R2024-07-RT (monthly release cumulative patch)

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2024-05-RT.

NOTE: To download this patch, contact Talend Support.

Prerequisites

Consider the following requirements for your system:

• Talend ESB Runtime 8.0.1.R2024-05-RT must be installed. either as full build or by previously patching an older runtime with Patch-20240524_R2024-05_v1-RT-8.0.1.R2023-08-RT.zip. Installation of the present patch over an older Talend ESB runtime version is rejected. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime.

• Depending on the product, {container} is Talend-ESB-V8.0.1.R2024-05-RT/container/ or Talend-Runtime-V8.0.1.R2024-05-RT/

For all inserted properties:

• if property already present (commented or uncommented), won't insert
• if property not already present, will backup related file in dir {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/backup/ and insert property

For all updated properties:

• if property commented or not already present, won't update
• if property already present, will backup related file in dir {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/backup/ and update property

If any change required, update value after patch execution.

Installation

Container

• Start Runtime Container
• Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch03.commands
│           patch.sh
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...

• Ensure username/password are right in {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/patch.bat or {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/patch.sh

  ... -u {username} -p {password} -f patch.commands ... 
  

• Execute {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/patch.bat or {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/patch.sh

• Ensure directory {container}/patches/Patch_20240719_R2024-07_v1-RT-8.0.1.R2024-05-RT/logs contains new log files :
  • xxx-installation.log: patch installation log
  • xxx-init.log: state before patch installation
  • xxx-installed.log: state after patch installation

    Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
    You will need to restart the Runtime Container for changes to take effect.
    

Warning: JRE 11.0.20 or 17.0.8 may refuse to open JAR or other ZIP files from Talend ESB runtime or the patch
installer. They complain about invalid CEN headers. This is caused by an incompatibility with JARs and other ZIP
files created by commonly used Apache tools. It has been fixed with JRE 11.0.21 and 17.0.9, and you need to upgrade
your JRE to one of these or a newer version.

Warning: Some patches perform updates of the Bouncycastle libraries. This may lead to ssh connection errors
after patch when using Oracle jdk. A shutdown and restart of the Talend Runtime resolves the issue.

Warning: Patch 8.0.1.R2024-07-RT fixes a security issue with Talend ESB runtime SSH access:
If any of the system users "tadmin", "tesb", or "karaf" has the default password in "etc/users.properties", SSH access to the Talend ESB runtime is restricted to "127.0.0.1".
The corresponding property is "sshHost" in configuration "etc/org.apache.karaf.shell.cfg".

Warning: Patch 8.0.1.R2024-07-RT disables the usually unused jobserver monitoring port for security reasons:
If you are using the Talend ESB runtime with TAC and run DI jobs in the runtime and not in a separate standalone jobserver, you may get errors in TAC.
In this case, re-enable the jobserver monitoring port in "etc/org.talend.remote.jobserver.server.cfg".
Set "org.talend.remote.jobserver.server.TalendJobServer.ENABLE_MONITORING_PORT=true".

Notes

Bundle resolution errors

The updates are performed in three iterations. During the first and second iteration bundle resolution errors are showing up on the console and in the logs. This is expected, and these errors are resolved in the third iteration. The total patch process takes several minutes, but should not exceed 15 minutes depending on the number of features installed and the hardware.

R2024-07

Issues fixed in 2024-07

TPRUN

• TPRUN-6516: Provide JWT (JSON Web Token) Provider to STS service
• TPRUN-8398: Talend ESB 8.0.1 RT - CVE updates from June 2024 Trivy scans
• TPRUN-8483: Update <ESB-DIR>/add-ons/datasources/sap/README.txt
• TPRUN-8522: Disable JobServer monitoring port in runtime
• TPRUN-8523: Improve Talend ESB runtime security with default credentials - SSH access restriction to 127.0.0.1
• TPRUN-8523: Improve Talend ESB runtime security with default credentials - default password warning at local shell startup

TDM

• TDM-10732: [DSQL Map]Length of the EDI Interchange Control Number is not as expected
• TDM-10761: [DSQL Map] Cobol input trimming does not remove special characters

CVE fixed in 2024-07

CVE-2024-6162, CVE-2024-27316 undertow 2.2.31.Final -> 2.2.33.Final CVE-2021-47621 classgraph 4.8.25 -> 4.8.112

R2024-06

Issues fixed in 2024-06

TPRUN

• TPRUN-8231: Talend ESB runtime patching: Update feature file "specs" only if present
• TPRUN-8280: CVE-2023-5685 - Update of xnio in Talend ESB runtime
• TPRUN-8367: Talend ESB 8.0.1 RT - CVE-2024-37902 - update of djl api to 0.28.0

TDM

• TDM-10763: The error when read copybooks in TDM
• TDM-10856: NullPointerException using Flat Representation when log level is DEBUG
• TDM-10878: When the “major” and “minor” attributes are added in tHMap the default namespace is not set in the generated XML
• TDM-10896: install feature talend-data-mapper-eclipse on ESB runtime fails

CVE fixed in 2024-06

CVE-2023-5685 xnio 3.8.11.Final -> 3.8.14.Final CVE-2024-37902 ai.djl 0.21.0 -> 0.28.0

R2024-05

Issues fixed in 2024-05

TPRUN

• TPRUN-7972: Unable to deploy Route which has SMB Protocol in Runtime
• TPRUN-7514: Update of Talend ESB runtime Camel dependency to 3.20.9
• TPRUN-7908: Fix apache transitive dependencies in tesb repo
• TPRUN-8115: Integrate latest JobServer patch version 8.0.2.202405071504patch into ESB
• TPRUN-8070: Feature dependency camel-google-storage/0.0.0 is not available
• TPRUN-8138: Missing camel-zookeeper-master lib

TDM

• TDM-9959: CSV writer doesnt generate default header
• TDM-10554: Migrate DataFormatDateConverter from joda to java.time
• TDM-10737: Update TDM maplang libraries to new version 1.12.0

CVE fixed in 2024-05

• CVE-2024-28752 cxf 3.5.6 -> 3.5.8 (backport no longer required)
• CVE-2024-22243 spring 5.2.24 -> 5.3.34 (syncope, full build only)
• CVE-2022-22978 spring-security 5.3.13 -> 5.7.12 (syncope, full build only)
• CVE-2023-20873 spring-boot 2.7.6 -> 2.7.18 (syncope, full build only)
• CVE-2021-42575 owasp-java-html-sanitizer 20191001.1 -> 20211018.1 (syncope, full build only)
• CVE-2022-46364 cxf 3.3.13 -> 3.5.8 (syncope, full build only)
• CVE-2022-44729 batik-bridge 1.14 -> 1.31 (syncope, full build only)
• CVE-2022-25857 snakeyaml 1.27 -> 1.33 (syncope, full build only)
• CVE-2020-36518 ehcache 2.10.9.2 (embedded jackson-databind 2.11.1) removed (syncope, full build only)

For previous patches : see 2024-04 patch release notes