TPS-5539 - 8.0

Version
8.0
Language
English
Product
Talend Data Integration
Module
Talend SAP RFC Server
Last publication date
2023-09-15

TPS-5539

Info Value
Patch Name Patch_20230915_TPS-5539_v1-8.0.1
Release Date 2023-09-15
Target Version 20211109_1610-V8.0.1
Product affected Talend SAP RFC Server

Introduction

This is a self-contained patch.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TDI-46850 Upgrade ActiveMQ Jars (5.16.3)

  • TDI-46932 tSAPInput component parses TIMS Midnight as null when using dynamic schema

  • TDI-47241 CVE: log4j-api(core)-[2 - 2.15.0)

  • TDI-47325 Cannot create data source(SAP BW version 7.5)

  • TDI-47633 CVE: Replace log4j1.x by reload4j or upgrade to log4j2

  • TDI-47763 Assess Spring4Shell vulnerability

  • TDI-47861 CVE: tomcat-embed-core 9.0.30 have risk

  • TDI-47869 Authentication Bypass in Talend/tsap-rfc-server

  • TDI-47573 SAP RFC Server shouldn't be required when feature mode is mock

  • TDI-48107 CVE: gson-2.8.0.jar

  • TDI-48174 [CVE] : upgrade kafka-clients to 2.8.1

  • TDI-48471 Denial Of Service (DoS) in Talend/cloud-components (master)--snakeyaml 1.32

  • TDI-48726 Spring-beans: Denial Of Service (DoS) in Talend/tsap-rfc-server (master)---spring 5.3.23

  • TDI-48715 CVE-2022-42003,CVE-2022-42004, jackson-databind-2.13.2.2jar

  • TDI-48873 Upgrade slf4j to 1.7.34

  • TDI-48818 Kafka: Denial Of Service (DoS) in Talend/tsap-rfc-server, sap-api and cloud-components

  • TDI-48821 Apache common codec and Apache http client in Talend/talend-sap-api (master)

  • TDI-49303 Premium Data,commons-net:commons-net:(2.2,3.3,3.6,3.8.0)

  • TDI-49797 Access Restriction Bypass in Talend/tsap-rfc-server (master):org.springframework.boot:spring-boot-actuator-autoconfigure

  • TDI-50040 Security Bypass in Talend/tsap-rfc-server (master):spring-webmvc

  • TDI-50054 Remote Code Execution (RCE) in Talend/tsap-rfc-server (master)(kafka-clients:2.3.0-3.3.2)

  • TDI-50055 Denial Of Service (DoS) in Talend/tsap-rfc-server (master)( tomcat-embed-core:9.0.62)

  • TDI-50222 CVE-2023-20883 org.springframework.boot:spring-boot-autoconfigure 2.​7.​11 in Talend/tsap-rfc-server

Prerequisites

Consider the following requirements for your system:

  • Talend SAP RFC Server 8.0.1 must be installed. and work with Talend Studio 8.0.1 with patch "R2021-12" or newer

Installation

Installing the patch using Talend SAP RFC Server

  1. Stop the Talend SAP RFC Server
  2. Extract the zip.
  3. Overwrite the {sap rfc server home}/tsap-rfc-server-8.0.1.jar
  4. Adjust the new configuration in {sap rfc server home}/conf/tsap-rfc-server.properties, please refer to README.md file in the patch root folder.
  5. Restart the Talend SAP RFC Server