Skip to main content Skip to complementary content
Qlik Resources
Announcements
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

R2025-09-RT (monthly release cumulative patch)

Info Value
Patch Name Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT
Release Date 2025-09-29
Target Version 20250221_1200-8.0.1.R2025-02-RT
Product affected Talend ESB Runtime

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2025-02-RT.

NOTE:

  • To download this patch, contact Talend Support.
  • Keeping Studio and Talend Runtime versions in sync is highly recommended. Using unaligned versions is a risk.

Prerequisites

This patch must be installed on top of Talend ESB Runtime version 8.0.1.R2025-02-RT (Camel 4) or later. The installation on an older Talend ESB Runtime version will be rejected. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime.

Installation

Depending on the product, {container} is Talend-ESB-V8.0.1.R2025-02-RT/container/ or Talend-Runtime-V8.0.1.R2025-02-RT/

For all inserted properties:

  • if property already present (commented or uncommented), won't insert
  • if property not already present, will backup related file in dir {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/backup/ and insert property

For all updated properties:

  • if property commented or not already present, won't update
  • if property already present, will backup related file in dir {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/backup/ and update property

If any change required, update value after patch execution.

Installation Steps

  • Start Runtime Container
  • Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch03.commands
│           patch.sh
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...

  • Ensure username/password are right in {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/patch.bat or {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/patch.sh

    ... -u {username} -p {password} -f patch.commands ...

  • Execute {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/patch.bat or {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/patch.sh

  • Ensure directory {container}/patches/Patch_20250929_R2025-09_v1-RT-8.0.1.R2025-02-RT/logs contains new log files :
    • xxx-installation.log: patch installation logs (one per restart)
    • xxx-init.log: state before patch installation
    • xxx-installed.log: state after patch installation 
      Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
You will need to restart the Runtime Container for changes to take effect.

Warning: JRE 17.0.8 may refuse to open JAR or other ZIP files from Talend ESB Runtime or the patch
installer. They complain about invalid CEN headers. This is caused by an incompatibility with JARs and other ZIP
files created by commonly used Apache tools. It has been fixed with 17.0.9, and you need to upgrade
your JRE to 17.0.9 or later.

Notes

Bundle resolution errors and patch process duration

The updates are performed in 2 iterations. During the first iteration, bundle resolution errors might show up in the console and logs. This is expected, as the errors are resolved in the second (final) iteration. The total patch process takes several minutes and depends on the number and nature of patch updates, the deployments present in the Talend ESB Runtime, and the system's hardware. The patch bundle restarts automatically multiple times, one log file is created at each restart. The estimate of remaining patch time is currently disabled by default as it causes issues with cxf update.

R2025-09

Issues fixed in 2025-09

DPE

  • DPE-550: Repair webconsole feature
  • DPE-1315: Talend ESB 8.0.1 Camel 4: Update pax-web to 11.0.x
  • DPE-1511: [Support][Talend Runtime] - Regression: cREST Component Returns XML as String Instead of JSON in Talend 8 Runtime
  • DPE-1704: Add missing bundle in camel-aws-bedrock feature
  • DPE-1753: Talend ESB 8.0.1 Camel 4: Security updates for 2025-09
  • DPE-1802: Integrate JobServer version 8.0.2.202509221354patch for FIPS support

TDM

  • QTDM-1331: [DSQL Map Editor] Unexpected result in a recursive map
  • QTDM-1398: [DSQL Map] Unexpected result for Test Run for an Element of Unrolled/Split Entries with the same key
  • QTDM-1421: Fail to parse cobol data with a structure containing Redefines_Choice without isPresent expressions

