used the platform. Do you know of an app on cloud.gov more people should be aware of? [Let us know](mailto:inquiries@cloud.gov) what the app is and we’ll reach out to learn more about it.
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v271](https://github.com/cloudfoundry/cf-release/releases/tag/v271).
+
+You should [restage your application]({{ site.baseurl }}/docs/apps/app-maintenance) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) included with this release and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+
+* [RootFS cflinux2 v1.150.0](https://github.com/cloudfoundry/stacks/releases/tag/1.150.0)
+* Remediates all 8 CVEs contained in [USN-3398-1](https://usn.ubuntu.com/usn/USN-3398-1/)
+* [Diego v1.25.1](https://github.com/cloudfoundry/diego-release/releases/tag/v1.25.1)
+* Stemcell 3445.2
+* Remediates USN-3392-2: Linux kernel (Xenial HWE) regression
+* Buildpack updates
+  - [PHP v4.3.40](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.40)
+  - [.NET Core v1.0.24](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.24)
+  - [Binary v1.0.14](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.14)
+  - [NodeJS v1.6.6](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.6)
+  - [Python v1.5.24](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.5.24)
+  - [Staticfile v1.4.13](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.13)
+  - [Ruby v1.6.47](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.6.47)
diff --git a/content/news/articles/2017-09-12-high-availability-redis-upcoming-workshop-more-from-cloud-gov.md b/content/news/articles/2017-09-12-high-availability-redis-upcoming-workshop-more-from-cloud-gov.md
new file mode 100644
index 0000000..7a2fd1c
--- /dev/null
+++ b/content/news/articles/2017-09-12-high-availability-redis-upcoming-workshop-more-from-cloud-gov.md
@@ -0,0 +1,39 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-09-12
+title: "High availability Redis, our upcoming workshop, and more from cloud.gov"
+redirect_from:
+  - /updates/2017-09-12-high-availability-redis-upcoming-workshop-more-from-cloud-gov/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our platform updates over the past two weeks.
+
+### Announcements
+
+**Reminder:** [Our workshop is coming up on September 28th](https://www.digitalgov.gov/event/hands-on-workshop-with-cloud-gov/). If you’re evaluating cloud.gov or getting started with it, you will learn how to use cloud.gov to launch applications and get the power and advantages that come from using a Platform as a Service. Bring a laptop if you're coming in-person or join us online to learn how cloud.gov can work for you. [Register now if you’d like to attend!](https://www.eventbrite.com/e/hands-on-workshop-with-cloudgov-registration-36963135734)
+
+### Added
+* [Redis 3.2]({{ site.baseurl }}/docs/services/redis), including both standard and high availability versions, are now available! If you use Redis, we encourage you to upgrade your application to use these beta version 3.2 services instead of the older alpha version 2.8 service.
+* The [.NET Core buildpack](https://docs.cloudfoundry.org/buildpacks/dotnet-core/index.html#cli-tools) includes support for .NET Core 2.0. The[ 2.0 SDK is now the default](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.25) for C# and Visual Basic apps. .NET Core 2.0 supports [.NET Standard 2.0](https://docs.microsoft.com/en-us/dotnet/api/?view=netstandard-2.0), more than doubling that set of APIs available for your .NET projects on cloud.gov.
+* Updated documentation about how to [securely authenticate your communication with external services]({{ site.baseurl }}/docs/apps/static-egress).
+
+### Deprecated
+* Redis version 2.8 is no longer supported and will eventually be unavailable. Please migrate to version 3.2 as soon as possible and watch upcoming release notes for news about this service’s end of life.
+
+### Fixed
+* In the dashboard, org managers are now able to properly adjust user roles in their spaces.
+* Some marketplace services cannot be configured via the dashboard. The dashboard now directs you to instructions for using the CLI to provision the service.
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v272](https://github.com/cloudfoundry/cf-release/releases/tag/v272).
+
+You should [restage your application]({{ site.baseurl }}/docs/apps/app-maintenance) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) included with this release and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+* [Diego v1.25.3](https://github.com/cloudfoundry/diego-release/releases/tag/v1.25.3)
+* [Stemcell v3445.7](https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent)
+* Buildpacks:
+  * [.NET Core v1.0.25](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.25)
+  * [Go v1.8.7](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.7)
+  * [Staticfile v1.4.14](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.14)
diff --git a/content/news/articles/2017-11-20-release-notes-buildpacks-volume-services-other-new-features.md b/content/news/articles/2017-11-20-release-notes-buildpacks-volume-services-other-new-features.md
new file mode 100644
index 0000000..7ad77f1
--- /dev/null
+++ b/content/news/articles/2017-11-20-release-notes-buildpacks-volume-services-other-new-features.md
@@ -0,0 +1,63 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-11-20
+title: "cloud.gov monthly update: Buildpack notifications, volume services, and other new features"
+redirect_from:
+  - /updates/2017-11-20-release-notes-buildpacks-volume-services-other-new-features/
+---
+
+
+We’ve been hard at work shipping out new features to help you make your apps better, more secure, and improve your experience developing and deploying them. There’s a lot more in here than usual. We hope you see some features and additions in here that you’ve been waiting for. As always, get in touch with us if you have any questions or feedback about these features. See you next month.
+
+### Added
+
+* Part of keeping your app on cloud.gov secure is [using the latest version of your app’s buildpack]({{ site.baseurl }}/docs/apps/app-maintenance). In addition to keeping you updated in these release notes, we’ll now send you an email notification when a new version of your buildpack is available.
+* We have experimental support for [volume services]({{ site.baseurl }}/docs/apps/experimental/experimental). Since a cloud.gov app normally has a short-lived file system, this enables you to build an app that requires persistent file storage. [Contact us if you’d like to try this]({{ site.baseurl }}/docs/apps/experimental/experimental).
+* One of our engineers gave us the ability to make [Mermaid diagrams](https://mermaidjs.github.io/) on the cloud.gov website, and we almost got carried away creating visualizations of different parts of the platform. Here are a couple we think will help you out:
+  * [A comparison of how apps with custom domains and those with the default \*.app.cloud.gov domain are served to users]({{ site.baseurl }}/docs/apps/custom-domains#comparison-of-default-domains-and-custom-domains).
+  * [How to incorporate a CI/CD workflow into your app]({{ site.baseurl }}/docs/apps/continuous-deployment#configure-your-service).
+* [The cloud.gov dashboard](https://dashboard.fr.cloud.gov/) now lets you [manage environment variables](https://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html) for your apps. To see it in action, go to an app page in the dashboard and try viewing, adding, or editing an environment variable. You can also see all the environment variables set by the system from the same view. Change variables with caution, as environment variables will be lost if your app is recreated. We recommend storing non-sensitive configuration variables in your application manifest and sensitive variables in user-provided services.
+  
+  Thanks to our antipodal compatriots with the [Australian Government Digital Transformation Agency](https://www.dta.gov.au/what-we-do/platforms/cloud/) for this code contribution.
+
+!["Screenshot of the environment variable editing view on the dashboard in which a user-defined environment variable with the name 'app_version' has been assigned the value '1.0.1'"]({{site.baseurl}}/img/dashboard-envs.png)
+
+### Updates
+
+Make sure to use the latest version of the Cloud Foundry CLI. The most recent updates contain new commands and bug fixes. You can [download the latest binary for Windows, Mac, or Linux from GitHub](https://github.com/cloudfoundry/cli/releases).
+
+### Announcement
+
+* We will not, as we previously announced, be [switching users with cloud.gov accounts to sign in with MAX.gov]({{ site.baseurl }}/updates/2017-08-21-max-gov-migration-instructions).
+* cloud.gov removed the insecure 3DES cipher from all (including customers) CloudFront CDN distributions ahead of the 120 day deadline. Learn more about this from [the Department of Homeland Security](https://cyber.dhs.gov/#ii-required-actions).
+
+### Coming soon
+
+#### Sandbox apps will expire after 90 days
+
+We plan to automatically delete apps in [sandbox spaces]({{ site.baseurl }}/docs/pricing/free-limited-sandbox#sandbox-limitations) after 90 days. We’ll send email notifications before this happens. If you’re developing something you need to keep long-term, we recommend moving it to a prototyping space. If you’d like to [start the process of purchasing a prototyping package]({{ site.baseurl }}/docs/pricing/prototyping), get in touch with us.
+
+#### Additional TIC compliance support
+
+To support agency implementations of Trusted Internet Connection (TIC) requirements, we’ve published [documentation about complying with TIC for apps on cloud.gov]({{ site.baseurl }}/docs/compliance/meeting-tic-requirements). To support a wider range of agency TIC needs, we’ve also built a way to [support restricting users to trusted IP ranges]({{ site.baseurl }}/docs/apps/experimental/restricting-users-to-trusted-ip-ranges). We’re waiting to fully implement it until after it’s passed FedRAMP review, but in the meantime, let us know if you have questions or want to use it.
+
+### Platform releases
+
+We upgraded the Cloud Foundry deployment to [v278](https://github.com/cloudfoundry/cf-release/releases/tag/v278).
+
+You should [restage your application]({{ site.baseurl }}/docs/apps/app-maintenance) to [incorporate fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensure you’re running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+#### Additional upgrades
+* [Diego v1.29.2](https://github.com/cloudfoundry/diego-release/releases/tag/v1.29.2)
+* [Stemcell v3468.5](https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent)
+* Buildpacks:
+  * [Staticfile v1.4.18](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.18)
+  * [Java v4.6](https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.6)
+  * [Ruby v1.7.5](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.7.5)
+  * [NodeJS v1.6.10](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.10)
+  * [Go v1.8.13](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.13)
+  * [Python v1.6.1](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.6.1)
+  * [PHP v4.3.43](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.43)
+  * [.NET-core v1.0.30](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.30)
+  * [Binary v1.0.15](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.15)
diff --git a/content/news/articles/2017-12-08-starting-now-sandboxes-expire-after-90-days.md b/content/news/articles/2017-12-08-starting-now-sandboxes-expire-after-90-days.md
new file mode 100644
index 0000000..41807cc
--- /dev/null
+++ b/content/news/articles/2017-12-08-starting-now-sandboxes-expire-after-90-days.md
@@ -0,0 +1,21 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-12-08
+title: "Starting now, sandboxes expire after 90 days"
+redirect_from:
+  - /updates/2017-12-08-starting-now-sandboxes-expire-after-90-days/
+---
+
+Starting today, [sandbox spaces]({{ site.baseurl }}/docs/pricing/free-limited-sandbox) will expire automatically every 90 days, as planned in our [monthly update from November]({{ site.baseurl }}/updates/2017-11-20-release-notes-buildpacks-volume-services-other-new-features).
+
+Here's what to expect:
+
+* Any sandbox applications you have right now will be deleted 90 days from today, along with service instances (such as databases), routes, etc., in the sandbox.
+* You will not lose your cloud.gov account.
+* You can start a new 90-day evaluation period just by creating a new app or service.
+* Starting five days before we delete your sandbox, we'll send you an email reminder every day unless you delete your applications yourself.
+
+We're putting in place this clean-up process to ensure that any unmaintained test applications won't become increasingly vulnerable to new security exploits. This process also ensures that any forgotten test applications won't indefinitely consume resources.
+
+For long-term prototyping, consider purchasing a paid cloud.gov plan. [Any prototyping or production package]({{ site.baseurl }}/pricing/) will allow you to host apps without time limitations. Contact us at [inquiries@cloud.gov](mailto:inquiries@cloud.gov) with any questions or to start purchasing a paid plan.
diff --git a/content/news/articles/2017-12-27-new-homepage-quickstart-guide-more.md b/content/news/articles/2017-12-27-new-homepage-quickstart-guide-more.md
new file mode 100644
index 0000000..8e684fa
--- /dev/null
+++ b/content/news/articles/2017-12-27-new-homepage-quickstart-guide-more.md
@@ -0,0 +1,44 @@
+---
+layout: layouts/post
+tags: news
+date: 2017-12-27
+title: "A new homepage, quickstart guide, and more"
+redirect_from:
+  - /updates/2017-12-27-new-homepage-quickstart-guide-more/
+---
+
+We’ve been hard at work making cloud.gov work for you. We’re constantly optimizing the platform so it’s secure and meets your expectations.
+
+Here are some highlights from our platform updates in the last month.
+
+### Added
+
+* We updated our homepage! Now you can find more helpful resources and links to customer testimonials from the homepage. [Check it out]({{ site.baseurl }}/) and let us know what you think.
+* If you’re new to cloud.gov and haven’t launched an app yet, [check out our new quickstart guide]({{ site.baseurl }}/quickstart/). There, you’ll learn the basics of launching an app on cloud.gov and can even watch video from a recent workshop to help you get started.
+* We have documentation about the security-related HTTP headers cloud.gov sets by default. [Learn about these headers and how to change them]({{ site.baseurl }}/docs/apps/headers) for your app in the docs.
+* If you need to get an ATO for a system on cloud.gov, [we have a page]({{ site.baseurl }}/docs/compliance/ato-process) explaining terms and showing how your ATO can inherit from cloud.gov’s.
+
+### Announcements!
+
+* As we announced earlier this month, we are going to start clearing the content of sandboxes 90 days after they were created. See [our previous update about this]({{ site.baseurl }}/updates/2017-12-08-starting-now-sandboxes-expire-after-90-days) for more information about what to expect. You can always contact us about upgrading to a prototyping or production plan.
+* We’re looking for cloud.gov customers to help us make the platform better by sharing their experiences with us. [Contact us if you’d like to participate](mailto:inquiries@cloud.gov).
+
+We notify you when your [application needs restaging]({{ site.baseurl }}/docs/apps/app-maintenance). This process [incorporates fixes in the base filesystem](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html#cli-commands) and ensures your applications are running the most recent language version supported by your [buildpack](https://docs.cloudfoundry.org/buildpacks/).
+
+### Platform releases
+We upgraded the Cloud Foundry deployment to [v283](https://github.com/cloudfoundry/cf-release/releases/tag/v283).
+
+#### Additional upgrades
+* [Diego v1.32.0](https://github.com/cloudfoundry/diego-release/releases/tag/v1.32.0)
+* [Stemcell v3468.15](https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent)
+* [RootFS cflinuxfs2 v 1.176.0](https://github.com/cloudfoundry/stacks/releases/tag/1.176.0)
+* Buildpacks:
+  * [staticfile: v1.4.20](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.20)
+  * [java: v4.7.1](https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.7.1)
+  * [ruby: v1.7.8](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.7.8)
+  * [nodejs: v1.6.13](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.13)
+  * [go: v1.8.15](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.15)
+  * [python: v1.6.4](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.6.4)
+  * [php: v4.3.46](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.46)
+  * [dotnet-core: v1.0.30](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v1.0.30)
+  * [binary: v1.0.15](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.15)
diff --git a/content/news/articles/2018-01-05-meltdown-statement.md b/content/news/articles/2018-01-05-meltdown-statement.md
new file mode 100644
index 0000000..4578b67
--- /dev/null
+++ b/content/news/articles/2018-01-05-meltdown-statement.md
@@ -0,0 +1,29 @@
+---
+layout: layouts/post
+tags: news
+date: 2018-01-05
+title: "Note about Meltdown/Spectre vulnerabilities"
+redirect_from:
+  - /updates/2018-01-05-meltdown-statement/
+---
+
+cloud.gov is tracking the recent public disclosure of vulnerabilities in modern CPUs, named the [Meltdown and Spectre](https://meltdownattack.com/) attacks.
+We are taking all available steps to mitigate the impact of these vulnerabilities. No customer action is required.
+
+Our cloud infrastructure provider [has already updated their systems](https://aws.amazon.com/security/security-bulletins/AWS-2018-013/) so that cloud.gov customer applications are not vulnerable to Meltdown attacks from other tenants in AWS GovCloud.
+
+When an update for the platform operating system is released, we will apply it. This will prevent Meltdown attacks between customer applications within cloud.gov. We use Ubuntu, which [plans to release an update very soon](https://canonical.com/blog/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities). Then the [Cloud Foundry team will release a CF-customized version](https://www.cloudfoundry.org/meltdown-spectre-attacks/), and we will apply the update to cloud.gov. This will be [routine maintenance]({{ site.baseurl }}/docs/apps/app-maintenance#operating-system-patching) with no expected downtime.
+
+We expect to have this update complete on or before the public release of proof-of-concept Meltdown exploit code on January 9.
+
+There is no immediate remedy for Spectre attacks for any cloud service provider. Everyone must [upgrade their operating system and browsers](https://www.kb.cert.org/vuls/id/584653) to protect from all websites on the internet.
+
+We will update this note as the release process progresses. If you have questions, email us at [support@cloud.gov](mailto:support@cloud.gov).
+
+**Update** (January 9, 2018, 11 pm ET): Ubuntu has released an update with the relevant patches. We expect Cloud Foundry to released a CF-customized version in the next day, and we will apply the update when available.
+
+**Update** (January 10, 2018, 11 am ET): Cloud Foundry released their version of Ubuntu with the Meltdown patches at 12:33 a.m. ET this morning. We are updating the development and staging environments of cloud.gov and testing this release, then we will proceed with our production update later today. This will be [routine maintenance]({{ site.baseurl }}/docs/apps/app-maintenance#operating-system-patching) with no expected downtime.
+
+**Update** (January 11, 2018, 5 pm ET): We've completed production deployment of the Cloud Foundry version of Ubuntu with initial Meltdown patches. Ubuntu and Cloud Foundry continue to release updates with additional patches, and we're following our standard deployment process as they become available.
+
+**Update** (January 23, 2018, 8 pm ET): Ubuntu and Cloud Foundry released operating system updates including [mitigations for the Spectre class of vulnerabilities](https://usn.ubuntu.com/usn/usn-3540-2/) early this morning. We've completed deploying these updates in the cloud.gov production environment.
diff --git a/content/news/articles/2018-01-11-outage-postmortem.md b/content/news/articles/2018-01-11-outage-postmortem.md
new file mode 100644
index 0000000..6fd2436
--- /dev/null
+++ b/content/news/articles/2018-01-11-outage-postmortem.md
@@ -0,0 +1,14 @@
+---
+layout: layouts/post
+tags: news
+date: 2018-01-11
+title: "Major outage postmortem"
+redirect_from:
+  - /updates/2018-01-11-outage-postmortem/
+---
+
+On Tuesday January 9 from 17:09 EST to approximately 23:42 EST (6 hours and 33 minutes), the cloud.gov platform and customer applications were unavailable. This was the longest and most significant outage in the history of our platform. No data was lost.
+
+[We've published a postmortem](https://cloudgov.statuspage.io/incidents/32bd83xh70qk) that includes what we're doing to prevent this problem from happening again.
+
+If you aren't already subscribed to updates about platform service disruptions and scheduled maintenance, you can [subscribe on our platform status tracker](https://cloudgov.statuspage.io/).
\ No newline at end of file
diff --git a/content/news/articles/2018-02-13-elasticsearch-56-upcoming-cloud-foundry-summit-and-platform-updates.md b/content/news/articles/2018-02-13-elasticsearch-56-upcoming-cloud-foundry-summit-and-platform-updates.md
new file mode 100644
index 0000000..82528e4
--- /dev/null
+++ b/content/news/articles/2018-02-13-elasticsearch-56-upcoming-cloud-foundry-summit-and-platform-updates.md
@@ -0,0 +1,51 @@
+---
+layout: layouts/post
+tags: news
+date: 2018-02-13
+title: "Elasticsearch 5.6, upcoming Cloud Foundry Summit, and platform updates"
+redirect_from:
+  - /updates/2018-02-13-elasticsearch-56-upcoming-cloud-foundry-summit-and-platform-updates/
+---
+
+!["FEC case study illustration"]({{site.baseurl}}/img/"fec-case-study-illo.svg")
+### Announcements
+
+- **In this featured [FEC Case Study]({{ site.baseurl }}/overview/customer-stories/fec/)**, find out how cloud.gov helps the agency ensure their applications are available, secure, and resilient. Want us to feature your agency? Drop us a line at [inquiries@cloud.gov](mailto:inquiries@cloud.gov?subject="Case%20Study").  
+- **Join us at the [Cloud Foundry Summit](https://www.cloudfoundry.org/event/nasummit2018/)** on April 18-20 in Boston, MA. Members of the cloud.gov team will present at this gathering of people who use and run platforms—like cloud.gov—that are based on the Cloud Foundry open source project. It includes [government-focused sessions](https://cfna18.sched.com/overview/type/Government+%26+Wild+Card) and training opportunities that may be useful to you and your team.
+
+### Added
+
+- Elasticsearch version 5.6 is now available. This includes [performance improvements and new features](https://www.elastic.co/blog/elasticsearch-5-0-0-released). We recommend upgrading from version 2.4 to 5.6, but we don’t have near-term plans to end support for 2.4.  
+- If your application involves multiple languages, and it’s not practical to split it into smaller applications, cloud.gov now has [improved support for multiple buildpacks]({{ site.baseurl }}/docs/apps/experimental/custom-buildpacks/#experimental-multi-buildpack-support)  
+
+### Fixed
+
+- [Upgrade to the latest version of the CF CLI tool v6.34.1](https://github.com/cloudfoundry/cli/releases/tag/v6.34.1) for improvements and bug fixes.  
+- [If you deploy Docker containers]({{ site.baseurl }}/docs/apps/experimental/docker/), it’s now possible to push Docker images from an Azure container registry.  
+
+
+### Buildpack updates
+
+- [PHP Buildpack v4.3.46 &rarr; 4.3.48](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.48)
+  - Added PHP 7.2.1
+- [.NET Core Buildpack 1.0.25 &rarr; 2.0.1](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v2.0.1)
+  - .NET Core now defaults to 2.x
+- [NodeJS Buildpack  1.6.13 &rarr; 1.6.15](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.15)
+  - Default NodeJS is now 6.x
+  - Added 9.3.0
+- [Python Buildpack 1.6.4 &rarr; 1.6.7](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.6.7)
+- [Staticfile Buildpack 1.4.20 &rarr; 1.4.21](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.21)
+- [Java Buildpack 4.7.1 &rarr; 4.8](https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.8)
+  - Upgraded to openjdk JRE 1.8.0_162
+- [Ruby Buildpack 1.7.8 &rarr; 1.7.11](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.7.11)
+  - This resolves a bug with Rails `asset:precompile`.
+  - Default Ruby is now 2.4
+  - Removed Ruby 2.1
+
+
+### Platform updates
+
+  - [Stemcell v3468.15 &rarr; 3468.21](https://bosh.io/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent)
+  - CloudFoundry v283 &rarr; [Cloud Foundry Deployment cf-deployment v1.9.0]( https://github.com/cloudfoundry/cf-deployment/releases/tag/v1.9.0)
+  - [Diego v1.32.0 &rarr; 1.34.0](https://github.com/cloudfoundry/diego-release/releases/tag/v1.34.0)
+  - [RootFS cflinuxfs2 v1.176.0 &rarr; 1.187.0](https://github.com/cloudfoundry/stacks/releases/tag/1.187.0)
diff --git a/content/news/articles/2018-03-14-TLS-10-and-11-support-deprecated-Drupal-8-made-easy-and-platform-updates.md b/content/news/articles/2018-03-14-TLS-10-and-11-support-deprecated-Drupal-8-made-easy-and-platform-updates.md
new file mode 100644
index 0000000..647faaf
--- /dev/null
+++ b/content/news/articles/2018-03-14-TLS-10-and-11-support-deprecated-Drupal-8-made-easy-and-platform-updates.md
@@ -0,0 +1,62 @@
+---
+layout: layouts/post
+tags: news
+date: 2018-03-14
+title: "TLS 1.0 and 1.1 support removal, Drupal 8 made easy, and platform updates"
+redirect_from:
+  - /updates/2018-03-14-TLS-10-and-11-support-deprecated-Drupal-8-made-easy-and-platform-updates/
+---
+
+### Upcoming breaking change
+- **We will remove support for TLS 1.0 and 1.1 connections to all applications on cloud.gov on March 30, so that all connections must use TLS 1.2**. TLS 1.0 and 1.1 are outdated versions of the encryption protocol for HTTPS connections, and federal standards require federal systems to stop using them ([see FedRAMP TLS Requirements](https://www.fedramp.gov/assets/resources/documents/CSP_TLS_Requirements.pdf)). After this change, your applications will be inaccessible for anyone using a client device that requires TLS 1.1 or lower. We estimate this change will block less than 1 percent of traffic that reaches applications hosted on cloud.gov today. It’s probably required for your applications by your own agency as well, but if you have any concerns or questions, please [contact us]({{ site.baseurl }}/docs/help/).
+
+### Announcements
+
+- **Join us at the [Cloud Foundry Summit](https://www.cloudfoundry.org/event/nasummit2018/)** on April 18-20 in Boston. Members of the cloud.gov team will present at this gathering of people who use and run platforms—like cloud.gov—that are based on the Cloud Foundry open source project. It includes [government-focused sessions](https://cfna18.sched.com/overview/type/Government+%26+Wild+Card) and training opportunities that may be useful to you and your team.
+
+- **We invite research volunteers** to help us improve cloud.gov. To participate, click on the embedded sign-up form at the bottom of the [home page](https://cloud.gov).
+
+
+### Added
+
+- **We’ve made a demo showing how easy it is to [deploy Drupal 8 to cloud.gov](https://github.com/18F/cf-ex-drupal)**. 
+
+- **We’ve provided [a guide]({{ site.baseurl }}/docs/compliance/auditing-activity/)** explaining how to generate audit logs for events such as role changes, service bindings, and 75+ other events.  
+
+### Fixed
+
+- **We’ve updated the [Overview for assessors]({{ site.baseurl }}/docs/compliance/for-assessors/) page** to clarify that logs are encrypted during transit and at rest.  
+
+
+### Buildpack updates
+
+- [PHP Buildpack 4.3.49](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.3.49)
+  - Added PHP 7.1.14, 7.2.2, removed 7.1.12, 7.2.0
+  - Upgraded Redis to 3.1.6
+- [.NET Core Buildpack 2.0.2](https://github.com/cloudfoundry/dotnet-core-buildpack/releases/tag/v2.0.2)
+  - Updated to allow manifest overrides  
+- [Binary Buildpack 1.0.17](https://github.com/cloudfoundry/binary-buildpack/releases/tag/v1.0.17)
+  - Now emits error message when no start command is given
+- [NodeJS Buildpack 1.6.18](https://github.com/cloudfoundry/nodejs-buildpack/releases/tag/v1.6.18)
+  - Added Node 6.13.0, removed Node 6.12.2
+- [Go Buildpack 1.8.19](https://github.com/cloudfoundry/go-buildpack/releases/tag/v1.8.19)
+  - Added Go 1.10
+- [Python Buildpack 1.6.9](https://github.com/cloudfoundry/python-buildpack/releases/tag/v1.6.9)
+  - Added Python 3.5.5, 3.4.8, removed 3.5.3, 3.4.6
+- [Staticfile Buildpack 1.4.22](https://github.com/cloudfoundry/staticfile-buildpack/releases/tag/v1.4.22)
+  - Enables custom 404 pages
+  - Closes JSON bug with credentials
+- [Ruby Buildpack 1.7.13](https://github.com/cloudfoundry/ruby-buildpack/releases/tag/v1.7.13)
+  - Added Node 6.13.0, removed Node 6.12.3
+  - Added RubyGems 2.7.6, removed 2.7.4
+- [RootFS cflinuxfs2 1.188.0](https://github.com/cloudfoundry/cflinuxfs2/releases/tag/1.188.0)
+  - USN-3577-1 cups vulnerabilities
+  - USN-3569-1 libvorbis vulnerabilities 
+  - USN-3554-1 curl vulnerabilities
+- [Cloud Foundry Deployment 1.16.0](https://github.com/cloudfoundry/cf-deployment/releases/tag/v1.16.0)
+  - Simplifies platform operations and maintenance, removes legacy properties 
+- [Diego 2.0.0](https://github.com/cloudfoundry/diego-release/releases/tag/v2.0.0)
+  - Upgraded to major version 2 release with better container scheduling, dependency management and all components now use mutual TLS
+- [Stemcell 3541.9](https://github.com/cloudfoundry/bosh-linux-stemcell-builder/releases/tag/stable-3541.9)
+  - USN-3594-1 Spectre variant 2 mitigation
+  - USN-3582-2 Linux kernel vulnerabilities
diff --git a/content/news/articles/2018-05-21-new-custom-domain-service.md b/content/news/articles/2018-05-21-new-custom-domain-service.md
new file mode 100644
index 0000000..5e62d40
--- /dev/null
+++ b/content/news/articles/2018-05-21-new-custom-domain-service.md
@@ -0,0 +1,12 @@
+--- 
+layout: layouts/post
+tags: news
+date: 2018-05-21
+title: "New custom domain service" 
+redirect_from:
+  - /updates/2018-05-21-new-custom-domain-service/
+---
+
+For custom domain support, cloud.gov provides a [CDN service]({{ site.baseurl }}/docs/services/cdn-route) that uses AWS CloudFront. AWS CloudFront is outside the AWS FedRAMP P-ATO boundary, so we’ve updated the CDN service documentation to [explain the compliance impact of using this service more clearly]({{ site.baseurl }}/docs/services/cdn-route#before-you-use-this-service).
+
+cloud.gov now also provides a [custom domain service]({{ site.baseurl }}/docs/services/custom-domains) without CloudFront. You can use the CDN service or custom domain service according to your technical and compliance needs. If you’re using the CDN service and you need to switch to the custom domain service, [follow the instructions on the custom domain page]({{ site.baseurl }}/docs/services/custom-domains).
diff --git a/content/news/articles/2018-10-22-s3-sandbox-plan.md b/content/news/articles/2018-10-22-s3-sandbox-plan.md
new file mode 100644
index 0000000..7bf3933
--- /dev/null
+++ b/content/news/articles/2018-10-22-s3-sandbox-plan.md
@@ -0,0 +1,14 @@
+--- 
+layout: layouts/post
+tags: news
+date: 2018-10-22
+title: "New S3 plan for sandboxes" 
+redirect_from:
+  - /updates/2018-10-22-s3-sandbox-plan/
+---
+
+In the past, we've had issues with users being notified of a sandbox purge even though the sandbox didn't actually get cleared. So in order to provide a more seamless experience, cloud.gov now offers S3 service plans for sandboxes that automatically clear your S3 contents whenever your sandbox is cleared. 
+
+As a result, if you intend on storing important files in your sandbox, **you must implement some type of backup scheme**.  
+
+The two plans available for your sandbox are `basic-sandbox` and `basic-public-sandbox`. The behavior of these service plans is the same as `basic` and `basic-public` respectively, with the only exception being that the buckets are cleared any time `cf delete-service SERVICE_INSTANCE` is run on these plans.  
diff --git a/content/news/articles/2018-10-30-release-notes.md b/content/news/articles/2018-10-30-release-notes.md
new file mode 100644
index 0000000..5c062b4
--- /dev/null
+++ b/content/news/articles/2018-10-30-release-notes.md
@@ -0,0 +1,58 @@
+---
+layout: layouts/post
+tags: news
+date: 2018-10-30
+title: "Release notes" 
+redirect_from:
+  - /updates/2018-10-30-release-notes/
+---
+
+Here's the latest on how we've been trying to make cloud.gov simpler and more secure. (If you find yourself needing to explain cloud.gov to coworkers or leadership, take a look at our [new two-pager]({{ site.baseurl }}/resources/cloudgov-overview-2018.pdf)!)
+
+### New dashboard (now in preview mode)
+
+Check out the preview version of our [new web dashboard](https://dashboard-beta.fr.cloud.gov/login). It still gives you web-based access to an overview of your applications and lets you do common tasks, but this new version brings many more command-line tasks to the web like  viewing application logs and the ability to SSH into your application. It’s still a preview because there are some confusing parts of the interface, and it’s missing a few tools from the current dashboard (such as inviting a new user at the same time as giving them a role in your org or space).
+
+For now, both dashboards are live; we'll be retiring the original about a month from now. If you've got thoughts to share, [let us know]({{ site.baseurl }}/help). We especially want you to tell us if you rely on something in the current dashboard that you can’t find in the new dashboard!
+
+### Updated password rotation policy
+
+Following the revised [NIST Digital Identity Guidelines](https://pages.nist.gov/800-63-3/sp800-63b.html) and the corresponding [FedRAMP Digital Identity Requirements](https://www.fedramp.gov/assets/resources/documents/CSP_Digital_Identity_Requirements.pdf), we’ve improved our password security policies.
+
+* If you log into cloud.gov using a cloud.gov user account (not using agency single sign-on at EPA, FDIC, GSA, or NSF), it no longer requires you to change your password every 90 days.
+
+* If you use [service accounts]({{ site.baseurl }}/docs/services/cloud-gov-service-account/) for automating application deployment or event-auditing, those automatically-generated credentials no longer expire after 90 days.
+
+To meet NIST and FedRAMP requirements, we’ve also added new security controls when you create or change a cloud.gov account password. cloud.gov prevents you from creating easily-compromised passwords by automatically checking against common weak passwords.
+
+### Internal routing
+
+In the past, every application route (address) that you created for a cloud.gov application was automatically an address accessible over the internet, so if you wanted to have a route for an internal application, you needed to put in careful attention to what was accessible over that route (including thinking about authentication and authorization for that application).
+
+Now, you can use **apps.internal** as a route for anything that shouldn't be public (or shouldn't be public yet). That'll make your app internal automatically. You use an allow list to decide which other applications should be able to talk to your internal application. For more details, see [Internal Routes in the Cloud Foundry documentation](https://docs.cloudfoundry.org/devguide/deploy-apps/routes-domains.html#internal-routes) and [this Cloud Foundry blog post](https://www.cloudfoundry.org/blog/polyglot-service-discovery-container-networking-cloud-foundry/).
+
+### Polyglot service discovery
+
+Along with internal routing, cloud.gov now also offers polyglot service discovery. You can use DNS from within your applications to refer to instances of that application. That means you can have different instances of the app act as leader and follower nodes rather than just scaling naively, which enables clustered applications.
+
+You can also use these routes across language stacks — because it's DNS-based, it's not tied to a particular language library. See [this Cloud Foundry blog post](https://www.cloudfoundry.org/blog/polyglot-service-discovery-container-networking-cloud-foundry/) for details.
+
+
+### Coming soon
+
+#### VPN backhaul to other networks
+
+If you have applications on cloud.gov and you want them to be able to interact with other applications over a VPN connection — in your data center, in an IaaS, with your hosting provider, anywhere — [we’re working on making this available to you]({{ site.baseurl }}/docs/apps/private-egress). We're able to dedicate a specific area for these types of applications, along with a VPN backhaul that enables direct connections to the applications you have on other networks.
+
+Having this in place will make it easier to migrate applications from legacy infrastructure to the cloud. If your services are nested together and you can't move everything at once, you’ll be able to migrate one application at a time without interrupting service or exposing information to the open internet.
+
+We’re working through FedRAMP testing and approval for this feature so it isn’t available yet, but if you're interested in learning more and setting this up in the future, [send us an email](mailto:inquiries@cloud.gov). We can set up a call with you and your agency network security team to preview how it will work, so that your agency can get on board when this is ready.
+
+### Updates and upgrades
+
+* [logs.fr.cloud.gov](https://logs.fr.cloud.gov) has been upgraded to [Elasticsearch/Kibana 6.x](https://www.elastic.co/guide/en/kibana/current/release-notes.html)
+* Our network architecture has been improved, and our outgoing internet traffic capacity has increased 75x
+* We have a new [S3 plan for sandboxes]({{ site.baseurl }}/updates/2018-10-22-s3-sandbox-plan) that automatically clears your S3 contents whenever your sandbox is cleared
+* We offer a [custom domain service]({{ site.baseurl }}/updates/2018-05-21-new-custom-domain-service) that doesn't use CloudFront, since CloudFront is currently outside the AWS FedRAMP P-ATO boundary
+
+Thanks for using cloud.gov. If there's more we can do to make your work easier, [let us know]({{ site.baseurl }}/help).  
diff --git a/content/news/articles/2019-02-26-quarterly-update.md b/content/news/articles/2019-02-26-quarterly-update.md
new file mode 100644
index 0000000..792efd7
--- /dev/null
+++ b/content/news/articles/2019-02-26-quarterly-update.md
@@ -0,0 +1,83 @@
+---
+layout: layouts/post
+tags: news
+date: 2019-02-26
+title: "Quarterly update - An OS upgrade, cross-IaaS services, R Shiny apps, and more!" 
+redirect_from:
+  - /updates/2019-02-26-quarterly-update/
+---
+
+**An OS upgrade, cross-IaaS services, R Shiny apps, and more!**
+
+It’s a new year, and we’ve got a pile of changes and highlights to tell you about since we last checked in.
+
+**Announcements**
+
+#### **Ubuntu 18.04 is coming and 14.04 is going: Test your apps now!**
+
+The base OS image used by your cloud.gov applications is called a "stack". The stack we’ve provided to date is called `cflinuxfs2`, and it’s based on Ubuntu 14.04 LTS, [released originally in early 2014](https://www.ubuntu.com/about/release-cycle) with continuous security updates since then. `cflinuxfs3` is a new OS image based on Ubuntu 18.04 LTS, and it’s already available for your use. **We’ll be making `cflinuxfs3` the default stack in cloud.gov on March 15th**. In addition, Ubuntu 14.04 will no longer receive security updates in April, so **we will stop supporting `cflinuxfs2` in cloud.gov April 30th.**
+
+**What this means to you:** Most cloud.gov customers deploy their applications using buildpacks, and their apps don’t have any dependency on the particular OS version that runs them. If that describes you, this upgrade will probably be a miraculous non-event… You can request the new stack at your next `cf push` or `cf restage` and carry on as you always have. 
+
+However, there may be exceptions! For example, you may have used the apt-buildpack to ensure that a particular library or utility is installed when your app is deployed. In that case, you might run into problems if the location or name of that dependency has changed between Ubuntu 14.04 and Ubuntu 18.04.
+
+**What you should do:** You should try out the new `cflinuxfs3` stack before we make it the default on March 15th. Check out [the Cloud Foundry stack docs](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html) to see how. If you find problems, you can continue using the deprecated `cflinuxfs2` stack until you’ve resolved any issues and are ready to transition your apps. However, this is only a temporary solution because `cflinuxfs2` will be removed as an option at the end of April. Plan to make the switch soon so you’re not up against the deadline! 
+
+**Timeline**
+
+| When | What|
+|----|----|
+| **Now - March 15th**  | Test your apps using `cflinuxfs3` |
+| **March 15th - April 29th** |  Explicitly opt to use `cflinuxfs2` if you need more time |
+| **April 30th onward** | Only `cflinuxfs3` will be available |
+
+If you have any questions or concerns, please [contact support](mailto:support@cloud.gov) so we can help you out.
+
+### Connect your cloud.gov apps to other apps securely through a VPN
+
+Last October, we announced our team was working on a way for all of your cloud.gov applications to interact securely with your external applications through a VPN. This capability can make it easier to migrate applications from legacy infrastructure to cloud.gov, one application at a time. Good news: The FedRAMP assessment of this feature is wrapping up, and we’ll soon be ready to configure this capability for customers who need it.
+
+Contact us if you’d like this to use this feature and we’ll work with the appropriate security and procurement team in your organization to get you set up. For more detail on how this will work, as well as benefits of adding this to your system, check out [our docs]({{ site.baseurl }}/docs/apps/private-egress). 
+
+### The 2019 North America Cloud Foundry Summit: See you there!
+
+Cloud.gov wouldn’t be possible without the robust collaboration in the bustling ecosystem around Cloud Foundry, and registration is open for the next North America Cloud Foundry Summit! The dates are April 2-4th, and it will be taking place in Philadelphia. The summit is a great place for anyone who uses cloud.gov to get training, share patterns, understand what features are in the CF pipeline, and finally to connect with the cloud.gov team! We are planning on attending, and would love to meet new faces and reconnect with others. [Learn more about the Summit](https://www.cloudfoundry.org/event/nasummit2019/) and let us know if you’d like to meet there!  
+
+## New additions
+
+### Extend your cloud.gov app across CSPs using your existing access
+
+Can you imagine your team automatically provisioning a [Big Query](https://cloud.google.com/bigquery/) instance in Google Cloud Platform (GCP) a [Service Bus](https://azure.microsoft.com/en-us/services/service-bus/) instance in Microsoft Azure, and a [Kinesis](https://aws.amazon.com/kinesis/) instance in Amazon Web Services (AWS) East, then using those instances in your cloud.gov app (running in AWS GovCloud)? 
+
+If your agency or organization has your own access to AWS, GCP, or Azure, you can use existing cloud.gov extension points to make additional services accessible to your cloud.gov teams. We’ve published [a tutorial](https://github.com/18F/cf-byo-broker) to help you understand how these brokers work and walk you through deploying and using the GCP broker, and we’ll be extending this tutorial with instructions for additional brokers in the future. Read more about [how to extend the cloud.gov service marketplace]({{ site.baseurl }}/docs/services/intro#extending-the-marketplace).
+
+### Deploy your R data analytics applications on cloud.gov
+
+There’s no denying the deep and abiding love that data analytics folks have for [R](https://www.r-project.org/about.html) and [Shiny](https://shiny.rstudio.com/). If you’ve ever browsed through an interactive presentation by the New York Times, [you’ve probably experienced this powerful, free, open source combination](https://blog.revolutionanalytics.com/2011/03/how-the-new-york-times-uses-r-for-data-visualization.html). For those late to the party: R is a programming language for statistical computing and graphics, while Shiny helps turn R analyses into interactive web applications without requiring HTML, CSS, or JavaScript knowledge. A free, open source desktop IDE called [RStudio](https://www.rstudio.com/) aimed at data scientists facilitates developing apps using R and Shiny.
+
+Many customers have told us they want to deploy apps built using R and Shiny on cloud.gov, and now it’s possible! Check out the [new R buildpack](https://docs.cloudfoundry.org/buildpacks/r/index.html). We’ve also published [a demonstration](https://github.com/18f/cf-rshiny-demo) showing how to run the the movie explorer application from the official [Shiny examples](https://github.com/rstudio/shiny-examples), pictured below.
+
+!["R Shiny movie explorer application screenshot"]({{site.baseurl}}/img/"r-shiny-demo.png"){:style="border:1px solid grey;"}
+
+### Build edge-facing web engineering apps using the NGINX buildpack
+
+You can easily develop and deploy custom proxies or other front-ends for your applications using a new dedicated [NGINX buildpack](https://docs.cloudfoundry.org/buildpacks/nginx/index.html). You can also configure the buildpack to use [OpenResty](https://openresty.org/en/) for additional flexibility and extensibility. Writing apps with this buildpack makes it easy to decouple security concerns from other app logic, particularly when you use internal routing and [service discovery](https://docs.cloudfoundry.org/devguide/deploy-apps/cf-networking.html#discovery).
+
+The new buildpack replaces the existing [Staticfile buildpack](https://docs.cloudfoundry.org/buildpacks/staticfile/index.html) for many applications, and includes forward-compatibility for customizing the nginx.conf file. (Forward compatibility was was never guaranteed for the Staticfile buildpack.) cloud.gov will select the NGINX buildpack instead of the existing Staticfile buildpack whenever your application includes an nginx.conf file.
+
+### Log-cache delivers greater visibility and enables better integration
+
+Using a new CLI plugin, you can now mine a greater range of logs and metrics thanks to a new addition to the platform called "log-cache"; [here’s how](https://github.com/cloudfoundry/log-cache-cli). In addition, the log-cache API accepts queries based on the Prometheus Query Language, [PromQL](https://prometheus.io/docs/prometheus/latest/querying/basics/). This compatible API makes log-cache an ideal foundation for building additional tooling such as monitoring or alerting. For example, you can use log-cache to easily extract data from cloud.gov for incorporation into your own visualizations and alerts.
+
+### Ensure you have the latest CLI client!
+
+While you’re checking out that new log-cache plugin, now would be a good time to make sure you’ve installed the latest version of the Cloud Foundry CLI, version 6.43.0. While the CLI is generally compatible with updates to cloud.gov, you’ll only get some features and bugfixes if you [keep your CLI up to date]({{ site.baseurl }}/docs/getting-started/setup/#set-up-the-command-line). For example, the most recent CLI version hides your credentials when running with the verbose flag, so it's easier to copy-and-paste transcripts to other people securely. The previous version added the ability to manage [space-to-space networking policies](https://github.com/cloudfoundry/cli/releases/tag/v6.42.0), a capability only previously available by working directly with the Cloud Foundry API.
+
+## We want to hear from you!
+
+### It’s _almost_ official! New web dashboard coming soon
+
+In October, we gave you a glimpse into our new [web dashboard](https://dashboard-beta.fr.cloud.gov/login). Like the existing dashboard, the new dashboard gives you web-based access to an overview of your applications and a way to perform common tasks, but it also brings many more command-line tasks to the web. For example, you can deploy an app directly from a web-hosted Git repository, and SSH into an application instance via the browser.
+
+While we are preparing to finalize the new dashboard, we’re still collecting feedback and want to know your thoughts. [Let us know](mailto:support@cloud.gov) if we are missing any specific workflows, what’s confusing, or what other visualization should be included! 
+
diff --git a/content/news/articles/2019-05-13-cflinuxfs2-final-warning.md b/content/news/articles/2019-05-13-cflinuxfs2-final-warning.md
new file mode 100644
index 0000000..52c8cb1
--- /dev/null
+++ b/content/news/articles/2019-05-13-cflinuxfs2-final-warning.md
@@ -0,0 +1,42 @@
+---
+layout: layouts/post
+tags: news
+date: 2019-05-13
+title: "Final warning: cflinuxfs2 will be removed May 21st" 
+redirect_from:
+  - /updates/2019-05-13-cflinuxfs2-final-warning/
+---
+
+**Background:** [We announced on February 26]({{ site.baseurl }}/updates/2019-02-26-quarterly-update/) that cloud.gov would remove support for the cflinuxfs2 stack (the operating system image for applications). This was the default stack for cloud.gov applications deployed before April 15. On April 15 we set the default stack for new applications to cflinuxfs3.
+
+**The change we’re making:** We will disable support for the outdated cflinuxfs2 stack on Tuesday May 21. Before we make the change, we will set any application still using the cflinuxfs2 stack to use cflinuxfs3, then restage it. There’s a risk that these applications will have a compatibility problem with cflinuxfs3 that prevents them from restaging, starting, and operating correctly, which would cause downtime until the application owner updates it.
+
+**Why you may need to take action:**
+We have noted some customer applications are still using the cflinuxfs2 stack.
+
+Without action, these applications will be subject to risk of extended downtime if they have an unforeseen compatibility problem with cflinuxfs3. In that case, the application would remain down until the application owner makes an update. 
+
+**How to tell if your applications are affected**
+
+Here are three ways to inspect your applications to see if they're running cflinuxfs2:
+
+1. You can inspect each app individually using the CF CLI by running `cf app YOUR-APPNAME-HERE` and looking for the `stack:` line in the output.
+1. You can inspect the apps individually using the [beta cloud.gov dashboard](https://dashboard-beta.fr.cloud.gov/applications) and looking for the `Build info:` line in the application details.
+1. You can inspect all your apps at once by installing the [`stack-auditor` CLI plugin](https://github.com/cloudfoundry/stack-auditor) and running `cf audit-stack`.
+
+We are also explicitly emailing people with administrative control over applications that are still using cflinuxfs2.
+
+**What you should do to prevent downtime:** You should set the stack for these applications to cflinuxfs3 yourself, then redeploy them using your normal process (for example, checking the change in a staging environment before making the same change in your production environment). This will remove the risk of your apps being unavailable after we remove cflinuxfs2.
+
+**How to change the stack:**
+If you use a manifest for deployment, edit your application manifest to [set the `stack:`](https://docs.cloudfoundry.org/devguide/deploy-apps/manifest-attributes.html#stack) to cflinuxfs3. For example:
+```shell
+stack: cflinuxfs3
+```
+If you don’t use a manifest for deployment, add the `-s` command-line parameter to the push command in your deployment script. For example:
+```shell
+cf push YOUR-APPNAME-HERE -s cflinuxfs3
+```
+In either case: after making that update, redeploy the app.
+
+Please email [support@cloud.gov](mailto:support@cloud.gov) if you have questions or need help with this process. We’re happy to help.
diff --git a/content/news/articles/2019-07-12-VPN-backhaul-drupal-8-and-new-team-members.md b/content/news/articles/2019-07-12-VPN-backhaul-drupal-8-and-new-team-members.md
new file mode 100644
index 0000000..52be2a6
--- /dev/null
+++ b/content/news/articles/2019-07-12-VPN-backhaul-drupal-8-and-new-team-members.md
@@ -0,0 +1,89 @@
+---
+layout: layouts/post
+tags: news
+date: 2019-07-12
+title: "VPN backhaul, Drupal 8 example, and new team members" 
+redirect_from:
+  - /updates/2019-07-12-VPN-backhaul-drupal-8-and-new-team-members/
+---
+
+Curious what’s new that you might find helpful as a cloud.gov user? Here are highlights from our recent changes.
+
+## Announcements
+
+
+*Update*: Due to changes in customer needs, private network rollout was halted.
+
+
+### 2019 FedRAMP annual assessment completed, cloud.gov granted re-authorization
+
+Every year, to maintain [our FedRAMP Authorization]({{ site.baseurl }}/overview/security/fedramp-tracker/), cloud.gov goes through a robust security compliance audit to ensure our security measures are up to date with current federal standards. This enables our customer systems to inherit a significant amount of compliance from the cloud.gov platform, supporting faster ATOs and less work for their teams.
+
+Our team has successfully completed this year’s re-authorization. Current and prospective customers can view our audit materials in the FedRAMP document repository on MAX.gov by [requesting access from FedRAMP]({{ site.baseurl }}/overview/security/fedramp-tracker/#start-the-ato-process).
+
+## New additions
+
+
+### Try an experimental feature for no-downtime deployments
+
+It’s often a challenge to build a process for deploying new versions of your applications with zero downtime, without needing to double your memory usage. The [latest version of the Cloud Foundry command-line interface (CLI)](https://github.com/cloudfoundry/cli/releases) includes new beta commands to push apps using [rolling deployment](https://docs.cloudfoundry.org/devguide/deploy-apps/rolling-deploy.html). This makes it much easier to implement [blue-green deployment patterns](https://docs.cloudfoundry.org/devguide/deploy-apps/blue-green.html) without doubling your memory quota. (For example, this can replace the unmaintained [autopilot plugin](https://github.com/contraband/autopilot).) Install [the CF CLI update](https://github.com/cloudfoundry/cli/releases), try it out, and let us know if you have any questions!
+
+### Functions support for MySQL databases
+
+If you need to set up a MySQL schema that includes functions, procedures, and triggers, you can now create new databases that have that feature enabled. [To do this, see the “Options” documentation for RDS databases.]({{ site.baseurl }}/docs/services/relational-database/#options) This allows you to build a wider range of applications on cloud.gov.
+
+### Improved instructions for running Drupal 8 for managing content
+
+A lot of government teams run Drupal for content management for their websites, including the [Drupal 8](https://www.drupal.org/8) version. With some modifications, Drupal runs well on cloud.gov. We’ve improved our [instructions and sample code](https://github.com/18F/cf-ex-drupal8) showing how to run Drupal in cloud.gov with best practices including configuration-as-code and continuous deployment principles. 
+
+### Automatically label your applications with version control information
+
+Do you want to track which version of your code is running in each of your deployed applications? You can now use the cloud.gov API to automatically label your applications and other resources with your choice of metadata, such as the relevant git commit hash (SHA). For instructions, see [this guide to resource labeling](https://www.cloudfoundry.org/blog/labeling-cloud-foundry-api-resources-with-a-git-sha/).
+
+## Updated
+
+We encourage staying up to date with the latest Cloud Foundry Command-Line Interface (CLI) versions. The latest version is v6.46.0. [You can download the CF CLI update here.](https://github.com/cloudfoundry/cli/releases)
+
+We routinely update the operating system underneath your applications to ensure your applications are using the latest patched versions. For example, there was a high-severity Ubuntu Linux security vulnerability nicknamed [SACKPanic](https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic) that was announced on June 18, and we mitigated it by the evening of June 19.
+
+## Removed
+
+### Removed: CNAME ALIAS method for verifying DNS ownership
+
+When using the [CDN service]({{ site.baseurl }}/docs/services/cdn-route/) to set up a custom domain name for an application, cloud.gov now only offers certificate provisioning via DNS challenges. We stopped supporting the CNAME ALIAS method. See the [updated steps for setting up DNS]({{ site.baseurl }}/docs/services/cdn-route/#how-to-set-up-dns).
+
+### Removed: Experimental NFS (Network File System) volume service
+
+We are no longer offering our experimental Network File System (NFS) volume service. We are still intending to offer a persistent filesystem option in the future.
+
+## New faces in the cloud.gov team
+
+We are excited to announce new people joining cloud.gov. Please welcome our newest members of the cloud.gov team!
+
+### Eddie Tejeda, cloud.gov Director
+
+Eddie has fifteen years of experience building technology products for civic institutions. At 18F, he worked on a range of topics, including security training, open data, and served as the Director of [Pages (formerly Federalist)](https://cloud.gov/pages/). Before joining 18F, he co-founded Civic Insight (acquired in 2015), a data platform used by residents across the country to search and visualize building permits, planning and code enforcement data. 
+
+In 2012, he served as a Code for America Fellow and worked with the city of New Orleans to help residents track the progress of vacant and abandoned homes. He also worked with Cornell University and the Department of Transportation (DOT) to develop Regulation Room, a commenting platform used to increase public participation in the regulatory process. Eddie is engaged in his local community and co-founded OpenOakland, a non-profit that promotes civic engagement, and served as Vice Chair in the City of Oakland's Public Ethics Commission.
+
+### Hillary Jeffrey, cloud.gov Cloud Operations Site Reliability Engineer
+
+Hillary is an electrical engineer who has spent her career in software and firmware development from assembly to Python (and languages in between). She has previously worked for the US Navy, the Consumer Financial Protection Bureau (CFPB), and now brings her systems engineering and maintainability-focused background to cloud.gov. She is an avid gardener and is currently a lapsed beekeeper in northeast North Carolina.
+
+### Alex Smith, cloud.gov Compliance and Security Lead
+
+Born and raised in Prince Georges County, MD, Alex has a combined Computer Science and Cyber Law background, spending his federal career as a technology architect with NSA, DISA/DOD, and most recently US Marshals where he led the Mobile Devices and Interconnecting Services within the Information Technology Division. He wrote the technical specifications and led the deployment of Project Shield (mentioned [in this public article](https://www.fedscoop.com/marshalling-agile-development-improve-customer-service-u-s-marshals-service/)).
+
+### Jessyka Castillo, cloud.gov Agency Partnerships
+
+Jessyka grew up in Miami, Florida. She went to Florida International University undergrad (Go Panthers!) for Communications and The George Washington University graduate school (Go Colonials!) for Systems Engineering & Management with a concentration in public-private partnerships. Prior to joining TTS, she spent some time in New York City working as a public relations and marketing professional, working for a multicultural marketing agency representing Procter & Gamble clients, managing strategic communication plans for fortune 500 companies, and contributing successful consumer focused product development marketing campaigns for multi-million dollar projects. 
+
+Most recently, she contributed her area of expertise to the public sector, working for HHS on Michelle Obama’s *Let’s Move* campaign and also serving as the Interim Director for The George Washington University’s Upward Bound Program, federally sponsored by the Department of Education. As of September 2017, Jessyka joined GSA’s Emerging Leaders Program (ELP), as a rotational Program Analyst where she gained experience in the fields of innovation and incubator technology, systems and framework engineering, finance, contracting and acquisitions, as well as strategic public-private partnerships as a GSA ELPer. After 6 rotations throughout GSA, she is more than confident that 18F is home for her.
+
+### Ron Williams, cloud.gov Operations Site Reliability Engineer
+
+Ron joins us from the U.S. Department of Agriculture where he was the Director of IT for Communications working on USDA.gov, ChooseMyPlate.gov, and many other public-facing websites. As an open-source advocate, Ron focuses on deploying disruptive technologies within public sector institutions to improve services provided to the general public. Prior to government, Ron architected and developed the Drupal Platform at the University of Colorado Boulder for Housing & Dining Services.
