...
- CVE-2017-5649: Apache Geode information disclosure vulnerability
- CVE-2017-9794: Apache Geode gfsh query vulnerability
- CVE-2017-9797: Apache Geode client/server authentication vulnerability
- CVE-2017-9795: Apache Geode OQL method invocation vulnerability
- CVE-2017-9796: Apache Geode OQL bind parameter vulnerability
- CVE-2017-12622: Apache Geode gfsh authorization vulnerability
- CVE-2017-15696 Apache Geode configuration request authorization vulnerability
- CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer
- CVE-2017-15693 Apache Geode unsafe deserialization of application objects
- CVE-2017-15695 Apache Geode remote code execution vulnerability
- CVE-2017-15694 Apache Geode metadata modification vulnerability
- CVE-2019-10091 Apache Geode SSL endpoint verification vulnerability
- CVE-2021-34797 Apache Geode information disclosure vulnerability
Latest
1.14.3
This patch release includes a couple of bug fixes:
- Bumped log4j to 2.17.1.
- Fixed an exception that can occur when a shutdown interrupts a recovery.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12351078
1.14.2
This patch release includes one bug fix:
...
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12348214
N-1
1.13.
...
7
This patch release includes one a couple of bug fixfixes:
- Bumped log4j to 2.16.017.1.
- Fixed an exception that can occur when a shutdown interrupts a recovery.
- Note: Geode 1.13.6 7 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235092112351077
1.13.
...
6
This patch release includes a few one bug fixesfix:
- Bumped log4j to 2.1516.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Correctly limit max message chunk size.
- Improved responsiveness of membership messaging.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Note: Geode 1.13.5 clients are not compatible with 1.13.0 or 1.13.1 servers.
- Note: Geode 1.13.6 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235043912350921
1.13.
...
5
This patch release includes a few bug fixes:
- Bumped log4j to 2.15.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Correctly limit max message chunk size.
- Improved responsiveness of membership messaging.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Note: Geode 1.13.5
- Fixed a performance issue with client SSL handshake.
- Fixed the source release to compile without reliance on bintray, which has now sunsetted.
- Note: Geode 1.13.4 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235031112350439
1.13.
...
4
This patch release includes a number of few bug fixes, including a fix for an issue with session state expiration::
- Fixed a performance issue with client SSL handshake.
- Fixed the source release to compile without reliance on bintray, which has now sunsetted
- Several fixes in the session state module.
- Fix for server not stopping completely on shutdown.
- Fix for incorrect CQ event being sent in some cases.
- Improvements to disconnect handling, p2p connections, and idle expiration.
- Dependency bumps for json-smart, spring, spring-security, and jetty.
- Note: Geode 1.13.3 4 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234984112350311
1.13.
...
3
This patch release includes a number of bug fixes, including some critical fixes if upgrading from an earlier version of Geode:a fix for an issue with session state expiration:
- Several fixes in the session state module.
- Fix for server not stopping completely on
- Fixed a race condition that could lead to Pdx corruption in rare cases.
- Provide ability to configure Geode appenders in log4j2.xml.
- Localize dates in Pulse queries.
- Improvements to startup/ shutdown.
- Fix for tombstone never expiring in rare incorrect CQ event being sent in some cases.
- Fix rebalance to function properly during rolling upgrade.
- Performance improvements.
- Improvements to disconnect handling, p2p connections, and idle expiration.
- Dependency bumps for json-smart, spring, spring-security, and jettyChange apachegeode dockerhub image to be based on BellSoft's Liberica JDK.
- Note: Geode 1.13.2 3 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234938112349841
1.13.
...
2
This patch release includes a number of bug fixes, including some critical fixes if using TLS communicationupgrading from an earlier version of Geode:
- Fixed an issue where rebalance operations could be stuck in "IN_PROGRESS" state forever.
- SSL/TLS protocol and cipher suite configuration is now honored.
- GarbageCollectionCount metric no longer shows negative values.
- StackOverflow no longer occurs when Lucene IndexWriter is unable to be created.
- Implemented CopyOnWriteHashSet.iterator().remove().
- Fixed some shutdown-related edge cases in message transmission.
- Fixed deadlock that could occur due to tombstone removal during GII.
- a race condition that could lead to Pdx corruption in rare cases.
- Provide ability to configure Geode appenders in log4j2.xml.
