Skip to main content Skip to complementary content

Notable fixes and Known issues in Talend Remote Engine R2023-10

Security enhancements

Issue Description
TPOPS-6175
SnakeYAML has been upgraded to v2.0 to repair the following severe vulnerability:
  • CVE-2022-1471 (RCE)
TPOPS-6595

Guava, a set of Google Core Libraries for Java, has been updated to avoid the following vulnerabilities:

  • CVE-2023-2976 - Information Disclosure
  • CVE-2020-8908 - Information Disclosure
TPOPS-6864 The Karaf version has been upgraded to v4.4.4 to repair the following issues:
  • CVE-2023-35887 - Information disclosure - Apache MINA SSHD (org.apache.sshd:sshd-sftp:2.9.2)
  • CVE-2023-33201 - LDAP Injection - Bouncy Castle Provider (org.bouncycastle:bcprov-jdk15on:1.70)
  • CVE-2023-40167 - Improper validation of HTTP/1 content-length - Jetty (org.eclipse.jetty:jetty-http:9.4.51.v20230217)
  • CVE-2023-36479 - Improper Neutralization of Quoting Syntax - Jetty (org.eclipse.jetty:jetty-servlets:9.4.51.v20230217)

Notable fixes

Issue Description

TPOPS-6045

The talend-re-helper.sh Remote Engine diagnostic tool has been enhanced to give you the option to exclude Job logs from the TalendJobServersFiles folder during its analysis.
TPOPS-5501 The org.talend.ipaas.rt.observability.cfg file is unintentionally updated during Talend Remote Engine startup, leading to engine unpairing or pairing failure.
TPOPS-6171 The password encryption error in task run logs has been repaired.
TPOPS-6373 When using an HTTP proxy, Talend Remote Engine may run into out-of-memory issues due to unreached *talend.com services.
TPOPS-6597 Talend Remote Engine installation fails on Java 11.0.20.
TPOPS-6649 Jobs using JDBC components for Hive connection fail on Talend Remote Engine.
TPRUN-6643

The OSGi deployment strategy has been improved to automatically adapt to Talend Runtime versions.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here