Skip to main content Skip to complementary content

TPS-5626 (cumulative patch)

Info Value
Patch Name Patch_20241106_TPS-5626_v1
Release Date 2024-11-06
Target Version 20200219_1130-7.3.1
Product affected Talend MDM Server, Talend Studio

Introduction

This patch is cumulative. It includes all previous generally available patches for MDM 7.3.1

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-4253 [7.3.1] Not possible in 7.x to open a new MDM session in a new TAB when a "Entity Action Process" is running (TMDM-14741)
  • TMDM-14507 SOAP/REST API work unexpected when provide value for non-PK autoincrement fields
  • TMDM-14546 [REST]: PUT /data/{containerName}/query : order_by on a Foreign Key (FK) : result not sorted
  • TMDM-14458 Values displayed in Journal (Before / After) are not correct
  • TMDM-14593 No error log for bulk update in case of failure
  • TMDM-14625 Foreign Key Item not set to value entered in the Web UI
  • TMDM-14393 The order in which the tabs are displayed in the "Item Details" in the MDM Web UI changes sometimes
  • TMDM-14696 [REST] PUT query : sort on FK : empty value wrongly sorted
  • TMDM-14687 [REST] PUT query with multiple joins does not return correct value
  • TMDM-14743 Only 2 search operators : Is equal to / Is empty or null available when the Foreign Key has a "Custom Simple Type"
  • TMDM-14709 Deploy Data Model fails after Element removed : ORA-00904: "X_VERSION" : invalid identifier
  • TMDM-14711 DB Migration: migration tool not working
  • TMDM-14741 Not possible in 7.x to open a new MDM session in a new TAB when a "Entity Action Process" is running
  • TPS-4453 [7.3.1] Leading spaces "lost" when using the MDM Webui export (TMDM-14851)
  • TMDM-14745 Welcome page can't be displayed until 'Welcome Action process' finished
  • TMDM-14752 Session expired issue when logout then login
  • TMDM-14795 Deleting a foreign key causes MDM to raise an exception (Oracle DB)
  • TMDM-14573 [6.2.1,7.3.1] random error : Impossible to save itemAGROMIRCLIENT_DonnCom.22531No Support for type 'String3'
  • TMDM-14503 Job log file is not produced
  • TMDM-14851 Leading spaces "lost" when using the MDM Webui export
  • TPS-4440 [7.3.1] Error org.hibernate.QueryException: duplicate alias xx while fetching data from Data-Authoring (TMDM-14852)
  • TMDM-14850 Field with Visible Rule disappear / re-appear while entering values in other fields
  • TMDM-14793 During Migration leading spaces are removed
  • TMDM-14852 Error org.hibernate.QueryException: duplicate alias xx while fetching data from Data-Authoring
  • TPS-4596 [7.3.1] High Memory used by MDM Tomcat JVM when calling REST API PUT with "as of " (TMDM-14946)
  • TMDM-14878 tMDMoutput + Extended Output => com.amalto.core.save.MultiRecordsSaveException: Could not set value with class
  • TMDM-14910 Can't save record after adding occurrence using attached customer's datamodel
  • TMDM-14622 Error while importing data to MDM Server
  • TMDM-14802 MDM server takes a long time to start when no internet connection is available
  • TMDM-14946 [7.3.1] High Memory used by MDM Tomcat JVM when calling REST API PUT with "as of "
  • TPS-4681 [7.3.1] Search Filter with Where Condition / Operator=Join With fails with : Field 'xxx' isn't reachable from type 'yyy' (TMDM-15023)
  • TMDM-14976 Can't display FK value for the first time when filter a foreign key using entity fields
  • TMDM-15001 tMDMRestInput causes : ERROR A non-transactional (auto-commit) operation has an active transaction after operation completion
  • TMDM-15021 Search Filter using "join With" : no result returned while a result should be returned
  • TMDM-14967 MDM transactions remain open and cause errors
  • TMDM-15023 Search Filter with Where Condition / Operator=Join With fails with : Field 'xxx' isn't reachable from type 'yyy'
