TPS-5308 (cumulative patch) - 8.0

Version
8.0
Language
English (United States)
Product
Talend Data Fabric
Talend MDM Platform
Module
Talend MDM Server
Talend MDM Web UI
Talend Studio

TPS-5308 (cumulative patch)

Info Value
Patch Name Patch_20220805_TPS-5308_v1
Release Date 2022-08-05
Target Version 20211109_1610-V8.0.1
Product affected Talend MDM Server, Talend Studio

Introduction

This patch is cumulative. It includes all previous delivered patches for MDM 8.0.1

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-5052 [8.0.1] Talend MDM Log4j CVE-2021-44228/CVE-2021-45046 Security Issue (TMDM-15199)
  • TMDM-15199 Talend MDM Log4j CVE-2021-44228/CVE-2021-45046 Security Issue
  • TPS-5078 [8.0.1] Log4j2 CVE-2021-45105/ CVE-2021-44832(Moderate) DOS attack Fix - Version(2.17.1 update)(TMDM-15206)
  • TMDM-15176 [CVE] Replace outdated commons-httpclient with Apache HttpClient in MDM
  • TMDM-15181 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • TMDM-15189 [CVE] - Update Spring on MDM
  • TMDM-15190 [CVE] - Update Apache CXF on MDM
  • TMDM-15194 [CVE] Update Jackson version
  • TMDM-15207 [DA] Clean packaging to remove undue log4j-core lib
  • TMDM-15206 MDM - Log4j2 CVE-2021-45105/ CVE-2021-44832(Moderate) - Version(2.17.1 update)
  • TPS-5125 [8.0.1] [CVE] - Update H2 version to 2.1.210 on MDM (TMDM-15201)
  • TMDM-15217 libraries added in ZIP file deployed to MDM server and in jobox/work
  • TMDM-15218 [CVE] - Update Spring dependencies on Data Authoring
  • TMDM-15210 Chore: Remove remaining log4j1 from maven build
  • TMDM-15220 [CVE] Upgrade xercesImpl to 2.12.2
  • TMDM-15182 Improper Restriction of XML External Entity Reference
  • TMDM-15221 ERROR User 'xx' is not allowed to perform following operation(s): update field ...
  • TMDM-15226 Avoid security issue from SQL Injection
  • TMDM-15203 [CVE] - Upgrade commons-io version to 2.7 reported in dependabot
  • TMDM-15229 [CVE] - Update XStream Core to 1.4.19
  • TMDM-15227 [CVE] - Hazelcast upgrade
  • TMDM-15201 [CVE] - Update H2 version to 2.1.210 on MDM
  • TPS-5155 [8.0.1] [CVE - 2022-22965] - Update Spring on MDM/Data Authoring (TMDM-15248)
  • TMDM-15232 Upgrade Liquibase version to 3.8.9
  • TMDM-15231 [CVE] commons-fileupload
  • TMDM-15234 [CVE] - Update to Swagger and Guava stable release
  • TMDM-15170 Match & merge failed with confidence lower than minimum threshold while the confidence in simulate match is not lower than minimum threshold
  • TMDM-15236 [CVE] Log entry injection in Spring Framework
  • TMDM-15238 [CVE] - Liquibase upgrade
  • TMDM-11353 Issues of 'Contains the sentence'
  • TMDM-15234 return expected response for invalid request body
  • TMDM-11556 Logon mdm server with role does not exist, click to "return to login screen" will show 404 error
  • TMDM-15248 [CVE - 2022-22965] - Update Spring on MDM/Data Authoring
  • TPS-5230 [8.0.1] [CVE-2022-22968] - Update Spring Libraries on MDM/Data Authoring (TMDM-15266)
  • TMDM-15163 [CVE] - Upgrade Outdated eclipse plugin Library for MDM
  • TMDM-15239 [CVE] - Upgrade Outdated Jackson Library for MDM
  • TMDM-15241 [CVE] - Update outdated Jansi to 2.4.0
  • TMDM-15257 Upgrade tomcat version to 9.0.62
  • TMDM-15268 [CVE] - Update Apache CXF on MDM
  • TMDM-15244 Error java.lang.ArrayIndexOutOfBoundsException: Index 2 out of bounds for length 2 when deploying new version of Data Model
  • TMDM-15266 [CVE-2022-22968] - Update Spring Libraries on MDM
  • TPS-5247 [8.0.1] [CVE-2022-22976] - Update Spring security libraries on MDM/Data Authoring(TMDM-15275)
  • TMDM-15013 Error happens when sorting by FK column referenced to composite keys
  • TMDM-15269 [CVE-2022-25647] Update outdated gson on MDM
  • TMDM-15272 [CVE-2022-22970] - Update Spring Beans on MDM
  • TMDM-15270 [CVE] - Upgrade Outdated ActiveMQ Library for MDM
  • TMDM-15264 Some data is lost after restart MDM Server
  • TMDM-15276 [CVE] - Update Hibernate
  • TMDM-15275 [CVE-2022-22976] - Update Spring security libraries on MDM/Data Authoring
  • TPS-5263 [8.0.1] Job inserting records using tMDMBulkLoad : several executions do not insert the same number of records (TMDM-15290)
  • TMDM-15277 Remove retired Atom Dependencies(abdera)
  • TMDM-15278 [CVE] - Update Restlet on MDM
  • TMDM-15281 [CVE] - Update Talend commons.model
  • TMDM-15282 [CVE] - Upgrade dependency of scim-common
  • TMDM-12363 [RestAPI] Partial update APIs support before saving
  • TMDM-15290 Job inserting records using tMDMBulkLoad : several executions do not insert the same number of records
  • TPS-5308 [8.0.1] [CVE] - Update Spring Boot libraries (TMDM-15301)
  • TMDM-15295 [CVE-2018-10054] - Update H2 for MDM
  • TMDM-15293 Created record can not be associated to primary record due to its foreign key filter's constraint
  • TMDM-15304 [CVE] - Fix XXE Vulnerabilities In MDM
  • TMDM-15311 [CVE-2018-8088] - Update Log4j2(2.18.0)
  • TMDM-15312 [CVE-2022-34169] - Fix CVE issues against Xalan
  • TMDM-15288 [CVE] upgrade MapStruct for DA
  • TMDM-15310 Upgrade commons-configuration:commons-configuration and org.apache.commons:commons-configuration2 to 2.8.0
  • TMDM-15301 [CVE] - Update Spring Boot libraries