+
+### Mike Lloyd, cloud.gov Platform Operations
+
+Mike is a United States Marine and was recently at Pivotal, where he owned the technical business relationship between Microsoft and Pivotal. He comes from a multinational and multilingual family and is a proud member/supporter of the LGBT community as he generally falls under the B side of things. Currently he’s in Boulder CO, down the street from NIST, NOAA, and NCAR.
diff --git a/content/news/articles/2019-08-26-changes-to-cloud-gov-services-and-prices.md b/content/news/articles/2019-08-26-changes-to-cloud-gov-services-and-prices.md
new file mode 100644
index 0000000..43a2ee5
--- /dev/null
+++ b/content/news/articles/2019-08-26-changes-to-cloud-gov-services-and-prices.md
@@ -0,0 +1,47 @@
+---
+layout: layouts/post
+tags: news
+date: 2019-08-26
+title: "Changes to cloud.gov services and prices" 
+excerpt: Cloud.gov’s funding source (the Acquisition Services Fund) requires us to review our expenditures and adjust rates to cover the cost of running the service. Starting on October 1, 2019, new interagency agreements (including renewals) will use the following prices. Agreements already in place will not change, and any modification or amendment to an existing agreement in FY20 will retain the original rate until FY21.
+redirect_from:
+  - /updates/2019-08-26-changes-to-cloud-gov-services-and-prices/
+---
+
+
+## Summary
+
+Cloud.gov’s funding source (the Acquisition Services Fund) requires us to review our expenditures and adjust rates to cover the cost of running the service. Starting on October 1, 2019, new interagency agreements (including renewals) will use the following prices. Agreements already in place will not change, and any modification or amendment to an existing agreement in FY20 will retain the original rate until FY21.
+
+## Access fees
+
+Plan  | Previous monthly price | New monthly price  |
+--------- | ----------- | -----
+`Prototyping` | $1,250.00/month |  $1,550.00/month |
+`FISMA Low` | $1,666.67/month |  $2,070.00/month | 
+`FISMA Moderate` | $7,500.00/month |  $9,300.00/month |
+
+
+## Memory quota cost
+
+Resource  | Previous monthly price | New monthly price  |
+--------- | ----------- | -----
+`Memory` | Approximately $105 per gigabyte/month |  $130 per gigabyte/month |
+
+
+## Additional details
+
+- To simplify billing, we will calculate memory costs monthly instead of daily. We will prorate the billing for modifications in the middle of the month, such as memory quota changes or agreements that start in the middle of the month.
+
+- RDS, S3, Elasticsearch, and Redis will now run on “high-availability” servers, providing you with additional stability and redundancy.
+
+- Previously, cloud.gov provided RDS, S3, Elasticsearch, and Redis at no additional cost for a “limited time.” We will continue to provide these services at no additional cost as long as your memory quota remains below the following limits. 
+
+| | Previous storage cap | New storage cap | Additional Storage |
+| --------- |----------------------| ----- | ----- |
+| `RDS` | unspecified          |  1 TB | $300 per terabyte/month |
+| `S3` | unspecified          |  5 TB | $100 per terabyte/month |
+| `Redis` | 10 GB                |  10 GB | $100 per gigabyte/month |
+| `ElasticSearch` | 10 GB                | 10 GB |  $100 per gigabyte/month |
+
+If you have questions or want a customized cost projection for your agreement, email us at [inquiries@cloud.gov](mailto:inquiries@cloud.gov) and we’ll be happy to help.
diff --git a/content/news/articles/2019-09-06-deprecation-policy.md b/content/news/articles/2019-09-06-deprecation-policy.md
new file mode 100644
index 0000000..8a756ff
--- /dev/null
+++ b/content/news/articles/2019-09-06-deprecation-policy.md
@@ -0,0 +1,31 @@
+---
+layout: layouts/post
+tags: news
+date: 2019-09-16
+title: "For Humans and Agencies: The cloud.gov Deprecation Policy" 
+redirect_from:
+  - /updates/2019-09-06-deprecation-policy/
+---
+
+We want to talk about two crucial aspects of being a cloud provider: consistency and predictability. Consistency is the ability to do something the same way every time, and predictability means that you can count on it happening. When it comes to communicating changes about our platform, we believe we have been neither consistent nor predictable, and we'd like to talk about how we intend to change that.
+
+
+As our first step, we are publishing a deprecation policy that outlines the steps we will take when we make important changes to the platform. You read it [here]({{ site.baseurl }}/docs/technology/responsibilities/#deprecation-policy). We recommend you take the time to read the specifics and understand how it impacts your business.
+
+## Consistency & Predictability
+
+Over the years, as technologies have evolved, changed, and become obsolete, we've had to deprecate and remove several components from cloud.gov. Instead of following a set process for handling deprecation, we took a _what do we do this time?_ approach. That led to inconsistent rollouts and confusion.
+
+It's time that we do better.
+
+Regardless of what we change we make, we want to make sure that we are consistent in our communication, especially with timelines and support. That should help make transitions easier and let your team prepare for future changes. 
+
+Technologies will inevitably change, and that is why we want to provide transparency into our approach to deprecation as well. We understand that it's fellow humans that depend on cloud.gov's consistency to run their applications. With the consistency, we want to make sure we provide your team predictability you can count on.
+
+## We're Here for You
+
+We are committed to improving the user experience of government. If you have questions, please don't hesitate to reach out at [support@cloud.gov](mailto:support@cloud.gov). 
+
+With regards,
+
+The humans of cloud.gov
diff --git a/content/news/articles/2019-09-25-v12-is-here.md b/content/news/articles/2019-09-25-v12-is-here.md
new file mode 100644
index 0000000..6c04846
--- /dev/null
+++ b/content/news/articles/2019-09-25-v12-is-here.md
@@ -0,0 +1,137 @@
+---
+layout: layouts/post
+tags: news
+date: 2019-09-25
+title: "v12 Is Here" 
+excerpt: "In Q3 of FY2019, In the last quarter, we've deployed the platform **about 150 times**. Most of these fixes were patches, security updates, and configuration changes. This month, there was a major release of the cf-deployment: v12.0.0. We've integrated this release into our deployment, applied our normal changes to it, tested it, and deployed it."
+redirect_from:
+  - /updates/2019-09-25-v12-is-here/
+---
+
+The end of the quarter brings a lot of new updates to cloud.gov!
+
+As part of our commitment to communicating better, we feel it's time to start highlighting some of what we do. cloud.gov runs entirely on open-source software, primarily from the [Cloud Foundry open-source ecosystem](https://www.cloudfoundry.org/).
+
+The Cloud Foundry ecosystem publishes what is known as [`cf-deployment`](https://github.com/cloudfoundry/cf-deployment), a canonical reference for how to deploy the Cloud Foundry platform. cloud.gov then applies government-specific security policies and procedures and deploys it, continuously. In the last quarter, we've deployed the platform **about 150 times**. Most of these fixes were patches, security updates, and configuration changes.
+
+This month, there was a major release of the cf-deployment: v12.0.0. We've integrated this release into our deployment, applied our normal changes to it, tested it, and deployed it. As of this writing, v12.0.0 is available to customers. While many changes we highlight are aimed at improving availability, there were also 50 CVEs (Common Vulnerabilities and Exposures) patched, so this update is worth discussing.
+
+You'll find a human-friendly description of each major change and information on how they are  relevant.
+
+## Identity
+
+There were some discreet features designed for operators, but there were two high-scored security patches fixed. Customers are no longer vulnerable to these CVEs when authenticating with the platform.
+
+* [CVE-2019-11279](https://nvd.nist.gov/vuln/detail/CVE-2019-11279)
+* [CVE-2019-11278](https://nvd.nist.gov/vuln/detail/CVE-2019-11278)
+
+## Buildpacks
+
+### Java Buildpack
+
+This release bumps the Java buildpack from v4.20 to v4.21.
+
+* Metric Writer Augments with Cloud Foundry-specific dimensions (via [many people](https://github.com/cloudfoundry/java-buildpack/issues/644))
+* Update Introscope Agent Version (via [Dhruv Mevada](https://github.com/cloudfoundry/java-buildpack/pull/739))
+* Shade Auto-reconfiguration Jackson Dependency (via [@Agraham21](https://github.com/cloudfoundry/java-buildpack-auto-reconfiguration/issues/69) and [@pborbas](https://github.com/cloudfoundry/java-buildpack/issues/742))
+
+## Containers
+
+This section highlights a component called Diego, which is the underpinning container-orchestration technology of cloud.gov. Although most of these fixes are not customer-facing, they are important to the health and stability of the cloud.gov platform. For the interested, feel free to do a [deep dive into the container orchestrator](https://github.com/cloudfoundry/diego-design-notes).
+
+### Component Coordination
+
+On startup, with TCP routing enabled, the route-emitter, which notifies the routing API about application domains, attempts to talk to UAA, the identity component, to grab a key for the configured client. This communication must happen for the route-emitter server to become healthy and be able to talk to the routing API.
+
+There is a scenario where the route-emitter fails to start up because the platform's internal DNS server is temporarily unavailable and a secondary DNS server takes an extended amount of time to fulfill a DNS probe. The route-emitter attempts to talk to UAA, is unable to resolve the address (and this takes a long time), fails to start, failing the container host VM's deployment.
+
+This version deploys a new release of the internal UAA client, which allows for configurable DNS timeouts, preventing this problem from occurring anymore.
+
+### Compute Host Capacity Reporting
+
+There are multiple factors which could contribute to apps failing due to out-of-disk errors when they have been placed on a compute host successfully (and therefore should theoretically have enough reserved disk space). We can take a step toward mitigating the incidence rate of these failures by assuring Garden, the container runtime, subtracts the currently included "Reserved Space For Other Jobs in Mb" value from its available disk calculation so as not to give the scheduling representative the impression it has more disk space to use than it actually does in practice.
+
+In v12, the container runtime added a new field to the metric which separates local disk space from schedulable disk space for the container orchestrator.
+
+### Local Route Emitters
+
+The Cloud Foundry ecosystem has an internal goal of TLSEverywhere. This release adds mutual TLS communication between the route-emitter and the routing API to prevent Man-In-The-Middle attacks. This increases the cloud.gov's security stance and allows us to regenerate certificates on-the-fly, should there be a need.
+
+### Removing Unused Volume Support
+
+The cloud.gov team deprecated our experimental NFS support for the platform due to security concerns and the pending removal of functionality from Cloud Foundry. This release removes the last remaining available NFS functionality.
+
+### App Logging and Metrics
+
+From previous investigations, it appears that when CPU usage is high enough on the compute host VM and measurements are frequent enough, the time skew between the scheduling representative's measurement time and the container runtime's measurement time can be significant enough to cause the scheduling representative to compute CPU metrics that are impossibly high (more than N * 100%, where N is the number of CPU cores on the VM). This was tested in a lab by the Cloud Foundry team, and resulted in a 4-core VM with 1000% CPU usage, where is shouldn't be higher than 800% with hyper-threading.
+
+Now that later versions of the container runtime report a server-side age in the container-metric payload for each Garden container, the scheduling representative can use this more accurate measurement time to compute its CPU-usage difference quotient.
+
+### Component Logging and Metrics
+
+There were two core improvements, mostly around metrics, on the operations side, which are fine grained metrics we can use to troubleshoot the system, if needed.
+
+* Fixed a bug where a multiple instance task with a value of 0 is scheduled.
+* Exported scheduling metrics for easier dashboard visualization.
+
+## cflinuxfs3
+
+cflinuxfs3 is the base container filesystem all apps on cloud.gov run on top of. The new release of this root filesystem includes a combined 48 CVEs!
+
+* CVEs Patched
+  * [CVE-2018-19985](https://ubuntu.com/security/CVE-2018-19985)
+  * [CVE-2018-20784](https://ubuntu.com/security/CVE-2018-20784)
+  * [CVE-2019-0136](https://ubuntu.com/security/CVE-2019-0136)
+  * [CVE-2019-10207](https://ubuntu.com/security/CVE-2019-10207)
+  * [CVE-2019-10638](https://ubuntu.com/security/CVE-2019-10638)
+  * [CVE-2019-10639](https://ubuntu.com/security/CVE-2019-10639)
+  * [CVE-2019-11487](https://ubuntu.com/security/CVE-2019-11487)
+  * [CVE-2019-11599](https://ubuntu.com/security/CVE-2019-11599)
+  * [CVE-2019-11810](https://ubuntu.com/security/CVE-2019-11810)
+  * [CVE-2019-13631](https://ubuntu.com/security/CVE-2019-13631)
+  * [CVE-2019-13648](https://ubuntu.com/security/CVE-2019-13648)
+  * [CVE-2019-14283](https://ubuntu.com/security/CVE-2019-14283)
+  * [CVE-2019-14284](https://ubuntu.com/security/CVE-2019-14284)
+  * [CVE-2019-14763](https://ubuntu.com/security/CVE-2019-14763)
+  * [CVE-2019-15090](https://ubuntu.com/security/CVE-2019-15090)
+  * [CVE-2019-15211](https://ubuntu.com/security/CVE-2019-15211)
+  * [CVE-2019-15212](https://ubuntu.com/security/CVE-2019-15212)
+  * [CVE-2019-15214](https://ubuntu.com/security/CVE-2019-15214)
+  * [CVE-2019-15215](https://ubuntu.com/security/CVE-2019-15215)
+  * [CVE-2019-15216](https://ubuntu.com/security/CVE-2019-15216)
+  * [CVE-2019-15218](https://ubuntu.com/security/CVE-2019-15218)
+  * [CVE-2019-15220](https://ubuntu.com/security/CVE-2019-15220)
+  * [CVE-2019-15221](https://ubuntu.com/security/CVE-2019-15221)
+  * [CVE-2019-15292](https://ubuntu.com/security/CVE-2019-15292)
+  * [CVE-2019-3701](https://ubuntu.com/security/CVE-2019-3701)
+  * [CVE-2019-3819](https://ubuntu.com/security/CVE-2019-3819)
+  * [CVE-2019-3900](https://ubuntu.com/security/CVE-2019-3900)
+  * [CVE-2019-9506](https://ubuntu.com/security/CVE-2019-9506)
+  * [CVE-2019-10638](https://ubuntu.com/security/CVE-2019-10638)
+  * [CVE-2019-13648](https://ubuntu.com/security/CVE-2019-13648)
+  * [CVE-2019-14283](https://ubuntu.com/security/CVE-2019-14283)
+  * [CVE-2019-14284](https://ubuntu.com/security/CVE-2019-14284)
+  * [CVE-2019-3900](https://ubuntu.com/security/CVE-2019-3900)
+  * [CVE-2019-15718](https://ubuntu.com/security/CVE-2019-15718)
+  * [CVE-2018-20406](https://ubuntu.com/security/CVE-2018-20406)
+  * [CVE-2018-20852](https://ubuntu.com/security/CVE-2018-20852)
+  * [CVE-2019-10160](https://ubuntu.com/security/CVE-2019-10160)
+  * [CVE-2019-5010](https://ubuntu.com/security/CVE-2019-5010)
+  * [CVE-2019-9636](https://ubuntu.com/security/CVE-2019-9636)
+  * [CVE-2019-9740](https://ubuntu.com/security/CVE-2019-9740)
+  * [CVE-2019-9947](https://ubuntu.com/security/CVE-2019-9947)
+  * [CVE-2019-9948](https://ubuntu.com/security/CVE-2019-9948)
+  * [CVE-2019-5481](https://ubuntu.com/security/CVE-2019-5481)
+  * [CVE-2019-5482](https://ubuntu.com/security/CVE-2019-5482)
+  * [CVE-2019-5481](https://ubuntu.com/security/CVE-2019-5481)
+  * [CVE-2019-5482](https://ubuntu.com/security/CVE-2019-5482)
+  * [LP-1842651](https://launchpad.net/bugs/1842651)
+  * [LP-1842447](https://launchpad.net/bugs/1842447)
+
+## Support
+
+We are committed to improving the user experience of government. If you have questions, please don't hesitate to reach out at [support@cloud.gov](mailto:support@cloud.gov). We recommend that you subscribe to service updates at the [cloud.gov StatusPage](https://cloudgov.statuspage.io/).
+
+With regards,
+
+The humans of cloud.gov
diff --git a/content/news/articles/2020-02-27-new-dashboard.md b/content/news/articles/2020-02-27-new-dashboard.md
new file mode 100644
index 0000000..7f3c293
--- /dev/null
+++ b/content/news/articles/2020-02-27-new-dashboard.md
@@ -0,0 +1,23 @@
+---
+layout: layouts/post
+tags: news
+date: 2020-02-27
+title: "Introducing the new cloud.gov dashboard" 
+excerpt: "The new beta dashboard is here, making it easier for you to manage orgs and spaces."
+redirect_from:
+  - /updates/2020-02-27-new-dashboard/
+---
+
+You ask, we deliver! We are excited to introduce our adoption of [Stratos](https://github.com/cloudfoundry/stratos) as the new cloud.gov web-based dashboard.
+
+This is a new face on the same data and lets us improve the way you access your existing information. Our goal is to deliver an improved user experience and make it easier to manage apps, users, orgs, and spaces.
+
+We’ve started the process of deprecating the old dashboard to replace it with the new dashboard. As of today, please use the dashboard at [https://dashboard-beta.fr.cloud.gov/](https://dashboard-beta.fr.cloud.gov/). In the next week or so, we’ll sunset the former dashboard and the new dashboard will be available at both URLs - don’t worry about your bookmarks!
+
+The new dashboard will allow your team to both manage applications running on cloud.gov and perform management tasks like permissions and invitations. This replaces the cloud.gov-maintained dashboard and we’re excited to use and contribute to the community-maintained project.
+
+This dashboard brings many more command-line tasks to the web. For example, you can deploy an app directly from a web-hosted Git repository, and SSH into an application instance via the browser.
+
+We are committed to improving the user experience of government. If you have questions, please don’t hesitate to reach out at [support@cloud.gov](mailto:support@cloud.gov).
+
+We recommend that you subscribe to service updates at the [cloud.gov StatusPage](https://cloudgov.statuspage.io/).
\ No newline at end of file
diff --git a/content/news/articles/2020-04-21-introducing-the-cloud-gov-tech-talk-series.md b/content/news/articles/2020-04-21-introducing-the-cloud-gov-tech-talk-series.md
new file mode 100644
index 0000000..36962d1
--- /dev/null
+++ b/content/news/articles/2020-04-21-introducing-the-cloud-gov-tech-talk-series.md
@@ -0,0 +1,21 @@
+---
+layout: layouts/post
+tags: news
+date: 2020-04-22
+title: "cloud.gov's Tech Talk series"
+excerpt: "On March 31, the cloud.gov team kicked off our Tech Talk series in partnership with Digital.gov University. The series is designed to provide a deeper dialogue on the functionality of cloud.gov while providing guidance on ways to simplify and accelerate development using the platform."
+---
+
+On March 31, the cloud.gov team kicked off our Tech Talk series in partnership with Digital.gov University. The series is designed to provide a deeper dialogue on the functionality of cloud.gov while providing guidance on ways to simplify and accelerate development using the platform.
+
+The first guided demonstration, "[Intro to Cloud Foundry on cloud.gov](https://digital.gov/event/2020/03/31/intro-cloud-foundry-on-cloudgov/)", walks through the basics of using Cloud Foundry, an open source cloud application platform of which cloud.gov is built on. While this session focuses on developer interactions, it is ideal for anyone interested in how cloud.gov technology differs from other platforms and cloud offerings.
+
+The second Tech Talk, "[cloud.gov for Product Managers](https://digital.gov/event/2020/04/22/cloudgov-for-product-managers/)" will take place on April 22. It will answer frequently asked questions about cloud.gov and provide context and guidance for how cloud.gov helps product teams deploy their applications. This webinar is intended for a non-technical audience. Register for the Tech Talk.  
+
+Mark your calendars for upcoming Tech Talks: 
+
+- Wednesday, May 20, 2:00 - 3:00 pm ET - Procuring cloud.gov Services
+- Tuesday, June 16, 2:00 - 3:00 pm ET - Federalist 101
+- Wednesday, July 15, 2:00 - 3:00 pm ET - cloud.gov Under The Hood 
+
+For more information check out the [Digital.gov events page](https://digital.gov/events/).
diff --git a/content/news/articles/2020-04-28-changes-to-cloud-govs-existing-cdn-and-custom-domain-services.md b/content/news/articles/2020-04-28-changes-to-cloud-govs-existing-cdn-and-custom-domain-services.md
new file mode 100644
index 0000000..5f7d213
--- /dev/null
+++ b/content/news/articles/2020-04-28-changes-to-cloud-govs-existing-cdn-and-custom-domain-services.md
@@ -0,0 +1,55 @@
+---
+layout: layouts/post
+tags: news
+title: Changes to cloud.gov’s existing CDN and custom domain services
+date: 2020-04-28
+redirect_from:
+  - /2020/04/28/changes-to-cloud-gov-s-existing-cdn-and-custom-domain-services-1/
+---
+This message is to let you know about upcoming changes to cloud.gov’s CDN and domain services.
+
+**What is happening to the old services?**
+
+Let’s Encrypt, which the cloud.gov custom domain service uses to provision SSL certificates for custom domains, is deprecating their v1 API. If you already have a domain registered, you will not be impacted, but you should still prepare for changes.
+
+**Here are the details:**
+
+cloud.gov’s existing CDN service (provided by the cdn-broker) and the custom-domain service (provided by the domains-broker) will no longer be able to provision *new domains* starting June 1, 2020. All *existing domains* will continue to operate normally.
+
+We are working on a new version of the service that will use the Let’s Encrypt v2 API and anticipate having a new service in place before the existing services retire in June.
+
+We’ve attempted to answer some questions below, but as always, feel free to reach out to us directly at support@cloud.gov.
+
+**What is a service broker?**
+
+Service brokers are a fundamental part of the cloud.gov platform. They allow developers to provision production-grade third-party services though the familiar Cloud Foundry interface. Some brokers, like the custom domain broker, orchestrate multiple services and configure the complex interactions. This saves countless hours of developer time and allows the platform to manage these services on your behalf.
+
+**What are the cdn and domains services used for?**
+
+You can see the cdn and domains services in the [Dashboard](https://dashboard.fr.cloud.gov/), or by running cf marketplace from the command line:
+
+```shell
+$ cf marketplace
+  cdn-route Custom domains, CDN caching, and TLS certificates
+    with automatic renewal cdn-broker
+  custom-domain Custom domains and TLS certificates
+    with automatic renewal domains-broker
+```
+
+The CDN service provisions and configures AWS CloudFront and Let’s Encrypt TLS certificates to serve traffic from a custom domain provided by your engineering team.
+
+Similarly, the domain service does the same job, but using AWS ALBs and Let’s Encrypt TLS certificates (without the AWS CloudFront CDN in front).
+
+**What is replacing the old services?**
+
+The cloud.gov team is actively working on a replacement broker that will be compatible with the Let’s Encrypt v2 API. This broker will offer replacements for both of the old services. We plan to have this new service in place in advance of the June 1st deadline.
+
+**What is the impact to cloud.gov customers?**
+
+cloud.gov’s existing domain service will no longer be able to provision new instances starting June 1, 2020. All existing instances will continue to work until June 2021. This will not cause any issues or downtime for applications that have already provisioned custom-domain service instances.
+
+**What do cloud.gov customers need to do?**
+
+Once the new service is in place, you should use this new service for all new custom domain provisioning. At that time, we will provide instructions for migrating existing domains to the new service as well. We understand changes like this are disruptive and we are doing all we can to make this transition as smooth as possible.
+
+**Questions? Contact support@cloud.gov**
diff --git a/content/news/articles/2020-05-12-try-a-free-sandbox-space.md b/content/news/articles/2020-05-12-try-a-free-sandbox-space.md
new file mode 100644
index 0000000..93f4033
--- /dev/null
+++ b/content/news/articles/2020-05-12-try-a-free-sandbox-space.md
@@ -0,0 +1,23 @@
+---
+layout: layouts/post
+tags: news
+title: "Try a free sandbox space "
+date: 2020-05-12
+excerpt: The capabilities of cloud.gov are vast, and like many initial cloud.gov
+  users, you may be unsure what access level best suits your team. In our
+  experience, we have seen that users who sign up for a cloud.gov sandbox space
+  have the ability to easily scale and adapt their work.
+redirect_from:
+  - /2020/05/12/try_a_free_sandbox_space/
+---
+<!--StartFragment-->
+
+The capabilities of cloud.gov are vast, and like many initial cloud.gov users, you may be unsure what access level best suits your team. In our experience, we have seen that users who sign up for a cloud.gov sandbox space have the ability to easily scale and adapt their work.
+
+A [cloud.gov sandbox space](https://cloud.gov/docs/pricing/free-limited-sandbox/) is a free environment designed to allow you to run experiments and explore if cloud.gov suits your team’s needs. Our sandbox accounts are for testing; they’re suitable for information and applications that require no confidentiality, integrity, or availability.
+
+Sandbox functionality is limited by design and the data wipes every 90 days. In comparison, a paid cloud.gov account includes full access to all services and environments for prototyping and production systems at FISMA Low and Moderate levels. Anyone with a U.S. federal government email address (ending in .gov, .mil, or .fed.us) can [sign up for a free sandbox space](https://account.fr.cloud.gov/signup).
+
+[Try a sandbox space](https://cloud.gov/sign-up/) today, and explore the possibilities of utilizing a PaaS (platform as a service) created for the government by the government. Also, if you have any questions do not hesitate to send us a note at [inquiries@cloud.gov](mailto:inquiries@cloud.gov). We are happy to assist you in finding your place in the cloud.
+
+<!--EndFragment-->
\ No newline at end of file
diff --git a/content/news/articles/2020-08-27-running-dot-net-apps-on-cloud-dot-gov.md b/content/news/articles/2020-08-27-running-dot-net-apps-on-cloud-dot-gov.md
new file mode 100644
index 0000000..09824fe
--- /dev/null
+++ b/content/news/articles/2020-08-27-running-dot-net-apps-on-cloud-dot-gov.md
@@ -0,0 +1,35 @@
+---
+layout: layouts/post
+tags: news
+title: "Running .NET Apps on cloud.gov"
+date: 2020-08-27
+excerpt: Learn more about how you can run .NET apps on the cloud.gov platform and get answers to commonly asked questions about .NET development and deployment for cloud.gov
+---
+
+The cloud.gov team often gets asked about whether the platform supports running .NET applications. The good news is: Yes! You can run .NET applications on the cloud.gov platform and [reap all the benefits](https://cloud.gov/docs/technology/responsibilities/) enjoyed by developers using [other languages and frameworks](https://cloud.gov/docs/overview/portfolio-analysis/) for their applications.
+
+Here is a list of commonly asked questions about .NET applications on cloud.gov, and some additional information to get you started using the platform.
+
+**What version of .NET is supported on cloud.gov?**
+
+cloud.gov leverages the [Cloud Foundry .NET Core Buildpack](https://github.com/cloudfoundry/dotnet-core-buildpack), which provides access to the latest versions of .NET Core. The platform does not support .NET Framework applications and you should understand the [differences between the two options](https://docs.microsoft.com/en-us/dotnet/standard/choosing-core-framework-server) prior to migrating your application to cloud.gov.
+
+cloud.gov is an ideal platform for deploying microservices, or for building highly performant and scalable systems, so .NET Core is a good fit for the way our platform is architected. If you are currently running a legacy .NET Framework application, you should consider porting your application to .NET Core to take advantage of the features of the platform and also to realize the benefits of using cloud.gov. Microsoft provides [detailed documentation](https://docs.microsoft.com/en-us/dotnet/core/porting/) for porting your application to .NET Core, including a [portability analyzer](https://docs.microsoft.com/en-us/dotnet/standard/analyzers/portability-analyzer) to help you identify potential issues with your existing application.
+
+**Can I use SQL Server with my .NET application on cloud.gov?**
+
+Yes, with one small caveat. You can easily connect your .NET Core application on cloud.gov to an instance of SQL Server using Cloud Foundry’s [user provided service instance approach](https://docs.cloudfoundry.org/devguide/services/user-provided.html). This will let your application connect to a SQL Server instance running on any cloud service provider, or even a legacy instance running on premise inside your network.
+
+However, because cloud.gov does not broker this service to your application directly as part of our marketplace, this falls outside the scope of our current FedRAMP approval, so there may be some additional compliance work required for you to get your application [authorized to operate in production](https://cloud.gov/docs/overview/fedramp-tracker/#how-you-can-use-this-p-ato). That said, there are no technical limitations on using SQL Server with your .NET Core application running on cloud.gov, and the set up to bind your application to SQL Server is simple and straightforward.
+
+It's also possible to use the [PostgreSQL or MySQL RDS services](https://cloud.gov/docs/services/relational-database/#plans) brokered from Amazon GovCloud by cloud.gov in your .NET Core application. So, migrating from SQL Server to one of these options may provide some additional compliance benefits, as they are within the cloud.gov P-ATO boundry. 
+
+**Does cloud.gov provide any CI/CD tools to use in conjunction with my .NET application?**
+
+cloud.gov does not provide any specific CI/CD tools for customers to use, but instead makes it easy for customers to [integrate deployments to our platform](https://cloud.gov/docs/management/continuous-deployment/) into their existing tools and workflows. If you are currently using a tool like Team Foundation Server or Azure DevOps, you can quickly and easily [set up a service account](https://cloud.gov/docs/services/cloud-gov-service-account/) to automate deployments to cloud.gov for your application.
+
+**Can I run .NET Framework applications on cloud.gov in a container?**
+
+While cloud.gov supports [deployments using containers](https://cloud.gov/docs/deployment/docker/), and there are [containers for .NET Framework](https://hub.docker.com/search?q=microsoft-dotnet-framework) available, this approach should be considered experimental. The better approach for running .NET applications on cloud.gov is to target the .NET Core platform and port any existing applications to run on the platform.
+
+Got additional questions? Don't hesitate to [reach out to us](mailto:inquiries@cloud.gov) to learn more about how you can run your .NET applications on the cloud.gov platform.
diff --git a/content/news/articles/2020-11-10-elasticsearch_and_redis_deprecation_notice.md b/content/news/articles/2020-11-10-elasticsearch_and_redis_deprecation_notice.md
new file mode 100644
index 0000000..428bad8
--- /dev/null
+++ b/content/news/articles/2020-11-10-elasticsearch_and_redis_deprecation_notice.md
@@ -0,0 +1,30 @@
+---
+layout: layouts/post
+tags: news
+title: Elasticsearch and Redis deprecation notice
+date: 2020-11-10
+---
+As part of our reliability and stability enhancements to cloud.gov, the legacy Redis 3.2 and Elasticsearch 5.6 offerings from cloud.gov will be deprecated as of April 5, 2021. In accordance with our deprecation policy, provisioning of new instances will be disabled on December 6, 2020 and on April 5, 2021 we will shut down all active instances. This work is an important step in moving cloud.gov towards a more stable and reliable platform by moving away from a bespoke Kubernetes cluster to AWS-hosted services. Learn more about our deprecation policy here:<https://cloud.gov/docs/technology/responsibilities/#deprecation-policy>
+
+The new services of AWS Elasticache for Redis 5.0.6 and AWS Elasticsearch 7.4 replace the legacy Redis 3.2 and Elasticsearch 5.6 services. These new offerings will offer substantial benefits over our legacy offerings, including:
+
+- Higher availability due to being hosted and managed services from AWS.
+
+- Automatic snapshots with no customer intervention for purposes of data restore/recovery.
+- Allowing for future transitions to newer versions of these services as AWS makes them available.
+
+As part of the transition of these new replacement services from beta to production the following will take place:
+
+- The beta plan names will change but the existing services instances created during the beta will remain for now. In general the ‘BETA’ name prefix will be dropped from the plan name
+
+- Beta customers - if you would like to continue using your beta instances as production instances, please contact support via a support ticket or my emailing us at[support@cloud.gov](mailto:support@cloud.gov). Let us know the org, space, and service instance name that you would like to remain as a production instance.
+
+- Beta customers - If you don’t want to keep your beta instances - after two weeks from this announcement (November 20, 2020) any Beta instances remaining on the platform not converted to production instances via a customer support request will be deleted.
+
+More technical details on these new services can be found below:
+
+- AWS-Elasticache-Redis:<https://cloud.gov/docs/services/aws-elasticache/>
+
+- AWS-Elasticsearch:<https://cloud.gov/docs/services/aws-elasticsearch/>
+
+If you have any questions, please contact[support@cloud.gov](mailto:support@cloud.gov).
diff --git a/content/news/articles/2020-12-18-cloud-gov_not_impacted_by_solarwinds_orion_code_compromise_-_cisa_directive_21-01.md b/content/news/articles/2020-12-18-cloud-gov_not_impacted_by_solarwinds_orion_code_compromise_-_cisa_directive_21-01.md
new file mode 100644
index 0000000..f88613e
--- /dev/null
+++ b/content/news/articles/2020-12-18-cloud-gov_not_impacted_by_solarwinds_orion_code_compromise_-_cisa_directive_21-01.md
@@ -0,0 +1,9 @@
+---
+layout: layouts/post
+tags: news
+title: cloud.gov not impacted by SolarWinds Orion code compromise - CISA Directive 21-01
+date: 2020-12-18
+---
+On December 13, 2020, the DHS Cybersecurity and Infrastructure Security Agency (CISA) published [Emergency Directive 21-01, “Mitigate SolarWinds Orion Code Compromise”](https://cyber.dhs.gov/ed/21-01/).
+
+We want to assure cloud.gov customers that the SolarWinds Orion code compromise is not applicable to cloud.gov. There are no SolarWinds components in the cloud.gov system.
diff --git a/content/news/articles/2020-12-29-getting_to_know_new_features_with_the_cf7_cli_rolling_app_deployments.md b/content/news/articles/2020-12-29-getting_to_know_new_features_with_the_cf7_cli_rolling_app_deployments.md
new file mode 100644
index 0000000..300f35c
--- /dev/null
+++ b/content/news/articles/2020-12-29-getting_to_know_new_features_with_the_cf7_cli_rolling_app_deployments.md
@@ -0,0 +1,11 @@
+---
+layout: layouts/post
+tags: news
+title: Getting to know new features with the cf7 cli rolling app deployments
+date: 2020-12-29
+---
+We have put together a [new video tutorial ](https://www.youtube.com/watch?v=vr0bBYKMVb8&feature=youtu.be)to focus on new features of the cf7 CLI.  This tutorial will get you familiar with the new "rolling" app deployment strategy available for zero downtime deployments.  With these new [features available in the cf7 cli](https://docs.cloudfoundry.org/cf-cli/v7.html#-new-workflows-supported-by-cf-cli-v7), the **rolling**, zero-downtime deployment option is the most anticipated feature and could improve your workflows the most. The older versions of cli did not provide zero downtime deployments natively which meant needing to use a third party plugin or complicated **blue/green** deployment pipeline to accommodate your needs.
+
+The following tutorial goes over using the new feature from the cli with our [*CF Hello World* repository](https://github.com/cloud-gov/cf-hello-worlds) so you could follow along with the tutorial as well. Look out for future video tutorials on the rest of the new cf7 cli features.
+
+[Watch the video.](https://www.youtube.com/watch?v=vr0bBYKMVb8&feature=youtu.be)
diff --git a/content/news/articles/2021-01-29-disabling_inactive_cloud_gov_idp_accounts.md b/content/news/articles/2021-01-29-disabling_inactive_cloud_gov_idp_accounts.md
new file mode 100644
index 0000000..b0c3adb
--- /dev/null
+++ b/content/news/articles/2021-01-29-disabling_inactive_cloud_gov_idp_accounts.md
@@ -0,0 +1,9 @@
+---
+layout: layouts/post
+tags: news
+title: Disabling inactive cloud.gov IDP accounts
+date: 2021-01-29
+---
+With an update to our [compliancy policy](https://github.com/cloud-gov/cg-compliance-docs/blob/master/AC-Policy.md), we will begin notifying and deactivating inactive accounts that use our cloud.gov IDP for authentication. Our customers that use their agencies' credentials to authenticate into our platform will not be affected. Users that do not log into the platform within the past **90 days** will be deactivated.  We will send you email notifications **10 days** and **1 day** before deactivation instructing you to log into the platform to reset the **90 day** threshold.  If you are unable to log into the platform within the allotted time, you will need to email [support@cloud.gov](mailto:support@cloud.gov) to have your account reactivated.
+
+Thank you from the cloud.gov team.
diff --git a/content/news/articles/2021-02-05-cloud-gov_a_different_kind_of_cloud.md b/content/news/articles/2021-02-05-cloud-gov_a_different_kind_of_cloud.md
new file mode 100644
index 0000000..6e8eb65
--- /dev/null
+++ b/content/news/articles/2021-02-05-cloud-gov_a_different_kind_of_cloud.md
@@ -0,0 +1,47 @@
+---
+layout: layouts/post
+tags: news
+title: "Cloud.gov: A Different Kind of Cloud"
+date: 2021-02-05
+excerpt: The cloud.gov platform acts as a concierge for your cloud deployments,
+  removing a lot of the hard work of setting up a scalable and compliant
+  infrastructure, and streamlining the ATO process.
+---
+As a program manager or CIO tasked with moving applications to the cloud, one of the first questions you might find yourself faced with is: which cloud should I move to?
+
+One of the many benefits of the continued advancement of cloud technologies is that [there are lots of different cloud deployment and operational models](https://bluexp.netapp.com/blog/cvo-blg-cloud-computing-deployment-models-and-architectures) to choose from. And it’s also one of the main drawbacks. 
+
+Which cloud option is right for your project? Which service model offers the best mix of cost effectiveness, security, and ease of use? 
+
+We believe that cloud.gov offers the most favorable blend of these different factors for agencies that are looking to migrate their applications to the cloud. That’s because cloud.gov acts as a sort of concierge for your cloud deployments, removing a lot of the hard work of setting up a scalable and compliant infrastructure, and streamlining the ATO process.
+
+### cloud.gov: At your Service
+
+Technically speaking, cloud.gov is a platform-as-a-service - typically referred to as a PaaS offering. It is an implementation of the open source [Cloud Foundry](https://www.cloudfoundry.org/) application platform [on top of Infrastructure as a Service (IaaS) provided by Amazon Web Services](https://cloud.gov/docs/technology/iaas/) (AWS). We often get asked how cloud.gov is different from the underlying IaaS services provided by AWS or other cloud service providers.
+
+A good way to think about this question is to think of a concierge service.
+
+With IaaS services like AWS, you have the ability to architect and implement your cloud infrastructure as you wish, and some projects opt to do this - often those that have specialized or unusual project requirements. Projects that use this approach, will need to first procure AWS, and then set up, configure and test all of the required cloud infrastructure components. They will also be required to document how the infrastructure is set up for compliance purposes, so that a security auditor or authorizing official can view artifacts describing how the environment operates.
+
+With cloud.gov, this approach is different and greatly simplified. 
+
+The cloud.gov platform is already set up to instantly broker different services from AWS to support your application. When cloud.gov brokers a service, like for example an [RDS service from AWS](https://aws.amazon.com/rds/), the service is created in a repeatable, secure, and compliant manner. The service is immediately made available for your applications to use, requiring minimal additional configuration and set up. These services are brokered on demand from customers, using a simple command syntax, meaning you can add or remove services whenever you need to.
+
+Best of all, because these services are brokered inside the cloud.gov FedRAMP boundary, security documentation is minimal and often may not be required for [components managed by the cloud.gov team](https://cloud.gov/docs/overview/fedramp-tracker/#how-you-can-use-this-p-ato).
+
+### Deployments Made Simple
+
+The ability to leverage cloud.gov’s baked-in security compliance to streamline the ATO process is an attractive feature. But it isn’t the only reason that cloud.gov is different from other cloud platforms.
+
+One of the defining characteristics of cloud.gov is this: it’s just plain easy. Complex application deployments involving multi-tiered applications, with multiple backing services, running concurrent application instances can be executed with a single command.
+
+When an app is deployed to cloud.gov, the platform’s concierge qualities really stand out. Simply by pushing an application, a project team gets all of the following courtesy of the cloud.gov platform:
+
+* The platform automatically loads the appropriate runtime for the application based on the programming language used. cloud.gov [currently supports almost a dozen different language runtimes.](https://cloud.gov/docs/overview/portfolio-analysis/)
+* The platform binds the application to [backing services](https://cloud.gov/docs/services/intro/), like an RDS service or a caching service, and automatically makes the credentials for these services available to the application, minimizing the need for complex configuration and credential management.
+* The platform automatically scales the application from one to dozens of instances depending on what is needed, and automatically load balances traffic between instances. 
+* The platform will continually monitor the health of an application and recycle app instances that become unhealthy, automatically routing traffic only to healthy app instances.
+
+Because the cloud.gov platform handles all of the hard parts of deploying an application, a project team can focus on building a great app. Instead of worrying about the many details and requirements of setting up a cloud infrastructure, cloud.gov acts as a concierge service for your application, turning complex, risky, multi-step deployments simple and efficient.
+
+To learn more about cloud.gov, you can reach out to the team at [inquiries@cloud.gov](mailto:inquiries@cloud.gov) for more information, or to set up an introductory call.
\ No newline at end of file
diff --git a/content/news/articles/2021-02-17-writing_a_cloud-gov_ssp_system_environment.md b/content/news/articles/2021-02-17-writing_a_cloud-gov_ssp_system_environment.md
new file mode 100644
index 0000000..e82eaf6
--- /dev/null
+++ b/content/news/articles/2021-02-17-writing_a_cloud-gov_ssp_system_environment.md
@@ -0,0 +1,42 @@
+---
+layout: layouts/post
+tags: news
+title: "Writing an SSP for a cloud.gov system: System Environment"
+date: 2021-02-17
+excerpt: We share a sample "System Environment" SSP response for a Low-impact system
+---
+
+At cloud.gov, we often get requests from partners going through the ATO process for guidance on how to complete the System Environment section of their System Security Plan (SSP). Since this is a common question, here is an example to get you started. Partners with additional questions can also reach out to support@cloud.gov.
+
+
+---
+## System Environment 
+
+As the cloud.gov PaaS is based on Cloud Foundry, our application components are each built and deployed in accordance with their corresponding Cloud Foundry manifest files. Manifest files indicate the required Cloud Foundry buildpack (e.g, language runtime for Node.js, Python, Docker, etc.) and stack (e.g., cflinuxfs3, which is based on Ubuntu 18.04).  Our application components operate on Cloud Foundry containers provided by cloud.gov.  As a result, they rely on security configurations put into place by the cloud.gov team.
+
+Once an application is built into an app image, the cloud.gov platform instantiates a corresponding execution container, isolated from other tenant applications, within which the application’s process will run.
+To improve availability for end users, 3 instances of the web application are launched in cloud.gov. Behind the scenes, cloud.gov deploys these instances across multiple availability zones within the AWS GovCloud (US) region.
+
+Our application is deployed to cloud.gov  by the continuous integration server (fill in the blank).
+
+The cloud.gov platform ensures that these buildpack and stacks have been configured and hardened as required by our authorizing agency.
+
+Likewise, cloud.gov provides suitable, hardened configuration for the following brokered services: Relational Database Service (RDS) for PostgreSQL, S3, CloudFront and Redis.
+
+Finally, maintaining TLS certificates for the application components accessible via the web and terminating inbound, external SSL (TLS) encrypted connections to them are also handled by cloud.gov using their Let's Encrypt TLS certificate broker, and documented in the cloud.gov System Security Plan (SSP).
+
+
+Asset Inventory
+The following table identifies the virtual and physical components of the our application 1.1.
+
+IP Address/Hostname | Make | Model and Firmware | Location | Components that Use this Device 
+ -- | -- | -- | -- | -- 
+cloud.gov org: my-org<br>space: prod<br>app: my-app | nodejs_buildpack | Cloud Foundry cflinuxfs3 | cloud.gov
+cloud.gov org: my-org<br>space: prod<br>RDS my-db | cloud.gov brokered AWS RDS service| PostgreSQL 12.3  | cloud.gov | app: my-app
+
+
+### Other SSP development resources
+
+* [Data flow diagrams]({{ site.baseurl }}/docs/compliance/diagrams)
+
+
diff --git a/content/news/articles/2021-03-05-cloud-gov_tech_talk_-_internal_routes.md b/content/news/articles/2021-03-05-cloud-gov_tech_talk_-_internal_routes.md
new file mode 100644
index 0000000..94e3ffd
--- /dev/null
+++ b/content/news/articles/2021-03-05-cloud-gov_tech_talk_-_internal_routes.md
@@ -0,0 +1,17 @@
+---
+layout: layouts/post
+tags: news
+title: Cloud.gov Tech Talk - Internal Routes
+date: 2021-03-05
+---
+Join us on March 17 for a [tech talk to learn more about internal routes on cloud.gov](https://www.eventbrite.com/e/tech-talk-internal-routes-tickets-144475338627). Our engineers will show you how to use internal routes for secure, direct, container-to-container communication between applications.
+
+cloud.gov provides flexibility for controlling how traffic moves between applications. In this tech talk, we will highlight common use cases for internal routes (including links to samples) as well as discuss the considerations you need to account for. We will demonstrate how you can improve the security posture of your applications, without changing application code, using internal routes with the nginx buildpack.
+
+This is a virtual event - a Zoom link will be provided 24 hours in advance of the event to all registered participants. Registration is required - [register here](https://www.eventbrite.com/e/tech-talk-internal-routes-tickets-144475338627). 
+
+March 17, 2021
+
+2:00 - 2:30 PM EDT
+
+[Register ](https://www.eventbrite.com/e/tech-talk-internal-routes-tickets-144475338627)
\ No newline at end of file
diff --git a/content/news/articles/2021-04-02-shared-db-deprecation-notice.md b/content/news/articles/2021-04-02-shared-db-deprecation-notice.md
new file mode 100644
index 0000000..bbff334
--- /dev/null
+++ b/content/news/articles/2021-04-02-shared-db-deprecation-notice.md
@@ -0,0 +1,52 @@
+---
+layout: layouts/post
+tags: news
+title: Shared Database Deprecation Notice
+date: 2021-04-02
+---
+
+_This is a repost of our StatusPage notice, originally posted August 7th, 2020_
+
+# Important updates and enhancements to cloud.gov’s relational database service
+
+This message is to let you know about recent and upcoming changes to cloud.gov’s relational database services, which include the following:
+
+- Deprecation of the shared instance plans
+- Scaling down of under-utilized instances
+- New service plan offerings
+- Ability to modify existing service instances
+- Documentation updates on our website
+
+
+## What is happening and what is the impact to cloud.gov customers?
+
+As of January 24, 2021, shared instance plans will no longer be available as a choice for creating new database instances. Customers will only be able to choose from the dedicated service plans. Sandbox accounts will only have access to the micro-psql and small-mysql service plans.
+
+Within 14 days of this notice, we will also begin scaling down under-utilized database instances to smaller service plans and asking if unused instances are still needed. We will initially target databases with 10 or fewer recent concurrent connections and low CPU usage. Applications that are dependent on database availability may experience a short period of unavailability during the scale operation; please reach out to our team with your org, space, and service name if there are days we should avoid resizing deployed instances. As a cost-recoverable program, we are tasked with being responsible stewards for our operating costs and this will allow us to keep costs under control.
+
+
+## What do cloud.gov customers need to do?
+
+At this time, customers who are currently running shared database server instances will need to begin planning a migration to a dedicated instance plan. To perform a migration, a customer must export their existing database and restore it into a new instance created with a dedicated service plan. We have instructions on how to export a database on our website and will send out more information on how to perform the restore in the near future.
+
+New sandbox users will be able to use the new dedicated instance plans right away, and we will be reaching out to customers about under-utilized instances at the aforementioned date with additional information and instructions for next steps.
+
+
+## Why are the shared instance plans being deprecated?
+
+We are deprecating the shared instance plans in favor of offering new, micro- and small-sized dedicated instance plans. This will enable us to improve our security compliance posture and offer more performant and efficient database server choices for our customers.
+
+It will also enable more flexibility for customers in managing their own database instances and allow both customers and our own platform operators to manage database backups and restorations. This is not currently possible in the shared instance plans.
+
+
+## How can customers leverage the new service plans?
+
+Customers can begin using the new service plans right away when creating a new database service. In addition to this, we have also added the ability to modify existing database services in place. Customers can now switch database service plans by following the update instructions in our documentation. There are a couple of things to note about this:
+
+- Switching between shared instance plans and dedicated instance plans is not possible; you must manually backup and restore your database
+- Switching between database engines (e.g., PostgreSQL and MySQL) is not possible; you must switch between plans for the same database engine
+
+Furthermore, we have also updated our documentation to include all of the service plans we currently offer in cloud.gov and which plans are available in sandbox accounts.
+
+
+If you have any questions or concerns, please contact us at support@cloud.gov.
diff --git a/content/news/articles/2021-05-10-how_cloud-gov_prioritizes_organizes_work.md b/content/news/articles/2021-05-10-how_cloud-gov_prioritizes_organizes_work.md
new file mode 100644
index 0000000..6e2e42c
--- /dev/null
+++ b/content/news/articles/2021-05-10-how_cloud-gov_prioritizes_organizes_work.md
@@ -0,0 +1,22 @@
+---
+layout: layouts/post
+tags: news
+title: How cloud.gov prioritizes & organizes work
+date: 2021-05-10
+---
+With so many ways to organize and prioritize work - scrum, Kanban, SAFE - it can be helpful to learn about a team’s experience with using different practices and processes. In the spirit of sharing knowledge and translating theory into practice, we’ll use this blog post to explain how cloud.gov manages its work and what we’ve learned along the way.
+
+First, let’s talk about tools. We use Github Projects to manage stories and tasks. One project planning board tracks the work that the team is actively doing - it gives everyone visibility into the highest priority work and each story that is actively being worked on is discussed during the daily stand-up. Other project boards are used to capture ideas and emergent work for things such as compliance, UX, and our business unit. High priority stories from these sub-boards filter up to the overall team project planning board when ready.
+
+Second, we follow a handful of guiding principles. 
+
+* **Maximize the amount of time our team has to work uninterrupted and minimize context switching.** What this means in practice is fewer meetings with more targeted attendance. For example, we replaced backlog refinement and sprint planning - meetings that required the entire team’s attendance for two hours every other week - with a single, weekly, 30 minute prioritization meeting with four people (the product manager, security & compliance lead, and two engineering representatives). The engineers take turns attending the prioritization meeting so that everyone has visibility and no one’s schedule is overburdened. We replaced the sprint demo with a 30 minute, bi-weekly sprint architecture review that covers updates for the business, major version changes, compliance & security, and operations. Responsibility for updating the documentation is shared by the team on a rotating basis. 
+* **Work with, not against, the interrupt-driven nature of the work we do**. Running a Platform as a Service (PaaS) that includes responding to support requests from customers necessitates flexibility. Interruptions happen - e.g., an urgent support request comes in from a customer, or an alert about a platform component appears. These items typically require further investigation.  Two support engineers monitor and respond to the support queue. They also are the first responders to any platform-related issues, triaging the initial activity so that the rest of the team can continue their work uninterrupted. If the incident requires more support, then the appropriate team members are tagged in.
+* **Prioritize weekly**. We prioritize the work on a weekly basis rather than a two-week sprint cycle. This allows us to not overload the team, ensure there is enough capacity, and not lose sight of the highest priority work. It also allows us to course correct more quickly if work needs to be reprioritized. Since we utilize one project planning board, this makes it easier for everyone to know the prioritized work for the team.
+* **Be willing to experiment**. Our process can be described as scrum’ish meets Kanban’ish. We do a daily stand-up and bi-weekly team retrospective (scrum). We do weekly prioritization (Kanban). Our bi-weekly architecture review doesn’t fit neatly into either model but it works for our team and supports our program. 
+
+Third, our engineers are testing out an advocacy model for building technical knowledge across the team and ensuring critical work isn’t overlooked. Each engineer would be an “advocate” for a different part of the cloud.gov platform for four to six weeks. During that time, the engineer would be responsible for ensuring that work supporting that part of the platform is prioritized and implemented. After four to six weeks, the engineers rotate to a new part of the platform. The advocacy model is in its early stages but we’re excited to see how it evolves. 
+
+Finally, it’s important to note that cloud.gov arrived at these processes over time. We tried different methods, adjusted when needed, and discarded ones that were less successful. We are always looking for ways to improve how we do our work and create a supportive, collaborative team environment.
+
+To learn more about cloud.gov, you can reach out to the team at inquiries@cloud.gov for more information, or to set up an introductory call.
\ No newline at end of file
diff --git a/content/news/articles/2021-05-26-changes_to_the_nodejs_buildpack.md b/content/news/articles/2021-05-26-changes_to_the_nodejs_buildpack.md
new file mode 100644
index 0000000..3de9919
--- /dev/null
+++ b/content/news/articles/2021-05-26-changes_to_the_nodejs_buildpack.md
@@ -0,0 +1,13 @@
+---
+layout: layouts/post
+tags: news
+title: "Changes to the Node.js Buildpack"
+date: 2021-05-26
+excerpt: Certain versions of the Node.js runtime will be removed in upcoming releases of the Cloud Foundry Node.js buildpack.
+---
+
+The first release of the [Cloud Foundry Node.js buildpack](https://docs.cloudfoundry.org/buildpacks/node/node-tips.html#buildpack) after June 21, 2021 will no longer include Node versions 15.x.x. These Node.js versions will no longer be supported [upstream](https://github.com/nodejs/Release). 
+
+As this change may impact some cloud.gov users, application owners are encouraged to migrate their Node.js apps to supported versions of Node.js before that time. _*Note: If no version is specified in your app's `package.json` file, the current default version resolves to Node v10.x._
+
+Customers that experience issues, or that have questions about this change, can send a request to [support@cloud.gov](support@cloud.gov).
diff --git a/content/news/articles/2021-06-08-changes-to-buildpacks.md b/content/news/articles/2021-06-08-changes-to-buildpacks.md
new file mode 100644
index 0000000..e2d97c6
--- /dev/null
+++ b/content/news/articles/2021-06-08-changes-to-buildpacks.md
@@ -0,0 +1,13 @@
+---
+layout: layouts/post
+tags: news
+title: "Changes to the Staticfile and NGINX Buildpacks"
+date: 2021-06-08
+excerpt: Certain versions of NGINX will be removed in upcoming releases of the Cloud Foundry Staticfile and NGINX buildpacks.
+---
+
+The first release of the Staticfile and NGINX buildpacks after July, 5 2021 will no longer include NGINX versions 1.18.x and 1.19.x. These NGINX versions will no longer be supported [upstream](https://nginx.org/en/download.html).
+
+As this change may impact some cloud.gov users, application owners are encouraged to migrate their apps to supported versions of NGINX before that time. 
+
+Customers that experience issues, or that have questions about this change, can send a request to [support@cloud.gov](support@cloud.gov).
\ No newline at end of file
diff --git a/content/news/articles/2021-07-02-migrating-from-legacy-drupal-to-federalist.md b/content/news/articles/2021-07-02-migrating-from-legacy-drupal-to-federalist.md
new file mode 100644
index 0000000..0a7aa91
--- /dev/null
+++ b/content/news/articles/2021-07-02-migrating-from-legacy-drupal-to-federalist.md
@@ -0,0 +1,98 @@
+---
+layout: layouts/post
+tags: news
+title: "Migrating from Legacy Drupal to Federalist"
+date: 2021-07-02
+excerpt: "With the end of life dates for Drupal versions 7 and 8 fast approaching, this tech talk will discuss strategies for migrating from legacy versions of Drupal to the Federalist platform."
+---
+
+**Note - this blog post includes content originally presented during a cloud.gov / Federalist tech talk on June 17th, 2021.**
+
+Drupal is a commonly used content management system (CMS) in the Federal government. Many existing Drupal sites are still using older, outdated versions of the CMS and site owners may be facing challenges with upgrading to the latest version. In addition, because Drupal is a multi-tiered web application, it has multiple components that must be managed and maintained, adding to complexity and support costs.
+
+With the [end of life dates for Drupal versions 7 and 8 fast approaching](https://www.drupal.org/psa-2020-06-24), Drupal site owners should understand the options they have for migrating to new, simplified, more modern web platforms. This post will discuss migrating from Drupal to the Federalist platform, and will run through a simple example of how such a migration can be accomplished.
+
+This post will demonstrate how to use some of the commonly available Drupal migration tools to export content from a legacy Drupal site and import the content to a new Federalist starter template. We will discuss some of the issues that Drupal site owners should evaluate when considering a migration to a new platform.
+
+## Drupal 7 / 8 end of life
+
+The end of life date for both Drupal 7 and 8 is fast approaching. Drupal 8 will reach it's scheduled end of life on November 2, 2021. Drupal 7 wil reach it's scheduled end of life on November 28, 2022 (after being extended for a period of about 1 year).
+
+As the challenges and work required to upgrade to the latest version of Drupal are considered by agencies, other platform options may also be evaluated. One potential option for current Drupal users is the [Federalist platform](https://cloud.gov/pages/).
+
+## What is Federalist?
