TPS-5555 (cumulative patch)
Info | Value |
---|---|
Patch Name | Patch_20240719_TPS-5555_v1-8.0.1 |
Release Date | 2024-07-19 |
Target Version | 20211109_1610-V8.0.1 |
Product affected | Talend Administration Center |
Introduction
This patch is cumulative. It includes all previous generally available patches for Talend Administration Center 8.0.1.
NOTE: To download this patch, liaise with your Support contact at Talend.
Prerequisites
Consider the following requirements for your system:
- Talend Administration Center 8.0.1 must be installed.
- Launching TAC requires Java 17, and Tomcat 10.1 or greater.
Installation
- Log in to TAC and switch to Configuration-> Software Update, then enter the correct values and save. Follow the procedure described in the documentation: https://help.talend.com/r/en-US/8.0/installation-guide-big-data-linux/config-update-repo
- Switch to Software update page, where the new patch will be listed. The patch can be downloaded from here into the nexus repository.
- Login to local Nexus, and download the patch file.
- Stop all TAC instances. Repeat the following steps for each instance.
- Please backup your database (if you meet issues with new patch, you can change to old one with this backup)
- Create a patch directory (eg:
<Talend>
/TAC_Patch). - Unzip patch file you received from support into this directory, then unzip the org.talend.administrator.war file as org.talend.administrator folder. (Note: Please rename org.talend.administrator-8.0.1.war if your old TAC application folder has a different name. Set the same name as your old TAC application name.)
- Create a backup directory (eg:
<Talend>
/TAC_Backup). - Copy folder
<Tomcat>
/webapps/org.talend.administrator into the backup directory. DO NOT place org.talend.administrator backup folder into webapps directory. - In
<Tomcat>
/webapps/ directory, remove the previous org.talend.administrator folder, then copy the org.talend.administrator folder unzipped at step 6 and paste in the current directory. Restore TAC configuration by replacing
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties and quartz.properties with the same files that are stored in your backup directory.Note:
- Make sure that no other instances of TAC webapp are deployed into Tomcat's webapps folder. Make sure your TAC backup folder has NOT been stored in
<Tomcat>
/webapps folder. - Restore DB driver by copying driver to
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/lib (available in backup directory<Talend>
/TAC_Backup). - If your TAC database is H2 db and embedded in TAC web folder (
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/database by default), don't forget to restore H2 db by replacing this folder with the exact corresponding folder from your backup directory. - H2 version in this patch is updated due to security reasons. To migrate to new version of H2, please follow the documentation: https://help.talend.com/r/en-US/8.0/migration-upgrade-guide-big-data/upgrading-the-h2-database-after-changing-h2-driver-to-21210 .
- If your TAC works with SSO, you should restore the IDP Metadata file (
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/IDPMetadata.xml) from your backup directory. - After the step 9, log4j 1.x libraries should have been removed from the folder:
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/lib.
- Make sure that no other instances of TAC webapp are deployed into Tomcat's webapps folder. Make sure your TAC backup folder has NOT been stored in
Restart TAC.
Note:
- It's recommended to clear browser cache after TAC patch has been applied.
- Log4j CVE-2021-44228 & CVE-2021-45046 fixed on Patch_20211223_TPS-5053_v1: please rebuild the jobs with latest Studio patch.
- New LDAP connection timeout parameter:
ldap.config.timeout
. You can change it by editing the value of the ldap.config.timeout property in milliseconds in the database configuration table. - In case of patch rollback, only the backup database can be used
TPS-5555
CVEs fixed in TPS-5555
- TAC-19443 [8.0.1] update ESB version to 8.0.1.R2024-05-RT
Other issues fixed in TPS-5555
- TAC-19059 [8.0.1] Deadlock and stale status for jobs in case of short db outage
- TAC-19517 [8.0.1] TAC Unable to connect to Azure Devops Git : Any SSH session using SSH-RSA is subject to brown out : remote: ERRORSSHUNSUPPORTED_CIPHER (7)
- TAC-17397 [8.0.1] Retry mechanism needed when "use latest version" is facing random nexus api failure 500: "Asset search returned no results"
- TAC-18907 [8.0.1] Remove the parameter of scheduler.conf.resetTaskStatus.maxDurationsOnEmptyLog & scheduler.conf.resetPlanStatus.maxDurationsOnIdlePlan
- TAC-19026 [8.0.1] Change log level WARN to debug
- TAC-19536 [8.0.1] Real-Time Statistics data not displaying after upgrading to R2024-05
- TAC-19547 [8.0.1] Error number: For input string in TAC using LDAPS
- TAC-19594 [8.0.1] Keep context parameter open delete plan by metaservlet and refresh context parameter will throw 500 error
- TAC-19601 [8.0.1] guide link not valid any more
- TAC-19614 [8.0.1] It should not limit tomcat path as log path
- TAC-19519 [8.0.1] TAC menu - Dynamic Links not responding to click
- TAC-19585 [8.0.1] Fix typo "DEBUG SSOUtils - Remove SSO initlizaiton info from TAC"
TPS-5554
CVEs fixed in TPS-5554
- TAC-19325 [8.0.1] spring-web:6.1.5 | CVE-2024-22262
Other issues fixed in TPS-5554
