TPS-5491 (cumulative patch)
Info | Value |
---|---|
Patch Name | Patch_20231103_TPS-5491_v1-7.3.1 |
Release Date | 2023-11-03 |
Target Version | 20200219_1130-V7.3.1 |
Product affected | Talend Administration Center |
Introduction
This patch is cumulative. It includes all previous generally available patches for Talend Administration Center 7.3.1.
NOTE: To download this patch, liaise with your Support contact at Talend.
Prerequisites
Consider the following requirements for your system:
- Talend Administration Center 7.3.1 must be installed.
Installation
- Log in to TAC and switch to Configuration-> Software Update, then enter the correct values and save. Follow the procedure described in the documentation: https://help.talend.com/r/en-US/7.3/installation-guide-big-data-linux/config-update-repo
- Switch to Software update page, where the new patch will be listed. The patch can be downloaded from here into the nexus repository.
- Login to local Nexus, and download the patch file.
- Stop all TAC instances.
- Please backup your database (if you meet issues with new patch, you can change to old one with this backup)
- Create a patch directory (eg:
<Talend>
/TAC_Patch). - Unzip patch file you received from support into this directory, then unzip the org.talend.administrator.war file as org.talend.administrator folder. (Note: Please rename org.talend.administrator-7.3.1.war if your old TAC application folder has a different name. Set the same name as your old TAC application name.)
- Create a backup directory (eg:
<Talend>
/TAC_Backup). - Copy folder
<Tomcat>
/webapps/org.talend.administrator into the backup directory. DO NOT place org.talend.administrator backup folder into webapps directory. - In
<Tomcat>
/webapps/ directory, remove the previous org.talend.administrator folder, then copy the org.talend.administrator folder unzipped at step 6 and paste in the current directory. -
Restore TAC configuration by replacing
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties and quartz.properties with the same files that are stored in your backup directory.Note:
- Make sure that no other instances of TAC webapp are deployed into Tomcat's webapps folder. Make sure your TAC backup folder has NOT been stored in
<Tomcat>
/webapps folder. - Restore DB driver by copying driver to
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/lib (available in backup directory<Talend>
/TAC_Backup). - If your TAC database is H2 db and embedded in TAC web folder (
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/database by default), don't forget to restore H2 db by replacing this folder with the exact corresponding folder from your backup directory. - H2 version in this patch is updated due to security reasons. To migrate to new version of H2, please follow the documentation: https://help.talend.com/r/en-US/7.3/migration-upgrade-guide-big-data/upgrading-the-h2-database-after-changing-h2-driver-to-21210.
- If your TAC works with SSO, you should restore the IDP Metadata file (
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/IDPMetadata.xml) from your backup directory.
- Make sure that no other instances of TAC webapp are deployed into Tomcat's webapps folder. Make sure your TAC backup folder has NOT been stored in
-
Restart TAC.
Note:
- It's recommended to clear browser cache after TAC patch has been applied.
- New configurable parameter for Jobserver connection timeout:
jobserverClient.port.timeout
, please update the value in DB when you meet theSocketTimeoutException
error(unit is millisecond), SQL statement example:UPDATE configuration SET configuration.value = "8000" WHERE configuration.key = "jobserverClient.port.timeout";
; - Log4j CVE-2021-44228 & CVE-2021-45046 fixed on Patch_20211217_TPS-5025_v1: please rebuild the jobs with latest Studio patch.
- If the fix is in scope of TPS-4991 and you want to activate it, please set the following property as true in JVM:
org.talend.tac.esb.feature.install.error.refresh = true
; The default value is false, so if not needed it is not recommended to change it. - New LDAP connection timeout parameter:
ldap.config.timeout
. You can change it by editing the value of the ldap.config.timeout property in milliseconds in the database configuration table. - In case of patch rollback, only the backup database can be used
Repeat the above steps for each instance.
TPS-5491
CVEs fixed in TPS-5491
- TAC-18739 [7.3.1] CVE-2013-6235: Vulnerability reported by trivy com.jamonapi:jamon v.2.74
Other issues fixed in TPS-5491
- TAC-3292 [7.3.1] metaservlet methods for "project Reference" to be deprecated
- TAC-18718 [7.3.1] Job Conductor page not show tasks
- TAC-18535 [7.3.1] Stop TAC connecting to unused ESB Infrastructure Services
- TAC-18569 [7.3.1] misleading example in configuration.properties JobServerClient.conf.timeout=30000
TPS-5490
CVEs fixed in TPS-5490
- TAC-18597 [7.3.1] CVE-2023-34610: com.cedarsoftware:json-io vulnerability found by trivy
- TAC-16787 [7.3.1] java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated
- TAC-18600 [7.3.1] Update jaxws-ri to version 2.3.6
- TAC-18246 [7.3.1] guava:30.0-jre | CVE-2020-8908
- TAC-18599 [7.3.1] Check whether Apache Directory jars can be replaced with api-all
Other issues fixed in TPS-5490
- TAC-18554 [7.3.1] NPE happen when LDAP firstName and lastName are empty
- TAC-18591 [7.3.1] No more user available with this license error
- TAC-18544 [7.3.1] when context.passwords.secured.only=true contexts not decrypted when default or original value is empty
- TAC-18346 [7.3.1] deploy error with virtual server : error 'Connection to server failed' occurred when 'Sending...'
- TAC-18433 [7.3.1] When execution is removed from scheduledJobManager basic and detailed status are not updated
- TAC-18596 [7.3.1] Redundant dependency opencsv-1.8_patched found in TAC
- TAC-18569 [7.3.1] misleading example in configuration.properties JobServerClient.conf.timeout=30000
TPS-5489
CVEs fixed in TPS-5489
- TAC-18416 [7.3.1] Findings in: shiro-web:1.10.0
Other issues fixed in TPS-5489
- TAC-18170 [7.3.1] Import same execution plan twice will throw NPE error
- TAC-18456 [7.3.1] Connection to server failed error even though logs are complete
- TAC-18463 [7.3.1] For Git project name with dot character ('.') project folder name is truncated in org.talend.administrator_git
- TAC-18467 [7.3.1] TAC Job Conductor - Statistic is showing as Removed
- TAC-18471 [7.3.1] XSS issue when deleting User Groups
- TAC-17875 [7.3.1] TAC new log retriever sub-optimal with some workloads
- TAC-18262 [7.3.1] output less redundant debug logs to make it easier to check customer's issues in logs
- TAC-18437 [7.3.1] Add/Delete task in EP with trigger tasks list will show empty
- TAC-18483 [7.3.1] Check and remove sensitive information from local storage
- TAC-18486 [7.3.1] TAC shows Runtime Down if Host name has trailing space characters.