Prerequisites

Consider the following requirements for your system:

  • Talend Studio 8.0.1 must be installed.
  • Talend MDM Server 8.0.1 must be installed.

Installation

PATCH INSTALLATION NOTES FOR TALEND MDM SERVER 8.0.x

PRE-INSTALLATION

  • Stop the MDM server
  • Create a patch directory (eg: C:\MDM_Patch)
  • Unzip patch file you receive from support into this directory
  • Create a backup directory (eg: C:\MDM_Backup)

WEB APPLICATION REPLACEMENT

  • Copy folder <MDM_SERVER_HOME>/apache-tomcat/webapps/talendmdm into the backup directory (DO NOT place talendmdm backup folder into webapps directory)
  • In <MDM_SERVER_HOME>/apache-tomcat/webapps/ directory, remove the previous talendmdm folder, then copy the talendmdm folder unzipped above and paste in the current directory
  • Copy folder /tools/dbmigration into the backup directory
  • In /tools/ directory, remove the previous dbmigration folder, then copy the dbmigration folder unzipped above and paste in the current directory
  • Copy folder <MDM_SERVER_HOME>/apache-tomcat/webapps/data-authoring-proxy into the backup directory (DO NOT place data-authoring-proxy backup folder into webapps directory)
  • In <MDM_SERVER_HOME>/apache-tomcat/webapps/ directory, remove the previous data-authoring-proxy folder, then copy the data-authoring-proxy folder unzipped above and paste in the current directory
  • Copy folder <MDM_SERVER_HOME>/apache-tomcat/webapps/ROOT into the backup directory (DO NOT place ROOT backup folder into webapps directory)
  • In <MDM_SERVER_HOME>/apache-tomcat/webapps/ directory, remove the previous ROOT folder, then copy the ROOT folder unzipped above and paste in the current directory
  • H2 database
  • Install new MDM 8.0.1 with clean H2 database to apply the patch.
  • Replace connection-url of H2 in <MDM_SERVER_HOME>/conf/datasouces.xml by <connection-url>jdbc:h2:$MDM_HOME/data/h2-Default/$DB_NAME;DB_CLOSE_ON_EXIT=FALSE</connection-url>(Windows)
  • Do migration from old mdm server.

POST-INSTALLATION

  • Restart the MDM server
  • Clear browser cache on clients