R2022-05-RT (cumulative patch) - 8.0

Version
8.0
Language
English
Product
Talend ESB
Module
Talend ESB
Last publication date
2022-05-21

R2022-05-RT (cumulative patch)

Caution

This release differs from the previously released monthly patches. It contains a complete updated Talend ESB Runtime 8.0.1. Do not install it over an existing Talend ESB runtime.

Please refer to the installation instructions to install this patch as a new runtime.

Info

Info Value
Release Name Patch_20220521_R2022-05_v1-RT-8.0.1
Release Date 2022-05-21
Product affected Talend ESB Runtime

Introduction

This release includes the previous generally available patches from Talend ESB Runtime 8.0.1.

NOTE: To download this release, liaise with your Support contact at Talend.

Fixed issues

This release contains the following fixes, in addition to the previous issues fixed in 8.0.1 patches:

TESB

  • TPRUN-3354: Investigate message logging in case it is logging the authorization header
  • TPRUN-3474: [8.0.1] Update of jackson-databind in TESB (CVE-2020-36518)
  • TPRUN-3441: [8.0.1] Ensure no vulnerable Spring versions are introduced through Karaf feature dependencies
  • TPRUN-3349: Security update of pax-url to 2.6.11
  • TPRUN-3345: tRestClient - oauth2 - noClassDefFoundError Exception - Data Service
  • TPRUN-2805: Disable Zookeeper AdminServer by default
  • TPRUN-3065: Feature camel-spring-redis
  • TPRUN-3157: CVE-related update of xstream to 1.4.19
  • TPRUN-3214: Update pax logging to 1.11.15 in Talend ESB runtime
  • TPRUN-2601: Make password encryption algorithm configurable + stronger
  • TPRUN-2631: Update AlgorithmSuite in etc/org.talend.esb.job.saml.policy
  • TPRUN-2175: data-source of mysql support only mysql 5
  • TPRUN-2925: Error with zookeeper when deploy REST/Soap service with Service Locator
  • TPRUN-3051: Update ant version used with Talend ESB
  • TPRUN-2228: Update Jetty to 9.4.43 or later
  • TPRUN-2915: Authorization fail for DemoService and DemoConsumerjob with error "No certificates for user"
  • TPRUN-2553: Connecting to two SAP instances from same ESB container with datasource
  • TPRUN-2841: [8.0.1] CVE-related update of Apache security in Talend ESB
  • TPRUN-2840: [8.0.1] CVE-related update of pax-logging in Talend ESB runtime to 1.11.13.
  • TPRUN-2793: [8.0] Missing feature repositories when offline
  • TPRUN-2385: Component must have a valid id when adding cxf:bus element in route's spring tab
  • TPRUN-2849: Runtime Error Installing Patch TPS-5064_v1-RT-8.0.1 error 'setenv.bat does not exist'
  • TPRUN-2699: [CVE] Update of log4j2 and pax-logging because of GHSA-xxfh-x98p-j8fr
  • TPRUN-2546: Setup patch creator for maintenance/8.0

TPSVC

  • TPS-5111 [8.0.1] JMX port 8888 is inactive for runtime from TAC while enabling SSL (TPRUN-2948)
  • TPS-5039 Mitigate / fix JobServer log4j2 vulnerabilities ( CVE-2021-44228 ) (TPRUN-2701)
  • TPRUN-2543 Fix compatibility statement logged at JobServer startup
  • TPS-5076 [8.0.1]including the possibility to define the certificate password when defining the SSL on jobserver and runtime (TPRUN-1805)

TDM

  • TDM-9405: ConcurrentModificationException - on job data as service in runtime ESB
  • TDM-9380: Remove DirectoryExecMapRuntimeImpl
  • TDM-9298: Remove Importer for java classes and JAR files
  • TDM-9290: Position reported by JSON Importer on errors is sometimes offset by 1
  • TDM-9289: Remove ExecutionProperties from the ExecutionStatus
  • TDM-9278: [OldRuntime]Execution status is accumulated when there are multiple executions for a tHMap
  • TDM-9254: JSON default alternative matcher should accept integer as exact match for Double/Float
  • TDM-9237: JSON Reader encodes ellipsis character
  • TDM-9226: Null item in JSON array is omitted on output
  • TDM-9222: JSON Reader gets stackoverflow with recursive Choice
  • TDM-9215: Fix numeric enumeration in avro export/import completely
  • TDM-9214: Default JSON Choice matcher should use Enum values when available
  • TDM-9203: JSON default choice handler fails on optional array
  • TDM-9201: Cobol Show Document error reporting must be improved
  • TDM-9197: get error when install TDM feature to esb runtime
  • TDM-9174: tuj job tdm_TDMT627_csv_writer is failed with JSON syntax error
  • TDM-9078: Avro exporter fails to export expressions set on Choices
  • TDM-9077: Avro exporter produces wrong operand avroloc within Choices and Alternatives
  • TDM-9043: JSON Reader supporting expressions as discriminators
  • TDM-9033: Add representation options to reduce size of JSON output
  • TDM-8449: Support JSONL
  • TDM-7427: data type optional segment is in test run result

CVE fixes

  • CVE-2020-36518: Update of Jackson to 2.13.2, Jackson-databind to 2.13.2.2 (TPRUN-3474)
  • CVE-2022-22965: Update of Spring to 5.3.20 (TPRUN-3441)
  • CVE-2021-43859: Update of XStream to 1.4.19, includes fixes for older XStream CVEs (TPRUN-3157)
  • CVE-2021-44228: Update of Log4j to 2.17.1, pax-logging to 1.11.15 (TPRUN-3214, TPRUN-2701, TPRUN-2699)
  • CVE-2021-36374: Update of Ant to 1.10.12, includes fixes for older Ant CVEs (TPRUN-3051)
  • CVE-2021-34429: Update of Jetty to 9.4.43.v20210629, includes fixes for older Jetty CVEs (TPRUN-2228)
  • CVE-2021-40690: Update of Apache xmlsec to 2.2.3, includes fixes for older xmlsec CVEs (TPRUN-2841)

Prerequisites

Consider the following requirements for your system:

  • This release contains a complete updated Talend ESB Runtime 8.0.1. Do not install it over an existing Talend ESB runtime..

