You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

Security Vulnerabilities

1.5.0

Changes since the last release:

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12342395.

1.4.0

Changes since the last release:

  • This release is backwards compatible with prior v1.x releases.
  • Adds a JDBC connector (experimental)
  • Lucene indexing/searching for nested objects
  • Introduced new eviction algorithm for large regions (experimental)
  • Hash Index and Hash Index APIs are now deprecated
  • New geode-examples 
  • Provide whitelist/blacklist capability for java serialization
  • Allow query parameters within the to_date preset query function
  • Add a --if-exists flag to all destroy commands in gfsh
  • Idle expiration will happen even if the entry has been accessed on a replicate
  • "describe region" command & RegionMBean now includes asyncEventQueueIds and gatewaySenderIds
  • Ability to configure eviction through gfsh "create region" command
  • Adds a new alter async event queue command
  • Ability to deploy large jar files without running out of memory on locator
  • Integrate new client protocol into existing connection logic
  • Fixed: Member may fail to receive cluster configuration from locator
  • Fixed: 2 restarts of Locator results in split brain
  • Fixed: Pulse login fails after second login
  • Fixed: Pulse throws NPE when SecurityManager is enabled
  • Fixed: Deployed jars may not be correct when multiple locators are in use

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12341842

1.3.0

Changes since the last release:

  • CVE-2017-9795: Apache Geode OQL method invocation vulnerability
  • CVE-2017-9796: Apache Geode OQL bind parameter vulnerability
  • CVE-2017-12622: Apache Geode gfsh authorization vulnerability
  • This release is backwards compatible with prior v1.1 and v1.2 releases.

  • Provides finer grained security

  • Adds ability to snapshot more than one region at a time

  • Improves FunctionContext to now provide a reference to Cache

  • Adds GfshRule for integration testing Geode Applications

  • Adds soundex analyzer to lucene search

  • Adds a Gfsh Connect option --skip-ssl-validation

  • Enables function author to determine what permissions the function execution requires

  • Adds jmx-manager-hostname-for-clients as a gfsh option for starting a locator

  • Fixes performance hit when security is not turned on

  • Deprecates option for manual restart of Gateway senders

  • Fixes required permission for lucene query

  • Gfsh works over HTTP with SSL enabled

  • Fixes potential locator split brain when two locators are started within 1s of each other

  • Fixes possibleDuplicate boolean to be set to true in previously processed AEQ events

  • Fixes erroneous CommitConflictException on client

  • Remove a number of API's that had been deprecated prior to the last major version (v1.0.0-incubating):

    • Remove deprecated AttributesMutator.setCacheListener

    • Remove deprecated methods on TransactionEvent

    • Remove BridgeServer system properties

    • Remove deprecated APIs from Locator/Server Launcher classes

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12340669

1.2.1

Changes since the last release:

  • This release is backwards compatible with prior v1.1 and v1.2 releases.  See GEODE-3249 for details regarding rolling upgrades when security is enabled.
  • gfsh queries are no longer paginated.
  • gfsh jar deployment handles functions which extend FunctionAdapter.
  • CVE-2017-9794: Apache Geode gfsh query vulnerability.
  • CVE-2017-9797: Apache Geode client/server authentication vulnerability.

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12341124

1.2.0

Changes since the last release:

  • This release is backwards compatible with prior v1.1.x releases:
    • Applications developed with v1.1 should be compatible with v1.2.
    • v1.1 clients should be able to connect to a 1.2 cluster.
    • Rolling upgrades from a running v1.1 cluster to v1.2 are supported.
  • Improve Lucene API and removed the @Experimental status.  This capability provides full-text indexing of data stored in Geode backed by redundant, highly available in-memory storage.
  • Provide a PartitionResolver implementation that allows colocating related data on compound keys without code deployment.
  • Resolve several data consistency issues affecting AsyncEventQueues.
  • Improve the Function API with appropriate generic type parameters.
  • Remove optional usage of the Attach API within gfsh.
  • Bundle geode examples along with the release distributions.  The examples demonstrate simple scenarios for replicated regions, partitioned regions, and CacheLoader.
  • Provide option to invoke callbacks (such as CacheListeners) when importing a region snapshot file.
  • Improve resiliency of server during SSL handshake.
  • Resolve several issues with concurrent Locator startup.
  • Many improvements to hot deployment of Functions including optimized classpath scanning of jars.
  • Close over 300 tickets to add features, implement improvements and fix bugs.
  • Remove a number of API's that had been deprecated prior to the last major version (v1.0.0-incubating):
    • CacheEvent.isDistributed, CacheEvent.isExpiration
    • DataSerializer.register
    • EntryEvent.isBridgeEvent, EntryEvent.isLoad, EntryEvent.isLocalLoad, EntryEvent.isNetLoad, EntryEvent.isNetSearch
    • EntryNotFoundInRegion
    • Execution.execute (various overloads)
    • FunctionService.onMembers (various overloads)
    • LicenseException
    • ObjectSizerImpl
    • RemoteTransactionException
    • Region.entries(boolean), Region.keys

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12339257

1.1.1

Changes since the last release:

  • CVE-2017-5649: Apache Geode information disclosure vulnerability.

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12340271

1.1.0

Changes since the last release:

  • Upon graduation to a top-level Apache project, removed incubating project references.
  • Resolved 252 tickets to fix bugs, enhance the state of continuous integration testing, and improve the integrated security implementation.
  • Improved the JSONFormatter and the PdxSerialization frameworks to reduce the number of PDX types generated.
  • Added a backwards compatibility testing framework for validating that Geode v1.0.0-incubating applications can connect to a v1.1.0 server.
  • Made cluster configuration service more cloud friendly by storing the configuration in a Geode Region instead of requiring that they are stored in the file-system.
  • Made cluster configuration service easier to use so that you can deploy/undeploy code even before any cache servers are running.
  • Made gfsh more cloud friendly by enabling developer to describe foreign-key relationships for co-located regions by setting a PartitionResolver during “create region” command.
  • Added Tomcat 8.0 and 8.5 and tcServer 3.2 for HTTP Session Management module.
  • Added docs for Apache Lucene integration.
  • Improved Apache Lucene statistics collection and display.

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12338352

1.0.0-incubating

Changes since the last release:

  • Renaming Packages From com.gemstone.gemfire to org.apache.geode
  • Bundling Documentation With The Source Distribution
  • Securing the REST API

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12332343

1.0.0-incubating.M3

Changes since the last release:

  • Improvements To Role-Based Access Control
  • Enhanced Apache Lucene Integration
  • Support For Apache Tomcat 8 Session Caching

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12335358

1.0.0-incubating.M2

Changes since the last release:

  • Incorporating Site-To-Site WAN Connectivity
  • Continuous Querying
  • Http Session Replication
  • Hibernate L2 cache provider
  • Pulse Monitoring Tool

 A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12334709

1.0.0-incubating.M1

The first ASF release:

  • Support For Off-Heap Regions
  • Updated Group Membership Service.

A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12334248

  • No labels