...
- CVE-2017-5649: Apache Geode information disclosure vulnerability
- CVE-2017-9794: Apache Geode gfsh query vulnerability
- CVE-2017-9797: Apache Geode client/server authentication vulnerability
- CVE-2017-9795: Apache Geode OQL method invocation vulnerability
- CVE-2017-9796: Apache Geode OQL bind parameter vulnerability
- CVE-2017-12622: Apache Geode gfsh authorization vulnerability
- CVE-2017-15696 Apache Geode configuration request authorization vulnerability
- CVE-2017-15692 Apache Geode unsafe deserialization in TcpServer
- CVE-2017-15693 Apache Geode unsafe deserialization of application objects
- CVE-2017-15695 Apache Geode remote code execution vulnerability
- CVE-2017-15694 Apache Geode metadata modification vulnerability
- CVE-2019-10091 Apache Geode SSL endpoint verification vulnerability
- CVE-2021-34797 Apache Geode information disclosure vulnerability
Latest
1.
...
15.
...
1
This patch release includes a
...
few bug fixes:
- Bumped log4j jetty to 29.174.1.47.v20220610
- Fixed data inconsistency in the replicated region with 3 or more servers, and one server is down
- Fixed clearing the region related expired tombstones when the region is destroyed
- Improve handling WAN events when interrupted
A full list of issues that were resolved can be found at ahttps://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235107812351801
Previous Releases
1.
...
15.
...
0
This patch release includes a security fix:contains a number of improvements and bug fixes, including:
- Support for running on JDK17.
- Support for authentication expiration and re-authorization.
- The default value of conserve-sockets has been changed from
true
tofalse
Bumped log4j to 2.16.0.
A full list of issues that were resolved can be found at at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235092212349678
1.14.
...
4
This patch release includes a few bug fixes:
- Bumped log4j to 2.15.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Improved gateway sender performance when not grouping transactions.
- Fixed an issue in the session state module.
- Fixed a durable client socket leak.
A full A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235057212351226
1.14.
...
3
This patch release includes a significant number of bug fixes, improvements in current behavior along with the addition of a few statistics to monitor the cluster health:security fix:
- Bumped log4j to 2.17.1.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12351078
1.14.2
This patch release includes a security fix:
- Bumped log4j to 2.16.0.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12350922
1.14.1
This patch release includes a few bug fixes:
- Bumped log4j to 2.15.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Improved gateway sender performance when not grouping transactions.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12350572
1.14.0
This release includes a significant number of bug fixes, improvements in current behavior along with the addition of a few statistics to monitor the cluster health:
- The creation of OQL indexes now works on sub-regions.
- Proper exceptions are thrown when a region is destroyed during function execution.
- Daemon threads are now used while rebalancing regions.
- Gateway receivers can be configured with the same hostname-for-senders and port. The reason for such a setup is deploying a Geode cluster on a Kubernetes cluster where all GW receivers are reachable from the outside world on the same IP and port.
- Disk stores are recovered in parallel during cluster restarts.
- New option in GFSH command "start gateway sender" to control clearing of existing queues.
- New member field added in OQL query GFSH command to point to the member on which the query will be executed.
- No more ConcurrentModificationException when using JTA transaction.
- Setting SNI server name is now not needed if endpoint verification is disabled.
- A new REST interface for disk-store creation has been introduced.
- GFSH command to create defined indexes now works if connected to a new locator which joined the cluster after indexes were defined.
- Session state modules dependencies were cleaned up and made more efficient.
- Limited retries while trying to create Lucene indexes to prevent stack overflow issues.
- A new statistic was added to get the heap memory occupied by the gateway sender's queue.
- maximum-time-between-pings set when creating a gateway receiver is now honored instead of being ignored.
- Deadlocks are prevented when java garbage collection and tombstone collection occur simultaneously.
- 'conserve-sockets' default value is now set to false when the members are started.
- Slower receivers with async-distribution-timeout greater than 0 are now not allowed with cluster TLS/SSL.
- Client trying to register interest in an older version server will now receive a ServerRefusedConnectionException.
- The speed of registering interest during rolling upgrades has been improved.
- A new feature was added to print out the tenured heap in the log files after garbage collection.
- Bucket statistics were fixed.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12348214
1.13.8
This patch release includes a few bug fixes:
- Fixed an issue in the session state module.
- Fixed a durable client socket leak.
- Note: Geode 1.13.8 clients are not compatible with 1.13.0 or 1.13.1 servers
- The creation of OQL indexes now works on sub-regions.
- Proper exceptions are thrown when a region is destroyed during function execution.
- Daemon threads are now used while rebalancing regions.
