Security Vulnerabilities
- CVE-2017-5649: Apache Geode information disclosure vulnerability
- CVE-2017-9794: Apache Geode gfsh query vulnerability
- CVE-2017-9797: Apache Geode client/server authentication vulnerability
1.3.0
Changes since the last release:
- This release is backwards compatible with prior v1.1 and v1.2 releases.
Provides finer grained security
Improves FunctionContext to now provide a reference to Cache
Adds GfshRule for integration testing Geode Applications
Adds soundex analyzer to lucene search
Adds a Gfsh Connect option --skip-ssl-validation
Enables function author to determine what permissions the function execution requires
Adds option to invoke callbacks while loading a snapshot
Adds jmx-manager-hostname-for-clients as a gfsh option for starting a locator
Fixes performance hit when security is not turned on
Deprecates option for manual restart of Gateway senders
Fixes required permission for lucene query
Gfsh works over HTTP with SSL enabled
Fixes potential locator split brain when two locators are started within 1s of each other
Fixes possibleDuplicate boolean to be set to true in previously processed AEQ events
Fixes erroneous CommitConflictException on client
Remove a number of API's that had been deprecated prior to the last major version (v1.0.0-incubating):
Remove deprecated AttributesMutator.setCacheListener
Remove deprecated methods on TransactionEvent
Remove BridgeServer system properties
Remove deprecated APIs from Locator/Server Launcher classes
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12340669
1.2.1
Changes since the last release:
- This release is backwards compatible with prior v1.1 and v1.2 releases. See GEODE-3249 for details regarding rolling upgrades when security is enabled.
- gfsh queries are no longer paginated.
- gfsh jar deployment handles functions which extend
FunctionAdapter
. - CVE-2017-9794: Apache Geode gfsh query vulnerability.
- CVE-2017-9797: Apache Geode client/server authentication vulnerability.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12341124
1.2.0
Changes since the last release:
- This release is backwards compatible with prior v1.1.x releases:
- Applications developed with v1.1 should be compatible with v1.2.
- v1.1 clients should be able to connect to a 1.2 cluster.
- Rolling upgrades from a running v1.1 cluster to v1.2 are supported.
- Improve Lucene API and removed the @Experimental status. This capability provides full-text indexing of data stored in Geode backed by redundant, highly available in-memory storage.
- Provide a
PartitionResolver
implementation that allows colocating related data on compound keys without code deployment. - Resolve several data consistency issues affecting AsyncEventQueues.
- Improve the Function API with appropriate generic type parameters.
- Remove optional usage of the Attach API within gfsh.
- Bundle geode examples along with the release distributions. The examples demonstrate simple scenarios for replicated regions, partitioned regions, and CacheLoader.
- Provide option to invoke callbacks (such as CacheListeners) when importing a region snapshot file.
- Improve resiliency of server during SSL handshake.
- Resolve several issues with concurrent Locator startup.
- Many improvements to hot deployment of Functions including optimized classpath scanning of jars.
- Close over 300 tickets to add features, implement improvements and fix bugs.
- Remove a number of API's that had been deprecated prior to the last major version (v1.0.0-incubating):
- CacheEvent.isDistributed, CacheEvent.isExpiration
- DataSerializer.register
- EntryEvent.isBridgeEvent, EntryEvent.isLoad, EntryEvent.isLocalLoad, EntryEvent.isNetLoad, EntryEvent.isNetSearch
- EntryNotFoundInRegion
- Execution.execute (various overloads)
- FunctionService.onMembers (various overloads)
- LicenseException
- ObjectSizerImpl
- RemoteTransactionException
- Region.entries(boolean), Region.keys
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12339257
1.1.1
Changes since the last release:
- CVE-2017-5649: Apache Geode information disclosure vulnerability.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12340271
1.1.0
Changes since the last release:
- Upon graduation to a top-level Apache project, removed incubating project references.
- Resolved 252 tickets to fix bugs, enhance the state of continuous integration testing, and improve the integrated security implementation.
- Improved the JSONFormatter and the PdxSerialization frameworks to reduce the number of PDX types generated.
- Added a backwards compatibility testing framework for validating that Geode v1.0.0-incubating applications can connect to a v1.1.0 server.
- Made cluster configuration service more cloud friendly by storing the configuration in a Geode Region instead of requiring that they are stored in the file-system.
- Made cluster configuration service easier to use so that you can deploy/undeploy code even before any cache servers are running.
- Made gfsh more cloud friendly by enabling developer to describe foreign-key relationships for co-located regions by setting a PartitionResolver during “create region” command.
- Added Tomcat 8.0 and 8.5 and tcServer 3.2 for HTTP Session Management module.
- Added docs for Apache Lucene integration.
- Improved Apache Lucene statistics collection and display.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12338352
1.0.0-incubating
Changes since the last release:
- Renaming Packages From com.gemstone.gemfire to org.apache.geode
- Bundling Documentation With The Source Distribution
- Securing the REST API
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12332343
1.0.0-incubating.M3
Changes since the last release:
- Improvements To Role-Based Access Control
- Enhanced Apache Lucene Integration
- Support For Apache Tomcat 8 Session Caching
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12335358
1.0.0-incubating.M2
Changes since the last release:
- Incorporating Site-To-Site WAN Connectivity
- Continuous Querying
- Http Session Replication
- Hibernate L2 cache provider
- Pulse Monitoring Tool
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12334709
1.0.0-incubating.M1
The first ASF release:
- Support For Off-Heap Regions
- Updated Group Membership Service.
A full list of issues that were resolved can be found at https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12334248