...
- CVE-2017-5649: Apache Geode information disclosure vulnerability
- CVE-2017-9794: Apache Geode gfsh query vulnerability
- CVE-2017-9797: Apache Geode client/server authentication vulnerability
- CVE-2017-9795: Apache Geode OQL method invocation vulnerability
- CVE-2017-9796: Apache Geode OQL bind parameter vulnerability
- CVE-2017-12622: Apache Geode gfsh authorization vulnerability
- CVE-2017-15696 Apache Geode configuration request authorization vulnerability
- CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer
- CVE-2017-15693 Apache Geode unsafe deserialization of application objects
- CVE-2017-15695 Apache Geode remote code execution vulnerability
- CVE-2017-15694 Apache Geode metadata modification vulnerability
- CVE-2019-10091 Apache Geode SSL endpoint verification vulnerability
- CVE-2021-34797 Apache Geode information disclosure vulnerability
Latest
1.
...
15.
...
1
This patch release includes a
...
few bug fixes:
- Bumped log4j jetty to 29.174.1.47.v20220610
- Fixed data inconsistency in the replicated region with 3 or more servers, and one server is down
- Fixed clearing the region related expired tombstones when the region is destroyed
- Improve handling WAN events when interrupted
A full list of issues that were resolved can be found at ahttps://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235107812351801
Previous Releases
1.
...
15.
...
0
This patch release includes a security fix:contains a number of improvements and bug fixes, including:
- Support for running on JDK17.
- Support for authentication expiration and re-authorization.
- The default value of conserve-sockets has been changed from
truetofalseBumped log4j to 2.16.0.
A full list of issues that were resolved can be found at at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235092212349678
1.14.
...
4
This patch release includes a few bug fixes:
- Bumped log4j to 2.15.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Improved gateway sender performance when not grouping transactions.
- Fixed an issue in the session state module.
- Fixed a durable client socket leak.
A full A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235057212351226
1.14.
...
3
This patch release includes a significant number of bug fixes, improvements in current behavior along with the addition of a few statistics to monitor the cluster health:security fix:
- Bumped log4j to 2.17.1.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12351078
1.14.2
This patch release includes a security fix:
- Bumped log4j to 2.16.0.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12350922
1.14.1
This patch release includes a few bug fixes:
- Bumped log4j to 2.15.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Improved gateway sender performance when not grouping transactions.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12350572
1.14.0
This release includes a significant number of bug fixes, improvements in current behavior along with the addition of a few statistics to monitor the cluster health:
- The creation of OQL indexes now works on sub-regions.
- Proper exceptions are thrown when a region is destroyed during function execution.
- Daemon threads are now used while rebalancing regions.
- Gateway receivers can be configured with the same hostname-for-senders and port. The reason for such a setup is deploying a Geode cluster on a Kubernetes cluster where all GW receivers are reachable from the outside world on the same IP and port.
- Disk stores are recovered in parallel during cluster restarts.
- New option in GFSH command "start gateway sender" to control clearing of existing queues.
- New member field added in OQL query GFSH command to point to the member on which the query will be executed.
- No more ConcurrentModificationException when using JTA transaction.
- Setting SNI server name is now not needed if endpoint verification is disabled.
- A new REST interface for disk-store creation has been introduced.
- GFSH command to create defined indexes now works if connected to a new locator which joined the cluster after indexes were defined.
- Session state modules dependencies were cleaned up and made more efficient.
- Limited retries while trying to create Lucene indexes to prevent stack overflow issues.
- A new statistic was added to get the heap memory occupied by the gateway sender's queue.
- maximum-time-between-pings set when creating a gateway receiver is now honored instead of being ignored.
- Deadlocks are prevented when java garbage collection and tombstone collection occur simultaneously.
- 'conserve-sockets' default value is now set to false when the members are started.
- Slower receivers with async-distribution-timeout greater than 0 are now not allowed with cluster TLS/SSL.
- Client trying to register interest in an older version server will now receive a ServerRefusedConnectionException.
- The speed of registering interest during rolling upgrades has been improved.
- A new feature was added to print out the tenured heap in the log files after garbage collection.
- Bucket statistics were fixed.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12348214
1.13.8
This patch release includes a few bug fixes:
- Fixed an issue in the session state module.