- Gateway receivers can be configured with the same hostname-for-senders and port. The reason for such a setup is deploying a Geode cluster on a Kubernetes cluster where all GW receivers are reachable from the outside world on the same IP and port.
- Disk stores are recovered in parallel during cluster restarts.
- New option in GFSH command "start gateway sender" to control clearing of existing queues.
- New member field added in OQL query GFSH command to point to the member on which the query will be executed.
- No more ConcurrentModificationException when using JTA transaction.
- Setting SNI server name is now not needed if endpoint verification is disabled.
- A new REST interface for disk-store creation has been introduced.
- GFSH command to create defined indexes now works if connected to a new locator which joined the cluster after indexes were defined.
- Session state modules dependencies were cleaned up and made more efficient.
- Limited retries while trying to create Lucene indexes to prevent stack overflow issues.
- A new statistic was added to get the heap memory occupied by the gateway sender's queue.
- maximum-time-between-pings set when creating a gateway receiver is now honored instead of being ignored.
- Deadlocks are prevented when java garbage collection and tombstone collection occur simultaneously.
- 'conserve-sockets' default value is now set to false when the members are started.
- Slower receivers with async-distribution-timeout greater than 0 are now not allowed with cluster TLS/SSL.
- Client trying to register interest in an older version server will now receive a ServerRefusedConnectionException.
- The speed of registering interest during rolling upgrades has been improved.
- A new feature was added to print out the tenured heap in the log files after garbage collection.
- Bucket statistics were fixed.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234821412351225
...
1.
...
- Upgraded Log4j to 2.16.0
- Apache Geode upgraded to 1.12.6
...
13.7
This patch release includes a security fix:
- Bumped log4j to 2.17.1.
- Note: Geode 1.13.7 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12351077
1.13.
...
6
This patch release includes a security fix:
- Bumped log4j to 2.1716.10.
- Note: Geode 1.13.7 6 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235107712350921
1.13.
...
5
This patch release includes a security fixfew bug fixes:
- Bumped log4j to 2.16.015.0.
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Correctly limit max message chunk size.
- Improved responsiveness of membership messaging.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Note: Geode 1.13.6 5 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235092112350439
1.13.
...
4
This patch release includes a few bug fixes:
...
- Fixed a performance issue with client SSL handshake.
- Fixed the source release to compile without reliance on bintray, which has now sunsetted
- Improved index maintenance and reliability.
- Support for differing socket buffer sizes between locator and server.
- Fixed an issue affecting some classes when serializable validation is enabled.
- Correctly limit max message chunk size.
- Improved responsiveness of membership messaging.
- Fixed an issue where rebalancing a region with multiple redundancy zones could fail.
- Note: Geode 1.13.5 4 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235043912350311
1.13.
...
3
This patch release includes a few number of bug fixes:, including a fix for an issue with session state expiration:
- Several fixes in the session state module.
- Fix for server not stopping completely on shutdown.
- Fix for incorrect CQ event being sent in some cases.
- Improvements to disconnect handling, p2p connections, and idle expiration.
- Dependency bumps for json-smart, spring, spring-security, and jetty
- Fixed a performance issue with client SSL handshake.
- Fixed the source release to compile without reliance on bintray, which has now sunsetted.
- Note: Geode 1.13.4 3 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1235031112349841
1.13.
...
2
This patch release includes a number of bug fixes, including a fix for an issue with session state expiration:some critical fixes if upgrading from an earlier version of Geode:
- Fixed a race condition that could lead to Pdx corruption in rare cases.
- Provide ability to configure Geode appenders in log4j2.xml.
- Localize dates in Pulse queries.
- Improvements to startup/
- Several fixes in the session state module.
- Fix for server not stopping completely on shutdown.
- Fix for incorrect CQ event being sent in some tombstone never expiring in rare cases.
- Improvements to disconnect handling, p2p connections, and idle expiration.
- Fix rebalance to function properly during rolling upgrade.
- Performance improvements.
- Change apachegeode dockerhub image to be based on BellSoft's Liberica JDKDependency bumps for json-smart, spring, spring-security, and jetty.
- Note: Geode 1.13.3 2 clients are not compatible with 1.13.0 or 1.13.1 servers.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234984112349381
1.13.
...
1
This patch release includes a number of bug fixes, including some critical fixes if upgrading from an earlier version of Geodeusing TLS communication:
- Fixed a race condition that could lead to Pdx corruption in rare cases.
- Provide ability to configure Geode appenders in log4j2.xml.
- Localize dates in Pulse queries.
- Improvements to startup/shutdown.
- Fix for tombstone never expiring in rare cases.
- Fix rebalance to function properly during rolling upgrade.
- Performance improvements.
