TPS-5201 (cumulative patch)
Info | Value |
---|---|
Patch Name | Patch_20220429_TPS-5201_v1-7.2.1 |
Release Date | 2022-04-29 |
Target Version | 20190620_1446-V7.2.1 |
Product affected | Talend Administration Center |
Introduction
This patch is cumulative. It includes all previous generally available patches for Talend Administration Center 7.2.1.
NOTE: To download this patch, liaise with your Support contact at Talend.
Fixed issues
This patch is cumulative and contains the following fixes:
- TPS-3259 [7.2.1] behavior of context path in TAC Artifactory configuration url (TAC-12925)
- TPS-3298 [7.2.1] Remove default SSL keystore + password settings in SSLUtil (TAC-12990)
- TPS-3375 [7.2.1] associatePreGeneratedJob metaservlet api creates an execution task even if taskType is Artifact and import type is Artifactory (TAC-13137)
- TPS-3496 [7.2.1] RemoteTaskExecution Unexpected Exception ava.lang.IllegalMonitorStateException (TAC-13336)
- TPS-3551 [7.2.1] Configurable technical/business log (TAC-11454)
- TPS-3540 [7.2.1] TAC DB configuration throwing error if the DB password is very long (TAC-13416)
- TPS-3520 [7.2.1] Execution plans not working when the TAC is clustered (TAC-13424)
- TPS-3641 [7.2.1] Update patch information
- TPS-3430 [7.2.1] Hibernate Dialect must be explicitly set for database: MariaDB (TAC-13252)
- TPS-3561 [7.2.1] TAC performance issue : 4 minutes to get project authorization and a listproject (TAC-13500)
- TPS-3564 [7.2.1] TAC not balancing the load equally among Virtual jobservers when jobs deployed simultaneously (TAC-13052)
- TPS-3596 [7.2.1] Studio is listing unauthorized Jobserver for LDAP user (TAC-13390 & TAC-13569)
- TPS-3602 [7.2.1] Can't send email notifications when running Java11 (TAC-13187)
- TPS-3642 [7.2.1] NPE happens when migration from 6.4.1 to 7.2.1 (TAC-13671)
- TPS-3684 [7.2.1] Many jobs in status requesting run (TAC-12653)
- TPS-3685 [7.2.1] After TAC restarts Jobs that were in "requesting run" are displayed as "OK" while they have not run (TAC-13635)
- TPS-3693 [7.2.1] After applying TPS-3642_v2 - Artifact task with latest version is not updating the latest version on running the job (TAC-13757)
- TPS-3701 [7.2.1] Refactoring and improvements related to TAC synchronization | TAC stuck periodically due to MSSQL db locks created(TAC-13568,TAC-13231,TAC-12828)
- TPS-3708 [7.2.1] Real-time Statistics not displaying for subjobs in TAC (TAC-13755)
- TPS-3714 [7.2.1] Sort order of Artifacts from Nexus (TAC-13726)
- TPS-3739 [7.2.1] TAC issue connecting to Jobserver's JMX and command server (TPSVC-12997, TAC-13919)
- TPS-3744 [7.2.1] TAC Server is endless "Waiting for the Task to end" (TPSVC-10197, TAC-12713)
- TPS-3777 [7.2.1] After applying TPS-3642_v2 - Artifact task with latest version is not updating the latest version on running the job. (TAC-13980)
- TPS-3860 [7.2.1] Launch Recovery doesn't work (TAC-12933)
- TPS-3980 [7.2.1] SaveEsbTask metaservlet command does not set context as active. (TESB-28187)
- TPS-4008 [7.2.1] Context issue with double-quotes in custom value if the original value is enclosed in double quotes (TESB-28908)
- TPS-4039 [7.2.1] "/nexus" is hardcoded in NexusBrowserBusiness.class. (TAC-14218)
- TPS-4046 [7.2.1] Artifactory - Not able to select context in ESB conductor (TESB-29036)
- TPS-4091 [7.2.1] When using custom context value in ESB conductor, not all values are passed to the runtime (TESB-29226)
- TPS-4180 [7.2.1] TAC: StringIndexOutOfBoundsException when creating ESB Conductor Tasks (TESB-29552)
- TPS-4202 [7.2.1] org.talend.administrator.common.exception.DBException: !!!Cannot flush and commit transaction.!!! (TAC-13204)
- TPS-4219 [7.2.1] job is null captured in the execution plan of 7.0.1 Tac (TAC-13222)
- TPS-4204 [7.2.1] Intermittent issue of StringIndexOutOfBoundsException for TaskExecutionHistoryLogge(TAC-14039)
- TPS-4306 [7.2.1] TAC begins to hang / frozen (TAC-14369)
- TPS-4322 [7.2.1] "/nexus" is hardcoded in NexusBrowserBusiness.class(TAC-14509, TAC-14218)
- TPS-4321 [7.2.1] Not updating context with backslash: updateTask and updateESBTask of Metaservlet command (TAC-12968)
- TPS-4360 [7.2.1] TAC: Option to remove "Rights Management" from 'Administrative Use' role [TAC-14391]
- TPS-4457 [7.2.1] Strange behavior of TAC when context variables are changed and saved (TESB-30568)