  • TPS-4770 [7.3.1] Portal Configuration / Widgets settings lost after logout / login (TMDM-15056)
  • TMDM-15050 Unable to view records with attached data model on DA since query json is generated incorrectly
  • TMDM-15056 Portal Configuration / Widgets settings lost after logout / login
  • TPS-4854 [7.3.1] Logout generate URLs with double slash (//) causing issue when MDM server accessed using reverse proxy combined with SiteMider (TMDM-15103)
  • TMDM-15103 Logout generate URLs with double slash (//) causing issue when MDM server accessed using reverse proxy combined with SiteMider
  • TPS-4992 [7.3.1] Provide in 7.x a method to update Read-only fields in Before-Saving process as it was possible in 6.5 (TMDM-14579)
  • TMDM-15082 Vulnerability found in jackson-databind libraries
  • TMDM-15089 Vulnerability found in spring-boot lib
  • TMDM-15094 Ignore Bonita from security scans - 7.3
  • TMDM-15132 BeanUtils upgrade
  • TMDM-15133 activemq-client upgrade
  • TMDM-15119 json-lib lib upgrade
  • TMDM-15120 Spring Security Web lib upgrade
  • TMDM-15100 Remove and replace MD5
  • TMDM-15169 [CVE] - Upgrade xstream to 1.4.18
  • TMDM-15060 ClassNotFoundException: org.apache.log4j.RollingFileAppender
  • TMDM-15174 Error when deploying a new version of Data Model : HHH000388: Unsuccessful: alter table xxx add constraint FKyyy foreign key (xcontactsxtalendid) references XANONYMOUS9
  • TMDM-15156 [CVE] - Upgrade Outdated Jackson Library for MDM
  • TMDM-15159 [CVE] - Upgrade Outdated HttpClient Library for MDM
  • TMDM-15162 [CVE] - Upgrade Outdated Bouncy Castle Encrypt Library for MDM
  • TMDM-15169 [CVE] - Fix high RIsk security issues on MDM 7.3
  • TMDM-15157 [CVE] - Upgrade Outdated Apache Library for MDM
  • TMDM-15189 [CVE] - Update Spring on MDM
  • TMDM-15190 [CVE] - Update Apache CXF on MDM
  • TMDM-15181 Improper Neutralization of Special Elements used in an SQL Command
  • TMDM-14579 Provide in 7.x a method to update Read-only fields in Before-Saving process as it was possible in 6.5
  • TPS-5019 [7.3.1] Workflow working in 7.1.1 fails in 7.3.1 : The technical user is not a usable user (TMDM-15193)
  • TMDM-15194 Update Jackson version to 1.9.16-TALEND
  • TMDM-15176 [CVE] - Replace outdated commons-httpclient with Apache HttpClient in MDM
  • TMDM-15197 [CVE] - Update Dom4j, HazelCast and H2 on MDM 7.3 - partial dom4j fix
  • TMDM-15199 Log4j CVE-2021-44228 evaluation in MDM
  • TMDM-15193 Workflow working in 7.1.1 fails in 7.3.1 : The technical user is not a usable user
  • TPS-5077 [7.3.1] Log4j2 CVE-2021-45105 DOS attack Fix - Version(2.17.1 update)(TMDM-15206)
  • TMDM-15197 [CVE] - Update Dom4j, HazelCast and H2 on MDM 7.3 - complete dom4j fix
  • TMDM-15207 [DA] Clean packaging to remove undue log4j-core lib - Logback1.2.9 CVE-2021-42550 (Moderate)
  • TMDM-15206 MDM - Log4j2 CVE-2021-45105/ CVE-2021-44832(Moderate) DOS attack Fix - Version(2.17.1 update)
  • TPS-5094 [7.3.1] libraries added in ZIP file deployed to MDM server and in jobox/work (TMDM-15217)
  • TMDM-15210 Chore: Remove remaining log4j1 from maven build
  • TMDM-15201 [CVE] - Update H2 version to 2.1.210 on MDM
  • TMDM-15217 libraries added in ZIP file deployed to MDM server and in jobox/work
  • TPS-5147 [7.3.1] ERROR User 'xx' is not allowed to perform following operation(s): update field ... (TMDM-15221)
  • TMDM-15085 Improper Neutralization of Directives in Dynamically Eval Code
  • TMDM-15182 Improper Restriction of XML External Entity Reference
  • TMDM-15220 [CVE] Upgrade xercesImpl to 2.12.2
  • TMDM-15221 ERROR User 'xx' is not allowed to perform following operation(s): update field ...
  • TPS-5154 [7.3.1] [CVE - 2022-22965] - Update Spring on MDM/Data Authoring (TMDM-15248)