CVE fixed in 2025-09

CVE-2025-58057 netty 4.1.119.Final -> 4.1.127.Final CVE-2025-55163 netty 4.1.119.Final -> 4.1.127.Final CVE-2025-41242 spring 6.1.21 -> 6.2.10 CVE-2025-5115 jetty 12.0.23 -> 12.0.26 CVE-2025-58782 jackrabbit 2.20.17 -> 2.22.2 CVE-2025-48924 commons-lang3 2.17.0 -> 2.18.0 CVE-2025-7962 angus-mail 2.0.3 -> 2.0.4 CVE-2025-48976 commons-fileupload 1.5 -> 1.6.0 CVE-2025-53864 nimbus-jose-jwt 9.40 -> 10.4

Backported security fixes

CVE-2025-27636 camel-support 4.8.1.20250320 <- camel-support 4.8.5 CVE-2025-29891 camel-support 4.8.1.20250320 <- camel-support 4.8.5 CVE-2025-30177 camel-undertow 4.8.1.20250320 <- camel-undertow 4.8.6 CVE-2025-48795 cxf-core 4.1.0.2 <- cxf-core 4.1.1 CVE-2025-48913 cxf-rt-transports-jms 4.1.0.2 <- cxf-rt-transports-jms 4.1.3

R2025-08

Issues fixed in 2025-08

DPE

  • DPE-240: CFG file doesn't mask passwords and other sensitive data
  • DPE-1526: upgrade langchain4j for ai component.
  • DPE-1528: Issue with <oneway> tRestRequest component
  • DPE-1588: Talend ESB runtime: install reactor-core and reactive-streams by default
  • DPE-1596: [Support][Talend Runtime] - ESB Runtime Server problem with Minio connection
  • DPE-1628: cTextTemplate route failed to deploy to runtime
  • DPE-1630: ClassCastException: class CacheManagerPersistenceConfiguration cannot be cast to DefaultPersistenceConfiguration
  • DPE-1707: java.lang.ClassNotFoundException: org.apache.commons.lang.exception.NestableRuntimeException when SAM is checked on tRESTRequest

TDM

  • QTDM-1407: Update TDM maplang libraries to new version 1.16.0
  • QTDM-1316: Improve the behaviour when map output is recursive with csv representation

R2025-07

Issues fixed in 2025-07

DPE

  • DPE-1350: [Support][Talend Runtime] - Java.lang.ClassNotFoundException: io.micrometer.observation.ObservationConvention cannot be found by org.apache.servicemix.bundles.spring-web_6.1.14.1
  • DPE-1376: Issue with Camel 4 Salesforce option fallBackReplayId
  • DPE-1481: TESB RT 8.0.1 Camel 4: CVE fixes for R2025-07

CVE fixed in 2025-07

CVE-2025-52999 hazelcast 5.4.0 -> 5.5.0 (embedded Jackson core 2.14.2 -> 2.17.2) CVE-2025-49146 postgresql jdbc driver 42.7.4 -> 42.7.7 CVE-2024-1233 disable camel-elytron (deprecated for removal by camel) CVE-2025-53689 jackrabbit 2.20.9 -> 2.20.17, 2.22.0 -> 2.22.1

R2025-06

Issues fixed in 2025-06

DPE

  • DPE-1267: TESB RT 8.0.1 Camel 4: Add eclipse angus activation and mail to pre-installed bundles
  • DPE-1268: CVE fixes for R2025-06
  • DPE-1271: Fail to run deployed kar with cAzureServiceBus in runtime

TDM

  • QTDM-494: Replace old expression language in Avro schemas with DSEL
  • QTDM-561: [DSQL Map] JSONTokenerException occurs when doing a TestRun
  • QTDM-1301: JSON sax reader does not parse recursive data

CVE fixed in 2025-06

CVE-2025-48734: commons-beanutils 1.9.4 → 1.11.0

R2025-05

Issues fixed in 2025-05

DPE

  • DPE-795: Some features fail when trying to install them
  • DPE-1043: Patch installation gets stuck if runtime contains spaces in path
  • DPE-1160: TESB RT 8.0.1 Camel 4 - May 2025 security updates
  • DPE-1138: Technical preview of decanter with upgrade to Jakarta EE 10
  • DPE-1194: Missing classes for messaging components