  • This runtime works with Java 8 or Java 11.

Installation

Container

  • Unzip the patch into an empty directory of your choice. You will get a complete new runtime.
  • If you need to change any configurations in container/bin/setenv (resp. .../setenv.bat) or any of the configurations in container/etc/, edit the corresponding files.
  • Start the container.
  • Install any additional feature required as pre-condition for your routes and data services.
  • If you are running behind a remote engine and TMC, you may be able to recover your tasks if you shut down and re-start the remote engine.
  • Otherwise, you need to install your artifacts manually or re-install from TAC.

Notes

Enhancement of the SAP connector add-on

The configuration of the "talend-sapjco3-connector" in version 5.5.1 allows to define additional SAP endpoints adding prefixed properties. Here is a sample for an endpoint named "PEER_CONNECTION_POOL": ``` jco.client.ashost = myfirsthost.example.org jco.client.sysnr = 00 jco.client.client = 800 jco.client.user = DEVUSRA jco.client.passwd = * jco.client.lang = EN jco.destination.peak_limit = 10 jco.destination.pool_capacity = 3

endpoint.SAP_PEER_CONNECTION_POOL.jco.client.ashost = mysecondhost.example.org endpoint.SAP_PEER_CONNECTION_POOL.jco.client.sysnr = 00 endpoint.SAP_PEER_CONNECTION_POOL.jco.client.client = 100 endpoint.SAP_PEER_CONNECTION_POOL.jco.client.user = DEVUSRB endpoint.SAP_PEER_CONNECTION_POOL.jco.client.passwd = * endpoint.SAP_PEER_CONNECTION_POOL.jco.client.lang = EN endpoint.SAP_PEER_CONNECTION_POOL.jco.destination.peak_limit = 10 endpoint.SAP_PEER_CONNECTION_POOL.jco.destination.pool_capacity = 3

```

Datasources names updated default values (TPRUN-2175)

All features tesb-datasource-<database> have been updated to use updated default aliases ds-{database} instead of jdbc/sam.
If any Studio models are still using jdbc/sam aliases, update the related configuration file {container}/etc/org.talend.esb.datasource.{database}.cfg to add the property: datasource.jndi=ds-{database} List of all aliases are listed here: https://help.talend.com/r/tez87K9J65Ah64Rult_SAQ/K0Z7zYfpde~Qfq6zL7hzlQ

This feature doesn't impact manually deployed blueprints declaring data sources.

Default AlgorithmSuite from Basic128Sha256 to Basic256Sha256 (TPRUN-2631)

All AlgorithmSuites of policies with SAML, are updated from Basic128Sha256 to Basic256Sha256 for these features: - talend-job-controller - tesb-locator-soap-service - tesb-sam-service-soap

Configuration can be checked on these files, having value set to SAML:

Configuration file Configuration key/value with SAML Impacted endpoint
etc/org.talend.esb.locator.service.cfg locator.authentication = SAML http://localhost:8040/services/ServiceLocatorService
etc/org.talend.esb.sam.service.soap.cfg sam.service.soap.authentication = SAML http://localhost:8040/services/MonitoringServiceSOAP

If services are configured to use SAML: - you need to ensure external clients (executing out of container) use an updated policy when reaching these endpoints - you need to manually redeploy artifacts generated from Studio for models exposing/consuming endpoints using Service Locator or Service Activity Monitoring

Default Algorithm for password encryption/decryption (TPRUN-2601)

Algorithm encryption for all ENC(xxx) passwords is upgraded by default to PBEWITHSHA256AND256BITAES-CBC-BC. All passwords declared as ENC(xxx) in configuration files or Talend Administration Center must be regenerated through these commands in Runtime console (please ensure environment variable TESB_ENV_PASSWORD is set): karaf@trun()> feature:install tesb-encryptor-command karaf@trun()> tesb:encrypt-text {textToEncrypt}

Algorithm can be configured by setting environment variable TESB_ENV_ALGORITHM.
If old ENC(xxx) values are still needed, update the algorithm to previous one by setting environment variable TESB_ENV_ALGORITHM to PBEWITHSHA256AND128BITAES-CBC-BC and restart Runtime.

Disable Zookeeper AdminServer by default (TPRUN-2805)

Zookeeper AdminServer feature is now disabled by default, Service Locator feature is not impacted.
To reactivate this feature for embedded zookeeper in Runtime: - edit {container}/bin/setenv or {container}/bin/setenv.bat and change values -Dzookeeper.admin.enableServer=true Dzookeeper.admin.serverPort={AVAILABLE PORT} - restart Runtime

To reactivate this feature for standalone zookeeper provided with Talend-ESB: - edit Talend-ESB-V8.0.1/zookeeper/conf/zoo.cfg and add/change values zookeeper.admin.enableServer=true zookeeper.admin.serverPort={AVAILABLE PORT} - restart standalone zookeeper