Chapter 6. Resolved Issues


6.1. Resolved Issues

JDG-521 - CVE-2016-0750 hotrod client: unchecked deserialization in marshaller util [jdg-7]

The Hot Rod Java client in JBoss Data Grid automatically deserialized byte array message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-875 - Cross-Site Replication: inconsistent data with multiple site masters in ASYNC mode

When attempting to configure cross-site replication with multiple site masters, data inconsistencies are possible due to updates being routed differently for each request. This can result in the same key traversing two separate routes, leading to differing values.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-878 - Administration console - remote sites are not displayed correctly on cache container page

When two caches were configured each with a different remote site, after clicking on a cache container, both remote sites were displayed on both cache cards.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-885 - Administration console - Indexing tab allows invalid configuration to be set

Indexing is not a valid configuration for invalidation caches; however, it was possible to define this element using the Administration console. The indexing tab is not available for the invalidation-cache now.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-951 - LDAP Authorization Common RoleName Mapper Case Insensitive CN extraction

Previously, when enabling security with JBoss Data Grid with an LDAP backend using common-role-name-mapper for authorization, the role name failed to extract when its attribute in the distinguished name was cn instead of CN.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-964 - Administration console - Incorrect data field columns used on cache nodes page

Previously, in the Nodes table of the Administration Console, an average read time value was displayed under the following columns: Total reads, Total failed reads, Total writes, and Total failed writes. With this update, Total failed writes is removed and the correct data for Total reads, Total failed reads, and Total writes is displayed.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-966 - Administration console - going back to General status tab from Nodes tab loses cache context

After navigating to the Nodes tab of a non-default cache, when going to the General Status tab a redirect to the General Status tab of the default cache occured, not the non-default cache, as expected.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1001 - JDG modules for EAP does not include all necessary indexes

The CDI Quickstart Guide demontrates injection of Infinispan caches into a web application using CDI. Previously, the guide instructed the reader to bundle the JBoss Data Grid EAP modules with the application. However, this is not the recommended way to setup CDI. The quickstart now specifies the JDG EAP modules be installed directly on the server.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1042 - Refuse to store an index on an ASYNC Cache

When ASYNC caches were in use JBoss Data Grid could not handle out-of-order operations.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1044 - Conditional remove doesn’t work with storeAsBinary

When using storeAsBinary if the stored value was a MarshalledValue and it didn’t match the passed in unmarshalled value, the conditional RemoveCommand would fail.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1055 - Improve Compatibility between Rest and HotRod for text content

With text based content, writing via Hot Rod and reading via Rest worked, but not the other way around. Writing via Rest and reading via Hot Rod required deploying a modified StringMarshaller in the server.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1150 - API docs states incorrectly ‘Experimental’

Methods buildQueryBuilderForClass and getClusteredQuery were both listed as experimental in the API docs. This was corrected.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1180 - Rest Server should allow custom maxContentLength

Previously, JBoss Data Grid did not allow a custom maxContentLength. With this update, a new attribute named max-content-length has been added that allows the maximum content length of a POST/PUT request to be specified.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1211 - WARN messages shown during startup for JDG (EAP) CDI modules

The following warning messages were shown if an application with module dependencies was started:

WARN [org.jboss.as.weld] JBAS016017: Using deployment classloader to load proxy classes for module org.infinispan.jcache:jdg-7.1. Package-private access will not work. To fix this the module should declare dependencies on [org.jboss.weld.core, org.javassist]

WARN [org.jboss.as.weld] JBAS016017: Using deployment classloader to load proxy classes for module org.infinispan.cdi.embedded:jdg-7.1. Package-private access will not work. To fix this the module should declare dependencies on [org.jboss.weld.core, org.javassist]

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1212 - Package 3rd party licenses content

Add licensing information for third party packages used by JBoss Data Grid. In jboss-datagrid-7.1.1-server.zip, there is a docs/licenses directory. Under that directory, the files jdg/licenses.html and jdg/licenses.xml document the licenses of third party packages used by JDG.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1215 - Rest logging handler category is wrong in infinispan-logging.xml

In the JBoss Data Grid sources zip archive, infinispan-logging.xml did not set the correct category for the rest logging handler. It was RestAccessLoggingHandler when it should have been org.infinispan.rest.logging.RestAccessLoggingHandler.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1217 - Remove log4j from uber jars

Previously, log4j was enabled by default. However, JBoss Data Grid supports multiple logging methods and is logging agnostic. As such, it is no longer enabled by default. It should be a manually provided dependency if needed.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1219 - "org.hibernate.search.exception.SearchException: Not a valid ScoreDoc index" under high load

Using a spatial query in library mode with a web application under high load could cause an exception.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1220 - JDG 7.1.0 logging is not compatible with EAP 7.1.0.DR16+

JBoss Enterprise Application Platform 7.1.0 included jboss-logging 3.3.1, but JBoss Data Grid 7.1.0 includes jboss-logging 3.3.0. Update jboss-logging in JDG 7.1.1 to 3.3.1 to be compatible with EAP 7.1.0.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1240 - Do not require a trust store for the HotRod server configuration builder

When configuring the Hot Rod server for SSL the validation code required a trust store to be enabled when one wasn’t actually needed.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1262 - DSL queries filtering only on type are always executed without index

In a query if the WHERE clause was empty, or a tautology (true), the query was wrongly executed unindexed even though the index should at least be used for filtering on type. Example queries that could cause this are below:

FROM org.infinispan.test.Person

// and:

qf.from(Person.class).build();

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1277 - @public packages missing from API documentation

The following packages were missing from the API documentation:

  • org.infinispan.cdi.common
  • org.infinispan.objectfilter
  • org.infinispan.persistence.leveldb
  • org.infinispan.persistence.leveldb.configuration
  • org.infinispan.scripting

    This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1283 - Quickstart spark issues

In the Spark Quickstart README.md file there were references to ispn-cli.sh and ispn-cli.bat but the filesnames are actualy cli.sh and cli.bat. Additionally, the Spark version referenced was 1.6+ but the quickstart actually works with version 2.0.2+.

This issue is resolved as of JBoss Data Grid 7.1.1.

JDG-1311 - CVE-2017-12629 lucene: Solr: Code execution via entity expansion [jdg-7.1.0]

It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr’s Config API.

JBoss Data Grid included only the Lucene components relevant to this flaw, and was not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw was determined to be Moderate.

This issue is resolved as of JBoss Data Grid 7.1.1.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.