- TAC-18517 [7.3.1] the QRTZ tables are missing after installing TAC 8 in Oracle DB
TPS-5488
CVEs fixed in TPS-5488
- TAC-18366 [7.3.1] CVE-2020-11971 org.apache.camel:camel-core 2.24.2
Other issues fixed in TPS-5488
- TAC-18296 [7.3.1] TAC 7.3 to 8 Error: Not correct logs when migration
- TAC-17774 [7.3.1] TAC Error : Warning "Checking Connection" for Git while adding projects
- TAC-18359 [7.3.1] Add the context parameter for saveEsbTask & updateEsbTask commands
- TAC-18342 [7.3.1] TAC UI bug in virtual server page
- TAC-18360 [7.3.1] Make the configuration for plan recovery mechanism separate from task recovery
- TAC-18247 [7.3.1] TAC software update page gives "Unexpected HTTP status '503'"
- TAC-18381 [7.3.1] Enable TAC's SMTP Debug option.
- TAC-11347 [7.3.1] Add deleting tasks from execution plan to the business log
- TAC-18456 [7.3.1] Connection to server failed error even though logs are complete
TPS-5487
CVEs fixed in TPS-5487
- TAC-18204 [7.3.1] org.apache.tomcat:tomcat-coyote:9.0.75
- TAC-18286 [7.3.1] Findings in: snappy-java:1.1.1.3
Other issues fixed in TPS-5487
- TAC-17617 [7.3.1] better handling of taskexecutionhistory content
- TAC-17799 [7.3.1] Investigate the failure of cross migration from mysql to other db
- TAC-18186 [7.3.1] Empty custom context does not reflect on TAC, uses original value instead.
- TAC-18230 [7.3.1] Recovery for execution plan doesn`t work properly when plan idquartzjob is different from plan id
- TAC-18270 [7.3.1] Issue with MetaServlet's "deleteUserGroupById" command.
- TAC-18250 [7.3.1] processing stopped after multi selecting "resume tasks" in UI
- TAC-12486 [7.3.1] Strange URL addon after starting TAC
- TAC-18214 [7.3.1] Unknown JavascriptException seen in Browser's console
- TAC-18236 [7.3.1] After applying Patch20230421TPS-5461_v1-8.0.1 customer is not able to connect to there JFrog Artifactory anymore and are seeing the "Timeout occurs while retrieving this parameter for URL:" message
- TAC-18247 [7.3.1] TAC software update page gives "Unexpected HTTP status '503'"
- TAC-18331 [7.3.1] Long latency (15 min) execution under virtual server node even though the Jobserver are graded with five starts under low load
TPS-5460
CVEs fixed in TPS-5460
- TAC-18104 [7.3.1] Vulnerability found in com.google.guava:guava:11.0.2 | CVE-2018-10237
- TAC-18090 [7.3.1] CVE: org.apache.tomcat:tomcat-catalina:9.0.69
- TAC-18128 [7.3.1] Vulnerabilities found in commons-cli 1.2
- TAC-18127 [7.3.1] Vulnerability found in jfreechart 1.0.13 | CVE-2007-6306
- TAC-18106 [7.3.1] CVE-2021-41973 : Vulnerability found in org.apache.mina:mina-core:2.1.3
- TAC-18107 [7.3.1] Vulnerability found in org.eclipse.jetty:jetty-server:9.4.48.v20220622 | CVE-2023-26048
- TAC-17871 [7.3.1] Jobs are stuck in "Running" Status for long period
Other issues fixed in TPS-5460
- TAC-17702 [7.3.1] Support Ubuntu 22.04 as a TAC OS
- TAC-17739 [7.3.1] TAC Support for MS SQL Server 2022
- TAC-17945 [7.3.1] Jobconductor display last execution log is slow.
- TAC-18097 [7.3.1] The column name 'processingstate' is specified more than once in the SET clause or column list of an INSERT
- TAC-18129 [7.3.1] Jobs triggered by execution plan cron triggers throws NPE
- TAC-17982 [7.3.1] Issues found for On unavailable Job server with virtual server
- TAC-18025 [7.3.1] Use attached dump file to migrate from postgres to oracle failed in 731 latest patch
- TAC-18078 [7.3.1] unable to properly use a custom schema with a postgres non default database
- TAC-18159 [7.3.1] Delete a task which is set in rollback in executionplan will throw Operation failed: !!!Cannot flush and commit transaction.!!!
TPS-5459
CVEs fixed in TPS-5459
- TAC-17948 [7.3.1] json-smart:2.4.6 | CVE-2023-1370
- TAC-17974 [7.3.1] org.codehaus.jettison: jettison:1.5.3
Other issues fixed in TPS-5459
- TAC-17917 [7.3.1] Nexus Arctifact list is being truncated in TAC
- TAC-17997 [7.3.1] License is not showing MDM named users count
- TAC-17861 [7.3.1] Zip file missing in job-conductor when calling an artifact task
- TAC-17618 [7.3.1] debug messages in TAC : DEBUG Segment
- TAC-18003 [7.3.1] The issue of removeServerProjectAuthorization | createServerProjectAuthorization
- TAC-17921 [7.3.1] Job execution recovery behavior is same amont each 'On unavailable Job server' settings
- TAC-17933 [7.3.1] Unauthorised Access to Users Feature
- TAC-17876 [7.3.1] updateDesStoragePeriodForLogFiles::TAC team failed error
- TAC-17976 [7.3.1] User list cache should be clear in notification page when users lose user access role
TPS-5458
CVEs fixed in TPS-5458
- TAC-17641 [7.3.1] CVE-2022-1471: snakeyaml:1.33
- TAC-17664 [7.3.1] CVE-2022-45787: apache-mime4j-storage:0.8.3
- TAC-17773 [7.3.1] CVE-2022-45688: Json:20220320
- TAC-17793 [7.3.1] maven-core:3.8.6
- TAC-17810 [7.3.1] CVE-2023-24998: commons-fileupload:1.4
- TAC-17824 [7.3.1] CVE: org.apache.tomcat:tomcat-catalina:9.0.68
- TAC-17834 [7.3.1] CVE-2021-28170: jakarta.el:3.0.3
Other issues fixed in TPS-5458
- TAC-17633 [7.3.1] Errors "can't connect to the zookeeper server" in TAC 7.3.1 even not used ESB
- TAC-17698 [7.3.1] Unable to migrate TAC's DB and no visible error.
- TAC-16466 [7.3.1] custom role for execution plan access
- TAC-17626 [7.3.1] TAC artifactory path validation incomplete
- TAC-17796 [7.3.1] resumePlan/pausePlan by MetaServlet for FileTrigger does not work
- TAC-17766 [7.3.1] 721 migration to latest 731 patch failed.