+
+Federalist is a publishing platform for modern government websites. In a matter of hours, you can publish a website that’s 21st Century IDEA Act and 508-compliant, comes with a built-in Authority to Operate (ATO), and hosted on a secure and FedRAMP-authorized cloud infrastructure.
+
+Federalist provides the following useful features out of the box:
+
+* Github integration
+* Battle-hardened infrastructure (S3, Cloudfront)
+* Free, auto-renewed SSL certificates
+* Robust ATO
+* USWDS Starter kits with built-in integrations with Search.gov and GSA Digital Analytics Program.
+* Helpful support
+
+## When is Federalist right for you?
+
+If your agency is considering migrating away from Drupal, Federalist might be a good choice for you if:
+
+* You are managing an informational site, with frequent updates and changes
+* You are using Github (or are able to), and want more control over versioning of your website
+* You need to support both technical and non-technical content creators / reviewers / editors
+* You need a highly-performant site
+* You have limited capacity to manage infrastructure 
+* You need a simplified ATO process*
+
+## When is Federalist not right for you?
+
+Federalist does have some limitations, so depending on your agency's specific use of Drupal, Federalist may not be a good fit. If you need to do the following, Federalist may not be a viable migration target from Drupal:
+
+* You need to authenticate users, and manage user accounts
+* You need to show different content to different users (user authorization)
+* You need a server (or something that has the characteristics of a server)
+* You have other unique requirements (e.g., software licensing)
+
+## Getting from Drupal to Federalist
+
+Migrating from Drupal to Federalist will be different for each agency using Drupal, based on how your current Drupal website is configured and managed. Generally speaking, the following steps encompass the process of moving from Drupal to the Federalist platform:
+
+* Review / audit existing content
+* Identify appropriate migration tool (lots of options)
+* Modify and update content (as needed)
+* Identify static site generator
+* Choose a starter template or design system
+* Bring content into Federalist site framework
+* Publish to Federalist (push to GitHub)
+
+## Issues and Considerations
+
+Before migrating, there are a number of factors you should take into consideration.
+
+* You may need to conduct a content inventory so you'll know what materials you currently have, and what you need to migrate over
+* Check your list of current enabled modules, to see if any provide functionality critical to your site 
+    - Modules can provide added functionality that you want to make sure you have accounted for.
+    - Some modules (ex: paragraphs) can add extra markup. Make sure you have accounted for this.
+* Plan for taxonomic structure (11ty / netlify / static CMSs almost all have tagging structure)
+* Update any in-content links to new links
+* Migrating users, permissions, etc.
+* Working out a new workflow for publishing
+* Form submits (does your site use them currently)
+
+## Find out more 
+
+The cloud.gov and Pages team is ready to help you as you evaluate your options for current Drupal 7 and 8 websites. 
+
+In addition, the following resources are also available for agencies:
+
+* [Pages](https://pages.cloud.gov/)
+* Static site generators
+    - [Tome](https://tome.fyi/)
+    - [Netlify](https://www.netlify.com/) 
+    - [Hugo](https://gohugo.io/) 
+    - [Gatsby](https://www.gatsbyjs.com/) 
+* Drupal export / migration tools:
+    - [Markdown Exporter](https://www.drupal.org/project/markdown_exporter) 
+    - [Migrate Git](https://www.drupal.org/project/migrate_git)
+
+Questions or inquiries can be sent to [federalist-inquiries@gsa.gov](mailto:federalist-inquiries@gsa.gov).
diff --git a/content/news/articles/2021-08-03-update_to_our_customer_responsibility_matrix_crm.md b/content/news/articles/2021-08-03-update_to_our_customer_responsibility_matrix_crm.md
new file mode 100644
index 0000000..671e5a2
--- /dev/null
+++ b/content/news/articles/2021-08-03-update_to_our_customer_responsibility_matrix_crm.md
@@ -0,0 +1,37 @@
+---
+layout: layouts/post
+tags: news
+title: Update to our Customer Responsibility Matrix (CRM)
+date: 2021-08-03
+excerpt: Today's update to our Control Implementation Summary (CIS) + Customer
+  Responsibility Matrix (CRM) clarifies some language and inhertiance status for
+  controls.
+---
+The **[Control Implementation Summary (CIS) + Customer Responsibility Matrix (CRM) + Control-by-Control Inheritance (.xlsx)](https://cloud.gov/resources/cloud.gov-CIS-Worksheet.xlsx)** is a summary of each Low and Moderate security control and whether it is handled by cloud.gov, shared responsibility, or customer responsibility. It includes guidance on which controls a customer system can fully or partially inherit from cloud.gov.
+
+ We've made some recent changes to this document that we wanted to summarize for platform users, and those interested in implementing a solution on the platform. 
+
+### Recent changes to CRM
+
+* Added another page listing Low-impact controls, which provides color-coded conditional formatting to the CRM
+
+### Updates to controls
+
+* AC-02(5) Corrected inheritance to “No” was “Partial”, for inactivity logout
+* AU-04: Corrected inheritance to Yes, was Partial, for logging capacity
+* CA-08: Corrected inheritance to No, was Partial, for penetration tests
+* CP-06: Clarified to use “service-level objectives” instead of SLAs
+* CP-07: Clarified to use “service-level objectives” instead of SLAs
+* IA-02: Corrected inheritance to “No”, was “Partial” for local access
+* IA-05 (02): Corrected inheritance to “Partial” as cloud.gov can use PKI for agency authentication. Was “No”
+* IA-05 (04): Corrected inheritance to “Partial” as the cloud.gov IdP enforces password strength
+* IA-05 (06): Corrected inheritance to “Partial” as the cloud.gov IdP protects authenticators
+* SC-08: Corrected typo so it reads “HTTPS” (not “HTTS”)
+* SC-13: Corrected to refer to “encryption,” (not “credentials”)
+* SC-17: Corrected inheritance from “No” to “Partial” for obtaining certs from approved provider
+* SC-19: Corrected inheritance to “Yes” from “No” since cloud.gov does not support VOIP
+* SI-04 (05): Note regarding alert routing for A/V detection
+
+### Using this document
+
+You can read more on how to start the ATO process with cloud.gov at [our FedRAMP Authorized page](https://cloud.gov/docs/overview/fedramp-tracker/).
diff --git a/content/news/articles/2021-08-16-external-domain-migration-announcement.md b/content/news/articles/2021-08-16-external-domain-migration-announcement.md
new file mode 100644
index 0000000..84dd2de
--- /dev/null
+++ b/content/news/articles/2021-08-16-external-domain-migration-announcement.md
@@ -0,0 +1,70 @@
+---
+layout: layouts/post
+tags: news
+title: "Migrate to the external-domain service"
+date: 2021-08-16
+excerpt: Customers need to take action to migrate from the cdn-service and custom-domain service to the external-domain service
+---
+
+## Who is this for?
+
+This post is for all users of the cdn-route or custom-domain services.
+
+## Background
+
+The custom-domain and cdn-route services leverage Let's Encrypt to provision certificates on our users' behalf.
+Several months ago, Let's Encrypt announced that they're deprecating their v1 API. To work with their new API, we've written a replacement
+to the cdn-route and custom-domain services, the external-domain service. We now need to migrate your service instances
+to the new service to ensure their certificates can continue renewing without issue. To accomplish this, we've written internal tooling to
+migrate instances automatically without service interruption, but it does require some action on your part to initiate the migration.
+
+## What you need to do
+
+The new external-domain service uses a different method of validation with Let's Encrypt. The new method relies on specific DNS records being present for each of your domains. To begin the migration, you need to have configured the following DNS records for each domain on your custom-domain or cdn-route instances.
+
+| Type   | Name                      | Value                                                           |
+|--------|---------------------------|-----------------------------------------------------------------|
+| CNAME  | `_acme-challenge.$DOMAIN` | `_acme-challenge.$DOMAIN.external-domains-production.cloud.gov` |
+| CNAME* | `$DOMAIN`                 | `$DOMAIN.external-domains-production.cloud.gov`                 |
+
+The `_acme-challenge.$DOMAIN` CNAME record allows us to provision SSL certificates on your behalf.
+
+As an example, if you have a custom-domain service created for `directorate.agency.gov`, you'd want to create a CNAME record `_acme-challenge.directorate.agency.gov` with value `_acme-challenge.directorate.agency.gov.external-domains-production.cloud.gov`.
+
+The `$DOMAIN` CNAME is responsible for routing the user traffic to your site.  Using the `directorate.agency.gov` example above, this would be `directorate.agency.gov.external-domains-production.cloud.gov`.
+
+If you already have `CNAME`, `A`, and/or `AAAA` (with `ALIAS`) record(s) for `$DOMAIN`, you should update the value or replace the record to match what is shown above.
+
+*\* If your domain is an "apex domain" or "2nd level domain" (i.e. `agency.gov` instead of `directorate.agency.gov`) you will need to use an `A` and `AAAA` (with `ALIAS`) record(s) assuming your DNS provider supports it.*
+
+Note that the second update here changes how users get to your site.
+We've made every effort to validate we're prepared for this change, but you should confirm that
+`$DOMAIN.external-domains-production.cloud.gov` currently resolves before making this change.
+
+You can do this by directly comparing the outputs of `nslookup $DOMAIN` and
+`nslookup $DOMAIN.external-domains-production.cloud.gov`, or by modifying your `hosts` file
+to point `$DOMAIN` to one of the IP addresses `$DOMAIN.external-domains-production.cloud.gov`
+currently resolves to. **If either of these tests fail, _STOP_ and do not update**
+your DNS, and contact cloud.gov support for assistance.
+
+
+## What to expect
+
+### During the migration
+
+The migration will *not* cause:
+- downtime 
+- interruption to your services
+- change in functionality or configuration to your services
+
+During the migration, you may see a new service instance with a name you do not recognize in your space(s).
+Once started, the migration takes about 30 minutes for cdn-route instances, and less than 15 minutes for custom-domain instances.
+During this time, you will be unable to make other modifications to the service instance.
+
+### After the migration
+
+After the migration, your service instance(s) will have a new instance ID, so any references to your service
+instance ID will need to be updated.
+Additionally, your service instance(s) will be of a different service (`external-domain`) and plan (`domain` or `domain-with-cdn`, depending on your current instance type).
+
+Customers that experience issues, or that have questions about this change, can send a request to support@cloud.gov.
diff --git a/content/news/articles/2021-10-04-invalid-certificate-error.md b/content/news/articles/2021-10-04-invalid-certificate-error.md
new file mode 100644
index 0000000..1f0e1b8
--- /dev/null
+++ b/content/news/articles/2021-10-04-invalid-certificate-error.md
@@ -0,0 +1,26 @@
+---
+layout: layouts/post
+tags: news
+title: "Invalid certificate error"
+date: 2021-10-04
+excerpt: A recent update by Let's Encrypt may cause some client issues when accessing sites
+---
+
+### Bottom line up front
+
+The expiration of a Certificate Authority's root certificate may be causing some issues when client applications attempt to access sites on cloud.gov and Federalist (as well as other sites on the Internet). The issue disproportionately affects users with older operating systems and/or browsers, and fixing the issue is outside of our control.
+
+### More details
+
+Cloud.gov uses Let's Encrypt to provision the TLS certificates on our platform. Let's Encrypt has their own root certificate (named `ISRG Root X1`), and a set of intermediate certificates (named `Let's Encrypt Authority X1`, `Let's Encrypt Authority X2`, `Let's Encrypt Authority X3`, and `Let's Encrypt Authority X4`). These intermediate certificates allow clients to build a trust chain to Let's Encrypt's root certificate `ISRG Root X1`. Additionally, these certificates are cross-signed to allow clients to build a trust chain to a different Certificate Authority's root certificate - IndenTrust's `DST Root CA X3`. Let's Encrypt has done this since 2016, and does so to maximize client compatibility. You can read more 
+about Let's Encrypt's certificate heirarchy and the reasoning behind it [here](https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html).
+
+The core issue is that on September 30, 2021, the `DST Root CA X3` expired. For well-behaved clients with up-to-date trust stores, this causes not problems. For other clients, this can cause problems:
+- A client with `DST Root CA X3` as a trust anchor but not `ISRG Root X1`, they will probably get a certificate validation error because `DST Root CA X3` expired earlier that day.
+- A client with **both** certs in their trust anchors may give up after constructing a chain to the expired `DST Root CA 3`, but most well-behaved clients will continue checking for a valid chain, and will find the chain to `ISRG Root X1`.
+
+However, either client configuration is wholly outside cloud.gov's control and users will need to address this issue manually or get help from their respective IT departments.
+
+Some additional information may be available on the [Let's Encrypt community forum](https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190).
+
+_this post was was modified October 8th, 2021. You can see the original content [here](https://github.com/cloud-gov/cg-site/blob/57a52327f052c3e4114c1b0caf4ae3a12beb5d25/_posts/2021-10-04-invalid-certificate-error.md)_
diff --git a/content/news/articles/2021-10-15-release-notes.md b/content/news/articles/2021-10-15-release-notes.md
new file mode 100644
index 0000000..5a20ebd
--- /dev/null
+++ b/content/news/articles/2021-10-15-release-notes.md
@@ -0,0 +1,178 @@
+---
+layout: layouts/post
+tags: news
+date: 2021-10-15
+title: "October 15th cloud.gov Change Log" 
+excerpt: It’s a new fiscal year! The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Happy New Fiscal Year!
+
+It’s a new fiscal year! The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+
+# Change Log
+## Customer Facing
+---
+
+### AWS Broker - AWS Elasticsearch (Opensearch)
+
+* Advanced Options is now available for new and existing instances, this allows developers to change two values for that cluster: `indices.fielddata.cache.size` and `indices.query.bool.max_clause_count`
+
+Find more at [AWS Elasticsearch Broker Docs](https://cloud.gov/docs/services/aws-elasticsearch/#advanced-options)
+
+### Staticfile Buildpack - 1.5.26 up from 1.5.25
+* Add Configurable HTTP/2 Support
+
+Note: cloud.gov has not enabled HTTP/2 for the platform yet
+
+### Secure Proxy - 51 up from 50
+* Added HTTPS support to allow use of HTTPS in gorouters
+* cloud.gov has transitioned AWS Load Balancers to send all traffic via HTTPS
+
+### Go Buildpack - 1.9.36 up from 1.9.35
+* Add go 1.16.8, remove go 1.16.6
+* Add go 1.17.1
+* Bump libbuildpack-dynatrace to v1.4.1
+
+### Nginx Buildpack - 1.1.32 up from 1.1.31
+* Add nginx 1.21.3, remove nginx 1.21.1
+
+### NodeJS Buildpack - 1.7.62 up from 1.7.61
+* Update default node version to 16.x
+* Add yarn 1.22.15, remove yarn 1.22.10
+* Add node 14.18.0, remove node 14.17.5
+* Add node 16.10.0, remove node 16.7.0
+
+### PHP Buildpack - 4.4.46 up from 4.4.45
+* Change default php version to 7.4.23
+* Add php 7.4.24, remove php 7.4.21
+* Add php 8.0.11, remove php 8.0.8
+* Add php 7.3.31, remove php 7.3.29
+* Add httpd 2.4.49, remove httpd 2.4.48
+* Add composer 2.1.8, remove composer 2.1.6
+* Add nginx 1.21.3, remove nginx 1.21.1
+
+### Python Buildpack - 1.7.46 up from 1.7.45
+* Add setuptools 58.1.0, remove setuptools 57.4.0
+* Add python 3.9.7, remove python 3.9.5
+* Add python 3.8.12, remove python 3.8.10
+
+### R Buildpack - 1.1.22 up from 1.1.21
+* Rebuild r 4.1.1
+* Rebuild r 3.6.3
+
+### Ruby Buildpack - 1.8.47 from 1.8.46 
+* Auto merge pull request 339
+* Add yarn 1.22.12, remove yarn 1.22.10
+* Add node 14.18.0, remove node 14.17.5
+* Add bundler 2.2.28, remove bundler 2.2.26
+* Add rubygems 3.2.28, remove rubygems 3.2.26
+
+## Platform Changes
+---
+### BPM - 1.1.14 up from 1.1.13
+What's Changed
+* Customize shutdown signal to send SIGINT to Postgres by @bgandon
+* Update golang dependencies
+
+### CAPI - 1.119.0 up from 1.118.0
+Highlights
+* CC API Version: 2.173.0 and 3.108.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+* CAPI Release PR #202 Ensure that job is unmonitored before monitoring it again
+
+Cloud Controller
+* Cloud Controller PR #2521 Enforce service name uniqueness in shared services in spaces
+* Cloud Controller PR #2532 Simplify roles query for performance
+
+
+### CF CLI - 1.34.0 up from 1.33.0
+This release contains the following versions of the CF CLI
+
+
+Major Version | Prior Version | Current Version
+--------------|---------------|-----------------
+v8 | - | 8.0.0
+v7 | 7.3.0 | 7.3.0
+v6 | 6.53.0 | 6.53.0
+
+### CF Networking - 2.39.0 up from 2.38.0
+Release Highlights
+* Go 1.16 has GO111Module on by default. This release converts silk-release to be compatible with those changes
+* Updates the policy-server to use the ANSI_QUOTES sql_mode when making connections to help with MySQL 8 compatibility
+* Added support service-discovery-controller to use NATS + TLS (Thanks @46bit!)
+* Tested with silk-release v2.39.0
+
+Security Fixes
+* Bumped golang to v1.16.8 to address CVE-2021-39293
+
+
+### CFLinuxfs3 - 0.262.0 up from 0.259.0
+CVES:
+* USN-5079-3 USN-5079-3: curl vulnerabilities:
+  * https://launchpad.net/bugs/1944120: Regression in USN-5079-1
+* USN-5089-1 USN-5089-1: ca-certificates update:
+  * https://launchpad.net/bugs/1944481: Distrust "DST Root CA X3"
+* USN-5102-1 USN-5102-1: Mercurial vulnerabilities:
+  * CVE-2019-3902: A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
+  * CVE-2018-17983: cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
+
+
+
+### Log Cache - 2.11.4 up from 2.11.2
+* Adds mTLS to nozzle metrics endpoint to ensure Prom Scraper can collect metrics from nozzle
+* log-cache-nozzle metrics config is optional. If it is not configured metrics will not be scraped by prom scraper.
+* Allow for running garbage collection as part of cache pruning process
+* Run GC after a configurable number of cache prunes
+* Change default truncation interval from 500ms to 1s
+* bump-golang to v0.87.0
+
+### Prometheus - 26.6.0 up from 26.5.0
+Features
+* Add ops file to monitor BOSH Director metrics #420
+* Switch stemcell from Xenial to Bionic #419
+* Add new improved CF Dashboards (v2) #423 (thanks @thehandsomezebra)
+  * Apps: Latency
+  * Apps: System
+  * CF: BBS
+  * CF: Cell Summary
+  * CF: Cells Capacity
+  * CF: Cloud Controller
+  * CF: KPIs
+  * CF: LRPs & Tasks
+  * CF: Route Emitter
+  * CF: Space Summary
+* Add links to other v2 dashboards
+  * Component Metrics v2
+  * Metron Agent v2
+  * Doppler Server v2
+
+### Routing - 0.225.0 up from 0.224.0
+Release Highlights
+* Improved health checking for gorouter- monit will now restart the gorouter process if the gorouter stops responding to http requests on its health port
+* Switched from vendoring golang-1-linux to golang-1.16-linux to keep us pinned at Go 1.16 for the time being
+* Go 1.16 has GO111Module on by default. This release converts routing-release to be compatible with those changes
+* As a result of the conversion to a Go module release, we updated and moved away from having many of our external dependencies in a submodule to a vendored package.
+* Security Fix: Update golang to resolve CVE-2021-39293 where specially crafted inputs could cause panics/fatal errors in archive/zip
+
+### Silk - 2.39.0 up from 2.38.0
+Release Highlights
+* Adds a new experimental feature to rate limit outbound connections in containers (Thanks for the PR @IvanHristov98!)
+* Go 1.16 has GO111Module on by default. This release converts silk-release to be compatible with those changes
+* Updates silk to use the ANSI_QUOTES sql_mode when making connections to help with MySQL 8 compatibility
+* Tested with cf-networking-release v2.38.0
+
+Security Fixes
+* Bumped golang to v1.16.8 to address CVE-2021-39293
+
+### UAA - 75.8.0 up from 75.7.0
+Features
+* Support logout for OpenId proxy mode
+* Client creation endpoint with two secrets
+
+Bug Fixes
+* Add Vendor specific statements to retrieve authorities for user
+* Postgresql: add lower index for user db
+
diff --git a/content/news/articles/2021-10-29-release-notes.md b/content/news/articles/2021-10-29-release-notes.md
new file mode 100644
index 0000000..d7a831f
--- /dev/null
+++ b/content/news/articles/2021-10-29-release-notes.md
@@ -0,0 +1,41 @@
+---
+layout: layouts/post
+tags: news
+date: 2021-10-29
+title: "October 29th cloud.gov Change Log" 
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log
+## Customer Facing
+---
+
+There were no customer-facing changes this sprint.
+
+## Platform Changes
+---
+
+### AIDE -- 16 up from 15
+
+* Remove post-deployment report from AIDE post-deploy to reduce false-alarms caused by timing issues
+
+### FISMA -- 57 up from 54
+
+* disable rsync explicitly - previously, rsync ran based on a condition that would never be true
+* remove dangling systemd-timesyncd files
+* update IPv6 rules
+* other minor updates
+
+### Logsearch - 211.1.38 up from 211.1.26
+
+* add acceptance test validating the number of recently-indexed logs
+
+### Secureproxy - 52 up from 51
+
+* change nginx client_temp_path to a more appropriate location
+
+### Shibboleth - 82 up from 70
+
+* upgrade tomcat to 8.5.65
+* upgrade shibboleth to 3.4.8
+* upgrade TOTP plugin
diff --git a/content/news/articles/2021-11-15-dhs-bod-22-01.md b/content/news/articles/2021-11-15-dhs-bod-22-01.md
new file mode 100644
index 0000000..54a180d
--- /dev/null
+++ b/content/news/articles/2021-11-15-dhs-bod-22-01.md
@@ -0,0 +1,28 @@
+---
+layout: layouts/post
+tags: news
+title: "Guidance for cloud.gov customers in complying with DHS BOD 22-01"
+date: 2021-11-15
+excerpt: "To help ensure our customers are compliant with DHS BOD 22-01, the cloud.gov team has provided some guidance on buildpack usage and updates"
+---
+
+On November 3, 2021, the DHS Cybersecurity and Infrastructure Security Agency (CISA) published [Binding Operational Directive 22-01](https://cyber.dhs.gov/bod/22-01/).
+
+In part, this BOD, "establishes a [CISA-managed catalog of known exploited vulnerabilities (KEVs)](https://cisa.gov/known-exploited-vulnerabilities) that carry significant risk to the federal enterprise and establishes requirements for agencies to remediate any such vulnerabilities included in the catalog."
+
+For cloud.gov customers, there are three responsibility realms with respect to KEVs:
+
+* **Customer responsibility**: Ensuring your application code and dependencies do not include KEVs.
+
+* **Shared responsibility**: cloud.gov is responsible for providing “buildpacks” (container OS + language libraries) that we update regularly to be free of KEVs, but customers are responsible for regularly [re-staging their applications](https://docs.cloudfoundry.org/devguide/deploy-apps/start-restart-restage.html#restage) to use the updated buildpacks.
+
+    - Some past buildpacks are known to include KEVs. If you have re-staged or updated your application after November 10, 2021, then you do not have any buildpack-level KEVs.
+    - In the future, we will review updates to the DHS KEV list, and will notify customers when you need to restage your app to mitigate the vulnerability.
+
+* **cloud.gov responsibility**: It's cloud.gov's responsibility to ensure there are no KEVs within our underlying infrastructure. We do not publicly confirm nor deny our status with respect to DHS BODs, nor can we provide updates via the FedRAMP Max.gov repository (per PMO guidance). If you need more information, please open a [cloud.gov support request]({{site.baseurl}}/contact/#support-for-people-who-use-cloudgov).
+
+PHP buildpack users: The [PHP buildpack](https://github.com/cloudfoundry/php-buildpack/releases) v4.4.46 (released on cloud.gov October 13, 2021) included Apache httpd 2.4.49, which is on the KEV list. Our release of PHP buildpack v4.4.49 on November 10, 2021, included the patched httpd. Customers using the PHP buildpack should restage their applications, if they have not already, so PHP apps will use the updated buildpack. 
+
+The related CVE, [CVE-2021-41773](https://nvd.nist.gov/vuln/detail/CVE-2021-41773) was **not exploitable on cloud.gov** unless a customer took the unusual steps of overriding the default values of the PHP buildpack, as [described more fully in the Cloud Foundry documentation](https://docs.cloudfoundry.org/buildpacks/php/gsg-php-config.html), by changing settings in `httpd-directories.conf` and `httpd-modules.conf`.
+
+Version information: Originally published 2021-11-15, updated 2023-06-12 to clarify PMO guidance on notifications.
\ No newline at end of file
diff --git a/content/news/articles/2021-11-16-controlled-space-egress.md b/content/news/articles/2021-11-16-controlled-space-egress.md
new file mode 100644
index 0000000..395d7a3
--- /dev/null
+++ b/content/news/articles/2021-11-16-controlled-space-egress.md
@@ -0,0 +1,28 @@
+---
+layout: layouts/post
+tags: news
+date: 2021-11-16
+title: "New Controlled Space Egress"
+excerpt: The cloud.gov platform is releasing new space types to help customers better control app egress.
+---
+
+To better help our customers control egress from their apps, we are offering additional space types for your organization with new application security group (ASG) rules. These new ASG rules allow space egress to be more locked down to minimize the impacts of possible data exfiltration. Currently, all cloud.gov org spaces allow egress from an app to the open internet, our brokered services ([AWS RDS](https://cloud.gov/docs/services/relational-database/), [AWS Elasticache Redis](https://cloud.gov/docs/services/aws-elasticache/), [AWS Elasticsearch](https://cloud.gov/docs/services/aws-elasticsearch/)), and [internal routes](https://docs.cloudfoundry.org/devguide/deploy-apps/routes-domains.html#internal-routes) to other apps within your organization. Our additional space ASG offerings will now include `public-egress`, `trusted-local-egress`, and `closed-egress`. These ASG rules will apply to all apps running within a certain space type and will allow you to group apps based on functionality.
+
+Here are the following rules associated to the different space ASG types:
+
+- ### `public-egress`
+  - Requests being executed from within the app can successfully be sent to the open internet, our brokered services, and other internal routes you have created in your organization.
+  - Your app can make requests to third party APIs.
+  - Your app can connect to our brokered services.
+
+- ### `trusted-local-egress`
+  - Requests being executed from within the app can only successfully be sent to some of our brokered services or other internal routes you have created in your organization.
+    - Accessible brokered services: [AWS RDS](https://cloud.gov/docs/services/relational-database/), [AWS Elasticache Redis](https://cloud.gov/docs/services/aws-elasticache/), [AWS Elasticsearch](https://cloud.gov/docs/services/aws-elasticsearch/).
+    - Inaccessible brokered service: [S3 Object Storage](https://cloud.gov/docs/services/s3/).
+  - Any requests to the open internet are blocked.
+
+- ### `closed-egress`
+  - Requests being executed from within the app can only successfully be sent to other internal routes you have created in your organization.
+  - Any requests to the open internet or our brokered services will be blocked.
+
+All current organization spaces will be unaffected by the new space types and will continue to function with the same ASG rules as the `public-egress` space type. As we hear more from our customers using the new space ASG types, we will have the opportunity to iterate on the available ASGs as well as release additional guides on working the new space types. For more information on this feature, see [the docs](../_docs/management/space-egress.md).
diff --git a/content/news/articles/2021-11-18-release-notes.md b/content/news/articles/2021-11-18-release-notes.md
new file mode 100644
index 0000000..f5be969
--- /dev/null
+++ b/content/news/articles/2021-11-18-release-notes.md
@@ -0,0 +1,248 @@
+---
+layout: layouts/post
+tags: news
+date: 2021-11-18
+title: "November 18th cloud.gov Change Log" 
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Happy almost Turkey Day!
+
+The cloud.gov team is working on providing change logs so everyone can see new features and updates. Some highlights include cf-deployment v17 and Concourse v7. Additionally, if you use the [PHP buildpack](https://cloud.gov/2021/11/15/dhs-bod-22-01/) and have not restaged your application since November 10th, 2021, please do that. 
+
+# Change Log
+## Customer Facing
+---
+### Dotnet Core Buildpack 2.3.36 up from 2.3.34
+* remove old version lines from manifest
+* Rename vendored test to offline test for clarity
+* Remove unused branch for now-deprecated .NET 1.x SDK.
+* Remove cache test from running in cutless.Cached scenario
+* Remove .NET 1.x restore functionality.
+  * We previously dropped support for .NET 1.x so this branch is never executed.
+* Rebuild node 14.18.0
+* add eventually to multiple_projects_test
+* Update brats version line to 3.1
+* Remove dotnet 2.1.X line
+* Resolves #404
+  * Update fixtures to .NET Core 3.1 and use spec in tests
+* Resolves #432
+  * All fixtures have been reorganized and ported over to .NET Core 3.1
+  * All tests have been ported over to use spec instead of ginkgo
+  * Adds platform field to integration suite
+  * Adds all README files, with placeholders for apps we're unsure about
+  * Some fixtures and their corresponding tests have been removed because
+  * they are no longer relevant or are redundant:
+  * nancy_kestrel_msbuild_dotnet2 (removed, Nancy is no longer maintained)
+  * runtimeconfig_with_comments (removed)
+  * self_contained_3.0 (removed)
+  * simple_2.2_source (replaced with a 3.0 source app)
+  * source_2.1_float_runtime (removed)
+  * source_prerender_node (removed, feature is deprecated in .NET Core 3.1)
+* Add node 14.18.0, remove node 14.17.6
+* Add dotnet-sdk 5.0.401
+* Add dotnet-runtime 3.1.19
+* Add dotnet-aspnetcore 3.1.19
+* Add dotnet-aspnetcore 5.0.10
+* Add dotnet-sdk 3.1.413
+* Add dotnet-runtime 5.0.10
+* Adds platform flag for integration suite
+* Add dotnet-runtime 5.0.11
+* Add dotnet-runtime 3.1.20
+* Add dotnet-sdk 5.0.402
+* Add dotnet-aspnetcore 3.1.20
+* Add dotnet-aspnetcore 5.0.11
+* Add dotnet-sdk 3.1.414
+* Add node 14.18.1, remove node 14.18.0
+* Propagates errors from global.json SDK install
+Instead of ignoring the error and installing the default SDK, returns the error and stops staging. If the global.json is present, but
+does not contain an SDK version, the existing behavior is maintained (uses default SDK).
+
+### Go Buildpack - 1.9.37 up from 1.9.36
+* Add go 1.16.9, remove go 1.16.7
+* Add go 1.17.2, remove go 1.17
+
+### Java Buildpack - 4.43 up from 4.42
+This release focuses on bug fixes, including new Java quarterly updates for versions 8, 11, and 17.
+
+* Relax escaping of values to enable limited access to the shell for AppDynamnics config (#911)
+* Version matcher now prefers a specific match over a partial match (#907)
+* Shell escape the value of Elastic APM custom properties (#908)
+* Modify default Tomcat configuration to include HTTP/2 support (#906)
+* Rename framework-seeker-security-provider.md (via @mureinik #910)
+* Notable updated Dependencies
+  * Java Quarterly Updates Oct 2021
+  * Apache Tomcat 9.0.54 which resolves CVE-2021-42340
+
+### NodeJS Buildpack - 1.7.63 up from 1.7.62
+* Remove support for deprecated version 15.x
+See #386
+Node 15.x reached End of Line on 2021-06-01.
+(https://github.com/nodejs/Release)
+* Add yarn 1.22.17, remove yarn 1.22.15
+* Add node 16.11.1, remove node 16.8.0
+* Add node 12.22.7, remove node 12.22.5
+* Add node 14.18.1, remove node 14.17.6
+
+### PHP Buildpack - 4.4.49 up from 4.4.46
+* Add php 7.3.32, remove php 7.3.30
+* Change default PHP option to 7.4.25
+* Add php 7.4.25, remove php 7.4.23
+* Add php 8.0.12, remove php 8.0.10
+
+### Python Buildpack - 1.7.47 up from 1.7.46
+* Support independently-installed pip
+  * Adds pip as a dependency to this buildpack. When BP_PIP_VERSION=latest, this
+version will be used. When unset, python's own pip module will be used.
+* Add pip 21.3
+* Add setuptools 58.2.0, remove setuptools 58.1.0
+
+### R Buildpack - 1.1.23 up from 1.1.22
+* Rebuild r 4.1.1
+* Rebuild r 3.6.3
+
+### Ruby Buildpack - 1.8.48 from 1.8.467
+* Add jruby 9.3.1.0
+* Add yarn 1.22.17, remove yarn 1.22.12
+* Add node 14.18.1, remove node 14.18.0
+* Add bundler 2.2.29, remove bundler 2.2.28
+* Add rubygems 3.2.29, remove rubygems 3.2.28
+
+### Staticfile Buildpack 1.5.26 up from 1.5.25
+* Add Configurable HTTP/2 Support (#254)
+
+
+## Platform Changes
+---
+
+### AIDE - 17 up from 15/16
+* Updated Aide to 0.17.3
+* Adjusted Configurations for false positives
+
+### Bosh 271.16.0 up from 271.14.0
+What's Changed
+* Optional Blobstore agent creds by @bgandon in #2327
+* Improve description for director's job properties by @bgandon in #2326
+* Leverage the new BPM shutdown_signal feature in Postgres jobs by @bgandon in #2334
+systems with libyaml versions 02.0 > version < 0.2.5 would fail tests… by @nouseforaname in #2337
+* Auto-bump nginx package from https://github.com/bosh-packages/nginx-release
+  * nginx package version is now 1.21.4
+* Update Contributing docs and running unit tests by @beyhan in #2335
+* Use IO#readline_nonblock instead of IO#readline when reading output from CPI sub-processes. by @yatzek in #2336
+
+### Bosh AWS CPI 91 up from 89
+* Increase timeout for volume modification by @jsievers in #117
+* Make agent credentials unnecessary for accessing a DAV blobstore with signed URLs enabled by @bgandon in #118
+* Configurable timeout factor for IaaS-native disk resize by @bgandon in #119
+* Allow metadata options to be set in cloud properties
+* Added support for IMDSv2
+
+### BPM - 1.1.15 up from 1.1.14
+* Bumped go to 1.17
+
+### CAPI - 1.120.0 up from 1.119.0
+Highlights
+
+CAPI 1.120.0 contains a change to the optional rate_limiter inside of ccng. Previously every request to the rate limiter would result in a database read and write, this lead to performance issues in large foundations. Now the optional rate_limiter will measure these requests in memory on the individual API VM. 
+
+CC API Version: 2.174.0 and 3.109.0
+
+Service Broker API Version: 2.15
+
+CAPI Release
+* PR #210 Send upload start time as form field to cloud controller
+* PR #211 Configure per-vm (in-memory rate limit setting)
+
+Cloud Controller
+* PR #2527 Use window functions for paginated count
+* PR #2529Fix 500 error when listing sidecars for a resource that doesn't exist
+* *PR #2528 Remove un-needed joins
+* PR #2542 Use upload start time to determine if a token has expired.
+* PR #2535 Track request counts for rate limiting in memory
+
+### CF Networking - 2.40.0 up from 2.39.0
+Release Highlights
+* Make a v66 migration to remove old stored procedure
+* Tested with silk-release v2.40.0
+
+### CFLinuxfs3 - 0.264.0 up from 0.262.0
+CVES:
+
+USN-5124-1 USN-5124-1: GNU binutils vulnerabilities:
+* CVE-2021-3487: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
+* CVE-2020-16592: A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
+
+USN-5133-1 USN-5133-1: ICU vulnerability:
+* CVE-2020-21913: International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
+
+### Clamav 29 up from 28
+* Updated freshclam database location
+
+### Concourse 7.3.2 up from 6.7.5
+* Too much to say
+
+### Diego Release 2.53.1 up from 2.53.0
+Changes
+* Bump Go driver for MySQL to v1.6.0 @mariash (#595)
+* BBS: Implement max-retries when failing to connect to event streams (cloudfoundry/bbs#45)
+
+Resources
+* Download release v2.53.1 from bosh.io.
+* Verified with cloudfoundry/cf-deployment @ 4f7398f7e413d072211a7944d212e75ef04f7a84.
+
+Dependencies
+* Bump Golang to go1.17.2 @cf-diego (#594)
+
+### Fisma 58 up from 56/57
+* Correcting AIDE false positives
+
+### Garden-runc 1.9.31 up from 1.9.30
+Changes:
+* #205 Bump Go to v1.17
+
+### Loggregator 106.6.1 up from 106.6.0
+Changelog
+* bump golang release to v0.88.0
+* add variables to make ingress and egress buffer size configurable for loggregator
+
+### Logsearch 211.1.39 up from 211.1.38
+* bump Java Version
+
+### Routing 0.226.0 up from 0.225.0
+New Features
+* The tcp-router now emits connection error metrics on a per app basis, to assist troubleshooting when apps start having connectivity issues
+* The X-Cf-Router-Error header now contains more details for endpoint_failure errors, to indicate what type of failure occurred 🎉 🎉 🎉 Thanks @thomas-kaltenbach for the PR! 🎉 🎉 🎉
+* Backend TLS handshake timeouts are now configurable via the tls_handshake_timeout_in_seconds property. 🎉 🎉 🎉 Thanks @ywei2017 for the PR! 🎉 🎉 🎉
+
+X509 Subject Alt Name Requirements
+
+The gorouter job will now fail to render its template on BOSH deploys if a tls_pem contains a cert_chain that does not have a SubjectAltName (SAN) extension on the certificate. This started being required in Golang 1.15, but we have been working around this using the golang.x509ignoreCN property. This property now defaults to false, so operators are made aware of any certs that need to be regenerated. When routing-release is built against golang 1.17, the golang.x509ignoreCN workaround will cease to function, and environments will need to have certs updated by then.
+
+If encountered, the template rendering error will match: tls_pem[<cert index>].cert_chain must include a subjectAltName extension
+
+For more information, see Golang 1.15's release notes
+
+Bugfixes
+* The gorouter template is now generated in a way that is compatible with BOSH Directors built with Ruby 3 (#225)
+* Resolves an issue where a stale route for an app using route services with an out of date route-service URL could result in all requests going to the out-of-date route-service URL, and failing.
+* Clarifies gorouter logs and routing tables to reflect http1 as the protocol when HTTP/2 is disabled, even if the route was registered indicating it supported HTTP/2.
+
+### Snort 553 up from 551
+* Just the usual snort updates
+
+### Syslog 11.7.6 up from 11.7.5
+* update blackbox to include performance fixes.
+
+### UAA 79.9.0 up from 75.8.0
+Features
+* Update to UAA v75.9.0
+* Validate id_token_hint in end_session_endpoint (cloudfoundry/uaa#1693)
+
+Bug Fixes
+* Increase randomness of authcode (cloudfoundry/uaa#1700)
+* Bump xmlsec library 1.5.8 to 2.2.3 (cloudfoundry/uaa#1689)
+
+Dependency bumps
+* Upgrade Bellsoft JDK to version 11.0.13+8
+* Spring boot 2.4.12
+* K8s.io
diff --git a/content/news/articles/2021-11-30-cloud-gov_more_than_a_stepping_stone_to_the_cloud.md b/content/news/articles/2021-11-30-cloud-gov_more_than_a_stepping_stone_to_the_cloud.md
new file mode 100644
index 0000000..8e7d180
--- /dev/null
+++ b/content/news/articles/2021-11-30-cloud-gov_more_than_a_stepping_stone_to_the_cloud.md
@@ -0,0 +1,48 @@
+---
+layout: layouts/post
+tags: news
+title: "Cloud.gov: More than a stepping stone to the cloud"
+date: 2021-11-30
+excerpt: Cloud.gov currently supports mission-critical applications for some of
+  the federal government’s most visible agencies, and enables highly-available
+  and resilient solutions the American public depends on.
+---
+So, your agency is considering a move off cloud.gov and building a custom cloud platform. Your agency has been using cloud.gov for a while now, it works well and everyone is enjoying the experience. However, your team has heard that cloud.gov is a stepping stone for agencies to move to their own cloud platform. Is it time to migrate off cloud.gov to a custom made cloud instance?
+
+Cloud.gov doesn’t need to be a stepping stone. It is a platform as a service (PaaS) designed to make your agency’s cloud experience easier. Cloud.gov currently supports mission-critical applications for some of the federal government’s most visible agencies, and enables highly-available and resilient solutions the American public depends on.
+
+Your agency has used cloud.gov for a while and knows it works. Why should your agency take additional resources and years to build a custom cloud platform when everyone is happy with the current setup?
+
+For most agencies, one cloud service will not meet all your cloud needs. This means that cloud.gov can go hand-in-hand with other cloud providers. Your agency can use cloud.gov for one need and another provider for another. It doesn't need to be all one solution and is fairly common for agencies to have separate cloud providers to meet specific needs.
+
+Cloud.gov provides many different benefits for our customers. Those benefits include::
+
+### Experience managing highly trafficked cloud services
+
+The cloud.gov team has deep experience working with highly trafficked sites and consuming cloud services. This allows us to be more efficient, and offer cloud services at a lower cost than an agency building their own cloud. More efficient use of cloud services also allows us to reduce our carbon footprint, a key Administration priority.
+
+### Managed software updates 
+
+Cloud.gov engineers are constantly managing updates to the platform and doing software patches. If your agency moves off of cloud.gov, you will need to have staffed or contracted engineers to do this work.
+
+### We handle the compliance so your agency doesn’t have to 
+
+Cloud.gov is FedRAMP authorized and our compliance posture enables a more streamlined Authority to Operate (ATO) process Migrating off cloud.gov, your agency would require at least one full time person to ensure the new system is compliant. Rather than maintaining costly infrastructure, cloud.gov allows your team to focus on your core agency work. 
+
+### Support for developers 
+
+Cloud.gov offers developer support to customers to assist with any questions about the cloud platform. Without this extra support, your developers will be on their own to troubleshoot any problems happening with their platform.
+
+### Agreements and billing made easy
+
+The interagency agreement process is an easy onramp to cloud.gov. We manage the signup and renewal process so your agency doesn’t have to worry about this. The only thing required from you is a cost estimator and a prep survey that will help complete the necessary forms for an agreement.
+
+### Putting all of the pieces together
+
+It often takes many different components to make a cloud platform work. Cloud.gov uses a variety of commercial products and services to make the platform run. You do not need to worry about managing these different pieces. Leaving cloud.gov, this would fall into your agency’s responsibilities.
+
+### An interface with an ecosystem of add ons to enhance your mission such as  search.gov, U.S. Web Design System, etc.
+
+Technology Transformation Services (TTS) offers a variety of add-on solutions (in addition to cloud.gov). cloud.gov’s close collaboration with these teams, including search.gov, U.S. Web Design System, and login.gov to name a few, allows for quick access to these services.
+
+The overhead of running a successful cloud platform in government can be significant. Before your agency migrates away from cloud.gov, ensure they develop contingency plans for the services cloud.gov provides. Cloud.gov is here to help your agency and to make the government more efficient. There is no need to move away from a platform that is flexible and able to meet your needs.
\ No newline at end of file
diff --git a/content/news/articles/2021-12-14-log4j-buildpack-updates.md b/content/news/articles/2021-12-14-log4j-buildpack-updates.md
new file mode 100644
index 0000000..2c6bf63
--- /dev/null
+++ b/content/news/articles/2021-12-14-log4j-buildpack-updates.md
@@ -0,0 +1,38 @@
+---
+layout: layouts/post
+tags: news
+date: 2021-12-14
+title: "log4j Customer responsibility: Restage Java and PHP applications to Mitigate log4shell exploit" 
+excerpt: Critical new updates have been released for the Java and PHP buildpacks and customers should restage their apps immediately.
+---
+
+### Overview
+
+Late last week, a serious new vulnerability referred to as "log4shell" was disclosed [targeting vulnerable versions of the popular log4j logging utility](https://nvd.nist.gov/vuln/detail/CVE-2021-44228). 
+
+In response, the cloud.gov team has -- since last Friday -- applied a series of mitigations and updates to the platform, as described in our [most recent statuspage updates](https://cloudgov.statuspage.io/incidents/hc60k5316r34). These actions have secured our platform and afforded some protection to our customers without any need for customer intervention.
+
+Today the Cloud Foundry community released patched versions of both the Java and PHP buildpacks, which are vulnerable to this new exploit (with some caveats relating to the PHP buildpack discussed below). Upon their release, the cloud.gov team worked to make these new buildpacks available to customers immediately. 
+
+### Customer action required
+
+Customers now need to take additional steps to further mitigate this vulnerability, and are advised to immediately restage their applications to pick up these new buildpack changes. The new buildpack versions are:
+
+* Java buildpack - [version 4.44](https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.44)
+* PHP buildpack - [version 4.4.52](https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.4.52)
+
+Application owners can restage their applications [following the directions contained in the Cloud Foundry documentation](https://docs.cloudfoundry.org/devguide/deploy-apps/start-restart-restage.html#restage). After restaging, you can verify the version of buildpack being used by your application by inspecting the app details using `cf app {application-name}`.
+
+### Applicability to the PHP Buildpack
+
+A component of the PHP buildpack - AppDynamics - was determined to be vulnerable to the log4shell exploit, and that specific dependency was updated in the new buildpack release. However, AppDynamics usage in the PHP buildpack is enabled through an extension that only gets used if there's an AppDynamics service present. There is no AppDynamics service natively available on cloud.gov, so it's unlikely that any PHP applications are at risk of this exploit unless a user supplied their own AppDynamics service via a [user-provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html).
+
+### Additional information 
+
+In addition, CISA has released official guidance on this exploit, which [you can review here](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance). 
+
+Customers with additional questions or experiencing issues can reach out to support at [support@cloud.gov](mailto:support@cloud.gov).
+
+
+
+
diff --git a/content/news/articles/2021-12-22-log4j_vulnerability_bod_22-02_update.md b/content/news/articles/2021-12-22-log4j_vulnerability_bod_22-02_update.md
new file mode 100644
index 0000000..f7984eb
--- /dev/null
+++ b/content/news/articles/2021-12-22-log4j_vulnerability_bod_22-02_update.md
@@ -0,0 +1,41 @@
+---
+layout: layouts/post
+tags: news
+title: Log4J Vulnerability / ED 22-02 Update
+date: 2021-12-22
+---
+The cloud.gov team has continued working on the Log4j vulnerability, also known as Log4Shell ([CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)), since our last news update posted on [December 14th, 2021](https://www.cloud.gov/2021/12/14/log4j-buildpack-updates/).  This post summarizes customer responsibilities, steps we have taken to protect our customers, and the status of the platform with respect to log4j.
+
+Update 2021-12-27: In compliance with directives from the FedRAMP JAB, cloud.gov has completed our ED-22-01 response per the CISA-provided template. The report is available to our authorized customers on the FedRAMP Secure Repository in Max.gov, or by request to support@cloud.gov. 
+cloud.gov Customer Responsibilities
+
+* Customers are responsible for ensuring that their Java applications are fully patched or otherwise have this vulnerability mitigated. For guidance, refer to [CISA’s Log4J guidance](https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a).
+* If you have reporting requirements, e.g. [ED 22-02](https://www.cisa.gov/news-events/directives/ed-22-02-mitigate-apache-log4j-vulnerability-closed), regarding cloud.gov components that you leverage:
+  * cloud.gov brokered AWS Elasticsearch components were patched at the latest by Dec 21, 2021.
+  * All other cloud.gov brokered components, AWS RDS, AWS S3, AWS Elasticache Redis, External Domains, Service Accounts and Identity Provider, were patched by Dec 13, 2021.
+
+cloud.gov has taken the following steps to provide default protection to our customers:
+
+* We deployed Web Application Firewall rules starting on Dec 10, 2021, to block known patterns attempting log4j attacks. Please do not rely on these to protect your applications as they are not a full mitigation strategy. The rules block naive attacks and reduce overall noise. They may impact your ability to run queries for, say, `${jndi` in our [logsearch platform](https://logs.fr.cloud.gov).
+* Since Dec 13, 2021, web applications on the platform are running with the environment variable, `LOG4J_FORMAT_MSG_NO_LOOKUPS=true`. This should provide log4j versions from 2.10.0 to 2.14.0 a mitigation for CVE-2021-44228, but not for CVE-2021-45046 or other attacks.
+
+cloud.gov Platform and Infrastructure updates:
+
+* [Pages (formerly Federalist)](https://pages.cloud.gov/), a cloud.gov service, does not use Log4j, and was not directly exposed.
+* cloud.gov, has components that use Log4j:
+* * We applied mitigations and patches as they became available, starting on Friday, December 10th, 2021, and have continued applying patches as they have become available from the upstream component maintainers.
+  * We have no evidence that any of our cloud.gov-managed components executed externally-supplied code. We have evaluated vulnerability disclosure program reports, egress from potentially-vulnerable platform components (note that we cannot and did not evaluate user egress), and web application logs, and so far have seen no evidence of exploitation.
+  * We are providing detailed updates to the FedRAMP JAB, as required by our P-ATO authorization.
+* AWS GovCloud is the IaaS hosting service for most of cloud.gov, and AWS has components that use Log4j. Their response to this vulnerability is detailed in their [security bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/), but with respect to cloud.gov infrastructure:
+* * AWS patched/updated all the components that cloud.gov leverages by Sunday, December 12th, 2021.
+  * We have verified reports that external researchers could make "jndi:ldap" requests to cloud.gov hosted web applications and get a response back from AWS internal components until Dec 12, 2021.
+  * We have an open support request with AWS to determine if such attacks could have impacted the integrity of hosted content.
+
+If you received a report that your cloud.gov or Federalist site was subject to the Log4j attack, please contact [cloud-gov-compliance@gsa.gov](mailto:cloud-gov-compliance@gsa.gov).
+
+We are continuing to track the Log4j vulnerability and its related follow-ups very closely and will post more updates and details to the [cloud.gov StatusPage Log4j incident](https://cloudgov.statuspage.io/incidents/hc60k5316r34) as we continue to deploy patches and take steps to address this vulnerability.
+
+Any questions should be directed to [support@cloud.gov](mailto:support@cloud.gov). Concerns regarding vulnerability details or evidence of compromise should be directed to [cloud-gov-compliance@gsa.gov](mailto:cloud-gov-compliance@gsa.gov)
+
+_NB_: An earlier verion of the post labeled the directive type incorrectly.
+CISA has issed an ED (Emergency Directive), not a BOD. 
diff --git a/content/news/articles/2021-12-22-release-notes.md b/content/news/articles/2021-12-22-release-notes.md
new file mode 100644
index 0000000..8de7501
--- /dev/null
+++ b/content/news/articles/2021-12-22-release-notes.md
@@ -0,0 +1,242 @@
+---
+layout: layouts/post
+tags: news
+date: 2021-12-22
+title: "December 22th cloud.gov Change Log" 
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Happy Holidays!
+
+The cloud.gov team is working on providing change logs so everyone can see new features and updates. Some highlights include cf-deployment v17.1, S3 Broker and Log4J Fixes. 
+
+# Change Log
+## Customer Facing
+---
+### AWS S3 Broker
+* Service Instance Sharing is now available for the S3 service instances
+Find more out here: https://docs.cloudfoundry.org/devguide/services/sharing-instances.html
+
+### Binary Buildpack - v1.0.42 up from v1.0.40
+* Merge pull request #72 from cloudfoundry/dependabot/go_modules/develop/github.com/onsi/gomega-1.17.0
+* Bump github.com/onsi/gomega from 1.14.0 to 1.17.0
+* Bump github.com/onsi/gomega from 1.14.0 to 1.17.0
+* Bumps github.com/onsi/gomega from 1.14.0 to 1.17.0.
+
+### Dotnet Core Buildpack - 2.3.37 up from 2.3.36
+* Add dotnet-sdk 3.1.415
+* Add dotnet-sdk 5.0.403
+* Add dotnet-runtime 5.0.12
+* Add dotnet-runtime 3.1.21
+* Add dotnet-aspnetcore 3.1.21
+* Add dotnet-aspnetcore 5.0.12
+* Add libunwind 1.6.2, remove libunwind 1.5
+* Add libgdiplus 6.1, remove libgdiplus 6.0
+* Add node 14.18.2, remove node 14.18.1
+* Add bower 1.8.13, remove bower 1.8.12
+* Update libbuildpack
+* Readme: Update packager install instructions
+* Fix default bower version
+
+### Go Buildpack - 1.9.38 up from 1.9.37
+* bumped libbuildpack-dynatrace to v1.4.2 to make use of the bugfix for the networkzones parameter (#228)
+* Add go 1.16.12, remove go 1.16.9
+* Add go 1.16.11, remove go 1.16.8
+* Add go 1.17.5, remove go 1.17.2
+* Add go 1.17.4, remove go 1.17.1
+* Update libbuildpack
+* Removes Tracker reference in README
+
+### Java Buildpack - 4.46 up from 4.43
+This release focuses on dependency updates, primarily that fix the latest Apache Log4j2 vulnerability, CVE-2021-45046, in dependencies used by the Java buildpack.
+
+* In particular, the following dependencies were known to be vulnerable to CVE-2021-45046 & have been patched in this release:
+  * AppDynamics Java Agent
+  * New Relic Java Agent
+If you are using an online version of the Java buildpack you do not strictly need this update, as the online buildpack will always pick the latest version of dependencies.
+
+### Nginx Buildpack - 1.1.33 up from 1.1.32
+* Update libbuildpackk
+* Add nginx 1.20.2, remove nginx 1.20.1
+* Add nginx 1.21.4, remove nginx 1.21.3
+
+### NodeJS Buildpack - 1.7.65 up from 1.7.63
+* Add node 16.13.1, remove node 16.11.1
+* Add node 14.18.2, remove node 14.18.0
+* Update libbuildpack
+* Readme: Update packager install instructions
+* Bump github.com/onsi/gomega from 1.14.0 to 1.17.0
+* Bumps github.com/onsi/gomega from 1.14.0 to 1.17.0.
+
+### PHP Buildpack - 4.4.53 up from 4.4.49
+* Add appdynamics agent 21.12.1.404, remove 21.12.0.401
+Addresses CVE-2021-45046 (in addition to CVE-2021-44228 fixed in previous release 4.4.52)
+* Update libbuildpack
+* Update Pygments due to dependabot sec alert
+* Fixed case of networkzone query parameter for Dynatrace OneAgent download
+
+### Python Buildpack - 1.7.48 up from 1.7.47
+* Update libbuildpack
+* Add python 3.10.1
+* Add python 3.9.9, remove python 3.9.6
+* Bump miniconda3, remove miniconda37/38
+* Add pipenv 2021.11.23, remove pipenv 2021.5.29
+* Add pip 21.3.1, remove pip 21.3
+* Update outdated fixtures
+* Update default python version to 3.10.x
+* Add setuptools 59.5.0, remove setuptools 58.2.0
+* Refactor caching for miniconda
+Old caching mechanism was very hacky and seemed to be the cause of miniconda test failures
+(specifically tests which pushed twice, as the app would fail to start on the second push).
+New approach uses CF's cache and conda's ability to set a package cache via CONDA_PKGS_DIRS.
+* Updating github-config
+
+### R Buildpack - 1.1.25 up from 1.1.23
+* Update libbuildpack
+* Add r 4.1.2, remove r 4.1.0
+
+### Ruby Buildpack - 1.8.49 from 1.8.48
+* Add ruby 3.0.3, remove ruby 3.0.1
+* Add ruby 2.7.5, remove ruby 2.7.3
+* Add ruby 2.6.9, remove ruby 2.6.7
+* Add jruby 9.3.2.0, remove jruby 9.3.1.0
+* Add jruby 9.2.20.1, remove jruby 9.2.19.0
+* Add rubygems 3.2.33, remove rubygems 3.2.29
+* Add bundler 2.2.33, remove bundler 2.2.29
+* Add node 14.18.2, remove node 14.18.1
+* Readme: Update packager install instructions
+* Update libbuildpack
+
+### Staticfile Buildpack 1.5.27 up from 1.5.26
+* Update libbuildpack
+* Add nginx 1.20.2
+* Add nginx 1.21.4, remove nginx 1.21.3
+for stack(s) cflinuxfs3
+
+
+## Platform Changes
+---
+
+### BOSH DNS - v1.30.0 up from v1.29.0
+* Bumped dependencies (Golang 1.16 vendored libraries)
+
+### Bosh - 271.17.0 up from 271.16.0
+What's Changed
+* Aborts errand run if instance(s) are stopped 
+* Fix config rollback behavior. by @camilalonart in #2340
+* Fix Bosh recreating tags on each deployment #2341
+
+### Bosh AWS CPI - 92 up from 91
+* Adding missing m6i and r6i types to nvme families by @blyles in #121
+* Fast AWS-native disk resize by @bgandon in #123
+
+### CAPI - 1.123.0 up from 1.120.0
+Highlights
+
+Adds a new boolean property, cc.log_audit_events, that will write CC audit events to syslog when set to true. This feature is disabled by default.