- TAC-19368 [8.0.1] Password available in clear text HTTPS responses
- TAC-19340 [8.0.1] Jobs stuck in requesting run state for more than 30+ mins
- TAC-19405 [8.0.1] Undefined context variables printed when using tContextDump
- TAC-15465 [8.0.1] Switch database password digest mechanism to a more secure algorithm
- TAC-17827 [8.0.1] File trigger does not work at the first time
- TAC-18747 [8.0.1] Statistics field is reset to enable each time a job is chosen from nexus browser on job conductor
- TAC-19063 [8.0.1] Weak user passwords should not effect on runtime password
- TAC-19085 [8.0.1] support for postgres 16 database
- TAC-19095 [8.0.1] Possible further improvement regarding handling Execution task state recovering failed
- TAC-19370 [8.0.1] Security issues Configuration page
- TAC-19409 [8.0.1] Jar file org.talend.administrator.metrics-1.0-SNAPSHOT.jar should rename
- TAC-19429 [8.0.1] Context parameters in plan A are reset and impacted by deleting a different plan B
- TAC-19458 [8.0.1] Add update version failed on studio patch when the network down
- TAC-19512 [8.0.1] Trigger context fileName, filePath and folderPath not passed to the job when set more than two custom value empty
- TAC-19586 [8.0.1] Improve validation of log path
TPS-5553
CVEs fixed in TPS-5553
- TAC-19377 [8.0.1] xmlsec:2.2.3 | CVE-2023-44483
- TAC-19009 [8.0.1] Update syncope libraries to 2.1.14.1
Other issues fixed in TPS-5553
- TAC-18280 [8.0.1] Compile and run TAC with Java 17/Tomcat 10.1
- TAC-15464 [8.0.1] Switch digest mechanism for "database.config.password"
- TAC-19116 [8.0.1] TAC to support Cyberark Vault and update for Citi requirements
- TAC-19146 [8.0.1] Manage studio patch from tac by online url and customer url
- TAC-19147 [8.0.1] Notification for studio patch that mange by tac
- TAC-19250 [8.0.1] Problem Subject TAC Email notification not working
- TAC-19309 [8.0.1] Reload TAC show Refresh Failed: 500 error
- TAC-19027 [8.0.1] Audit log does not support to change file name format
- TAC-19224 [8.0.1] TAC support for Debian 12
- TAC-19327 [8.0.1] TAC support for Aurora 3
- TAC-19417 [8.0.1] Basic authentication type of esb config display error
TPS-5552
CVEs fixed in TPS-5552
- TAC-19106 [8.0.1] commons-compress:1.21 | CVE-2024-26308
Other issues fixed in TPS-5552
- TAC-19121 [8.0.1] metaservlet updateTask method do upsert instead of update
- TAC-19180 [8.0.1] Deployment fails with "java.lang.ArithmeticException: / by zero"
- TAC-19039 [8.0.1] transfer libraries from nexus2 to nexus3 failed
- TAC-19162 [8.0.1] key rotation called in an infinite loop
- TAC-15740 [8.0.1] Use SHA instead of MD5 when checking checksums
- TAC-19185 [8.0.1] Fix missing charset issues
TPS-5551
CVEs fixed in TPS-5551
- TAC-19075 [8.0.1] json-path:2.8.0 | CVE-2023-51074
- TAC-19071 [8.0.1] CVE-2020-11979: Vulnerability reported by org.apache.ant:ant:1.9.12
Other issues fixed in TPS-5551
- TAC-18761 [8.0.1] evaluate support for oracle 23c database
- TAC-19094 [8.0.1] value of context variable type=password provided as "Custom value" visible in technical.log when task launched using metaservlet
- TAC-19109 [8.0.1] memory leak in TaskListenerRegister
- TAC-18341 [8.0.1] improve TAC download logs feature (includes additional logs)
- TAC-18802 [8.0.1] Automatic pause and resume of tasks during the start tomcat
- TAC-18862 [8.0.1] TAC Error occurred when Listening statistics on socket localhost: null"
- TAC-18958 [8.0.1] Support Nexus version 3.65
- TAC-19074 [8.0.1] on the db config page click "Import parameters" button then appears "Driver is required to check connection"
- TAC-19090 [8.0.1] Move to cloud splash screen points to an invalid community link
- TAC-19126 [8.0.1] Update JFrog Artifactory 7.77.5
- TAC-18560 [8.0.1] Set WARN EncryptionHandler to debug level
- TAC-19028 [8.0.1] Upgrade apk-signer version
TPS-5550
CVEs fixed in TPS-5550
- TAC-19004 [8.0.1] Findings in: commons-collections:3.2.1
- TAC-19013 [8.0.1] CVE-2023-26119: HtmlUnit Code Injection vulnerability
Other issues fixed in TPS-5550
- TAC-19057 [8.0.1] the NULL value for jobscriptarchivefilename in executiontask in Postgresql db causing NPE for task running
- TAC-18427 [8.0.1] Metaservlet API to get the status of the current jobserver
- TAC-19048 [8.0.1] TAC technical log flooded with error messages for GeneratedProcessHelper class
- TAC-19060 [8.0.1] Increase connect token service time out
- TAC-18758 [8.0.1] TAC Support for Amazon linux 2023
- TAC-18937 [8.0.1] Red icon for LDAP "group title" when UseLDAPAuthentication = false
- TAC-18987 [8.0.1] Audit log only generates the first login record
TPS-5549
CVEs fixed in TPS-5549
- TAC-18910 [8.1.0] CVE-2023-33265: Vulnerability reported by trivy com.hazelcast:hazelcast v.3.12.6
Other issues fixed in TPS-5549
- TAC-18911 [8.0.1] No Connection Stats shown for TDS & TDP
- TAC-18229 [8.0.1] Random issue: fields in configuration page become read-only
- TAC-18785 [8.0.1] Under Settings->Configuration-> Software Update, 3 errors was shown in titile but only one "Unable to locate repository with the provided id (name)." was pointed out for user.
- TAC-18545 [8.0.1] Metaservlet command to stop execution plan
- TAC-18782 [8.0.1] Improve logs and error message for some typical exception cases, and JobServer connection reliability
- TAC-18787 [8.0.1] "Real time statistics" dialog was still shown even the user logged out.