- TAC-17855 [7.3.1] Custom value for password type context parameter will be written to database in plain text when run a plan
- TAC-17637 [7.3.1] maxDurationBeforeCleaningOldJobs and maxDurationBeforeCleaningOldExecutionsLogs in configuration table the description should be days
- TAC-16763 [7.3.1] modify a NPA user which has not roles will fail with 'Save failed: NoSuchElementException'
- TAC-17821 [7.3.1] migration failed from 711 to 731 with oracle
- TAC-17277 [7.3.1] "use latest version" : the latest artifact version is not always selected- Jfrog
- TAC-17758 [7.3.1] Check whether exe/dll files needed for TAC
- TAC-17862 [7.3.1] Jobs executed using Chron trigger throws Cannot retrieve bean error
- TAC-17885 [7.3.1] Some tasks are killed when a value except 0 is set to "scheduler.conf.resetTaskStatus.maxDurationsOnEmptyLog"
- TAC-16377 [7.3.1] Server-Project authorization is not checked when deploy job is launched
- TAC-17916 [7.3.1] TAC Webapp cannot logon to TAC DB MS SQL Server when database.password contains special characters
- TAC-17278 [7.3.1] TAC support for FIPS (Federal Information Processing Standard)
- TAC-17763 [7.3.1] Support for PostgreSQL 15
- TAC-17876 [7.3.1] updateDesStoragePeriodForLogFiles::TAC team failed error
- TAC-17933 [7.3.1] Unauthorised Access to Users Feature
- TAC-17938 [7.3.1] "On unavailable jobserver" with "Restart task" does not work on virtual server
- TAC-17976 [7.3.1] User list cache should be clear in notification page when users lose user access role
TPS-5427
Issues fixed in TPS-5427
- TAC-17714 [7.3.1] Task end date and task duration details are not updated in TAC if we manually kill any job
- TAC-17600 [7.3.1] error 500 when selecting artifact in repository from job conductor
- TAC-17681 [7.3.1] Error and warn messages when execution plans are executed even they ran without any issues.
- TAC-17398 [7.3.1] Generated job not found after migration
- TAC-17572 [7.3.1] taskexecutionhistory table size and TAC start time
TPS-5425
CVEs fixed in TPS-5425
- TAC-17544 [7.3.1] Update ehcache version for hibernate in TAC
- TAC-17596 [7.3.1] CVE-2022-45693: Vulnerable lib Jettison 1.5.1 found in TAC
- TAC-17594 [7.3.1] CVE-2022-40152: com.fasterxml.woodstox:woodstox-core:6.2.7
- TAC-17599 [7.3.1] CVE-2022-42252: Vulnerable lib tomcat-coyote 9.0.58 found in TAC
- TAC-17699 [7.3.1] CVE-2021-44832: Log4j2 CVE appeared again after jcloud was updated
- TAC-17591 [7.3.1] CVE-2022-1471: Vulnerability was found in library SnakeYAML version 1.32
Other issues fixed in TPS-5425
- TAC-17608 [7.3.1] Metaservlet TAC database migration from Postgres to SQL Server is not working
- TAC-17645 [7.3.1] AWS sso created new user could not be updated from TAC UI
- TAC-17668 [7.3.1] Some tasks are killed even though "scheduler.conf.resetTaskStatus.maxDurationsOnEmptyLog" set to 0
- TAC-17602 [7.3.1] Task Status Mismatch Issue
- TAC-17371 [7.3.1] fewer business logs compared to 7.2.1
- TAC-17499 [7.3.1] TAC slowness in requesting run and deploying
- TAC-16293 [7.3.1] TAC will hang up if a task with a specific job enabling Statistics on the task is running
TPS-5423
CVEs fixed in TPS-5423
- TAC-17558 [7.3.1] Update CXF library to version 3.5.5
- TAC-17489 [7.3.1] CVE: CVE-2022-40154 com.thoughtworks.xstream:xstream:1.4.19(to 1.4.20)
- TAC-17598 [7.3.1] CVE-2022-3171: Vulnerable lib Protocol Buffers 3.6.1 found in TAC
Other issues fixed in TPS-5423
- TAC-17353 [7.3.1] Issue adding a new LDAP user in TAC
- TAC-17555 [7.3.1] Add a description into TAC cumulative patch Release Note
- TAC-17560 [7.3.1] "Storage period for generated Jobs" is not working.
- TAC-17569 [7.3.1] Add index for some table in MSSQL, Postgre, Oracle
- TPS-5421 [7.3.1] Update CXF library to version 3.5.5 (TAC-17558)
- TPS-5423 [7.3.1] Cumulative Patch - 20230106
Fixed issues
This patch is cumulative and contains the following fixes:
- TPS-3836 [7.3.1] LDAPs connection failure on TAC configuration page,LDAP user can not login(TAC-14109)
- TPS-3977 [7.3.1] Not possible to assign authorizations beyond 127 projects in TAC. (TAC-14177)
- TPS-4016 [7.3.1] After migrate from 6.4.1 to 7.3.1,login 7.3.1 TAC failed(TAC-14196)
- TPS-4088 [7.3.1] Studio doesn't fetch Use SSL for remote jobserver from TAC(TAC-14085)
- TPS-4100 [7.3.1] SaveESBTask command fails with error {"returnCode": 1} on metaservlet while publishing route.(TAC-14301)
- TPS-4075 [7.3.1] TAC is not response, when modified the project description then clicked save (TAC-14269)
- TPS-4119 [7.3.1] content of boolean Variables in TAC with capital letters (TAC-14283)
- TPS-4122 [7.3.1] Not possible to assign authorizations beyond 127 projects in TAC for usergroup users (TAC-14315)
- TPS-4171 [7.3.1] Cross migration doesn't work (TAC-13970)
- TPS-4148 [7.3.1] Issue with context list during Task creation not showing all contexts (TAC-13776)
- TPS-4168 [7.3.1] tRestClient - base64 - metaServlet : Input byte array has wrong 4-byte ending unit (TAC-14339)
- TPS-4174 [7.3.1] taskexecutionhistory table cleaning is not triggered automatically for a specific TAC DB(TAC-14375)
- TPS-4203 [7.3.1] org.talend.administrator.common.exception.DBException: !!!Cannot flush and commit transaction.!!! (TAC-13204)
- TPS-4214 [7.3.1] Cannot upgrade the TAC DB 6.1.1 to TAC DB 7.3.1 (TAC-14400)
- TPS-4251 [7.3.1] After migration from 6.4->7.3.1(MSSQL), metaservlet command listTasks returns NullPointerException.(TAC-14403)
- TPS-4127 [7.3.1] The realtime statistics of a job run in TAC are visible in real time statistics page with a delay (TAC-14308)
- TPS-4313 [7.3.1] "Read" user can commit changes to git server (TAC-14485)
- TPS-4345 [7.3.1] Context issue with double-quotes in custom value if the original value is enclosed in double quotes (TESB-28908)
- TPS-4258 [7.3.1] Users page goes blank after removing some columns from the view (TAC-14457)
- TPS-4288 [7.3.1] TAC login is case sensitive for regular and LDAP users (TAC-14230)
