R2023-09-RT (monthly release cumulative patch)

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2023-08-RT.

NOTE: To download this patch, contact Talend Support.

Prerequisites

Consider the following requirements for your system:

• Talend ESB Runtime 8.0.1.R2023-08-RT must be installed. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime.

• Depending on the product, {container} is Talend-ESB-V8.0.1.R2023-08-RT/container/ or Talend-Runtime-V8.0.1.R2023-08-RT/

For all inserted properties:

• if property already present (commented or uncommented), won't insert
• if property not already present, will backup related file in dir {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/backup/ and insert property

For all updated properties:

• if property commented or not already present, won't update
• if property already present, will backup related file in dir {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/backup/ and update property

If any change required, update value after patch execution.

Installation

Container

• Start Runtime Container
• Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch.sh
│           mvnrepo.zip
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...

• Ensure username/password are right in {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/patch.bat or {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/patch.sh

  ... -u {username} -p {password} -f patch.commands ... 
  

• Execute {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/patch.bat or {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/patch.sh

• Ensure directory {container}/patches/Patch_20230915_R2023-09_v1-RT-8.0.1.R2023-08-RT/logs contains new log files :
  • xxx-installation.log: patch installation log
  • xxx-init.log: state before patch installation
  • xxx-installed.log: state after patch installation

    Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
    You will need to restart the Runtime Container for changes to take effect.
    

Notes

Bundle resolution errors

The updates are performed in three iterations. During the first and second iteration bundle resolution errors are showing up on the console and in the logs. This is expected, and these errors are resolved in the third iteration. The total patch process takes several minutes, but should not exceed 15 minutes depending on the number of features installed and the hardware.

R2023-09

Issues fixed in 2023-09

TPRUN

• TPRUN-6462: Talend ESB runtime security fixes after core upgrade
• TPRUN-5951: org.simpleframework.xml.strategy.Strategy cannot be found when built from Studio
• TPRUN-6505: [8.0.1] batik-bridge:1.16 | CVE-2022-44729
• TPRUN-6506: [8.0.1] batik-transcoder:1.16 | CVE-2022-44729
• TPRUN-6507: [8.0.1] batik-script:1.16 | CVE-2022-44730

TDM

• TDM-10363 [8.0.1] Restore maintenance/8.0 as single source for Studio and ESB runtime

CVE fixed in 2023-09

• CVE-2021-33813 org.apache.servicemix.bundles.jdom 2.0.61 -> 2.0.6.11
• CVE-2023-33201 bouncycastle 1.73 -> 1.74 (in pax-web features)
• CVE-2022-44729, CVE-2022-44730 xmlgraphics batik 1.16 -> 1.17
• Various CVE kudu 1.16.0 -> 1.17.0 (several updates of unsecure embedded libraries)

• Various CVE remove camel-python and camel-robotframework because of insufficiently maintained dependencies with unsecure embedded libraries

• CVE-2023-34455 snappy 1.1.7.7 -> 1.1.10.3 (in add-ons, full build only)

• CVE-2023-1436 jettison 1.53 -> 1.54 (in add-ons, full build only)
• CVE-2023-26048 jetty (9.4.43.v20210629, 9.4.50.v20221201) -> 9.4.51.v20230217 (in add-ons, full build only)
• CVE-2021-21290 netty 4.1.76.Final -> 4.1.94.Final (in add-ons, full build only)

R2023-08

Issues fixed in 2023-08

TPRUN

• TPRUN-3588: Camel version upgrade to 3.20.6 LTS
• TPRUN-4800: Karaf version upgrade to 4.4.3
• TPRUN-5093: CXF version upgrade to 3.5.6
• TPRUN-5095: ActiveMQ version upgrade to 5.17.4
• TPRUN-5105: Zookeeper version upgrade to 3.7.1
• TPRUN-6482: Talend ESB runtime - remove obsolete Karaf features with security issues.
• TPRUN-6483: [8.0] cMessagingEndpoint doesn't support camel-jira in Runtime

TDM

• TDM-10336 Upgrade 8.0.1 to avro 1.11.2

CVE fixed in 2023-08

• CVE-2022-39368 californium 2.6.3 -> 2.7.4
• CVE-2023-24998 commons-fileupload 1.4 -> 1.5
• CVE-2020-17521 groovy2 2.4.4 -> 2.4.21
• CVE-2022-25647 gson 2.8.7 -> 2.10.1
• CVE-2023-2976, CVE-2020-8908, CVE-2018-10237 guava (19.0 - 31.0.1-jre) -> 32.1.1-jre
• CVE-2023-33265 hazelcast 4.2.1 > 5.2.4
• CVE-2020-13956 httpclient 4.5.13 -> 4.5.14
• CVE-2023-33008 johnzon (1.2.14, 1.2.18) -> 1.2.21
• CVE-2023-1370 json-smart 2.4.9 -> 2.4.10
• CVE-2022-41946 postgresql-jdbc (42.2.8, 42.2.14) -> 42.6.0
• CVE-2023-34455 snappy 1.1.7.3 -> 1.1.10.1
• CVE-2023-34034 spring-security 5.6.9 -> 5.7.10
• CVE-2023-32697 sqlite-jdbc 3.34.0 -> 3.42.0.0
• CVE-2023-35887 sshd-osgi 2.9.2 -> 2.10.0
• CVE-2022-42890, CVE-2022-41704 xmlgraphics-batik 1.14 -> 1.16
• CVE-2023-33201 bcprov-jdk15on 1.69 -> 1.74

For previous patches : see 2023-07 patch release notes