- TAC-18808 [8.0.1] Need to check what jars we can exclude from idp/plugins/org.talend.sso.idp*.jar
- TAC-18814 [8.0.1] Viewing exec log from JobConductor page uses more time and memory
- TAC-18859 [8.0.1] The password to connect to TAC from studio should support special characters
- TAC-18705 [8.0.1] Remove the redundant buttons under LADP configuration
- TAC-18922 [8.0.1] The db config page does not show the "Reload from file" and "Import parameters" buttons after patching to TPS-5428 and later
- TAC-17959 [8.0.1] Deploy tac throw The value can't be decrypted javax.crypto.BadPaddingException: pad block corrupted
TPS-5498
CVEs fixed in TPS-5498
- TAC-18738 [8.0.1] CVE-2023-4586: Vulnerability reported by trivy io.netty:netty-handler v.4.1.84.Final
- TAC-18741 [8.0.1] CVE-2022-45868: Vulnerability reported by trivy com.h2database:h2 v.2.1.214
- TAC-18733 [8.0.1] CVE-2023-4759: Vulnerability reported by trivy org.eclipse.jgit:org.eclipse.jgit v.5.6.1.202002131546-r
Other issues fixed in TPS-5498
- TAC-18830 [8.0.1] LDAP configuration failed with Error number: ERR04122SSLCONTEXTINIT_FAILURE Failed to initialize the SSL context)
- TAC-18809 [8.0.1] realtime.cache.size specified in configuration.properties not taken into account
- TAC-18550 [8.0.1] Contexts will not decrypted or encrypted when default or original value is NULL
- TAC-18836 [8.0.1] Create executionId in TAC and pass it to jobserver
- TAC-18840 [8.0.1] java.util.zip.ZipException: zip END header not found - Warning publisher is removed, this task is created from publisher
- TAC-18845 [8.0.1] It is possible to create a PLAN that will stay running forever without any error returned
- TAC-14369 [8.0.1] TAC begins to hang / frozen
- TAC-18814 [8.0.1] Viewing exec log from JobConductor page uses more time and memory
- TAC-18312 [8.0.1] Metaservlet for remove user/group authorization from project
- TAC-18787 [8.0.1] "Real time statistics" dialog was still shown even the user logged out.
TPS-5497
CVEs fixed in TPS-5497
- TAC-18735 [8.0.1] CVE-2023-44483: Vulnerability reported by trivy org.apache.santuario:xmlsec v.2.2.3
- TAC-18737 [8.0.1] CVE-2023-39410: Vulnerability reported by trivy org.apache.avro:avro v.1.10.2
- TAC-18736 [8.0.1] CVE-2023-44981: Vulnerability reported by trivy org.apache.zookeeper:zookeeper v.3.5.8
- TAC-18732 [8.0.1] CVE-2023-5072: Vulnerability reported by trivy org.json:json v.20230227
- TAC-18734 [8.0.1] CVE-2023-41900: Vulnerability reported by trivy org.eclipse.jetty:jetty-util v.9.4.48.v20220622
Other issues fixed in TPS-5497
- TAC-18569 [8.0.1] misleading example in configuration.properties JobServerClient.conf.timeout=30000
- TAC-18488 [8.0.1] Authentication ldap user failed 5 days before expiration
- TAC-18705 [8.0.1] Remove the redundant buttons under LADP configuration
- TAC-18535 [8.0.1] Stop TAC connecting to unused ESB Infrastructure Services
- TAC-18520 [8.0.1] Trim value of 'Runtime server username'
- TAC-18570 [8.0.1] hide h2console URL from TAC>Configuration page
- TAC-18777 [8.0.1] 500 error while fill the group id in select artifact reprository
- TAC-18543 [8.0.1] A designer/viewer user authorized with a project accesses project authorization result in 'The text data type cannot be selected as DISTINCT because it is not comparable.'
- TAC-18771 [8.0.1] Execution plan will always stay loading when more than one person resuming plans
TPS-5496
CVEs fixed in TPS-5496
- TAC-18596 [8.0.1] Redundant dependency opencsv-1.8_patched found in TAC
- TAC-18597 [8.0.1] CVE-2023-34610: com.cedarsoftware:json-io vulnerability found by trivy
- TAC-16787 [8.0.1] java.lang.security.audit.crypto.ssl.defaulthttpclient-is-deprecated.defaulthttpclient-is-deprecated
- TAC-18246 [8.0.1] guava:30.0-jre | CVE-2020-8908
- TAC-18739 [8.0.1] CVE-2013-6235: Vulnerability reported by trivy com.jamonapi:jamon v.2.74
Other issues fixed in TPS-5496
- TAC-18554 [8.0.1] NPE happen when LDAP firstName and lastName are empty
- TAC-18494 [8.0.1] TAC's JobConductor page becomes blank
- TAC-18591 [8.0.1] No more user available with this license error
- TAC-18595 [8.0.1] Add additional user password restriction: not allow to use exact the same password as before
- TAC-18599 [8.0.1] Check whether Apache Directory jars can be replaced with api-all
- TAC-18600 [8.0.1] Update jaxws-ri to version 2.3.6
- TAC-18598 [8.0.1] Check and arrange dependencies listed in description
- TAC-18276 [8.0.1] "Unexpected Error" is the status on running tasks in TAC 8.0
- TAC-18569 [8.0.1] misleading example in configuration.properties JobServerClient.conf.timeout=30000
- TAC-3292 [8.0.1] metaservlet methods for "project Reference" to be deprecated.
TPS-5495
CVEs fixed in TPS-5495
- TAC-18416 [8.0.1] Findings in: shiro-web:1.10.0
Other issues fixed in TPS-5495
- TAC-18437 [8.0.1] Add/Delete task in EP with trigger tasks list will show empty
- TAC-18170 [8.0.1] Import same execution plan twice will throw NPE error
- TAC-18483 [8.0.1] Check and remove sensitive information from local storage
- TAC-18471 [8.0.1] XSS issue when deleting User Groups
- TAC-18486 [8.0.1] TAC shows Runtime Down if Host name has trailing space characters.
- TAC-18517 [8.0.1] the QRTZ tables are missing after installing TAC 8 in Oracle DB
- TAC-17090 [8.0.1] Investigate adding a minimal Content-Security-Policy
- TAC-18544 [8.0.1] when context.passwords.secured.only=true contexts not decrypted when default or original value is empty
- TAC-18346 [8.0.1] deploy error with virtual server : error 'Connection to server failed' occurred when 'Sending...
- TAC-17931 [8.0.1] Weak user passwords should not be allowed in TAC
TPS-5494
CVEs fixed in TPS-5494
- TAC-18367 [8.0.1] bcprov-jdk15on:1.70 | CVE-2023-33201
Other issues fixed in TPS-5494
- TAC-18320 [8.0.1] Incomplete line at end of technical.log
- TAC-18381 [8.0.1] Enable TAC's SMTP Debug option.