+
+CC API Version: 2.177.0 and 3.112.0
+
+Service Broker API Version: 2.15
+
+CAPI Release
+* PR #210 Send upload start time as form field to cloud controller
+* PR #211 Configure per-vm (in-memory rate limit setting)
+* #212 Allow operators to limit how many concurrent service broker requests a user can make per broker
+* #208, #2481 Allow operators to enable experimental optimized json encoding (performance improvment)
+
+Cloud Controller
+* #2563 Rate limit endpoints that interact with service brokers
+* #2558 Update service and route bindings are updated when user provided service instance is updated
+* #2564 Improve Service Credential Bindings performance
+* #2562 Update manifest diff docs to use --data-binary flag
+* #2572 Use Concurrent::Semaphore for broker rate limiter
+* #2573 Skip window function for distinct queries
+* #2583 Fix pollable job cleanup logger name
+* #2586 Make PruneExcessAppRevisions job more memory efficient
+* #2588 Fix blobstore errors for droplets from CF Docker apps
+* #2580 Use permissions subqueries in service list fetchers
+* #2590 Fix ServiceInstanceNameTooLong message
+ 
+### CF Networking - 2.42.0 up from 2.40.0
+Release Highlights
+* Added IF EXISTS clause to DROP PROCEDURE on un-used stored procedure in v0066 migration. Foundations that do not have the procedure in question will experience a MySQL error causing the deployment to fail.
+* Tested with silk-release v2.42.0
+
+### CFLinuxfs3 - 0.270.0 up from 0.264.0
+CVES:
+
+USN-5144-1 USN-5144-1: OpenEXR vulnerability:
+* CVE-2021-3933: openexr: Integer-overflow in Imf_3_1::bytesPerDeepLineTable
+
+USN-5150-1 USN-5150-1: OpenEXR vulnerability:
+* CVE-2021-3941: Divide-by-zero in Imf_3_1::RGBtoXYZ
+
+USN-5179-1 USN-5179-1: BusyBox vulnerabilities:
+* CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
+* CVE-2021-42374: An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
+* CVE-2021-42381: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
+* CVE-2021-42386: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
+* CVE-2021-28831: decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
+* CVE-2021-42378: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
+* CVE-2021-42386: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
+* CVE-2021-42385: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
+* CVE-2021-42382: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
+* CVE-2021-42384: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
+* CVE-2021-42379: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
+* CVE-2021-42374: An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
+* CVE-2021-42380: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
+* CVE-2021-42381: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
+
+USN-5189-1 USN-5189-1: GLib vulnerability:
+* CVE-2021-3800: glib2: Possible privilege escalation thourgh pkexec and aliases
+
+### Diego Release - 2.55.0 up from 2.53.1
+Changes
+* Containers can communicate over TLS using application internal route (#587)
+* Bumps golang x/crypto and x/net pkgs (#605)
+* Only use passwd auth if NATS requires it (#610)
+* bump diego-ssh uaa-go-client (#596)
+* Rep: Bump task result file size max to 50k (#601)
+* Executor: (BugFix) Envoy 1.19 should use original TCP connection pool, so that it can accept more than 1024 downstream connections (#604)
+
+Resources
+* Download release v2.55.0 from bosh.io.
+* Verified with cloudfoundry/cf-deployment @ 91641085d9ecd3df125dafa3c5ba61ffafb3d825.
+
+Dependencies
+* Bump Golang to go1.17.5 (#611)
+
+
+### Log Cache - 2.11.5 up from 2.11.4
+* bump-golang to v0.94.0
+
+### Loggregator - 106.6.2 up from 106.6.1
+Changelog
+* Bump Golang to v0.94.0
+
+### Logsearch - 211.1.39 up from 211.1.38
+* bump Log4J versions
+
+### Metrics Discovery - 3.0.7 up from 3.0.6
+* bump-golang to v0.93.0
+* Only use passwd auth if NATS requires it (#14)
+
+### Routing - 0.228.0 up from 0.226.0
+New Features
+* Only use password auth if NATS requires it; with the introduction of nats-tls, the use of password authentication is no longer needed. Instead we can rely on mTLS for trust. 🎉 🎉 Thanks @domdom82 for the PR! 🎉 🎉 🎉
+
+Bugfixes
+* Update golang to address CVE-2021-44716: Limit growth of header canonicalization cache on incoming HTTP/2 requests.
+* TCP router correctly health-checks and restarts HAproxy as necessary. (#245)
+
+### Snort - 567 up from 553
+* Just the usual snort updates
+
+### Syslog - 11.7.7 up from 11.7.6
+* bump-golang to v0.94.0
+
+### UAA - 75.13.0 up from 75.9.0
+* Bump to UAA v75.13.0, which:
+Addresses CVE with Log4j library and its prior incomplete fix by bumping to log4j2 2.17.0
+* Upgrades Newrelic to version 7.4.3
diff --git a/content/news/articles/2022-01-21-release-notes.md b/content/news/articles/2022-01-21-release-notes.md
new file mode 100644
index 0000000..780aaf7
--- /dev/null
+++ b/content/news/articles/2022-01-21-release-notes.md
@@ -0,0 +1,40 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-01-21
+title: "January 21st cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Happy New Year!
+
+The cloud.gov team is working on providing change logs so everyone can see new features and updates. Some highlights include cf-deployment v17.1, S3 Broker and Log4J Fixes.
+
+# Change Log
+## Customer Facing
+---
+
+### java-buildpack - 4.47* up from 4.46*
+* Bump java-buildpack to 4.47*
+
+This release focuses on dependency updates, primarily that fix the latest Apache Log4j2 vulnerability, [CVE-2021-45105](https://github.com/advisories/GHSA-p6xc-xr62-6r2g), in dependencies used by the Java buildpack.
+
+In particular, the following dependencies have been updated to include Log4j 2.17.0 and have been patched in this release:
+
+* AppDynamics Java Agent (21.11.3)
+* New Relic Java Agent (7.4.3)
+
+### php-buildpack - 4.4.55* up from 4.4.53*
+* Bump php-buildpack to 4.4.55*
+  * Bump appdynamics agent to 22.1.0
+  * Rebuild php 8.0.14 to update modules for stack(s) cflinuxfs3
+  * Rebuild php 7.4.27 to update modules for stack(s) cflinuxfs3
+  * Add composer 2.2.4, remove composer 2.2.3 for stack(s) cflinuxfs3
+
+## Platform Changes
+---
+### Snort - 570 up from 567
+* Just the usual snort updates
+
+### Logsearch - 211.1.46 up from 211.1.39
+* Bump logsearch to v211.1.46
diff --git a/content/news/articles/2022-02-04-release-notes.md b/content/news/articles/2022-02-04-release-notes.md
new file mode 100644
index 0000000..d767e24
--- /dev/null
+++ b/content/news/articles/2022-02-04-release-notes.md
@@ -0,0 +1,33 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-02-04
+title: "February 4th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this month include changes to several of the platform buildpacks.
+
+# Change Log
+## Customer Facing
+---
+
+### Java Buildpack v4.48 - up from v4.47
+
+This release focuses on dependency updates, primarily the latest Java/OpenJDK quarterly updates.
+
+Other notable changes:
+
+* We have bumped the Apache SkyWalking version to 8.8.0. This is the latest supported version at the time of publishing. Please be aware of this change if you are using the Apache SkyWalking agent as this is a major version increase.
+* [#926](https://github.com/cloudfoundry/java-buildpack/pull/926) resolves a classpath problem when using the Luna Security Provider on Java 9+.
+* This release pulls in new versions of App Dynamic and New Relic that include patches for [CVE-2021-44832](https://github.com/advisories/GHSA-8489-44mv-ggj8).
+
+### Ruby Buildpack v1.8.50 - up from v1.8.49
+
+* Add rubygems 3.3.4, remove rubygems 3.2.33
+* Add bundler 2.3.4, remove bundler 2.2.33
+
+## Platform Changes
+---
+
+No changes this month.
\ No newline at end of file
diff --git a/content/news/articles/2022-02-09-sharing-service-instances.md b/content/news/articles/2022-02-09-sharing-service-instances.md
new file mode 100644
index 0000000..fbe52fa
--- /dev/null
+++ b/content/news/articles/2022-02-09-sharing-service-instances.md
@@ -0,0 +1,39 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-02-09
+title: "New Feature: Sharing Service Instances"
+excerpt: A new feature just added to the cloud.gov platform allows developers to share service instances.
+---
+
+The ability to self-provision service instances and easily bind them to applications is one of the most powerful features of the cloud.gov platform. With two simple commands, developers can instantiate new service instances and connect them to an application, [delivering the credentials the application needs to interact with the service](https://docs.cloudfoundry.org/devguide/services/application-binding.html) easily and securely. 
+
+In the past, we have heard from developers that have wanted to extend this functionality further - to allow service instances to be shared across different spaces in a cloud.gov organization. This was something that the cloud.gov platform did not support. 
+
+Until today.
+
+### Sharing is caring
+
+We are happy to announce that [service instance sharing](https://docs.cloudfoundry.org/devguide/services/sharing-instances.html#sharing) has now been enabled on the cloud.gov platform. Here's how it works:
+
+* A developer uses the standard `cf create-service` command to instantiate a new service instance in a particular space.
+* When initially created, viewing the service details via `cf service {service_name}` will indicate that the service is not currently shared with any other spaces (see below).
+
+!["Showing details of a service that is not shared"]({{site.baseurl}}/img/service-not-shared.png)
+
+* A developer can share a service instance created in one space with another space - provided that they have the Space Developer role in _both_ spaces - by using `cf share-service {service_name} -s {other-space}`
+* Once the service instance is shared, viewing the service details via `cf service {service_name}` **in the space it was created in** will indicate which other spaces it is shared with and the number of bound apps  (see below).
+
+!["Showing details of a service that is shared"]({{site.baseurl}}/img/service-shared.png)
+
+* Viewing the service details **in the space the service was shared with** indicates that this is a shared service, and the org/space the service it was shared from  (see below).
+
+!["Showing service details from another space"]({{site.baseurl}}/img/show-service-details.png)
+
+### Security considerations
+
+While this new functionality provides enhanced options in how developers manage service instances, it may also raise additional security considerations. Application owners should engage their security teams and carefully consider any potential security implications for managing service instances in this way.
+
+With service instance sharing, the cloud.gov platform provides new options for developers, allowing users to manage service instances in the way that best fits their own needs and security requirements.
+
+The needs of our users will continue to drive new feature adoption on the cloud.gov platform. Stay tuned as more new features get rolled out in the weeks and months ahead! 
\ No newline at end of file
diff --git a/content/news/articles/2022-02-18-release-notes.md b/content/news/articles/2022-02-18-release-notes.md
new file mode 100644
index 0000000..2da5a82
--- /dev/null
+++ b/content/news/articles/2022-02-18-release-notes.md
@@ -0,0 +1,66 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-02-17
+title: "February 17th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this month include changes to several of the platform buildpacks.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### Stratos - v4.4.0 from v3
+
+* newest version of the cloud.gov dashboard
+* improved look and feel
+* improved browser compatibility
+* new deploy from UI functionality
+
+## Platform Changes
+
+---
+
+### Logsearch - 211.1.61 from 211.1.55
+
+* minor changes
+
+### Prometheus - 27.0.0 from 26.6.0
+
+* for credhub exporter the spec credhub_exporter.log_format has been renamed to credhub_exporter.log_stream
+* adds support for stemcell jammy jellyfish
+* consul_exporter to v0.8.0
+* credhub_exporter to 0.5.1 - Thx @psycofdj
+* flant-statusmap-panel to v0.4.2- Thx @romain-dartigues
+* grafana to v7.5.15
+* prometheus to v2.33.3
+* redis_exporter to v1.35.1
+* stackdriver_exporter to v0.12.0
+
+### Shibboleth - 88 from 86
+
+* update for vendoring JDK
+
+### Bosh DNS 1.31.0 from 1.30.0
+
+* Update golang to 1.17
+
+### UAA - 75.15.0 from 75.14.0
+
+* Update to UAA v75.15.0
+* Add group mapping mode AS_SCOPES for OIDC IdPs (cloudfoundry/uaa#1737)
+* Spring Boot Major Upgrade 2.4.13 to 2.6.3 (cloudfoundry/uaa#1725) (cloudfoundry/uaa#1779)
+* Junit tests fix (cloudfoundry/uaa#1764)
+* Retry in junit run (cloudfoundry/uaa#1773)
+* Simplify HTTP method matching (cloudfoundry/uaa#1789)
+* XercesImpl update 2.12.2 (cloudfoundry/uaa#1786), see CVE
+* Spring Boot 2.6.3 (cloudfoundry/uaa#1725) (cloudfoundry/uaa#1779) , see changelog
+* Spring Framework 5.3.15
+* Tomcat 9.0.58, see Security Fixes
+* Upgrade Bellsoft JDK to version 11.0.14+9
+* Gradle 6.9.2
+* ThymeleafVersion 3.0.15 (cloudfoundry/uaa#1787)
diff --git a/content/news/articles/2022-03-04-release-notes.md b/content/news/articles/2022-03-04-release-notes.md
new file mode 100644
index 0000000..8429d1f
--- /dev/null
+++ b/content/news/articles/2022-03-04-release-notes.md
@@ -0,0 +1,257 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-03-04
+title: "March 4th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy Women's History Month! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this month include Cloud Foundry Deployment and AWS RDS Broker updates.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### CF-Deployment - v18.0.0 up from v17.1.0
+
+* Changes will be below broken up by component :)
+
+### AWS Broker (RDS)
+
+* Users can now set backup retention periods. Maximum period is 35 days and Default/Minimum is 14 days. 
+* More Info here: https://cloud.gov/docs/services/relational-database/#setting-optional-parameters
+
+### Dot Net Core Buildpack - v2.3.39 up from v2.3.37
+
+* Add .NET Core 6 support
+* Add dotnet-sdk 5.0.405
+* Add dotnet-aspnetcore 6.0.2
+* Add dotnet-sdk 6.0.102
+* Add dotnet-aspnetcore 5.0.14
+* Add dotnet-runtime 6.0.2
+* Add dotnet-runtime 5.0.14
+* Remove node 14.x.x
+* Add node 16.14.0
+
+Remove old .NET runtimes and SDKs
+  * dotnet-sdk 3.1.412, 3.1.413, 3.1.414
+  * dotnet-sdk 5.0.400, 5.0.401, 5.0.402
+  * dotnet-runtime 3.1.18, 3.1.19, 3.1.20
+  * dotnet-runtime 5.0.9, 5.0.10, 5.0.11
+  * dotnet-aspnetcore 3.1.18, 3.1.19, 3.1.20
+  * dotnet-aspnetcore 5.0.9, 5.0.10, 5.0.11
+
+### Go Buildpack - v1.9.39 up from v1.9.38
+
+* Add go 1.17.6, remove go 1.17.4
+* Add go 1.16.13, remove go 1.16.11
+* Update libbuildpack
+* Test fixtures: Update ruby app
+
+### Nginx Buildpack - v1.1.35 up from v1.1.33
+
+* Add nginx 1.21.6, remove nginx 1.21.5
+* Bump github.com/onsi/gomega to 1.18.1
+
+### NodeJS Buildpack - v1.7.67 up from v1.7.65
+
+* Add node 12.22.10, remove node 12.22.8
+* Add node 12.22.9, remove node 12.22.7
+* Add node 14.19.0, remove node 14.18.1
+* Add node 16.14.0, remove node 16.13.0
+
+### Python Buildpack - v1.7.49 up from v1.7.48
+
+* Add setuptools 60.2.0, remove setuptools 59.5.0
+
+### R Buildpack - v1.1.26 up from v1.1.25
+
+* Rebuild r 4.1.2
+for stack(s) cflinuxfs3
+with dependencies for stack cflinuxfs3: forecast 8.16, plumber 1.1.0, rserve 1.8.10, shiny 1.7.1
+(https://www.pivotaltracker.com/story/show/180851850)
+
+* Rebuild r 3.6.3
+for stack(s) cflinuxfs3
+with dependencies for stack cflinuxfs3: forecast 8.16, plumber 1.1.0, rserve 1.8.10, shiny 1.7.1
+(https://www.pivotaltracker.com/story/show/180851852)
+
+* Update libbuildpack
+
+### Staticfile Buildpack - v1.5.29 up from v1.5.27
+
+* Add nginx 1.21.6, remove nginx 1.21.5
+
+
+## Platform Changes
+
+---
+
+### BPM Release - v1.1.16 up from v1.1.15
+
+* Updated to runc v1.10.0
+
+### CAPI Release - v1.126.0 up from v1.123.0
+CAPI Release
+* #215 Put libpq/bin directory on PATH
+
+Cloud Controller
+* cloudfoundry/cloud_controller_ng#2594 Document that v3 Route host can be a wildcard (*)
+* cloudfoundry/cloud_controller_ng#2595 Add sequel_pg gem
+* cloudfoundry/cloud_controller_ng#2601 app/models/runtime/role.rb defines SPACE_OR_ORGANIZATION_NOT_SPECIFIED
+* cloudfoundry/cloud_controller_ng#2652: Create wrappers for regexes instead of singleton * methods
+* cloudfoundry/cloud_controller_ng#2638: /v3/domains performance improvements
+* cloudfoundry/cloud_controller_ng#2636: Do not delete bindings in case of bind errors during * apply_manifest, treat failed key creation and failed bindings as non-existent
+* cloudfoundry/cloud_controller_ng#2628: Remove errant experimental tags from v3 docs
+* cloudfoundry/cloud_controller_ng#2598: Upgrade to rails 6.1
+* cloudfoundry/cloud_controller_ng#2624: /v3/security_groups and /v3/space_quotas performance * improvements
+* cloudfoundry/cloud_controller_ng@bc031e2: Improve error raised when service broker update * fails sequel validation check
+* cloudfoundry/cloud_controller_ng#2581: Use subquery for window function (distinct queries)
+* cloudfoundry/cloud_controller_ng#2657 Throw an error on sb bind when in binding status is * delete_failed or delete_in_progess
+* cloudfoundry/cloud_controller_ng#2664 Improve performance when roles are queried by admin * user
+* cloudfoundry/cloud_controller_ng#2670 Don't filter out quota metrics
+
+Dependency Bumps
+* express from 4.17.1 to 4.17.2 cloudfoundry/cloud_controller_ng#2600
+* honeycomb-beeline from 2.7.1 to 2.8.0 cloudfoundry/cloud_controller_ng#2605
+* bump urijs from 1.19.6 to 1.19.7 in /docs/v3
+* bump path-parse from 1.0.6 to 1.0.7 in /docs/v3
+* bump hosted-git-info from 2.8.8 to 2.8.9 in /docs/v3
+* bump sequel from 5.51.0 to 5.53.0
+* bump pg from 1.2.3 to 1.3.1
+* bump cf-uaa-lib from 3.14.3 to 4.0.1
+* bump sinatra from 2.0.8.1 to 2.1.0
+* bump i18n to version 1.9.1
+* bump newrelic_rpm from 8.2.0 to 8.4.0
+* bump fog-local from 0.6.0 to 0.8.0
+* bump multi_json from 1.12.2 to 1.15.0
+* bump nokogiri from 1.12.5 to 1.13.1
+* bump listen from 3.7.0 to 3.7.1
+* bump honeycomb-beeline from 2.8.0 to 2.8.1
+* bump oj from 3.13.10 to 3.13.11 (#2613)
+* bump google-protobuf from 3.17.3 to 3.19.2
+* bump spring from 3.1.1 to 4.0.0
+* Bump Golang from 1.17.6 to 1.17.7
+* Bump rspec from 3.10.0 to 3.11.0
+* Bump lodash from 4.17.19 to 4.17.21 in /docs/v3
+* Bump copy-props from 2.0.4 to 2.0.5 in /docs/v3
+
+BBS
+* cloudfoundry/bbs@f246cdd Update LRP instance when internal routes were changed
+* cloudfoundry/bbs@83003cf Update readme with latest steps to generate ruby protobuf files
+* cloudfoundry/bbs@e56feb1 Fix instructions for building ruby protobuf files* 
+
+### CF Networking Release - v3.0.0 up from v2.42.0
+
+Release Highlights
+* ✨ [New Feature] cf-networking + silk-release now support dynamically updating ASG data for app containers without needing a restart!

+* A new job policy-server-asg-syncer queries CAPI for ASG data periodically and updates the policy-server database
+* A new endpoint on policy-server-internal is exposed to allow vxlan-policy-agent to query for ASG data
+* When disabled, everything behaves as it did previously. 
- To disable, set the disable property of policy-server-asg-syncer to true
+* 🐛 [Bug Fix] The log-level parameter for policy-server, and policy-server-internal is now propagated from bosh release to agent properly.
+
+Compatibility Notes
+* It is recommended to use this in conjunction with capi-release v1.126.0 or later for improved performance on the /v3/security_groups APIs.
+* Tested with silk-release v3.0.0
+
+### cflinuxfs3 - 0.274.0 up from 0.270.0
+
+USN-5199-1 USN-5199-1: Python vulnerabilities:
+* CVE-2021-3733: [Denial of service when identifying crafted invalid RFCs]
+* CVE-2021-3737: [client can enter an infinite loop on a 100 Continue response from the server]
+* CVE-2021-3737: [client can enter an infinite loop on a 100 Continue response from the server]
+* CVE-2021-3733: [Denial of service when identifying crafted invalid RFCs]
+
+USN-5235-1 USN-5235-1: Ruby vulnerabilities:
+
+* CVE-2021-41816: [Buffer Overrun in CGI.escape_html]
+* CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular * expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, * and 2.0.1.
+* CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in * cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
+* CVE-2021-41816: [Buffer Overrun in CGI.escape_html]
+* CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in * cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
+* CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
+
+USN-5254-1 USN-5254-1: shadow vulnerabilities:
+
+* CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
+* CVE-2018-7169: An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
+* CVE-2018-7169: An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
+* CVE-2017-12424: In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
+
+USN-5288-1 USN-5288-1: Expat vulnerabilities:
+
+* CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
+* CVE-2021-45960: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
+* CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
+* CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
+* CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
+* CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
+* CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
+* CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
+* CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
+* CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
+* CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
+* CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
+
+### Credhub Release - 2.12.0 up from 2.11.2
+
+Security Fixes
+* Bump various dependencies.
+
+Bug Fixes
+* Fixes an issue where CredHub experiences downtime during certificate rotation process by making CredHub properly load concatenated mTLS CA certificates.
+
+Features
+* CredHub is now compatible with Postgres 13, 14.
+
+### Diego Release - v2.59.0 up from v2.55.0
+
+Changes
+* C2C certificate is regenerated when internal routes are updated (#588)
+* Addresses CVE-2021-43816 by bumping containerd to v1.5.9 @jrussett (#612)
+* Route emitter's healthcheck_address no longer accepts leading zeros @ameowlia @geofffranks (#616)
+* Deprecate start and evacuate_running endpoints @moleske (#617)
+* Ensure containers can eventually communicate over TLS using application internal route even if synchronous communication fails
+
+### Loggregator Agent Release - v6.3.8 up from v6.3.6
+
+* Fix counter aggregation (#75)
+  * Forwarder agent respects source-IDs for counter aggregation
+  * treat delta 0 total 0 metrics as total metrics instead of delta
+* skip config files with invalid ports
+  * allows optionally configuring prom scraping for releases
+* bump-golang to v0.95.0
+
+### Metrics Discovery Release - v3.0.8 up from v3.0.7
+
+* skip config files with invalid ports
+  * allows optionally configuring prom scraping for releases
+* update go-loggregator
+
+### Nats Release - v43 up from v40
+
+Release Highlight
+* Optionally exclude password authentication for nats-tls. Thank you @domdom82 for submitting this PR!
+* 🐛 Bug-Fix: A new healthcheck for the nats-tls job alleviates the constant stream of log messages caused by incomplete TLS handshakes from health checks (fixes #32). Thank you @peterellisjones for the PR!
+  * ⚠️ This requires two new properties to be provided to allow the health check to access nats via TLS, listed below.
+* Improvement: Operators are now able to set nats.net and nats.cluster_host to adjust the listening address of the nats and nats-tls jobs for use in multi-homed environments. Thanks @psycofdj!
+* Bug Fix: Operators can force-disable nats authentication via the nats.auth_required property, rather than removing credentials. This helps alleviate Authorization Violation errors seen in cases such as routing-release #259. Thanks @b1tamara and @Mrizwanshaik!
+
+### Routing Release - 0.229.0 up from 0.228.0
+
+* ➕ Improvement: Request URLs are now included in Gorouter's route-service-connection-failed log messages. Thanks for the improvement @plowin! 🎉
+* ➕ Improvement: Gorouter's endpoint_dial_timeout is now configurable. It affects the time to establish a TCP connection with backends (http or websocket), but prior to any TLS negotiation.
+* 🐛 Bug Fix: A bug in Gorouter was resolved that caused incorrect counts when calculating backend-connection limits for app endpoints
+* 🐛 Bug Fix: Gorouter now honors the router.min_tls_version and router.max_tls_version properties when making requests to route-services
+* 🐛 Bug Fix: Resolves an issue introduced in routing-release v0.227.0 where the b3_spanid header was incorrectly being set to 16 bytes. It now is set to 8-bytes. Thanks @stijnvet for the fix! 🎉
+
+### Silk Release - 2.43.0 up from 2.42.0
+* Bump to golang 1.17!
+* Tested with cf-networking-release v2.43.0
+* [Breaking] Added template tests to validate IPs do not contain leading zeros per golang 1.17's new IP parsing standards
+
+### Statsd Injector Release - v1.11.18 up from v1.11.17
+
+* bump-golang to v0.94.0(1.17.5)
diff --git a/content/news/articles/2022-04-06-encrypted-container-to-container-networking.md b/content/news/articles/2022-04-06-encrypted-container-to-container-networking.md
new file mode 100644
index 0000000..42d6032
--- /dev/null
+++ b/content/news/articles/2022-04-06-encrypted-container-to-container-networking.md
@@ -0,0 +1,38 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-04-06
+title: "New Feature: Encrypted Container-to-Container Networking"
+excerpt: A new update to Container-to-Container networking allows developers to enable encryption of traffic between applications using SSL/TLS.
+---
+
+The cloud.gov platform now offers developers the ability to encrypt container-to-container traffic using SSL/TLS, providing more security for your applications' internal communications. This feature is also a step towards zero trust security.
+
+## About Container-to-Container Networking
+
+Container-to-container networking allows applications to communicate with each other over an internal network known as an [overlay network](https://docs.cloudfoundry.org/concepts/understand-cf-networking.html#overlay-network). Traffic sent over this overlay network is not allowed to leave it, and the network itself is not externally routable. This ensures that nothing outside of the network can see the traffic being passed between applications.
+
+In order to implement container-to-container networking you will need to:
+
+1. Set up [internal routes](https://docs.cloudfoundry.org/devguide/deploy-apps/routes-domains.html#internal-routes) to your applications using the `cf map-route` command.
+2. Create [network policies](https://docs.cloudfoundry.org/devguide/deploy-apps/cf-networking.html#add-policy) using the `cf add-network-policy` command.
+
+Once you have the routes and policies in place your applications will be able to communicate with each other by connecting to the endpoints and ports you specified.
+
+## Securing Container-to-Container Networking
+
+Container-to-container networking on its own works to keep traffic between applications from being accessed by the outside world. However, this does not prevent other applications or users on the internal network from accessing the data being transferred between applications. This is where secure container-to-container networking comes in. By encrypting the internal traffic between applications nothing else will be able to read the information being sent.
+
+In terms of the zero trust security model this addresses the assumption that just because something is on the internal network it should be implicitly trusted. Instead of trusting what is on the internal network, we encrypt traffic so that only the specified applications can see the data. This can also be taken one step further by configuring your applications to implement their own TLS and confirming the permissions of the client requesting data.
+
+### Implementation
+
+There are two options for implementing secure container-to-container networking. The `automatic` option which handles provisiong certificates and ensuring TLS termination for you, and the `manual` option where you configure your own certificates and handling of TLS termination.
+
+Cloud Foundry, and by extension cloud.gov, has designated port `61443` to be used for the automatic encryption of container-to-container networking. Any traffic sent to this port will be encrypted automatically. You can specify the use of this port with the `cf add-network-policy` command. When using the automatic option the destination application itself does not need to be changed, and the source application only needs to be modified to send traffic to the correct port. The automatic option is useful if you only need to care about preventing sniffing of traffic between your applications.
+
+If your application needs to manage its own TLS termination (for example if it uses mutual TLS), then you need to implement the 'manual option' for secure container-to-container networking. This option requires configuring your own certificates, but it also means your applications can use those certificates for its TLS configuration. Using this option you can also specify which ports your applications will use for terminating your encrypted traffic, instead of only being able to use port `61443`.
+
+## In Conclusion
+
+Having the ability to encrypt container-to-container networking provides more security for your applications' internal communications, and with multiple methods you can choose which option is best for you and your organization. For a more in-depth guide check out the [container-to-container networking]({{ site.baseurl }}/docs/management/container-to-container) documentation. You can also find out more from the official Cloud Foundry documentation on [Securing Container-to-Container Traffic](https://docs.cloudfoundry.org/concepts/understand-cf-networking.html#securing-traffic).
\ No newline at end of file
diff --git a/content/news/articles/2022-04-14-release-notes.md b/content/news/articles/2022-04-14-release-notes.md
new file mode 100644
index 0000000..db3240e
--- /dev/null
+++ b/content/news/articles/2022-04-14-release-notes.md
@@ -0,0 +1,92 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-04-14
+title: "April 14th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy April! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this month include Cloud Foundry Deployment and bug fixes.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### CF-Deployment - v19.0.0 up from v18.0.0
+
+* Changes will be below broken up by component :)
+
+### Java Buildpack - v4.48.1 up from v4.48
+
+It primarily bumps Apache Tomcat and Geode Tomcat session store, the latter of which fixes a critical NullPointerException bug.
+
+## Platform Changes
+
+---
+
+### Credhub Release - v2.12.4 up from v2.12.1
+
+Security Fixes
+* Bump various dependencies.
+
+### CF-CLI Release - v1.38.0 up from v1.37.0
+This release contains the following versions of the CF CLI
+
+Major version	Prior version	Current version
+v8	8.1.0	8.3.0
+v7	7.4.0	7.4.0
+v6	6.53.0	6.53.0
+
+### CFLinuxfs3 - v0.276.0 up from v0.274.0
+
+USN-5320-1 USN-5320-1: Expat vulnerabilities and regression:
+
+* CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
+* CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
+* CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
+* CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
+* CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
+* CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
+* CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
+* CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
+* https://launchpad.net/bugs/1963903: expat relax fix for CVE-2022-25236 and possible regressions
+
+### Diego Release - v2.61.0 up from v2.59.0
+
+* Addresses CVE-2022-23806 and CVE-2022-23772 by bumping golang package to include go 1.17.8, (#614)
+
+### Garden-runc - v1.20.1 up from v1.20.0
+
+* Addresses CVE-2022-23806 and CVE-2022-23772 by bumping golang package to include go 1.17.8, b953993
+
+### Log-cache - v2.11.6 up from v2.11.5
+
+* fix bug with large messages (#58)
+* Pin Go back to go1.17.
+Go 1.18 includes changes to memory management and we'd like to get more familiarity with these changes and their impact before bumping.
+
+### Routing Release - v0.231.0 up from v0.229.0
+
+Feature
+
+* update gorouter for prometheus scraping by @Benjamintf1 in #258
+
+Bug Fix
+
+* Invalid seeded router group manifest values should no longer cause breaking changes by default by @ameowlia in #261
+* Removed the x509ignoreCN property. Now that gorouter is built on golang 1.17, it
no longer has any effect on gorouter behavior, and was only adding to confusion in
the properties
+* Resolve an issue with route-registrar using the same TTL as it's RegistrationInterval
for tcp routes, leading to unnecessary churn of pruned + re-registered routes.
+* Resolve an issue with Routing API where upserts to tcp routes were causing change
events to be emitted when the only change was a bump in TTL. This led to an issue
where tcp-router was constantly reloading haproxy with every route's heartbeat
registration call.
+
+### Shibboleth - v92 up from v88
+
+* Java updates
+* Tomcat updates
+
+### UAA Customized - v46 up from v44
+
+* Bug fixes for rendering of CSS
+
+
diff --git a/content/news/articles/2022-04-25-deprecation-notice.md b/content/news/articles/2022-04-25-deprecation-notice.md
new file mode 100644
index 0000000..c555036
--- /dev/null
+++ b/content/news/articles/2022-04-25-deprecation-notice.md
@@ -0,0 +1,34 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-04-25
+title: "Deprecation Notice: Shared Database Service Instances"
+excerpt: Important change to service offerings in the database service
+---
+
+This message is to let you know about the planned deprecation of the shared instance plans in cloud.gov’s relational database service.
+
+## What is happening and what is the impact on cloud.gov customers?
+
+As of April 29, 2022, shared instance plans will no longer be available as a choice for creating new database instances.  Customers will only be able to choose from the dedicated service plans.  Sandbox accounts will only have access to the micro-psql and small-mysql service plans.
+
+## What do cloud.gov customers need to do?
+
+At this time, customers who are currently running shared database server instances will need to migrate to a dedicated instance plan.  To perform a migration, a customer must export their existing database and restore it into a new instance created with a dedicated service plan.  We have [instructions on how to export and restore a database](https://cloud.gov/docs/services/relational-database/#exporting-a-database) on our website.
+
+## Why are the shared instance plans being deprecated?
+
+We are deprecating the shared instance plans in favor of offering new, micro- and small-sized dedicated instance plans.  This will enable us to improve our security compliance posture and offer more performant and efficient database server choices for our customers.
+
+It will also enable more flexibility for customers in managing their own database instances and allow both customers and our own platform operators to manage database backups and restorations.  This is not currently possible in the shared instance plans.
+
+## How can customers leverage the new service plans?
+
+Customers can begin using the new service plans right away when creating a new database service.  In addition to this, we have also added the ability to modify existing database services in place.  Customers can now switch database service plans by following the [update instructions in our documentation](https://cloud.gov/docs/services/relational-database/#update-an-instance).  There are a couple of things to note about this:
+
+- Converting existing shared instance plans to dedicated instance plans is not possible; you must manually backup and restore your database
+- Converting  database engines for existing instances (e.g., PostgreSQL and MySQL) is not possible; you must switch between plans for the same database engine
+
+Additionally, we have also updated our documentation to include [all of the service plans we currently offer in cloud.gov](https://cloud.gov/docs/services/relational-database/#plans) and which plans are available in sandbox accounts.
+If you have any questions or concerns, please contact us at support@cloud.gov.
+
diff --git a/content/news/articles/2022-05-12-release-notes.md b/content/news/articles/2022-05-12-release-notes.md
new file mode 100644
index 0000000..7d6bc93
--- /dev/null
+++ b/content/news/articles/2022-05-12-release-notes.md
@@ -0,0 +1,256 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-05-12
+title: "May 12th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy May! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this month include Cloud Foundry Deployment and bug fixes.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### CF-Deployment - v20.2.0 up from v19.0.0
+
+* Changes will be below broken up by component :)
+
+### Binary Buildpack - v1.0.43 up from v1.0.42
+
+* Update to libbuildpack
+
+### Dotnet Core Buildpack - v2.3.41 up from 2.3.39
+
+* Add node 16.14.2, remove node 16.14.0 for stack(s) cflinuxfs3
+* Add dotnet-sdk 3.1.417
+* Add dotnet-sdk 5.0.406
+* Add dotnet-sdk 6.0.201
+* Add dotnet-runtime 3.1.23
+* Add dotnet-runtime 5.0.15
+* Add dotnet-runtime 6.0.3
+* Add dotnet-aspnetcore 3.1.23
+* Add dotnet-aspnetcore 5.0.15
+* Add dotnet-aspnetcore 6.0.3
+* Add bower 1.8.14, remove bower 1.8.13
+* Update .NET Buildpack dependencies lines to only keep 1 of each patch version (latest)
+
+### Go Buildpack - v1.9.42 up from v.1.9.39
+
+* Remove go 1.16 (EOL)
+* Add go 1.18
+* Add go 1.17.8, remove go 1.17.6
+* Add go 1.17.7, remove go 1.17.5
+
+
+### Java Buildpack - v4.48.3 up from v4.48.1
+
+* OpenJDK JRE to 1.8.0_332
+* OpenJDK JRE 11 to 11.0.15_10
+* OpenJDK JRE 17 to 17.0.3_7
+* Tomcat bump to 9.0.62
+ 
+### Nginx Buildpack - v1.1.37 up from v1.1.35
+
+* Remove noisy log output not needed once config is parsed
+* Bump github.com/miekg/dns from 1.1.45 to 1.1.46
+
+### R Buildpack - v1.1.28 up from v1.1.26
+
+* Update libbuildpack
+* Bump github.com/onsi/gomega from 1.18.1 to 1.19.0
+* Add r 4.1.3, remove r 4.1.1
+
+### NodeJS buildpack - v1.7.69 up from v1.7.67
+
+* Add node 12.22.12, remove node 12.22.9 for stack(s) cflinuxfs3
+* Add node 14.19.1, remove node 14.18.2 for stack(s) cflinuxfs3
+* Add node 16.14.2, remove node 16.13.1 for stack(s) cflinuxfs3
+* Add yarn 1.22.18, remove yarn 1.22.17 for stack(s) cflinuxfs3
+
+### PHP Buildpack - v4.4.59 up from v4.4.56
+
+* Add composer 2.3.4, remove composer 2.2.9 for stack(s) cflinuxfs3
+* Add php 8.0.17, remove php 8.0.15 for stack(s) cflinuxfs3
+* Add php 8.1.4, remove php 8.1.2 for stack(s) cflinuxfs3
+* Add httpd 2.4.53, remove httpd 2.4.52 for stack(s) cflinuxfs3
+* Add appdynamics 22.3.0-501, remove appdynamics 22.1.1-440
+* Bump newrelic to 9.18.1.303
+
+### Python Buildpack - v1.7.53 up from v1.7.49
+
+* Add setuptools 62.0.0, remove setuptools 60.10.0 for stack(s) cflinuxfs3
+* Add python 3.10.4, remove python 3.10.2 for stack(s) cflinuxfs3
+* Add python 3.9.12, remove python 3.9.10 for stack(s) cflinuxfs3
+* Add pipenv 2022.3.28, remove pipenv 2022.1.8 for stack(s) cflinuxfs3
+* Add python 3.7.13, remove python 3.7.11 for stack(s) cflinuxfs3
+* Add python 3.8.13, remove python 3.8.11 for stack(s) cflinuxfs3
+* Add python 3.9.11, remove python 3.9.9 for stack(s) cflinuxfs3
+* Add python 3.10.3, remove python 3.10.1 for stack(s) cflinuxfs3
+* Add pip 22.0.4, remove pip 22.0.3 for stack(s) cflinuxfs3
+* Rename dependency name from miniconda3 to miniconda3-py39
+* Add miniconda3-py39 4.11.0, remove miniconda3-py39 4.10.3
+* Deprecate Python 3.6.x and update all fixtures
+* Remove the usage of pip-pop library
+
+### Ruby Buildpack - v1.8.53 up from v1.8.51
+
+* Deprecate Ruby 2.6. Update fixtures.
+* Add rubygems 3.3.11, remove rubygems 3.3.8 for stack(s) cflinuxfs3
+* Add bundler 2.3.11, remove bundler 2.3.8 for stack(s) cflinuxfs3
+* Add jruby 9.3.4.0, remove jruby 9.3.3.0 for stack(s) cflinuxfs3
+* Add node 16.14.2, remove node 16.14.0 for stack(s) cflinuxfs3
+* Add yarn 1.22.18, remove yarn 1.22.17 for stack(s) cflinuxfs3
+* Add ruby 3.1.1
+
+## Platform Changes
+
+---
+
+### Capi Release - v1.128.0 up from v1.27.0
+
+* CC API Version: 2.181.0 and 3.116.0
+* Service Broker API Version: 2.15
+* Bug fixes
+
+### CF-Networking Release - v3.5.0 up from v2.43.0
+
+* cf-networking + silk-release now support dynamically updating ASG data for app containers without needing a restart
+
+### Silk Release - v3.5.0 up from v2.43.0
+
+* silk-cni now supports the outbound_connections.dry_run property to enable logging of outbound connection rate limiting events without actually denying traffic.
+* vxlan-policy-agent emits an app log when it updates security groups
+* Bug fixes
+
+### CFLinuxfs3 - v0.290.0 up from v0.276.0
+
+USN-5391-1 USN-5391-1: libsepol vulnerabilities:
+
+* CVE-2021-36084: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
+* CVE-2021-36085: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
+* CVE-2021-36086: The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
+* CVE-2021-36087: The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
+* CVE-2021-36086: The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
+* CVE-2021-36085: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).
+* CVE-2021-36084: The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).
+* CVE-2021-36087: The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.
+* Addresses USN-5376-3 USN-5376-3: Git regression
+
+USN-5380-1 USN-5380-1: Bash vulnerability:
+
+* CVE-2019-18276: An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.
+
+USN-5379-1 USN-5379-1: klibc vulnerabilities:
+
+* CVE-2021-31870: An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
+* CVE-2021-31871: An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
+* CVE-2021-31872: An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
+* CVE-2021-31873: An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
+* CVE-2021-31870: An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
+* CVE-2021-31872: An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
+* CVE-2021-31873: An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
+* CVE-2021-31871: An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
+
+USN-5378-2 USN-5378-2: XZ Utils vulnerability:
+
+* CVE-2022-1271: arbitrary file overwrite with crafted file names
+
+USN-5378-1 USN-5378-1: Gzip vulnerability:
+
+* CVE-2022-1271: arbitrary file overwrite with crafted file names
+
+USN-5376-1 USN-5376-1: Git vulnerability:
+
+* CVE-2022-24765: On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when there is a scratch space (/scratch/) intended for all users and another user created a repository in /scratch/.git. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user via /scratch/.git/config.
+
+USN-5331-2 USN-5331-2: tcpdump vulnerabilities:
+
+* CVE-2018-16301: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
+* CVE-2020-8037: The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
+* CVE-2018-16301: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump.
+* CVE-2020-8037: The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
+
+USN-5366-1 USN-5366-1: FriBidi vulnerabilities:
+
+* CVE-2022-25308: fribidi: Stack based buffer overflow
+* CVE-2022-25309: fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode
+* CVE-2022-25310: fribidi: SEGV in fribidi_remove_bidi_marks
+* CVE-2022-25310: fribidi: SEGV in fribidi_remove_bidi_marks
+* CVE-2022-25308: fribidi: Stack based buffer overflow
+* CVE-2022-25309: fribidi: Heap-buffer-overflow in fribidi_cap_rtl_to_unicode
+
+USN-5359-1 USN-5359-1: rsync vulnerability:
+
+* CVE-2018-25032: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
+
+USN-5355-1 USN-5355-1: zlib vulnerability:
+
+* CVE-2018-25032: zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
+
+USN-5342-1 USN-5342-1: Python vulnerabilities:
+
+* CVE-2021-3426: There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
+* CVE-2021-4189: [ftplib should not use the host from the PASV response]
+* CVE-2022-0391: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
+* CVE-2022-0391: A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
+* CVE-2021-3426: There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
+* CVE-2021-4189: [ftplib should not use the host from the PASV response]
+
+USN-5329-1 USN-5329-1: tar vulnerability:
+
+* CVE-2021-20193: A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
+
+USN-5328-1 USN-5328-1: OpenSSL vulnerability:
+
+* CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
+
+USN-5324-1 USN-5324-1: libxml2 vulnerability:
+
+* CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
+
+### Diego Release - v2.63.0 up from v2.61.0
+
+* Pass log config in container spec to garden, so that vxlan-policy-agent can send app logs
+* Addresses CVE-2022-23806 and CVE-2022-23772 by bumping golang package to include go 1.17.8, (#614)
+* Bug fixes
+
+### Garden-runc - v1.20.4 up from v1.20.1
+
+* Pass log config in container spec to network plugin, so that they can write to container output
+* Bumps more dependencies to address CVE-2021-21284 and prevent older CVEs from showing up in security scans
+* Change to use golang 1.17.8
+* Bumps a large number of golang dependencies for garden products to help produce cleaner security scans. 
+* Bumps the bundled busybox version from 1.27.2 to 1.35.0.
+* Fixes an issue (#216) when deploying bosh-lite environments using garden with bosh create-env in an environment with ruby 2.7+
+
+### Loggregator - v106.6.5 up from v106.6.2
+
+* Now uses go 1.18.1
+* As part of bumping to Go 1.18 certificates that are signed with the SHA-1 hash function will no longer be accepted.
+* Removed GODEBUG=x509ignoreCN flag
+
+### Metrics Discovery Release - v3.0.13 up from v3.0.8
+
+* Switch to go 1.18.1
+* Now includes debug metrics
+* Bug fixes
+
+### Routing Release - v0.232.0 up from v0.231.0
+
+* Fixing issue #250: Return a 503 not a 404 when all instances down
+* Fixing issue cloudfoundry/gorouter#315
+
+### Statsd-injector Release - v1.11.19 up from v1.11.18
+
+* Bump go-loggregator to v8 by @ctlong in #11
+* Bump to go 1.18.1
+* As part of bumping to Go 1.18 certificates that are signed with the SHA-1 hash function will no longer be accepted.
+
+### Log-cache Release - v2.11.11 up form v2.11.6
+
+* Bump to go 1.18.1
+* As part of bumping to Go 1.18 certificates that are signed with the SHA-1 hash function will no longer be accepted.
+* Bug fixes
diff --git a/content/news/articles/2022-05-26-release-notes.md b/content/news/articles/2022-05-26-release-notes.md
new file mode 100644
index 0000000..70878f2
--- /dev/null
+++ b/content/news/articles/2022-05-26-release-notes.md
@@ -0,0 +1,28 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-05-26
+title: "May 26th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy end of May! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this time include new stemcells.
+
+# Change Log
+
+## Customer Facing
+
+* The Drupal 8 example was brought back into a working state.
+  * [Github Repo](https://github.com/cloud-gov/cf-ex-drupal8)
+* The names and descriptions of the database plans offerings were improved.
+  * Checkout the offerings in the [dashboard marketplace](https://dashboard.fr.cloud.gov/marketplace/2oBn9LBurIXUNpfmtZCQTCHnxUM/dcfb1d43-f22c-42d3-962c-7ae04eda24e7/plans)
+  * [Github Issue](https://github.com/cloud-gov/aws-broker/issues/199)
+
+## Platform Changes
+
+* BPM - 1.1.18 up from 1.1.17
+* Clamav - 31 up from 30
+* Secureproxy - 56 up from 53
+* Syslog - 11.7.10 up from 11.7.9
+* Snort - 574 up from 573
+* UAA - 75.20.0 up from 75.19.0
diff --git a/content/news/articles/2022-06-29-cloud-dot-gov-scalability-and-resiliance.md b/content/news/articles/2022-06-29-cloud-dot-gov-scalability-and-resiliance.md
new file mode 100644
index 0000000..ccbf358
--- /dev/null
+++ b/content/news/articles/2022-06-29-cloud-dot-gov-scalability-and-resiliance.md
@@ -0,0 +1,25 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-06-29
+title: "Cloud.gov and Kessel Run test scalability and resilience of cloud services"
+excerpt: TTS and a team at the Air Force have been running scalability, performance, and resilience testing of the cloud.gov platform
+---
+
+The General Services Administration's Technology Transformation Services (TTS) and [Kessel Run](https://kesselrun.af.mil/), a Division under the Air Force Life Cycle Management Center’s Digital Directorate, recently [engaged in joint exercises](https://www.gsa.gov/about-us/newsroom/news-releases/kessel-run-tts-collaborated-to-develop-capability-able-to-host-100-million-users-per-hour-with-cloudgov-03302022) testing the ability of TTS’s [cloud.gov platform](http://cloud.gov) to quickly scale to meet demand for critical digital services.
+
+Digital services - websites and products that provide services to citizens - are an integral part of the modern service delivery model for federal agencies. Too often, however, the digital infrastructure to support these services is rolled out only in the later stages as new or enhanced digital services are implemented. This often leaves little time for agency staff to optimize cloud infrastructure to ensure an efficient and equitable delivery of services to those in need. New digital services that are meant to serve millions, or tens of millions of users, require infrastructure that has been specially tuned to meet these unique availability and resilience requirements.
+
+### Joining forces to test cloud.gov’s ability to scale
+
+Cloud.gov is a managed cloud platform within TTS that serves dozens of federal agencies and hosts thousands of software applications. The cloud.gov platform allows agencies to quickly deploy and scale secure digital services to serve their constituents. Kessel Run is home to a dedicated team named “Bowcaster” that conducts scalability, performance, and resilience testing.
+
+The goal of this joint exercise was to bring together the cloud.gov and Bowcaster teams to test cloud.gov’s ability to scale to support critical, high-profile initiatives that require high levels of availability and stability. In addition, this exercise helped the Bowcaster team to sharpen its tools and processes that are essential for supporting large cloud platform scale outs. This work also allowed TTS and Kessel Run to refine mechanisms for quickly getting approvals for interagency partnerships, which can be essential to large digital service rollouts but are often overlooked until such processes are well underway.
+
+### Shifting from reactive to proactive approach
+
+This work represents a unique change in focus for how federal agencies deliver digital services at scale. It begins an important shift from what has traditionally been a reactive approach, planning for a scale out of cloud infrastructure after a new program or solution has been approved, to a proactive one, developing repeatable playbooks and toolsets that agencies can use to scale digital services for large volumes of users.
+
+### Moving forward
+
+Cloud.gov and Bowcaster have continued this important work and planned future scalability exercises. This work will help federal agencies prepare for the successful rollout of future digital services that have high availability and resilience requirements.
diff --git a/content/news/articles/2022-07-08-release-notes.md b/content/news/articles/2022-07-08-release-notes.md
new file mode 100644
index 0000000..6b3cc86
--- /dev/null
+++ b/content/news/articles/2022-07-08-release-notes.md
@@ -0,0 +1,208 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-07-08
+title: "July 8th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy July! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this month include buildpack updates, and bug fixes.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### Dotnet Core Buildpack - v2.3.43 up from 2.3.42
+
+* Update default .NET SDK, ASPNetCore and Runtime default version in buildpack from 3.1.x to 6.0.x
+* Add node 16.15.1, remove node 16.15.0 for stack(s) cflinuxfs3
+
+### Go Buildpack - v1.9.47 up from v.1.9.46
+
+* Add go 1.17.11, remove go 1.17.8 for stack(s) cflinuxfs3
+* Add go 1.18.3, remove go 1.18 for stack(s) cflinuxfs3
+ 
+### Nginx Buildpack - v1.1.39 up from v1.1.38
+
+* Deprecate nginx 1.20.2 (End of life)
+* Add nginx 1.22.0 for stack(s) cflinuxfs3
+* Add openresty 1.21.4.1 for stack(s) cflinuxfs3
+* Remove estimated deprecation dates. They were causing confusion to the users
+
+### R Buildpack - v1.1.30 up from v1.1.29
+
+* Deprecate R v 4.1.x due to End of Support
+
+### NodeJS buildpack - v1.7.71 up from v1.7.70
+
+* Add node 14.19.2, remove node 14.19.0 for stack(s) cflinuxfs3
+* Add node 16.15.0, remove node 16.14.0 for stack(s) cflinuxfs3
+* Add support for SeaLights Node.js agent integration.
+
+### PHP Buildpack - v4.4.63 up from v4.4.61
+
+* Add php 7.4.30, remove php 7.4.28 for stack(s) cflinuxfs3
+* Add php 8.1.7, remove php 8.1.5 for stack(s) cflinuxfs3
+* Add php 8.0.20, remove php 8.0.18 for stack(s) cflinuxfs3
+* Add php 8.0.19, remove php 8.0.17 for stack(s) cflinuxfs3
+* Add php 8.1.6, remove php 8.1.4 for stack(s) cflinuxfs3
+* Add httpd 2.4.54, remove httpd 2.4.53 for stack(s) cflinuxfs3
+* Add composer 2.3.7, remove composer 2.3.5 for stack(s) cflinuxfs3
+* Deprecate Nginx 1.20.x (End of life)
+* Add nginx 1.22.0 for stack(s) cflinuxfs3
+
+### Python Buildpack - v1.7.55 up from v1.7.54
+
+* Add python 3.10.5, remove python 3.10.3 for stack(s) cflinuxfs3
+* Add python 3.9.13, remove python 3.9.11 for stack(s) cflinuxfs3
+* Add pip 22.1.2, remove pip 22.0.4 for stack(s) cflinuxfs3
+* Add pipenv 2022.6.7, remove pipenv 2022.5.2 for stack(s) cflinuxfs3
+* Add miniconda3-py39 4.12.0, remove miniconda3-py39 4.11.0 for stack(s) cflinuxfs3
+* Add setuptools 62.3.3, remove setuptools 62.1.0 for stack(s) cflinuxfs3
+
+### Ruby Buildpack - v1.8.55 up from v1.8.54
+
+* Add bundler 2.3.15, remove bundler 2.3.13 for stack(s) cflinuxfs3
+* Add rubygems 3.3.15, remove rubygems 3.3.13 for stack(s) cflinuxfs3
+* Add node 16.15.1, remove node 16.15.0 for stack(s) cflinuxfs3
+* Add yarn 1.22.19, remove yarn 1.22.18 for stack(s) cflinuxfs3
+
+## Platform Changes
+
+---
+
+### Capi Release - v1.130.0 up from v1.129.0
+
+* CC API Version: 2.183.0 and 3.118.0
+* Service Broker API Version: 2.15
+* Bug fixes
+
+### CF-Networking Release - v3.9.0 up from v3.6.0
+
+* This release includes no new features/bugfixes (but silk-release) does!
+
+### Silk Release - v3.9.0 up from v3.6.0
+
+* Telemetry emits more sophisticated metrics (average, max, min) for IPTablesRulesCount
+* Telemetry emission/logging happens on a configurable basis (default to 10 minutes)
+* Fixed a bug where Dynamic ASGs did not process ASG rules properly if the ports string contained spaces in the list of ports/port ranges.
+* Added support to netmon that allows data to be exported for telemetry purposes. Writes to a telemetry.log file. Can be enabled/disabled via the telemetry_enabled property (disabled by default)
+* Resolved a bug with dynamic ASGs when iptables logging was enabled that resulted in rules being flushed from running containers
+
+### CFLinuxfs3 - v0.308.0 up from v0.301.0
+
+USN-5495-1 USN-5495-1: curl vulnerabilities:
+
+* CVE-2022-32205: Set-Cookie denial of service
+* CVE-2022-32206: HTTP compression denial of service
+* CVE-2022-32207: Unpreserved file permissions
+* CVE-2022-32208: FTP-KRB bad message verification
+* CVE-2022-32207: Unpreserved file permissions
+* CVE-2022-32206: HTTP compression denial of service
+* CVE-2022-32205: Set-Cookie denial of service
+* CVE-2022-32208: FTP-KRB bad message verification
+
+USN-5488-1 USN-5488-1: OpenSSL vulnerability:
+
+* CVE-2022-2068: In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
+
+USN-5472-1 USN-5472-1: FFmpeg vulnerabilities:
+
+* CVE-2020-20446: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
+* CVE-2020-20453: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
+* CVE-2020-20450: FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.
+* CVE-2020-21041: Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
+* CVE-2020-21688: A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
+* CVE-2020-21697: A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
+* CVE-2020-22015: Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
+* CVE-2020-22016: A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22022: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22031: A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22042: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
+* CVE-2020-22021: Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
+* CVE-2020-22033: A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
+* CVE-2020-22035: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22037: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
+* CVE-2020-35965: decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
+* CVE-2021-38114: libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
+* CVE-2021-38171: adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
+* CVE-2022-1475: An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
+* CVE-2020-22035: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22042: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c.
+* CVE-2020-21697: A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
+* CVE-2020-22016: A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
+* CVE-2020-20450: FFmpeg 4.2 is affected by null pointer dereference passed as argument to libavformat/aviobuf.c, which could cause a Denial of Service.
+* CVE-2020-22032: A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22017: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22026: Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input function at libavfilter/af_tremolo.c, which could let a remote malicious user cause a Denial of Service.
