TPS-5245 (cumulative patch) - 8.0

Version
8.0
Language
English (United States)
Product
Talend Data Fabric
Module
Talend Administration Center

TPS-5245 (cumulative patch)

Info Value
Patch Name Patch_20220531_TPS-5245_v1-8.0.1
Release Date 2022-05-31
Target Version 20211109_1610-V8.0.1
Product affected Talend Administration Center

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend Administration Center 8.0.1.

NOTE: To download this patch, liaise with your Support contact at Talend.

Fixed issues

This patch is cumulative and contains the following fixes:

  • TAC-14830 [8.0.1] Consolidate InetUtil RunIfConfigCommand methods
  • TAC-15654 [8.0.1] Improve the error handle and print necessary error message
  • TAC-14895 [8.0.1] Irrelevant warning when edit user group
  • TAC-15954 [8.0.1] URL returned blank when adding administrator at the end of TAC URL
  • TAC-15910 [8.0.1] NPE when saving LDAP user with non-existing DN
  • TAC-15898 [8.0.1] TAC continues to work though set auditlog.failure.stopActivity to true
  • TAC-14907 [8.0.1] error accessing runtime page, via a reverse proxy (F5)
  • TAC-15899 [8.0.1] Error when undeploying ESB task
  • TAC-15951 [8.0.1] migrate libraries : not all artifacts from org.talend.libraries are migrated from old to new nexus
  • TAC-15967 [8.0.1] edit user group which have user assigned will throw 500 error
  • TAC-15992 [8.0.1] Forgot password should be executed for existing and not existing user for the same time
  • TAC-15897 [8.0.1] A task running by a plan with a custom context will run with default context at times
  • TAC-15823 [8.0.1] Default context is not changed though removed from later version
  • TAC-15894 [8.0.1] Task status in execution details are always in running when job server host ip is unavailable
  • TAC-15878 [8.0.1] metaservlet projectExist didn't work as expected
  • TAC-15778 [8.0.1] Add missing reset context audit log
  • TPS-5028 [8.0.1] DBConfig page show username and password is not correct and license can not be imported (TAC-15880)
  • TAC-16001 [8.0.1] Context parameters not displaying in TAC
  • TAC-16022 [8.0.1] RemoteDataRetriver never shutdown for execution when jobserver is unreachable
  • TPS-5053 [8.0.1] Log4j CVE-2021-44228/CVE-2021-45046 on TAC (TAC-16076)
  • TAC-15962 [8.0.1] TAC upgraded to TPS-4989 then startup too long time
  • TAC-16060 [8.0.1] Execution log is not immediately displayed though task has finished running
  • TAC-16065 [8.0.1] Upper / Lower Panels in the ERROR RECOVERY MANAGEMENT page not "synchronized"
  • TAC-16127 [8.0.1] Cannot see context in one of TAC in a cluster
  • TAC-16121 [8.0.1] TAC patch list does not manage continuation_token from nexus
  • TAC-16126 [8.0.1] FileNotFoundException error when deploy a task which enabled "Use Latest Version"
  • TAC-15776 [8.0.1] Delete task/plan print details in business log regarding task/plan deleted
  • TAC-15917 [8.0.1] Null Pointer exception while browsing through the tasks in Job Conductor Tab
  • TAC-16148 [8.0.1] ExecutionPlan Page refresh has the 500 client error
  • TAC-16190 [8.0.1] Faild to execute metaservlet with the error 'password for Db config is incorrect.
  • TPS-5079 [8.0.1] TAC Log4j CVE-2021-44832: update to Log4j 2.17.1 (TAC-16203)
  • TPS-5089 [8.0.1] CVE-2021-42392 - Disable Remote H2 Console Access (TAC-16214)
  • TAC-15513 [8.0.1] "scheduler.conf.retryRestartTaskWhenConnectionServerFailed" to be used by Tasks in Execution Plans
  • TAC-16300 [8.0.1] Jobconductor task hanging on "1 awaiting exec"
  • TAC-16282 [8.0.1] after login tac via SSO, cannot see full properties
  • TAC-16245 [8.0.1] Metaservlet 'removeServerProjectAuthorization' faild with 'Cannot commit transaction'
  • TAC-16246 [8.0.1] "String index out of range: -1" for MetaServlet-> runTask with empty context {}