- TAC-18404 [8.0.1] Warning during trigger creation after apply TPS 5463
- TAC-11347 [8.0.1] Add deleting tasks from execution plan to the business log
- TAC-18433 [8.0.1] When execution is removed from scheduledJobManager basic and detailed status are not updated
- TAC-17875 [8.0.1] TAC new log retriever sub-optimal with some workloads
- TAC-18456 [8.0.1] Connection to server failed error even though logs are complete
- TAC-18467 [8.0.1] TAC Job Conductor - Statistic is showing as Removed
- TAC-18463 [8.0.1] For Git project name with dot character ('.') project folder name is truncated in org.talend.administrator_git
- TAC-18262 [8.0.1] output less redundant debug logs to make it easier to check customer's issues in logs
TPS-5493
CVEs fixed in TPS-5493
- TAC-18286 [8.0.1] Findings in: snappy-java:1.1.1.3
- TAC-18349 [8.0.1] bcprov-jdk15to18:1.69 | CVE-2023-33201
- TAC-18350 [8.0.1] bcprov-jdk15on:1.69 | CVE-2023-33201
Other issues fixed in TPS-5493
- TAC-12486 [8.0.1] Strange URL addon after starting TAC
- TAC-18250 [8.0.1] processing stopped after multi selecting "resume tasks" in UI
- TAC-18236 [8.0.1] After applying Patch20230421TPS-5461_v1-8.0.1 customer is not able to connect to there JFrog Artifactory anymore and are seeing the "Timeout occurs while retrieving this parameter for URL:" message
- TAC-15584 [8.0.1] Reset Job Context with MetaServlets
- TAC-17554 [8.0.1] Feature Request - logout users from studio by metaservlet call
- TAC-18270 [8.0.1] Issue with MetaServlet's "deleteUserGroupById" command.
- TAC-18214 [8.0.1] Unknown JavascriptException seen in Browser's console
- TAC-18303 [8.0.1] Throw meaningful exception when required master.key not found
- TAC-17300 [8.0.1] Update the "createproject" metaservlet to choose which branch to use
- TAC-18296 [8.0.1] TAC 7.3 to 8 Error: Not correct logs when migration
- TAC-17774 [8.0.1] TAC Error : Warning "Checking Connection" for Git while adding projects
- TAC-18247 [8.0.1] TAC software update page gives "Unexpected HTTP status '503'"
- TAC-18359 [8.0.1] Add the context parameter for saveEsbTask & updateEsbTask commands
- TAC-18360 [8.0.1] Make the configuration for plan recovery mechanism separate from task recovery
- TAC-18342 [8.0.1] TAC UI bug in virtual server page
- TAC-17932 [8.0.1] Enable SAML authentication in SP-initiated mode in TAC
TPS-5463
CVEs fixed in TPS-5463
Other issues fixed in TPS-5463
- TAC-17840 [8.0.1] metaservlet api: listExecutionPlans support returning a single plan
- TAC-18156 [8.0.1] change password on DB configuration page failed randomly
- TAC-18159 [8.0.1] Delete a task which is set in rollback in executionplan will throw Operation failed: !!!Cannot flush and commit transaction.!!!
- TAC-18174 [8.0.1] Appender=file can't write log to audit.json file random issue.
- TAC-17871 [8.0.1] Jobs are stuck in "Running" Status for long period
- TAC-17839 [8.0.1] ImportExecutionPlan Improvement
- TAC-18192 [8.0.1] Support Nexus version 3.53
- TAC-17799 [8.0.1] Investigate the failure of cross migration from mysql to other db
- TAC-15855 [8.0.1] Remove default passwords in DatabaseInitializer
- TAC-18230 [8.0.1] Recovery for execution plan doesn`t work properly when plan idquartzjob is different from plan id
- TAC-18186 [8.0.1] Empty custom context does not reflect on TAC, uses original value instead.
TPS-5462
CVEs fixed in TPS-5462
- TAC-17974 [8.0.1] org.codehaus.jettison: jettison:1.5.3
- TAC-18106 [8.0.1] Vulnerability found in org.apache.mina:mina-core:2.1.3 | CVE-2021-41973
- TAC-18107 [8.0.1] Vulnerability found in org.eclipse.jetty:jetty-server:9.4.48.v20220622 | CVE-2023-26048
- TAC-18104 [8.0.1] Vulnerability found in com.google.guava:guava:11.0.2 | CVE-2018-10237
- TAC-18127 [8.0.1] Vulnerability found in jfreechart 1.0.13 | CVE-2007-6306
- TAC-18128 [8.0.1] Vulnerabilities found in commons-cli 1.2
Other issues fixed in TPS-5462
- TAC-17861 [8.0.1] Zip file missing in job-conductor when calling an artifact task
- TAC-17739 [8.0.1] TAC Support for MS SQL Server 2022
- TAC-17618 [8.0.1] debug messages in TAC : DEBUG Segment
- TPS-5499 [8.0.1] The issue of removeServerProjectAuthorization | createServerProjectAuthorization(TAC-18003)
- TAC-18078 [8.0.1] unable to properly use a custom schema with a postgres non default database
- TAC-17982 [8.0.1] Issues found for On unavailable Job server with virtual server.