+* CVE-2020-22037: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in avcodec_alloc_context3 at options.c.
+* CVE-2020-20445: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, which allows a remote malicious user to cause a Denial of Service.
+* CVE-2020-22020: Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map function in libavfilter/vf_fieldmatch.c, which could let a remote malicious user cause a Denial of Service.
+* CVE-2020-22027: A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22034: A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22028: Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_vertically_8 at libavfilter/vf_avgblur.c, which could cause a remote Denial of Service.
+* CVE-2020-22025: A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-21041: Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse_blend in libavcodec/pngenc.c, which could let a remote malicious user cause a Denial of Service
+* CVE-2020-22019: Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in libavfilter/vf_vmafmotion.c, which could let a remote malicious user cause a Denial of Service.
+* CVE-2021-38114: libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.
+* CVE-2020-22036: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22033: A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
+* CVE-2020-22031: A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22021: Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.
+* CVE-2020-22023: A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
+* CVE-2020-35965: decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
+* CVE-2020-20446: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy.c, which allows a remote malicious user to cause a Denial of Service.
+* CVE-2020-21688: A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
+CVE-2020-20453: FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccoder, which allows a remote malicious user to cause a Denial of Service
+* CVE-2020-22015: Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due to the out of bounds in libavformat/movenc.c, which could let a remote malicious user obtain sensitive information, cause a Denial of Service, or execute arbitrary code.
+* CVE-2020-22029: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
+* CVE-2020-22030: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
+* CVE-2021-38171: adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return value, which is a necessary step because the second argument to init_get_bits can be crafted.
+* CVE-2022-1475: An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.
+* CVE-2020-22022: A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
+* CVE-2021-38291: FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c.
+
+USN-5473-1 USN-5473-1: ca-certificates update:
+
+* https://launchpad.net/bugs/1976631: Update to 20211016 bundle
+
+USN-5464-1 USN-5464-1: E2fsprogs vulnerability:
+
+* CVE-2022-1304: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
+
+USN-5462-1 USN-5462-1: Ruby vulnerabilities:
+
+* CVE-2022-28739: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
+* CVE-2022-28739: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.
+* CVE-2022-28738: A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.
+
+USN-5456-1 USN-5456-1: ImageMagick vulnerability:
+
+* CVE-2022-28463: ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
+
+### Garden-runc - v1.20.7 up from v1.20.6
+
+* garden-runc-release now supports Jammy Jellyfish
+* Updated the packaged tar to be statically compiled with musl
+
+### Metrics Discovery Release - v3.1.0 up from v3.0.13
+
+* Don't report the value of the NATS_HOSTS environment variable on startup
+* Use cloudfoundry/tlsconfig internal service defaults for NATS TLS connections
+* The cf-add-metrics-discovery.yml and cf-add-metrics-discovery-windows.yml operations files have been removed. The metrics-discovery-registrar has been in the base manifest for cf-deployment since cf-deployment v13.0.0.
+* The scrape config generator added in the removed operations file can now be deployed with add-scrape-config-generator.yml.
+
+### Routing Release - v0.235.0 up from v0.233.0
+
+* Gorouter healthchecker retries connection instead of monit (#275)
+* Gorouter: the metrics package now uses lsof to monitor file descriptors on MacOS @domdom82 cloudfoundry/gorouter#312
+* Bumped the lager dependency to resolve issues where the timeFormat flag was not honored, resulting in epoch timestamps vs human readable.
+* Now tested with the bionic stemcell in CI
+
+### Statsd-injector Release - v1.11.19 up from v1.11.18
+
+* Bump go-loggregator to v8 by @ctlong in #11
+* Bump to go 1.18.1
+* As part of bumping to Go 1.18 certificates that are signed with the SHA-1 hash function will no longer be accepted.
diff --git a/content/news/articles/2022-09-29-release-notes.md b/content/news/articles/2022-09-29-release-notes.md
new file mode 100644
index 0000000..0ef975a
--- /dev/null
+++ b/content/news/articles/2022-09-29-release-notes.md
@@ -0,0 +1,191 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-09-29
+title: "September 29th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy end of September ! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this time include new stemcell and new version of cf-deployment.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### CF-Deployment - v21.11.0 up from v21.10.0
+
+* Changes will be below broken up by component :)
+
+### Binary buildpack - v1.0.46 up from v1.0.45
+
+* Uncached buildpack SHA256: c783f83e8338b27dac50b0d727f5d97144637c242bb196862032b31c2e7f03c8
+* Uncached buildpack SHA256: 356de9c16e950aafc26b38de344c9194f90a4504f659124b27f2e5240dcdcffa
+* Uncached buildpack SHA256: 3cf7f7db4b583c70bf96a7f783c08927194397898c5ab45cc5b0719c4df542a6
+
+### Dotnet core Buildpack -v 2.4.1 up form v2.4.0
+
+* Bug fixes
+* Add dotnet-sdk 3.1.423, remove dotnet-sdk 3.1.421 for stack(s) cflinuxfs3
+* Add dotnet-sdk 6.0.401, remove dotnet-sdk 6.0.302 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-runtime 3.1.29, remove dotnet-runtime 3.1.27 for stack(s) cflinuxfs3
+* Add dotnet-runtime 6.0.9, remove dotnet-runtime 6.0.7 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-aspnetcore 3.1.29, remove dotnet-aspnetcore 3.1.27 for stack(s) cflinuxfs3
+* Add dotnet-aspnetcore 6.0.9, remove dotnet-aspnetcore 6.0.7 for stack(s) cflinuxfs4, cflinuxfs3
+* Add node 16.17.0, remove node 16.16.0 for stack(s) cflinuxfs4, cflinuxfs3
+
+### Go Buildpack - v1.9.50 up from v1.9.49
+
+* Deprecate Go 1.17 (#285)
+* Add go 1.19.1for stack(s) cflinuxfs3
+* Add go 1.18.6, remove go 1.18.4 for stack(s) cflinuxfs3
+* Adds --stack flag for integration tests
+
+### Java Buildpack - v4.52 up from v4.50
+
+* Deprecation of Spring Cloud Connectors & Spring Auto Reconfiguration - this feature is now disabled by default
+* See release notes for latest versions of dependencies - https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.52
+
+### Nginx Buildpack - v1.1.43 up from v1.1.42
+
+* Update libbuildpack
+* nginx	1.22.0	cflinuxfs3
+* nginx	1.23.1	cflinuxfs3
+* openresty	1.13.6.2	cflinuxfs3
+* openresty	1.15.8.3	cflinuxfs3
+* openresty	1.17.8.2	cflinuxfs3
+* openresty	1.19.9.1	cflinuxfs3
+* openresty	1.21.4.1	cflinuxfs3
+* Default binary is now nginx 1.23.x
+* Uncached buildpack SHA256: 4f3acdd173c641d69e65ee46b28eee41660539110fe0729a53d60db4a4c170c7
+
+### Nodejs Buildpcak - v1.8.0 up from v1.7.73
+
+* node	14.19.3	cflinuxfs3
+* node	14.20.0	cflinuxfs3
+* node	16.16.0	cflinuxfs3
+* node	16.17.0	cflinuxfs3
+* node	18.7.0	cflinuxfs3
+* node	18.9.0	cflinuxfs3
+* yarn	1.22.19	cflinuxfs3
+* Default binary is now node 16.x
+
+### Php Buildpack - v4.4.66 up from v4.4.65
+
+* Add php 8.0.23, remove php 8.0.21
+* Add php 8.1.10, remove php 8.1.8
+* Add composer 2.4.1, remove composer 2.3.10
+* See release notes for packaed binaries and releases - https://github.com/cloudfoundry/php-buildpack/releases/tag/v4.4.66
+
+### Python Buildpack - v1.7.59 up from v1.7.57
+
+* Add pipenv 2022.9.24, remove pipenv 2022.9.21 for stack(s) cflinuxfs3
+* Add setuptools 65.4.0, remove setuptools 65.3.0 for stack(s) cflinuxfs3
+* Remove deprecated functions in Go code - https://github.com/cloudfoundry/python-buildpack/pull/608
+* Default binary is now python 3.10.x
+
+### R Buildpack - v1.1.33 up from v1.1.32
+
+* Rebuild r 4.2.1
+* r	3.6.2	cflinuxfs3	forecast, plumber, rserve, shiny
+* r	3.6.3	cflinuxfs3	forecast, plumber, rserve, shiny
+* r	4.2.0	cflinuxfs3	forecast, plumber, rserve, shiny
+* r	4.2.1	cflinuxfs3	forecast, plumber, rserve, shiny
+
+### Ruby Buildpack - v1.8.58 up from v1.8.57
+
+* Add bundler 2.3.22, remove bundler 2.3.21
+* Add rubygems 3.3.22, remove rubygems 3.3.19
+* Add bundler 2.3.21, remove bundler 2.3.19
+* Add jruby 9.3.7.0, remove jruby 9.3.6.0
+* Add node 16.17.0
+* bundler	1.17.3	cflinuxfs3
+* bundler	2.3.22	cflinuxfs3
+* jruby	9.2.21.0	cflinuxfs3
+* jruby	9.3.7.0	cflinuxfs3
+* node	16.16.0	cflinuxfs3
+* node	16.17.0	cflinuxfs3
+* openjdk1.8-latest	1.8.0	cflinuxfs3
+* ruby	2.7.5	cflinuxfs3
+* ruby	2.7.6	cflinuxfs3
+* ruby	3.0.3	cflinuxfs3
+* ruby	3.0.4	cflinuxfs3
+* ruby	3.1.1	cflinuxfs3
+* ruby	3.1.2	cflinuxfs3
+* rubygems	3.3.22	cflinuxfs3
+* yarn	1.22.19	cflinuxfs3
+* Default binary is now ruby 2.7.x
+
+## Platform Changes
+
+---
+
+### Capi - v1.139.0 up from 1.136.0
+
+* Mainly bug fixes
+
+### Cflinuxfs3 - v0.326.0 up from v0.320.0
+
+* Patched for USN-5631-1 USN-5631-1: libjpeg-turbo vulnerabilities:
+
+### Diego - v2.66.3 up from v2.66.2
+
+* Mainly bug fixes
+
+### Garden - v1.22.2 up from v1.22.1
+
+* gdn is now statically compiled
+* Various minor bumps
+
+### Loggregator - v106.7.0 up from v106.6.9
+
+* Switch from grpc-throughputlb package to default gRPC load balancing
+* Add ReadHeaderTimeouts to all servers
+* Fix some golangci-lint warnings
+* Bump golang to 1.18.6
+* Bump dependencies
+
+### Metrics-discovery - v3.2.0 up from v3.2.0
+
+* Add ReadHeaderTimeout to all servers 
+* Bump dependencies
+* Bump to golang 1.18.6
+
+### Nats - v51 up form v50
+
+* Built with golang 1.19.1
+
+### Routing - v0.239.0 up from v0.238.0
+
+* Bumped Golang to 1.18.6 to mitigate CVE-2022-27664
+
+### Statsd injector - v1.11.22 up from v1.11.21
+
+* Bump dependencies
+* Bump to golang 1.18.6
+
+### Stemcell - v1.107 up from v1.97
+
+* BOSH Agent Version: 2.468.0
+* Patched for USN-5585-1: Jupyter Notebook vulnerabilities
+* Patched for USN-5575-1: Libxslt vulnerabilities
+* Patched for USN-5600-1: Linux kernel (HWE) vulnerabilities
+* Patched for USN-5603-1: Linux kernel (Raspberry Pi) vulnerabilities
+* Patched for USN-5592-1: Linux kernel vulnerabilities
+* Patched for USN-5591-3: Linux kernel vulnerability
+* Patched for USN-5591-4: Linux kernel (AWS) vulnerability
+* Patched for USN-5598-1: Linux kernel (Oracle) vulnerability
+* Patched for USN-5523-2: LibTIFF vulnerabilities
+* Patched for USN-5612-1: Intel Microcode vulnerability
+* Patched for USN-5608-1: DPDK vulnerability
+* Patched for USN-5583-1: systemd vulnerability
+* Patched for USN-5583-2: systemd regression
+* Patched for USN-5571-1: PostgreSQL vulnerability
+* Patched for USN-5584-1: Schroot vulnerability
+* Patched for USN-5578-1: Open VM Tools vulnerability
+* Patched for USN-5587-1: curl vulnerability
+* Patched for USN-5573-1: rsync vulnerability
+* Patched for USN-5570-1: zlib vulnerability
+* Patched for USN-5581-1: Firefox vulnerabilities
+* Patched for USN-5606-1: poppler vulnerability
diff --git a/content/news/articles/2022-11-15-pages-crm-release.md b/content/news/articles/2022-11-15-pages-crm-release.md
new file mode 100644
index 0000000..26e6980
--- /dev/null
+++ b/content/news/articles/2022-11-15-pages-crm-release.md
@@ -0,0 +1,23 @@
+---
+layout: layouts/post
+tags: news
+title: Release of cloud.gov Pages Customer Responsibility Matrix (CRM)
+date: 2022-11-15
+excerpt: As part of the launch of cloud.gov Pages we are 
+  publishing the Pages-specific Customer Responsibility Matrix (CRM)
+---
+
+Our website publishing platform, [cloud.gov
+Pages]({{ site.baseurl }}/pages/), is now fully authorized by
+[FedRAMP®](https://fedramp.gov) at the Moderate impact level, and
+is replacing the Federalist offering, formerly at
+https://federalist.18f.gov. As part of that migration, we are
+publishing the **[Control Implementation Summary (CIS) + Customer Responsibility Matrix (CRM) + Control-by-Control Inheritance (.xlsx)]({{ site.baseurl }}/resources/cloud.gov-Pages-CIS-Worksheet.xlsx)**.
+The CRM is a summary of each Low security control and whether it
+is handled by cloud.gov, a shared responsibility, or a customer
+responsibility. It includes guidance on which controls a customer
+system can fully or partially inherit from cloud.gov Pages.
+
+We will release a CRM for the cloud.gov Pages Moderate impact controls in the near future. Updates to the cloud.gov Pages CRM will
+be reflected on our [FedRAMP Tracker page]({{ site.baseurl }}/docs/overview/fedramp-tracker/)
+
diff --git a/content/news/articles/2022-11-23-release-notes.md b/content/news/articles/2022-11-23-release-notes.md
new file mode 100644
index 0000000..d7ee370
--- /dev/null
+++ b/content/news/articles/2022-11-23-release-notes.md
@@ -0,0 +1,141 @@
+---
+layout: layouts/post
+tags: news
+date: 2022-11-23
+title: "November 23rd cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy Thanksgiving Week! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this time include redis and disk quotas!
+
+# Change Log
+
+## Customer Facing
+
+---
+### Noteworthy Changes and features
+#### AWS Elasticache Redis versions
+The aws broker now supports newer and multiple redis versions. Default redis is now AWS Elasticache Redis 6.2. Older and other versions can be selected by following https://cloud.gov/docs/services/aws-elasticache/#setting-optional-parameters.
+
+Versions supported:
+* 5.0.6 - previous default
+* 6.0
+* 6.2 - default
+* 7.0
+
+#### Application Disk Quota
+The maximum Disk Quota an application can use is now 7GB up from 6GB. Disk Quota is how much disk space an application instance will have access to. 
+
+Note: Disk Quota is not same as your organization's memory quota. 
+
+Find how to specify disk quota here: https://cloud.gov/docs/management/limits/#app
+
+### Go Buildpack - v1.10.0 up from v1.9.50
+
+* Add support for cflinuxfs4 stack
+* Add go 1.19.2, remove go 1.19 for stack(s) cflinuxfs4, cflinuxfs3
+* Update Go Buildpack dependencies to only keep 1 of each patch version (latest)
+
+### Java Buildpack - v4.53 up from v4.52
+
+I'm pleased to announce the release of the java-buildpack, version 4.53. It primarily includes new OpenJDK versions, which are based on the Oracle Java Quarterly Updates for Oct 2022.
+
+This release also includes an enhancement to the Sealights framework, more field are supported for a User-Provided service (Thanks to @alonweiss-sl via #964)
+
+🚨 Deprecation of Spring Cloud Connectors & Spring Auto Reconfiguration 🚨
+
+This release reverts the change made in v4.51 which disabled the Spring Auto Reconfiguration framework by default. From this release, it will be enabled by default as per all versions < 4.51. This is to provide users with more time to migrate to the recommended alternative library, java-cfenv. The default of disabled will now happen in a release after March 2023, and the library will be completely removed in a release after March 2024. As before, you may post feedback/comments to this issue.
+
+
+### Nginx Buildpack - v1.1.45 up from v1.1.44
+
+* Add nginx 1.23.2, remove nginx 1.23.1 for stack(s) cflinuxfs3
+* Add nginx 1.22.1, remove nginx 1.22.0 for stack(s) cflinuxfs3
+
+### Nodejs Buildpcak - v1.8.3 up from v1.8.2
+
+* Add node 18.12.1, remove node 18.9.0
+    for stack(s) cflinuxfs3, cflinuxfs4
+* Add node 14.21.1, remove node 14.20.0
+    for stack(s) cflinuxfs3, cflinuxfs4
+* Add node 16.18.1, remove node 16.17.1
+    for stack(s) cflinuxfs3, cflinuxfs4
+    (https://www.pivotaltracker.com/story/show/183724805)
+* Bumps go.mod go version to 1.19
+
+### Staticfile Buildpack - v1.5.35 up from v1.5.34
+
+* Add nginx 1.23.2, remove nginx 1.23.1 for stack(s) cflinuxfs3
+* Add nginx 1.22.1, remove nginx 1.22.0 for stack(s) cflinuxfs3
+
+## Platform Changes
+
+---
+
+### Capi - v1.141.0 up from 1.140.0
+
+Highlights
+
+* v3/routes returns shared routes
+* Cloud Controller processes large manifests with a hard limit of 1MB
+* Various performance improvements (optimized DB queries)
+
+CC API Version: 2.193.0 and 3.128.0
+
+Service Broker API Version: 2.15
+
+CAPI Release
+Cloud Controller
+* v3/routes additionally returns shared routes (cloudfoundry/cloud_controller_ng#3037)
+* Enable CC to process large manifests (cloudfoundry/cloud_controller_ng#3034)
+* Add support for multiple certs per syslog_drain_url (cloudfoundry/cloud_controller_ng#3028)
+* Cut DB query complexity in permissions/visibility checks (cloudfoundry/cloud_controller_ng#3043)
+* Misc db optimizations (cloudfoundry/cloud_controller_ng#3052)
+* Use foreign keys more to avoid DB queries (cloudfoundry/cloud_controller_ng#3033)
+* Check space/org permissions by id, not guid (cloudfoundry/cloud_controller_ng#3021)
+* More readable checks to see if any row exists (cloudfoundry/cloud_controller_ng#3053)
+* Clean up unused/unnecessary permissions methods (cloudfoundry/cloud_controller_ng#3038)
+* Fix v3 upgrade guide for audit_events (cloudfoundry/cloud_controller_ng#3039)
+* Fix two typos in API docs (cloudfoundry/cloud_controller_ng#3031)
+* Fix roles table in service instance delete docs (cloudfoundry/cloud_controller_ng#3023)
+* Allow dependabot to update github actions (cloudfoundry/cloud_controller_ng#3040)
+
+### Cflinuxfs3 - v0.332.0 up from v0.331.0
+
+Notably, this release addresses:
+
+USN-5716-1 USN-5716-1: SQLite vulnerability:
+* CVE-2022-35737: SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
+
+### Log Cache - v2.12.3 up from v2.12.2
+
+* Bump to go1.19.3
+* Bump dependencies
+
+### Loggregator - v106.7.3 up from v106.7.2
+
+* Bump to go1.19.3
+* Bump dependencies
+* Fix: race condition in the v1 ingestor server tests by @ctlong in #468
+
+### Metrics-discovery - v3.2.3 up from v3.2.2
+
+* Bump to go1.19.3
+* Bump dependencies
+
+### Routing - v0.239.0 up from v0.238.0
+
+* Gorouter's pre-start script now reserves ports used by other CF components when it increases the number of ephemeral ports available via /proc/sys/net/ipv4/ip_local_reserved_ports. This resolves issues when components fail to start up during deploys/monit restarts due to accidental port collisions with outbound traffic from the VM. Thanks @ameowlia !
+* Routing-release no longer makes use of the deprecated uaa-go-client, and uses go-uaa instead
+* The routing_utils/nats_client helper utility now supports saving + loading gorouter's routing tables! Thanks @domdom82 !
+* Fixed a memory leak with gorouter that resulted in HTTP request objects being held open if a client canceled the connection before the App responded. Thanks @geofffranks !
+
+### Stemcell - v1.145 up from v1.122
+
+* BOSH Agent Version: 2.468.0
+* Patched for USN-5715-1: LibRaw vulnerabilities
+* Patched for USN-5689-1: Perl vulnerability
+* Patched for USN-5227-3: Pillow vulnerability
+* Patched for USN-5714-1: LibTIFF vulnerabilities
+* Patched for USN-5691-1: Linux kernel vulnerabilities
+
diff --git a/content/news/articles/2023-01-05-release-notes.md b/content/news/articles/2023-01-05-release-notes.md
new file mode 100644
index 0000000..5bf0ec1
--- /dev/null
+++ b/content/news/articles/2023-01-05-release-notes.md
@@ -0,0 +1,165 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-01-05
+title: "January 5th cloud.gov Change Log"
+excerpt: The cloud.gov team is provides change logs so everyone can see new features and updates.
+---
+
+Happy New Year! The cloud.gov team provides this change log so everyone can see new features and updates.
+
+# Change Log
+
+## Customer Facing
+
+---
+
+### Noteworthy Changes and features
+
+### dotnet-core-buildpack 2.4.5
+
+* Deprecate .Net (aspnetcore, runtime and sdk) 3.x
+* Add dotnet-aspnetcore 6.0.12, remove dotnet-aspnetcore 6.0.11 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-runtime 6.0.12, remove dotnet-runtime 6.0.11 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-sdk 6.0.404, remove dotnet-sdk 6.0.403 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-aspnetcore 7.0.1, remove dotnet-aspnetcore 7.0.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-runtime 7.0.1, remove dotnet-runtime 7.0.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-sdk 7.0.101, remove dotnet-sdk 7.0.100 for stack(s) cflinuxfs4, cflinuxfs3
+
+### nodejs-buildpack v1.8.4
+
+* Bumps default node version to 18
+
+### php-buildpack v4.5.0
+
+* Deprecate PHP 7.4.x
+* Remove CAAPM Agent not supported by PHP 8 (#746)
+* Update default PHP Version to 8.1.13
+* Add appdynamics 22.12.0-667, remove appdynamics 22.10.0-627 for stack(s) cflinuxfs3
+* Add nginx 1.23.3, remove nginx 1.23.2 for stack(s) cflinuxfs3
+* Add php 8.0.26, remove php 8.0.24 for stack(s) cflinuxfs3
+* Add php 8.1.13, remove php 8.1.11 for stack(s) cflinuxfs
+
+### python-buildpack v1.8.3 from v1.8.1
+
+* Add python 3.11.0 for stack(s) cflinuxfs3, cflinuxfs4
+* Add python 3.8.15, remove python 3.8.13 for stack(s) cflinuxfs3, cflinuxfs4
+* Add python 3.9.15, remove python 3.9.13 for stack(s) cflinuxfs4, cflinuxfs3
+* Add python 3.10.8, remove python 3.10.6 for stack(s) cflinuxfs3, cflinuxfs4
+* Add python 3.7.15, remove python 3.7.13 for stack(s) cflinuxfs4, cflinuxfs3
+* Add pip 22.3.1, remove pip 22.2.2 for stack(s) cflinuxfs4, cflinuxfs3
+* Add setuptools 65.5.1, remove setuptools 65.4.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Add pipenv 2022.11.5, remove pipenv 2022.9.24 for stack(s) cflinuxfs4, cflinuxfs3
+* Distinguish Vendored and Unvendored installs in logs
+* Log used 'pip install' command before executing it for debugging
+* Print pip's version when using python's pip module To be able to debug problems when using pip it's handy to know which version of pip is actually being used
+
+### r-buildpack v1.1.36
+
+* Rebuild r 4.2.2 for stack(s) cflinuxfs3 with dependencies for stack cflinuxfs3: forecast 8.19, plumber 1.2.1, rserve 1.8.11, shiny 1.7.3
+
+### ruby-buildpack v1.9.0 from v1.8.60
+
+* Add support for cflinuxfs4 stack
+* Update default ruby version to 3.1
+* Remove deprecated bundler 1.x version line (#650)
+* supply: remove ruby.exe symlinking
+    * This seems to be from a heroku era effort to support windows.
+* openjdk8: update dependency
+* Remove EOL'd jruby 9.2 (#612)
+* Add jruby 9.4.0.0 for stack(s) cflinuxfs3
+* Add ruby 2.7.7, remove ruby 2.7.5 for stack(s) cflinuxfs3
+* Add ruby 3.1.3, remove ruby 3.1.1 for stack(s) cflinuxfs3
+* Add bundler 2.3.26, remove bundler 2.3.25 for stack(s) cflinuxfs3
+* Add rubygems 3.3.26, remove rubygems 3.3.25 for stack(s) cflinuxfs3
+* Test fixtures: Updates rails5 Gemfile.lock to resolve C compilation issues
+* Test fixtures: Removes integration tests for Rails 4 has been out of support since Aug. 2019
+
+### staticfile-buildpack v1.5.36
+
+* Handle comma separated X-Forwarded-Proto
+
+## Platform Changes
+
+---
+
+### CAPI - 1.143.0 up from 1.141.0
+
+Highlights
+
+* Support for asynchronous service binding creation in Space Manifests
+* CC API Version: 2.195.0 and 3.130.0
+* Use Clang compiled Ruby on Jammy
+* Diego client tries all bbs domain IPs
+
+Service Broker API Version: 2.15
+
+CAPI Release
+
+* Timeout for async service bindings in manifests (#281)
+* Dependency bumps
+* bump Golang to go1.19.4
+* Bump ruby-release to get a Clang compiled Ruby on Jammy (#279)
+* Make puma max threads configurable (#282)
+* Ensure that the drain log dir exists (#284)
+
+Cloud Controller
+
+* Reverts “Diego client tries all bbs domain IPs” (cloudfoundry/cloud_controller_ng#3113)
+* Reverts regression regarding communication with BBS introduced in 1.142.0 (cloudfoundry/cloud_controller_ng#3109)
+* Optimize service plan visibility queries (cloudfoundry/cloud_controller_ng#3055)
+* Add user_guid to request logs (cloudfoundry/cloud_controller_ng#3087)
+* Loggregator: add flag to deprecate v4 bindings endpoint (cloudfoundry/cloud_controller_ng#3100)
+* Add ca for syslog bindings (cloudfoundry/cloud_controller_ng#3098)
+* Support for asynchronous service binding creating in Space Manifests (cloudfoundry/cloud_controller_ng#3058)
+* Catch AppStart errors in deployment create action (cloudfoundry/cloud_controller_ng#3074)
+* Diego client tries all bbs domain IPs (cloudfoundry/cloud_controller_ng#3048)
+* Let Sequel check if single records exist (cloudfoundry/cloud_controller_ng#3082)
+* Use more efficient 'select' in place of 'select_map' (cloudfoundry/cloud_controller_ng#3070)
+* Index service_instances.service_plan_id (cloudfoundry/cloud_controller_ng#3065)
+* Remove more inefficient counting (cloudfoundry/cloud_controller_ng#3067)
+* Finalize only deployments with 'STATUS_VALUE' 'ACTIVE' (cloudfoundry/cloud_controller_ng#3073)
+* Puma Threads & Local Port (cloudfoundry/cloud_controller_ng#3063)
+* Re-add db table request_counts (cloudfoundry/cloud_controller_ng#3076)
+
+### Diego 2.71.0 up from 2.70.0
+
+* Removed legacy code relating to consul in diego components. This was long ago replaced by locket.
+* Added helpful logging to cacheddownloader for when it retries/fails downloads. Thanks @vlast3k!
+* Bumped ginkgo dependencies
+* Bumps golang to 1.19.4
+* ✨ Built with go 1.19.4
+
+### garden-runc 1.22.7 up from 1.22.5
+
+* Bundler update to fix deprecation warnings.
+* Golang was bumped to v1.19.4
+* The garden job now has an HTTP-based healthchecker process that will restart garden if it detects that it has stopped responding to HTTP requests. It will do this for up to 10 consecutive failures before stopping.
+* grootfs was bumped with new golang dependencies.
+
+### loggregator-release v107.0.0 from v106.7.5
+
+Remove RecentLogsHandler from Traffic Controller. Traffic Controller has been providing recent logs as a fallback for environments/tools which had not moved to retrieving recent logs directly from Log Cache. With this change older versions of the cf CLI v6 will no longer be able to retrieve recent logs from Cloud Foundry.
+
+We are making this change as Log Cache has been the correct way of retrieving these logs for many years and the legacy support was causing issues with the splitting out of Log Cache from Dopplers.
+
+What's Changed
+
+* Remove RecentLogsHandler by @rroberts2222 in #486
+* Bump golang.org/x/net from 0.3.0 to 0.4.0 in /src by @dependabot in #487
+* Delete unused manifests & scripts, clean up README by @rroberts2222 in #488
+* fix go module path by @Benjamintf1 in #490
+
+### loggregator-agent-release v6.5.6 from v6.5.5
+
+* fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in #174
+* updated some dependencies.
+
+### nats v54 from v53
+
+* Golang bumped to 1.19.4
+* Ruby for internal testing bumped to v3
+
+### routing v0.252.0 from v0.251.0
+
+* Improve random source for least connection pool to be thread safe. Thanks Daniel Lynch!
diff --git a/content/news/articles/2023-01-19-release-notes.md b/content/news/articles/2023-01-19-release-notes.md
new file mode 100644
index 0000000..c1f500d
--- /dev/null
+++ b/content/news/articles/2023-01-19-release-notes.md
@@ -0,0 +1,66 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-01-19
+title: "January 19th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+Happy New Year! The cloud.gov team is working on providing change logs so everyone can see new features and updates. Highlights this time include platform changes.
+
+# Change Log
+
+## Platform Changes
+
+---
+
+### Loggregator
+Rolled back Loggregator to fix issue with application logs not showing up in the dashboard
+
+### cf-networking - v3.18.0 up from v3.17.0
+
+* Enable http-based healthchecking for bosh-dns-adapter
+
+### cflinuxfs3 - v0.348.0 up from v0.346.0
+
+Notably, this release addresses:
+
+USN-5788-1 USN-5788-1: curl vulnerabilities:
+
+* CVE-2022-43551: A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
+
+* CVE-2022-43552: HTTP Proxy deny use-after-free CVE-2022-43551: A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
+
+* CVE-2022-43552: HTTP Proxy deny use-after-free
+
+### Loggregator-agent - v7.0.0 up from v6.5.6
+
+* Allow application developers to set client certs and keys, as well as server cas, to be used for authentication in syslog-tls drains by @fhambrec, @dark5un in #177 / #119. Breaking change: requires new version of capi
+* Add drain scope and url tags to syslog egress metrics by @skaur20 in #123, Breaking change: might effect metrics dashboards and calculations.
+
+### Prometheus - v27.2.1 up from v27.1.0
+
+* Bump Alertmanager to 0.25.0
+* Bump Grafana to 8.5.15
+* Fix issues with cadvisor cannot be compiled (thx @psycofdj )
+
+Upgrades
+
+* blackbox_exporter to 0.23.0
+* cadivsor to 0.46.0
+* consul_exporter to 0.9.0
+* credhub_exporter to 0.18.0
+* elasticsearch_exporter to 1.5.0
+* grafana to v7.5.17
+* graphite_exporter to 0.13.1
+* haproxy_exporter to 0.14.0
+* influxdb_exporter to 0.11.1
+* prometheus to v2.41.0
+* pushgateway to 1.5.1
+* statsd_exporter to 0.23.0
+
+### Routing - v0.253.0 up from v0.252.0
+
+* Specs to make maxRetries configurable for endpoints and route-services by @domdom82 in #298
+
+
diff --git a/content/news/articles/2023-02-02-cloud-gov-pages-site-auth-changes.md b/content/news/articles/2023-02-02-cloud-gov-pages-site-auth-changes.md
new file mode 100644
index 0000000..985764b
--- /dev/null
+++ b/content/news/articles/2023-02-02-cloud-gov-pages-site-auth-changes.md
@@ -0,0 +1,16 @@
+---
+layout: layouts/post
+tags: news
+title: Cloud.gov Pages Site Authorization Changes
+date: 2023-02-02
+excerpt: "The GSA ATO covering new site launches and renewals after April 1st,
+  2023 will end and non-GSA sites will no longer be covered with a GSA ATO after
+  the start of FY24 (October 1st, 2023). "
+---
+_*Note: For GSA customers, we are working with GSA IT to work through the details on GSA ATO’s._
+
+### Attention cloud.gov Pages Users:
+
+As cloud.gov Pages transitions to the FedRAMP authorization, the current Federalist GSA ATO covering non-GSA sites will be expiring and will not be able to be renewed. Starting April 1st, 2023, all new sites and renewals for non-GSA sites will be inheriting our cloud.gov Pages FedRAMP authorization for a FISMA low or moderate system. All current non-GSA sites will continue to have their sites covered under the GSA ATO until the end of their agreement or the end of FY23 (September 30, 2023), whichever comes first. We have the [FISMA low Customer Responsibility Matrix (CRM)]({{ site.baseurl }}/resources/cloud.gov-Pages-CIS-Worksheet.xlsx) available for cloud.gov Pages and you can start looking through it now.
+
+For non-GSA sites that are renewing shortly after the April 1st, 2023 transition date, please reach out to us at [pages-support@cloud.gov](mailto:pages-support@cloud.gov) so we can schedule time to work through the new FedRAMP authorization with you. Also, we welcome meeting with your agency’s IT or CIO office to help understand your ATO process. Our goal is to make the process as seamless as possible and give customers a faster turnaround for site launches.
diff --git a/content/news/articles/2023-02-02-cloud-gov-pages-unmigrated-user-policy.md b/content/news/articles/2023-02-02-cloud-gov-pages-unmigrated-user-policy.md
new file mode 100644
index 0000000..5e6cfef
--- /dev/null
+++ b/content/news/articles/2023-02-02-cloud-gov-pages-unmigrated-user-policy.md
@@ -0,0 +1,18 @@
+---
+layout: layouts/post
+tags: news
+title: Cloud.gov Pages Un-migrated User Policy
+date: 2023-02-02
+excerpt: Federalist users that have not migrated their accounts to cloud.gov
+  Pages will no longer be able to migrate their account or access the platform
+  starting April 2nd, 2023.
+---
+_*Note: This __DOES NOT__ apply to cloud.gov Pages users authenticating or logging into the platform at pages.cloud.gov with their email. Please disregard the following._
+
+### Attention Federalist Users:
+
+If you have not migrated your Federalist account to cloud.gov Pages via self-migration on pages.cloud.gov or through an invite to pages.cloud.gov, your account will be removed from the platform on 2023-04-02 (proposed). Our transition from Federalist to the FedRAMP authorized cloud.gov Pages means we will no longer support authenticating or logging into the system with GitHub. You will still connect your GitHub account to the cloud.gov Pages platform to build and add sites but this connection process will be a one time action within the cloud.gov Pages app.
+
+After the deprecation date (2023-04-02), your existing account will be removed from the platform and will no longer be accessible to you. If a site you had access to is already in an organization, you will have to request an invite to cloud.gov Pages from that site’s organization manager. You can also regain access to the platform by requesting a sandbox account by emailing [pages-support@cloud.gov](mailto:pages-support@cloud.gov).
+
+To avoid being impacted by this change, please login to pages.cloud.gov with your GitHub account and go through the self-migration process.
diff --git a/content/news/articles/2023-02-02-release-notes.md b/content/news/articles/2023-02-02-release-notes.md
new file mode 100644
index 0000000..95e499b
--- /dev/null
+++ b/content/news/articles/2023-02-02-release-notes.md
@@ -0,0 +1,62 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-02-02
+title: "February 2nd cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log
+
+## Platform Changes
+---
+### Capi - v1.144.0 up from 1.143.0
+* Remove cc_internal_api_user and cc_internal_api_password.
+* Resolves the performance issues when using Digest module with Ruby 3 
+* Performance improvements for /v3/audit_events endpoint 
+* Canceling deployment is superseded by new deployment 
+
+### CF-Networking - v3.19.0 up from v3.18.0
+* Bumped Go to 1.19.5
+
+### CFLinuxfs3 - 0.350.0 up from 0.348.0
+
+### Dotnet-Core-Buildpack - 2.4.6 up from 2.4.5
+* Add dotnet-sdk 7.0.102
+* Add dotnet-sdk 6.0.405
+* Add dotnet-aspnetcore 6.0.13
+* Add dotnet-runtime 6.0.13
+* Add dotnet-runtime 7.0.2
+* Add dotnet-aspnetcore 7.0.2
+
+### Garden-Runc 1.22.9 up from 1.22.7
+* Add healthchecker bosh-package
+* Add gats (integration) and gpats (performance) errands so that it can be run on any environment
+* v1.22.8 was skipped due to CI failures
+* Add experimental arm64 binary
+
+### Go-Buildpack 1.10.3 up from 1.10.2
+* Add go 1.18.10
+* Add go 1.19.5
+
+### Loggregator-Agent 7.1.0 up from 7.0.0
+* Add app-id and drain url in the error message
+* Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped
+
+### Nats 56 up from 54
+* Built with go 1.19.4
+
+### Nginx-Buildpack 1.1.46 up from 1.1.45
+* Add nginx 1.23.3, remove nginx 1.23.2 for stack(s) cflinuxfs3
+
+### Prometheus 27.2.2 up from 27.2.1
+* This release breaks dashboards using pie charts
+* Fixes an issue with setting grafana home dashboard
+* Adds grafana configuration for id_token_attribute_name in generic oauth 
+
+### Routing 0.255.0 up from 0.253.0
+* Upgrade healthchecker in release. In order to limit the scope of packages brought in with the introduction of http healthchecker, we migrated the healthchecker package out of cf-networking-helpers into its own release.
+* Built with go 1.19.5
+
+### Silk 3.19.0 up from 3.18.0
+* Bumped go to 1.19.5
diff --git a/content/news/articles/2023-02-23-cloud-gov-pages-faster-builds.md b/content/news/articles/2023-02-23-cloud-gov-pages-faster-builds.md
new file mode 100644
index 0000000..36d8ba6
--- /dev/null
+++ b/content/news/articles/2023-02-23-cloud-gov-pages-faster-builds.md
@@ -0,0 +1,128 @@
+---
+layout: layouts/post
+tags: news
+title: Faster build times on cloud.gov Pages
+date: 2023-02-23
+excerpt: We advertise that cloud.gov Pages, previously known as Federalist, can “securely deploy a website from your repository in minutes.” Getting your content on the web quickly, seeing fast previews, and even seeing errors early are all important to good maintenance of a website
+---
+
+We advertise that [cloud.gov Pages](https://cloud.gov/pages), previously known as Federalist, can “securely deploy a
+website from your repository in minutes.” Getting your content on the web quickly, seeing fast previews, and even seeing
+errors early are all important to good maintenance of a website. But as sites become larger and more complex, this can
+be a difficult task. We’ve made two recent changes to cloud.gov Pages to make website deployment faster so you can focus
+on your code, design, and content.
+
+## Publishing improvements
+
+Static site generators, like those frequently used with cloud.gov Pages, generate each website page in advance. We then
+copy each page to our hosting service so it can appear online. If we want to save time, we can choose to only copy the
+page if we can tell that it changed from the previous build.
+
+Starting in late 2020, cloud.gov Pages was publishing every file individually. We did this because a new feature
+for [adding headers](https://cloud.gov/pages/documentation/custom-headers/) prevented us from quickly comparing whether
+files had changed. This past October, we made a change to return to only publishing changed files if sites weren’t using
+the header feature.
+
+Sites like [Digital.gov](https://digital.gov/), with over 20,000 files, had been taking seventeen minutes on each build!
+Now their production builds only update about one-third of the total files and have brought the build times down to
+seven or eight minutes (fresh preview builds still take about fourteen). Across our whole portfolio, production sites
+saw 25% faster builds, saving 1 minute 40 seconds on average.
+
+<div class="border bg-white padding-2 margin-bottom-2 margin-top-1 radius-md padding-bottom-0 maxw-tablet">
+
+<h4 class="margin-0">Median Build Times (in minutes) for Digital.gov by Month</h4>
+<p class="margin-top-1 font-sans-2xs text-base margin-bottom--3">Digital.gov was taking seventeen minutes to build on cloud.gov Pages with most of the time spent uploading new files. After the October release of publishing improvements, build times were reduced to about seven or eight minutes.</p>
+
+!["Chart - Faster Builds"]({{site.baseurl}}/img/content/cloud-gov-pages-faster-builds-1.svg)
+
+  <table class="usa-sr-only" aria-describedby="source_line">
+    <caption>Median Build Times for Digital.gov by Month</caption>
+    <thead>
+      <tr>
+        <th scope="col"></th>
+        <th scope="col">June</th>
+        <th scope="col">July</th>
+        <th scope="col">August</th>
+        <th scope="col">September</th>
+        <th scope="col">October</th>
+        <th scope="col">November</th>
+        <th scope="col">December</th>
+        <th scope="col">January</th>
+        <th scope="col">February</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th scope="row">Median build times in minutes</th>
+        <td>15.1</td>
+        <td>15.8</td>
+        <td>16.8</td>
+        <td>17.1</td>
+        <td>17.1</td>
+        <td>8.5</td>
+        <td>7.1</td>
+        <td>7.1</td>
+        <td>6.8</td>
+      </tr>
+    </tbody>
+  </table>
+  <p id="source_line">Source: internal cloud.gov Pages analytic data</p>
+</div>
+
+## Caching build dependencies
+
+Sites were installing all required custom software dependencies on each build. This process commonly takes about two or
+three minutes. We replaced this step with a new, opt-out, caching strategy:
+
+- If your dependencies didn’t change from the previous build, we’ll re-download the prior package from a secure cache.
+  This takes about fifteen seconds
+- If your dependencies did change, which doesn’t happen often, we’ll re-install them.
+- Because downloading dependencies from a cache can create some errors, we have
+  an [option to opt-out](https://cloud.gov/pages/documentation/cache-dependencies/#configuration).
+
+We just recently added this change, so we’re still waiting to see the full metrics on how it’s improved build time. But
+many sites using the popular [Jekyll framework](https://jekyllrb.com/) have seen their build time reduced by about three
+minutes. You can see the effect of both of these changes in our median build time since June of last year:
+
+<div class="border bg-white padding-2 margin-bottom-2 margin-top-1 radius-md padding-bottom-0 maxw-tablet">
+
+<h4 class="margin-0">Median Build Times (in minutes) for cloud.gov Pages Sites by Month</h4>
+<p class="margin-top-1 font-sans-2xs text-base margin-bottom--3">Sites were taking about six minutes to build in mid-2022. Publishing improvements in October helped reduce the time by about two minutes. Caching improvements in January reduced the build time by about another minute.</p>
+
+!["Chart - Faster Builds 2"]({{site.baseurl}}/img/content/could-gov-pages-faster-builds-2.svg)
+
+  <table class="usa-sr-only" aria-describedby="source_line">
+    <caption>Median Build Times for cloud.gov Pages Sites by Month</caption>
+    <thead>
+      <tr>
+        <th scope="col"></th>
+        <th scope="col">June</th>
+        <th scope="col">July</th>
+        <th scope="col">August</th>
+        <th scope="col">September</th>
+        <th scope="col">October</th>
+        <th scope="col">November</th>
+        <th scope="col">December</th>
+        <th scope="col">January</th>
+        <th scope="col">February</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <th scope="row">Median build times in minutes</th>
+        <td>5.2</td>
+        <td>5.9</td>
+        <td>5.5</td>
+        <td>5.7</td>
+        <td>5.6</td>
+        <td>4.5</td>
+        <td>3.5</td>
+        <td>3.3</td>
+        <td>2.7</td>
+      </tr>
+    </tbody>
+  </table>
+  <p id="source_line">Source: internal cloud.gov Pages analytic data</p>
+</div>
+
+Please [let us know](mailto:inquiries@cloud.gov) if these new features have helped you out or you’d like to try [cloud.gov Pages](https://cloud.gov/pages).
diff --git a/content/news/articles/2023-03-08-cloud-gov-pages-cve-2022-28923.md b/content/news/articles/2023-03-08-cloud-gov-pages-cve-2022-28923.md
new file mode 100644
index 0000000..ec90454
--- /dev/null
+++ b/content/news/articles/2023-03-08-cloud-gov-pages-cve-2022-28923.md
@@ -0,0 +1,9 @@
+---
+layout: layouts/post
+tags: news
+title: Cloud.gov Pages Fix CVE-2022-28923
+date: 2023-03-08
+excerpt: After reports of an open redirection vulnerability on cloud.gov Pages sites, we updated our platform's proxy to handle possible vulnerable requests.
+---
+
+On Tuesday March 7th, 2023, we received reports that cloud.gov Pages sites were susceptible to an open redirection vulnerability which could allow a nefarious actor to redirect users to phishing websites via crafted URLs. You can read about the NIST [CVE-2022-28923](https://nvd.nist.gov/vuln/detail/CVE-2022-28923) for more information. After verifying the reports, we released an update to our proxy in the afternoon of Tuesday March 7th, 2023 to handle any nefarious URL's with a 404 response. We also invalidated the CDN caches on customer's production domains to remove any potentially cached redirects.
diff --git a/content/news/articles/2023-03-16-release-notes.md b/content/news/articles/2023-03-16-release-notes.md
new file mode 100644
index 0000000..fc8e50d
--- /dev/null
+++ b/content/news/articles/2023-03-16-release-notes.md
@@ -0,0 +1,133 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-03-16
+title: "March 16th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates. Happy March Madness!
+---
+
+# Change Log
+
+## Customer Facing Changes
+---
+### Binary Buildpack - v1.1.3 up from v1.1.2
+* Updating github-config
+  * Uncached buildpack SHA256: 5523f4077d792b386671421f31899f409ea8ce5b8ae781cb4f84358cd138b5fd
+  * Uncached buildpack SHA256: 5dd66be045a50d1e4f1dc12e317e85add9fbe74734b3f9882a8a02578b66809f
+  * Uncached buildpack SHA256: 50836f839547c13d6ef435d87ce8e2b4863fdfe32343a26514d321cc8455d177
+  * Uncached buildpack SHA256: 1f72560521b626e5012934f39f62d31192f6bf8c3b6ec5a91f5216ff1e36b5ae
+
+### CFLinuxfs3 - 0.356.0 up from 0.352.0
+* USN-5923-1 USN-5923-1: LibTIFF vulnerabilities
+* USN-5767-3 USN-5767-3: Python vulnerability
+* USN-5921-1 USN-5921-1: rsync vulnerabilities
+* USN-5871-2 USN-5871-2: Git regression
+* USN-5900-1 USN-5900-1: tar vulnerability
+* USN-5891-1 USN-5891-1: curl vulnerabilities
+* USN-5870-1 USN-5870-1: apr-util vulnerability
+* USN-5871-1 USN-5871-1: Git vulnerabilities
+* USN-5855-1 USN-5855-1: ImageMagick vulnerabilities
+
+### CFLinuxfs4 - 0.72.0 up from 0.64.0
+* USN-5923-1 USN-5923-1: LibTIFF vulnerabilities
+* USN-5921-1 USN-5921-1: rsync vulnerabilities
+* USN-5908-1 USN-5908-1: Sudo vulnerability
+* USN-5900-1 USN-5900-1: tar vulnerability
+* USN-5901-1 USN-5901-1: GnuTLS vulnerability
+* USN-5891-1 USN-5891-1: curl vulnerabilities
+* USN-5885-1 USN-5885-1: APR vulnerability
+
+### Dotnet-Core-Buildpack - 2.4.8 up from 2.4.7
+* Add dotnet-runtime 6.0.14, remove dotnet-runtime 6.0.13 (#748)
+* Add dotnet-aspnetcore 6.0.14, remove dotnet-aspnetcore 6.0.13 (#747)
+* Add dotnet-runtime 7.0.3, remove dotnet-runtime 7.0.2 (#746)
+* Add dotnet-aspnetcore 7.0.3, remove dotnet-aspnetcore 7.0.2 (#745)
+* Add dotnet-sdk 7.0.200, remove dotnet-sdk 7.0.102 (#744)
+* Add dotnet-sdk 6.0.406, remove dotnet-sdk 6.0.405 (#742)
+* Add node 18.14.2, remove node 18.14.0 (#743)
+    for stack(s) cflinuxfs3, cflinuxfs4
+* Update libbuildpack-dynatrace (#691)
+* Removes compatibility table that only exists for brats tests and replaces it with simpler logic
+
+### Go-Buildpack 1.10.6 up from 1.10.4
+* Add go 1.20.1
+for stack(s) cflinuxfs3, cflinuxfs4
+
+### Nginx-Buildpack 1.2.1 up from 1.2.0
+* Bump github.com/Dynatrace/libbuildpack-dynatrace from 1.5.1 to 1.5.2 (#186)
+* Updating github-config
+
+### NodeJS Buildpack v1.8.6 up from v1.8.5
+* Add node 18.14.1, remove node 18.12.1 for stack(s) cflinuxfs4, cflinuxfs3
+* Add node 16.19.1, remove node 16.18.1 for stack(s) cflinuxfs3, cflinuxfs4
+* Add node 14.21.3, remove node 14.21.1 for stack(s) cflinuxfs3, cflinuxfs4
+* Update Node 16.x deprecation date (Nodejs update on SSL deprecation) ref
+
+### PHP buildpack v4.6.0 up fron v4.5.0
+* Add composer 2.5.4, remove composer 2.5.2 for stack(s) cflinuxfs4, cflinuxfs3
+* Bump newrelic to 10.6.0.318
+* Add appdynamics 23.2.0-684, remove appdynamics 22.12.1-677 for stack(s) cflinuxfs4, cflinuxfs3
+* Add cflinuxfs4 stack support
+
+## Platform Changes
+---
+### Cf-cli release - v1.44 up from v1.41
+| Major version |Prior version |	Current version
+| -----| -----| -----|
+| v8	| 8.5.0	| 8.6.0
+|v7	| 7.5.0	| 7.6.0
+|v6	| 6.53.0 | 6.53.0
+
+### CF-Networking - v3.23.0 up from v3.22.0
+* Bump to go 1.20.1
+* Update healthchecker to 0.4.0
+* Increase startup delay default to 30 seconds PR
+
+### Diego Release - v2.72.0 up from v2.71.0
+* Envoy bump to 1.25.1
+* Metric tags can be updated for running containers
+* Support for configurable entrypoints in buildpackapplifecycle (cloudfoundry/buildpackapplifecycle#58)
+
+### Garden-Runc 1.25.0 up from 1.23.0
+* Bump runc version to 1.1.4
+* Bump containerd version to 1.6.19
+* Fix #233
+* Remove xfs-progs blob from release by @winkingturtle-vmw in #243
+* Build iptables with musl and disable sharing by @winkingturtle-vmw in #251
+* Build containerd from guardian by @winkingturtle-vmw in #253
+* Bring back xfsprogs by @winkingturtle-vmw in #254
+* Bump to go 1.20
+* Update healthchecker to 0.4.0
+* Increase startup delay default to 30 seconds PR
+
+### Loggregator-Agent 7.1.0 up from 7.0.0
+* Add app-id and drain url in the error message
+* Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped
+
+### Nats 56 up from 54
+* Built with go 1.19.4
+
+### Prometheus 28.0.0 up from 27.2.2
+* prometheus features can be enabled using spec prometheus.enable_features (#455, thanks @chitoku-k )
+* cloudfoundry and bosh dashboards are fixed for Grafana 9 (fixes #453, #456, thanks @psycofdj)
+* bump cf_exporter to v1.0.0 and rework job config (#457, #458, thanks @benjaminguttmann-avtq @psycofdj )
+* ops-file manifests/operators/enable-cf-api-v3.yml has been deleted, use of v3 API is implied in new version of exporter
+* nginx is aware of hosts file changes (#454, thanks @dark5un)
+* various bumps (thanks @benjaminguttmann-avtq)
+  * Stackdriver Exporter to v0.13.0
+  * Redis Exporter to v1.48.0
+  * Memcached Exporter to 0.11.2
+  * InfluxDB Exporter to v0.11.3
+  * HAProxy Exporter to v0.15.0
+  * Graphite Exporter to 0.13.3
+  * Grafana to 9.4.3
+  * Prometheus to v2.42.0
+
+### Routing 0.259.0 up from 0.257.0
+* Update healthchecker to 0.4.0
+* Increase startup delay default to 30 seconds PR
+* Upgrade golang to 1.20.1
+* No changes from last version.
+* Fixing CI so that artifacts are generated correctly for github release.
+
+
diff --git a/content/news/articles/2023-03-28-cflinuxfs3-deprecation.md b/content/news/articles/2023-03-28-cflinuxfs3-deprecation.md
new file mode 100644
index 0000000..86348c4
--- /dev/null
+++ b/content/news/articles/2023-03-28-cflinuxfs3-deprecation.md
@@ -0,0 +1,99 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-03-28
+title: "Deprecation of cflinuxfs3" 
+excerpt: Ubuntu 22.04 stack (cflinuxfs4) buildpacks are here and Ubuntu 18.04 (cflinuxfs3) are retiring, test and upgrade your apps now!
+---
+
+
+> ***Important Update - 4/27/2023*** : The original instructions indicated that a `cf restage` will move apps to cflinuxfs4.  It does not, you have to `cf push -s STACK_NAME` your application.
+
+> ***Important Update - 5/16/2023*** : The deprecation dates for cflinuxfs3 have been pushed out from the original date of 5/10/2023 to the dates now seen in the document.
+
+# Deprecation of cflinuxfs3
+
+## Ubuntu 22.04 stack (cflinuxfs4) buildpacks are here and Ubuntu 18.04 (cflinuxfs3) are retiring: Test and upgrade your apps now!
+
+
+The base OS image used by your cloud.gov applications is called a "stack". The stack we’ve provided to date is called `cflinuxfs3`, and it’s based on Ubuntu 18.04 LTS, released originally in mid 2018 with continuous security updates since then. `cflinuxfs4` is a new OS image based on Ubuntu 22.04 LTS, and it’s already available for your use. We’ll be making cflinuxfs4 the default stack in cloud.gov on April 27th. In addition, Ubuntu 18.04 will likely no longer receive security updates in May, so we will stop supporting cflinuxfs3 in cloud.gov May 10th.
+
+### Who is impacted?
+
+If you push your Cloud Foundry applications as Docker containers with `cf push --docker-image `, these changes do not impact you.
+
+However, most cloud.gov customers deploy their applications using buildpacks, and their apps don’t have any dependency on the particular OS version that runs them. If that describes you, this upgrade will probably be a miraculous non-event… You can request the new stack at your next cf push with a stack parameter and carry on as you always have.
+
+However, there may be exceptions! For example, you may have used the `apt-buildpack` to ensure that a particular library or utility is installed when your app is deployed. In that case, you might run into problems if the location or name of that dependency has changed between Ubuntu 18.04 and Ubuntu 22.04.  You'll also want to be sure to use the newest [v0.3.0](https://github.com/cloudfoundry/apt-buildpack/releases/tag/v0.3.0) version of this release which supports cflinuxfs4.
+
+### What should you do now?
+
+If you are using buildpacks to build your apps, you should try out the new cflinuxfs4 stack before we make it the default on April 27th. Check out the [Cloud Foundry stack docs](https://docs.cloudfoundry.org/devguide/deploy-apps/stacks.html) to see how. To change your stack and re-push your app, run the following command:
+
+```shell
+cf push MY-APP -s cflinuxfs4
+```
+
+### What happens if your testing fails?
+
+
+If you find problems, you can continue using the deprecated cflinuxfs3 stack until you’ve resolved any issues and are ready to transition your apps.  After April 27th you can use the following command to temporarily use the older stack:
+
+```shell
+cf push MY-APP -s cflinuxfs3
+```
+
+
+However, this is only a temporary solution because cflinuxfs3 will be removed as an option after May 10th. Plan to make the switch soon so you’re not up against the deadline!
+
+
+### Checking your progress
+
+#### Option 1 - Use the Dashboard UI for individual apps
+
+You can use the Stratos UI dashboard at `https://dashboard.fr.cloud.gov/` and navigate to "Applications > select an app > Build info" to see what stack version each of your applications is using.  If it says "cflinuxfs3" you still need to upgade your stack by repushing your application with the stack paramter.
