TPS-5263 (cumulative patch)
Info | Value |
---|---|
Patch Name | Patch_20220708_TPS-5263_v1 |
Release Date | 2022-07-08 |
Target Version | 20211109_1610-V8.0.1 |
Product affected | Talend MDM Server, Talend Studio |
Introduction
This patch is cumulative. It includes all previous delivered patches for MDM 8.0.1
NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.
Fixed issues
This patch contains the following fixes:
- TPS-5052 [8.0.1] Talend MDM Log4j CVE-2021-44228/CVE-2021-45046 Security Issue (TMDM-15199)
- TMDM-15199 Talend MDM Log4j CVE-2021-44228/CVE-2021-45046 Security Issue
- TPS-5078 [8.0.1] Log4j2 CVE-2021-45105/ CVE-2021-44832(Moderate) DOS attack Fix - Version(2.17.1 update)(TMDM-15206)
- TMDM-15176 [CVE] Replace outdated commons-httpclient with Apache HttpClient in MDM
- TMDM-15181 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- TMDM-15189 [CVE] - Update Spring on MDM
- TMDM-15190 [CVE] - Update Apache CXF on MDM
- TMDM-15194 [CVE] Update Jackson version
- TMDM-15207 [DA] Clean packaging to remove undue log4j-core lib
- TMDM-15206 MDM - Log4j2 CVE-2021-45105/ CVE-2021-44832(Moderate) - Version(2.17.1 update)
- TPS-5125 [8.0.1] [CVE] - Update H2 version to 2.1.210 on MDM (TMDM-15201)
- TMDM-15217 libraries added in ZIP file deployed to MDM server and in jobox/work
- TMDM-15218 [CVE] - Update Spring dependencies on Data Authoring
- TMDM-15210 Chore: Remove remaining log4j1 from maven build
- TMDM-15220 [CVE] Upgrade xercesImpl to 2.12.2
- TMDM-15182 Improper Restriction of XML External Entity Reference
- TMDM-15221 ERROR User 'xx' is not allowed to perform following operation(s): update field ...
- TMDM-15226 Avoid security issue from SQL Injection
- TMDM-15203 [CVE] - Upgrade commons-io version to 2.7 reported in dependabot
- TMDM-15229 [CVE] - Update XStream Core to 1.4.19
- TMDM-15227 [CVE] - Hazelcast upgrade
- TMDM-15201 [CVE] - Update H2 version to 2.1.210 on MDM
- TPS-5155 [8.0.1] [CVE - 2022-22965] - Update Spring on MDM/Data Authoring (TMDM-15248)
- TMDM-15232 Upgrade Liquibase version to 3.8.9
- TMDM-15231 [CVE] commons-fileupload
- TMDM-15234 [CVE] - Update to Swagger and Guava stable release
- TMDM-15170 Match & merge failed with confidence lower than minimum threshold while the confidence in simulate match is not lower than minimum threshold
- TMDM-15236 [CVE] Log entry injection in Spring Framework
- TMDM-15238 [CVE] - Liquibase upgrade
- TMDM-11353 Issues of 'Contains the sentence'
- TMDM-15234 return expected response for invalid request body
- TMDM-11556 Logon mdm server with role does not exist, click to "return to login screen" will show 404 error
- TMDM-15248 [CVE - 2022-22965] - Update Spring on MDM/Data Authoring
- TPS-5230 [8.0.1] [CVE-2022-22968] - Update Spring Libraries on MDM/Data Authoring (TMDM-15266)
- TMDM-15163 [CVE] - Upgrade Outdated eclipse plugin Library for MDM
- TMDM-15239 [CVE] - Upgrade Outdated Jackson Library for MDM
- TMDM-15241 [CVE] - Update outdated Jansi to 2.4.0
- TMDM-15257 Upgrade tomcat version to 9.0.62
- TMDM-15268 [CVE] - Update Apache CXF on MDM
- TMDM-15244 Error java.lang.ArrayIndexOutOfBoundsException: Index 2 out of bounds for length 2 when deploying new version of Data Model
- TMDM-15266 [CVE-2022-22968] - Update Spring Libraries on MDM