- TPS-4315 [7.3.1] TAC is not sending out notifications when task fails or user is created (TAC-14274)
- TPS-4350 [7.3.1] TAC is hanging when modify project description field or any other fields in TAC project (TAC-14565)
- TPS-4376 [7.3.1] TAC begins to hang / frozen (TAC-14369)
- TPS-4451 [7.3.1] "associatePreGeneratedJob" response time issue (TAC-14660)
- TPS-4395 [7.3.1] libraries migrations : error with filename containing whitespace (TAC-11721)
- TPS-4406 [7.3.1] Nexus 3 with "nexus-context-path=/nexus" is not functioning (TAC-14509)
- TPS-4423 [7.3.1] Context Parameters are reset during updateTask using MetaServlet (TAC-14656)
- TPS-4463 [7.3.1] 401 Authentication credentials were missing or incorrect
- TPS-4474 [7.3.1] Context variables in TAC not updated after re-importing from Nexus(TAC-14695)
- TPS-4492 [7.3.1] DB migration issue with TAC in 7.3.1(TAC-14496)
- TPS-4508 [7.3.1] Restart job option does not work when it is configured in TAC (TAC-14726)
- TPS-4528 [7.3.1] Swap of original values and custom value in TAC (TESB-31017)
- TPS-4451 [7.3.1] "associatePreGeneratedJob" response time issue (TAC-14660) (fix version 2)
- TPS-4537 [7.3.1] Retrieve Virtual Servers from TAC to Studio (TAC-14742)
- TPS-4540 [7.3.1] Metaservlet Create tag via metaservlet not working when branch not whitelisted (TAC-14782)
- TPS-4545 [7.3.1] [ESB conductor] can't create task with snapshots version (TESB-31136)
- TPS-4576 [7.3.1] Update studio certificates for signing of Job zip (TAC-14816)
- TPS-4557 [7.3.1] Setting "Use https (SSL/TLS)" Parameter via TAC Metaservlet API (TAC-14813)
- TPS-4579 [7.3.1] JVM Parameters Issue in 7.3 TAC (TAC-14823)
- TPS-4594 [7.3.1] Error happened while reading contexts from the source file!!!,"returnCode":5 (TAC-14841)
- TPS-4588 [7.3.1] The Console logs in TAC is not visible after applying the patch Latest 7.3 TAC Patch (TAC-14840)
- TPS-4619 [7.3.1] Job Conductor page UI issues (TAC-14853)
- TPS-4634 [7.3.1] there is not the notification email received when the task failed (TAC-14783)
- TPS-4665 [7.3.1] Artifactory - Not able to select context in ESB conductor(TESB-31816)
- TPS-4660 [7.3.1] Catalina log is filing up with lot of debugs(TAC-14901)
- TPS-4662 [7.3.1] TAC-DB migration problem 6.4 to 7.3 (oracle 12c to 19c)(TAC-14920)
- TPS-4658 [7.3.1] TAC7.3.1 when adding artefact through normal task, issue with context variable type (TAC-14864)
- TPS-4690 [7.3.1] Smtp fails with TLS error on 7.3(TAC-14892)
- TAC-14737 [7.3.1] Github Renaming the default branch from master
- TPS-4750 [7.3.1] Contexts of ESB Task not updated when ESB Task is updated with new artifact version (TESB-32442)
- TPS-4745 [7.3.1] Trigger context fileName, filePath and folderPath not passed to the job (TAC-15017)
- TPS-4749 [7.3.1] Able to see/run tasks in projects not having authorization when only using custom roles (TAC-15038)
- TAC-14549 [7.3.1] Metaservlet: cannot delete project without authorization
- TAC-13187 [7.3.1] Can't send email notifications when running Java11
- TESB-28187 [7.3.1] SaveEsbTask metaservlet command does not set context as active.
- TAC-14218 [7.3.1] "/nexus" is hardcoded in NexusBrowserBusiness.class.
- TESB-29552 [7.3.1] TAC: StringIndexOutOfBoundsException when creating ESB Conductor Tasks
- TAC-14039 [7.3.1] Intermittent issue of StringIndexOutOfBoundsException for TaskExecutionHistoryLogge
- TAC-14391 [7.3.1] TAC: Option to remove "Rights Management" from 'Administrative Use' role
- TAC-14634 [7.3.1] Metaservlet "associatePreGeneratedJob" API is taking Default as context group
- TAC-14766 [7.3.1] TAC(MariaDB 10.1) -> Timeline page throws error after installing patch TPS-4322
- TAC-14860 [7.3.1] Metaservlet call to createUserGroup fails with {"returnCode":5}
- TAC-13817 [7.3.1] Support Cache-Control attributes (No-store, No-cache)
- TAC-13761 [7.3.1] Tooo long time to complete the Job server status check
- TAC-14670 [7.3.1] TAC resiliency issue with statistics port
- TAC-14896 [7.3.1] TAC Errors after installing TAC Patch20201218TPS-4556_v2
- TAC-14968 [7.3.1] TAC-ESB is not able to deploy routes / nor displays runtimes
- TAC-14960 [7.3.1] Failed to deploy artifacts: Could not find artifact error when trying to publish jobs
- TPS-4626 [7.3.1] Viewer role do not have access to view Execution logs under Job conductor(TAC-14796)
- TPS-4724 [7.3.1] Roles for download an artifact from Nexus in TAC Job Conductor view (TAC-14316)
- TAC-15097 [7.3.1] project does not show in UI after executing CreateProject metaservlet command
- TAC-15054 [7.3.1] Execute update project by MetaServlet failed with {"returnCode":1}
- TAC-15124 [7.3.1] metaservlet listTrigger fails
- TAC-14924 [7.3.1] Displaying order is not consistent at Job Conductor screen
- TAC-14229 [7.3.1] Add functionality to display the actual TAC version to know the installed PATCH
- TAC-14811 [7.3.1] Zero byte job execution log issue on TAC
- TAC-14964 [7.3.1] Jobs stuck in RUNNING status (recovery mechanism for tasks and plans)
- TPS-4659 [7.3.1] the pause button on trigger does not work perfectly (TAC-14871)
- TPS-4689 [7.3.1] Cannot reach SVN server(TAC-14843)
- TPS-4765 [7.3.1] Metaservlet associatePreGeneratedJob error: This job doesn't have context: 'Default' (TAC-15086)
- TAC-15219 [7.3.1] not able to migrate MSSQL database from 6.1.1 to 7.3.1 (TAC-14697)
- TAC-15128 [7.3.1] TAC - GIT configuration
- TAC-14666 [7.3.1] TAC migration failed with h2 DB
- TAC-14973 [7.3.1] Execution Plans fails with status: INTERRUPTED, RUNNINGERROR, PLANLAUNCHED, RUNNINGERROR and ENDEDWITH_WARNING (fixed interrupted plan status issue
- TAC-15165 [7.3.1] select nexus job should display "Select artifact from Nexus" when if I use nexus as my artifactory repository type
- TAC-15265 [7.3.1] TAC / JOB CONDUCTOR : Error: Connection to server failed when deploying a job - jobserverClient.port.timeout (default timeout increased to 5 seconds)