- TAC-18097 [8.0.1] The column name 'processingstate' is specified more than once in the SET clause or column list of an INSERT
- TAC-18129 [8.0.1] Jobs triggered by execution plan cron triggers throws NPE
- TAC-17702 [8.0.1] Support Ubuntu 22.04 as a TAC OS
TPS-5461
CVEs fixed in TPS-5461
- TAC-17872 [8.0.1] maven-core:3.9.0 | None
- TAC-17948 [8.0.1] json-smart:2.4.6 | CVE-2023-1370
Other issues fixed in TPS-5461
- TAC-16763 [8.0.1] modify a NPA user which has not roles will fail with 'Save failed: NoSuchElementException'
- TAC-17277 [8.0.1] "use latest version" : the latest artifact version is not always selected- Jfrog
- TAC-17741 [8.0.1] Tac Provisioning page stuck in loading
- TAC-17758 [8.0.1] Check whether exe/dll files needed for TAC
- TAC-17862 [8.0.1] Jobs executed using Chron trigger throws Cannot retrieve bean error
- TAC-17885 [8.0.1] Some tasks are killed when a value except 0 is set to "scheduler.conf.resetTaskStatus.maxDurationsOnEmptyLog"
- TAC-16377 [8.0.1] Server-Project authorization is not checked when deploy job is launched
- TAC-17916 [8.0.1] TAC Webapp cannot logon to TAC DB MS SQL Server when database.password contains special characters
- TAC-14421 [8.0.1] Designer/Viewer role user should only see his project authorized users but not all available users in TAC
- TAC-17876 [8.0.1] updateDesStoragePeriodForLogFiles::TAC team failed error
- TAC-17917 [8.0.1] Nexus Arctifact list is being truncated in TAC
- TAC-17933 [8.0.1] Unauthorised Access to Users Feature
- TAC-17938 [8.0.1] "On unavailable jobserver" with "Restart task" does not work on virtual server
- TAC-17976 [8.0.1] User list cache should be clear in notification page when users lose user access role
- TAC-17633 [8.0.1] Errors "can't connect to the zookeeper server" in TAC 7.3.1 even not used ESB
- TAC-17921 [8.0.1] Job execution recovery behavior is same amont each 'On unavailable Job server' settings
- TAC-17763 [8.0.1] Support for PostgreSQL 15
TPS-5428
CVEs fixed in TPS-5428
- TAC-17641 [8.0.1] CVE-2022-1471: snakeyaml:1.33
- TAC-17664 [8.0.1] CVE-2022-45787: apache-mime4j-storage:0.8.3
- TAC-17773 [8.0.1] CVE-2022-45688: Json:20220320
- TAC-17793 [8.0.1] maven-core:3.8.6
- TAC-17810 [8.0.1] CVE-2023-24998: commons-fileupload:1.4
- TAC-17834 [8.0.1] CVE-2021-28170: jakarta.el:3.0.3
Other issues fixed in TPS-5428
- TAC-17398 [8.0.1] Generated job not found after migration
- TAC-17723 [8.0.1] Change Keycloak to Keyloak/AWS
- TAC-16466 [8.0.1] custom role for execution plan access
- TAC-17626 [8.0.1] TAC artifactory path validation incomplete
- TAC-17572 [8.0.1] taskexecutionhistory table size and TAC start time
- TAC-17698 [8.0.1] Unable to migrate TAC's DB and no visible error.
- TAC-17796 [8.0.1] resumePlan/pausePlan by MetaServlet for FileTrigger does not work
- TAC-17637 [8.0.1] maxDurationBeforeCleaningOldJobs and maxDurationBeforeCleaningOldExecutionsLogs in configuration table the description should be days
- TAC-17855 [8.0.1] Custom value for password type context parameter will be written to database in plain text when run a plan
- TAC-17821 [8.0.1] migration failed from 711 to 801 with oracle
- TAC-17278 [8.0.1] Configure TAC for FIPS (Federal Information Processing Standard)
- TAC-17846 [8.0.1] Execution history-> context value will show password value as empty
TPS-5426
CVEs fixed in TPS-5426
- TAC-17544 [8.0.1] Update ehcache version for hibernate in TAC
Other issues fixed in TPS-5426
- TPS-5434 [8.0.1] error 500 when selecting artifact in repository from job conductor (TAC-17600)
- TPS-5438 [8.0.1] AWS sso created new user could not be updated from TAC UI (TAC-17645)
- TAC-17668 [8.0.1] Some tasks are killed even though "scheduler.conf.resetTaskStatus.maxDurationsOnEmptyLog" set to 0
- TAC-17602 [8.0.1] Task Status Mismatch Issue
- TAC-17371 [8.0.1] fewer business logs compared to 7.2.1
- TAC-17499 [8.0.1] TAC slowness in requesting run and deploying
- TAC-17720 [8.0.1] 731 release build migrate to latest 888 build failed.
- TAC-17714 [8.0.1] Task end date and task duration details are not updated in TAC if we manually kill any job
- TAC-17681 [8.0.1] Error and warn messages when execution plans are executed even they ran without any issues.
TPS-5424
CVEs fixed in TPS-5424
- TAC-17558 [8.0.1] Update CXF library to version 3.5.5
- TAC-17489 [8.0.1] CVE: CVE-2022-40154 com.thoughtworks.xstream:xstream:1.4.19(to 1.4.20)
- TAC-17596 [8.0.1] CVE-2022-45693: Vulnerable lib Jettison 1.5.1 found in TAC
- TAC-17591 [8.0.1] CVE-2022-1471: Vulnerability was found in library SnakeYAML version 1.32
- TAC-17594 [8.0.1] CVE-2022-40152: com.fasterxml.woodstox:woodstox-core:6.2.7
Other issues fixed in TPS-5424
- TAC-16293 [8.0.1] TAC will hang up if a task with a specific job enabling Statistics on the task is running
- TAC-17353 [8.0.1] Issue adding a new LDAP user in TAC
- TAC-17555 [8.0.1] Add a description into TAC cumulative patch Release Note
- TAC-17560 [8.0.1] "Storage period for generated Jobs" is not working.
