Skip to main content Skip to complementary content

R2024-09-RT (monthly release cumulative patch)

Info Value
Patch Name Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT
Release Date 2024-09-20
Target Version 20240524_1200-8.0.1.R2024-05-RT
Product affected Talend ESB Runtime

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2024-05-RT.

NOTE:

  • To download this patch, contact Talend Support.
  • Keeping Studio and Talend Runtime versions in sync is highly recommended. Using unaligned versions is a risk.

Prerequisites

Consider the following requirements for your system:

  • Talend ESB Runtime 8.0.1.R2024-05-RT must be installed. either as full build or by previously patching an older runtime with Patch-20240524_R2024-05_v1-RT-8.0.1.R2023-08-RT.zip. Installation of the present patch over an older Talend ESB runtime version is rejected. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime.

  • Depending on the product, {container} is Talend-ESB-V8.0.1.R2024-05-RT/container/ or Talend-Runtime-V8.0.1.R2024-05-RT/

For all inserted properties:

  • if property already present (commented or uncommented), won't insert
  • if property not already present, will backup related file in dir {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/backup/ and insert property

For all updated properties:

  • if property commented or not already present, won't update
  • if property already present, will backup related file in dir {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/backup/ and update property

If any change required, update value after patch execution.

Installation

Container

  • Start Runtime Container
  • Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch03.commands
│           patch.sh
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...
  • Ensure username/password are right in {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/patch.bat or {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/patch.sh

    ... -u {username} -p {password} -f patch.commands ... 
    
  • Execute {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/patch.bat or {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/patch.sh

  • Ensure directory {container}/patches/Patch_20240920_R2024-09_v1-RT-8.0.1.R2024-05-RT/logs contains new log files :
    • xxx-installation.log: patch installation log
    • xxx-init.log: state before patch installation
    • xxx-installed.log: state after patch installation
      Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
      You will need to restart the Runtime Container for changes to take effect.
      
Warning: JRE 11.0.20 or 17.0.8 may refuse to open JAR or other ZIP files from Talend ESB runtime or the patch
installer. They complain about invalid CEN headers. This is caused by an incompatibility with JARs and other ZIP
files created by commonly used Apache tools. It has been fixed with JRE 11.0.21 and 17.0.9, and you need to upgrade
your JRE to one of these or a newer version.
Warning: Some patches perform updates of the Bouncycastle libraries. This may lead to ssh connection errors
after patch when using Oracle jdk. A shutdown and restart of the Talend Runtime resolves the issue.
Warning: Patch 8.0.1.R2024-07-RT fixes a security issue with Talend ESB runtime SSH access:
If any of the system users "tadmin", "tesb", or "karaf" has the default password in "etc/users.properties", SSH access to the Talend ESB runtime is restricted to "127.0.0.1".
The corresponding property is "sshHost" in configuration "etc/org.apache.karaf.shell.cfg".
Warning: Patch 8.0.1.R2024-07-RT disables the usually unused jobserver monitoring port for security reasons:
If you are using the Talend ESB runtime with TAC and run DI jobs in the runtime and not in a separate standalone jobserver, you may get errors in TAC.
In this case, re-enable the jobserver monitoring port in "etc/org.talend.remote.jobserver.server.cfg".
Set "org.talend.remote.jobserver.server.TalendJobServer.ENABLE_MONITORING_PORT=true".
Warning: Patch 8.0.1.R2024-09-RT logs if any of the system users "tadmin", "tesb", or "karaf" has the default password in "etc/users.properties".
The warning is found in the log searching for "SECURITY WARNING" as log message prefix.
Warning: Patch 8.0.1.R2024-09-RT installation requires a manual restart of the Talend Runtime Container before deploying artifacts from the latest Talend Studio patch.

Notes

Bundle resolution errors

The updates are performed in three iterations. During the first and second iteration bundle resolution errors are showing up on the console and in the logs. This is expected, and these errors are resolved in the third iteration. The total patch process takes several minutes, but should not exceed 15 minutes depending on the number of features installed and the hardware.

Patching of libraries in lib/endorsed and lib/jdk9plus

When patching to version 8.0.1.R2024-09-RT, some JAR library files in directories {container}/lib/endorsed and {container}/lib/endorsed need to be updated. In order to complete patching, the runtime must be re-started after the patch has been applied.

Configuration changes

  • From patch 2023-12, the configuration key org.ops4j.pax.web.ssl.password is replaced by org.ops4j.pax.web.ssl.keystore.password (TPRUN-6883). Its default value is the environment or system variable TESBTLSKEYSTORE_PASSWORD. If org.ops4j.pax.web.ssl.password has been customized, org.ops4j.pax.web.ssl.keystore.password should be changed as well.
  • org.ops4j.pax.web.ssl.clientauthneeded is replaced by org.ops4j.pax.web.ssl.clientauth.needed

Security fix of the provisioning agent web application (TPRUN-8652)

When applied to a full Talend ESB installation, patch 8.0.1.R2024-09-RT copies an updated version of the provisioning agent web application into add-ons/provisioning with file name provisioning-agent-web-8.0.1.R2024-09-PT.war. This update ensures that profile name and version parameters are properly encoded when added to the lookup REST request and will not unexpectedly modify the URL. If in use, the provisiong agent web application should be updated.