- TPS-4784 [7.3.1] ERROR TalendRemoteServiceServlet - Expected to find an object with property ['items'] in path $ but found 'java.lang.String' (TAC-15016)
- TPS-4785 [7.3.1] OutofMemory issue caused by RemoteDataRetreiver - Java heap space (TAC-14970)
- TPS-4786 [7.3.1] job conductor error : History for task 'undefined' when an artifact is changed from an artifact task (TAC-15158)
- TPS-4796 [7.3.1] "Save failed: No more DP (2) user available with this license" when updating an existing DP user. (TAC-15009)
- TPS-4800 [7.3.1] The metaservlet 'updatetask' action does not update the new context variable of a new version of job in TAC (TAC-15037)
- TPS-4813 [7.3.1] Add group field in Nexus Artifact selection to avoid search list can not be retrieved (TAC-13164)
- TAC-15127 [7.3.1] The response for createTrigger metaservlet is not as expected when task id doesn't exist
- TAC-15235 [7.3.1] ImportExecutionPlan command for Metaservlet not working in TAC
- TAC-14108 [7.3.1] Need a RELIABLE way to identify if 2 or more TAC instances (not clusters) are using one DB schema
- TAC-15257 [7.3.1] Not able to save edited plan after added
- TAC-14939 [7.3.1] Provide a mechanism to collect the information about TPS patch installed on customer
- TAC-14898 [7.3.1] Pop for cloud migration in TAC upon login
- TAC-15307 [7.3.1] Newly added execution plan can't be displayed on UI if there is no task
- TAC-15204 [7.3.1] RCA for TAC blank page / stuck at license check
- TAC-14674 [7.3.1] download patch failed when use artifacotry for talend-updates
- TAC-15214 [7.3.1] Correct metaServlet documentation
- TAC-15244 [7.3.1] If "Use Latest Version" checkbox is checked when saving an Artifact Task with JFrog Artifactory 6.10.9, an exception is encountered
- TAC-15255 [7.3.1] The status icon is always spinning for LDAP configuration
- TAC-15322 [7.3.1] Sort on "Time left before next triggering" failed with error on oracle 12c
- TAC-15133 [7.3.1] Root task status is not as same as before when killed due to timeout for plan
- TAC-15378 [7.3.1] "nullpointer exception" in the TAC page : PROJECT AUTHORIZATIONS
- TAC-14735 [7.3.1] audit of users who are updating contexts from TAC
- TAC-15398 [7.3.1] NPE on 7.3.1 when select sort on next trigger time on JobConductor
- TPS-4853 [7.3.1] Checking connection' warning after adding GIT project (TAC-15090)
- TPS-4857 [7.3.1] Incorrect EP status when tasks fails during EP run with parallel execution and Cron trigger (TAC-15362)
- TPS-4870 [7.3.1] Request patch for issue Authorization page can't retrieve user from IAM(TAC-15403)
- TAC-15403 [7.3.1] Authorization page can't retrieve user from IAM
- TAC-15394 [7.3.1] Customized processMessagePort not reflecting in TAC UI
- TAC-15439 [7.3.1] Delete user failed for custom role is disabled.
- TAC-14240 [7.3.1] Metaservlet API listUsers : Add field to show if user logged in, similar to UI securityadmin users list
- TAC-11581 [7.3.1] Customer would like to be able to limit accress more granularly and create new roles
- TAC-14615 [7.3.1] Role with job conductor author + job conductor view can modify the triggers
- TAC-14681 [7.3.1] TAC Role Granularity - role where user can RUN and VIEW jobs, but cannot create trigger.
- TAC-13816 [7.3.1] Support for HTTP Strict Transport Security (HSTS) in TAC
- TAC-15427 [7.3.1] H2 DB migration failed from 721 to 731
- TPS-4866 [7.3.1] Cannot migrate the TAC DB from H2 to MySQL in 7.3.1 (TAC-15372)
- TPS-4881 [7.3.1] issue with the update of the password page when French language is chosen (TAC-15466)
- TAC-15332 [7.3.1] after TAC restart, one particular job can't be triggered (fixed NPE-s)
- TAC-15492 [7.3.1] Migrated datatypes don't match the non-migrated datatypes
- TAC-15524 [7.3.1] Click on "Recipients" will show error !!!Cannot flush and commit transaction.!!!
- TPS-4860 [7.3.1] MetaServlet command "requestDeployEsbTask" causes "All bundles are not active" even though all bundles are active in Runtime (APPINT-33143)
- TPS-4886 [7.3.1] Context variables in TAC 7.3.1 not updated after re-importing task from nexus (TAC-15426)
- TPS-4898 [7.3.1] Task not changing to "Ready to deploy" state in Job Conductor (TAC-15379)
- TPS-4900 [7.3.1] TAC throws NotificationExec NPE and fails sending task-failure notification mail (TAC-15461)
- TAC-15240 [7.3.1] Remove truncated "digests" of AWS credentials
- TAC-15456 [7.3.1] Update the parameter 'contextparamsrefresh' to 'contextParamsRefresh' for metaservlet 'updatetask' action
- TPS-4905 [7.3.1] .cfg file doesn't contain all the info (TAC-15541)
- TPS-4907 [7.3.1] "failed to lazily initialize a collection of role: org.talend.model.conductor.ExecutionVirtualServer.executionServers" (TAC-15565)
- TAC-15314 [7.3.1] Need assistance on siteminder configuration for customer
- TAC-15361 [7.3.1] unable to use TLS 1.2 only smtp server with JDK 8_292 and TAC
- TAC-14449 [7.3.1] Support of auth with Tokens in TAC
- TAC-15627 [7.3.1] TAC patch install notes regarding schema migration with liquibase
- TAC-15566 [7.3.1] TAC goes to hang state, problem is in LOCKS on the "dbo.taskexecutionhistory" table
- TAC-15388 [7.3.1] Exhausted DB connections from DB pool
- TAC-15343 [7.3.1] job conductor slow to open / display execution logs
- TPS-4913 [7.3.1] Artifact task stuck in TASK_LAUNCHED status (TAC-15518)
- TPS-4966 [7.3.1] throw java.sql.SQLException: READ_COMMITTED and SERIALIZABLE when switching to executionhistory with oracle DB (TAC-15697)
- TAC-15648 [7.3.1] Task with 'Ready to run' status is converted back to 'Ready to deploy' when changing attribute
- TAC-15540 [7.3.1] Failed to migrate from 7.2.1, 7.1.1 to 7.3.1, 8.0.1 (MySql 8.x)
- TAC-15323 [7.3.1] Job getting deployed every time when Use latest version box checked
- TAC-15674 [7.3.1] Trigger does not work after migration sometimes
- TAC-13980 [7.3.1] After applying TPS-3642_v2 - Artifact task with latest version is not updating the latest version on running the job.
