TPS-5201 (cumulative patch) - 7.2

Version
7.2
Language
English (United States)
Product
Talend Data Fabric
Module
Talend Administration Center

TPS-5201 (cumulative patch)

Info Value
Patch Name Patch_20220429_TPS-5201_v1-7.2.1
Release Date 2022-04-29
Target Version 20190620_1446-V7.2.1
Product affected Talend Administration Center

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend Administration Center 7.2.1.

NOTE: To download this patch, liaise with your Support contact at Talend.

Fixed issues

This patch is cumulative and contains the following fixes:

  • TPS-3259 [7.2.1] behavior of context path in TAC Artifactory configuration url (TAC-12925)
  • TPS-3298 [7.2.1] Remove default SSL keystore + password settings in SSLUtil (TAC-12990)
  • TPS-3375 [7.2.1] associatePreGeneratedJob metaservlet api creates an execution task even if taskType is Artifact and import type is Artifactory (TAC-13137)
  • TPS-3496 [7.2.1] RemoteTaskExecution Unexpected Exception ava.lang.IllegalMonitorStateException (TAC-13336)
  • TPS-3551 [7.2.1] Configurable technical/business log (TAC-11454)
  • TPS-3540 [7.2.1] TAC DB configuration throwing error if the DB password is very long (TAC-13416)
  • TPS-3520 [7.2.1] Execution plans not working when the TAC is clustered (TAC-13424)
  • TPS-3641 [7.2.1] Update patch information
  • TPS-3430 [7.2.1] Hibernate Dialect must be explicitly set for database: MariaDB (TAC-13252)
  • TPS-3561 [7.2.1] TAC performance issue : 4 minutes to get project authorization and a listproject (TAC-13500)
  • TPS-3564 [7.2.1] TAC not balancing the load equally among Virtual jobservers when jobs deployed simultaneously (TAC-13052)
  • TPS-3596 [7.2.1] Studio is listing unauthorized Jobserver for LDAP user (TAC-13390 & TAC-13569)
  • TPS-3602 [7.2.1] Can't send email notifications when running Java11 (TAC-13187)
  • TPS-3642 [7.2.1] NPE happens when migration from 6.4.1 to 7.2.1 (TAC-13671)
  • TPS-3684 [7.2.1] Many jobs in status requesting run (TAC-12653)
  • TPS-3685 [7.2.1] After TAC restarts Jobs that were in "requesting run" are displayed as "OK" while they have not run (TAC-13635)
  • TPS-3693 [7.2.1] After applying TPS-3642_v2 - Artifact task with latest version is not updating the latest version on running the job (TAC-13757)
  • TPS-3701 [7.2.1] Refactoring and improvements related to TAC synchronization | TAC stuck periodically due to MSSQL db locks created(TAC-13568,TAC-13231,TAC-12828)
  • TPS-3708 [7.2.1] Real-time Statistics not displaying for subjobs in TAC (TAC-13755)
  • TPS-3714 [7.2.1] Sort order of Artifacts from Nexus (TAC-13726)
  • TPS-3739 [7.2.1] TAC issue connecting to Jobserver's JMX and command server (TPSVC-12997, TAC-13919)
  • TPS-3744 [7.2.1] TAC Server is endless "Waiting for the Task to end" (TPSVC-10197, TAC-12713)
  • TPS-3777 [7.2.1] After applying TPS-3642_v2 - Artifact task with latest version is not updating the latest version on running the job. (TAC-13980)
  • TPS-3860 [7.2.1] Launch Recovery doesn't work (TAC-12933)
  • TPS-3980 [7.2.1] SaveEsbTask metaservlet command does not set context as active. (TESB-28187)
  • TPS-4008 [7.2.1] Context issue with double-quotes in custom value if the original value is enclosed in double quotes (TESB-28908)
  • TPS-4039 [7.2.1] "/nexus" is hardcoded in NexusBrowserBusiness.class. (TAC-14218)
  • TPS-4046 [7.2.1] Artifactory - Not able to select context in ESB conductor (TESB-29036)
  • TPS-4091 [7.2.1] When using custom context value in ESB conductor, not all values are passed to the runtime (TESB-29226)
  • TPS-4180 [7.2.1] TAC: StringIndexOutOfBoundsException when creating ESB Conductor Tasks (TESB-29552)
  • TPS-4202 [7.2.1] org.talend.administrator.common.exception.DBException: !!!Cannot flush and commit transaction.!!! (TAC-13204)
  • TPS-4219 [7.2.1] job is null captured in the execution plan of 7.0.1 Tac (TAC-13222)