- TAC-17569 [8.0.1] Add index for some table in MSSQL, Postgre, Oracle
- TAC-17608 [8.0.1] Metaservlet TAC database migration from Postgres to SQL Server is not working
- TPS-5420 [8.0.1] Update CXF library to version 3.5.5 (TAC-17558)
- TPS-5424 [8.0.1] Cumulative Patch - 20230119
Fixed issues
This patch is cumulative and contains the following fixes:
- TAC-14830 [8.0.1] Consolidate InetUtil RunIfConfigCommand methods
- TAC-15654 [8.0.1] Improve the error handle and print necessary error message
- TAC-14895 [8.0.1] Irrelevant warning when edit user group
- TAC-15954 [8.0.1] URL returned blank when adding administrator at the end of TAC URL
- TAC-15910 [8.0.1] NPE when saving LDAP user with non-existing DN
- TAC-15898 [8.0.1] TAC continues to work though set auditlog.failure.stopActivity to true
- TAC-14907 [8.0.1] error accessing runtime page, via a reverse proxy (F5)
- TAC-15899 [8.0.1] Error when undeploying ESB task
- TAC-15951 [8.0.1] migrate libraries : not all artifacts from org.talend.libraries are migrated from old to new nexus
- TAC-15967 [8.0.1] edit user group which have user assigned will throw 500 error
- TAC-15992 [8.0.1] Forgot password should be executed for existing and not existing user for the same time
- TAC-15897 [8.0.1] A task running by a plan with a custom context will run with default context at times
- TAC-15823 [8.0.1] Default context is not changed though removed from later version
- TAC-15894 [8.0.1] Task status in execution details are always in running when job server host ip is unavailable
- TAC-15878 [8.0.1] metaservlet projectExist didn't work as expected
- TAC-15778 [8.0.1] Add missing reset context audit log
- TPS-5028 [8.0.1] DBConfig page show username and password is not correct and license can not be imported (TAC-15880)
- TAC-16001 [8.0.1] Context parameters not displaying in TAC
- TAC-16022 [8.0.1] RemoteDataRetriver never shutdown for execution when jobserver is unreachable
- TPS-5053 [8.0.1] Log4j CVE-2021-44228/CVE-2021-45046 on TAC (TAC-16076)
- TAC-15962 [8.0.1] TAC upgraded to TPS-4989 then startup too long time
- TAC-16060 [8.0.1] Execution log is not immediately displayed though task has finished running
- TAC-16065 [8.0.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
- TAC-16127 [8.0.1] Cannot see context in one of TAC in a cluster
- TAC-16121 [8.0.1] TAC patch list does not manage continuation_token from nexus
- TAC-16126 [8.0.1] FileNotFoundException error when deploy a task which enabled "Use Latest Version"
- TAC-15776 [8.0.1] Delete task/plan print details in business log regarding task/plan deleted
- TAC-15917 [8.0.1] Null Pointer exception while browsing through the tasks in Job Conductor Tab
- TAC-16148 [8.0.1] ExecutionPlan Page refresh has the 500 client error
- TAC-16190 [8.0.1] Faild to execute metaservlet with the error 'password for Db config is incorrect.
- TPS-5079 [8.0.1] TAC Log4j CVE-2021-44832: update to Log4j 2.17.1 (TAC-16203)
- TPS-5089 [8.0.1] CVE-2021-42392 - Disable Remote H2 Console Access (TAC-16214)
- TAC-15513 [8.0.1] "scheduler.conf.retryRestartTaskWhenConnectionServerFailed" to be used by Tasks in Execution Plans
- TAC-16300 [8.0.1] Jobconductor task hanging on "1 awaiting exec"
- TAC-16282 [8.0.1] after login tac via SSO, cannot see full properties
- TAC-16245 [8.0.1] Metaservlet 'removeServerProjectAuthorization' faild with 'Cannot commit transaction'
- TAC-16246 [8.0.1] "String index out of range: -1" for MetaServlet-> runTask with empty context {}
- TAC-16280 [8.0.1] DB Migration failure from 721, 731 to 801 regarding DeprecatedFeaturesOn801Migration
- TAC-16277 [8.0.1] TAC's DB issue when deploying ESB Tasks after patch
- TAC-16249 [8.0.1] Cannot update a task when task name and plan name are the same
- TAC-13275 [8.0.1] Unable to import user with xml file
- TPS-5129 [8.0.1] TAC v801 Migration Failed, all data has been deleted on executionplanpart table by TAC migration (TAC-16341)
- TAC-16284 [8.0.1] No errors thrown on all migration Operations
- TAC-16343 [8.0.1] Message need update when add one new longer license on License page
- TAC-16202 [8.0.1] Too many segment logs when debug threshold is set
- TPS-5135 [8.0.1] TAC task duration is at least 10 seconds greater than job duration (TAC-16198)
- TAC-16413 [8.0.1] Configuration page showing endless Refresh
- TAC-16400 [8.0.1] jgit hangs/sleep in FS.FileStoreAttributeCache step on Git Project Connection checking
- TAC-16304 [8.0.1] Customer doesn't see his admin users
- TAC-13275 [8.0.1] Unable to import user with xml file
- TAC-16335 [8.0.1] Job running on Jobserver is killed unexpectedly
- TAC-16198 [8.0.1] TAC task duration is at least 10 seconds greater than job duration
- TAC-16460 [8.0.1] java.lang.NoSuchMethodError: org.apache.log4j.MDC.put error when upload license
- TAC-15911 [8.0.1] Apply schema change automatically
- TAC-16442 [8.0.1] Cannot edit TAC projects with empty credential
- TAC-16474 [8.0.1] TAC latest patch v8.0.1 with log2 doen`t log events
- TAC-16368 [8.0.1] Investigate "Trigger-Runner" what is he used for
- TAC-16468 [8.0.1] Change in behavior for getTaskIdByName metaservlet call
- TAC-16497 [8.0.1] Migration failed when upgrading Postgres DB to TAC 8.0
- TAC-16333 [8.0.1] Update default value for ldap connection timeout to 30s