R2024-09

Issues fixed in 2024-09

TPRUN

  • TPRUN-8527: Disable process message port in Runtime for JobServer by default
  • TPRUN-8552: Talend ESB runtime - CVE-2024-29736, CVE-2024-32007 in CXF 3.5.8
  • TPRUN-8565: Talend ESB runtime - setting JAXP 1.5 properties triggers exception
  • TPRUN-8550: Talend ESB runtime - improve warning for default passwords
  • TPRUN-8605: Integrate latest JobServer patch version 8.0.2.202408011412patch into ESB
  • TPRUN-8608: [8.0.1] Camel-cron not working on runtime
  • TPRUN-8616: Talend ESB runtime 8.0.1 - Add commons-collections 3 as default dependency
  • TPRUN-8621: CVE-2024-38808 - Update Spring to 5.3.39 in TESB runtime
  • TPRUN-8185: Runtime SSL Client Auth property name change (documentation)
  • TPRUN-8646: Talend ESB runtime 8.0.1 - update undertow to 2.2.34.Final
  • TPRUN-8652: TESB RT 8.0.1: Harden provisioning lookup request URL building

CVE fixed in 2024-09

CVE-2024-29736, CVE-2024-32007 CXF 3.5.8 -> 3.5.9 CVE-2024-38808 spring 5.3.37 -> 5.3.39 CVE-2024-5971 undertow 2.2.33.Final -> 2.2.34.Final

R2024-07

Issues fixed in 2024-07

TPRUN

  • TPRUN-6516: Provide JWT (JSON Web Token) Provider to STS service
  • TPRUN-8398: Talend ESB 8.0.1 RT - CVE updates from June 2024 Trivy scans
  • TPRUN-8483: Update <ESB-DIR>/add-ons/datasources/sap/README.txt
  • TPRUN-8522: Disable JobServer monitoring port in runtime
  • TPRUN-8523: Improve Talend ESB runtime security with default credentials - SSH access restriction to 127.0.0.1
  • TPRUN-8523: Improve Talend ESB runtime security with default credentials - default password warning at local shell startup

TDM

  • TDM-10732: [DSQL Map]Length of the EDI Interchange Control Number is not as expected
  • TDM-10761: [DSQL Map] Cobol input trimming does not remove special characters

CVE fixed in 2024-07

CVE-2024-6162, CVE-2024-27316 undertow 2.2.31.Final -> 2.2.33.Final CVE-2021-47621 classgraph 4.8.25 -> 4.8.112

R2024-06

Issues fixed in 2024-06

TPRUN

  • TPRUN-8231: Talend ESB runtime patching: Update feature file "specs" only if present
  • TPRUN-8280: CVE-2023-5685 - Update of xnio in Talend ESB runtime
  • TPRUN-8367: Talend ESB 8.0.1 RT - CVE-2024-37902 - update of djl api to 0.28.0

TDM

  • TDM-10763: The error when read copybooks in TDM
  • TDM-10856: NullPointerException using Flat Representation when log level is DEBUG
  • TDM-10878: When the “major” and “minor” attributes are added in tHMap the default namespace is not set in the generated XML
  • TDM-10896: install feature talend-data-mapper-eclipse on ESB runtime fails

CVE fixed in 2024-06

CVE-2023-5685 xnio 3.8.11.Final -> 3.8.14.Final CVE-2024-37902 ai.djl 0.21.0 -> 0.28.0

R2024-05

Issues fixed in 2024-05

TPRUN

  • TPRUN-7972: Unable to deploy Route which has SMB Protocol in Runtime
  • TPRUN-7514: Update of Talend ESB runtime Camel dependency to 3.20.9
  • TPRUN-7908: Fix apache transitive dependencies in tesb repo
  • TPRUN-8115: Integrate latest JobServer patch version 8.0.2.202405071504patch into ESB
  • TPRUN-8070: Feature dependency camel-google-storage/0.0.0 is not available
  • TPRUN-8138: Missing camel-zookeeper-master lib

TDM

  • TDM-9959: CSV writer doesnt generate default header
  • TDM-10554: Migrate DataFormatDateConverter from joda to java.time
  • TDM-10737: Update TDM maplang libraries to new version 1.12.0

CVE fixed in 2024-05

  • CVE-2024-28752 cxf 3.5.6 -> 3.5.8 (backport no longer required)
  • CVE-2024-22243 spring 5.2.24 -> 5.3.34 (syncope, full build only)
  • CVE-2022-22978 spring-security 5.3.13 -> 5.7.12 (syncope, full build only)
  • CVE-2023-20873 spring-boot 2.7.6 -> 2.7.18 (syncope, full build only)
  • CVE-2021-42575 owasp-java-html-sanitizer 20191001.1 -> 20211018.1 (syncope, full build only)
  • CVE-2022-46364 cxf 3.3.13 -> 3.5.8 (syncope, full build only)
  • CVE-2022-44729 batik-bridge 1.14 -> 1.31 (syncope, full build only)
  • CVE-2022-25857 snakeyaml 1.27 -> 1.33 (syncope, full build only)
  • CVE-2020-36518 ehcache 2.10.9.2 (embedded jackson-databind 2.11.1) removed (syncope, full build only)

For previous patches : see 2024-04 patch release notes

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!