  • TPS-4204 [7.2.1] Intermittent issue of StringIndexOutOfBoundsException for TaskExecutionHistoryLogge(TAC-14039)
  • TPS-4306 [7.2.1] TAC begins to hang / frozen (TAC-14369)
  • TPS-4322 [7.2.1] "/nexus" is hardcoded in NexusBrowserBusiness.class(TAC-14509, TAC-14218)
  • TPS-4321 [7.2.1] Not updating context with backslash: updateTask and updateESBTask of Metaservlet command (TAC-12968)
  • TPS-4360 [7.2.1] TAC: Option to remove "Rights Management" from 'Administrative Use' role [TAC-14391]
  • TPS-4457 [7.2.1] Strange behavior of TAC when context variables are changed and saved (TESB-30568)
  • TPS-4387 [7.2.1] "Generated Job Not Found" error thrown on restart of Jobserver (TAC-14479)
  • TPS-4393 [7.2.1] Metaservlet "associatePreGeneratedJob" API is taking Default as context group (TAC-14634)
  • TPS-4533 [7.2.1] TAC(MariaDB 10.1) -> Timeline page throws error after installing patch TPS-4322 (TAC-14766)
  • TPS-4575 [7.2.1] Update studio certificates for signing of job zip (TAC-14816)
  • TPS-4600 [7.2.1] Cannot reach svn server (TAC-14843)
  • TPS-4601 [7.2.1] Metaservlet call to createUserGroup fails with {"returnCode":5} (TAC-14860)
  • TPS-4627 [7.2.1] 401 Authentication credentials were missing or incorrect (TAC-14428)
  • TPS-4641 [7.2.1] The Console logs in TAC is not visible after applying recent patch TPS-4360 (TAC-14840)
  • TAC-12913 [7.2.1] Artifact task / Confirm popup Windows / Custom value applied to context parameter(s).. at each change
  • TAC-13250 [7.2.1] Impossible to delete Jobserver from TAC - Null pointer exception error.
  • TAC-13840 [7.2.1] ProcessItemLoader and MessagesUpdater make tac inaccessible from browser page
  • TAC-13817 [7.2.1] Support Cache-Control attributes (No-store, No-cache)
  • TAC-13761 [7.2.1] Tooo long time to complete the Job server status check(TAC-13761)
  • TAC-14316 [7.2.1] Roles for download an artifact from Nexus in TAC Job Conductor view
  • TAC-13674 [7.2.1] Sort error on JobConductor
  • TAC-14132 [7.2.1] ERROR ExecutionTaskRefresher - org.quartz.ObjectAlreadyExistsException
  • TAC-14670 [7.2.1] TAC resiliency issue with statistics port
  • TAC-14783 [7.2.1] there is not the notification email received when the task failed
  • TAC-14904 [7.2.1] TAC causes JobServer JMX exceptions on console
  • TAC-14896 [7.2.1] TAC Errors after installing TAC Patch_20201218_TPS-4556_v2
  • TAC-14968 [7.2.1] TAC-ESB is not able to deploy routes / nor displays runtimes
  • TAC-14900 [7.2.1] Batch update returned unexpected row count from update [3]; actual row count: 0; expected: 1
  • TAC-14960 [7.2.1] Failed to deploy artifacts: Could not find artifact error when trying to publish jobs
  • TAC-12565 [7.2.1] One vulnerability of TAC detected
  • TAC-12703 [7.2.1] Execution Plan built with "Add After", should not show Error Status as Ok if any of the tasks fail
  • TAC-13168 [7.2.1] File triggers will not be misfired
  • TAC-13205 [7.2.1] File trigger passes an incorrect context value when context name is "fileName" on child job
  • TAC-13307 [7.2.1] Task Launched issue, thread is exhausted with only 100 triggers
  • TAC-13428 [7.2.1] Batch update returned unexpected row count from update [6]; actual row count: 0; expected: 1
  • TAC-13734 [7.2.1] Cannot delete task from execution plan
  • TAC-14893 [7.2.1] TAC Freeze
  • TAC-13208 [7.2.1] create task with metaservlet failed with {"returnCode":1}
  • TAC-15038 [7.2.1] Able to see/run tasks in projects not having authorization when only using custom roles
  • TAC-15124 [7.2.1] metaservlet listTrigger fails
  • TPS-4760 [7.2.1] Log files not showing in TAC after applying TPS-4616 (TAC-14840)
  • TPS-4767 [7.2.1] Displaying order is not consistent at Job Conductor screen (TAC-14924)
  • TAC-14806 [7.2.1] TAC Web UI cookie contains version information
  • TAC-15183 [7.2.1] random issue : java.lang.NullPointerException in technical log and jobconductor header
  • TAC-15128 [7.2.1] TAC - GIT configuration
