TPS-5531
Info | Value |
---|---|
Patch Name | Patch_20230814_TPS-5531_v1-8.0.1 |
Release Date | 2023-08-14 |
Target Version | 20211109_1610-V8.0.1 |
Product affected | Talend SAP RFC Server |
Introduction
This is a self-contained patch.
NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.
Fixed issues
This patch contains the following fixes:
TDI-46850 Upgrade ActiveMQ Jars (5.16.3)
TDI-46932 tSAPInput component parses TIMS Midnight as null when using dynamic schema
TDI-47241 CVE: log4j-api(core)-[2 - 2.15.0)
TDI-47325 Cannot create data source(SAP BW version 7.5)
TDI-47633 CVE: Replace log4j1.x by reload4j or upgrade to log4j2
TDI-47763 Assess Spring4Shell vulnerability
TDI-47861 CVE: tomcat-embed-core 9.0.30 have risk
TDI-47869 Authentication Bypass in Talend/tsap-rfc-server
TDI-47573 SAP RFC Server shouldn't be required when feature mode is mock
TDI-48107 CVE: gson-2.8.0.jar
TDI-48174 [CVE] : upgrade kafka-clients to 2.8.1
TDI-48471 Denial Of Service (DoS) in Talend/cloud-components (master)--snakeyaml 1.32
TDI-48726 Spring-beans: Denial Of Service (DoS) in Talend/tsap-rfc-server (master)---spring 5.3.23
TDI-48715 CVE-2022-42003,CVE-2022-42004, jackson-databind-2.13.2.2jar
TDI-48873 Upgrade slf4j to 1.7.34
TDI-48818 Kafka: Denial Of Service (DoS) in Talend/tsap-rfc-server, sap-api and cloud-components
TDI-48821 Apache common codec and Apache http client in Talend/talend-sap-api (master)
TDI-49303 Premium Data,commons-net:commons-net:(2.2,3.3,3.6,3.8.0)
TDI-49797 Access Restriction Bypass in Talend/tsap-rfc-server (master):org.springframework.boot:spring-boot-actuator-autoconfigure
TDI-50040 Security Bypass in Talend/tsap-rfc-server (master):spring-webmvc
TDI-50054 Remote Code Execution (RCE) in Talend/tsap-rfc-server (master)(kafka-clients:2.3.0-3.3.2)
TDI-50055 Denial Of Service (DoS) in Talend/tsap-rfc-server (master)( tomcat-embed-core:9.0.62)
Prerequisites
Consider the following requirements for your system:
- Talend SAP RFC Server 8.0.1 must be installed. and work with Talend Studio 8.0.1 with patch "R2021-12" or newer
Installation
Installing the patch using Talend SAP RFC Server
- Stop the Talend SAP RFC Server
- Extract the zip.
- Overwrite the {sap rfc server home}/tsap-rfc-server-8.0.1.jar
- Adjust the new configuration in {sap rfc server home}/conf/tsap-rfc-server.properties, please refer to README.md file in the patch root folder.
- Restart the Talend SAP RFC Server