+
+#### Option 2 - Use the CF cli for all apps
+
+To quickly see the which of your applications are still using `cflinuxfs3`, the following script can be used.  Note that it requires you to be logged in with the CF cli, target an org and have `jq` installed:
+
+
+
+```shell
+cf curl "/v3/apps?per_page=5000&include=space.organization" | jq '(.included.spaces | INDEX(.guid)) as $spaces | (.included.organizations | INDEX(.guid)) as $orgs | [ .resources[] | select(.lifecycle.data.stack == "cflinuxfs3") | {app: .name, org:$orgs[$spaces[.relationships.space.data.guid].relationships.organization.data.guid].name ,space: $spaces[.relationships.space.data.guid].name , lifecycle} ]'
+```
+
+
+(Note of thanks to the folks at SAP who created that command at [https://blogs.sap.com/2023/02/16/deprecation-of-cloud-foundry-stack-cflinuxfs3-and-migration-to-cflinuxfs4/](https://blogs.sap.com/2023/02/16/deprecation-of-cloud-foundry-stack-cflinuxfs3-and-migration-to-cflinuxfs4/)  )
+
+
+
+### Timeline
+
+| When | What | Available Stacks | Default Stack |
+| ----------------|-------------|------------------|---------------|
+| **March 23** | Roll out all cflinuxfs4 buildpacks | cflinuxfs3, cflinuxfs4 | cflinuxfs3
+| **March 23 - April 27** | Developers test and update apps to use cflinuxfs4 | cflinuxfs3, cflinuxfs4 | cflinuxfs3
+| **April 27** | Support ends for cflinuxfs3.  All new apps pushed will use cflinuxfs4 by default, existing apps will need to be migrated.  | cflinuxfs3, cflinuxfs4 | **cflinuxfs4**
+| **April 27 - June 29** | Explicitly opt to use cflinuxfs3 if you need more time | cflinuxfs3, cflinuxfs4 | **cflinuxfs4**
+| **June 29**  | cflinuxfs3 buildpacks will be retired from the platform, apps needing cflinuxfs3 buildpacks will need to reference them via URL on the cf push |  cflinuxfs3, cflinuxfs4 | **cflinuxfs4**
+| **Sept 28** | Only cflinuxfs4 will be available, this is a breaking change for apps not updated to use cflinuxfs4 |  cflinuxfs4 | **cflinuxfs4**
+
+
+
+### Platform Buildpacks
+
+| Buildpack Name | Version | Exists for Both Stacks |
+|----------------|---------|--------|
+| staticfile_buildpack  | v1.6.0  | Yes
+| java_buildpack        | v4.54   | Yes
+| ruby_buildpack        | v1.9.3  | Yes
+| dotnet_core_buildpack | v2.4.8  | Yes
+| nodejs_buildpack      | v1.8.7  | Yes
+| go_buildpack          | v1.10.6 | Yes
+| python_buildpack      | v1.8.8  | Yes
+| php_buildpack         | v4.6.1  | Yes
+| binary_buildpack      | v1.1.3  | Yes
+| nginx_buildpack       | v1.2.1  | Yes
+| r_buildpack           | v1.2.0  | Yes
+
diff --git a/content/news/articles/2023-04-19-opensearch-maintenance.md b/content/news/articles/2023-04-19-opensearch-maintenance.md
new file mode 100644
index 0000000..9b986de
--- /dev/null
+++ b/content/news/articles/2023-04-19-opensearch-maintenance.md
@@ -0,0 +1,29 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-04-19
+title: "Off-peak windows now defined for all brokered Elasticsearch/Opensearch domains"
+excerpt: We have configured off-peak windows for software updates on all brokered Elasticsearch/Opensearch domains to minimize service disruption.
+---
+
+## Background
+
+[Periodically, AWS pushes out required software updates for Elasticsearch/Opensearch](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/service-software.html). While these updates are applied using a blue/green deployment to minimize disruption, it is still possible for customers to experience partial downtime or outages for their domains during the upgrade.
+
+To give customers more control over when updates are applied to their domains, [in February 2023 AWS released a new feature for Elasticsearch/Opensearch domains called off-peak windows](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html). Off-peak windows are a daily 10-hour block of time defined by customers to control when software updates can be scheduled.
+
+While AWS automatically enables and defines off-peak windows for domains **created after February 16 2023**, any domains created before this date do not have off-peak windows defined.
+
+## What we did
+
+[To give all of our customers the benefit of off-peak windows, **the cloud.gov team enabled off-peak windows for any domains where they were not already enabled**](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/off-peak.html#off-peak-enable). A default off-peak window of `00:00 UTC - 10:00 UTC` was applied to these domains.
+
+**All Elasticsearch/Opensearch domains managed by cloud.gov now have off-peak windows enabled.**
+
+Furthermore, for many of the domains which had newly created off-peak windows, there were already pending updates scheduled for outside the off-peak window. So the cloud.gov team also **rescheduled all pending updates to occur within the off-peak window**.
+
+## Conclusion
+
+As part of fulfilling our mission to deliver secure, scalable cloud services to our customers, we hope that enabling off-peak windows will minimize Elasticsearch/Opensearch service disruptions from software updates.
+
+If you have any questions about these changes, don't hesitate to contact us at [support@cloud.gov](mailto:support@cloud.gov).
diff --git a/content/news/articles/2023-04-27-cflinuxfs3-deprecation-update.md b/content/news/articles/2023-04-27-cflinuxfs3-deprecation-update.md
new file mode 100644
index 0000000..d450701
--- /dev/null
+++ b/content/news/articles/2023-04-27-cflinuxfs3-deprecation-update.md
@@ -0,0 +1,63 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-04-27
+title: "Upgrading App to cflinuxfs4 Important Update" 
+excerpt: Ubuntu 22.04 stack (cflinuxfs4) buildpacks are here and you likely need to upgrade your existing apps to use the new stack!
+---
+
+# Deprecation of cflinuxfs3
+
+## Ubuntu 22.04 stack (cflinuxfs4) buildpacks are here and Ubuntu 18.04 (cflinuxfs3) are retiring: upgrade your apps now!
+
+
+The base OS image used by your cloud.gov applications is called a "stack". The stack we’ve provided to date is called `cflinuxfs3`, and it’s based on Ubuntu 18.04 LTS, released originally in mid 2018 with continuous security updates since then. `cflinuxfs4` is a new OS image based on Ubuntu 22.04 LTS, and is now default stack in cloud.gov. Ubuntu 18.04 will likely no longer receive security updates in May, so we will stop supporting cflinuxfs3 in cloud.gov May 10th.
+
+### Who is impacted?
+
+If you push your Cloud Foundry applications as Docker containers with `cf push --docker-image `, these changes do not impact you.
+
+However, most cloud.gov customers deploy their applications using buildpacks, and their apps don’t have any dependency on the particular OS version that runs them. If that describes you and you have existing applications running on cloud.gov, this upgrade will impact you and you'll need to update the stack on your applications.
+
+
+### What should you do now for existing apps?
+
+
+For existing applications which were created under `cflinuxfs3` you will need to update the stack declaration to `cflinuxfs4`, there are two common ways of doing this detailed below.  The options below only have to be run once for each application on `cflinuxfs3`, once the stack is set for an application, it is persistent until changed with any of these two steps. 
+
+1. Push the app manually and specify the stack with the cf cli:
+
+   ```shell
+   cf push MY-APP -s cflinuxfs4
+   ```
+
+2. Use the `stack-auditor` cf cli plugin to change the stack without having to push the application.  Documentation for using this plugin is at [https://docs.cloudfoundry.org/adminguide/stack-auditor.html#change-stacks](https://docs.cloudfoundry.org/adminguide/stack-auditor.html#change-stacks), the basic workflow is:
+
+   - Install the plugin
+   - Use the `cf` cli to target the org and space for your existing application
+   - Run `cf change-stack APP-NAME cflinuxfs4` to change the app to the `cflinuxfs4` stack
+
+   Each application will take about a minute or so to run the `cf change-stack...` command depending on the size of the droplet.  
+
+
+### What should you do now for new apps?
+
+For any new applications, simply run a `cf push` to pick up the new `cflinuxfs4` stack:
+
+```shell
+cf push MY-APP
+```
+
+
+
+### Timeline
+
+| When | What | Available Stacks | Default Stack |
+| ----------------|-------------|------------------|---------------|
+| **March 23** | Roll out all cflinuxfs4 buildpacks | cflinuxfs3, cflinuxfs4 | cflinuxfs3
+| **March 23 - April 27** | Developers test and update apps to use cflinuxfs4 | cflinuxfs3, cflinuxfs4 | cflinuxfs3
+| **April 27** | Support ends for cflinuxfs3.  All new apps pushed will use cflinuxfs4 by default, existing apps will need to be migrated.  | cflinuxfs3, cflinuxfs4 | **cflinuxfs4**
+| **April 27 - June 29** | Explicitly opt to use cflinuxfs3 if you need more time | cflinuxfs3, cflinuxfs4 | **cflinuxfs4**
+| **June 29**  | cflinuxfs3 buildpacks will be retired from the platform, apps needing cflinuxfs3 buildpacks will need to reference them via URL on the cf push |  cflinuxfs3, cflinuxfs4 | **cflinuxfs4**
+| **Sept 28** | Only cflinuxfs4 will be available, this is a breaking change for apps not updated to use cflinuxfs4 |  cflinuxfs4 | **cflinuxfs4**
+
diff --git a/content/news/articles/2023-05-01-release-notes.md b/content/news/articles/2023-05-01-release-notes.md
new file mode 100644
index 0000000..10e9cab
--- /dev/null
+++ b/content/news/articles/2023-05-01-release-notes.md
@@ -0,0 +1,195 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-05-01
+title: "May 1st cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log
+
+## Customer Facing Changes
+---
+
+### `cflinuxfs3` Retirement
+
+`cflinuxfs4` is now the default for all new applications.  For existing applications, app maintainers should use `cf push APP_NAME -s cflinuxfs4` or the CF Stack Auditor plugin.  Additional details can be found at [https://cloud.gov/2023/04/27/cflinuxfs3-deprecation-update/](https://cloud.gov/2023/04/27/cflinuxfs3-deprecation-update/)
+
+### Binary Buildpack - v1.1.4 up from v1.1.3
+* Update libbuildpack
+  * Uncached buildpack SHA256: bd2bb05de690ef0cbe6efbf9e1c66b6085dc8efa3ebc186d7202b9e9d54ebd28
+  * Uncached buildpack SHA256: 988d1392de4cffbe26d2be4e9a4487a26f7b16b1b5a27fba98e07266d1883562
+  * Uncached buildpack SHA256: c8689ae3a2b3471f16fbdcac65581690bf9aa5f0d8103cb20d00d93f74837e6e
+  * Uncached buildpack SHA256: 97d7643f51d1b9a7f64d3135d264b03168a5e644f7b31531351f94a951d7a4f5
+
+* tests: replace ruby webserver with a simple netcat program, cflinuxfs4 1.x does not come with ruby on the stack
+
+
+### CFLinuxfs3 - 0.362.0 up from 0.356.0
+* USN-6028-1 USN-6028-1: libxml2 vulnerabilities
+* USN-6005-1 USN-6005-1: Sudo vulnerabilities
+* USN-5995-1 USN-5995-1: Vim vulnerabilities
+* USN-5964-1 USN-5964-1: curl vulnerabilities
+* USN-5963-1 USN-5963-1: Vim vulnerabilities
+* USN-5960-1 USN-5960-1: Python vulnerability:
+* USN-5952-1 USN-5952-1: OpenJPEG vulnerabilities
+* USN-5928-1 USN-5928-1: systemd vulnerabilities
+
+
+
+### CFLinuxfs4 - 1.5.0 up from 0.72.0
+
+This release removes Ruby and Python from the stack. These dependencies were previously installed to support the PHP and Java buildpacks which are written in those languages. Those buildpacks have now been released with versions that bring their own Ruby or Python dependency and therefore these are now being removed from the stack. 
+
+* USN-6005-1 USN-6005-1: Sudo vulnerabilities
+* USN-5995-1 USN-5995-1: Vim vulnerabilities
+* USN-5855-3 USN-5855-3: ImageMagick regression
+* USN-5964-1 USN-5964-1: curl vulnerabilities
+* USN-5963-1 USN-5963-1: Vim vulnerabilities
+* USN-5960-1 USN-5960-1: Python vulnerability
+* USN-5855-2 USN-5855-2: ImageMagick vulnerabilities
+* USN-5928-1 USN-5928-1: systemd vulnerabilities
+
+
+### Dotnet-Core-Buildpack - 2.4.10 up from 2.4.8
+
+* Update libbuildpack
+* Bump github.com/onsi/gomega from 1.27.2 to 1.27.6
+* Bumps github.com/onsi/gomega from 1.27.2 to 1.27.6.
+* Add node 18.15.0, remove node 18.14.2 (#755) for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-aspnetcore 6.0.15, remove dotnet-aspnetcore 6.0.14 (#763) for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-runtime 6.0.15, remove dotnet-runtime 6.0.14 (#762) for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-sdk 6.0.407, remove dotnet-sdk 6.0.406 (#761) for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-sdk 7.0.202, remove dotnet-sdk 7.0.200 (#760) (#750) for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-aspnetcore 7.0.4, remove dotnet-aspnetcore 7.0.3 (#759) for stack(s) cflinuxfs4, cflinuxfs3
+* Add dotnet-runtime 7.0.4, remove dotnet-runtime 7.0.3 (#758) for stack(s) cflinuxfs4, cflinuxfs3
+
+### Go-Buildpack 1.10.8 up from 1.10.6
+* Bump github.com/cloudfoundry/switchblade from 0.2.0 to 0.3.0
+* Add go 1.19.8, remove go 1.19.6 for stack(s) cflinuxfs4, cflinuxfs3
+* Add go 1.20.3, remove go 1.20.1 for stack(s) cflinuxfs3, cflinuxfs4
+* Bump libbuildpack to pull in retry with exponential backoff.
+* Deprecate go1.18
+
+### Java-Buildpack 4.57 up from 4.56
+* This release fixes a bug with the Container Security Provider library, in which a race condition could result in mismatched private-key and certificate pairs when Diego rotated these credentials for the container. [See this issue for more details](https://github.com/cloudfoundry/java-buildpack-security-provider/issues/8).
+* This release also contains the following:
+  * The Azul Zing JRE contained a bug when generating the Java Opts, fixed with #1008 (thanks to @schelini)
+  * Update to the geode_store dependency (thanks to @BenjaminPerryRoss)
+For a more detailed look at the changes in 4.57, please take a look at the [commit log](https://github.com/cloudfoundry/java-buildpack/compare/v4.56...v4.57). The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.
+
+
+### Nginx-Buildpack 1.2.2 up from 1.2.1
+* Add nginx 1.23.4, remove nginx 1.23.3 for stack(s) cflinuxfs3, cflinuxfs4 (https://www.pivotaltracker.com/story/show/184817118)
+* Update libbuildpack
+* Bump github.com/miekg/dns from 1.1.52 to 1.1.53
+* Bump github.com/onsi/gomega from 1.26.0 to 1.27.5
+
+### NodeJS Buildpack v1.8.9 up from v1.8.6
+* Add node 16.20.0, remove node 16.19.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Don't run yarn check which creates a duplicate cache. Instead, we can add the --check-files flag to the yarn install command and get the same outcome.
+* Bring our own Python for node-gyp
+* Add node 18.15.0, remove node 18.13.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Uncached buildpack SHA256: adde57eaf1aa543c2a12565a0a211dfddb8d591333d47ab0eeb744f1afe6ced3
+* Uncached buildpack SHA256: c964c655974ec1e5b85d88d317372f9fd2276727538a175d5067c040f89c480c
+
+
+
+### PHP buildpack v4.6.4 up from v4.6.0
+* update go modules
+* bump default nginx version
+* Add nginx 1.23.4, remove nginx 1.23.3 (#857) for stack(s) cflinuxfs4, cflinuxfs3
+* Install bootstrapped Ruby into php-buildpack specific location (#855)
+* Add composer 2.5.5, remove composer 2.5.4 for stack(s) cflinuxfs4, cflinuxfs3
+* BYO Ruby (Required by the buildpack)
+* Add httpd 2.4.56, remove httpd 2.4.55 (#845) for stack(s) cflinuxfs3, cflinuxfs4 (https://www.pivotaltracker.com/story/show/184641061)
+
+
+### Python buildpack v1.8.9 up from v1.8.8
+* Add python 3.10.11, remove python 3.10.10 for stack(s) cflinuxfs3, cflinuxfs4
+* Add python 3.11.3, remove python 3.11.2 for stack(s) cflinuxfs4, cflinuxfs3
+* Add setuptools 67.6.1, remove setuptools 67.4.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Add pipenv 2023.3.20, remove pipenv 2023.2.18 for stack(s) cflinuxfs4, cflinuxfs3
+* Fix problem with AppDynamics hook (now it supports user-provided services)
+
+### R buildpack v1.2.1 up from v1.2.0
+* Update libbuildpack
+
+### Ruby buildpack v1.10.1 up from v1.9.4
+* Add bundler 2.4.11, remove bundler 2.4.10 for stack(s) cflinuxfs4, cflinuxfs3 (#784)
+* Add rubygems 3.4.11, remove rubygems 3.4.10 for stack(s) cflinuxfs4, cflinuxfs3 (#783)
+* Add ruby 3.1.4, remove ruby 3.1.2 for stack(s) cflinuxfs4, cflinuxfs3 (#782)
+* Add ruby 3.2.2, remove ruby 3.2.0 for stack(s) cflinuxfs4, cflinuxfs3 (#776)
+* Add ruby 3.0.6, remove ruby 3.0.4 for stack(s) cflinuxfs3 (#775)
+* Remove support for Ruby 2.7 (#773)
+* Bump github.com/onsi/gomega from 1.27.4 to 1.27.5 (#768)
+* Add rubygems 3.4.10, remove rubygems 3.4.8 (#769) for stack(s) cflinuxfs4, cflinuxfs3
+* Add bundler 2.4.10, remove bundler 2.4.8 (#770) for stack(s) cflinuxfs4, cflinuxfs3
+
+
+### Staticfile buildpack v1.6.2 up from v1.6.1
+* Add nginx 1.23.4, remove nginx 1.23.3 for stack(s) cflinuxfs3, cflinuxfs4 (https://www.pivotaltracker.com/story/show/184817130)
+* Update libbuildpack
+* Bump github.com/onsi/gomega from 1.27.5 to 1.27.6
+
+
+## Platform Changes
+---
+
+### CAPI - v1.150.0 up from v1.480.0
+
+* CC API Version: 2.201.0 and 3.136.0
+* CAPI Release
+  * Bump Ruby to 3.2.2
+  * Ensure Post Backup Unlock always restarts local workers #289
+  * Use bosh link for cloud_controller_worker stacks #299
+* Dependency Bumps
+  * Bump Ruby to 3.2.2
+  * bump rubocop from 1.48.1 to 1.49.0 in /spec
+  * bump Golang to go1.20.3
+* Cloud Controller
+  * Add generic Korifi error cloudfoundry/cloud_controller_ng#3205
+  * Add db indexes for better performance cloudfoundry/cloud_controller_ng#3108
+
+
+
+### Garden-Runc 1.27.0 up from 1.25.0
+* Bump ginkgo to v2 and lager to v3
+* Built with go 1.20.3
+* Bump runc version to 1.1.4
+* Bump containerd version to 1.6.19
+
+### Log-Cache 3.0.1 up from 3.0.0
+* Bump dependencies
+
+
+### Loggregator 107.0.3 up from 107.0.2
+* Upgrade to go 1.20.2
+* Bump dependencies
+* Remove unused metron_endpoint.dropsonde_port property in #534
+
+### Loggregator-Agent 7.2.0 up from 7.1.0
+* Bump golang.org/x/net from 0.8.0 to 0.9.0 in /src by @dependabot in #283
+* Add mtls options to aggregate drains. by @Benjamintf1 in #276
+* switch gorilla with chi by @Benjamintf1 in #285
+* Upgrade to go 1.20.2
+
+### Node-exporter 5.1.0 up from 5.0.0
+* bump Node-Exporter to v1.5.0
+* Deprecate node_exporter.collector.filesystem.ignored_mount_points in favor of node_exporter.collector.filesystem.mount_points_exclude
+* Deprecate node_exporter.collector.filesystem.ignored_fs_types in favor of node_exporter.collector.filesystem.fs_types_exclude
+
+### UAA 76.10.0 up from 76.8.0
+* Features
+  * Bump to UAA v76.10.0
+  * add support for TLSv1.3 by @adam-jian-zhang in #539
+  * Add 2 new options signingAlg and signingCert to JWT token policy.
+* Dependency bumps
+  * Upgrade Newrelic to version 8.1.0
+  * Upgrade Tomcat to version 9.0.74
+  * Upgrade Bellsoft JDK to version 11.0.19+7
+  * Bump github.com/cloudfoundry/bosh-utils from 0.0.360 to 0.0.361 in /src/acceptance_tests by @dependabot in #564
+  * Bump rspec-core from 3.12.1 to 3.12.2 by @dependabot in #567
+  * Bump rspec-expectations from 3.12.2 to 3.12.3 by @dependabot in #568
+
+
diff --git a/content/news/articles/2023-05-16-cflinuxfs3-buildpack-deprecation.md b/content/news/articles/2023-05-16-cflinuxfs3-buildpack-deprecation.md
new file mode 100644
index 0000000..034234e
--- /dev/null
+++ b/content/news/articles/2023-05-16-cflinuxfs3-buildpack-deprecation.md
@@ -0,0 +1,70 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-05-16
+title: "Deprecation Notice for cflinuxfs3 stack and cflinuxfs3 Buildpacks" 
+excerpt: cflinuxfs4 buildpacks are here and cflinuxfs3 buildpacks are retiring, upgrade your apps now!
+---
+
+
+
+# Deprecation Notice for cflinuxfs3 stack and cflinuxfs3 Buildpacks
+
+
+The base OS image used by your cloud.gov applications is called a "stack". The stack we’ve provided to date is called `cflinuxfs3`, and it’s based on Ubuntu 18.04 LTS, released originally in mid 2018 with continuous security updates since then. `cflinuxfs4` is a new OS image based on Ubuntu 22.04 LTS, and is now default stack in cloud.gov. 
+
+### Important Dates
+Ubuntu 18.04 will likely no longer receive security updates in May, so we will stop supporting the cflinuxfs3 stack and buildpacks in cloud.gov.  What this means is: 
+
+ - On **June 29th, 2023** the platform will no longer provide cflinuxfs3 buildpacks. Applications will need to reference an external buildpack to continue to push updated versions of cflinuxfs3 applications.  Existing cflinuxfs3 applications will continue to restart without intervention.
+ - On **September 28th, 2023**, all support for cflinuxfs3 will end and all applications still on this stack will stop and cannot be started unless migrated to cflinuxfs4.
+
+
+Ubuntu 18.04 will likely no longer receive security updates in May, so we will stop supporting cflinuxfs3 in cloud.gov May 10th.
+
+### Who is impacted?
+
+If you push your Cloud Foundry applications as Docker containers with `cf push --docker-image `, these changes do not impact you.
+
+However, most cloud.gov customers deploy their applications using buildpacks, and their apps don’t have any dependency on the particular OS version that runs them. If that describes you and you have existing applications running on cloud.gov, this upgrade will impact you and you'll need to update the stack on your applications.
+
+
+### What should you do now for existing apps?
+
+
+For existing applications which were created under `cflinuxfs3` you will need to update the stack declaration to `cflinuxfs4`, there are two common ways of doing this detailed below.  The options below only have to be run once for each application on `cflinuxfs3`, once the stack is set for an application, it is persistent until changed with any of these two steps. 
+
+1. Push the app manually and specify the stack with the cf cli:
+
+   ```shell
+   cf push MY-APP -s cflinuxfs4
+   ```
+
+2. Use the `stack-auditor` cf cli plugin to change the stack without having to push the application.  Documentation for using this plugin is at [https://docs.cloudfoundry.org/adminguide/stack-auditor.html#change-stacks](https://docs.cloudfoundry.org/adminguide/stack-auditor.html#change-stacks), the basic workflow is:
+
+   - Install the plugin
+   - Use the `cf` cli to target the org and space for your existing application
+   - Run `cf change-stack APP-NAME cflinuxfs4` to change the app to the `cflinuxfs4` stack
+
+   Each application will take about a minute or so to run the `cf change-stack...` command depending on the size of the droplet.  
+
+
+### What should you do now for new apps?
+
+For any new applications, simply run a `cf push` to pick up the new `cflinuxfs4` stack:
+
+```shell
+cf push MY-APP
+```
+
+### How do you push a cflinuxfs3 app with an external buildpack?
+
+Until September 28th, 2023, you can use an external buildpack to push apps to the cflinuxfs3 stack by referencing a URL in a `cf push` command.  As an example, to push a Ruby app using 2.7.6 on cflinuxfs3:
+
+```shell
+cf push MY-APP -b https://github.com/cloudfoundry/ruby-buildpack/releases/download/v1.9.4/ruby-buildpack-cflinuxfs3-v1.9.4.zip -s cflinuxfs3
+```
+
+Many of the external buildpacks can be found on Github at [https://github.com/cloudfoundry?q=buildpacks&type=all&language=&sort=](https://github.com/cloudfoundry?q=buildpacks&type=all&language=&sort=)
+
+
diff --git a/content/news/articles/2023-05-30-cloud-gov-pages-jekyll-ruby-upgrade.md b/content/news/articles/2023-05-30-cloud-gov-pages-jekyll-ruby-upgrade.md
new file mode 100644
index 0000000..2bae558
--- /dev/null
+++ b/content/news/articles/2023-05-30-cloud-gov-pages-jekyll-ruby-upgrade.md
@@ -0,0 +1,55 @@
+---
+layout: layouts/post
+tags: news
+title: Upgrading a Jekyll site to Ruby 3.1
+date: 2023-05-24
+excerpt: "Ruby 2.7 has reached “end of life” so we’re providing instructions on how to upgrade your Jekyll site to use Ruby 3.1. Cloud.gov Pages will continue supporting Ruby 2.7 builds for six months, but then only Ruby 3 versions will be supported."
+---
+
+Ruby 2.7 has reached “end of life” so we’re providing instructions on how to upgrade your Jekyll site to use Ruby 3.1. Cloud.gov Pages will continue supporting Ruby 2.7 builds for six months, but then only Ruby 3 versions will be supported. 
+
+The main difficulty with upgrading a site to use a newer version of Ruby is that one or more of your required Gems could break when changing Ruby versions. This is notably the case for `jekyll-assets`. If you don’t have that dependency, this could be a relatively straightforward upgrade. We recently upgraded our own [Jekyll template repo](https://github.com/cloud-gov/pages-uswds-jekyll) which you can check out for reference.
+
+## Instructions for sites without jekyll-assets
+
+If you don’t see `jekyll-assets` in your `Gemfile` or `Gemfile.lock`, you don’t have a dependency on `jekyll-assets` and you might be able to upgrade to Ruby 3.1 with just a few steps:
+- Create a file called `.ruby-version` in your site folder which contains the string `3.1`. If you already have this file, you can replace the previous version with `3.1`
+- If you have any other site-specific scripts which specify the ruby version, update these as well.
+- Add or change your specified Ruby version (e.g. `ruby '~> 3.1'`).Delete your previous `Gemfile.lock` and regenerate by running `bundle install`
+  - If this command adds a new `PLATFORM` to your `Gemfile.lock`, and it’s anything other than `ruby`, remove it with the following command:
+    - `bundle lock --remove-platform example_platform_name`. For example `bundle lock --remove-platform arm64-darwin-21`
+- Commit and push all these changes to see if the cloud.gov Pages build succeeds!
+
+## Instructions for sites with jekyll-assets
+
+Jekyll Assets is a helpful gem for compiling SASS, JS, and image files into your final jekyll build. Unfortunately it is unmaintained and hasn’t been updated in three years. It also doesn’t support Ruby 3. So if you remove it, you’ll need alternative ways to make sure your SASS, JS, and image files are included in your site build correctly. 
+We’ve documented the migration process in a [PR to our deprecated jekyll template](https://github.com/cloud-gov/pages-uswds-jekyll/pull/314) and included the main steps below. Your site may have specific customizations which make some of these steps not applicable.
+- Create a file called `.ruby-version`  in your site folder which contains the string `3.1`. If you already have this file, you can replace the previous version with `3.1`.
+- If you have any other site-specific scripts which specify the ruby version, update these as well.
+- Remove `jekyll-assets` from your `Gemfile`. Add or change your specified Ruby version (e.g. `ruby '~> 3.1'`). Delete your previous `Gemfile.lock` and regenerate by running `bundle install`
+  - If this command adds a new `PLATFORM` to your `Gemfile.lock`, and it’s anything other than `ruby`, remove it with the following command:
+    - `bundle lock --remove-platform example_platform_name`. For example `bundle lock --remove-platform arm64-darwin-21`
+  - You may need to add `ruby` as a platform, as `bundle` now requires at least one platform, using `bundle lock --add-platform ruby`	
+
+- [The hard step] Replace the primary functionality of jekyll-assets:
+  - First move everything from the `_assets` folder to the `assets` folder
+  - Remove any uses of the {% raw %}`{% asset %}`{% endraw %}  liquid tag or `asset_url` function in your content. This tag and function provided a way to find a given asset in any of multiple specified site folders. You’ll likely want to replace this with {% raw %} `{{site.baseurl}}/img/example.png` or `{{ /assets/example.png | relative_url }}`{% endraw %}  where `example.png` is the name of the example file.
+  - Move all SASS partials to a new folder called `_sass`. You can leave the entrypoint SASS file (styles.scss) in `assets/css` but you’ll need to add [two sets of triple dashes to the start of the file](https://jekyllrb.com/docs/assets/).
+  - Add our two helper jekyll plugins to the `_plugins` folder:
+    - [`asset-helper.rb`](https://github.com/cloud-gov/pages-uswds-jekyll/blob/main/_plugins/asset-helper.rb) copies USWDS assets from the `node_modules` folder into your `assets` folder
+    - [`autoprefixer.rb`](https://github.com/cloud-gov/pages-uswds-jekyll/blob/main/_plugins/autoprefixer.rb) roughly recreates the functionality of `jekyll-autoprefixer` and adds vendor prefixes to CSS rules
+  - You’ll need to update `_config.yml` to reflect passing configuration options to our new plugins instead of `jekyll-assets`. You can see an [example configuration change in our template PR](https://github.com/cloud-gov/pages-uswds-jekyll/pull/314/files#diff-ecec67b0e1d7e17a83587c6d27b6baaaa133f42482b07bd3685c77f34b62d883).
+  - Add a new empty file called `.gitkeep` in `assets/uswds` and then add these three lines to `.gitignore` to ignore temporary USWDS assets during the build:
+	
+  ```shell
+  assets/uswds/*
+  !assets/uswds/.gitkeep
+  assets/js/uswds*
+   ```
+  - There are a few css variables you might need to change:
+    - [`theme-font-path` and `theme-image-path`](https://github.com/cloud-gov/pages-uswds-jekyll/pull/314/files#diff-9c2164c6dbe14003458901df1f193e2ac22a958d6fef21a16a439cda577945b9L20-L22)
+    - [`theme-hero-image`](https://github.com/cloud-gov/pages-uswds-jekyll/pull/314/files#diff-e2364fbc077a3a2cae9a0614a089904cff29c043b49ed1627690eebfa6a88522R99)
+
+  Note that these upgrades will temporarily make your site builds slower (but more secure!). We're working on an alternative build container which uses Ruby 3.1 as its default. Please reach out to us at [pages-support@cloud.gov](mailto:pages-support@cloud.gov) with any questions about this process.
+
+
diff --git a/content/news/articles/2023-06-01-compliance-office-hours.md b/content/news/articles/2023-06-01-compliance-office-hours.md
new file mode 100644
index 0000000..f3e897c
--- /dev/null
+++ b/content/news/articles/2023-06-01-compliance-office-hours.md
@@ -0,0 +1,11 @@
+---
+layout: layouts/post
+tags: news
+title: Announcing Compliance Office Hours
+date: 2023-06-01
+excerpt: "Cloud.gov will dedicate the last office hours meeting of every month to compliance-related questions starting June 27."
+---
+
+Cloud.gov holds a weekly Office Hours meeting every Tuesday at 3pm ET for customers to ask questions and share their experiences on the platform. Starting this June, the last Tuesday of the month will be focused on security and compliance. Members of the cloud.gov Compliance team will be in attendance to answer your questions and hear your feedback.
+
+The link to join Office Hours is published in the cloud.gov monthly newsletter. To join the newsletter mailing list or be added directly to the Office Hours meeting, please contact inquiries@cloud.gov. We hope to see you there!
diff --git a/content/news/articles/2023-06-05-aws-ending-support-mysql-57.md b/content/news/articles/2023-06-05-aws-ending-support-mysql-57.md
new file mode 100644
index 0000000..b29d767
--- /dev/null
+++ b/content/news/articles/2023-06-05-aws-ending-support-mysql-57.md
@@ -0,0 +1,89 @@
+---
+layout: layouts/post
+tags: news
+title: Upgrade your databases - AWS ending support for MySQL 5.7 in January/February 2024.
+date: 2023-06-05
+excerpt: "AWS is ending support for MySQL 5.7 databases starting in January/February 2024. Read on for instructions for how to upgrade your brokered databases."
+---
+
+[AWS RDS is ending support for MySQL versions 5.7.x starting in January/February 2024](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Concepts.VersionMgmt.html).
+
+> **Please note:** AWS has updated the end of support for MySQL 5.7 databases to January/February 2024. A previous version of this post said that support for MySQL 5.7 was ending December 2023.
+
+## What this means for you
+
+As a cloud.gov customer, if you are running a MySQL 5.7 database, then you will need to upgrade that database to at least MySQL version 8.0 by January/February 2024. **Affected customers will receive direct outreach from the cloud.gov team.**
+
+To upgrade your database from MySQL 5.7 to 8.0, see the [guidance below](#how-to-upgrade).
+
+If you do not upgrade your database by January/February 2024, then AWS will automatically upgrade your database to the next supported major version (currently 8.0) during the next maintenance window for your database.
+
+## Important dates
+
+|When|What|
+|-|-|
+| **June 5, 2023** | MySQL 5.7 databases can no longer be created on cloud.gov |
+| **June 5 2023 - January/February 2024** | Window for customers to self-upgrade their MySQL databases to 8.0 |
+| **January/February 2024** | MySQL 5.7 databases are fully deprecated by AWS. Any remaining databases are auto-upgraded to the next supported major version. |
+
+## Updates to brokered database plans
+
+As of today, June 5, 2023, it is no longer possible to create an RDS database using MySQL version 5.7 for any of the `mysql` plans in the marketplace. By default, version "8.0" will be used for new MySQL databases.
+
+You can find more information about creating/updating RDS databases on [our database services documentation](({{ site.baseurl }}/docs/services/relational-database)).
+
+## How to upgrade
+
+To upgrade your existing MySQL 5.7 database to MySQL 8.0:
+
+1. Target your organization and space:
+
+    ```shell
+    cf target -o <ORG> -s <SPACE>
+    ```
+
+1. Create a new database service using the same database plan as your MySQL 5.7 database:
+
+    ```shell
+    cf create-service aws-rds <plan-name> <mysql-80-database-name>
+    ```
+
+1. Use the [`cg-manage-rds` plugin](https://github.com/cloud-gov/cg-manage-rds#usage) to export a backup of your MySQL 5.7 database:
+
+    ```shell
+    cg-manage-rds export -f backup.sql <mysql57-database-name>
+    ```
+
+1. Import the backup into your MySQL 8.0 database:
+
+    ```shell
+    cg-manage-rds import -f backup.sql <mysql80-database-name>
+    ```
+
+1. Optionally, use the [`cf-service-connect` plugin](https://github.com/cloud-gov/cf-service-connect) to connect to your MySQL 8.0 database and verify that it contains the expected data:
+
+    ```shell
+    cf connect-to-service <app-name> <mysql80-database-name>
+    ```
+
+1. Bind your MySQL 8.0 database to your application:
+
+    ```shell
+    cf bind-service <app-name> <mysql80-database-name>
+    ```
+
+1. Unbind your MySQL 5.7 database from your application:
+
+    ```shell
+    cf unbind-service <app-name> <mysql57-database-name>
+    ```
+
+1. Restage your application (the `--strategy rolling` flag is optional but ensures no downtime):
+
+    ```shell
+    cf restage <app-name> --strategy rolling
+    ```
+
+1. Verify that your application is still working and operating with the expected data.
+
+If you have any issues with this process, please contact [support@cloud.gov](mailto:support@cloud.gov).
diff --git a/content/news/articles/2023-07-03-independence-day-office-hours.md b/content/news/articles/2023-07-03-independence-day-office-hours.md
new file mode 100644
index 0000000..797043e
--- /dev/null
+++ b/content/news/articles/2023-07-03-independence-day-office-hours.md
@@ -0,0 +1,11 @@
+---
+layout: layouts/post
+tags: news
+title: Independence Day 2023 Office Hours
+date: 2023-07-03
+excerpt: "Cloud.gov office hours will be cancelled on July 4 2023 in observance of Independence Day."
+---
+
+Cloud.gov office hours will be cancelled on July 4 2023 in observance of Independence Day. If you have questions for the platform team, please email support@cloud.gov or join us when office hours returns next week.
+
+For the full list of federal holidays, see [Office of Personnel Management: Federal Holidays](https://www.opm.gov/policy-data-oversight/pay-leave/federal-holidays/#url=2023).
diff --git a/content/news/articles/2023-08-01-fedramp-csp-community.md b/content/news/articles/2023-08-01-fedramp-csp-community.md
new file mode 100644
index 0000000..f9b18bf
--- /dev/null
+++ b/content/news/articles/2023-08-01-fedramp-csp-community.md
@@ -0,0 +1,15 @@
+---
+layout: layouts/post
+tags: news
+title: Announcing FedRAMP CSP Community mailing list
+date: 2023-08-01
+excerpt: "Email cloud-gov-compliance@gsa.gov from your CSP email to join"
+---
+
+Part of the mission of cloud.gov is to improve cloud adoption across the U.S. government, irrespective of vendor. In that vein, we support the FedRAMP®️ Compliance Practitioner Community of Practice, an email listserv supported by GSA's [Digital.gov](https://digital.gov/).
+
+The goal of the community is to bring together people working on FedRAMP compliance to address common questions and concerns.  We strive to maintain an inclusive, professional community that engages in on-topic discussions. The community is not associated with the FedRAMP Program Management Office.
+
+The list is open to compliance staff at CSPs listed at the [FedRAMP Marketplace](https://marketplace.fedramp.gov) as authorized or in-process, or when a CSP has retained a 3PAO to pursue authorization.
+
+You can read all about this at [cloud.gov Compliance Community]({{ site.baseurl }}/docs/compliance/compliance-community), and join today by sending an email to [community@cloud.gov](mailto:community@cloud.gov) from the domain of your FedRAMP CSP.
diff --git a/content/news/articles/2023-09-18-storage-volumes-gp3.md b/content/news/articles/2023-09-18-storage-volumes-gp3.md
new file mode 100644
index 0000000..4b2b018
--- /dev/null
+++ b/content/news/articles/2023-09-18-storage-volumes-gp3.md
@@ -0,0 +1,17 @@
+---
+layout: layouts/post
+tags: news
+title: Brokered storage volumes upgraded to gp3
+date: 2023-09-18
+excerpt: "Storage volumes across all brokered plans have been upgraded to gp3"
+---
+
+### Storage volumes upgraded to gp3
+
+Cloud.gov is happy to announce that we have upgraded all our brokered Elasticsearch/Opensearch plans from `gp2` volumes to the high-performance `gp3` volumes by default. We have also upgraded all of our brokered database plans to use `gp3` as the storage volume type by default.
+
+The `gp3` type comes with an increased max throughput per volume/instance versus the previous `gp2` type. A full breakdown comparison of `gp3` vs `gp2` [can be found here](https://aws.amazon.com/ebs/general-purpose/).
+
+### How does this affect me?
+
+These changes will only be applied to **new services (database, Elasticsearch/Opensearch)** that are created. Existing service instances will continue using `gp2` volumes.
diff --git a/content/news/articles/2023-09-25-federalist-ato.md b/content/news/articles/2023-09-25-federalist-ato.md
new file mode 100644
index 0000000..cd8cbd7
--- /dev/null
+++ b/content/news/articles/2023-09-25-federalist-ato.md
@@ -0,0 +1,11 @@
+---
+layout: layouts/post
+tags: news
+title: cloud.gov Page’s Federalist ATO Extension
+date: 2023-09-25
+excerpt: "The cloud.gov Pages’s Federalist ATO has been extended until February 28th, 2024"
+---
+
+## cloud.gov Page’s Federalist ATO Extension for GSA and non-GSA customers
+
+We are thrilled to announce that the current Federalist ATO has been extended until February 28th, 2024 for all current non-GSA cloud.gov Pages customers and GSA customers alike. While we are excited to share this extension news with you it is crucial to emphasize that the current Federalist ATO will not, under any circumstances, be extended beyond February 28th, 2024. For our non-GSA agencies we understand the importance of predictability and planning for agencies such as your own and we want to ensure that you have adequate time to continue working towards obtaining your own agency specific ATO. We are continuing to research different cloud.gov support options for customers who would like guidance or assistance in navigating the ATO process going forward and we will communicate those to customers soon.   
diff --git a/content/news/articles/2023-10-11-update-existing-instances-gp3-now-available.md b/content/news/articles/2023-10-11-update-existing-instances-gp3-now-available.md
new file mode 100644
index 0000000..fc0e418
--- /dev/null
+++ b/content/news/articles/2023-10-11-update-existing-instances-gp3-now-available.md
@@ -0,0 +1,31 @@
+---
+layout: layouts/post
+tags: news
+title: Updating existing instances to gp3 storage volumes is now supported
+date: 2023-10-11
+excerpt: "Updating to gp3 storage volumes for existing RDS and Elasticsearch/Opensearch instances is now supported"
+---
+
+### Updating existing instances to `gp3` storage volumes is now supported
+
+In a previous post, [we announced that **new** RDS and Elasticsearch/Opensearch instances created on cloud.gov would default to `gp3` for their storage volumes]({{ site.baseurl }}/posts/2023-09-18-storage-volumes-gp3).
+
+We are happy to announce that updating your **existing** RDS and Elasticsearch/Opensearch instances to use `gp3` storage volumes is also now supported on cloud.gov.
+
+### How to update your existing instances
+
+To update an existing RDS instance to use `gp3` storage volumes:
+
+```shell
+cf update-service SERVICE-NAME -c '{"storage_type": "gp3"}'
+```
+
+[There is no expected downtime when updating the storage volume type for an RDS instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html).
+
+To update an existing Elasticsearch/Opensearch instance to use `gp3` storage volumes:
+
+```shell
+cf update-service SERVICE-NAME -c '{"volume_type": "gp3"}'
+```
+
+[Updating the volume type to `gp3` for your Elasticsearch/Opensearch instance **will trigger a blue/green deployment and some amount of downtime**](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-configuration-changes.html#bg) while the instance upgrades.
diff --git a/content/news/articles/2023-11-09-platform-protections.md b/content/news/articles/2023-11-09-platform-protections.md
new file mode 100644
index 0000000..0f9fc55
--- /dev/null
+++ b/content/news/articles/2023-11-09-platform-protections.md
@@ -0,0 +1,12 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-11-09
+title: "New platform protections against malicious activity"
+---
+
+In response to some [recent incidents that caused outages on the platform](https://cloudgov.statuspage.io/incidents/n212qfbrqg83), the cloud.gov team has added new [platform protections against malicious activity]({{ site.baseurl }}/docs/technology/platform-protections). Notably, the team has added rate limiting by IP address to mitigate the effect of surges of malicious traffic on the platform.
+
+Adding these protections furthers our goal to provide a secure and reliable platform for cloud.gov customers. By documenting these protections, we hope to increase transparency about how your applications are protected.
+
+If you have any questions about these new protections or if you think that they may be inadvertently affecting your legitimate traffic on the platform, please contact us at [support@cloud.gov]({{ site.support_email }}). As always, thanks for being a cloud.gov customer!
diff --git a/content/news/articles/2023-11-09-release-notes.md b/content/news/articles/2023-11-09-release-notes.md
new file mode 100644
index 0000000..fe79165
--- /dev/null
+++ b/content/news/articles/2023-11-09-release-notes.md
@@ -0,0 +1,154 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-11-09
+title: "November 9th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log - Happy almost Turkey Day!
+
+## Customer Facing Changes
+---
+
+### CF-Deployment - v33.1.0 to v33.4.0
+
+* Changes below are broken down by component
+
+### CFLinuxfs4 - 1.49.0 up from 1.46.0
+
+Notably, this bump addresses:
+
+* USN-6452-1 USN-6452-1: Vim vulnerabilities:
+* USN-6450-1 USN-6450-1: OpenSSL vulnerabilities:
+
+
+### Java-Buildpack 4.63.0 up from 4.62.0
+
+This release includes the Java quarterly patch releases, as well as updates to the following frameworks/agents:
+
+* AppDynamics
+* Azure App Insights
+* Datadog
+* Elastic APM
+* JRebel
+* Java CfEnv
+* Splunk Otel
+* Tomcat
+
+Working on adding Java 21 support by default, for the moment users can add 21 as a version line in the [config file](https://github.com/cloudfoundry/java-buildpack/blob/main/config/open_jdk_jre.yml) - since the binaries are already available, bundling the buildpack will then include this version.
+
+For a more detailed look at the changes in 4.63.0, please take a look at the [commit log](https://github.com/cloudfoundry/java-buildpack/compare/v4.62.0...v4.63.0). The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.
+
+
+### NodeJS Buildpack v1.8.19 up from v1.8.18
+* Add node 20.9.0, remove node 20.8.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Uncached buildpack SHA256: 61cc8acec791d0b4014b252811d841ac5c569b3fd003b194135f248c4bbec260
+* Uncached buildpack SHA256: cf9cab4597267890f03b746134e0af4c8af9bcfc4ba9c146148d9c978c23ff35
+
+
+### CF CLI  1.50.0 up from 1.49.0
+
+This release contains the following versions of the CF CLI
+
+
+| Major Version | Prior Version | Current Version |
+| --------------|---------------|-----------------|
+| v8 | 8.7.3 | [8.7.4](https://github.com/cloudfoundry/cli/releases/tag/v8.7.4) |
+| v7 | 7.7.3 | [7.7.4](https://github.com/cloudfoundry/cli/releases/tag/v7.7.4) |
+| v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0) |
+
+
+
+## Platform Changes
+---
+
+
+### CAPI - v1.164.0 up from v1.163.0
+
+
+* CC API Version: 2.215.0 and 3.150.0
+* Service Broker API Version: 2.15
+* CAPI Release
+  * Bump rubocop from 1.56.4 to 1.57.2
+  * Bump Redis from 7.2.1 to 7.2.2
+  * Bump rubocop-rspec from 2.24.1 to 2.25.0
+* Cloud Controller
+  * Restructure runner spec [cloudfoundry/cloud_controller_ng#3462](https://github.com/cloudfoundry/cloud_controller_ng/pull/3462)
+  * Throw different error when route binding status is delete_failed or delete_in_progess / Treat route binding in status create_failed as non-existent [cloudfoundry/cloud_controller_ng#3469](https://github.com/cloudfoundry/cloud_controller_ng/pull/3469)
+  * Use consistent hash structure for process stats [cloudfoundry/cloud_controller_ng#3470](https://github.com/cloudfoundry/cloud_controller_ng/pull/3470)
+  * Exclude the newly added Readme.md file when checking applied migrations [cloudfoundry/cloud_controller_ng#3475](https://github.com/cloudfoundry/cloud_controller_ng/pull/3475)
+  * Connection should not fail in case of diego issues [cloudfoundry/cloud_controller_ng#3471](https://github.com/cloudfoundry/cloud_controller_ng/pull/3471)
+  * Run the ensure_migrations_are_current rake task in a spec [cloudfoundry/cloud_controller_ng#3476](https://github.com/cloudfoundry/cloud_controller_ng/pull/3476)
+  * Remove unneeded psych gem [cloudfoundry/cloud_controller_ng#3486](https://github.com/cloudfoundry/cloud_controller_ng/pull/3486)
+  * replace --auto-correct with --autocorrect [cloudfoundry/cloud_controller_ng#3487](https://github.com/cloudfoundry/cloud_controller_ng/pull/3487)
+  * Correct list of buildpack states in docs [cloudfoundry/cloud_controller_ng#3489](https://github.com/cloudfoundry/cloud_controller_ng/pull/3489)
+  * Fix issue with rake spec creating 'cc_test_' database instead of 'cc_test' [cloudfoundry/cloud_controller_ng#3483](https://github.com/cloudfoundry/cloud_controller_ng/pull/3483)
+  * Adds microsecond timestamp precision on the asg_latest_update table [cloudfoundry/cloud_controller_ng#3484](https://github.com/cloudfoundry/cloud_controller_ng/pull/3484)
+  * Implement additional audit events [cloudfoundry/cloud_controller_ng#3490](https://github.com/cloudfoundry/cloud_controller_ng/pull/3490)
+  * Update JDK for UAA development Docker container [cloudfoundry/cloud_controller_ng#3497](https://github.com/cloudfoundry/cloud_controller_ng/pull/3497)
+* Dependency Bumps
+  * Bump rubocop from 1.56.4 to 1.57.2
+  * Bump honeycomb-beeline from 3.0.0 to 3.0.1
+  * Bump cf-uaa-lib from 4.0.3 to 4.0.4
+  * Bump redis from 5.0.7 to 5.0.8
+  * Bump mock_redis from 0.37.0 to 0.38.0
+  * Bump rubocop-rspec from 2.24.1 to 2.25.0
+  * Bump rubocop-rails from 2.21.2 to 2.22.1
+  * Bump rake from 13.0.6 to 13.1.0
+  * Bump newrelic_rpm from 9.5.0 to 9.6.0
+* cc-uploader
+  * Bump golang.org/x/net from 0.14.0 to 0.17.0
+  * Bump github.com/onsi/gomega from 1.28.0 to 1.29.0
+* tps
+  * Bump golang.org/x/net from 0.14.0 to 0.17.0
+  * Bump github.com/onsi/gomega from 1.28.0 to 1.29.0
+  * Bump google.golang.org/grpc from 1.57.0 to 1.57.1
+* Cloud Controller Database Migrations
+  * [20231016094900_microsecond_timestamp_msql_asg_update.rb](https://github.com/cloudfoundry/cloud_controller_ng/blob/84832ff9ad9b8e261c4b5516d069701d7b165330/db/migrations/20231016094900_microsecond_timestamp_msql_asg_update.rb)
+
+
+
+### CF-Networking 3.35.0 up from 3.34.0
+* Increase default value for `max_policies_per_app_source` from 50 to 150. 
+* Bug fix: update the policy-server `last_updated` timestamp to have microsecond precision. Previously it had second level precision, this created a race condition when multiple c2c policies were updated at nearly the same time, but the vxlan-policy-agent would only pick up the first update. 
+
+### Diego 2.84.0 up from 2.83.0
+* Bumps envoy to [v1.28.0](https://github.com/envoyproxy/envoy/releases/tag/v1.28.0)
+* BBS DesiredLRPHandler now sends Stop/Update LRP requests to rep in parallel
+* Log rate limit metrics are no longer generated for tasks
+* App Logs will now emit messages for when they run pre-start scripts and when they invoke the startup command, to make troubleshooting just that much easier
+
+
+### Garden-Runc 1.43.0 up from 1.41.0
+* The `garden-healthchecker` process was found to be too aggressive when evaluating and acting upon failed healthchecks. It has been removed.
+* Built with go 1.21.3
+* Bump golang dependencies
+* Bump ruby testing dependencies
+
+### Routing 0.283.0 up from 0.282.0
+* Adds missing timings to non-http backend requests, e.g. websockets. ([cloudfoundry/gorouter#363](https://github.com/cloudfoundry/gorouter/pull/363)
+* Adds ability for gorouter to verify mTLS Client Certificate metadata (#355)
+* CI Enhancements and updates
+* Package Dependency bumps
+
+### Syslog v12.2.0 up from v12.1.10
+* Features
+  * Add a new, optional, structured data param key, `environment`, to `instance@47450`. This is useful for cases where log lines should be tagged with an operator provided string but need to vary from the director name.
+Maintenance
+  * Bump blackbox dependencies.
+
+
+### UAA 76.24.0 up from 76.23.0
+* New UAA
+  * Bump to UAA [v76.24.0](https://github.com/cloudfoundry/uaa/releases/tag/v76.24.0)
+  * The versions 76.22.0 and 76.23.0 contain a regression regarding the empty secret change. If you need to have an empty secret in your clients and you create them later via REST calls, use this version.
+* Runtime
+  * Upgrade Java version 11 -> 17 (Bellsoft JDK 17.0.9+11)
+* Dependency Bumps
+  * Bump github.com/cloudfoundry/bosh-utils from 0.0.406 to 0.0.407
+  * Bump mini_portile2 from 2.8.4 to 2.8.5 by @dependabot
+  * Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 in /src/acceptance_tests by @dependabot
+  * Bump github.com/cloudfoundry/bosh-utils from 0.0.407 to 0.0.408 in /src/acceptance_tests by @dependabot
+
+
diff --git a/content/news/articles/2023-11-27-release-notes.md b/content/news/articles/2023-11-27-release-notes.md
new file mode 100644
index 0000000..cd24efb
--- /dev/null
+++ b/content/news/articles/2023-11-27-release-notes.md
@@ -0,0 +1,167 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-11-27
+title: "November 27th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log - Enjoy the Turkey Day leftovers!
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v33.4.0 to v33.10.0
+
+* Changes below are broken down by component
+
+### CFLinuxfs4 - 1.51.0 up from 1.49.0
+
+Notably, this bump addresses:
+
+* `USN-6467-2`: Kerberos vulnerability: CVE-2023-36054: lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.
+* `USN-6477-1`: procps-ng vulnerability: CVE-2023-4016: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
+
+
+### Java-Buildpack 4.63.1 up from 4.63.0
+* This release includes some agent framework dependency bumps, including a bug fix in Java CFEnv when using DB2, see [this issue](https://github.com/pivotal-cf/java-cfenv/issues/231) for more information.
+
+* For a more detailed look at the changes in 4.63.1, please take a look at the [commit log](https://github.com/cloudfoundry/java-buildpack/compare/v4.63.0...v4.63.1). The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.
+
+
+
+### CF CLI  1.53.0 up from 1.50.0
+
+This release contains the following versions of the CF CLI:
+
+
+| Major Version | Prior Version | Current Version |
+| --------------|---------------|-----------------|
+| v8 | 8.7.5 | [8.7.5](https://github.com/cloudfoundry/cli/releases/tag/v8.7.5) |
+| v7 | 7.7.5 | [7.7.5](https://github.com/cloudfoundry/cli/releases/tag/v7.7.5) |
+| v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0) |
+
+
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+### BOSH DNS - v1.36.10 from 1.36.9
+
+* Updates golang package golang-1-linux to 1.21.4
+* Updates golang package golang-1-windows to 1.21.4
+
+### BPM -  1.2.11 from 1.2.9
+
+* Updates golang package golang-1-linux to 1.21.4
+* Fixed CVEs:
+  * [CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8): rapid stream resets can cause excessive work ([CVE-2023-44487](https://github.com/advisories/GHSA-qppj-fm5r-hxr3))
+
+### CAPI - v1.165.0 up from v1.164.0
+
+* CC API Version: 2.216.0 and 3.151.0
+* Service Broker API Version: 2.15
+* CAPI Release
+  * Bump golang from 1.21.3 to 1.21.4
+  * Bump redis from 7.2.2 to 7.2.3
+* Cloud Controller
+  * Enable CF API to present routable field for app processes [cloudfoundry/cloud_controller_ng#3500](https://github.com/cloudfoundry/cloud_controller_ng/pull/3500)
+  * Remove copilot [cloudfoundry/cloud_controller_ng#3355](https://github.com/cloudfoundry/cloud_controller_ng/pull/3355)
+  * Prevent parallel test failures in request_spec [cloudfoundry/cloud_controller_ng#3505](https://github.com/cloudfoundry/cloud_controller_ng/pull/3505)
+  * Update diego sync to not fetch every bit of every object, only completely fetch objects that need syncing [cloudfoundry/cloud_controller_ng#3503](https://github.com/cloudfoundry/cloud_controller_ng/pull/3503)
+  * Introduce single source of truth for audit events [cloudfoundry/cloud_controller_ng#3504](https://github.com/cloudfoundry/cloud_controller_ng/pull/3504)
+  * v3 should allow to update docker registry credentials [cloudfoundry/cloud_controller_ng#3467](https://github.com/cloudfoundry/cloud_controller_ng/pull/3467)
+  * Require cloud_controller.read access(or equivalent) to access list endpoints [cloudfoundry/cloud_controller_ng#3450](https://github.com/cloudfoundry/cloud_controller_ng/pull/3450)
+  * Fetch service plan visibilities with eager loading [cloudfoundry/cloud_controller_ng#3507](https://github.com/cloudfoundry/cloud_controller_ng/pull/3507)
+* Dependency Bumps
+  * Bump prometheus-client from 4.2.1 to 4.2.2
+  * Bump sequel from 5.73.0 to 5.74.0
+  * Bump mock_redis from 0.38.0 to 0.39.0
+* cc-uploader
+  * Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1
+  * Bump github.com/onsi/gomega from 1.29.0 to 1.30.0
+* tps
+  * Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1
+  * Bump github.com/onsi/gomega from 1.29.0 to 1.30.0
+* Cloud Controller Database Migrations
+  * [20231113105256_add_service_plan_id_index.rb](https://github.com/cloudfoundry/cloud_controller_ng/blob/e0a82e324a1b9fb959f8f05dcbfcd39dc8d1b74a/db/migrations/20231113105256_add_service_plan_id_index.rb)
+
+
+
+### CF-Networking 3.38.0 up from 3.35.0
+* Bump golang to 1.21.4
+* The `policy-server-internal` job's healthcheck endpoint is now available only via localhost.