- an issue where rebalance operations could be stuck in "IN_PROGRESS" state forever.
- SSL/TLS protocol and cipher suite configuration is now honored.
- GarbageCollectionCount metric no longer shows negative values.
- StackOverflow no longer occurs when Lucene IndexWriter is unable to be created.
- Implemented CopyOnWriteHashSet.iterator().remove().
- Fixed some shutdown-related edge cases in message transmission.
- Fixed deadlock that could occur due to tombstone removal during GII.
- Added REST API for creating diskstoresChange apachegeode dockerhub image to be based on BellSoft's Liberica JDK.
- Note: Geode 1.13.2 clients are 1 is not compatible with 1.13.0 2+ or 1.1312.1 servers+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234938112348785
1.13.
...
0
This patch release includes a number of bug fixes, including some critical fixes if using TLS communication:
- Fixed an issue where rebalance operations could be stuck in "IN_PROGRESS" state forever.
- SSL/TLS protocol and cipher suite configuration is now honored.
- GarbageCollectionCount metric no longer shows negative values.
- StackOverflow no longer occurs when Lucene IndexWriter is unable to be created.
- Implemented CopyOnWriteHashSet.iterator().remove().
- Fixed some shutdown-related edge cases in message transmission.
- Fixed deadlock that could occur due to tombstone removal during GII.
- Added REST API for creating diskstores.
- Note: Geode 1.13.1 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12348785
1.13.0
This release contains some new gfsh commands and support for SNI as well as a number of improvements and bug fixes:
release contains some new gfsh commands and support for SNI as well as a number of improvements and bug fixes:
- Indexes can now be created on subregions.
- Experimental Cluster Management Service REST API to deploy versioned JAR files.
- Apache Geode clients can utilize the Server Name Indication (SNI) extension to TLS.
- Added options to the gfsh list gateways command to show only senders or receivers.
- The gfsh list gateways command now reports the connection state of gateway senders.
- New gfsh commands to report on or ensure the redundancy status of partitioned regions.
- The gfsh connect command can now accept an OAuth token for authentication.
- Gfsh can now connect to any Geode version 1.10 or newer.
- Fixed an issue that caused a ConcurrentModificationException to be thrown when using JTA transactions.
- Improved performance in highly concurrent environments.
- Fixed an issue in which a customer could experience data corruption if doing puts with large objects.
- Fixed a memory leak that occurred when a replicated region, configured with entry expiration, was cleared.
- Fixed a problem with replaying subscription events following restart or failover.
- Unused disk store backups (drf files) are now deleted to prevent possible startup failure.
- When a client performs a single-hop getAll() operation and encounters a serialization error, the operation is now re-tried.
- Corrected a case in which tombstones were being cleared when the region was not initialized.
- Note: Geode 1.13.0 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346917
1.12.9
This patch release includes a few bug fixes:
- Fixed an issue in the session state module.
- Fixed a durable client socket leak.
- Note: 1.12.9 cannot be upgraded to versions of Geode 1.13 prior to 1.13.2. Geode 1.12.9 clients are not compatible with 1.12.0 servers
- Indexes can now be created on subregions.
- Experimental Cluster Management Service REST API to deploy versioned JAR files.
- Apache Geode clients can utilize the Server Name Indication (SNI) extension to TLS.
- Added options to the gfsh list gateways command to show only senders or receivers.
- The gfsh list gateways command now reports the connection state of gateway senders.
- New gfsh commands to report on or ensure the redundancy status of partitioned regions.
- The gfsh connect command can now accept an OAuth token for authentication.
- Gfsh can now connect to any Geode version 1.10 or newer.
- Fixed an issue that caused a ConcurrentModificationException to be thrown when using JTA transactions.
- Improved performance in highly concurrent environments.
- Fixed an issue in which a customer could experience data corruption if doing puts with large objects.
- Fixed a memory leak that occurred when a replicated region, configured with entry expiration, was cleared.
- Fixed a problem with replaying subscription events following restart or failover.
- Unused disk store backups (drf files) are now deleted to prevent possible startup failure.
- When a client performs a single-hop getAll() operation and encounters a serialization error, the operation is now re-tried.
- Corrected a case in which tombstones were being cleared when the region was not initialized.
- Note: Geode 1.13.0 is not compatible with 1.13.2+ or 1.12.1+ clients.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=1234691712351204
N-2
1.12.8
This patch release includes a security fix:
...
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12350901
Kakfa Connector 1.1.0
- Upgraded Log4j to 2.16.0
- Apache Geode upgraded to 1.12.6
1.12.6
This patch release includes a few bug fixes:
...
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12346481
...
1.11.0
This release contains a number of improvements and bug fixes:
...