- Fixed a durable client socket leak.
- Note: Geode 1.13.8 clients are not compatible with 1.13.0 or 1.13.1 servers
- The creation of OQL indexes now works on sub-regions.
- Proper exceptions are thrown when a region is destroyed during function execution.
- Daemon threads are now used while rebalancing regions.
- Gateway receivers can be configured with the same hostname-for-senders and port. The reason for such a setup is deploying a Geode cluster on a Kubernetes cluster where all GW receivers are reachable from the outside world on the same IP and port.
- Disk stores are recovered in parallel during cluster restarts.
- New option in GFSH command "start gateway sender" to control clearing of existing queues.
- New member field added in OQL query GFSH command to point to the member on which the query will be executed.
- No more ConcurrentModificationException when using JTA transaction.
- Setting SNI server name is now not needed if endpoint verification is disabled.
- A new REST interface for disk-store creation has been introduced.
- GFSH command to create defined indexes now works if connected to a new locator which joined the cluster after indexes were defined.
- Session state modules dependencies were cleaned up and made more efficient.
- Limited retries while trying to create Lucene indexes to prevent stack overflow issues.
- A new statistic was added to get the heap memory occupied by the gateway sender's queue.
- maximum-time-between-pings set when creating a gateway receiver is now honored instead of being ignored.
- Deadlocks are prevented when java garbage collection and tombstone collection occur simultaneously.
- 'conserve-sockets' default value is now set to false when the members are started.
- Slower receivers with async-distribution-timeout greater than 0 are now not allowed with cluster TLS/SSL.
- Client trying to register interest in an older version server will now receive a ServerRefusedConnectionException.
- The speed of registering interest during rolling upgrades has been improved.
- A new feature was added to print out the tenured heap in the log files after garbage collection.
- Bucket statistics were fixed.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12348214
...
1.13.7
This patch release includes a security fix:
...
- Indexes can now be created on subregions.
- Experimental Cluster Management Service REST API to deploy versioned JAR files.
- Apache Geode clients can utilize the Server Name Indication (SNI) extension to TLS.
- Added options to the gfsh list gateways command to show only senders or receivers.
- The gfsh list gateways command now reports the connection state of gateway senders.
- New gfsh commands to report on or ensure the redundancy status of partitioned regions.
- The gfsh connect command can now accept an OAuth token for authentication.
- Gfsh can now connect to any Geode version 1.10 or newer.
- Fixed an issue that caused a ConcurrentModificationException to be thrown when using JTA transactions.
- Improved performance in highly concurrent environments.
- Fixed an issue in which a customer could experience data corruption if doing puts with large objects.
- Fixed a memory leak that occurred when a replicated region, configured with entry expiration, was cleared.
- Fixed a problem with replaying subscription events following restart or failover.
- Unused disk store backups (drf files) are now deleted to prevent possible startup failure.
- When a client performs a single-hop getAll() operation and encounters a serialization error, the operation is now re-tried.
- Corrected a case in which tombstones were being cleared when the region was not initialized.
- .
- Fixed a memory leak that occurred when a replicated region, configured with entry expiration, was cleared.
- Fixed a problem with replaying subscription events following restart or failover.
- Unused disk store backups (drf files) are now deleted to prevent possible startup failure.
- When a client performs a single-hop getAll() operation and encounters a serialization error, the operation is now re-tried.
- Corrected a case in which tombstones were being cleared when the region was not initialized.
- Note: Geode 1.13.0 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346917
1.12.9
This patch release includes a few bug fixes:
- Fixed an issue in the session state module.
- Fixed a durable client socket leak.
- Note: 1.12.9 cannot be upgraded to versions of Geode 1.13 prior to 1.13.2. Geode 1.12.9 clients are not compatible with 1.12.0 serversNote: Geode 1.13.0 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346917
...
1.12.8
This patch release includes a security fix:
...
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12350901
Kakfa Connector 1.1.0
- Upgraded Log4j to 2.16.0
- Apache Geode upgraded to 1.12.6
1.12.6
This patch release includes a few bug fixes:
...
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346481
Kakfa Connector 1.1.0
- Upgraded Log4j to 2.16.0
- Apache Geode upgraded to 1.12.6
...
1.11.0
This release contains a number of improvements and bug fixes:
...