- TPS-4387 [7.2.1] "Generated Job Not Found" error thrown on restart of Jobserver (TAC-14479)
- TPS-4393 [7.2.1] Metaservlet "associatePreGeneratedJob" API is taking Default as context group (TAC-14634)
- TPS-4533 [7.2.1] TAC(MariaDB 10.1) -> Timeline page throws error after installing patch TPS-4322 (TAC-14766)
- TPS-4575 [7.2.1] Update studio certificates for signing of job zip (TAC-14816)
- TPS-4600 [7.2.1] Cannot reach svn server (TAC-14843)
- TPS-4601 [7.2.1] Metaservlet call to createUserGroup fails with {"returnCode":5} (TAC-14860)
- TPS-4627 [7.2.1] 401 Authentication credentials were missing or incorrect (TAC-14428)
- TPS-4641 [7.2.1] The Console logs in TAC is not visible after applying recent patch TPS-4360 (TAC-14840)
- TAC-12913 [7.2.1] Artifact task / Confirm popup Windows / Custom value applied to context parameter(s).. at each change
- TAC-13250 [7.2.1] Impossible to delete Jobserver from TAC - Null pointer exception error.
- TAC-13840 [7.2.1] ProcessItemLoader and MessagesUpdater make tac inaccessible from browser page
- TAC-13817 [7.2.1] Support Cache-Control attributes (No-store, No-cache)
- TAC-13761 [7.2.1] Tooo long time to complete the Job server status check(TAC-13761)
- TAC-14316 [7.2.1] Roles for download an artifact from Nexus in TAC Job Conductor view
- TAC-13674 [7.2.1] Sort error on JobConductor
- TAC-14132 [7.2.1] ERROR ExecutionTaskRefresher - org.quartz.ObjectAlreadyExistsException
- TAC-14670 [7.2.1] TAC resiliency issue with statistics port
- TAC-14783 [7.2.1] there is not the notification email received when the task failed
- TAC-14904 [7.2.1] TAC causes JobServer JMX exceptions on console
- TAC-14896 [7.2.1] TAC Errors after installing TAC Patch_20201218_TPS-4556_v2
- TAC-14968 [7.2.1] TAC-ESB is not able to deploy routes / nor displays runtimes
- TAC-14900 [7.2.1] Batch update returned unexpected row count from update [3]; actual row count: 0; expected: 1
- TAC-14960 [7.2.1] Failed to deploy artifacts: Could not find artifact error when trying to publish jobs
- TAC-12565 [7.2.1] One vulnerability of TAC detected
- TAC-12703 [7.2.1] Execution Plan built with "Add After", should not show Error Status as Ok if any of the tasks fail
- TAC-13168 [7.2.1] File triggers will not be misfired
- TAC-13205 [7.2.1] File trigger passes an incorrect context value when context name is "fileName" on child job
- TAC-13307 [7.2.1] Task Launched issue, thread is exhausted with only 100 triggers
- TAC-13428 [7.2.1] Batch update returned unexpected row count from update [6]; actual row count: 0; expected: 1
- TAC-13734 [7.2.1] Cannot delete task from execution plan
- TAC-14893 [7.2.1] TAC Freeze
- TAC-13208 [7.2.1] create task with metaservlet failed with {"returnCode":1}
- TAC-15038 [7.2.1] Able to see/run tasks in projects not having authorization when only using custom roles
- TAC-15124 [7.2.1] metaservlet listTrigger fails
- TPS-4760 [7.2.1] Log files not showing in TAC after applying TPS-4616 (TAC-14840)
- TPS-4767 [7.2.1] Displaying order is not consistent at Job Conductor screen (TAC-14924)
- TAC-14806 [7.2.1] TAC Web UI cookie contains version information
- TAC-15183 [7.2.1] random issue : java.lang.NullPointerException in technical log and jobconductor header
- TAC-15128 [7.2.1] TAC - GIT configuration
- TAC-14964 [7.2.1] Jobs stuck in RUNNING status (recovery mechanism for tasks and plans)
- TAC-15265 [7.2.1] TAC / JOB CONDUCTOR : Error: Connection to server failed when deploying a job - jobserverClient.port.timeout (increased default timeout to 5 seconds)
- TAC-15204 [7.2.1] RCA for TAC blank page / stuck at license check
- TAC-15152 [7.2.1] Paused triggers not updated after resumed
- TAC-14970 [7.2.1] OutofMemory issue caused by RemoteDataRetreiver - Java heap space
- TAC-14898 [7.2.1] Pop for cloud migration in TAC upon login
- TAC-14674 [7.2.1] download patch failed when use artifacotry for talend-updates
- TPS-4823 [7.2.1] memory leak after installing the patch TPS-4575 (TAC-14931)
- TPS-4844 [7.2.1] TAC vulnerability - "Auto-complete-enabled" (TAC-15259)
- TAC-15130 [7.2.1] User: user info did not show its related user group
- TAC-15394 [7.2.1] Customized processMessagePort not reflecting in TAC UI
- TAC-15133 [7.2.1] Root task status is not as same as before when killed due to timeout for plan
- TAC-15439 [7.2.1] Delete user failed for custom role is disabled.