- TAC-16420 [8.0.1] Talend2 - 02 - Database authentication testing endpoint is not authenticated
- TAC-16516 [8.0.1] Use default value jobserver.useCache=true when having DB connection problem
- TAC-16546 [8.0.1] Fix TAC name error in MetaServlet command help
- TAC-16513 [8.0.1] TAC 731 - H2 DB to Oracle Migration not recognizing the License in the Oracle Database
- TAC-16555 [8.0.1] Attribute:'svnid' not present while adding users in TAC using LDAP with SVN as storage
- TAC-16147 [8.0.1] TAC role don't sync when update tac role from sso
- TAC-16370 [8.0.1] "DBException: task not found exception" when tasked deleted from metaservlet ->runTask and Jobconductor UI is still refreshing on it
- TAC-16494 [8.0.1] The trigger info on plan is lost
- TAC-16561 [8.0.1] Trigger name left ' is lost in File trigger
- TPS-5189 [8.0.1] Talend2 - 01 - XXE processing vulnerability (TAC-16390)
- TAC-16598 [8.0.1] Metaservlet command failed for createSandboxProject
- TAC-16610 [8.0.1] Find possibility to enable hibernate.generate_statistics in TAC hibernate
- TAC-16327 [8.0.1] Migration failed on executionplanpartcontextprmsid column from mysql to postgresql executionplanpartcontextprmsid using Metaservelet-> migrateDatabase
- TAC-16626 [8.0.1] Metaservlet command "listUsers" doesn`t show users ldap parameters
- TAC-16309 [8.0.1] When Set business log limit by: Time, it can happen that all business log files are deleted and no new file created
- TAC-16519 [8.0.1] SSO - Support for keycloak
- TAC-15771 [8.0.1] Generate a Personal Access Token from TAC metaservlet
- TAC-16313 [8.0.1] Skip Backup option during TAC-Migration
- TAC-16536 [8.0.1] cannot deploy and run normal task deployed as zip after jobserver reboot
- TAC-16683 [8.0.1] Stop & start features in ESBConductor are not working
- TPS-5233 [8.0.1] CVE-2022-31648: SSOUtils.buildErrorPage doesn't escape the error message (TAC-16644)
- TPS-5245 [8.0.1] TAC connection to Nexus behind proxy(TAC-16445)
- TAC-16704 [8.0.1] Fix ConcurrentModificationException in RealtimeDataParser
- TAC-16695 [8.0.1] missing realtime statistics from older executions
- TAC-15218 [8.0.1] add checksum in software update for the download of patch
- TAC-16554 [8.0.1] Add innodbstrictmode=OFF setting in DB config file
- TPS-5255 [8.0.1] Transaction deadlocked with SQL Server (TAC-16738)
- TAC-16801 [8.0.1] Notification isn't send for 'On user deletion' event when deleting user with metaservlet
- TAC-16834 [8.0.1] Reset password: typo in error message
- TAC-16743 [8.0.1] org.hibernate.HibernateException: Illegal attempt to associate a collection with two open sessions
- TAC-16303 [8.0.1] TAC real time statistics do not work sometimes.
- TAC-16858 [8.0.1] Not all connection results are visible in real time statistics
- TAC-16856 [8.0.1] Execution Plan Name not available in Triggered by Section in Job Conductor
- TAC-16703 [8.0.1] No error message when project is NPA and role is admin when login from SSO
- TAC-16770 [8.0.1] Limit the number of patches on SoftwareUpdate page
- TAC-16643 [8.0.1] TAC is updating completed tasks after service restart and triggering misfire notifications
- TPS-5281 [8.0.1] The interaction between tds and scim takes more time than 721 in 801 (TAC-16753)
- TAC-16495 [8.0.1] TAC Execution Plan stuck in Status "Killing"
- TAC-16621 [8.0.1] Add in Audit logs actions on Personal Tokens for TAC
- TAC-16761 [8.0.1] use Long for execution task parameter id
- TAC-16897 [8.0.1] Unable to display/update context parameter using API while publishing a new version of job
- TAC-16909 [8.0.1] No token set error on TAC DB config page
- TAC-16958 [8.0.1] New added context in jobconductor will disappears after running artifact task
- TAC-16982 [8.0.1] Plan: delete parameter in plan, but it is still referenced in context parameter
- TAC-17009 [8.0.1] The EP status should be interrupted when EP is not parallel execution
- TAC-17021 [8.0.1] Create task failed when artifact with context (H2 db)
- TPS-5297 [8.0.1] The job always keep "running" when stop jobserver(TAC-16988)
- TAC-17014 [8.0.1] Delete custom context parameter need a extra refresh to see parameter disappear
- TAC-17026 [8.0.1] Metaservlet help all for revokePersonalAccessTokenOfUser need update
- TAC-17035 [8.0.1] Rollback does not work when EP is killed by timeout
- TAC-17057 [8.0.1] Contains the multiple repeat keys when export the config parameters
- TPS-5324 [8.0.1] Metaservlet: 'Cannot flush and commit transaction' when deleting ESB task(TAC-16884)
- TAC-15432 [8.0.1] add the ability to include or not the logs in attachment (or, at least, zip the attachment)
- TAC-17044 [8.0.1] Facing issue in servers page of TAC when trying to edit the name in the label section.
- TAC-17076 [8.0.1] Migration faild from 72 to 73/801
- TAC-16790 [8.0.1] task status set to "Ended with Warning" and could not be triggered anymore
- TPS-5329 [8.0.1] Convert @ when Artifact Repository user name contains this symbol(TAC-17121)
- TAC-17056 [8.0.1] Integrate with authentication feature for JobServer's FileServer
- TAC-15590 [8.0.1] Proxy server authentication not working
- TAC-17157 [8.0.1] Authorization Resource/Role assignments not properly refreshed
- TAC-17184 [8.0.1] Update context from default and custom save it will show error after deploy a new version.