- Localize dates in Pulse queries.
- Improvements to startup/shutdown.
- Fix for tombstone never expiring in rare cases.
- Fix rebalance to function properly during rolling upgrade.
- Performance improvements.
- Change apachegeode dockerhub image to be based on BellSoft's Liberica JDKAdded REST API for creating diskstores.
- Note: Geode 1.13.1 is 2 clients are not compatible with 1.13.2+ 0 or 1.1213.1 + clientsservers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234878512349381
1.13.
...
1
This release contains some new gfsh commands and support for SNI as well as patch release includes a number of improvements and bug fixes, including some critical fixes if using TLS communication:
- Fixed an issue where rebalance operations could be stuck in "IN_PROGRESS" state forever.
- SSL/TLS protocol and cipher suite configuration is now honored.
- GarbageCollectionCount metric no longer shows negative values.
- StackOverflow no longer occurs when Lucene IndexWriter is unable to be created.
- Implemented CopyOnWriteHashSet.iterator().remove().
- Fixed some shutdown-related edge cases in message transmission.
- Fixed deadlock that could occur due to tombstone removal during GII.
- Added REST API for creating diskstores.
- Note: Geode 1.13.1 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12348785
1.13.0
This release contains some new gfsh commands and support for SNI as well as a number of improvements and bug fixes:
- Indexes can now be created on subregions.
- Experimental Cluster Management Service REST API to deploy versioned JAR files.
- Apache Geode clients can utilize the Server Name Indication (SNI) extension to TLS.
- Added options to the gfsh list gateways command to show only senders or receivers.
- The gfsh list gateways command now reports the connection state of gateway senders.
- New gfsh commands to report on or ensure the redundancy status of partitioned regions.
- The gfsh connect command can now accept an OAuth token for authentication.
- Gfsh can now connect to any Geode version 1.10 or newer.
- Fixed an issue that caused a ConcurrentModificationException to be thrown when using JTA transactions.
- Improved performance in highly concurrent environments.
- Fixed an issue in which a customer could experience data corruption if doing puts with large objects.
- Fixed a memory leak that occurred when a replicated region, configured with entry expiration, was cleared.
- Fixed a problem with replaying subscription events following restart or failover.
- Unused disk store backups (drf files) are now deleted to prevent possible startup failure.
- When a client performs a single-hop getAll() operation and encounters a serialization error, the operation is now re-tried.
- Corrected a case in which tombstones were being cleared when the region was not initialized.
- Note: Geode 1.13.0 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346917
N-2
1.12.8
This patch release includes a couple of bug fixes:
- Bumped log4j to 2.17.1.
- Fixed an exception that can occur when a shutdown interrupts a recovery.
- Note: 1.12.8 cannot be upgraded to versions of Geode 1.13 prior to 1.13.2. Geode 1.12.8 clients are not compatible with 1.12.0 servers
- Indexes can now be created on subregions.
- Experimental Cluster Management Service REST API to deploy versioned JAR files.
- Apache Geode clients can utilize the Server Name Indication (SNI) extension to TLS.
- Added options to the gfsh list gateways command to show only senders or receivers.
- The gfsh list gateways command now reports the connection state of gateway senders.
- New gfsh commands to report on or ensure the redundancy status of partitioned regions.
- The gfsh connect command can now accept an OAuth token for authentication.
- Gfsh can now connect to any Geode version 1.10 or newer.
- Fixed an issue that caused a ConcurrentModificationException to be thrown when using JTA transactions.
- Improved performance in highly concurrent environments.
- Fixed an issue in which a customer could experience data corruption if doing puts with large objects.
- Fixed a memory leak that occurred when a replicated region, configured with entry expiration, was cleared.
- Fixed a problem with replaying subscription events following restart or failover.
- Unused disk store backups (drf files) are now deleted to prevent possible startup failure.
- When a client performs a single-hop getAll() operation and encounters a serialization error, the operation is now re-tried.
- Corrected a case in which tombstones were being cleared when the region was not initialized.
- Note: Geode 1.13.0 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234691712351076
N-2
1.12.7
This patch release includes one bug fix:
- Bumped log4j to 2.16.0.
- Note: 1.12.6 7 cannot be upgraded to versions of Geode 1.13 prior to 1.13.2. Geode 1.12.6 7 clients are not compatible with 1.12.0 servers.
...