  • TAC-14964 [7.2.1] Jobs stuck in RUNNING status (recovery mechanism for tasks and plans)
  • TAC-15265 [7.2.1] TAC / JOB CONDUCTOR : Error: Connection to server failed when deploying a job - jobserverClient.port.timeout (increased default timeout to 5 seconds)
  • TAC-15204 [7.2.1] RCA for TAC blank page / stuck at license check
  • TAC-15152 [7.2.1] Paused triggers not updated after resumed
  • TAC-14970 [7.2.1] OutofMemory issue caused by RemoteDataRetreiver - Java heap space
  • TAC-14898 [7.2.1] Pop for cloud migration in TAC upon login
  • TAC-14674 [7.2.1] download patch failed when use artifacotry for talend-updates
  • TPS-4823 [7.2.1] memory leak after installing the patch TPS-4575 (TAC-14931)
  • TPS-4844 [7.2.1] TAC vulnerability - "Auto-complete-enabled" (TAC-15259)
  • TAC-15130 [7.2.1] User: user info did not show its related user group
  • TAC-15394 [7.2.1] Customized processMessagePort not reflecting in TAC UI
  • TAC-15133 [7.2.1] Root task status is not as same as before when killed due to timeout for plan
  • TAC-15439 [7.2.1] Delete user failed for custom role is disabled.
  • TPS-4868 [7.2.1] "nullpointer exception" in the TAC page : PROJECT AUTHORIZATIONS (TAC-15378)
  • TAC-15326 [7.2.1] job started twice by TAC
  • TPS-4943 [7.2.1] DBException: !!!Cannot flush and commit transaction.!!! after installing TPS-4868 (TAC-15577)
  • TAC-15566 [7.2.1] TAC goes to hang state, problem is in LOCKS on the "dbo.taskexecutionhistory" table
  • TPS-4964 [7.2.1] TAC jobs not pausing after installing TPS-4844 (TAC-15676)
  • TPS-4990 [7.2.1] TAC jobs cant be killed, and incorrect status reported (TAC-15694)
  • TAC-15951 [7.2.1] migrate libraries : not all artifacts from org.talend.libraries are migrated from old to new nexus
  • TAC-15897 [7.2.1] A task running by a plan with a custom context will run with default context at times in cluster mode
  • TAC-16001 [7.2.1] Context parameters not displaying in TAC
  • TAC-16022 [7.2.1] RemoteDataRetriver never shutdown for execution when jobserver is unreachable
  • TAC-15894 [7.2.1] Task status in execution details are always in running when job server host ip is unavailable
  • TPS-5017 [7.2.1] after TAC restart, one particular job can't be triggered(TAC-15332)
  • TPS-5087 [7.2.1] H2 Console CVE-2021-42392 (TAC-15032 TAC-16214)
  • TAC-15776 [7.2.1] Delete task/plan print details in business log regarding task/plan deleted
  • TAC-16065 [7.2.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
  • TAC-16148 [7.2.1] ExecutionPlan Page refresh has the 500 client error
  • TAC-16127 [7.2.1] Cannot see context in one of TAC in a cluster
  • TAC-16065 [7.2.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
  • TAC-16060 [7.2.1] Execution log is not immediately displayed though task has finished running
  • TAC-16245 [7.2.1] Metaservlet 'removeServerProjectAuthorization' failed with 'Cannot commit transaction
  • TAC-15513 [7.2.1] "scheduler.conf.retryRestartTaskWhenConnectionServerFailed" to be used by Tasks in Execution plans
  • TPS-5093 [7.2.1] TAC patch list does not manage continuation_token from nexus (TAC-16121)
  • TAC-15343 [7.2.1] job conductor slow to open / display execution logs
  • TAC-16198 [7.2.1] TAC task duration is at least 10 seconds greater than job duration
  • TAC-16202 [7.2.1] Too many segment logs when debug threshold is set in technical logs
  • TAC-13275 [7.2.1] Unable to import user with xml file
  • TAC-16461 [7.2.1] User with Operation Manager role unable to see the previous execution logs
  • TAC-16516 [7.2.1] Use default value jobserver.useCache=true when having DB connection problem
  • TPS-5151 [7.2.1] Job running on Jobserver is killed unexpectedly (TAC-16335)
  • TAC-12599 [7.2.1] Denial of service attack relating to entity expansion in the registry
  • TAC-16407 [7.2.1] Talend2 - 03 - SSRF
  • TPS-5201 [7.2.1] Talend2 - 01 - XXE processing vulnerability (TAC-16390)

