R2023-01-RT (monthly release cumulative patch)

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2022-10-RT.

NOTE: To download this patch, contact Talend Support.

Fixed issues

This patch contains the following fixes:

TESB

• TPRUN-5049: Update ehcache to version 3 in tesb-authorization
• TPRUN-5022: CVE-2022-46364 - update CXF to 3.4.10
• TPRUN-5019: CVE-2022-40145 - backport security fix to Talend ESB customized Karaf
• TPRUN-4693: CVE-2022-30126,org.apache.tika:tika-core:1.27 - update to tika 1.28.4
• TPRUN-3354: Investigate message logging in case it is logging the authorization header
• TPRUN-4561: CVE-2022-42889, org.apache.commons:commons-text:[1.4-1.9]
• TPRUN-4142: Prevent runtime patches > R2022-07 from installing on default install
• TPRUN-4882: [CVE-2022-45047] Update of Apache SSHD to version 2.9.2.
• TPRUN-4868: pax-logging-libs version leads to stucking exchanges in runtime
• TPRUN-4724: Deploying/undeploying a route makes other routes trying to deploy/undeploy
• TPRUN-4660: Update release notes with gen1/runtime common update reco
• TPRUN-4290: CVE: Xalan 2.7.2
• TPRUN-4514: CVE-2022-42003,CVE-2022-42004, jackson-databind-2.13.2.2.jar
• TPRUN-4414: CVE: jettison upgrade to 1.5.1
• TPRUN-4559: Patch provided for cREST overwrite Content-Language header on runtime is not working
• TPRUN-4595: [8.0.1] soap service schema validation not correct on runtime
• TPRUN-4596: CVE-2022-34917 - Security update of kafka-clients
• TPRUN-4695: Make access port configurable in tesb-derby-starter
• TPRUN-4871: [CVE-2022-31692] Spring-security update to 2.6.9.
• TPRUN-4497: Fail to execute "feature:install camel-spring-redis" on Runtime
• TPRUN-4746: Integrate jobserver 8.0.1.202211171609patch

TPRUN

TDM

• TDM-9685: SAP IDocs Reader fails on Decimal with precision 18
• TDM-9607: CSV Reader looses tab as delimiter in runtime configuration
• TDM-9554: Decimal Cobol field of size 18 missing properties when exported to avro
• TDM-9462: Flattening map not working correctly for EDI 834 document
• TDM-9439: Backport translated messages from 8.8.8 to the current 8.0.1 monthly
• TDM-9412: Add Mariadb
• TDM-9405: ConcurrentModificationException - on job data as service in runtime ESB
• TDM-9380: Remove DirectoryExecMapRuntimeImpl
• TDM-9379: Remove unused or empty messages
• TDM-9344: JSON Writer:optional element don't have value needn't show when test run
• TDM-9298: Remove Importer for java classes and JAR files
• TDM-9290: Position reported by JSON Importer on errors is sometimes offset by 1
• TDM-9289: Remove ExecutionProperties from the ExecutionStatus
• TDM-9278: [OldRuntime]Execution status is accumulated when there are multiple executions for a tHMap
• TDM-9254: JSON default alternative matcher should accept integer as exact match for Double/Float
• TDM-9237: JSON Reader encodes ellipsis character
• TDM-9226: Null item in JSON array is omitted on output
• TDM-9222: JSON Reader gets stackoverflow with recursive Choice
• TDM-9215: Fix numeric enumeration in avro export/import completely
• TDM-9214: Default JSON Choice matcher should use Enum values when available
• TDM-9203: JSON default choice handler fails on optional array
• TDM-9201: Cobol Show Document error reporting must be improved
• TDM-9197: get error when install TDM feature to esb runtime
• TDM-9174: tuj job tdmTDMT627csv_writer is failed with JSON syntax error
• TDM-9137: Move MessageCore to new Bundle org.talend.transform.common
• TDM-9078: Avro exporter fails to export expressions set on Choices
• TDM-9077: Avro exporter produces wrong operand avroloc within Choices and Alternatives
• TDM-9043: JSON Reader supporting expressions as discriminators
• TDM-9033: Add representation options to reduce size of JSON output
• TDM-8449: Support JSONL
• TDM-7427: data type optional segment is in test run result
• TDM-6125: Add function to check string present in string collection

CVE fixes

• CVE-2022-46364: Update CXF to 3.4.10 (TPRUN-5022)
• CVE-2022-40145: Backport security fix to Talend ESB customized Karaf (TPRUN-5019)
• CVE-2022-31692: Update of spring-security update to 2.6.9 (TPRUN-4B71)
• CVE-2022-34917: Update kafka clients to 2.8.2 (TPRUN-4596)
• CVE-2022-42003: Update of jackson-databind-2.13.4.2.jar (TPRUN-4514)
• CVE-2022-42004: Update of jackson-databind-2.13.4.2.jar (TPRUN-4514)
• CVE-2022-42889: Update of Apache commons-text to 1.10.0 (TPRUN-4561)
• CVE-2022-45047: Update of Apache mina sshd to 2.9.2 (TPRUN-4882)
• CVE-2022-30126: Update of Apache tika-core to 1.28.4 (TPRUN-4693)
• CVE-2022-40149: Update of jettison to 1.5.1 (TPRUN-4414)
• CVE-2019-14893 and CVE-2020-27216 in ehcache: Update ehcache to 3.10.8 (TPRUN-5049)

Prerequisites

Consider the following requirements for your system:

• Talend ESB Runtime 8.0.1.R2022-10-RT must be installed. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime.

• Depending on the product, {container} is Talend-ESB-V8.0.1.R2022-10-RT/container/ or Talend-Runtime-V8.0.1.R2022-10-RT/

For all inserted properties:

• if property already present (commented or uncommented), won't insert
• if property not already present, will backup related file in dir {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/backup/ and insert property

For all updated properties:

• if property commented or not already present, won't update
• if property already present, will backup related file in dir {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/backup/ and update property

If any change required, update value after patch execution.

Installation

Container

• Start Runtime Container
• Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch.sh
│           mvnrepo.zip
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...

• Ensure username/password are right in {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/patch.bat or {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/patch.sh

  ... -u {username} -p {password} -f patch.commands ... 
  

• Execute {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/patch.bat or {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/patch.sh

• Ensure directory {container}/patches/Patch_20230102_R2023-01_v1-RT-8.0.1.R2022-10-RT/logs contains new log files :
  • xxx-installation.log: patch installation log
  • xxx-init.log: state before patch installation
  • xxx-installed.log: state after patch installation

    Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
    You will need to restart the Runtime Container for changes to take effect.
    

Notes

Patch installation in "offline" mode

If you apply the Karaf patch in "offline" mode without connection to common Maven repositories, a small local Maven repository needs to be installed for the patch to succeed. The patch procedure will therefore check for the presence of a local Maven repository, eventually add one, and add the content required for the patch.

Bundle resolution errors

The updates are performed in three iterations. During the first and second iteration bundle resolution errors are showing up on the console and in the logs. This is expected, and these errors are resolved in the third iteration.