- TAC-17265 [8.0.1] Unable to create tasks with TPS-5329
- TPS-5344 [8.0.1] "use latest version" : the latest artifact version is not always selected - continuation token (TAC-17158)
- TAC-17176 [8.0.1] Master key encoded wrongly when running service in Japanese locale
- TAC-17177 [8.0.1] "use latest version" is not the latest job for the job order in jfrog is not same as studio
- TAC-17181 [8.0.1] migrateDatabase command Source=Oracle Target=PostgreSQL : creates empty tables in postgreSQL DB
- TPS-5357 [8.0.1] job server high availability via virtual job server does not work (TAC-17249)
- TAC-17295 [8.0.1] Version: 500 The call failed on the server after apply the latest TAC patch (SqlServer with jtds driver)
- TPS-5358 [8.0.1] Metaservlet migratedatabase action does not work between mysql and mssql (TAC-17248)
- TAC-17304 [8.0.1] Old context parameter names not removed when updating task manually in TAC or using contextParamsRefresh=false with MetaServlet
- TAC-17362 [8.0.1] reset context parameter result in emply context (blank) with TPS-5343 if generatedJobs folder path is non canonical
- TAC-17373 [8.0.1] Wrong unit for maxDurationBeforeCleaningOldJobs maxDurationBeforeCleaningOldExecutionsLogs, but doc showing days as unit
- TAC-17389 [8.0.1] job status stuck "running" if using postgres DB, and job generating "null" in job logs
- TAC-17393 [8.0.1] Duplicate entry XXX for key 'executiontaskjobprm.PRIMARY'
- TAC-17443 [8.0.1] execution plan doesn't show in ui after creating with oracle database
- TPS-5384 [8.0.1] CVE-2022-42889: Update lib apache.commons-text (TAC-17340)
- TAC-17443 [8.0.1] execution plan doesn't show in ui after creating with oracle database
- TAC-17475 [8.0.1] Task Status are not updating in TAC UI
- TAC-17500 [8.0.1] Deadlock when reset task on jobserver timeout (Postgres Sql)
- TPS-5393 [8.0.1] Talend jobs getting killed automatically in 7.3.1(TAC-17432)
- TPS-5408 [8.0.1] Big data streaming Conductor could not list, deploy and run(TAC-17433,TAC-17474)
- TAC-17525 [8.0.1] Metaservlet not able to read context from Artifact
- TPS-5411 [8.0.1] Update jobserver client version for issue TPRUN-4892 and TPRUN-4898
Security fixes
This patch includes the security fixes:
- TAC-15950 [8.0.1] Vulnerability in "forgot password" functionality in TAC
- TAC-16115 [8.0.1] TAC - Log4j2 CVE-2021-45105 DOS attack Fix - Version (2.17.0 update)
- TAC-15298 [8.0.1] Talend - 01 - OTG-INFO-005 - Review Webpage Comments and Metadata for Information Leakage
- TAC-16213 [8.0.1] Update H2 dependency to 2.0.206
- TAC-16344 [8.0.1] Update H2 dependency to 2.1.210
- TAC-16286 [8.0.1] Migration from log4j1 to log4j2 (update to 2.17.1v)
- TAC-16390 [8.0.1] CVE-2022-29943: Talend2 - 01 - XXE
- TAC-16407 [8.0.1] CVE-2022-29942: Talend2 - 03 - SSRF
- TAC-16486 [8.0.1] Vulnerable library Liquibase
- TAC-16487 [8.0.1] Vulnerable library JDOM
- TAC-16567 [8.0.1] CVE-2021-43859: Vulnerable library XStream Core 1.4.18
- TAC-16568 [8.0.1] CVE-2020-36518: Vulnerable library jackson-databind 2.12.2
- TAC-16644 [8.0.1] CVE-2022-31648: SSOUtils.buildErrorPage doesn't escape the error message
- TAC-16668 [8.0.1] Update to Apache CXF 3.5.2 for TAC
- TAC-16792 [8.0.1] Session creation is insecure
- TAC-16794 [8.0.1] For cookie "dbadminsession" HttpOnly needs to be added
- TAC-14807 [8.0.1] Fix possible SQL Injection issues
- TAC-16833 [8.0.1] Update studio-utils to 1.0.8 version
- TAC-16855 [8.0.1] CVE-2021-41303: Vulnerable library Apache Shiro update to v 1.9.0
- TAC-16870 [8.0.1] CVE-295: Insecure HostnameVerifier implementation on NetIQ plugin
- TAC-16977 [8.0.1] CVE-2022-32532: Update apache shiro to 1.9.1 version
- TAC-16978 [8.0.1] CVE-2022-25647: Update Gson lib to version 2.9.0
- TAC-16979 [8.0.1] CVE-2022-23221: Update H2 Database Engine to version 2.1.214
- TAC-16980 [8.0.1] CVE-2021-26291: Update Maven Core to version 3.8.6
- TAC-17017 [8.0.1] CVE-2022-33980: Update Apache Commons Configuration to version 2.8.0
- TAC-16985 [8.0.1] Implement file path traversal guards
- TAC-15749 [8.0.1] Make sure CRLF characters are removed from MailSender
- TAC-16959 [8.0.1] Ensure output is encoded
- TAC-17205 [8.0.1] CVE-2018-5382: Update Bouncy Castle Provider to version 1.69
- TAC-17227 [8.0.1] Remove default credentials to nexus and artifactory
- TAC-17270 [8.0.1] Fix Veracode SAST Output Log Neutralization issues
- TAC-17331 [8.0.1] CVE-2022-23437: Vulnerable lib Xerces 2.12.0 found in TAC
- TAC-17329 [8.0.1] CVE-2021-37136: Vulnerable lib netty-codec 4.1.54.Final found in TAC
- TAC-17330 [8.0.1] CVE-2022-40150: Vulnerable lib Jettison 1.4.0 found in TAC
- TAC-17332 [8.0.1] CVE-2022-40664: Vulnerable lib shiro-web found in TAC
- TAC-17340 [8.0.1] CVE-2022-42889: Update lib apache.commons-text
- TAC-17352 [8.0.1] CVE-2022-30973: Vulnerability found in org.apache.tika:tika version1.24.1
- TAC-17354 [8.0.1] CVE-2022-42003: Vulnerable library jackson-databind was found in TAC
- TAC-17424 [8.0.1] CVE-2022-25857: Vulnerability was found in library SnakeYAML version 1.26
- TAC-17426 [8.0.1] CVE-2021-20293: Vulnerability was found in library RestEasy core version 4.5.10.Final
- TAC-17482 [8.0.1] CVE: commons-codec:commons-codec:1.11(to 1.15)
- TAC-17483 [8.0.1] CVE: CVE-2022-36033 org.jsoup:jsoup:1.14.2 (to 1.15.3)
- TAC-17542 [8.0.1] CVE-2021-33813: Remove vulnerable jdom-1.1 from project
- TAC-17549 [8.0.1] Vulnerability found in org.json:org.json:20120509 and org.json:json:20140107
- TAC-17553 [8.0.1] Update Pax URL Aether
- TAC-17541 [8.0.1] Update CXF library to version 3.5.2
- TAC-17546 [8.0.1] CVE-2019-7611: Vulnerability found old in org.elasticsearch:elasticsearch 2.4.3