Skip to main content Skip to complementary content

R2023-04-RT (monthly release cumulative patch)

Info Value
Patch Name Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT
Release Date 2023-04-21
Target Version 20221123_1200-8.0.1.R2022-10-RT
Product affected Talend ESB Runtime

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2022-10-RT.

NOTE: To download this patch, contact Talend Support.

Prerequisites

Consider the following requirements for your system:

  • Talend ESB Runtime 8.0.1.R2022-10-RT must be installed. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime.

  • Depending on the product, {container} is Talend-ESB-V8.0.1.R2022-10-RT/container/ or Talend-Runtime-V8.0.1.R2022-10-RT/

For all inserted properties:

  • if property already present (commented or uncommented), won't insert
  • if property not already present, will backup related file in dir {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/backup/ and insert property

For all updated properties:

  • if property commented or not already present, won't update
  • if property already present, will backup related file in dir {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/backup/ and update property

If any change required, update value after patch execution.

Installation

Container

  • Start Runtime Container
  • Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch.sh
│           mvnrepo.zip
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...

  • Ensure username/password are right in {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/patch.bat or {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/patch.sh

    ... -u {username} -p {password} -f patch.commands ...

  • Execute {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/patch.bat or {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/patch.sh

  • Ensure directory {container}/patches/Patch_20230421_R2023-04_v1-RT-8.0.1.R2022-10-RT/logs contains new log files :
    • xxx-installation.log: patch installation log
    • xxx-init.log: state before patch installation
    • xxx-installed.log: state after patch installation 
      Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
You will need to restart the Runtime Container for changes to take effect.

Notes

Bundle resolution errors

The updates are performed in three iterations. During the first and second iteration bundle resolution errors are showing up on the console and in the logs. This is expected, and these errors are resolved in the third iteration.

R2023-04

Issues fixed in 2023-04

TPRUN

  • TPRUN-5639 CVE-2023-20861 spring-expression:5.3.21
  • TPRUN-5531 CVE-2022-40152 Update of woodstox-core to 5.4.0/6.4.0
  • TPRUN-5630 CVE-2023-1370 Update json-smart to 2.4.9.
  • TPRUN-5629 CVE-2023-1430 Update jettison to 1.5.4.

CVE fixed in 2023-04

  • CVE-2023-20861: spring-expression:5.3.21 (TPRUN-5639)
  • CVE-2022-40152: Update of woodstox-core to 5.4.0/6.4.0 (TPRUN-5531)
  • CVE-2023-1370: Update json-smart to 2.4.9 (TPRUN-5630)
  • CVE-2023-1430: Update jettison to 1.5.4. (TPRUN-5629)

R2023-03

Issues fixed in 2023-03

TPRUN

  • TPRUN-4754: org.apache.cxf.binding.soap.SoapFault: Caught fault in soap operation
  • TPRUN-5518: Remove "activemq-web-console" from Runtime
  • TPRUN-5370: Json:20090211 | CVE-2022-45688
  • TPRUN-5341: update netty-handler to 4.1.86.Final
  • TPRUN-4735: javax.ws.rs.ClientErrorException: HTTP 406 Not Acceptable
  • TPRUN-5493: Integrate jobserver 8.0.1.202303081104patch
  • TPRUN-4943: Ensure simple and consistent JobServer patch packaging
  • TPRUN-4804: JobServer - Remove deprecated launch from shell script option
  • TPRUN-4842: Check Archive Signature - set default behaviour to ON_UPLOAD and update documentation
  • TPRUN-5363: synchronized method in copy() cause all deployment to be queued in "SENDING SCRIPT" in tac
  • TPRUN-5249: Job execution failures with long classpaths and impersonation
  • TPRUN-5106: JobServer client: provide a way to distinguish between recoverable and unrecoverable failures on JobServer side

CVE fixed in 2023-03

  • CVE-2022-45688: Update of json to 20090211

R2023-02

Issues fixed 2023-02

TPRUN

  • TPRUN-3965: POC - automated config and artifact deployment
  • TPRUN-5014: Authorization fails for second user
  • TPRUN-5233: Harden Talend ESB XML parsing against XML Entity Expansion attacks.

R2023-01

Issues fixed 2023-01

TPRUN

  • TPRUN-5049: Update ehcache to version 3 in tesb-authorization
  • TPRUN-5022: CVE-2022-46364 - update CXF to 3.4.10
  • TPRUN-5019: CVE-2022-40145 - backport security fix to Talend ESB customized Karaf

TDM

  • TDM-9685: SAP IDocs Reader fails on Decimal with precision 18
  • TDM-6125: Add function to check string present in string collection

CVE fixed in 2023-01

  • CVE-2022-46364: Update CXF to 3.4.10 (TPRUN-5022)
  • CVE-2022-40145: Backport security fix to Talend ESB customized Karaf (TPRUN-5019)
  • CVE-2019-14893 and CVE-2020-27216 in ehcache: Update ehcache to 3.10.8 (TPRUN-5049)