  • TMDM-15226 Avoid security issue from SQL Injection
  • TMDM-15203 [CVE] - Upgrade commons-io version to 2.7 reported in dependabot
  • TMDM-15229 [CVE] - Update XStream Core to 1.4.19
  • TMDM-15227 [CVE] - Hazelcast upgrade
  • TMDM-15232 Upgrade Liquibase version to 3.8.9
  • TMDM-15233 (7.3)[CVE] - Update Apache Ant Core to 1.10.12
  • TMDM-15231 [CVE] commons-fileupload
  • TMDM-15234 [CVE] - Update to Swagger and Guava stable release
  • TMDM-15236 [CVE] Log entry injection in Spring Framework
  • TMDM-15238 [CVE] - Liquibase upgrade
  • TMDM-11353 Issues of 'Contains the sentence'
  • TMDM-15234 return expected response for invalid request body
  • TMDM-11556 Logon mdm server with role does not exist, click to "return to login screen" will show 404 error
  • TMDM-15248 [CVE - 2022-22965] - Update Spring on MDM/Data Authoring
  • TPS-5184 [7.3.1] JSON returned by MDM REST API is not correct : can't parse JSON. (TMDM-15249)
  • TMDM-15249 JSON returned by MDM REST API is not correct : can't parse JSON.
  • TPS-5229 [7.3.1] [CVE-2022-22968] - Update Spring Libraries on MDM/Data Authoring (TMDM-15266)
  • TMDM-15163 [CVE] - Upgrade Outdated eclipse plugin Library for MDM
  • TMDM-15239 [CVE] - Upgrade Outdated Jackson Library for MDM
  • TMDM-15241 [CVE] - Update outdated Jansi to 2.4.0
  • TMDM-15268 [CVE] - Update Apache CXF on MDM_Backup
  • TMDM-15244 Error java.lang.ArrayIndexOutOfBoundsException: Index 2 out of bounds for length 2 when deploying new version of Data Model
  • TMDM-15266 [CVE-2022-22968] - Update Spring Libraries on MDM
  • TPS-5246 [7.3.1] [CVE-2022-22976] - Update Spring security libraries on MDM/Data Authoring(TMDM-15275)
  • TMDM-15269 [CVE-2022-25647] Update outdated gson on MDM
  • TMDM-15270 [CVE] - Upgrade Outdated ActiveMQ Library for MDM
  • TMDM-15264 Some data is lost after restart MDM Server
  • TMDM-15272 [CVE-2022-22970] - Update Spring Beans on MDM
  • TMDM-15275 [CVE-2022-22976] - Update Spring security libraries on MDM/Data Authoring
  • TPS-5287 [7.3.1] Created record can not be associated to primary record due to its foreign key filter's constraint (TMDM-15293)
  • TMDM-15277 Remove retired Atom Dependencies(abdera)
  • TMDM-15278 [CVE] - Update Restlet on MDM
  • TMDM-15281 [CVE] - Update Talend commons.model
  • TMDM-15282 [CVE] - Upgrade dependency of scim-common
  • TMDM-15290 Job inserting records using tMDMBulkLoad : several executions do not insert the same number of records
  • TMDM-15295 [CVE-2018-10054] - Update H2 for MDM
  • TMDM-15293 Created record can not be associated to primary record due to its foreign key filter's constraint
  • TPS-5309 [7.3.1] [CVE] - Update Spring Boot libraries (TMDM-15301)
  • TMDM-15305 [CVE-2022-33980] - Update Apache Commons Configuration on Data Authoring
  • TMDM-15304 [CVE] - Fix XXE Vulnerabilities In MDM
  • TMDM-15312 [CVE-2022-34169] - Fix CVE issues against Xalan
  • TMDM-15288 [CVE] upgrade MapStruct for DA (#627)
  • TMDM-15310 Upgrade commons-configuration:commons-configuration and org.apache.commons:commons-configuration2 to 2.8.0
  • TMDM-15311 [CVE-2018-8088] - Update Log4j2(2.18.0)
  • TMDM-15320 MDM connecting to TDS with user/password contains special characters failed
  • TMDM-15301 [CVE] - Update Spring Boot libraries
  • TPS-5330 [7.3.1] after delete the element, cannot deploy MDM model from studio (TMDM-15317)
  • TMDM-15314 [CVE-2022-24329] - Update hazelcast(5.1.3)
  • TMDM-15315 [CVE] - Update liquibase(4.15.0)
  • TMDM-15317 after delete the element, cannot deploy MDM model from studio
  • TPS-5349 [7.3.1] Talend MDM MDM Job with tSOAP fails with error : Provider com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnectionFactory not found when MDM server is using Java 11 (TMDM-15335)