- TPS-4868 [7.2.1] "nullpointer exception" in the TAC page : PROJECT AUTHORIZATIONS (TAC-15378)
- TAC-15326 [7.2.1] job started twice by TAC
- TPS-4943 [7.2.1] DBException: !!!Cannot flush and commit transaction.!!! after installing TPS-4868 (TAC-15577)
- TAC-15566 [7.2.1] TAC goes to hang state, problem is in LOCKS on the "dbo.taskexecutionhistory" table
- TPS-4964 [7.2.1] TAC jobs not pausing after installing TPS-4844 (TAC-15676)
- TPS-4990 [7.2.1] TAC jobs cant be killed, and incorrect status reported (TAC-15694)
- TAC-15951 [7.2.1] migrate libraries : not all artifacts from org.talend.libraries are migrated from old to new nexus
- TAC-15897 [7.2.1] A task running by a plan with a custom context will run with default context at times in cluster mode
- TAC-16001 [7.2.1] Context parameters not displaying in TAC
- TAC-16022 [7.2.1] RemoteDataRetriver never shutdown for execution when jobserver is unreachable
- TAC-15894 [7.2.1] Task status in execution details are always in running when job server host ip is unavailable
- TPS-5017 [7.2.1] after TAC restart, one particular job can't be triggered(TAC-15332)
- TPS-5087 [7.2.1] H2 Console CVE-2021-42392 (TAC-15032 TAC-16214)
- TAC-15776 [7.2.1] Delete task/plan print details in business log regarding task/plan deleted
- TAC-16065 [7.2.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
- TAC-16148 [7.2.1] ExecutionPlan Page refresh has the 500 client error
- TAC-16127 [7.2.1] Cannot see context in one of TAC in a cluster
- TAC-16065 [7.2.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
- TAC-16060 [7.2.1] Execution log is not immediately displayed though task has finished running
- TAC-16245 [7.2.1] Metaservlet 'removeServerProjectAuthorization' failed with 'Cannot commit transaction
- TAC-15513 [7.2.1] "scheduler.conf.retryRestartTaskWhenConnectionServerFailed" to be used by Tasks in Execution plans
- TPS-5093 [7.2.1] TAC patch list does not manage continuation_token from nexus (TAC-16121)
- TAC-15343 [7.2.1] job conductor slow to open / display execution logs
- TAC-16198 [7.2.1] TAC task duration is at least 10 seconds greater than job duration
- TAC-16202 [7.2.1] Too many segment logs when debug threshold is set in technical logs
- TAC-13275 [7.2.1] Unable to import user with xml file
- TAC-16461 [7.2.1] User with Operation Manager role unable to see the previous execution logs
- TAC-16516 [7.2.1] Use default value jobserver.useCache=true when having DB connection problem
- TPS-5151 [7.2.1] Job running on Jobserver is killed unexpectedly (TAC-16335)
- TAC-12599 [7.2.1] Denial of service attack relating to entity expansion in the registry
- TAC-16407 [7.2.1] Talend2 - 03 - SSRF
- TPS-5201 [7.2.1] Talend2 - 01 - XXE processing vulnerability (TAC-16390)
Security fixes
This patch includes the security fixes:
- TAC-14360 [7.2.1] Update Swagger
- TAC-14413 [7.2.1] Add a dependency on Snakeyaml in org.talend.migration.nexus
- TAC-14191 [7.2.1] Update BouncyCastle to 1.65+
- TAC-14172 [7.2.1] Fix Nexus CVEs
- TAC-14361 [7.2.1] Update postgres to 42.2.14+
- TAC-14414 [7.2.1] Update and expand RESTEasy dependency in org.talend.migration.nexus
- TAC-14266 [7.2.1] Update Dom4J
- TAC-14175 [7.2.1] Update XStream and Plexus Utils
- TAC-14643 [7.2.1] update jackson lib to version not lower than 2.8.6
- TAC-14832 [7.2.1] Update jackson-databind
- TAC-14247 [7.2.1] Update SLF4J to 1.7.26
- TAC-14520 [7.2.1] Update Apache Shiro library from version 1.4.2 to latest
- TAC-15021 [7.2.1] Vulnerability found in apache shiro web
- TAC-14744 [7.2.1] Vulnerability found in maven-shared-utils lib
- TAC-14268 [7.2.1] Fix SSHJ vulnerability
- TAC-15177 [7.2.1] vulnerability is in a direct dependency. Vulnerable library JSON Small and Fast Parser was found