- TAC-15681 [7.3.1] Context is not loaded after checked 'Use Latest Version'
- TAC-15326 [7.3.1] job started twice by TAC
- TAC-15678 [7.3.1] Creating ESB Task causes "can't be found with the matching properties" error
- TAC-14603 [7.3.1] Add changes due to race condition item, in TPSVC-15569
- TAC-15438 [7.3.1] Changing License from Talend Integration to Talend Data Service Platform blocks all DI users
- TAC-15372 [7.3.1] Cannot migrate the TAC DB from H2 to MySQL in 7.3.1
- TAC-15796 [7.3.1] ERROR: Data truncation: Data too long for column 'value' at row 1
- TAC-15756 [7.3.1] TAC: a source error message and its JA equivalent need to be modified
- TAC-15810 [7.3.1] Artifact task using latest version is converted back to 'Ready to deploy' when changing attribute
- TAC-15767 [7.3.1] Clarify metaservlet commands for pause Triggers
- TAC-15820 [7.3.1] unable to deploy mutiple artifact tasks in job conductor
- TAC-15507 [7.3.1] Incorrect Error log - shows "in nexus" repository although "artifactory" is used
- TPS-4942 [7.3.1] TAC to support LDAP Groups(TAC-11690)
- TPS-4944 [7.3.1] Updating ESB Task doesn't update list of bundles in "Bundles" tab (TAC-15677)
- TPS-4954 [7.3.1] migration mssql from v6.5.1 to v7.3.1 failed(TAC-15713)
- TPS-4960 [7.3.1] Comprehensive Log is needed for TAC-14735 Audit Context change regarding the TASK/PLAN (TAC-15751)
- TPS-4977 [7.3.1] Print Saml Response to the log (TAC-15687)
- TPS-4984 [7.3.1] NullPointerException when save changes of artifact tasks's setting in job conductor (TAC-15798)
- TPS-4989 [7.3.1] ESB tasks are stuck in Deploying or Requesting_Undeploy status (TAC-15841)
- TPS-5021 [7.3.1] Hibernate initialize failed with TAC 7.3.1 after applying TPS-4989(TAC-15905)
- TAC-15954 [7.3.1] URL returned blank when adding administrator at the end of TAC url
- TAC-15899 [7.3.1] Error when undeploying ESB task
- TAC-15894 [7.3.1] Task status in execution details are always in running when job server host ip is unavailable
- TAC-15778 [7.3.1] Reset context for esb task and modify context for an artifact task the context in Execution task don't have audit logs for context
- TAC-16001 [7.3.1] Context parameters not displaying in TAC
- TAC-16022 [7.3.1] RemoteDataRetriver never shutdown for execution when jobserver is unreachable
- TAC-16092 [7.3.1] TAC-7.3.1 "Null Pointer Exception" on Project Authorizations tab.
- TPS-4991 [7.3.1] java.lang.ClassNotFoundException: javax.jms.Destination when deploying from TAC (TPRUN-2532)
- TPS-5014 [7.3.1] error accessing runtime page, via a reverse proxy (F5) (TAC-14907)
- TPS-5020 [7.3.1] migrate libraries : not all artifacts from org.talend.libraries are migrated from old to new nexus (TAC-15951)
- TPS-5025 [7.3.1] A task running by a plan with a custom context will run with default context at times (TAC-15897)
- TAC-16135 [7.3.1] Check whether log4j 2.x is used in TAC, maybe it could be excluded
- TAC-16127 [7.3.1] Cannot see context in one of TAC in a cluster
- TAC-16121 [7.3.1] TAC patch list does not manage continuation_token from nexus
- TAC-16126 [7.3.1] An error FileNotFoundException occurs during deploy when a task enables "Use Latest Version"
- TAC-15917 [7.3.1] Null Pointer exception while browsing through the tasks in Job Conductor Tab
- TAC-15967 [7.3.1] edit user group which have user assigned will throw 500 error
- TAC-15776 [7.3.1] Delete task/plan print details in business log regarding task/plan deleted
- TAC-16148 [7.3.1] ExecutionPlan Page refresh has the 500 client error
- TPS-5038 [7.3.1] TAC upgraded to TPS-4989 then startup too long time(TAC-15962)
- TPS-5066 [7.3.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized" (TAC-16065)
- TPS-5088 [7.3.1] CVE-2021-42392 - Disable Remote H2 Console Access (TAC-16214)
- TAC-16140 [7.3.1] Changed to the applicationType from null to JOB for EP after cross migration
- TAC-16060 [7.3.1] Execution log is not immediately displayed though task has finished running
- TAC-15823 [7.3.1] Default context is not changed though removed from later version
- TAC-15513 [7.3.1] "scheduler.conf.retryRestartTaskWhenConnectionServerFailed" to be used by Tasks in Execution Plans (#1577)
- TAC-16232 [7.3.1] liquibase database migration error message
- TPS-5106 [7.3.1] TAC's DB issue when deploying ESB Tasks after patch (TAC-16277)
- TPS-5109 [7.3.1] Cannot update a task when task name and plan name are the same (TAC-16249)
- TPS-5100 [7.3.1] Metaservlet 'removeServerProjectAuthorization' failed with 'Cannot commit transaction (TAC-16245)
- TPS-5121 [7.3.1] After applying TPS-5025 Customer is facing "String index out of range: -1" for MetaServlet runTask with empty context {} (TAC-16246)
- TAC-16202 [7.3.1] Too many segment logs when debug threshold is set in technical logs
- TAC-16347 [7.3.1] 'could not execute statement' In the migrationLog file when migration Mysql/MSSQL to Postgre
- TAC-16198 [7.3.1] TAC task duration is at least 10 seconds greater than job duration
- TAC-16284 [7.3.1] No errors thrown on all migration Operations
- TPS-5146 [7.3.1] Update TAC dependency to replace log4j1 by reload4j (TAC-16339)
- TAC-16440 [7.3.1] Cross migration failed with oracle to other database
- TAC-16335 [7.3.1] Job running on Jobserver is killed unexpectedly
- TAC-15946 [7.3.1] Use nexus-migration tool to initialize nexus3.35 failed
- TAC-16442 [7.3.1] Cannot edit TAC projects with empty credential
- TAC-16483 [7.3.1] Many liquibase error logs when startup TAC with H2
- TAC-16304 [7.3.1] Customer doesn't see his admin users
- TAC-16333 [7.3.1] Update default value for ldap connection timeout to 30s
- TAC-16461 [7.3.1] User with Operation Manager role unable to see the previous execution logs
- TAC-16516 [7.3.1] Use default value jobserver.useCache=true when having DB connection problem
- TAC-16482 [7.3.1] The project is null on error message with associatePreGeneratedJob
