Skip to main content Skip to complementary content

Notable fixes and Known issues in Talend Remote Engine R2023-06

Security enhancements

Issue Description
TPOPS-6127 A Spring Vault Core medium severity vulnerability has been repaired:
  • CVE-2023-20859
Jettison has been upgraded to repair a high severity vulnerability:
  • CVE-2023-1436
TPOPS-6131 Spring Expression Language (SpEL) is using v5.3.27 to avoid several medium severity vulnerabilities:
  • CVE-2023-20861 - Denial Of Service (DoS)
  • CVE-2023-20863 - Denial Of Service (DoS)
TPOPS-6255 Jose4j is using a new version to avoid its "Improper Cryptographic Algorithm" issue.
TPOPS-6297 Jetty's new version helps repair several medium severity vulnerabilities:
  • CVE-2023-26048: OutOfMemoryError occurs for large multipart file without filename in Eclipse Jetty.
  • CVE-2023-26049: Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies.
TPOPS-6353 Sensitive data is not visible anymore in the karaf.log file of Remote Engine.
The default credentials for a data server runner has been removed. For further information about the new approach to define your JMX credentials, see Connecting Talend Remote Engine to Talend Runtime.

Notable fixes

Issue Description
TPOPS-6275 Special characters and characters from languages such as Chinese or Japanese are garbled in the task run logs.
TPOPS-6222 The org.talend.observability.client.tcp.TcpClient file in the send() method is blocking the termination of task runs.
TINSTL-2634 Installation of Remote Engine 2.12.11 fails with the following exception:
No more authentication methods available

Unexpected yellow exclamation marks appear beside the Running status when microservice Routes are being deployed to Remote Engine.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!