+* Go package dependency bumps
+
+### Diego 2.85.0 up from 2.84.0
+* Bump garden Grootfs, Guardian, and idmapper
+* Bump golang to 1.21.4
+
+### Garden-Runc 1.44.0 up from 1.43.0
+* Change user for grootfs test
+* Bump golang to 1.21.4
+
+### log-cache 3.0.8 up from 3.0.7
+* Bump dependencies
+* Bump Golang to v1.20.11
+
+### loggregator-agent 7.7.1 up 7.6.4 from 
+* Added `warn_on_invalid_drains` property to Syslog Agent to allow warnings for invalid drains to be suppressed.
+* Bump dependencies.
+* Added `warn_on_invalid_drains` property to Windows Syslog Agent to allow warnings for invalid drains to be suppressed.
+* Bump to go1.20.11
+* Bump dependencies.
+
+### metrics-discovery 3.2.20 up from 3.2.18
+* Bump to go1.20.11
+* Bump dependencies
+
+### nats 56.12.0 up from 56.11.0
+* Bump Golang to 1.21.4
+
+### node-exporter 5.5.0 up from 5.4.0
+* add missing collectors to boshrelease by @Houlistonm in [#17](https://github.com/bosh-prometheus/node-exporter-boshrelease/pull/17)
+
+### prometheus 29.6.0 up grom 29.5.0
+* add retro_compat.disable property by @mchabane in [#484](https://github.com/bosh-prometheus/prometheus-boshrelease/pull/484)
+* various bumps:
+  * Bump Credhub-Exporter to v0.32.0
+  * Bump Grafana to v9.5.13
+  * Bump Grafana Worldmap Panel to v1.0.6
+  * Bump Postgres-Exporter to 0.14.0
+  * Bump Bosh-Exporter to v3.6.1
+  * Bump CF-Exporter to v1.2.3
+  * Bump Firehose-Exporter to v7.1.2
+  * Bump Redis-Exporter to v1.55.0
+  * Bump Prometheus to 2.47.0
+  * Bump Statsd-Exporter to 0.25.0
+
+### Routing 0.284.0 up from 0.283.0
+* Upgrade to Golang 1.21.4
+* Bump dependencies
+
+### silk 3.38.0 up from 3.35.0
+* Remove unused property [rep_listen_addr_admin](https://github.com/cloudfoundry/silk-release/commit/ee98f5a9d1e1f7c82a3c8055b0e5aacf087538f8)
+* Bump golang to 1.21.4
+* Go package dependency bumps
+
+### statsd-injector 1.11.36 up from 1.11.35
+* Bump dependencies
+* Bump packaged Golang to go1.20.11
+
+
+### UAA 76.25.0 up from 76.24.0
+* Bump github.com/onsi/gomega from 1.28.1 to 1.29.0 in /src/acceptance_tests by @dependabot in [#694](https://github.com/cloudfoundry/uaa-release/pull/694)
+* Bump rake from 13.0.6 to 13.1.0 by @dependabot in [#698](https://github.com/cloudfoundry/uaa-release/pull/698)
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.408 to 0.0.409 in /src/acceptance_tests by @dependabot in [#695](https://github.com/cloudfoundry/uaa-release/pull/695)
+* Bump racc from 1.7.1 to 1.7.2 by @dependabot in [#700](https://github.com/cloudfoundry/uaa-release/pull/700)
+
+
+### Final Note
+
+You may want to throw out the stuffing at this point.
diff --git a/content/news/articles/2023-12-12-release-notes.md b/content/news/articles/2023-12-12-release-notes.md
new file mode 100644
index 0000000..7b5ca67
--- /dev/null
+++ b/content/news/articles/2023-12-12-release-notes.md
@@ -0,0 +1,282 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-12-12
+title: "December 12th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log - Enjoy the season and gather with family and friends! 
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v33.10.0 to v34.2.0
+
+* Changes below are broken down by component
+
+
+### Go-Buildpack 1.10.13 to 1.10.14
+
+* Add go 1.21.4, remove go 1.21.3 
+* Add go 1.20.11, remove go 1.20.10 
+* Add go 1.21.3, remove go 1.21.2 
+* Add go 1.20.10, remove go 1.20.9 
+
+Packaged binaries:
+
+ * dep	0.5.4
+ * glide	0.13.3
+ * go	1.20.11
+ * go	1.21.4
+ * godep	80
+
+Default binary versions:
+* 1.20.x
+
+### Nginx-Buildpack 1.2.7 to 1.2.8
+
+* Add nginx 1.25.3, remove nginx 1.25.2 
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.3
+* openresty 1.19.9.1
+* openresty 1.21.4.2
+
+Default binary versions:
+
+* 1.25.x
+
+### Nodejs-Buildpack 1.8.19 to 1.8.20
+
+* Updating github-config ([#673](https://github.com/cloudfoundry/nodejs-buildpack/pull/673))
+
+Packaged binaries:
+
+* node 18.18.0
+* node 18.18.2
+* node 20.8.1
+* node 20.9.0
+* python 3.11.6
+* yarn 1.22.19
+
+Default binary versions:
+
+* python 3.11.x
+* node 18.x
+
+
+
+### PHP-Buildpack 4.6.11 to 4.6.12
+
+* Add php 8.1.25, remove php 8.1.23
+* Add php 8.2.12, remove php 8.2.10
+* Add nginx 1.25.3, remove nginx 1.25.2
+* Add httpd 2.4.58, remove httpd 2.4.57
+
+Packaged binaries:
+
+* appdynamics 23.7.1-751
+* composer 2.6.5
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.24.0
+* nginx 1.25.3
+* php 8.1.24
+* php 8.1.25
+* php 8.2.11
+* php 8.2.12
+* python 2.7.18
+* ruby 3.0.5
+
+Default binary versions:
+
+* php 8.1.25
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.25.3
+* composer 2.6.5
+
+
+### Python-Buildpack 1.8.15 to 1.8.16
+
+* Add setuptools 69.0.0, remove setuptools 68.2.2
+* Add pipenv 2023.11.15, remove pipenv 2023.10.3
+* Add miniconda3-py39 23.10.0, remove miniconda3-py39 23.5.2
+* Add pip 23.3.1, remove pip 23.2.1
+
+Packaged binaries:
+
+* libffi 3.2.1
+* libmemcache 1.0.18
+* miniconda3-py39 23.10.0
+* pip 23.3.1
+* pipenv 2023.11.15
+* python 3.8.18
+* python 3.9.18
+* python 3.10.13
+* python 3.11.6
+* python 3.12.0
+* setuptools 69.0.0
+
+Default binary versions:
+
+* 3.10.x
+
+
+
+### r-Buildpack 1.2.6 to 1.2.7
+
+* Add r 4.3.2, remove r 4.3.1 
+* Update r 4.2.3 dependencies:
+    * shiny from 1.7.5 to 1.8.0
+
+Packaged binaries:
+
+* 4.2.3 - Modules: forecast, plumber, rserve, shiny
+* 4.3.2 - Modules: forecast, plumber, rserve, shiny
+
+
+
+
+### Ruby-Buildpack 1.10.5 to 1.10.6
+
+* Add jruby 9.4.5.0, remove jruby 9.4.3.0
+* Add jruby 9.3.13.0, remove jruby 9.3.11.0
+* Add yarn 1.22.21, remove yarn 1.22.19
+* Add bundler 2.4.22, remove bundler 2.4.21
+* Add rubygems 3.4.22, remove rubygems 3.4.21
+* Add node 20.9.0, remove node 18.18.2
+
+Packaged binaries:
+
+* bundler 2.4.22
+* jruby 9.3.13.0
+* jruby 9.4.5.0
+* node 20.9.0
+* openjdk1.8-latest 1.8.0
+* ruby 3.0.5
+* ruby 3.0.6
+* ruby 3.1.3
+* ruby 3.1.4
+* ruby 3.2.1
+* ruby 3.2.2
+* rubygems 3.4.22
+* yarn 1.22.21
+
+Default binary versions:
+
+* 3.2.x
+
+
+### Staticfile-Buildpack 1.6.7 to 1.6.8
+
+* Add nginx 1.25.3, remove nginx 1.25.2
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.3
+
+Default binary versions:
+
+* 1.25.x
+
+
+
+### CFLinuxfs4 - 1.54.0 up from 1.51.0 
+
+Notably, this bump addresses:
+
+* `USN-6505-1` USN-6505-1: nghttp2 vulnerability: 
+    * `CVE-2023-44487`: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
+* `USN-6499-1` USN-6499-1: GnuTLS vulnerability: 
+    * `CVE-2023-5981`: [timing side-channel inside RSA-PSK key exchange]
+
+ * `USN-6517-1` USN-6517-1: Perl vulnerabilities:
+
+    * `CVE-2022-48522`: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
+    * `CVE-2023-47038`: [A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer]
+    * `CVE-2022-48522`: In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
+    * `CVE-2023-47038`: [A crafted regular expression when compiled by perl 5.30.0 through 5.38.0 can cause a one attacker controlled byte buffer overflow in a heap allocated buffer]
+
+* USN-6512-1 USN-6512-1: LibTIFF vulnerabilities:
+    * `CVE-2022-40090`: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
+    * `CVE-2023-3576`: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
+    * `CVE-2023-3576`: A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.
+    * `CVE-2022-40090`: An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
+
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+### BOSH DNS - v1.36.10 to v1.36.11
+
+* Updates golang package golang-1-linux to 1.21.5
+* Updates golang package golang-1-windows to 1.21.5
+
+
+### CAPI - v1.165.0 to v1.166.0
+
+* CC API Version: 2.217.0 and 3.152.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+
+* Add config flag to disable prom_scraper
+* Add statsd_host + statsd_port to cloud_controller_clock job
+* Dependency Bumps
+  * Bump postgres to v11.22
+
+Cloud Controller
+
+* Fix/Improve PumaRunner Setup and Configuration
+* Prometheus on Thin
+* Refactoring UAA client
+* Remove unreachable rescue
+* Enable Rails/EnvLocal rubocop
+* Dependency Bumps
+  * bump spring from 4.1.2 to 4.1.3
+  * bump rspec-rails from 6.0.3 to 6.1.0
+  * bump puma from 5.6.7 to 6.4.0
+  * bump nokogiri from 1.15.4 to 1.15.5
+  * bump rubocop-rails from 2.22.1 to 2.22.2
+  * bump public_suffix from 5.0.3 to 5.0.4
+  * bump spring from 4.1.1 to 4.1.2
+  * bump mock_redis from 0.39.0 to 0.40.0
+
+Cloud Controller Database Migrations
+
+* None
+
+### CF-Smoketests 42.0.113 to 42.0.117
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### Garden-Runc 1.44.0 to 1.45.0
+
+* Resolved an issue where container networking statistics could not be retrieved for apps running in containers that did not have a `bash` executable.
+* Removed the garden-healthchecker package after it had been removed from the boshrelease in v1.43.0
+
+
+### loggregator-agent 7.7.1 to 7.7.2
+
+Experimental OTel Collector changes
+ * Bump otel-collector to v0.89.0. See the [opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector/releases/tag/v0.89.0) and [opentelemetry-collector-contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/releases/tag/v0.89.0) release notes for more details.
+
+
+### UAA 76.25.0 to 76.26.0
+
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.414 to 0.0.415 in /src/acceptance_tests
+
+## Final Note
+
+Remember to keep your eggnog refrigerated until consumed.
diff --git a/content/news/articles/2023-12-29-release-notes.md b/content/news/articles/2023-12-29-release-notes.md
new file mode 100644
index 0000000..003edf0
--- /dev/null
+++ b/content/news/articles/2023-12-29-release-notes.md
@@ -0,0 +1,271 @@
+---
+layout: layouts/post
+tags: news
+date: 2023-12-29
+title: "December 29th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log - Goodbye 2023, looking forward to the New Year!
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v35.3.0 to v34.2.0
+
+* Changes below are broken down by component
+
+### dotnet-core-buildpack 2.4.17 to 2.4.18
+
+* Add node 20.10.0, remove node 18.18.0
+* Add dotnet-sdk 8.0.100
+* Add dotnet-runtime 8.0.0
+* Add dotnet-aspnetcore 8.0.0
+* Add dotnet-sdk 7.0.404, remove dotnet-sdk 7.0.401
+* Add dotnet-runtime 7.0.14, remove dotnet-runtime 7.0.11
+* Add dotnet-aspnetcore 7.0.14, remove dotnet-aspnetcore 7.0.11
+* Add dotnet-sdk 6.0.417, remove dotnet-sdk 6.0.414
+* Add dotnet-runtime 6.0.25, remove dotnet-runtime 6.0.22
+* Add dotnet-aspnetcore 6.0.25, remove dotnet-aspnetcore 6.0.22
+
+Packaged binaries:
+
+* bower	1.8.14	
+* dotnet-aspnetcore	6.0.25	
+* dotnet-aspnetcore	7.0.14	
+* dotnet-aspnetcore	8.0.0	
+* dotnet-runtime	6.0.25	
+* dotnet-runtime	7.0.14	
+* dotnet-runtime	8.0.0	
+* dotnet-sdk	6.0.417	
+* dotnet-sdk	7.0.404	
+* dotnet-sdk	8.0.100	
+* libgdiplus	6.1
+* libunwind	1.7.2
+* node	20.10.0
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+### PHP-Buildpack 4.6.12 to 4.6.13
+
+* Add php 8.1.26, remove php 8.1.24
+* Add php 8.2.13, remove php 8.2.11
+
+Packaged binaries:
+
+* appdynamics 23.7.1-751
+* composer 2.6.5
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.24.0
+* nginx 1.25.3
+* php 8.1.26
+* php 8.1.25
+* php 8.2.13
+* php 8.2.12
+* python 2.7.18
+* ruby 3.0.5
+
+Default binary versions:
+
+* php 8.1.25
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.25.3
+* composer 2.6.5
+
+
+### CF CLI  1.56.0 up from 1.53.0
+
+This release contains the following versions of the CF CLI:
+
+
+| Major Version | Prior Version | Current Version |
+| --------------|---------------|-----------------|
+| v8 | 8.7.6 | [8.7.6](https://github.com/cloudfoundry/cli/releases/tag/v8.7.6) |
+| v7 | 7.7.6 | [7.7.6](https://github.com/cloudfoundry/cli/releases/tag/v7.7.6) |
+| v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0) |
+
+
+
+
+### CFLinuxfs4 - 1.61.0 up from 1.54.0 
+
+Notably, this release addresses:
+
+* `USN-6535-1 USN-6535-1`: curl vulnerabilities:
+    * `CVE-2023-46218`: cookie mixed case PSL bypass
+    * `CVE-2023-46219`: HSTS long file name clears contents
+    * `CVE-2023-46219`: HSTS long file name clears contents
+    * `CVE-2023-46218`: cookie mixed case PSL bypass
+
+* `USN-6541-1 USN-6541-1`: GNU C Library vulnerabilities:
+    * `CVE-2023-4813`: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
+    * `CVE-2023-4806`: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
+    * `CVE-2023-5156`: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
+    * `CVE-2023-4806`: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
+    * `CVE-2023-4813`: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
+    * `CVE-2023-5156`: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+### Metrics-discovery 
+
+The usage of this release has been deprecated.
+
+### Bpm 1.2.11 to 1.2.12
+
+* Updates golang package golang-1-linux to 1.21.5
+
+
+### CAPI - v1.166.0 to v1.167.0
+
+* CC API Version: 2.218.0 and 3.153.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+
+* Increase default max nginx upload size to 2GB
+
+* Dependency Bumps
+  * Bump rubocop to v1.59.0
+  * Bump Golang to go1.21.5 
+
+Cloud Controller
+
+* Adapt Periodic Puma Metrics 
+* Expose puma stats as prometheus metrics 
+* Use sub query for user visibility filter
+* Fix: Polling stopped after failed service instance update last operation fetch
+* Fix missing statsd config error on workers
+* Remove unused statsd clients
+* Improve draining (for Puma)
+* Dependency Bumps
+  * Bump rubocop from 1.57.2 to 1.58.0
+  * Bump openssl to v3.2.0
+  * Bump json_pure from 2.6.3 to 2.7.1
+  * Bump fog-google from 1.22.0 to 1.23.0
+  * Bump sequel from 5.74.0 to 5.75.0
+  * Bump oj from 3.16.1 to 3.16.2
+  * Bump solargraph from 0.49.0 to 0.50.0
+  * Bump debug from 1.8.0 to 1.9.0
+  * Bump addressable from 2.8.5 to 2.8.6
+  * Bump rubocop from 1.58.0 to 1.59.0
+
+cc-uploader
+
+* Dependency Bumps
+  * Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2
+  * Bump actions/setup-go from 4 to 5
+  * Bump code.cloudfoundry.org/lager/v3 from 3.0.2 to 3.0.3
+
+tps
+
+* Dependency Bumps
+  * Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2
+  * Bump actions/setup-go from 4 to 5
+  * Bump code.cloudfoundry.org/lager/v3 from 3.0.2 to 3.0.3
+
+Cloud Controller Database Migrations
+
+* None
+
+### cf-networking 3.38.0 to 3.39.0
+
+* Bump to go 1.21.5
+
+
+### CF-Smoketests 42.0.117 to 42.0.118
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### Diego 2.85.0 to 2.87.0
+
+* BBS [Run migration and save migration version in single transaction](https://github.com/cloudfoundry/bbs/pull/76)
+* Rep [Make max_containers configurable](https://github.com/cloudfoundry/diego-release/pull/868)
+* Executor [Ignore EntryNotFound and AlreadyClosed errors when cleaning up cache](https://github.com/cloudfoundry/executor/pull/89)
+* Route-emitter [Add AZ to registry message](https://github.com/cloudfoundry/route-emitter/pull/29)
+* Rep [Send AZ in StartActualLRP/EvacuateRunningActualLRP requests to BBS](https://github.com/cloudfoundry/rep/pull/48)
+
+
+
+
+### Garden-Runc 1.45.0 to 1.47.0
+
+* Lots of refactoring including the ability to run the test suite in parallel!
+
+
+### Log-cache 3.0.8 to 3.0.9
+
+* Bump dependencies
+* Bump packaged Golang to go1.20.12
+
+### Loggregator-agent 7.7.2 to 7.7.3
+
+* Bump packaged Golang to v1.20.12
+* Forwarder Agent removes `__v1_type` tag when forwarding metrics to OTel Collector, fixing an issue where metrics emitted as v1 envelopes were being dropped by the prometheusexporter
+
+### Nats 56.12.0 to 56.14.0 
+
+* Bug fix: nats has logs again!
+* Bug fix: don't run the nats migrator for the nats job when the nats job is disabled
+
+
+### Prometheus 29.6.0 to 29.7.0
+
+* add `retro_compat.enable_delta`
+* Various bumps:
+  * Bump Collectd-Exporter to 0.6.0
+  * Bump Credhub-Exporter to v0.33.0
+  * Bump Graphite-Exporter to 0.15.0
+  * Bump Grafana to v9.5.15
+  * Bump InfluxDB-Exporter to 0.11.5
+  * Bump Memcached-Exporter to 0.14.1
+  * Bump Postgres-Exporter to 0.15.0
+  * Bump Prometheus2 to 2.48.1
+  * Bump Pushgateway to 1.6.2
+  * Bump Statsd-Exporter to 0.26.0
+
+
+### Routing 0.284.0 to 0.285.0
+
+* A new `localhost:8082` endpoint has been added for retrieving the routing table on gorouter. This is in preparation of removing non-TLS LB-health check endpoints from the public `:8080` listener for increased security. `/var/vcap/jobs/gorouter/bin/retrieve-local-routes` is updated and still the official way to retrieve the local routing table on a gorouter. The port this listens on can be configured via the `router.status.routes.port` property.
+* A new TLS-enabled endpoint for LB health checks has been added on `:8443`. This can be configured via the `router.status.tls.port`, `router.status.tls.certificate` and `router.status.tls.key properties`.
+* routing-api has been updated to work towards supporting a TLS-only CF deployment.
+* gorouter's proxy package received some test enhancements for increased test stability.
+* gorouter's `pool.Endpoint.Equals()` received a performance improvement
+* Route-registrar will now fail if it configured to talk to NATS without using TLS. This can be toggled via the `nats.fail_if_using_nats_without_tls` property.
+
+***A Note to Other CF Platform Operators***
+
+If you have any custom releases bound to port 8443 on gorouters, this release will cause you issues with the health check.
+
+### Silk 3.38.0 to 3.39.0
+
+* Bump to go 1.21.5
+
+### Statsd-injector 1.11.36 to 1.11.37
+
+* Bump packaged Golang to go1.20.12
+
+
+### UAA 76.26.0 to 76.27.0
+
+* Bump `github.com/cloudfoundry/bosh-utils` from 0.0.414 to 0.0.416 in `/src/acceptance_tests`
+* Fix pre-start.erb for Jammy FIPS stemcell
+
+## Final Note
+
+Wishing you all success and happiness in the new year!
diff --git a/content/news/articles/2023-8-1-postgresql-versions-update.md b/content/news/articles/2023-8-1-postgresql-versions-update.md
new file mode 100644
index 0000000..df2f1e4
--- /dev/null
+++ b/content/news/articles/2023-8-1-postgresql-versions-update.md
@@ -0,0 +1,23 @@
+---
+layout: layouts/post
+tags: news
+title: New versions of PostgreSQL supported
+date: 2023-08-01
+excerpt: "PostgreSQL versions 13, 14, and 15 are now fully supported on cloud.gov"
+---
+
+# New versions of PostgreSQL
+
+Cloud.gov is pleased to announce that the [PostgreSQL versions 13.x, 14.x, 15.x offered by AWS RDS](https://docs.aws.amazon.com/AmazonRDS/latest/PostgreSQLReleaseNotes/postgresql-versions.html) are now supported and able to be used in conjunction with cloud.gov applications. As part of this update, version `15` is now set as the default version when creating a new PostgreSQL database on cloud.gov. This enhancement empowers users with more flexibility and control over their database environments while benefitting from the latest advancements in PostgreSQL database functionality and security. 
+
+Please note that users are still able to explicitly set any of the [currently supported PostgreSQL versions](https://cloud.gov/docs/services/relational-database/#create-an-instance) upon database creation with the following command: 
+
+```shell
+cf create-service aws-rds <database-plan> <database-name> -c '{"version":"<desired-version>"}'
+```
+
+For example:
+
+```shell
+cf create-service aws-rds micro-psql my-test-service -c '{"version":"14"}'
+```
diff --git a/content/news/articles/2024-01-25-release-notes.md b/content/news/articles/2024-01-25-release-notes.md
new file mode 100644
index 0000000..a58b32c
--- /dev/null
+++ b/content/news/articles/2024-01-25-release-notes.md
@@ -0,0 +1,525 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-01-25
+title: "January 25th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log - Hello 2024, all the buildpacks were updated!
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v35.3.0 to v37.0.0
+
+Changes below are broken down by component:
+
+### binary-buildpack 1.1.8 to 1.1.9
+
+* Updates `github-config` from 1.1.8 to 1.1.9
+
+### dotnet-core-buildpack 2.4.18 to 2.4.20
+
+* Bump github.com/Sealights/libbuildpack-sealights from 1.3.0 to 1.4.0
+
+Packaged binaries:
+
+* bower 1.8.14
+* dotnet-aspnetcore 6.0.25
+* dotnet-aspnetcore 7.0.14
+* dotnet-aspnetcore 8.0.0
+* dotnet-runtime 6.0.25
+* dotnet-runtime 7.0.14
+* dotnet-runtime 8.0.0
+* dotnet-sdk 6.0.417
+* dotnet-sdk 7.0.404
+* dotnet-sdk 8.0.100
+* libgdiplus 6.1
+* libunwind 1.7.2
+* node 20.10.0
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+### go-buildpack 1.10.14 to 1.10.15
+
+* Add go 1.20.12, remove go 1.20.11
+* Add go 1.21.5, remove go 1.21.4
+
+Packaged binaries:
+
+* dep 0.5.4
+* glide 0.13.3
+* go 1.20.12
+* go 1.21.5
+* godep 80
+
+Default binary versions:
+
+* go 1.20.x
+
+### java-buildpack 4.63.1 to 4.65.0
+
+This release includes the following updates:
+
+* Java 21 support - to use Java 21, you can set the config environment variable:
+  * `JBP_CONFIG_OPEN_JDK_JRE '{ jre: { version: 21.+ }}'`
+* Some agent framework dependency bumps, including:
+  * A bug fix in Java CFEnv when specifying a custom port for AMQPS connections, see this issue for more information.
+  * New major version 6.x of the Contrast Security agent which supports Java 21
+* A new version of the [Client Certificate Mapper](https://github.com/cloudfoundry/java-buildpack-client-certificate-mapper) which supports the change in Servlet API from `javax.*` to `jakarta.*` packages for its relevant Servlet classes.
+* A fix for the Client Certificate Mapper when used with older Spring Boot versions.
+* A new Framework is available in this release, Open Telemetry. (thanks @tylerbenson)
+* FIPS support in the Dynatrace framework.
+
+For a full set of release notes which include the package dependencies, please refer to [the notes here](https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.65.0).
+
+### nginx-buildpack 1.2.8 to 1.2.10
+
+* Better logging when listen {{port}} validation fails
+* Updating github-config
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.3
+* openresty 1.19.9.1
+* openresty 1.21.4.2
+
+Default binary versions:
+
+* nginx 1.25.x
+
+### nodejs-buildpack 1.8.20 to 1.8.21
+
+* Add node 18.19.0, remove node 18.18.0
+* Add node 20.10.0, remove node 20.8.1
+* Add python 3.11.7, remove python 3.11.6
+
+Packaged binaries:
+
+* node 18.18.2
+* node 18.19.0
+* node 20.9.0
+* node 20.10.0
+* python 3.11.7
+* yarn 1.22.19
+
+Default binary versions:
+
+* node 18.x
+* python 3.11.x
+
+### php-buildpack 4.6.13 to 4.6.14
+
+* Deprecate PHP 8.0.x (EOL)
+* Add php 8.3.1
+* Add php 8.1.27, remove php 8.1.25
+* Add php 8.2.14, remove php 8.2.12
+* Add composer 2.6.6, remove composer 2.6.5
+* Add appdynamics 23.11.0-839, remove appdynamics 23.7.1-751
+
+
+Packaged binaries:
+
+* appdynamics 23.11.0-839
+* composer 2.6.6
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.24.0
+* nginx 1.25.3
+* php 8.1.26
+* php 8.1.27
+* php 8.2.13
+* php 8.2.14
+* php 8.3.1
+* python 2.7.18
+* ruby 3.0.5
+
+Default binary versions:
+
+* php 8.1.27
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.25.3
+* composer 2.6.6
+
+
+### python-buildpack 1.8.16 to 1.8.18
+
+* Add setuptools 69.0.3, remove setuptools 69.0.2
+* Add python 3.12.1, remove python 3.12.0
+* Add python 3.11.7, remove python 3.11.6
+* Add miniconda3-py39 23.11.0, remove miniconda3-py39 23.10.0
+* Add pip 23.3.2, remove pip 23.3.1
+
+Packaged binaries:
+
+* libffi 3.2.1
+* libmemcache 1.0.18
+* miniconda3-py39 23.11.0
+* pip 23.3.2
+* pipenv 2023.11.15
+* python 3.8.18
+* python 3.9.18
+* python 3.10.13
+* python 3.11.7
+* python 3.12.1
+* setuptools 69.0.3
+
+Default binary versions:
+
+* python 3.10.x
+
+### r-buildpack 1.2.7 to 1.2.8
+
+* Update r 4.2.3 dependencies:
+  * rserve from 1.8.11 to 1.8.13
+
+Packaged binaries:
+
+* r 4.2.3
+* r 4.3.2
+
+
+
+### ruby-buildpack 1.10.6 to 1.10.8
+
+* Deprecate JRuby 9.3.x
+* Add ruby 3.3.0
+* Add rubygems 3.5.4, remove rubygems 3.4.22
+* Add bundler 2.5.4, remove bundler 2.4.22
+* Add node 20.11.0, remove node 20.10.0
+
+Packaged binaries:
+
+* bundler 2.5.4
+* jruby 9.4.5.0
+* node 20.11.0
+* openjdk1.8-latest 1.8.0
+* ruby 3.1.3
+* ruby 3.1.4
+* ruby 3.2.1
+* ruby 3.2.2
+* ruby 3.3.0
+* rubygems 3.5.4
+* yarn 1.22.21
+
+Default binary versions:
+
+* ruby 3.2.x
+
+### staticfile-buildpack 1.6.8 to 1.6.9
+
+* Updating github-config
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.3
+
+Default binary versions:
+
+* nginx 1.25.x
+
+
+
+### CF CLI  1.59.0 up from 1.56.0
+
+This release contains the following versions of the CF CLI:
+
+
+| Major Version | Prior Version | Current Version |
+| --------------|---------------|-----------------|
+| v8 | 8.7.6 | [8.7.6](https://github.com/cloudfoundry/cli/releases/tag/v8.7.6) |
+| v7 | 7.7.6 | [7.7.6](https://github.com/cloudfoundry/cli/releases/tag/v7.7.6) |
+| v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0) |
+
+
+
+
+### CFLinuxfs4 - 1.66.0 up from 1.61.0 
+
+Notably, this release addresses:
+
+* `USN-6588-1` USN-6588-1: PAM vulnerability:
+   * `CVE-2024-22365`: pam_namespace local denial of service
+
+
+* `USN-6541-1 USN-6541-1`: GNU C Library vulnerabilities:
+    * `CVE-2023-4813`: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
+    * `CVE-2023-4806`: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
+    * `CVE-2023-5156`: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
+    * `CVE-2023-4806`: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
+    * `CVE-2023-4813`: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
+    * `CVE-2023-5156`: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
+
+* `USN-6581-1` USN-6581-1: GNU binutils vulnerabilities:
+
+    * `CVE-2022-45703`: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
+    * `CVE-2022-47011`: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
+    * `CVE-2022-47008`: An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
+    * `CVE-2022-47011`: An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
+    * `CVE-2022-47007`: An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
+    * `CVE-2022-47010`: An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.
+    * `CVE-2022-45703`: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.
+    * `CVE-2022-44840`: Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
+
+* `USN-6541-2` USN-6541-2: GNU C Library regression:
+
+    * `CVE-2023-4806`: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
+    * `CVE-2023-4813`: A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
+    * `CVE-2023-4806`: A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
+    * `CVE-2023-5156`: A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.
+    * https://launchpad.net/bugs/2047155: "Could not create socket" with apt update when update libc6 to 2.35-0ubuntu3.5 and using nscd
+
+* `USN-6566-1` USN-6566-1: SQLite vulnerabilities:
+
+    * `CVE-2022-46908`: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
+    * `CVE-2023-7104`: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
+    * `CVE-2022-46908`: SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
+    * `CVE-2023-7104`: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
+
+* `USN-6565-1` USN-6565-1: OpenSSH vulnerabilities:
+
+    * `CVE-2021-41617`: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
+    * `CVE-2023-51384`: In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
+    * `CVE-2023-51385`: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
+    * `CVE-2021-41617`: sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
+    * `CVE-2023-51384`: In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
+    * `CVE-2023-51385`: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
+
+
+* `USN-6561-1` USN-6561-1: libssh vulnerability:
+
+    * `CVE-2023-48795`: Prefix truncation attack on BPP: By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure.
+
+* `USN-6560-1` USN-6560-1: OpenSSH vulnerabilities:
+
+    * `CVE-2023-48795`: Prefix truncation attack on BPP: By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure.
+    * `CVE-2023-28531`: ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
+    * `CVE-2023-48795`: Prefix truncation attack on BPP: By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure.
+    * `CVE-2023-28531`: ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
+
+* `USN-6558-1` USN-6558-1: audiofile vulnerabilities:
+
+    * `CVE-2018-13440`: The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
+    * `CVE-2018-17095`: An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
+    * `CVE-2019-13147`: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
+    * `CVE-2022-24599`: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
+    * `CVE-2018-17095`: An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.
+    * `CVE-2019-13147`: In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.
+    * `CVE-2018-13440`: The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.
+    * `CVE-2022-24599`: In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.
+
+* `USN-6557-1` USN-6557-1: Vim vulnerabilities:
+
+    * `CVE-2022-1725`: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
+    * `CVE-2022-1771`: Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
+    * `CVE-2022-1886`: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2022-1897`: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2022-2000`: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2022-2042`: Use After Free in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2023-48231`: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-48232`: Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit cb0b99f0 which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-48236`: Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-48237`: Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 6bf131888 which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-48706`: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later then be accessed by the initial :s command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.
+    * `CVE-2023-48706`: Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a :s command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive :s call causes free-ing of memory which may later then be accessed by the initial :s command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.
+    * `CVE-2023-48234`: Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 58f9befca1 which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-48231`: Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-46246`: Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function ga_grow_inner in in the file src/alloc.c at line 748, which is freed in the file src/ex_docmd.c in the function do_cmdline at line 1010 and then used again in src/cmdhist.c at line 759. When using the :history command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
+    * `CVE-2023-48235`: Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 060623e which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2022-1725`: NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959.
+    * `CVE-2023-48232`: Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit cb0b99f0 which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2022-2042`: Use After Free in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2022-2000`: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2022-1886`: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2023-48233`: Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit ac6378773 which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2023-48236`: Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit 73b2d379 which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+    * `CVE-2022-1771`: Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
+    * `CVE-2022-1897`: Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
+    * `CVE-2023-48237`: Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit 6bf131888 which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+* `USN-6544-1` USN-6544-1: GNU binutils vulnerabilities:
+
+    * `CVE-2022-38533`: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
+    * `CVE-2021-46174`: Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
+    * `CVE-2022-35205`: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
+    * `CVE-2022-35205`: An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.
+    * `CVE-2020-19726`: An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
+    * `CVE-2021-46174`: Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.
+    * `CVE-2022-38533`: In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.
+    * `CVE-2022-4285`: An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.
+
+* `USN-6543-1` USN-6543-1: GNU Tar vulnerability:
+    * `CVE-2023-39804`: [A stack overflow vulnerability exists in GNU Tar up to including v1.34. The bug exists in the function xattr_decoder() in xheader.c, where alloca() is used and it may overflow the stack if a sufficiently long xattr key is used. The vulnerability can be triggered when extracting a tar/pax archive that contains such a long xattr key.]
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+
+
+### bosh-dns 1.36.11 to 1.36.12
+
+* Updates golang package golang-1-linux to 1.21.6
+* Updates golang package golang-1-windows to 1.21.6
+
+
+### Bpm 1.2.12 to 1.2.13
+
+* Updates golang package golang-1-linux to 1.21.6
+
+
+
+### CAPI - v1.167.0 to v1.169.0
+
+* CC API Version: 2.220.0 and 3.155.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+
+* Add legacy_md5_buildpack_paths_enabled param
+* Fix rubocop configuration warning
+* Add experimental jemalloc support
+
+* Dependency Bumps
+  * Bump Golang to go1.21.6
+  * Bump Redis to 7.2.4
+  * Bump rubocop from 1.59.0 to 1.60.0
+  * Bump rubocop-rspec from 2.25.0 to 2.26.1
+
+Cloud Controller
+
+* Fix regression of clean up degenerate deployments
+* Add process readiness changed controller and event
+* Add tags to task logs
+* Use xxhash64 instead of MD5 when calculating buildpack paths
+* Fix the annotation migration for mysql
+* Ensure uniqueness of labels and annotations 
+* Dependency Bumps
+  * Bump sequel from 5.75.0 to 5.76.0
+  * Bump newrelic_rpm from 9.6.0 to 9.7.0
+  * Bump puma from 6.4.1 to 6.4.2
+  * Bump rubocop from 1.59.0 to 1.60.0
+  * Bump rubocop-rspec from 2.25.0 to 2.26.1
+
+cc-uploader
+
+* Dependency Bumps
+  * Bump github.com/onsi/ginkgo/v2 from 2.13.2 to 2.14.0
+
+
+tps
+
+* Watch for readiness health check changes
+* Dependency Bumps
+  * Bump github.com/onsi/ginkgo/v2 from 2.13.2 to 2.14.03
+
+Cloud Controller Database Migrations
+
+* `20240102150000_add_annotation_label_uniqueness.rb`
+
+
+### cf-networking 3.39.0 to 3.40.0
+
+* Bump to go 1.21.5, go dependency bumps
+
+
+### CF-Smoketests 42.0.118 to 42.0.126
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### Diego 2.87.0 to 2.88.0
+
+
+* Reverted max_containers changes
+* Bumps golang.org/x/crypto/ssh to v0.17.0 to address `CVE-2023-48795`.
+
+
+
+### Log-cache 3.0.9 to 3.0.10
+
+* Bump dependencies
+* Bump packaged Golang to go1.21.6
+
+### Loggregator-agent 7.7.3 to 8.0.1
+
+* Bump packaged Golang to go1.21.6
+* Bump dependencies
+* Forwarder Agent: otelcolclient specifies that loggregator counters are monotonic in OTLP translation
+* Loggregator Agent: if disabled, do not register ingress for Forwarder Agent or scraping with Prom Scraper
+
+
+### Nats 56.14.0 to 56.15.0 
+
+* Bump Golang to 1.21.6
+
+
+### Prometheus 29.7.0 to 30.0.0
+
+* Ubuntu Jammy is now used by default
+    * removed ops file `/manifests/operators/use-jammy-stemcell.yml`
+* various version bumps
+    * Bump BPM to 1.2.12
+    * Bump Consul-Exporter to 0.11.0
+    * Bump Credhub-Exporter to 0.34.0
+    * Bump Elasticsearch-Exporter to 1.7.0
+    * Bump Grafana to 10.2.3
+    * Bump Memcached-Exporter to 0.14.2
+    * Bump MySQLD Exporter to 0.15.1
+    * Bump Nginx to 1.25.3
+    * Bump Postgres to 48
+    * Bump Redis-Exporter to v1.56.0
+
+
+
+### Routing 0.285.0 to 0.287.0
+
+* Route-Registrar now supports specifying a nats server CA via the `nats.tls.ca_cert` property if it is not present via a BOSH link.
+* The deprecated `/varz` and `/healthz` endpoints for gorouter on port 8080 have been removed
+* The `/routes` endpoint on gorouter's port 8080 has been moved to port 8082, and is available only on localhost
+* TLS certificates for gorouter + tcp_router's health endpoints are now required to deploy. Fortunately this is provided automatically in cf-deployment
+* Changes
+    * Fix a nil panic in gorouter
+    * Adds availability zone info to endpoint data in gorouter
+    * Speed up gorouter's route registry
+    * Also more performance improvements to gorouter's route registry
+    * Adds an always-on TLS capable healthcheck endpoint for gorouter on port 8443
+    * Adds an always-on TLS capable healthcheck endpoint for tcp_router on port 443
+    * Operators can now toggle off the non-tls healthcheck endpoint for gorouter via router.status.enable_nontls_health_checks
+    * Operators can now toggle off the non-tls healthcheck endpoint for tcp_router via tcp_router.enable_nontls_health_checks
+
+### Silk 3.39.0 to 3.40.0
+
+* Bug fix: silk-datastore-syncer: fix assignment to entry in nil map in Metadata field. 
+* Bug fix: Deduplicate Iptables Rules with Dynamic ASG's
+
+
+
+### UAA 76.27.0 to 76.30.0
+
+* Upgrade Tomcat to version 9.0.85
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.418 to 0.0.419 in /src/acceptance_tests
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.419 to 0.0.420 in /src/acceptance_tests
+* Bump go directive version + bosh releases used in acceptance test manifest
+* Bump nokogiri from 1.15.5 to 1.16.0
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.420 to 0.0.421 in /src/acceptance_tests by
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.421 to 0.0.423 in /src/acceptance_tests by
+* Bump bigdecimal from 3.1.4 to 3.1.5 
+* Bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /src/acceptance_tests 
+
+## Final Note
+
+Hope you are sticking to your New Year's wishes!
diff --git a/content/news/articles/2024-02-08-release-notes.md b/content/news/articles/2024-02-08-release-notes.md
new file mode 100644
index 0000000..c65d686
--- /dev/null
+++ b/content/news/articles/2024-02-08-release-notes.md
@@ -0,0 +1,275 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-02-08
+title: "February 8th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log - Punxsutawney Phil predicted an early spring, remember to also restage your applications regularly!
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v37.0.0 to v37.4.0
+
+Changes below are broken down by component:
+
+
+
+
+### dotnet-core-buildpack 2.4.20 to 2.4.21
+
+* Add dotnet-aspnetcore 6.0.26, remove dotnet-aspnetcore 6.0.25
+* Add dotnet-runtime 6.0.26, remove dotnet-runtime 6.0.25
+* Add dotnet-sdk 6.0.418, remove dotnet-sdk 6.0.417
+* Add dotnet-aspnetcore 7.0.15, remove dotnet-aspnetcore 7.0.14
+* Add dotnet-runtime 7.0.15, remove dotnet-runtime 7.0.14
+* Add dotnet-sdk 7.0.405, remove dotnet-sdk 7.0.404
+* Add dotnet-aspnetcore 8.0.1, remove dotnet-aspnetcore 8.0.0
+* Add dotnet-runtime 8.0.1, remove dotnet-runtime 8.0.0
+* Add dotnet-sdk 8.0.101, remove dotnet-sdk 8.0.100
+* Add node 20.11.0, remove node 20.10.0
+
+
+Packaged binaries:
+
+* bower 1.8.14
+* dotnet-aspnetcore 6.0.26
+* dotnet-aspnetcore 7.0.15
+* dotnet-aspnetcore 8.0.1
+* dotnet-runtime 6.0.26
+* dotnet-runtime 7.0.15
+* dotnet-runtime 8.0.1
+* dotnet-sdk 6.0.418
+* dotnet-sdk 7.0.405
+* dotnet-sdk 8.0.101
+* libgdiplus 6.1
+* libunwind 1.7.2
+* node 20.11.0
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+
+
+
+
+### java-buildpack 4.65.0 to 4.66.0
+
+This release includes the following updates:
+
+* This release contains the January Java patch releases for 1.8, 11, 17 & 21, as well as some framework dependency bumps. This includes an update to v2.0.0 of the new OpenTelemetry Java Agent.
+
+* For a more detailed look at the changes in `4.65.0`, please take a look at the [commit log](https://github.com/cloudfoundry/java-buildpack/compare/v4.65.0...v4.66.0). The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.
+
+
+
+### python-buildpack 1.8.18 to 1.8.19
+
+* add codeowners file, no changes to binary versions
+
+Packaged binaries:
+
+* libffi 3.2.1
+* libmemcache 1.0.18
+* miniconda3-py39 23.11.0
+* pip 23.3.2
+* pipenv 2023.11.15
+* python 3.8.18
+* python 3.9.18
+* python 3.10.13
+* python 3.11.7
+* python 3.12.1
+* setuptools 69.0.3
+
+Default binary versions:
+
+* python 3.10.x
+
+
+
+
+
+
+### CFLinuxfs4 - 1.68.0 up from 1.66.0 
+
+Notably, this release addresses:
+
+
+* USN-6592-1 USN-6592-1: libssh vulnerabilities:
+
+   * `CVE-2023-6004`: A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
+   * `CVE-2023-6918`: A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection.
+
+* USN-6593-1 USN-6593-1: GnuTLS vulnerabilities:
+
+   * `CVE-2024-0553`: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
+   * `CVE-2024-0567`: A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
+
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+
+
+
+### bosh-dns 1.36.12 to 1.37.1
+
+* Allow setting different log levels for log
+* Updates golang package golang-1-linux to 1.22.0
+* Updates golang package golang-1-windows to 1.22.0
+
+
+### Bpm 1.2.13 to 1.2.14
+
+* Fixed CVEs:
+    * CVE-2024-21626: runc: file descriptor leak
+
+
+
+### CAPI v1.169.0 to v1.171.0
+
+* CC API Version: 2.222.0 and 3.157.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+
+* Introduce new config attribute for Puma
+* Add dedicated config file for cc local workers
+* Add config attribute to override max_con for rotate-cc-database-key errand
+* Add config option to disable statsd metrics on api vms
+* Add public TLS endpoint for blobstore
+* Create bumping_ruby_packaging.md
+* Add cpu weight config options
+
+* Dependency Bumps
+  * Bump rubocop from 1.60.1 to 1.60.2
+  * Bump Ruby to version 3.2.3
+  * Bump rubocop from 1.59.0 to 1.60.0
+  * Bump rubocop-rspec from 2.25.0 to 2.26.1
+
+Cloud Controller
+
+* Switch to using digest-xxhash
+* Add deserialization spec for 'ActiveSupport::Duration'
+* Enable new cops Capybara/RedundantWithinField and FactoryBot/ExcessiveCreateList
+* Add annotations removal to prune_completed_tasks. Encapsulated the database activity into a transaction. Task labels were not getting deleted causing issues with foreign key violations.
+* Switch to "using" Zeitwerk Rails autoloader
+* Remove distinct for service plan list queries
+* Make MIN/MAX_CPU_PROXY values that are used for capping the cpu weight configurable
+* Dependency Bumps
+  * Bump rubocop from 1.60.0 to 1.60.2
+  * bump rspec-rails from 6.1.0 to 6.1.1
+  * bump mock_redis from 0.43.0 to 0.44.0
+  * bump newrelic_rpm from 9.7.0 to 9.7.1
+  * bump Ruby version to 3.2.3
+  * Upgrade to Rails 7.1
+
+cc-uploader
+
+* Dependency Bumps
+  * Bump github.com/onsi/gomega from 1.30.0 to 1.31.1
+  * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.15.0
+
+
+tps
+
+* Dependency Bumps
+  * Bump github.com/onsi/gomega from 1.30.0 to 1.31.1
+  * Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.15.0
+
+Cloud Controller Database Migrations
+
+* None
+
+
+
+### CF-Networking 3.40.0 to 3.41.0
+
+* Bump to go 1.21.6, go dependency bumps
+* Add GOVERSION env var to example apps
+
+
+### CF-Smoketests 42.0.126 to 42.0.128
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+
+
+### Diego 2.88.0 to 2.92.0
+
+
+* Buildpack path cache hash has 16 bytes
+* The `dockerapplifecycle` now supports workloads using the OCI image format.
+* Set Content-Digest header when uploading droplets to support environment that don't have md5 available
+* Fix BBS Port issues
+* Make max_containers configurable
+* Add xxhash as a dependency
+* Use major/minor versions of Go, instead of specific versions
+* Make jitter interval configurable. Add new config parameter: JitterFactor
+
+
+
+### Garden-runc from 1.47.0 to 1.48.0
+
+* ***runc + container have been bumped to address CVE-2024-21626***
+* Many updates to get garden-runc-release's CI configuration working in the wg-app-platform-runtime-ci repo
+* Many golang package dependency bumps
+
+
+
+### Routing 0.287.0 to 0.289.0
+
+* A new reserved port 7070 had been added 
+* Before deploying, please double-check your reserved ports settings for any clashes with port 7070, especially the `router.prometheus.port property`.
+* Add route_services_internal_server_port property
+* Add cipher-suites for TLS 1.3 and auto-generate the list from now on
+* Operators can now configure to prefer AZ-local backends before proxying to backends in other availability zones
+* Protect against data race when ReverseProxy modifies response headers
+* Fix ability to start gorouter with the default config
+
+
+### Silk 3.40.0 to 3.41.0
+
+* Go package dependency bumps
+
+
+### Statsd-injector 1.11.37 to 1.11.38
+
+* Bump dependencies
+* Bump packaged Golang to go1.21.6
+
+### Syslog 12.2.1 to 12.2.2
+
+* Bump dependencies
+* Bump packaged Golang to go1.21.6
+
+### UAA 76.30.0 to 76.31.0
+
+* Bump to UAA v76.31.0
+* Upgrade Newrelic to version 8.8.1
+* Upgrade Bellsoft JDK to version 17.0.10+13
+* Dependencies:
+    * Bump minitest from 5.20.0 to 5.21.1
+    * Bump github.com/cloudfoundry/bosh-utils from 0.0.423 to 0.0.424 in /src/acceptance_tests
+    * Bump concurrent-ruby from 1.2.2 to 1.2.3
+    * Bump activesupport from 7.1.2 to 7.1.3
+    * Bump github.com/onsi/gomega from 1.30.0 to 1.31.0 in /src/acceptance_tests
+    * Bump bigdecimal from 3.1.5 to 3.1.6
+    * Bump minitest from 5.21.1 to 5.21.2
+    * Bump github.com/cloudfoundry/bosh-utils from 0.0.424 to 0.0.425 in /src/acceptance_tests
+
+## Final Note
+
+Remember to regularly restage your applications to pull in updates to buildpacks and stack which are often patched for CVEs!
diff --git a/content/news/articles/2024-02-23-release-notes.md b/content/news/articles/2024-02-23-release-notes.md
new file mode 100644
index 0000000..dfc8ab6
--- /dev/null
+++ b/content/news/articles/2024-02-23-release-notes.md
@@ -0,0 +1,306 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-02-23
+title: "February 23rd cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log 
+
+## Before digging into the changes...
+
+* Reminder: Please contact support@cloud.gov to schedule your RDS upgrades if you have not already done so.
+* On February 29th at 9AM ET we'll be performing RDS upgrades on our own databases, we're all in the same boat!  In lower environments we've seen a ~5 minute unavailability while the RDS instances upgrade and expect similar results for production.  The scheduled maintenance can be followed at [https://cloudgov.statuspage.io/incidents/kk7t7lrm2jln](https://cloudgov.statuspage.io/incidents/kk7t7lrm2jln) 
+* The default amount of memory for staging applications has been increased from 1GB to 2GB to attempt to mitigate staging OOM issues.  This is a temporary solution while we work to identify the underlying issue.
+
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v37.4.0 to v38.1.0
+
+Changes below are broken down by component:
+
+
+### dotnet-core-buildpack 2.4.21 to 2.4.23
+
+* Add dotnet-aspnetcore 6.0.27, remove dotnet-aspnetcore 6.0.26
+* Add dotnet-runtime 6.0.27, remove dotnet-runtime 6.0.26
+* Add dotnet-sdk 6.0.419, remove dotnet-sdk 6.0.418
+* Add dotnet-aspnetcore 7.0.16, remove dotnet-aspnetcore 7.0.15
+* Add dotnet-runtime 7.0.16, remove dotnet-runtime 7.0.15
+* Add dotnet-sdk 7.0.406, remove dotnet-sdk 7.0.405
+* Add dotnet-aspnetcore 8.0.2, remove dotnet-aspnetcore 8.0.1
+* Add dotnet-runtime 8.0.2, remove dotnet-runtime 8.0.1
+* Add dotnet-sdk 8.0.200, remove dotnet-sdk 8.0.101
+
+
+Packaged binaries:
+
+* bower 1.8.14
+* dotnet-aspnetcore 6.0.27
+* dotnet-aspnetcore 7.0.16
+* dotnet-aspnetcore 8.0.2
+* dotnet-runtime 6.0.27
+* dotnet-runtime 7.0.16
+* dotnet-runtime 8.0.2
+* dotnet-sdk 6.0.419
+* dotnet-sdk 7.0.406
+* dotnet-sdk 8.0.200
+* libgdiplus 6.1
+* libunwind 1.8.0
+* node 20.11.0
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+
+### nginx-buildpack 1.2.10 to 1.2.11
+
+* Add openresty 1.25.3.1
+* Remove older versions of openresty so we keep 2 versions
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.3
+* openresty 1.21.4.2
+* openresty 1.25.3.1
+
+### nodejs-buildpack 1.8.21 to 1.8.22
+
+* Add python 3.11.8, remove python 3.11.7
+* Add node 20.11.0, remove node 20.9.0
+* Add new parameters for sealights hook
+
+Packaged binaries:
+
+* node 18.18.2
+* node 18.19.0
+* node 20.10.0
+* node 20.11.0
+* python 3.11.8
+* yarn 1.22.19
+
+Default binary versions:
+
+* node 18.x
+* python 3.11.x
+
+
+
+
+### ruby-buildpack 1.10.8 to 1.10.9
+
+* Add ruby 3.2.3, remove ruby 3.2.1
+* Add rubygems 3.5.6, remove rubygems 3.5.4
+* Add bundler 2.5.6, remove bundler 2.5.4
+
+Packaged binaries:
+
+* bundler 2.5.6
+* jruby 9.4.5.0
+* node 20.11.0
+* openjdk1.8-latest 1.8.0
+* ruby 3.1.3
+* ruby 3.1.4
+* ruby 3.2.2
+* ruby 3.2.3
+* ruby 3.3.0
+* rubygems 3.5.6
+* yarn 1.22.21
+
+Default binary versions:
+
+* ruby 3.2.x
+
+
+### staticfile-buildpack 1.6.9 to 1.6.10
+
+* Update Dynatrace tests to enable it on envs w/o preinstalled fs3 B
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.3
+
+Default binary versions:
+
+* nginx 1.25.x
+
+
+### CFLinuxfs4 - 1.72.0 up from 1.68.0 
+
+Notably, this release addresses:
+
+
+* `USN-6622-1` USN-6622-1: OpenSSL vulnerabilities:
+
+  * `CVE-2023-5678`: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
+  * `CVE-2023-6129`: Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
+  * `CVE-2023-6237`: Excessive time spent checking invalid RSA public keys
+  * `CVE-2024-0727`: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
+
+
+* `USN-6627-1` USN-6627-1: libde265 vulnerabilities:
+
+  * `CVE-2021-35452`: An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.
+  * `CVE-2021-36408`: An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.
+  * `CVE-2021-36409`: There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.
+  * `CVE-2021-36410`: A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.
+  * `CVE-2021-36411`: An issue has been found in libde265 v1.0.8 due to incorrect access control. A SEGV caused by a READ memory access in function derive_boundaryStrength of deblock.cc has occurred. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.
+  * `CVE-2022-1253`: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
+  * `CVE-2022-43235`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43236`: Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43237`: Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43238`: Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43239`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43240`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43241`: Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43242`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43243`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43248`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43252`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2022-43253`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+### bosh-dns 1.37.1 to 1.37.2
+
+* Updates golang package golang-1-linux to 1.22.0
+* Updates golang package golang-1-windows to 1.22.0
+
+
+### Bpm 1.2.14 to 1.2.16
+
+* Updates golang package golang-1-linux to 1.22.0
+
+
+### CAPI v1.171.0 to v1.172.0
+
+* CC API Version: 2.222.0 and 3.158.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+
+* Add jemalloc package to missing job specs
+
+* Dependency Bumps
+  * Bump rspec from 3.12.0 to 3.13.0 in /spec
+  * Bump Golang to go1.22.0
+
+Cloud Controller
+
+* Remove `distinct` when fetching security groups
+* Put service key binding/instance creation and job creation in one transaction
+* Remove dead code (cloudfoundry/cloud_controller_ng#3627) @philippthun
+* Use single SQL statement to fetch additional data in decorators
+* Set `work_mem` for annotation/label migration
+* Dependency Bumps
+  * Bump sequel from 5.76.0 to 5.77.0
+  * Bump rspec from 3.12.0 to 3.13.0
+  * Bump nokogiri from 1.16.0 to 1.16.2
+  * Bump hmarr/debug-action from 2 to 3
+  * Bump nokogiri from 1.15.3 to 1.16.2 in /docs/v3
+
+cc-uploader
+
+* Dependency Bumps
+  * None
+
+tps
+
+* Dependency Bumps
+  * None
+
+Cloud Controller Database Migrations
+
+* None
+
+
+### CF-Networking 3.41.0 to 3.42.0
+
+* Bump healthchecker package
+
+
+### CF-Smoketests 42.0.128 to 42.0.133
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### Diego 2.92.0 to 2.93.0
+
+
+* Add CPU Entitlement gauge metric & Deprecate CPU Entitlement counter metric
+* Bump docker to 20.10.27 to address GHSA-jq35-85cj-fj4p
+* golang-1.21-linux (1.21.7)
+
+
+
+### Garden-runc from 1.48.0 to 1.49.0
+
+* guardian is a little more helpful when logging messages about containers that could not be killed, even after sending multiple SIGKILLs. In situations such as this, the only recourse is to reboot the VM, if the container processes are stuck in an unkillable state in the kernel. In addition to making this error stand out more, we've added a new metric for `UnkillableContainers` that guardian emits. When nonzero, there is a container that cannot be killed. See the [CloudFoundry docs for Component metrics](https://docs.cloudfoundry.org/running/all_metrics.html#garden-linux) for more info.