TDM

  • QTDM-1305: Update TDM maplang libraries to new version 1.15.0

CVE fixed in 2025-05

CVE-2025-46762: parquet-avro 1.15.1 -> 1.15.2

R2025-04

Issues fixed in 2025-04

DPE

  • DPE-772: Talend ESB runtime 8.0.1 Camel 4: Check latest Camel and Karaf versions for updates to backport
  • DPE-1036: Patch Process - Bundle refreshes during feature refreshes indefinitely block FeaturesServiceImpl
  • DPE-1042: Circular dependency between tesb-security-common and talend-job-controller

TDM

  • QTDM-489: Remove support for Database Representation (Phase 2)
  • QTDM-93: Parser of the TDM expression language generates lot of errors

CVE fixed in 2025-04

CVE-2024-12369: wildfly-elytron 2.2.7.Final -> 2.2.10.Final CVE-2025-30065: parquet-avro 1.14.3 -> 1.15.1 CVE-2025-27427: artemis-server 2.37.0 -> 2.40.0 CVE-2025-30177: camel-undertow 4.8.1 -> 4.8.1.20250320 (backport of security fix from camel-undertow 4.8.6) CVE-2024-38821: servicemix spring-security 6.2.11 -> 6.2.71

R2025-03

Issues fixed in 2025-03

DPE

  • DPE-818: Talend ESB runtime 8.0.1 Camel 4: Hardening of XACML registry resource identifiers provided via REST request
  • DPE-852: Talend ESB 8.0.1 Camel 4 runtime: CVE-2025-27636: Backport fix to custom Camel 4.8.1
  • DPE-873: Issue deploying Route with Camel azure-storage-queue in R2025-02-RT
  • DPE-885: Talend ESB runtime 8.0.1 Camel 4: Update ActiveMQ to 6.1.6

TDM

  • QTDM-121: [DSQL Map] Inconsistency between JSON and XML results on a decimal value
  • QTDM-133: [DSQL Map] Avoid reporting the same error message twice
  • QTDM-351: CSVSaxReader must accept root schema
  • QTDM-382: Generate xsi namespace declaration no longer works for XML representation
  • QTDM-375: The generated XML can be invalid when we use the option 'omit group map entry/key/value on output'
  • QTDM-96: Remove support for JavaBean Representation (Phase 2)
  • QTDM-450: COBOL Reader default choice strategy may hide Structure errors
  • QTDM-413: [DSQL Map] Need functions getValueFromExternalMap and putValueToExternalMap
  • QTDM-471: Update TDM maplang libraries to new version 1.14.0

CVE fixed in 2025-03

CVE-2025-27636, CVE-2025-29891: camel-support 4.8.1.20240820 -> 4.8.1.20250310 (backport of security fix from camel-support 4.8.5) CVE-2025-25247: felix-webconsole 5.0.8 -> 5.0.10 CVE-2025-2240: smallrye-fault-tolerance 6.4.0 -> 6.9.0

R2025-02

Issues fixed in 2025-02

DPE

  • Upgrade to camel 4.8.1, java 17

TDM

  • QTDM-85: TDM cMap component migration to Camel 4
  • QTDM-257: Upgrade Hibernate to version depending on jakarta.xml.bind
  • QTDM-255: Upgrade Saxon library to 12.5
  • QTDM-285: Upgrade Saxon dependency from 9.9 to 12.5 in org.talend.transform.runtime.lib
  • QTDM-290: Remove joda-time dependency from Database Representation
  • QTDM-310: Add Map Group processing to XML Representation (output)
  • QTDM-75: Add Map Group processing to XML Representation (input)
  • QTDM-352: HashmapSaxReader must accept root schema
  • QTDM-321: the value of odtEdiControl.txt is increasing when ISA13 is mapped
  • QTDM-349: Hibernate version 6.x forces use of Java17. Move back to version 5
  • QTDM-334: Format is wrong when show sample for map group structure and check 'omit group map entry/key/value on input'

For previous patches : see 2025-01 patch release notes

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here