TPS-5286 (cumulative patch) - 8.0

English (United States)
Talend Big Data
Talend Data Fabric
Talend JobServer

TPS-5286 (cumulative patch)

Info Value
Patch Name Patch_20220705_TPS-5286_v1-8.0.1
Release Date 2022-07-05
Target Version 20211109_1610-V8.0.1
Product affected Jobserver


This patch is cumulative. It includes all previous generally available patches for Talend Jobserver 8.0.1.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-5039 Mitigate / fix JobServer log4j2 vulnerabilities ( CVE-2021-44228 ) (TPRUN-2701)
  • TPRUN-2543 Fix compatibility statement logged at JobServer startup
  • TPS-5076 [8.0.1]including the possibility to define the certificate password when defining the SSL on jobserver and runtime (TPRUN-1805)
  • TPRUN-2859 JobServer packages superfluous dependency slf4j-log4j12-1.7.32.jar
  • TPRUN-3050 Upgrade Ant dependency in JobServer to avoid known vulnerabilities
  • TPS-5111 [8.0.1] JMX port 8888 is inactive for runtime from TAC while enabling SSL (TPRUN-2948)
  • TPRUN-3106 When archive was deleted, wrong job execution state will be returned.
  • TPRUN-3152 JobServer secure mode is off by default.
  • TPRUN-1294 Restrict impersonation users by default.
  • TPRUN-2214 JobServer package should include a NOTICE file with licenses.
  • TPRUN-3405 The FileListener does not jail the path to the jobserver deploy directory.
  • TPRUN-3447 Provide info about job name in method for patch job execution command line.
  • TPRUN-3508 AuthorizationKey is logged
  • TPRUN-3527 Prevent race conditions in Remote Engine Gen1 parallel task execution
  • TPRUN-3153 log4jshell fix seems to broke temp directory creator functionality when installing RE as service
  • TPRUN-3697 JobServer should close stream of temporary context.
  • TPRUN-3604 Unzipper Incorrect size limit check and created files not deleted in case of error
  • TPRUN-3777 Non thread safe ClasspathJar writing
  • TPRUN-3679 Modularize function required for user impersonation.
  • TPS-5286 [8.0.1] Code cleanup & deprecation of 'launchFromShellScript' (TPRUN-3775)

Fixed CVEs


Consider the following requirements for your system:

  • Talend Jobserver 8.0.1 must be installed.


  1. Create a backup for the patched files in <jobserver_home>/lib and <jobserver_home>/conf.
  2. Stop Jobserver
  3. Remove files from <jobserver_home>/lib:

  4. log4j-api-*.jar

  5. log4j-core-*.jar
  6. log4j-slf4j-impl-*.jar
  7. org.talend.monitoring-8.0.1*.jar
  8. org.talend.monitoring.server-8.0.1*.jar
  9. org.talend.remote.commons-8.0.1*.jar
  10. org.talend.remote.jobserver.commons-8.0.1*.jar
  11. org.talend.remote.jobserver.server.standalone-8.0.1*.jar
  12. org.talend.remote.server-8.0.1*.jar

  13. To replace them with their patched counterparts

  14. log4j-api-2.17.1.jar

  15. log4j-core-2.17.1.jar
  16. log4j-slf4j-impl-2.17.1.jar
  17. org.talend.monitoring-
  18. org.talend.monitoring.server-
  19. org.talend.remote.commons-
  20. org.talend.remote.jobserver.commons-
  21. org.talend.remote.jobserver.server.standalone-
  22. org.talend.remote.server-

  23. Remove files from <jobserver_home> to replace them with their patched counterparts:

  24. start_rs.bat


  26. Add the following configuration properties to <jobserver_home>/conf/

It is recommended to set the following configuration property to true:

# Set to true to enable authorization for all jobserver commands (recommended)
RUN_AS_ALLOWLIST Run as user Execution Explanation
accepted No impersonation, OK
anybody accepted No impersonation, OK
anybody jim accepted All users allowed
* refused Must specify a user
* jim accepted All users allowed
jim,jules refused Must specify a user from the list
jim,jules jim accepted jim is in the list
ju* jules accepted jules matches ju*
  1. Start Jobserver


  1. Stop Jobserver.
  2. Remove the following files

  3. log4j-api-2.17.1.jar

  4. log4j-core-2.17.1.jar
  5. log4j-slf4j-impl-2.17.1.jar
  6. org.talend.monitoring-
  7. org.talend.monitoring.server-
  8. org.talend.remote.commons-
  9. org.talend.remote.jobserver.commons-
  10. org.talend.remote.jobserver.server.standalone-
  11. org.talend.remote.server-

and restore the unpatched counterparts from your backup

  • log4j-api-*.jar
  • log4j-core-*.jar
  • log4j-slf4j-*.jar
  • org.talend.monitoring-8.0.1*.jar
  • org.talend.monitoring.server-8.0.1*.jar
  • org.talend.remote.commons-8.0.1*.jar
  • org.talend.remote.jobserver.commons-8.0.1*.jar
  • org.talend.remote.jobserver.server.standalone-8.0.1*.jar
  • org.talend.remote.server-8.0.1*.jar

  • Remove the following files and restore the unpatched counterparts from your backup

  • start_rs.bat


  • Start Jobserver

Affected files for this patch

The following files are installed into <jobserver_home>/lib folder by this patch:

  • log4j-api-2.17.1.jar
  • log4j-core-2.17.1.jar
  • log4j-slf4j-impl-2.17.1.jar
  • org.talend.monitoring-
  • org.talend.monitoring.server-
  • org.talend.remote.commons-
  • org.talend.remote.jobserver.commons-
  • org.talend.remote.jobserver.server.standalone-
  • org.talend.remote.server-

The following files are installed into <jobserver_home> folder by this patch:

  • start_rs.bat

New configuration parameters


Removed features


When the option 'org.talend.remote.jobserver.commons.config.JobServerConfiguration.LAUNCH_SHELL_SCRIPT' was set to 'false' (which is the default value), a script file was generated in : - deployedJobPath/[jobName]/[jobName]_run.bat for Windows - deployedJobPath/[jobName]/[jobName] for UNIX

This file will no longer be generated.
Instead, to see executed command please use the debug level log.

Deprecated features


The possibility to launch from shell script using option ''org.talend.remote.jobserver.commons.config.JobServerConfiguration.LAUNCH_SHELL_SCRIPT' set to 'true' is deprecated and will be removed in end 2022.