  • TAC-16280 [8.0.1] DB Migration failure from 721, 731 to 801 regarding DeprecatedFeaturesOn801Migration
  • TAC-16277 [8.0.1] TAC's DB issue when deploying ESB Tasks after patch
  • TAC-16249 [8.0.1] Cannot update a task when task name and plan name are the same
  • TAC-13275 [8.0.1] Unable to import user with xml file
  • TPS-5129 [8.0.1] TAC v801 Migration Failed, all data has been deleted on executionplanpart table by TAC migration (TAC-16341)
  • TAC-16284 [8.0.1] No errors thrown on all migration Operations
  • TAC-16343 [8.0.1] Message need update when add one new longer license on License page
  • TAC-16202 [8.0.1] Too many segment logs when debug threshold is set
  • TPS-5135 [8.0.1] TAC task duration is at least 10 seconds greater than job duration (TAC-16198)
  • TAC-16413 [8.0.1] Configuration page showing endless Refresh
  • TAC-16400 [8.0.1] jgit hangs/sleep in FS.FileStoreAttributeCache step on Git Project Connection checking
  • TAC-16304 [8.0.1] Customer doesn't see his admin users
  • TAC-13275 [8.0.1] Unable to import user with xml file
  • TAC-16335 [8.0.1] Job running on Jobserver is killed unexpectedly
  • TAC-16198 [8.0.1] TAC task duration is at least 10 seconds greater than job duration
  • TAC-16460 [8.0.1] java.lang.NoSuchMethodError: org.apache.log4j.MDC.put error when upload license
  • TAC-15911 [8.0.1] Apply schema change automatically
  • TAC-16442 [8.0.1] Cannot edit TAC projects with empty credential
  • TAC-16474 [8.0.1] TAC latest patch v8.0.1 with log2 doen`t log events
  • TAC-16368 [8.0.1] Investigate "Trigger-Runner" what is he used for
  • TAC-16468 [8.0.1] Change in behavior for getTaskIdByName metaservlet call
  • TAC-16497 [8.0.1] Migration failed when upgrading Postgres DB to TAC 8.0
  • TAC-16333 [8.0.1] Update default value for ldap connection timeout to 30s
  • TAC-16420 [8.0.1] Talend2 - 02 - Database authentication testing endpoint is not authenticated
  • TAC-16516 [8.0.1] Use default value jobserver.useCache=true when having DB connection problem
  • TAC-16546 [8.0.1] Fix TAC name error in MetaServlet command help
  • TAC-16513 [8.0.1] TAC 731 - H2 DB to Oracle Migration not recognizing the License in the Oracle Database
  • TAC-16555 [8.0.1] Attribute:'svnid' not present while adding users in TAC using LDAP with SVN as storage
  • TAC-16147 [8.0.1] TAC role don't sync when update tac role from sso
  • TAC-16370 [8.0.1] "DBException: task not found exception" when tasked deleted from metaservlet ->runTask and Jobconductor UI is still refreshing on it
  • TAC-16494 [8.0.1] The trigger info on plan is lost
  • TAC-16561 [8.0.1] Trigger name left ' is lost in File trigger
  • TPS-5189 [8.0.1] Talend2 - 01 - XXE processing vulnerability (TAC-16390)
  • TAC-16598 [8.0.1] Metaservlet command failed for createSandboxProject
  • TAC-16610 [8.0.1] Find possibility to enable hibernate.generate_statistics in TAC hibernate
  • TAC-16327 [8.0.1] Migration failed on executionplanpart_contextprms_id column from mysql to postgresql executionplanpart_contextprms_id using Metaservelet-> migrateDatabase
  • TAC-16626 [8.0.1] Metaservlet command "listUsers" doesn`t show users ldap parameters
  • TAC-16309 [8.0.1] When Set business log limit by: Time, it can happen that all business log files are deleted and no new file created
  • TAC-16519 [8.0.1] SSO - Support for keycloak
  • TAC-15771 [8.0.1] Generate a Personal Access Token from TAC metaservlet
  • TAC-16313 [8.0.1] Skip Backup option during TAC-Migration
  • TAC-16536 [8.0.1] cannot deploy and run normal task deployed as zip after jobserver reboot
  • TAC-16683 [8.0.1] Stop & start features in ESBConductor are not working
  • TPS-5233 [8.0.1] SSOUtils.buildErrorPage doesn't escape the error message (TAC-16644)
  • TPS-5245 [8.0.1] TAC connection to Nexus behind proxy(TAC-16445)