- TAC-16468 [7.3.1] Change in behavior for getTaskIdByName metaservlet call
- TAC-16546 [7.3.1] Fix TAC name error in MetaServlet command help
- TPS-5158 [7.3.1] jgit hangs/sleep in FS.FileStoreAttributeCache step on Git Project Connection checking (TAC-16400)
- TPS-5161 [7.3.1] Change in behavior for getTaskIdByName metaservlet call (TAC-16468)
- TPS-5159 [7.3.1] user can't be imported into TAC by 'Import users' with json file (TAC-13275)
- TPS-5175 [7.3.1] Delayed task execution and task completion (TAC-16208)
- TAC-16147 [7.3.1] TAC role don't sync when update tac role from sso
- TAC-16547 [7.3.1] Cannot add AU role when using TP_ALL license
- TAC-16494 [7.3.1] The trigger info on plan is lost
- TAC-16370 [7.3.1] "DBException: task not found exception" when tasked deleted from metaservlet ->runTask and Jobconductor UI is still refreshing on it
- TAC-16513 [7.3.1] TAC 731 - H2 DB to Oracle Migration not recognizing the License in the Oracle Database
- TAC-16561 [7.3.1] Trigger name left ' is lost in File trigger
- TAC-16327 [7.3.1] Migration failed on executionplanpartcontextprmsid column from mysql to postgresql executionplanpartcontextprmsid using Metaservelet-> migrateDatabase
- TPS-5197 [7.3.1] Attribute:'svnid' not present while adding users in TAC using LDAP with SVN as storage(TAC-16555)
- TAC-16610 [7.3.1] Find possibility to enable hibernate.generate_statistics in TAC hibernate
- TAC-16626 [7.3.1] Metaservlet command "listUsers" doesn't show users ldap parameters
- TAC-16598 [7.3.1] Metaservlet command failed for createSandboxProject
- TAC-11822 [7.3.1] error / warning messages in TAC log should be more descriptive and meaningful
- TAC-15771 [7.3.1] Generate a Personal Access Token from TAC metaservlet
- TAC-16536 [7.3.1] cannot deploy and run normal task deployed as zip after jobserver reboot
- TAC-16309 [7.3.1] When Set business log limit by: Time, it can happen that all business log files are deleted and no new file created
- TPS-5169 [7.3.1] Stop & start features in ESBConductor are not working (TAC-16683)
- TPS-5234 [7.3.1] CVE-2022-31648: SSOUtils.buildErrorPage doesn't escape the error message (TAC-16644)
- TAC-16445 [7.3.1] TAC connection to Nexus behind proxy
- TPS-5241 [7.3.1] Fix ConcurrentModificationException in RealtimeDataParser (TAC-16704)
- TPS-5242 [7.3.1] missing realtime statistics from older executions (TAC-16695)
- TAC-16738 [7.3.1] Transaction deadlocked with SQL Server
- TAC-16801 [7.3.1] Notification isn't send for 'On user deletion' event when deleting user with metaservlet
- TAC-16834 [7.3.1] Reset password: typo in error message
- TAC-16554 [7.3.1] Add innodbstrictmode=OFF setting in DB config file
- TAC-16743 [7.3.1] org.hibernate.HibernateException: Illegal attempt to associate a collection with two open sessions
- TAC-16890 [7.3.1] Real time statistics is not shown anymore
- TAC-16858 [7.3.1] Not all connection results are visible in real time statistics
- TPS-5163 [7.3.1] TAC real time statistics do not work sometimes (TAC-16303)
- TAC-16495 [7.3.1] TAC Execution Plan stuck in Status "Killing"
- TAC-16703 [7.3.1] No error message when project is NPA and role is admin when login from SSO
- TAC-16753 [7.3.1] The interaction between tds and scim takes more time than 721
- TAC-16770 [7.3.1] Limit the number of patches on SoftwareUpdate page
- TAC-16897 [7.3.1] Unable to display/update context parameter using API while publishing a new version of job
- TAC-16913 [7.3.1] Migration hidden failure from V7.3.1 per JOBCONDUCTORMANAGMENT role from TPS-4088 to TPS-5066
- TAC-16958 [7.3.1] New added context in jobconductor will disappears after running artifact task
- TPS-5265 [7.3.1] Execution Plan Name not available in Triggered by Section in Job Conductor (TAC-16856)
- TPS-5267 [7.3.1] Backport "TAC needs to capture the logging in business log when pausing / resuming Execution Plan (TAC-16820)
- TAC-16621 [7.3.1] Add in Audit logs actions on Personal Tokens for TAC
- TAC-16761 [7.3.1] use Long for execution task parameter id
- TAC-16884 [7.3.1] Metaservlet: 'Cannot flush and commit transaction' when deleting ESB task
- TAC-16909 [7.3.1] No token set error on TAC DB config page
- TAC-16958 [7.3.1] New added context in jobconductor will disappears after running artifact task
- TAC-16982 [7.3.1] Plan: delete parameter in plan, but it is still referenced in context parameter
- TAC-17009 [7.3.1] The EP status should be interrupted when EP is not parallel execution
- TAC-17021 [7.3.1] Create task failed when artifact with context (H2 db)
- TAC-17026 [7.3.1] metaservlet help all for revokePersonalAccessTokenOfUser need update
- TAC-17035 [7.3.1] Rollback does not work when EP is killed by timeout
- TPS-5298 [7.3.1] The job always keep "running" when stop jobserver(TAC-16988)
- TAC-17014 [7.3.1] Delete custom context parameter need a extra refresh to see parameter disappear
- TAC-17057 [7.3.1] Contains the multiple repeat keys when export the config parameters
- TPS-5332 [7.3.1] Facing issue in servers page of TAC when trying to edit the name in the label section (TAC-17044)
- TPS-5325 [7.3.1] task status set to "Ended with Warning" and could not be triggered anymore (TAC-16790)
- TAC-17076 [7.3.1] Migration faild from 72 to 73/801
- TAC-17157 [7.3.1] Authorization Resource/Role assignments not properly refreshed
- TPS-5343 [7.3.1] "use latest version" the latest artifact version is not always selected - continuation token (TAC-17158)
- TAC-17176 [7.3.1] Master key encoded wrongly when running service in Japanese locale
- TAC-17177 [7.3.1] "use latest version" is not the latest job for the job order in jfrog is not same as studio
- TAC-17181 [7.3.1] migrateDatabase command Source=Oracle Target=PostgreSQL : creates empty tables in postgreSQL DB
- TAC-17184 [7.3.1] Update context from default and custom save it will show error after deploy a new version.
