Notable fixes and Known issues in Talend Remote Engine R2023-06

Security enhancements

Issue	Description
TPOPS-6127	A Spring Vault Core medium severity vulnerability has been repaired: CVE-2023-20859
TPOPS-6130	Jettison has been upgraded to repair a high severity vulnerability: CVE-2023-1436
TPOPS-6131	Spring Expression Language (SpEL) is using v5.3.27 to avoid several medium severity vulnerabilities: CVE-2023-20861 - Denial Of Service (DoS) CVE-2023-20863 - Denial Of Service (DoS)
TPOPS-6255	Jose4j is using a new version to avoid its "Improper Cryptographic Algorithm" issue.
TPOPS-6297	Jetty's new version helps repair several medium severity vulnerabilities: CVE-2023-26048: OutOfMemoryError occurs for large multipart file without filename in Eclipse Jetty. CVE-2023-26049: Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies.
TPOPS-6353	Sensitive data is not visible anymore in the karaf.log file of Remote Engine.
TPRUN-3701	The default credentials for a data server runner has been removed. For further information about the new approach to define your JMX credentials, see Connecting Talend Remote Engine to Talend Runtime.

Issue	Description
TPOPS-6275	Special characters and characters from languages such as Chinese or Japanese are garbled in the task run logs.
TPOPS-6222	The org.talend.observability.client.tcp.TcpClient file in the send() method is blocking the termination of task runs.
TINSTL-2634	Installation of Remote Engine 2.12.11 fails with the following exception: `No more authentication methods available`
APPINT-35108	Unexpected yellow exclamation marks appear beside the Running status when microservice Routes are being deployed to Remote Engine.

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!