- TAC-15026 [7.2.1] VULN ID - 53109573 - Session Fixation
- TAC-15030 [7.2.1] VULN ID - 53109571 -Insufficient session expiration
- TAC-16076 [7.2.1] Log4j security Vulnerability - CVE-2021-44228 & CVE-2021-45046 in TAC
- TAC-15298 [7.2.1] Talend - 01 - OTG-INFO-005 - Review Webpage Comments and Metadata for Information Leakage
- TAC-16276 [7.2.1] Vulnerability in "forgot password" functionality in TAC
Prerequisites
Consider the following requirements for your system:
- Talend Administration Center 7.2.1 must be installed.
Installation
- Log in to TAC and switch to Configuration-> Software Update, then enter the correct values and save. Follow the procedure described in the documentation: https://help.talend.com/r/en-US/7.2/installation-guide-big-data-linux/config-update-repo
- Switch to Software update page, where the new patch will be listed. The patch can be downloaded from here into the nexus repository.
- Login to local Nexus, and download the patch file.
- Stop all TAC instance. Repeat the following steps for each instance.
- Create a patch directory (eg:
<Talend>
/TAC_Patch). - Unzip patch file you received from support into this directory, then unzip the org.talend.administrator.war file as org.talend.administrator folder. (Note: Please rename org.talend.administrator-7.2.1.war if your old TAC application folder has a different name. Set the same name as your old TAC application name.)
- Create a backup directory (eg:
<Talend>
/TAC_Backup). - Copy folder
<Tomcat>
/webapps/org.talend.administrator into the backup directory. - In
<Tomcat>
/webapps/ directory, remove the previous org.talend.administrator folder, then copy the org.talend.administrator folder unzipped at step 6 and paste in the current directory. -
Restore TAC configuration by replacing
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties and quartz.properties with the same files that are stored in your backup directory.Note:
- If your TAC database is H2 db and embedded in TAC web folder (
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/database by default), don't forget to restore H2 db by replacing this folder with the exact corresponding folder from your backup directory. - If your TAC works with SSO, you should restore the IDP Metadata file (
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/IDPMetadata.xml) from your backup directory. <TOMCAT>
/endorsed/talend-url-mvn-1.0.0.jar is not needed any more, you can delete this jar.
- If your TAC database is H2 db and embedded in TAC web folder (
-
In case of TAC configured security connection (SSL/TLS) to other application - in file
<Tomcat>
/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties should be specified such properties: 'keystore.path', 'keystore.password', 'truststore.path', 'truststore.password'.Note:
- If you used secured connection in previous versions and these properties were not specified before, then import correct certificate to keystore and truststore and specify such properties: 'keystore.path', 'keystore.password', 'truststore.path', 'truststore.password'.
- New configurable parameter for Jobserver connection timeout:
jobserverClient.port.timeout
, please update the value in DB when you meet theSocketTimeoutException
error(unit is millisecond), SQL statement example:UPDATE configuration SET configuration.value = "8000" WHERE configuration.key = "jobserverClient.port.timeout";
;
-
Restart TAC.
Note:
- It's recommended to clear browser cache after TAC patch has been applied.
- It's recommended to use latest jobserver/runtime, because with old jobserver/runtime fix "TAC-15326 [7.2.1] job started twice by TAC" will not work.