- TPS-5247 [8.0.1] [CVE-2022-22976] - Update Spring security libraries on MDM/Data Authoring(TMDM-15275)
- TMDM-15013 Error happens when sorting by FK column referenced to composite keys
- TMDM-15269 [CVE-2022-25647] Update outdated gson on MDM
- TMDM-15272 [CVE-2022-22970] - Update Spring Beans on MDM
- TMDM-15270 [CVE] - Upgrade Outdated ActiveMQ Library for MDM
- TMDM-15264 Some data is lost after restart MDM Server
- TMDM-15276 [CVE] - Update Hibernate
- TMDM-15275 [CVE-2022-22976] - Update Spring security libraries on MDM/Data Authoring
- TPS-5263 [8.0.1] Job inserting records using tMDMBulkLoad : several executions do not insert the same number of records (TMDM-15290)
- TMDM-15277 Remove retired Atom Dependencies(abdera)
- TMDM-15278 [CVE] - Update Restlet on MDM
- TMDM-15281 [CVE] - Update Talend commons.model
- TMDM-15282 [CVE] - Upgrade dependency of scim-common
- TMDM-12363 [RestAPI] Partial update APIs support before saving
- TMDM-15290 Job inserting records using tMDMBulkLoad : several executions do not insert the same number of records
Prerequisites
Consider the following requirements for your system:
- Talend Studio 8.0.1 must be installed.
- Talend MDM Server 8.0.1 must be installed.
Installation
PATCH INSTALLATION NOTES FOR TALEND MDM SERVER 8.0.x
PRE-INSTALLATION
- Stop the MDM server
- Create a patch directory (eg: C:\MDM_Patch)
- Unzip patch file you receive from support into this directory
- Create a backup directory (eg: C:\MDM_Backup)
WEB APPLICATION REPLACEMENT
- Copy folder
<MDM_SERVER_HOME>
/apache-tomcat/webapps/talendmdm into the backup directory (DO NOT place talendmdm backup folder into webapps directory) - In
<MDM_SERVER_HOME>
/apache-tomcat/webapps/ directory, remove the previous talendmdm folder, then copy the talendmdm folder unzipped above and paste in the current directory - Copy file
/tools/dbmigration/lib/org.talend.mdm.db.migration-8.0.1.jar into the backup directory - In
<MDM_SERVER_HOME>
/tools/dbmigration/lib/ directory, remove the previous org.talend.mdm.db.migration-8.0.1.jar file, then copy the dbmigration/org.talend.mdm.db.migration-8.0.1.jar file unzipped above and paste in the current directory - Copy folder
<MDM_SERVER_HOME>
/apache-tomcat/webapps/data-authoring-proxy into the backup directory (DO NOT place data-authoring-proxy backup folder into webapps directory) - In
<MDM_SERVER_HOME>
/apache-tomcat/webapps/ directory, remove the previous data-authoring-proxy folder, then copy the data-authoring-proxy folder unzipped above and paste in the current directory - Copy folder
<MDM_SERVER_HOME>
/apache-tomcat/webapps/ROOT into the backup directory (DO NOT place ROOT backup folder into webapps directory) - In
<MDM_SERVER_HOME>
/apache-tomcat/webapps/ directory, remove the previous ROOT folder, then copy the ROOT folder unzipped above and paste in the current directory - H2 database
- Install new MDM 8.0.1 with clean H2 database to apply the patch.
- Replace connection-url of H2 in
<MDM_SERVER_HOME>
/conf/datasouces.xml by<connection-url>jdbc:h2:$MDM_HOME/data/h2-Default/$DB_NAME;DB_CLOSE_ON_EXIT=FALSE</connection-url>
(Windows) - Do migration from old mdm server.
POST-INSTALLATION
- Restart the MDM server
- Clear browser cache on clients