- TAC-17249 [7.3.1] job server high availability via virtual job server in case of failure does not work
- TAC-17265 [7.3.1] Unable to create tasks with TPS-5329
- TPS-5370 [7.3.1] Version: 500 The call failed on the server after apply the latest TAC patch (SqlServer with jtds driver)(TAC-17295)
- TAC-17248 [7.3.1] Metaservlet migratedatabase action does not work between mysql and mssql
- TAC-17304 [7.3.1] Old context parameter names not removed when updating task manually in TAC or using contextParamsRefresh=false with MetaServlet
- TAC-17393 [7.3.1] Duplicate entry XXX for key 'executiontaskjobprm.PRIMARY'
- TAC-17373 [7.3.1] Wrong unit for maxDurationBeforeCleaningOldJobs maxDurationBeforeCleaningOldExecutionsLogs, but doc showing days as unit
- TAC-16989 [7.3.1] Update EP does not work
- TPS-5374 [7.3.1] reset context parameter result in emply context (blank) with TPS-5343 if generatedJobs folder path is non canonical (TAC-17362)
- TPS-5379 [7.3.1] job status stuck "running" if using postgres DB, and job generating "null" in job logs (TAC-17389)
- TAC-17433 [7.3.1] Big data streaming Conductor could not list task entries
- TAC-17474 [7.3.1] Big data streaming Conductor could not deploy and run
- TPS-5391 [7.3.1] Talend jobs getting killed automatically in 7.3.1 (TAC-17432)
- TPS-5394 [7.3.1] Task Status are not updating in TAC UI (TAC-17475)
- TAC-17500 [7.3.1] Deadlock when reset task on jobserver timeout (Postgres Sql)
- TPS-5362 [7.3.1] Integrate with authentication feature for JobServer's FileServer (TAC-17056)
- TPS-5412 [7.3.1] Update jobserver client version for issue TPRUN-4892 and TPRUN-4898
- TPS-5419 [7.3.1] Metaservlet not able to read context from Artifact (TAC-17525)
Security fixes
This patch includes the security fixes:
- TPS-4255 [7.3.1] Security fix cross site script vulnerability in Project section (ulr field)(TAC-14300)
- TPS-4698 [7.3.1] Stored Cross Site Scripting (XSS) (TAC-14821)
- TAC-14921 [7.3.1] External library updates
- TAC-14806 [7.3.1] TAC Web UI cookie contains version information
- TAC-14167 [7.3.1] Fix OS commands injection issues
- TAC-15110 [7.3.1] Security method SecurityUtils.isSafePath() doesn't work correctly on windows env
- TAC-15259 [7.3.1] TAC vulnerability - "Auto-complete-enabled"
- TAC-15032 [7.3.1] VULN ID - 53109575 - Insufficient Authentication
- TAC-15026 [7.3.1] VULN ID - 53109573 - Session Fixation
- TAC-15030 [7.3.1] VULN ID - 53109571 -Insufficient session expiration
- TAC-15305 [7.3.1] Vulnerability is in a direct dependency XStream Core
- TAC-15478 [7.3.1] Vulnerability found in json-smart lib
- TAC-15517 [7.3.1] This vulnerability is in a direct dependency Maven Core was found
- TAC-15589 [7.3.1] Vulnerability found in maven-compat lib
- TAC-15242 [7.3.1] All remaining SQL Injection flaws
- TAC-15085 [7.3.1] Hibernate SQL Injection vulnerability in Embedded H2 backup mechanism
- TAC-15746 [7.3.1] This vulnerability is in a transitive dependency maven shared utils
- TAC-15689 [7.3.1] Vulnerability found in commons-compress, apache shiro, jsoup Java html parser, xstream-core lib
- TAC-15950 [7.3.1] Vulnerability in "forgot password" functionality in TAC
- TAC-15992 [7.3.1] Forgot password should be executed for existing and not existing user for the same time
- TAC-16076 [7.3.1] Log4j security Vulnerability - CVE-2021-44228 & CVE-2021-45046 in TAC
- TAC-16133 [7.3.1] This vulnerability was found in version 2.1.6 of Apache XML Security for Java
- TAC-16115 [7.3.1] TAC - Log4j2 CVE-2021-45105 DOS attack Fix - Version (2.17.0 update)
- TAC-15298 [7.3.1] Talend - 01 - OTG-INFO-005 - Review Webpage Comments and Metadata for Information Leakage
- TAC-16213 [7.3.1] Update H2 dependency to 2.0.206
- TAC-16344 [7.3.1] Update H2 dependency to 2.1.210
- TAC-16487 [7.3.1] Vulnerable library JDOM was found in org.talend.migration.artifactory/pom.xml
- TAC-16486 [7.3.1] Vulnerable library Liquibase was found in org.talend.migration/pom.xml
- TAC-16390 [7.3.1] CVE-2022-29943: Talend2 - 01 - XXE
- TAC-16407 [7.3.1] CVE-2022-29942: Talend2 - 03 - SSRF
- TAC-16485 [7.3.1] Remove the log4j 1.2.17 in nexus-signature-migration jar
- TAC-16420 [7.3.1] Talend2 - 02 - Database authentication testing endpoint is not authenticated
- TAC-16567 [7.3.1] CVE-2021-43859: Vulnerable library XStream Core 1.4.18
- TAC-16568 [7.3.1] CVE-2020-36518: Vulnerable library jackson-databind 2.12.2
- TAC-16624 [7.3.1] CVE-2022-23181: Vulnerable library tomcat-catalina 9.0.54
- TAC-16644 [7.3.1] SSOUtils.buildErrorPage doesn't escape the error message
- TAC-16668 [7.3.1] Update to Apache CXF 3.5.2 for TAC
- TAC-16792 [7.3.1] Session creation is insecure
- TAC-16794 [7.3.1] For cookie "dbadminsession" HttpOnly needs to be added
- TAC-14807 [7.3.1] Fix possible SQL Injection issues
- TAC-16977 [7.3.1] CVE-2022-32532: Update apache shiro to 1.9.1 version
- TAC-16978 [7.3.1] CVE-2022-25647: Update Gson lib to version 2.9.0
- TAC-16980 [7.3.1] CVE-2022-23221: Update Maven Core to version 3.8.6
- TAC-16979 [7.3.1] CVE-2021-26291: Update H2 Database Engine to version 2.1.214
- TAC-17017 [7.3.1] CVE-2022-33980: Update Apache Commons Configuration to version 2.8.0
- TAC-16985 [7.3.1] Implement file path traversal guards
- TAC-17227 [7.3.1] Remove default credentials to nexus and artifactory
- TAC-17331 [7.3.1] CVE-2022-23437: Vulnerable lib Xerces 2.12.0 found in TAC
- TAC-17330 [7.3.1] CVE-2022-40150: Vulnerable lib Jettison 1.4.0 found in TAC
- TAC-17332 [7.3.1] CVE-2022-40664: Vulnerable lib shiro-web found in TAC
- TAC-17354 [7.3.1] CVE-2022-42003: Vulnerable library jackson-databind was found in TAC
- TAC-17340 [7.3.1] CVE-2022-42889: Update lib apache.commons-text
- TAC-17424 [7.3.1] CVE-2022-25857: Vulnerability was found in library SnakeYAML version 1.26
- TAC-17482 [7.3.1] CVE: commons-codec:commons-codec:1.11(to 1.15)
- TAC-17483 [7.3.1] CVE: CVE-2022-36033 org.jsoup:jsoup:1.14.2 (to 1.15.3)
- TAC-17354 [7.3.1] CVE-2022-42003: Vulnerable library jackson-databind was found in TAC (fixed in org.talend.migration.nexus)
- TAC-17426 [7.3.1] CVE-2021-20293: Vulnerability was found in library RestEasy core version 4.5.10.Final
- TAC-17541 [7.3.1] Update CXF library to version 3.5.2
- TAC-17542 [7.3.1] CVE-2021-33813: Remove vulnerable jdom-1.1 from project
- TAC-17546 [7.3.1] CVE-2019-7611: Vulnerability found old in org.elasticsearch:elasticsearch 2.4.3
- TAC-17548 [7.3.1] CVE-2021-29425: Vulnerability found in commons-io version 2.6
- TAC-17549 [7.3.1] Vulnerability found in org.json:org.json:20120509 and org.json:json:20140107
- TAC-17543 [7.3.1] Update org.apache.jclouds:jclouds* to version 2.5.0
- TAC-17553 [7.3.1] Update Pax URL Aether
Deprecated items
From TPS-4913, below features are deprecated:
- Activity Monitoring Console(AMC)
- Publisher
- SVN for project storage