  • TMDM-15326 Boolean value of subscription.engine.autostart parsed incorrectly
  • TMDM-15303 Doesn't work to log SQL statements with their parameters
  • TMDM-15335 MDM Job with tSOAP fails with error : Provider com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnectionFactory not found when MDM server is using Java 11
  • TPS-5361 [7.3.1] Entity process not fully executed - all triggers failed (TMDM-15348)
  • TMDM-15344 [CVE] - Update SnakeYAML
  • TMDM-15345 [CVE] - Update Jackson Libraries
  • TMDM-15348 [7.3.1] Entity process not fully executed - all triggers failed
  • TPS-5382 [7.3.1] [CVE] - Update commons-text (TMDM-15365)
  • TMDM-15353 [CVE-2013-4221] - Update Restlet
  • TMDM-15354 [CVE-2022-40149] - Update Jettison
  • TMDM-15366 [CVE] - Update woodstox-core from 6.2.6 to 6.4.0
  • TMDM-15376 [CVE-2022-31692] - Update spring-security for MDM/DA
  • TMDM-15362 Redeploy workflow with error "File element in parameter 'null' already exists"
  • TMDM-15365 [CVE] - Update commons-text
  • TPS-5432 [7.3.1] [CVE] - Update or Replace SnakeYAML (TMDM-15382)
  • TMDM-15361 [CVE-2022-42003] - Update outdated Jackson on MDM
  • TMDM-15383 [CVE] - Update Apache CXF on MDM
  • TMDM-15384 [CVE] - Update Apache POI on MDM
  • TMDM-15385 [CVE] - Update Jettison on MDM
  • TMDM-15357 [CVE] - Update XStream Core
  • TMDM-15390 Export/Import function not work
  • TMDM-15388 [CVE] Replace commons-httpclient with Apache HttpClient5 in MDM
  • TMDM-15386 [CVE] - Update Apache Log4J on MDM
  • TMDM-15402 [CVE] - Update Gson on MDM/DA
  • TMDM-15401 [CVE] - Update Spring Web on MDM
  • TMDM-15382 [CVE] - Update or Replace SnakeYAML
  • TPS-5478 [7.3.1] ehcache exception in Talend MDM (TMDM-15380)
  • TMDM-15420 Json:20210307 | CVE-2022-45688
  • TMDM-15412 [CVE] Improper Restriction of XML External Entity Reference
  • TMDM-15422 commons-fileupload:1.4 | CVE-2023-24998
  • TMDM-15380 Fix ehcache issue when startup MDM
  • TPS-5532 [7.3.1] Upgrade Spring version (TMDM-15459)
  • TMDM-15436 jettison:1.5.3 | CVE-2023-1436
  • TMDM-15440 json-smart:2.4.8 | CVE-2023-1370
  • TMDM-15437 spring-expression:5.3.25 | CVE-2023-20861
  • TMDM-15450 Findings in: spring-security-web:5.8.1
  • update guava to 32.0.1-jre
  • update hazelcast version to fix CVE issue
  • TMDM-15403 Update H2 on MDM2.2.220
  • TMDM-15459 Upgrade Spring version
  • TPS-5537 [7.3.1] spring-boot-autoconfigure:1.5.22.RELEASE| CVE-2023-20883 (TMDM-15459)
  • TMDM-15459 spring-boot-autoconfigure:1.5.22.RELEASE| CVE-2023-20883 (TMDM-15459)
  • TPS-5560 [7.3.1] Error "The statement failed due to arithmetic overflow when sending data stream." when try to delete an item (TMDM-15481)
  • TMDM-15482 Consolidate on one version for package aspectjweaver
  • TMDM-15483 Consolidate on one version for package commons-io
  • TMDM-15484 Consolidate on one version for package joda-time
  • TMDM-15498 Error occurred while issuing audit event
  • TMDM-15481 Error "The statement failed due to arithmetic overflow when sending data stream." when try to delete an item
  • TPS-5626 [7.3.1] Fix security issues
  • TMDM-15503 Json:20230227 | CVE-2023-5072
  • TMDM-15499 avro:1.10.2 | CVE-2023-39410
  • TMDM-15518 activemq-client:5.16.5 | CVE-2023-46604
  • TMDM-15545 spring-boot:2.7.14 | CVE-2023-34055
  • TMDM-15574 commons-compress:1.21 | CVE-2024-26308
  • TMDM-15588 Findings in: spring-web:5.3.31
  • TMDM-15597 spring-security-core:5.8.10 | CVE-2024-22257
  • TMDM-15617 CVE-2024-28752 org.apache.cxf:cxf-core 3.5.5
  • TMDM-15591 spring-web:5.3.32 | CVE-2016-1000027
  • TMDM-15617 CVE-2024-28752 org.apache.cxf:cxf-core 3.5.5
  • TMDM-15540 [DA]logback-classic:1.2.11 | CVE-2023-6378
  • TMDM-15619 [DA]Critical CVE issue with dom4j-1.6.1.jar
  • TMDM-15620 Critical CVE issue with maven-core-3.0.jar