Security fixes

This patch includes the security fixes:

  • TAC-14360 [7.2.1] Update Swagger
  • TAC-14413 [7.2.1] Add a dependency on Snakeyaml in org.talend.migration.nexus
  • TAC-14191 [7.2.1] Update BouncyCastle to 1.65+
  • TAC-14172 [7.2.1] Fix Nexus CVEs
  • TAC-14361 [7.2.1] Update postgres to 42.2.14+
  • TAC-14414 [7.2.1] Update and expand RESTEasy dependency in org.talend.migration.nexus
  • TAC-14266 [7.2.1] Update Dom4J
  • TAC-14175 [7.2.1] Update XStream and Plexus Utils
  • TAC-14643 [7.2.1] update jackson lib to version not lower than 2.8.6
  • TAC-14832 [7.2.1] Update jackson-databind
  • TAC-14247 [7.2.1] Update SLF4J to 1.7.26
  • TAC-14520 [7.2.1] Update Apache Shiro library from version 1.4.2 to latest
  • TAC-15021 [7.2.1] Vulnerability found in apache shiro web
  • TAC-14744 [7.2.1] Vulnerability found in maven-shared-utils lib
  • TAC-14268 [7.2.1] Fix SSHJ vulnerability
  • TAC-15177 [7.2.1] vulnerability is in a direct dependency. Vulnerable library JSON Small and Fast Parser was found
  • TAC-15026 [7.2.1] VULN ID - 53109573 - Session Fixation
  • TAC-15030 [7.2.1] VULN ID - 53109571 -Insufficient session expiration
  • TAC-16076 [7.2.1] Log4j security Vulnerability - CVE-2021-44228 & CVE-2021-45046 in TAC
  • TAC-15298 [7.2.1] Talend - 01 - OTG-INFO-005 - Review Webpage Comments and Metadata for Information Leakage
  • TAC-16276 [7.2.1] Vulnerability in "forgot password" functionality in TAC

Prerequisites

Consider the following requirements for your system:

  • Talend Administration Center 7.2.1 must be installed.

Installation

  1. Log in to TAC and switch to Configuration-> Software Update, then enter the correct values and save. Follow the procedure described in the documentation: https://help.talend.com/r/en-US/7.2/installation-guide-big-data-linux/config-update-repo
  2. Switch to Software update page, where the new patch will be listed. The patch can be downloaded from here into the nexus repository.
  3. Login to local Nexus, and download the patch file.
  4. Stop all TAC instance. Repeat the following steps for each instance.
  5. Create a patch directory (eg: <Talend>/TAC_Patch).
  6. Unzip patch file you received from support into this directory, then unzip the org.talend.administrator.war file as org.talend.administrator folder. (Note: Please rename org.talend.administrator-7.2.1.war if your old TAC application folder has a different name. Set the same name as your old TAC application name.)
  7. Create a backup directory (eg: <Talend>/TAC_Backup).
  8. Copy folder <Tomcat>/webapps/org.talend.administrator into the backup directory.
  9. In <Tomcat>/webapps/ directory, remove the previous org.talend.administrator folder, then copy the org.talend.administrator folder unzipped at step 6 and paste in the current directory.

  10. Restore TAC configuration by replacing <Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties and quartz.properties with the same files that are stored in your backup directory.

    Note:

    • If your TAC database is H2 db and embedded in TAC web folder (<Tomcat>/webapps/org.talend.administrator/WEB-INF/database by default), don't forget to restore H2 db by replacing this folder with the exact corresponding folder from your backup directory.
    • If your TAC works with SSO, you should restore the IDP Metadata file (<Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/IDPMetadata.xml) from your backup directory.
    • <TOMCAT>/endorsed/talend-url-mvn-1.0.0.jar is not needed any more, you can delete this jar.

  11. In case of TAC configured security connection (SSL/TLS) to other application - in file <Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties should be specified such properties: 'keystore.path', 'keystore.password', 'truststore.path', 'truststore.password'.

    Note:

    • If you used secured connection in previous versions and these properties were not specified before, then import correct certificate to keystore and truststore and specify such properties: 'keystore.path', 'keystore.password', 'truststore.path', 'truststore.password'.
    • New configurable parameter for Jobserver connection timeout: jobserverClient.port.timeout, please update the value in DB when you meet the SocketTimeoutException error(unit is millisecond), SQL statement example: UPDATE configuration SET configuration.value = "8000" WHERE configuration.key = "jobserverClient.port.timeout";;

  12. Restart TAC.

    Note:

    • It's recommended to clear browser cache after TAC patch has been applied.
    • It's recommended to use latest jobserver/runtime, because with old jobserver/runtime fix "TAC-15326 [7.2.1] job started twice by TAC" will not work.