+* Golang package dependency bumps
+* Bumped to Golang 1.21.7
+
+
+
+### Routing 0.289.0 to 0.291.0
+
+* Bugfix: Mitigates issue when operators set `router.route_service_internal_server_port`. Previously, this configuration parameter was not passed through to the Gorouter configuration.
+* Adds opt-in support for NTLM + other challenge-response based authentication using Authorization: Negotiate flows by automatically enabling sticky sessions for those requests.
+* Golang bump to 1.21.7
+* Go package dependency bumps
+
+
+### Silk 3.41.0 to 3.42.0
+
+* Go package dependency bumps
+
+
+
+### UAA 76.31.0 to 77.0.0
+
+Breaking Changes:
+
+* Remove: new relic
+* Remove: configs for the removed MFA feature
+* Please read UAA [v77.0.0 release notes](https://github.com/cloudfoundry/uaa/releases/tag/v77.0.0) for the server-level breaking changes
+  * ***Remove UAA's ability to act as a SAML identity provider***
+    * feat: clean up unused DB table service_provider used by UAA-as-SAML-IDP
+  * ***Remove: deprecated native MFA feature***
+  * Please note that upgrading to this release will clean up all persisted data related to the removed features mentioned above, so please proceed with caution.
+
+Dependency Bumps:
+
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.425 to 0.0.426 in /src/acceptance_tests
+* Bump github.com/onsi/gomega from 1.31.0 to 1.31.1 in /src/acceptance_tests
+* Ignore gomega bump in uaa v74.5.x branch.
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.426 to 0.0.427 in /src/acceptance_tests
+* Bump diff-lcs from 1.5.0 to 1.5.1
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.427 to 0.0.428 in /src/acceptance_tests
+* Bump nokogiri from 1.16.0 to 1.16.2
+* Bump rspec from 3.12.0 to 3.13.0
+* Bump minitest from 5.21.2 to 5.22.0
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.428 to 0.0.430 in /src/acceptance_tests
+* Bump minitest from 5.22.0 to 5.22.1
+* Revert "Bump github.com/cloudfoundry/bosh-utils in /src/acceptance tests"
+
+Misc:
+
+* Fix bosh release tests by @bruce-ricard in #762
+
+## Final Note
+
+Tune in next sprint for new release notes!
diff --git a/content/news/articles/2024-03-07-release-notes.md b/content/news/articles/2024-03-07-release-notes.md
new file mode 100644
index 0000000..1453027
--- /dev/null
+++ b/content/news/articles/2024-03-07-release-notes.md
@@ -0,0 +1,286 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-03-07
+title: "March 7th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log 
+
+## Before digging into the changes...
+
+* Reminder: Please contact support@cloud.gov to schedule your RDS upgrades if you have not already done so.
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v38.1.0 to v39.3.0
+
+Changes below are broken down by component:
+
+
+### dotnet-core-buildpack 2.4.23 to 2.4.24
+
+* Add dotnet-sdk 8.0.201, remove dotnet-sdk 8.0.200
+* Add node 20.11.1, remove node 20.11.0
+* Add support for BP_OPENSSL_ACTIVATE_LEGACY_PROVIDER, enables the new environment variable will load and active the legacy openssl provider
+* Remove `use_legacy_openssl` buildpack.yml setting in favour of the environment variable
+
+
+Packaged binaries:
+
+* bower 1.8.14
+* dotnet-aspnetcore 6.0.27
+* dotnet-aspnetcore 7.0.16
+* dotnet-aspnetcore 8.0.2
+* dotnet-runtime 6.0.27
+* dotnet-runtime 7.0.16
+* dotnet-runtime 8.0.2
+* dotnet-sdk 6.0.419
+* dotnet-sdk 7.0.406
+* dotnet-sdk 8.0.200
+* libgdiplus 6.1
+* libunwind 1.8.0
+* node 20.11.1
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+
+### php-buildpack 4.6.14 to 4.6.15
+
+* Add composer 2.7.1, remove composer 2.6.6
+* Add nginx 1.25.4, remove nginx 1.25.3
+* Add php 8.2.15, remove php 8.2.13
+* Add php 8.3.3, remove php 8.3.2
+
+
+Packaged binaries:
+
+* appdynamics 23.11.0-839
+* composer 2.7.1
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.24.0
+* nginx 1.25.4
+* php 8.1.26
+* php 8.1.27
+* php 8.2.14
+* php 8.2.15
+* php 8.3.1
+* php 8.3.3
+* python 2.7.18
+* ruby 3.0.5
+
+Default binary versions:
+
+* php 8.1.27
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.25.4
+* composer 2.7.1
+
+
+### python-buildpack 1.8.18 to 1.8.20
+
+* Add python 3.11.8, remove python 3.11.7
+* Add python 3.12.2, remove python 3.12.1
+* Add pip 24.0, remove pip 23.3.2
+* Add pipenv 2023.12.1, remove pipenv 2023.11.15
+* Add setuptools 69.1.0, remove setuptools 69.0.3
+
+Packaged binaries:
+
+* libffi 3.2.1
+* libmemcache 1.0.18
+* miniconda3-py39 23.11.0
+* pip 24.0
+* pipenv 2023.12.1
+* python 3.8.18
+* python 3.9.18
+* python 3.10.13
+* python 3.11.8
+* python 3.12.2
+* setuptools 69.1.0
+
+Default binary versions:
+
+* python 3.10.x
+
+
+### CF CLI  1.60.0 up from 1.56.0
+
+This release contains the following versions of the CF CLI:
+
+
+| Major Version | Prior Version | Current Version |
+| --------------|---------------|-----------------|
+| v8 | 8.7.7 | [8.7.8](https://github.com/cloudfoundry/cli/releases/tag/v8.7.8) |
+| v7 | 7.7.7 | [7.7.8](https://github.com/cloudfoundry/cli/releases/tag/v7.7.8) |
+| v6 | 6.53.0 | [6.53.0](https://github.com/cloudfoundry/cli/releases/tag/v6.53.0) |
+
+
+### CFLinuxfs4 - 1.79.0 up from 1.72.0 
+
+Notably, this release addresses:
+
+
+* `USN-6666-1` libuv vulnerability:
+  * `CVE-2024-24806`: libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its windows counterpart src/win/getaddrinfo.c), truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses like 0x00007f000001, which are considered valid by getaddrinfo and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the hostname_ascii variable (with a length of 256 bytes) is handled in uv_getaddrinfo and subsequently in uv__idna_toascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have username.example.com pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. USN-6665-1 Unbound vulnerabilities:
+  * `CVE-2023-50868`: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. 
+  * `CVE-2023-50387`: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. 
+* `USN-6644-2 USN-6644-2`: LibTIFF vulnerabilities:
+  * `CVE-2023-52356`: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
+  * `CVE-2023-6228`: An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.
+  * `CVE-2023-6277`: An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.
+* `USN-6664-1` USN-6664-1: less vulnerability:
+  * `CVE-2022-48624`: close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
+* `USN-6663-1` USN-6663-1: OpenSSL update:
+  * `https://launchpad.net/bugs/2054090`: Implicit rejection of PKCS#1 v1.5 RSA
+* `USN-6659-1` USN-6659-1: libde265 vulnerabilities:
+  * `CVE-2022-43249`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2023-25221`: Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.
+  * `CVE-2022-43245`: Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2023-24754`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+  * `CVE-2023-24758`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+  * `CVE-2022-47665`: Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)
+  * `CVE-2023-24752`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+  * `CVE-2022-43244`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2023-24756`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+  * `CVE-2023-24751`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+  * `CVE-2022-43250`: Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.
+  * `CVE-2023-24757`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+  * `CVE-2023-24755`: libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
+* `USN-6658-1` USN-6658-1: libxml2 vulnerability:
+  * `CVE-2024-25062`: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
+* `USN-6655-1` USN-6655-1: GNU binutils vulnerabilities:
+  * `CVE-2022-47695`: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.
+  * `CVE-2022-48063`: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
+  * `CVE-2022-48065`: GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
+* `USN-6640-1` USN-6640-1: shadow vulnerability:
+  * `CVE-2023-4641`: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+### bosh-dns 1.37.2 to 1.37.3
+
+* Updates golang package golang-1-linux to 1.22.1
+* Updates golang package golang-1-windows to 1.22.1
+
+
+
+### CAPI v1.172.0 to v1.173.0
+
+* CC API Version: 2.222.0 and 3.158.0
+* Service Broker API Version: 2.15
+
+CAPI Release
+
+* Add jemalloc package to missing job specs
+
+* Dependency Bumps
+  * Bump rspec from 3.12.0 to 3.13.0 in /spec
+  * Bump Golang to go1.22.0
+
+Cloud Controller
+
+* Add DISTINCT for service plan list queries - ***Note*** This is a bug we reported
+* Fix flakey space_delete_spec
+* Replace dataset.map().flatten.map() with optimized SQL query
+* Improve performance of decorators
+* Limit the lsof result by greping for the process id.
+* Remove some outdated stuff from the v3 docs
+* Don't fetch kpack_lifecycle_data
+* Improve deletion of apps
+
+* Dependency Bumps
+  * bump webmock from 3.20.0 to 3.21.2
+  * bump parallel_tests from 4.5.0 to 4.5.1
+  * bump pg from 1.5.4 to 1.5.5
+  * bump redis from 5.0.8 to 5.1.0 -
+  * bump mysql2 from 0.5.5 to 0.5.6
+
+
+
+cc-uploader
+
+* Dependency Bumps
+  * None
+
+tps
+
+* Dependency Bumps
+  * None
+
+Cloud Controller Database Migrations
+
+* `20240115163000_add_delete_cascade_to_foreign_keys.rb`
+
+
+
+
+### CF-Networking 3.42.0 to 3.43.0
+
+* Removes deprecated and unused/unworking istio code from the release.
+* Go package dependency bumps
+
+
+### CF-Smoketests 42.0.133 to 42.0.134
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### Diego 2.93.0 to 2.95.0
+
+
+* Now uses `DesiredLRPSchedulingInfo` instead of the entire `DesiredLRP` when only the scheduling info is needed, resulting in a 95% decrease in time spent for relevant calls.
+* Fix bosh job spec description for `container_max_cpu_shares`
+* dockerapplifecycle: Add OCI image spec index type to Accept header
+* vizzini: Remove CPUWeight test
+* bbs: Remove cpu_weight limits
+* guardian: Add tests for unkillable containers
+
+
+### Garden-runc from 1.49.0 to 1.50.0
+
+* Adds `grootfs.routine_gc` property, which allows operators to configure garden to grootfs to clean up unused container image layers whenever new containers are created.
+  * Previously, to achieve this, operators had to set `grootfs.reserved_space_for_other_jobs_in_mb` to the same value as the ephemeral disk, which is not always easy to obtain programatically.
+* Bump go dependencies
+
+
+
+### Routing 0.291.0 to 0.292.0
+
+* Dependency updates
+* Adds support for Partitioned cookies to gorouter to allow for sticky sessions in embedded contexts.
+
+### Silk 3.42.0 to 3.43.0
+
+* Go package dependency bumps
+
+
+
+## Final Note
+
+There is a new article about [displaying dynamic content on Pages static sites](https://cloud.gov/pages/knowledge-base/website-api/) which is worth a read!  
+
+Tune in next sprint for more cloud.gov release notes.
+
+
+
+
+
+
+
+
+
diff --git a/content/news/articles/2024-03-21-release-notes.md b/content/news/articles/2024-03-21-release-notes.md
new file mode 100644
index 0000000..b7ea233
--- /dev/null
+++ b/content/news/articles/2024-03-21-release-notes.md
@@ -0,0 +1,353 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-03-21
+title: March 21st cloud.gov Change Log
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log 
+
+## Before digging into the changes...
+
+* Reminder: Please contact support@cloud.gov to schedule your RDS upgrades if you have not already done so. 
+* The default amount of memory for staging applications has been increased from 1GB to 2GB to attempt to mitigate staging OOM issues.   Once we verify the recently deployed stemcells with the fix, we will be dropping it back down to 1 GB during upgrades next week. 
+* As mentioned above there is a fix for the Out of Memory issue, which is live in production. The release 1.404 contains this fix: 
+	
+    >  The linux kernel has been changed from the HWE line of kernels back to the LTS line of kernels. Changing from the current 6.5 to 5.15. This is an attempt to mitigate [issue 318](https://github.com/cloudfoundry/bosh-linux-stemcell-builder/issues/318) where we see cgroups with memory limits hitting OOM errors when they previously did not under the 6.2 kernel versions
+
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v38.1.0 to v39.7.0
+
+Changes below are broken down by component, note that `v39.7.0` was a stemcell update from `v1.404` to `v1.406` of the Jammy Stemcell, the rest listed below are for `v39.6.0`:
+
+#### dotnet-core-buildpack 2.4.23 to 2.4.25
+
+* Add dotnet-sdk 8.0.203, remove dotnet-sdk 8.0.202 ([#947](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/947))
+* Add dotnet-aspnetcore 6.0.28, remove dotnet-aspnetcore 6.0.27
+* Add dotnet-runtime 6.0.28, remove dotnet-runtime 6.0.27 ([#940](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/940))
+* Add dotnet-sdk 6.0.420, remove dotnet-sdk 6.0.419 ([#939](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/939))
+* Add dotnet-aspnetcore 7.0.17, remove dotnet-aspnetcore 7.0.16 ([#942](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/942))
+* Add dotnet-runtime 7.0.17, remove dotnet-runtime 7.0.16 ([#945](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/945))
+* Add dotnet-sdk 7.0.407, remove dotnet-sdk 7.0.406 ([#941](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/941))
+* Add dotnet-aspnetcore 8.0.3, remove dotnet-aspnetcore 8.0.2 ([#937](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/937))
+* Add dotnet-runtime 8.0.3, remove dotnet-runtime 8.0.2 ([#943](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/943))
+* Add dotnet-sdk 8.0.202, remove dotnet-sdk 8.0.201 ([#938](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/938))
+* Add libunwind 1.8.1, remove libunwind 1.8.0 ([#925](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/925))
+* Add node 20.11.1, remove node 20.11.0  
+* Add dotnet-sdk 8.0.201, remove dotnet-sdk 8.0.200  
+* Add support for BP_OPENSSL_ACTIVATE_LEGACY_PROVIDER ([#921](https://github.com/cloudfoundry/dotnet-core-buildpack/pull/921)) 
+* Enables the new environment variable will load and active the legacy openssl provider
+* Remove `use_legacy_openssl` buildpack.yml setting in favour of the environment variable
+
+
+Packaged binaries:
+
+* bower 1.8.14
+* dotnet-aspnetcore 6.0.27
+* dotnet-aspnetcore 7.0.16
+* dotnet-aspnetcore 8.0.2
+* dotnet-runtime 6.0.27
+* dotnet-runtime 7.0.16
+* dotnet-runtime 8.0.2
+* dotnet-sdk 6.0.419
+* dotnet-sdk 7.0.406
+* dotnet-sdk 8.0.201
+* libgdiplus 6.1
+* libunwind 1.8.1
+* node 20.11.1
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+#### go-buildpack 1.10.16 to 1.10.17
+
+* Add go 1.22.1, remove go 1.22.0 
+* Add go 1.21.8, remove go 1.21.7 
+* Deprecate Go 1.20.x (EOL) ([#424](https://github.com/cloudfoundry/go-buildpack/pull/424))
+
+Packaged binaries:
+
+* dep 0.5.4
+* glide 0.13.3
+* go 1.21.8
+* go 1.22.1
+* godep 80
+
+Default binary versions:
+
+* go 1.21.x
+
+#### java-buildpack 4.66.0 to 4.67.0
+For a more detailed look at the changes in 4.67.0, please take a look at the [commit log](https://github.com/cloudfoundry/java-buildpack/compare/v4.66.0...v4.67.0). The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.
+
+| Dependency                       | Version          | CVEs                                                                               | Release Notes                                                                                                                                |
+| -------------------------------- | ---------------- | ---------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| AppDynamics Agent                | `24.2.0_35552`   |                                                                                    | 
+| Azure Application Insights Agent | `3.5.0`          |                                                                                    | [Release Notes](https://github.com/Microsoft/ApplicationInsights-Java/releases)                                                              |
+| CA Introscope APM Framework      | `24.2.1_7`       |                                                                                    |                                                                                                                                              |
+| Client Certificate Mapper        | `2.0.1`          | Included inline above                                                              | Included inline above                                                                                                                        |
+| Container Security Provider      | `1.20.0_RELEASE` | Included inline above                                                              | Included inline above                                                                                                                        |
+| Contrast Security Agent          | `6.2.1`          |                                                                                    | [Release Notes](https://docs.contrastsecurity.com/en/java-agent-release-notes.html)                                                          |
+| Datadog APM Javaagent            | `1.31.0`         |                                                                                    | [Release Notes](https://github.com/DataDog/dd-trace-java/releases)                                                                           |
+| Elastic APM Agent                | `1.48.0`         |                                                                                    | [Release Notes](https://www.elastic.co/guide/en/apm/agent/java/current/release-notes.html)                                                   |
+| Gemalto Luna Security Provider   | `7.4.0`          |                                                                                    | [Release Notes](https://www.thalesdocs.com/gphsm/luna/7/docs/network/Content/CRN/Luna/CRN_Luna.htm)                                          |
+| Geode Tomcat Session Store       | `1.14.9`         |                                                                                    |                                                                                                                                              |
+| Google Stackdriver Profiler      | `0.1.0`          |                                                                                    | [Release Notes](https://cloud.google.com/profiler/docs/release-notes)                                                                        |
+| Groovy                           | `2.5.23`         |                                                                                    | [Release Notes](http://www.groovy-lang.org/releases.html)                                                                                    |
+| JaCoCo Agent                     | `0.8.11`         |                                                                                    | [Release Notes](https://github.com/jacoco/jacoco/releases)                                                                                   |
+| Java CFEnv                       | `3.1.5`          |                                                                                    | [Release Notes](https://github.com/pivotal-cf/java-cfenv/releases)                                                                           |
+| Java Memory Assistant Agent      | `0.5.0`          |                                                                                    |                                                                                                                                              |
+| Java Memory Assistant Clean Up   | `0.1.0`          |                                                                                    |                                                                                                                                              |
+| JProfiler Profiler               | `13.0.7`         |                                                                                    | [ChangeLog](https://www.ej-technologies.com/download/jprofiler/changelog.html)                                                               |
+| JRebel Agent                     | `2024.1.1`       |                                                                                    | [ChangeLog](https://www.jrebel.com/products/jrebel/changelog)                                                                                |
+| jvmkill Agent                    | `1.17.0_RELEASE` | Included inline above                                                              | Included inline above                                                                                                                        |
+| MariaDB JDBC Driver              | `2.7.9`          |                                                                                    | [Release Notes](https://mariadb.com/kb/en/mariadb-connector-j-2-7-9-release-notes/)                                                          |
+| Memory Calculator                | `3.13.0_RELEASE` | Included inline above                                                              | Included inline above                                                                                                                        |
+| Metric Writer                    | `3.5.0_RELEASE`  | Included inline above                                                              | Included inline above                                                                                                                        |
+| New Relic Agent                  | `8.9.1`          |                                                                                    | [Release Notes](https://docs.newrelic.com/docs/release-notes/agent-release-notes/java-release-notes/)                                        |
+| Open Telemetry Agent             | `2.1.0`          |                                                                                    | [Release Notes](https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases)                                               |
+| OpenJDK JRE 11                   | `11.0.22_12`     | [Risk Matrix](https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA) | [Release Notes](https://docs.bell-sw.com/liberica-jdk/11.0.22b12/general/release-notes/)                                                     |
+| OpenJDK JRE 17                   | `17.0.10_13`     | [Risk Matrix](https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA) | [Release Notes](https://docs.bell-sw.com/liberica-jdk/17.0.10b13/general/release-notes/)                                                     |
+| OpenJDK JRE 21                   | `21.0.2_14`      | [Risk Matrix](https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA) | [Release Notes](https://docs.bell-sw.com/liberica-jdk/21.0.2b14/general/release-notes/)                                                      |
+| OpenJDK JRE 8                    | `1.8.0_402`      | [Risk Matrix](https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA) | [Release Notes](https://docs.bell-sw.com/liberica-jdk/8u402b7/general/release-notes/)                                                        |
+| PostgreSQL JDBC Driver           | `42.7.2`         |                                                                                    | [Release Notes](https://jdbc.postgresql.org/changelogs/2024-02-21-42.7.2-release/) |
+| Redis Session Store              | `1.3.6_RELEASE`  | Included inline above                                                              | Included inline above                                                                                                                        |
+| Riverbed Appinternals Agent      | `11.8.5_BL527`   |                                                                                    |                                                                                                                                              |
+| SeaLights Agent                  | `4.0.2459`       |                                                                                    |                                                                                                                                              |
+| SkyWalking                       | `8.16.0`         |                                                                                    | [ChangeLog](https://github.com/apache/skywalking/tree/master/changes)                                                                        |
+| Splunk OpenTelemetry Java Agent  | `1.30.3`         |                                                                                    | [Release Notes](https://github.com/signalfx/splunk-otel-java/releases)                                                                       |
+| Spring Auto-reconfiguration      | `2.12.0_RELEASE` | Included inline above                                                              | Included inline above                                                                                                                        |
+| Spring Boot CLI                  | `2.7.18`         |                                                                                    |                                                                                                                                              |
+| Spring Boot Container Customizer | `2.6.0_RELEASE`  | Included inline above                                                              | Included inline above                                                                                                                        |
+| Takipi Agent                     | `4.73.3`         |                                                                                    | [Release Notes](https://doc.overops.com/docs/whats-new)                                                                                      |
+| Tomcat                           | `9.0.86`         | [Security](https://tomcat.apache.org/security-9.html)                              | [ChangeLog](https://tomcat.apache.org/tomcat-9.0-doc/changelog.html)                                                                         |
+| Tomcat Access Logging Support    | `3.4.0_RELEASE`  | Included inline above                                                              | Included inline above                                                                                                                        |
+| Tomcat Lifecycle Support         | `3.4.0_RELEASE`  | Included inline above                                                              | Included inline above                                                                                                                        |
+| Tomcat Logging Support           | `3.4.0_RELEASE`  | Included inline above                                                              | Included inline above                                                                                                                        |
+| YourKit Profiler                 | `2023.9.109`     |                                                                                    | [Release Notes](https://www.yourkit.com/changes/2023.9/yjp_2023_9.jsp)                                                                      |
+
+
+#### nginx-buildpack 1.2.11 to 1.2.12
+
+* Add nginx 1.25.4, remove nginx 1.25.3 ([#267](https://github.com/cloudfoundry/nginx-buildpack/pull/267))  
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.4
+* openresty 1.21.4.2
+* openresty 1.25.3.1
+
+Default binary versions:
+
+* nginx 1.25.x
+
+#### php-buildpack 4.6.15 to 4.6.16
+
+* Add php 8.2.16, remove php 8.2.14 
+
+Packaged binaries:
+
+* appdynamics 23.11.0-839
+* composer 2.7.1
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.24.0
+* nginx 1.25.4
+* php 8.1.26
+* php 8.1.27
+* php 8.2.15
+* php 8.2.16
+* php 8.3.1
+* php 8.3.3
+* python 2.7.18
+* ruby 3.0.5
+
+Default binary versions:
+
+* php 8.1.27
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.25.4
+* composer 2.7.1
+
+
+#### python-buildpack 1.8.20 to 1.8.21
+
+* Add setuptools 69.1.1, remove setuptools 69.1.0 
+* Add miniconda3-py39 24.1.2, remove miniconda3-py39 23.11.0 
+
+Packaged binaries:
+
+* libffi 3.2.1
+* libmemcache 1.0.18
+* miniconda3-py39 24.1.2
+* pip 24.0
+* pipenv 2023.12.1
+* python 3.8.18
+* python 3.9.18
+* python 3.10.13
+* python 3.11.8
+* python 3.12.2
+* setuptools 69.1.1
+
+Default binary versions:
+
+* python 3.10.x
+
+#### r-buildpack 1.2.8 to 1.2.9
+
+* Rebuild executables
+
+Packaged binaries:
+
+* r 3.6.3
+* r 4.2.3
+* r 4.3.2
+
+#### ruby-buildpack 1.10.9 to 1.10.10
+
+* Add jruby 9.4.6.0, remove jruby 9.4.5.0 ([#906](https://github.com/cloudfoundry/ruby-buildpack/pull/906))  
+* Add node 20.11.1, remove node 20.11.0 ([#905](https://github.com/cloudfoundry/ruby-buildpack/pull/905))  
+
+Packaged binaries:
+
+* bundler 2.5.6
+* jruby 9.4.6.0
+* node 20.11.0
+* openjdk1.8-latest 1.8.0
+* ruby 3.1.3
+* ruby 3.1.4
+* ruby 3.2.2
+* ruby 3.2.3
+* ruby 3.3.0
+* rubygems 3.5.6
+* yarn 1.22.21
+
+Default binary versions:
+
+* ruby 3.2.x
+
+#### staticfile-buildpack 1.6.10 to 1.6.11
+
+* Add nginx 1.25.4, remove nginx 1.25.3 ([#408](https://github.com/cloudfoundry/staticfile-buildpack/pull/408))  
+
+Packaged binaries:
+
+* nginx 1.24.0
+* nginx 1.25.4
+
+Default binary versions:
+
+* nginx 1.25.x
+
+### CFLinuxfs4 - v1.82.0 up from v1.79.0 
+
+Notably, this release addresses:
+* [USN-6694-1](https://ubuntu.com/security/notices/USN-6694-1) Expat vulnerabilities:
+   * [CVE-2024-28757](https://ubuntu.com/security/CVE-2024-28757):  libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
+   * [CVE-2023-52425](https://ubuntu.com/security/CVE-2023-52425):  libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
+
+* [USN-6677-1](https://ubuntu.com/security/notices/USN-6677-1) libde265 vulnerabilities:
+
+   * [CVE-2023-49468](https://ubuntu.com/security/CVE-2023-49468): Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
+   * [CVE-2023-49465](https://ubuntu.com/security/CVE-2023-49465): Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
+   * [CVE-2023-27102](https://ubuntu.com/security/CVE-2023-27102): Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.
+   * [CVE-2023-49467](https://ubuntu.com/security/CVE-2023-49467): Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
+   * [CVE-2023-27103](https://ubuntu.com/security/CVE-2023-27103): Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
+   * [CVE-2023-47471](https://ubuntu.com/security/CVE-2023-47471): Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
+   * [CVE-2023-43887](https://ubuntu.com/security/CVE-2023-43887): Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+### bpm 1.2.16 to 1.2.17
+
+* Updates golang package golang-1-linux to 1.22.1
+
+
+### CAPI v1.173.0 to v1.175.0
+
+#### Cloud Controller
+* Expose process CPU Entitlement in stats ([cloudfoundry/cloud_controller_ng#3641](https://github.com/cloudfoundry/cloud_controller_ng/pull/3641))
+
+* Dependency Bumps
+   * bump webmock from 3.21.2 to 3.23.0 ([cloudfoundry/cloud_controller_ng#3649](https://github.com/cloudfoundry/cloud_controller_ng/pull/3649), [cloudfoundry/cloud_controller_ng#3654](https://github.com/cloudfoundry/cloud_controller_ng/pull/3654))
+   * bump listen from 3.8.0 to 3.9.0 ([cloudfoundry/cloud_controller_ng#3653](https://github.com/cloudfoundry/cloud_controller_ng/pull/3653))
+   * bump googleapis-common-protos from 1.4.0 to 1.5.0 ([cloudfoundry/cloud_controller_ng#3655](https://github.com/cloudfoundry/cloud_controller_ng/pull/3655))
+
+Cloud Controller Database Migrations
+   * [20240222131500_change_delayed_jobs_reserve_index.rb](https://github.com/sap-contributions/cloud_controller_ng/blob/a6febf66cf9cf7c86b27b917df9b111b874b6972/db/migrations/20240222131500_change_delayed_jobs_reserve_index.rb)
+   * [20240219113000_add_routes_space_id_index.rb](https://github.com/sap-contributions/cloud_controller_ng/blob/a6febf66cf9cf7c86b27b917df9b111b874b6972/db/migrations/20240219113000_add_routes_space_id_index.rb)
+
+#### log-cache 3.0.10 to 3.0.11
+
+* Bump dependencies
+* Bump packaged Golang to go 1.21.8
+
+#### loggregator-agent 7.7.5 to 8.0.2
+
+* Bump dependencies
+* Bump to [go1.21.8](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg/m/46oA5yPABQAJ)
+
+
+### routing 0.292.0 to 0.293.0
+
+* [Add toggle to allow empty Content-Length headers](https://github.com/cloudfoundry/routing-release/commit/7f8762673e3b7dd564dc368855d053bd3703f895)
+* [fix: Enable syslog forwarding for gorouter](https://github.com/cloudfoundry/routing-release/commit/550c9b2271154c620b43f65037d6558a0437ae9f)
+* [fix: Don't retry more often than endpoints available](https://github.com/cloudfoundry/routing-release/commit/112f971405f85990f79509812afacec67771a5a2)
+* [Add an option to enable concurrent reads and responses in HTTP/1](https://github.com/cloudfoundry/routing-release/commit/be5ea2fb059574f213b8d0739b0ce0f78be68bdb)
+
+### statsd-injector 1.11.38 to 1.11.39
+
+* Bump dependencies
+* Bump to [go1.21.8](https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg/m/46oA5yPABQAJ)
+
+### syslog 11.8.17 to 12.2.3
+
+* Bump dependencies
+* Bump packaged Golang to go1.21.8
+
+
+### uaa 77.1.0 to 77.2.0
+
+* Bump to [UAA v77.2.0](https://github.com/cloudfoundry/uaa/releases/tag/v77.2.0)
+
+#### Misc
+
+* doc: clarify use of multiple URLs in uaa.ldap.url by [@peterhaochen47](https://github.com/peterhaochen47) in [#810](https://github.com/cloudfoundry/uaa-release/pull/810)
+* Revert "remove: gomega github ignore removed" by [@hsinn0](https://github.com/hsinn0) in [#811](https://github.com/cloudfoundry/uaa-release/pull/811)
+
+#### Dependency Bumps
+
+* Bump rspec-support from 3.13.0 to 3.13.1 by [@dependabot](https://github.com/dependabot) in [#809](https://github.com/cloudfoundry/uaa-release/pull/809)
+* Bump drb from 2.2.0 to 2.2.1 by [@dependabot](https://github.com/dependabot) in [#812](https://github.com/cloudfoundry/uaa-release/pull/812)
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.446 to 0.0.447 in /src/acceptance_tests by [@dependabot](https://github.com/dependabot) in [#814](https://github.com/cloudfoundry/uaa-release/pull/814)
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.447 to 0.0.448 in /src/acceptance_tests by [@dependabot](https://github.com/dependabot) in [#817](https://github.com/cloudfoundry/uaa-release/pull/817)
+* Bump i18n from 1.14.1 to 1.14.3 by [@dependabot](https://github.com/dependabot) in [#816](https://github.com/cloudfoundry/uaa-release/pull/816)
+* Bump github.com/cloudfoundry/bosh-utils from 0.0.448 to 0.0.449 in /src/acceptance_tests by [@dependabot](https://github.com/dependabot) in [#819](https://github.com/cloudfoundry/uaa-release/pull/819)
+* Bump i18n from 1.14.3 to 1.14.4 by [@dependabot](https://github.com/dependabot) in [#820](https://github.com/cloudfoundry/uaa-release/pull/820)
+
+
+#### Known Issues
+
+* During the upgrade to this version from UAA v76 or below with canary deployment (where briefly both new and old UAA servers could be running), UAA delete user endpoint might respond with an error even though the user deletion is successful. Mitigation: Delete users after the canary deployment finishes. But if you do run into this issue, you can ignore the error and check whether the user has been successfully deleted after the canary deployment finishes.
+
+**Full UAA Changelog**: [v77.1.0...v77.2.0](https://github.com/cloudfoundry/uaa-release/compare/v77.1.0...v77.2.0)
+
+
+## Final Note
+
+Tune in next sprint for new release notes!
\ No newline at end of file
diff --git a/content/news/articles/2024-04-04-release-notes.md b/content/news/articles/2024-04-04-release-notes.md
new file mode 100644
index 0000000..c91bd09
--- /dev/null
+++ b/content/news/articles/2024-04-04-release-notes.md
@@ -0,0 +1,218 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-04-04
+title: "April 4th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log 
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v39.7.0 to v40.1.0
+
+Changes below are broken down by component:
+
+
+#### binary-buildpack 1.1.9 to 1.1.10
+
+* Rebuild Executables
+
+#### dotnet-core-buildpack 2.4.25 to 2.4.26
+
+* Add dotnet-sdk 8.0.203, remove dotnet-sdk 8.0.202
+* Add dotnet-aspnetcore 6.0.28, remove dotnet-aspnetcore 6.0.27
+* Add dotnet-runtime 6.0.28, remove dotnet-runtime 6.0.27
+* Add dotnet-sdk 6.0.420, remove dotnet-sdk 6.0.419
+* Add dotnet-aspnetcore 7.0.17, remove dotnet-aspnetcore 7.0.16
+* Add dotnet-runtime 7.0.17, remove dotnet-runtime 7.0.16
+* Add dotnet-sdk 7.0.407, remove dotnet-sdk 7.0.406
+* Add dotnet-aspnetcore 8.0.3, remove dotnet-aspnetcore 8.0.2
+* Add dotnet-runtime 8.0.3, remove dotnet-runtime 8.0.2
+* Add dotnet-sdk 8.0.202, remove dotnet-sdk 8.0.201
+
+Packaged binaries:
+
+* bower 1.8.14
+* dotnet-aspnetcore 6.0.28
+* dotnet-aspnetcore 7.0.17
+* dotnet-aspnetcore 8.0.3
+* dotnet-runtime 6.0.28
+* dotnet-runtime 7.0.17
+* dotnet-runtime 8.0.3
+* dotnet-sdk 6.0.420
+* dotnet-sdk 7.0.407
+* dotnet-sdk 8.0.203
+* libgdiplus 6.1
+* libunwind 1.8.1
+* node 20.11.1
+
+Default binary versions:
+
+* dotnet-runtime 6.0.x
+* dotnet-aspnetcore 6.0.x
+* dotnet-sdk 6.0.x
+* bower 1.8.x
+
+#### php-buildpack 4.6.16 to 4.6.17
+
+* Add php 8.3.4, remove php 8.3.1
+* Add php 8.2.17, remove php 8.2.15
+* Add composer 2.7.2, remove composer 2.7.1
+
+Packaged binaries:
+
+* appdynamics 23.11.0-839
+* composer 2.7.2
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.24.0
+* nginx 1.25.4
+* php 8.1.26
+* php 8.1.27
+* php 8.2.16
+* php 8.2.17
+* php 8.3.3
+* php 8.3.4
+* python 2.7.18
+* ruby 3.0.5
+
+Default binary versions:
+
+* php 8.1.27
+* httpd 2.4.58
+* newrelic 10.11.0.3
+* nginx 1.25.4
+* composer 2.7.2
+
+
+#### python-buildpack 1.8.21 to 1.8.22
+
+* Add setuptools 69.2.0, remove setuptools 69.1.1
+
+Packaged binaries:
+
+* libffi 3.2.1
+* libmemcache 1.0.18
+* miniconda3-py39 24.1.2
+* pip 24.0
+* pipenv 2023.12.1
+* python 3.8.18
+* python 3.9.18
+* python 3.10.13
+* python 3.11.8
+* python 3.12.2
+* setuptools 69.2.0
+
+Default binary versions:
+
+* python 3.10.x
+
+
+#### r-buildpack 1.2.9 to 1.2.10
+
+* Update r 4.2.3 dependencies:
+  * forecast from 8.21.1 to 8.22.0
+
+Packaged binaries:
+
+* r 4.2.3
+* r 4.3.2
+
+
+#### cflinuxfs4 1.82.0 to 1.86.0
+
+Notably, this release addresses:
+
+* `USN-6715-1` unixODBC vulnerability:
+  * `CVE-2024-1013`: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.
+* `USN-6719-1` util-linux vulnerability:
+  * `CVE-2024-28085`: escape sequence Injection in wall
+* `USN-6718-1` curl vulnerabilities:
+  * `CVE-2024-2004`: Usage of disabled protocol
+  * `CVE-2024-2398`: HTTP/2 push headers memory-leak
+* `USN-6697-1` Bash vulnerability:
+  * `CVE-2022-3715`: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
+
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+### cf-networking 3.44.0 to 3.45.0
+
+* Go dependency bumps
+* Added config for staticcheck
+* Removed references to consul from documentation
+
+
+### cf-smoke-tests 42.0.137 to 42.0.140
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### diego 2.95.0 to 2.97.0
+
+* Bump to golang 1.21.8
+* Golang package dependency bumps
+  * Includes moving from docker v20 to docker v26
+  * Includes moving from pgx v3 to pgx v5
+* Remove references to Consul from boshrelease + documentation
+* Many fixes to remove deprecated code and otherwise fix linter violations.
+* Adds support for comma-delimited destinations in ASGs
+  * See: [cloudfoundry/executor#96](https://github.com/cloudfoundry/executor/pull/96) and [cloudfoundry/bbs#94](https://github.com/cloudfoundry/bbs/pull/94)
+* Bump bosh package blobs
+  * Bumps `jq` to `1.7.1`
+  * Bumps `tar`
+* Bump go.mod dependencies
+
+
+### garden-runc 1.50.0 to 1.51.0
+
+* Adds `grootfs.routine_gc` property, which allows operators to configure garden to grootfs to clean up unused container image layers whenever new containers are created.
+  * Previously, to achieve this, operators had to set `grootfs.reserved_space_for_other_jobs_in_mb` to the same value as the ephemeral disk, which is not always easy to obtain programatically.
+* Bump go dependencies
+
+
+### routing 0.293.0 to 0.294.0
+
+* Bump haproxy to 2.8.7
+* update templates to not refer to consul
+* Default the routing_api.enabled_api_endpoints to mtls
+* Update template test for mTLS routing api default
+* Upgrade cf-cli-8-linux
+
+
+### silk 3.44.0 to silk 3.45.0
+
+* Fixes to stop using deprecated code in tests (net.Error.Temporary())
+* Remove consul references from documentation
+* Fix issues bumping the code.cloudfoundry.org/executor package
+* Go package bumps
+
+
+### uaa 77.2.0 to 77.4.0
+
+* Bump to UAA v77.4.0
+* Misc
+  * Fixes a regression introduced in commit d10922a where we stopped reading the signatureAlgorithm from the properties file and only used the SHA1 default.
+* Dependency Bumps
+  * Add jwtClientAuthentication in Oauth provider examples
+  * Bump github.com/cloudfoundry/bosh-utils from 0.0.452 to 0.0.453
+  * Bump minitest from 5.22.2 to 5.22.3
+  * Bump bigdecimal from 3.1.6 to 3.1.7
+  * Bump nokogiri from 1.16.2 to 1.16.3
+  * Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 in /src/acceptance_tests
+
+
+## Final Note
+
+Enjoy the eclipse!  Our friends at NASA have [more details](https://science.nasa.gov/eclipses/future-eclipses/eclipse-2024/where-when/).  
+
+Tune in next sprint for more cloud.gov release notes.
+
diff --git a/content/news/articles/2024-04-18-release-notes.md b/content/news/articles/2024-04-18-release-notes.md
new file mode 100644
index 0000000..cd7a5d3
--- /dev/null
+++ b/content/news/articles/2024-04-18-release-notes.md
@@ -0,0 +1,101 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-04-18
+title: "April 18th cloud.gov Change Log"
+excerpt: The cloud.gov team is working on providing change logs so everyone can see new features and updates.
+---
+
+# Change Log 
+
+## Customer Facing Changes
+---
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+No buildpacks were updated this sprint.  The changes to the platform are also pretty light this time around, but more are coming soon!
+
+### CF-Deployment - v40.1.0 to v40.3.0
+
+Changes below are broken down by component:
+
+
+#### cflinuxfs4 1.86.0 to 1.87.0
+
+There were no CVEs patched for, the changes were only to packages.
+
+
+## Platform Changes
+---
+
+This section is for the platform operators at `cloud.gov` to highlight changes to Cloud Foundry components, this is likely not of interest for developers using the platform.
+
+
+### aide 21 to 22
+
+* Documentation only change
+
+### bpm 1.2.17 to 1.2.18
+
+* Updates golang package golang-1-linux to 1.22.2
+
+### capi 1.175.0 to 1.176.0
+
+#### CAPI Release
+
+* Dependency Bumps
+   * Bump Golang to go1.22.1
+
+#### Cloud Controller
+
+* Print output of blobstore benchmark again
+* Enhance local dev setup having a valid 'bits_path'
+* Update lock information logging to happen on info and to happen only once per state switch
+* Set warning header for outdated CF CLIs
+
+Dependencies
+
+* Bump debug from 1.9.1 to 1.9.2
+* Bump parallel_tests from 4.5.1 to 4.6.0
+* Bump rubocop-rails from 2.23.1 to 2.24.1
+
+Cloud Controller Database Migrations
+
+* None
+
+
+### cf-smoke-tests 42.0.140 to 42.0.141
+
+* Bump golang, cf-cli and smoke_tests packages
+
+
+### routing 0.294.0 to 0.295.0
+
+* Reverting the removal of the deprecated BuildNameToCertificate() call
+* Bumps to golang 1.21.9 + golang.org/x/net 0.23.0 to patch `CVE-2023-45288`
+
+### secureproxy 64 to 66
+
+* Tuning and documentation changes
+
+
+### shibboleth 120 to 121
+
+* Documentation changes
+
+
+### syslog 12.2.3 to 12.2.4
+
+* Bump dependencies
+* Bump packaged Golang to go1.21.9
+
+
+### uaa-customized 56 to 57
+
+* Documentation changes
+
+
+## Final Note
+
+Tune in next sprint for more cloud.gov release notes.
+
diff --git a/content/news/articles/2024-05-16-release-notes.md b/content/news/articles/2024-05-16-release-notes.md
new file mode 100644
index 0000000..e933cce
--- /dev/null
+++ b/content/news/articles/2024-05-16-release-notes.md
@@ -0,0 +1,78 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-05-16
+title: "May 16th Cloud.gov Release Notes"
+excerpt: The Cloud.gov team is working on providing release notes so everyone can see new features and updates.
+---
+
+# Release Notes
+
+## Developer Impacting Changes
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+###  Cloud.gov IDP
+* Updated TOTP QR Code image generation
+* TOTP Seed Length is now 32
+
+### CF-Deployment - v40.3.0 to v40.9.0
+
+Changes below are broken down by component:
+
+
+#### Go Buildpack v1.10.18
+
+* Add go 1.21.9, remove go 1.21.8 for stack(s) cflinuxfs3, cflinuxfs4 (#441)
+* Add go 1.22.2, remove go 1.22.1 for stack(s) cflinuxfs3, cflinuxfs4 (#442)
+
+
+### Java Buildpack v4.68.0
+
+This release contains dependency updates and an expansion to the detection criteria for the MySQL Driver - the buildpack will now not supply the driver if it finds an existing AWS MySQL driver, with the pattern aws-mysql-jdbc*.jar (thanks to @scottgai, #1068)
+
+### Nginx Buildpack v1.2.13
+
+* Updated github-config (#274)
+
+### NodeJS Buildpack v1.8.24
+
+* Add node 18.20.2, remove node 18.19.0 (#717) for stack(s) cflinuxfs3, cflinuxfs4
+* Add node 20.12.2, remove node 20.11.0 (#716) for stack(s) cflinuxfs4, cflinuxfs3
+* Add python 3.11.9, remove python 3.11.8 (#712) for stack(s) cflinuxfs4, cflinuxfs3
+* Updating github-config (#706)
+
+### PHP Buildpack v4.6.18
+
+* Add php 8.2.18, remove php 8.2.16 for stack(s) cflinuxfs4, cflinuxfs3
+* Add php 8.3.6, remove php 8.3.3 for stack(s) cflinuxfs4, cflinuxfs3
+* Add httpd 2.4.59, remove httpd 2.4.58 for stack(s) cflinuxfs4, cflinuxfs3
+
+### Python Buildpack v1.8.23
+
+* Add setuptools 69.5.1, remove setuptools 69.2.0 for stack(s) cflinuxfs4, cflinuxfs3
+* Add python 3.12.3, remove python 3.12.2 (#904) for stack(s) cflinuxfs3, cflinuxfs4
+* Add python 3.11.9, remove python 3.11.8 (#903) for stack(s) cflinuxfs4, cflinuxfs3
+* Add python 3.10.14, remove python 3.10.13 (#901) for stack(s) cflinuxfs4, cflinuxfs3
+* Add python 3.9.19, remove python 3.9.18 (#900) for stack(s) cflinuxfs3, cflinuxfs4
+* Add python 3.8.19, remove python 3.8.18 (#899) for stack(s) cflinuxfs3, cflinuxfs4
+
+### R Buildpack v1.2.11
+
+* Add r 4.3.3, remove r 4.3.2 for stack(s) cflinuxfs3, cflinuxfs4
+* Update r 4.2.3 dependencies for stack(s) cflinuxfs3, cflinuxfs4:
+* plumber from 1.2.1 to 1.2.2
+* shiny from 1.8.0 to 1.8.1.1
+
+### Ruby Buildpack v1.10.13
+
+* Deprecate Ruby 3.0.X (EOL)
+* Enable rails 7.1 compatibility for buildpack (#925)
+* Add rubygems 3.5.9, remove rubygems 3.5.8 (#932) for stack(s) cflinuxfs4, cflinuxfs3 [#187420578]
+* Add rubygems 3.5.8, remove rubygems 3.5.7 (#930)for stack(s) cflinuxfs4, cflinuxfs3
+* Add bundler 2.5.9, remove bundler 2.5.8 (#931) for stack(s) cflinuxfs4, cflinuxfs3
+* Add bundler 2.5.8, remove bundler 2.5.7 (#929) for stack(s) cflinuxfs4, cflinuxfs3
+* Add node 20.12.2, remove node 20.12.1 (#926) for stack(s) cflinuxfs3, cflinuxfs4
+
+### Staticfile Buildpack v1.6.12
+* Updating github-config (#415)
diff --git a/content/news/articles/2024-05-30-release-notes.md b/content/news/articles/2024-05-30-release-notes.md
new file mode 100644
index 0000000..22ddd89
--- /dev/null
+++ b/content/news/articles/2024-05-30-release-notes.md
@@ -0,0 +1,113 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-05-30
+title: "May 30th Cloud.gov Release Notes"
+excerpt: The Cloud.gov team is working on providing release notes so everyone can see new features and updates.
+---
+
+# Release Notes
+
+## Developer Impacting Changes
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v40.9.0 to v40.13.0
+
+Changes below are broken down by component:
+
+#### Binary Buildpack 1.1.12
+
+* Updating github-config
+* add codeowners [#173](https://github.com/cloudfoundry/binary-buildpack/pull/173)
+
+
+#### DotNet Core Buildpack 2.4.28
+
+* Add dotnet-aspnetcore 6.0.30, remove dotnet-aspnetcore 6.0.29
+* Add dotnet-aspnetcore 7.0.19, remove dotnet-aspnetcore 7.0.18
+* Add dotnet-aspnetcore 8.0.5, remove dotnet-aspnetcore 8.0.4 (#972)
+* Add dotnet-runtime 6.0.30, remove dotnet-runtime 6.0.29
+* Add dotnet-runtime 7.0.19, remove dotnet-runtime 7.0.18
+* Add dotnet-runtime 8.0.5, remove dotnet-runtime 8.0.4
+* Add dotnet-sdk 6.0.422, remove dotnet-sdk 6.0.421
+* Add dotnet-sdk 7.0.409, remove dotnet-sdk 7.0.408
+* Add dotnet-sdk 8.0.300, remove dotnet-sdk 8.0.204
+
+#### Go Buildpack v1.10.19
+
+* Updating github-config
+* Add go 1.22.3, remove go 1.22.2
+* Add go 1.21.10, remove go 1.21.9
+
+
+#### Java Buildpack v4.70.0
+
+This release contains support for Tomcat 10.1 in the form of a new version line, as well as some framework dependency bumps. It also contains the April Java patch releases for 8, 11, 17 & 21, as well as some framework dependency bumps.
+
+The default version of Tomcat will remain at 9.x, but you can now specify 10.1.x to be used by the buildpack, in the same way as changing the JRE version.
+
+```shell
+cf set-env <tomcat-app> JBP_CONFIG_TOMCAT '{ tomcat: { version: 10.1.+ } }'
+```
+
+For a more detailed look at the changes in [4.70.0](https://github.com/cloudfoundry/java-buildpack/releases/tag/v4.70.0). The packaged version of the buildpack, suitable for use with create-buildpack and update-buildpack, can be found attached to this release.
+
+#### Nginx Buildpack v1.2.14
+
+* Add nginx 1.26.0, remove nginx 1.24.0
+* Add nginx 1.25.5, remove nginx 1.25.4
+
+#### NodeJS Buildpack v1.8.25
+
+* Add node 18.20.3, remove node 18.19.1
+* Add node 20.13.1, remove node 20.11.1
+
+#### PHP Buildpack v4.6.19
+
+* Add php 8.3.7, remove php 8.3.4
+* Add composer 2.7.6, remove composer 2.7.5
+* Add php 8.2.19, remove php 8.2.17
+* Add composer 2.7.5, remove composer 2.7.4
+* Update default nginx version
+* Add nginx 1.25.5, remove nginx 1.25.4
+* Add nginx 1.26.0 
+* Rebuild php 8.2.18 
+* Add composer 2.7.4, remove composer 2.7.3
+* Add composer 2.7.3, remove composer 2.7.2
+
+#### Python Buildpack v1.8.25
+
+* Add miniconda3-py39 24.4.0, remove miniconda3-py39 24.1.2
+* Add setuptools 70.0.0, remove setuptools 69.5.1
+
+#### R Buildpack v1.2.12
+
+* Remove R 3.6 (old version)
+* Add r 4.4.0 with forecast 8.22.0, plumber 1.2.2, rserve 1.8.13, shiny 1.8.1.1
+
+#### Ruby Buildpack v1.10.15
+
+* Add jruby 9.4.7.0, remove jruby 9.4.6.0
+* Add bundler 2.5.10, remove bundler 2.5.9
+* Add rubygems 3.5.10, remove rubygems 3.5.9
+* Add ruby 3.3.1
+* Add ruby 3.2.4, remove ruby 3.2.2
+* Add ruby 3.1.5, remove ruby 3.1.3
+
+#### Staticfile Buildpack v1.6.13
+
+* Add nginx 1.26.0, remove 1.24.0
+* Add nginx 1.25.5, remove nginx 1.25.4
+
+
+### Platform Changes
+
+The following were also updated but are likely only of interest to a small subset of developers:
+
+* app-autoscaler bumped to [13.1.1](https://github.com/cloudfoundry/app-autoscaler-release/releases/tag/v13.1.1)
+* capi bumped to [1.182.0](https://github.com/cloudfoundry/capi-release/releases/tag/1.182.0)
+* cflinuxfs4 bumped to [1.98.0](https://github.com/cloudfoundry/cflinuxfs4/releases/tag/1.98.0)
+* diego bumped to [2.100.0](https://github.com/cloudfoundry/diego-release/releases/tag/v2.100.0)
+* garden-runc bumped to [1.53.0](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.53.0)
+* routing bumped to [0.298.0](https://github.com/cloudfoundry/routing-release/releases/tag/v0.298.0)
diff --git a/content/news/articles/2024-08-08-release-notes.md b/content/news/articles/2024-08-08-release-notes.md
new file mode 100644
index 0000000..627ae94
--- /dev/null
+++ b/content/news/articles/2024-08-08-release-notes.md
@@ -0,0 +1,50 @@
+---
+layout: layouts/post
+tags: news
+date: 2024-08-08
+title: "August 8th Cloud.gov Release Notes"
+excerpt: The Cloud.gov team is working on providing release notes so everyone can see new features and updates.
+---
+
+# Release Notes
+
+## Developer Impacting Changes
+
+The audience for this section is developers who maintain applications on cloud.gov and may need to respond to stack or buildpack changes.
+
+### CF-Deployment - v41.3.0 to v42.1.0
+
+Changes below are broken down by component:
+
+#### Binary Buildpack 1.1.13
+
+* remove references to the windows2016 stack
+
+#### Java Buildpack v4.71.0
+
+* This release contains dependency updates.
+
+
+#### NodeJS Buildpack v1.8.27
+
+* Add node 22.5.0, remove node 22.4.1
+* Add node 18.20.4, remove node 18.20.2
+* Add node 22.4.1
+* Add node 20.15.1, remove node 20.13.1
+
+#### R Buildpack v1.2.13
+
+* Add r 4.4.1 with dependencies for stack cflinuxfs4: forecast 8.23.0, plumber 1.2.2, rserve 1.8.13, shiny 1.8.1.1
+* Rebuild r 4.3.3 with dependencies for stack cflinuxfs4: forecast 8.23.0, plumber 1.2.2, rserve 1.8.13, shiny 1.8.1.1
+* Rebuild r 4.2.3 with dependencies for stack cflinuxfs4: forecast 8.23.0, plumber 1.2.2, rserve 1.8.13, shiny 1.8.1.1 
+* Remove 4.4.0 to keep buildpack under 1GB
+
+
+### Platform Changes
+
+The following were also updated but are likely only of interest to a small subset of developers:
+
+* app-autoscaler bumped to [14.1.1](https://github.com/cloudfoundry/app-autoscaler-release/releases/tag/v14.1.1)
+* capi bumped to [1.188.0](https://github.com/cloudfoundry/capi-release/releases/tag/1.188.0)
+* diego bumped to [2.101.0](https://github.com/cloudfoundry/diego-release/releases/tag/v2.101.0)
+* garden-runc bumped to [1.54.0](https://github.com/cloudfoundry/garden-runc-release/releases/tag/v1.54.0)
diff --git a/content/news/articles/articles.11tydata.js b/content/news/articles/articles.11tydata.js
new file mode 100644
index 0000000..dadbbf6
--- /dev/null
+++ b/content/news/articles/articles.11tydata.js
@@ -0,0 +1,5 @@
+module.exports = {
+  permalink: function (data) {
+    return `/${data.page.date.toISOString().split('T')[0].replace(/-/g, '/')}/${data.page.fileSlug}/`;
+  }
+};
\ No newline at end of file
diff --git a/content/news/index.html b/content/news/index.html
new file mode 100644
index 0000000..f8af3e2
--- /dev/null
+++ b/content/news/index.html
@@ -0,0 +1,27 @@
+---
+layout: layouts/wide
+permalink: "news/{% if pagination.pageNumber > 0 %}page/{{ pagination.pageNumber | plus: 1 }}/{% endif %}"
+title: cloud.gov news
+pagination:
+  data: collections.news
+  size: 8
+  alias: news
+  reverse: true
+---
+
+<div id="blog" class="bg-primary-darker usa-section--dark usa-content font-serif-lg padding-y-6 sign-up-intro usa-graphic-list">
+  <div class="grid-container">
+    <h1 class="text-normal text-white margin-0">{{title}}</h1>
+  </div>
+</div>
+<div class="grid-container">
+  <div class="grid-row">
+    <div class="desktop:grid-col-8 usa-prose padding-right-4">
+      <!-- This loops through the paginated posts -->
+      {%- for post in news %}
+        {% include "collection-item.html" post: post %}
+      {% endfor %}
+      {% include "pagination-links.html" %}
+    </div>
+  </div>
+</div>