Skip to main content Skip to complementary content

Talend Remote Engine v2.13.8

Talend Remote Engine v2.13.8 is generally available.

Security enhancements

Issues Description
TMC-1189 The following engine dependencies have been upgraded:
  • Apache Avro: 1.11.3 to 1.11.4
    • CVE-2024-47561 - Arbitrary code execution
  • Jetty: 9.4.54.v20240208 to 9.4.56.v20240826
    • CVE-2024-8184 - ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
  • Spring: 6.1.12 to 6.2.0
    • CVE-2024-38816 - Path traversal vulnerability in functional web frameworks
    • CVE-2024-38820 - Case-sensitive match exception in Spring framework DataBinder
    • CVE-2024-38819 - Path traversal vulnerability in functional web frameworks (2nd report)
  • JNA: 5.14.0 to 5.15.0
  • OSHI: 6.6.3 to 6.6.5
  • Jackson: 2.17.2 to 2.18.2
  • Guava: 33.3.0-jre to 33.3.1-jre
  • Apache Commons IO: 2.16.1 to 2.18.0
  • Apache HTTP client 5: 5.3.1 to 5.4.1
  • Apache ActiveMQ client: 5.18.5 to 5.18.6
  • BouncyCastle: 1.78.1 to 1.79
  • SnakeYAML: 2.2 to 2.3
  • Swagger v3: 2.2.23 to 2.2.26
  • JobServer: 8.0.2.20240904_0703_patch to 8.0.2.20241104_1537_patch
TMC-1529

The vulnerability of storing credentials in plain text in engine configuration files has been resolved.

TMC-1209 The process of retrieving EC2 metadata has been migrated to the secure IMDSv2 protocol, enhancing security.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!