Prerequisites

Consider the following requirements for your system:

  • Talend Studio 7.3.1 must be installed.
  • Talend MDM Server 7.3.1 must be installed.

Installation

PATCH INSTALLATION NOTES FOR TALEND MDM SERVER 7.3.x

PRE-INSTALLATION

  • Stop the MDM server
  • Stop the bonita server
  • Create a patch directory (eg: C:\MDM_Patch)
  • Unzip patch file you receive from support into this directory
  • Create a backup directory (eg: C:\MDM_Backup)

WEB APPLICATION REPLACEMENT

  • Copy folder <MDM_SERVER_HOME>/apache-tomcat/webapps/talendmdm into the backup directory (DO NOT place talendmdm backup folder into webapps directory)
  • In <MDM_SERVER_HOME>/apache-tomcat/webapps/ directory, remove the previous talendmdm folder, then copy the talendmdm folder unzipped above and paste in the current directory
  • Copy folder <MDM_SERVER_HOME>/apache-tomcat/webapps/data-authoring-proxy into the backup directory (DO NOT place data-authoring-proxy backup folder into webapps directory)
  • In <MDM_SERVER_HOME>/apache-tomcat/webapps/ directory, remove the previous data-authoring-proxy folder, then copy the data-authoring-proxy folder unzipped above and paste in the current directory
  • Copy folder <MDM_SERVER_HOME>/apache-tomcat/webapps/ROOT into the backup directory (DO NOT place ROOT backup folder into webapps directory)
  • In <MDM_SERVER_HOME>/apache-tomcat/webapps/ directory, remove the previous ROOT folder, then copy the ROOT folder unzipped above and paste in the current directory
  • Copy folder <MDM_SERVER_HOME>/tools/dbmigration into the backup directory
  • In <MDM_SERVER_HOME>/tools/ directory, remove the previous dbmigration folder, then copy the dbmigration folder unzipped above and paste in the current directory
  • Move file <MDM_SERVER_HOME>/conf/log4j-jobox.properties into the backup directory (or delete it)
  • Copy file conf/log4j-jobox.xml contained in patch directory into <MDM_SERVER_HOME>/conf
  • Move file <MDM_SERVER_HOME>/conf/log4j.xml into the backup directory (or delete it)
  • Copy file conf/log4j2.xml contained in patch directory into <MDM_SERVER_HOME>/conf
  • Set JVM parameter with -Dcom.talend.mdm.disableSpringSchemaValidation=true to disable spring schema validation (optional)
  • Copy folder <BONITA_SERVER_HOME>/server/webapps/bonita into the backup directory
  • Copy folder bonita contained in patch directory to <BONITA_SERVER_HOME>/server/webapps (Override bonita-tenant-community.xml and org.talend.mdm.bonita.server-7.3.1.jar)
  • Add the following configurations into <MDM_SERVER_HOME>/conf/audit.properties
    • backend=LOG4J2
    • appender.http.async=true
  • H2 database
    • Install new MDM 7.3.1 with clean H2 database to apply the patch.
    • Replace connection-url of H2 in <MDM_SERVER_HOME>/conf/datasouces.xml by <connection-url>jdbc:h2:$MDM_HOME/data/h2-Default/$DB_NAME;DB_CLOSE_ON_EXIT=FALSE</connection-url>(Windows)
    • Do migration from old mdm server.

POST-INSTALLATION

  • Restart the MDM server
  • Restart the bonita server
  • Clear browser cache on clients

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!