Security fixes

This patch includes the security fixes:

  • TAC-15950 [8.0.1] Vulnerability in "forgot password" functionality in TAC
  • TAC-16115 [8.0.1] TAC - Log4j2 CVE-2021-45105 DOS attack Fix - Version (2.17.0 update)
  • TAC-15298 [8.0.1] Talend - 01 - OTG-INFO-005 - Review Webpage Comments and Metadata for Information Leakage
  • TAC-16213 [8.0.1] Update H2 dependency to 2.0.206
  • TAC-16344 [8.0.1] Update H2 dependency to 2.1.210
  • TAC-16286 [8.0.1] Migration from log4j1 to log4j2 (update to 2.17.1v)
  • TAC-16390 [8.0.1] CVE-2022-29943: Talend2 - 01 - XXE
  • TAC-16407 [8.0.1] CVE-2022-29942: Talend2 - 03 - SSRF
  • TAC-16486 [8.0.1] Vulnerable library Liquibase
  • TAC-16487 [8.0.1] Vulnerable library JDOM
  • TAC-16567 [8.0.1] CVE-2021-43859: Vulnerable library XStream Core 1.4.18
  • TAC-16568 [8.0.1] CVE-2020-36518: Vulnerable library jackson-databind 2.12.2
  • TAC-16644 [8.0.1] SSOUtils.buildErrorPage doesn't escape the error message

Prerequisites

Consider the following requirements for your system:

  • Talend Administration Center 8.0.1 must be installed.

Installation

  1. Log in to TAC and switch to Configuration-> Software Update, then enter the correct values and save. Follow the procedure described in the documentation: https://help.talend.com/r/en-US/8.0/installation-guide-big-data-linux/config-update-repo
  2. Switch to Software update page, where the new patch will be listed. The patch can be downloaded from here into the nexus repository.
  3. Login to local Nexus, and download the patch file.
  4. Stop all TAC instance. Repeat the following steps for each instance.
  5. Create a patch directory (eg: <Talend>/TAC_Patch).
  6. Unzip patch file you received from support into this directory, then unzip the org.talend.administrator.war file as org.talend.administrator folder. (Note: Please rename org.talend.administrator-8.0.1.war if your old TAC application folder has a different name. Set the same name as your old TAC application name.)
  7. Create a backup directory (eg: <Talend>/TAC_Backup).
  8. Copy folder <Tomcat>/webapps/org.talend.administrator into the backup directory. DO NOT place org.talend.administrator backup folder into webapps directory.
  9. In <Tomcat>/webapps/ directory, remove the previous org.talend.administrator folder, then copy the org.talend.administrator folder unzipped at step 6 and paste in the current directory.
  10. Restore TAC configuration by replacing <Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/configuration.properties and quartz.properties with the same files that are stored in your backup directory.

    Note:

    • Make sure that no other instances of TAC webapp are deployed into Tomcat's webapps folder. Make sure your TAC backup folder has NOT been stored in <Tomcat>/webapps folder.
    • If your TAC database is H2 db and embedded in TAC web folder (<Tomcat>/webapps/org.talend.administrator/WEB-INF/database by default), don't forget to restore H2 db by replacing this folder with the exact corresponding folder from your backup directory.
    • H2 version in this patch is updated due to security reasons. To migrate to new version of H2, please follow the documentation: https://help.talend.com/r/en-US/8.0/migration-upgrade-guide-big-data/upgrading-the-h2-database-after-changing-h2-driver-to-21210 .
    • If your TAC works with SSO, you should restore the IDP Metadata file (<Tomcat>/webapps/org.talend.administrator/WEB-INF/classes/IDPMetadata.xml) from your backup directory.
    • After the step 9, log4j 1.x libraries should have been removed from the folder: <Tomcat>/webapps/org.talend.administrator/WEB-INF/lib.
  11. Restart TAC.

    Note:

    • It's recommended to clear browser cache after TAC patch has been applied.
    • Log4j CVE-2021-44228 & CVE-2021-45046 fixed on Patch_20211223_TPS-5053_v1: please rebuild the jobs with latest Studio patch.
    • New LDAP connection timeout parameter: ldap.config.timeout. You can change it by editing the value of the ldap.config.timeout property in milliseconds in the database configuration table.