R2022-11

Issues fixed 2022-11

TPRUN

  • TPRUN-4693: CVE-2022-30126,org.apache.tika:tika-core:1.27 - update to tika 1.28.4
  • TPRUN-3354: Investigate message logging in case it is logging the authorization header
  • TPRUN-4561: CVE-2022-42889, org.apache.commons:commons-text:[1.4-1.9]
  • TPRUN-4142: Prevent runtime patches > R2022-07 from installing on default install
  • TPRUN-4882: [CVE-2022-45047] Update of Apache SSHD to version 2.9.2.
  • TPRUN-4868: pax-logging-libs version leads to stucking exchanges in runtime
  • TPRUN-4724: Deploying/undeploying a route makes other routes trying to deploy/undeploy
  • TPRUN-4660: Update release notes with gen1/runtime common update reco
  • TPRUN-4290: CVE: Xalan 2.7.2
  • TPRUN-4514: CVE-2022-42003,CVE-2022-42004, jackson-databind-2.13.2.2.jar
  • TPRUN-4414: CVE: jettison upgrade to 1.5.1
  • TPRUN-4559: Patch provided for cREST overwrite Content-Language header on runtime is not working
  • TPRUN-4595: [8.0.1] soap service schema validation not correct on runtime
  • TPRUN-4596: CVE-2022-34917 - Security update of kafka-clients
  • TPRUN-4695: Make access port configurable in tesb-derby-starter
  • TPRUN-4871: [CVE-2022-31692] Spring-security update to 2.6.9.
  • TPRUN-4497: Fail to execute "feature:install camel-spring-redis" on Runtime
  • TPRUN-4746: Integrate jobserver 8.0.1.202211171609patch

TDM

  • TDM-9607: CSV Reader looses tab as delimiter in runtime configuration
  • TDM-9554: Decimal Cobol field of size 18 missing properties when exported to avro
  • TDM-9462: Flattening map not working correctly for EDI 834 document
  • TDM-9439: Backport translated messages from 8.8.8 to the current 8.0.1 monthly
  • TDM-9412: Add Mariadb
  • TDM-9405: ConcurrentModificationException - on job data as service in runtime ESB
  • TDM-9380: Remove DirectoryExecMapRuntimeImpl
  • TDM-9379: Remove unused or empty messages
  • TDM-9344: JSON Writer:optional element don't have value needn't show when test run
  • TDM-9298: Remove Importer for java classes and JAR files
  • TDM-9290: Position reported by JSON Importer on errors is sometimes offset by 1
  • TDM-9289: Remove ExecutionProperties from the ExecutionStatus
  • TDM-9278: [OldRuntime] Execution status is accumulated when there are multiple executions for a tHMap
  • TDM-9254: JSON default alternative matcher should accept integer as exact match for Double/Float
  • TDM-9237: JSON Reader encodes ellipsis character
  • TDM-9226: Null item in JSON array is omitted on output
  • TDM-9222: JSON Reader gets stackoverflow with recursive Choice
  • TDM-9215: Fix numeric enumeration in avro export/import completely
  • TDM-9214: Default JSON Choice matcher should use Enum values when available
  • TDM-9203: JSON default choice handler fails on optional array
  • TDM-9201: Cobol Show Document error reporting must be improved
  • TDM-9197: get error when install TDM feature to esb runtime
  • TDM-9174: tuj job tdmTDMT627csv_writer is failed with JSON syntax error
  • TDM-9137: Move MessageCore to new Bundle org.talend.transform.common
  • TDM-9078: Avro exporter fails to export expressions set on Choices
  • TDM-9077: Avro exporter produces wrong operand avroloc within Choices and Alternatives
  • TDM-9043: JSON Reader supporting expressions as discriminators
  • TDM-9033: Add representation options to reduce size of JSON output
  • TDM-8449: Support JSONL
  • TDM-7427: data type optional segment is in test run result

CVE fixed in 2022-11

  • CVE-2022-31692: Update of spring-security update to 2.6.9 (TPRUN-4B71)
  • CVE-2022-34917: Update kafka clients to 2.8.2 (TPRUN-4596)
  • CVE-2022-42003: Update of jackson-databind-2.13.4.2.jar (TPRUN-4514)
  • CVE-2022-42004: Update of jackson-databind-2.13.4.2.jar (TPRUN-4514)
  • CVE-2022-42889: Update of Apache commons-text to 1.10.0 (TPRUN-4561)
  • CVE-2022-45047: Update of Apache mina sshd to 2.9.2 (TPRUN-4882)
  • CVE-2022-30126: Update of Apache tika-core to 1.28.4 (TPRUN-4693)
  • CVE-2022-40149: Update of jettison to 1.5.1 (TPRUN-4414)
  • CVE-2022-45589: SQL Injection attacks vulnerability (TPRUN-4777, since 8.0.1-R2022-10-RT)

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here