このコンテンツは選択した言語では利用できません。
Chapter 6. Resolved Issues
6.1. Resolved Issues
- JDG-521 - CVE-2016-0750 hotrod client: unchecked deserialization in marshaller util [jdg-7]
The Hot Rod Java client in JBoss Data Grid automatically deserialized byte array message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-875 - Cross-Site Replication: inconsistent data with multiple site masters in ASYNC mode
When attempting to configure cross-site replication with multiple site masters, data inconsistencies are possible due to updates being routed differently for each request. This can result in the same key traversing two separate routes, leading to differing values.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-878 - Administration console - remote sites are not displayed correctly on cache container page
When two caches were configured each with a different remote site, after clicking on a cache container, both remote sites were displayed on both cache cards.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-885 - Administration console - Indexing tab allows invalid configuration to be set
Indexing is not a valid configuration for invalidation caches; however, it was possible to define this element using the Administration console. The indexing tab is not available for the invalidation-cache now.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-951 - LDAP Authorization Common RoleName Mapper Case Insensitive CN extraction
Previously, when enabling security with JBoss Data Grid with an LDAP backend using
common-role-name-mapperfor authorization, the role name failed to extract when its attribute in the distinguished name wascninstead ofCN.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-964 - Administration console - Incorrect data field columns used on cache nodes page
Previously, in the
Nodestable of the Administration Console, an average read time value was displayed under the following columns:Total reads,Total failed reads,Total writes, andTotal failed writes. With this update,Total failed writesis removed and the correct data forTotal reads,Total failed reads, andTotal writesis displayed.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-966 - Administration console - going back to General status tab from Nodes tab loses cache context
After navigating to the
Nodestab of a non-default cache, when going to theGeneral Statustab a redirect to theGeneral Statustab of the default cache occured, not the non-default cache, as expected.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1001 - JDG modules for EAP does not include all necessary indexes
The CDI Quickstart Guide demontrates injection of Infinispan caches into a web application using CDI. Previously, the guide instructed the reader to bundle the JBoss Data Grid EAP modules with the application. However, this is not the recommended way to setup CDI. The quickstart now specifies the JDG EAP modules be installed directly on the server.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1042 - Refuse to store an index on an ASYNC Cache
When ASYNC caches were in use JBoss Data Grid could not handle out-of-order operations.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1044 - Conditional remove doesn’t work with storeAsBinary
When using
storeAsBinaryif the stored value was aMarshalledValueand it didn’t match the passed in unmarshalled value, the conditionalRemoveCommandwould fail.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1055 - Improve Compatibility between Rest and HotRod for text content
With text based content, writing via Hot Rod and reading via Rest worked, but not the other way around. Writing via Rest and reading via Hot Rod required deploying a modified StringMarshaller in the server.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1150 - API docs states incorrectly ‘Experimental’
Methods
buildQueryBuilderForClassandgetClusteredQuerywere both listed as experimental in the API docs. This was corrected.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1180 - Rest Server should allow custom maxContentLength
Previously, JBoss Data Grid did not allow a custom
maxContentLength. With this update, a new attribute namedmax-content-lengthhas been added that allows the maximum content length of a POST/PUT request to be specified.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1211 - WARN messages shown during startup for JDG (EAP) CDI modules
The following warning messages were shown if an application with module dependencies was started:
WARN [org.jboss.as.weld] JBAS016017: Using deployment classloader to load proxy classes for module org.infinispan.jcache:jdg-7.1. Package-private access will not work. To fix this the module should declare dependencies on [org.jboss.weld.core, org.javassist] WARN [org.jboss.as.weld] JBAS016017: Using deployment classloader to load proxy classes for module org.infinispan.cdi.embedded:jdg-7.1. Package-private access will not work. To fix this the module should declare dependencies on [org.jboss.weld.core, org.javassist]
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1212 - Package 3rd party licenses content
Add licensing information for third party packages used by JBoss Data Grid. In
jboss-datagrid-7.1.1-server.zip, there is adocs/licensesdirectory. Under that directory, the filesjdg/licenses.htmlandjdg/licenses.xmldocument the licenses of third party packages used by JDG.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1215 - Rest logging handler category is wrong in infinispan-logging.xml
In the JBoss Data Grid sources zip archive,
infinispan-logging.xmldid not set the correct category for the rest logging handler. It wasRestAccessLoggingHandlerwhen it should have beenorg.infinispan.rest.logging.RestAccessLoggingHandler.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1217 - Remove log4j from uber jars
Previously, log4j was enabled by default. However, JBoss Data Grid supports multiple logging methods and is logging agnostic. As such, it is no longer enabled by default. It should be a manually provided dependency if needed.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1219 - "org.hibernate.search.exception.SearchException: Not a valid ScoreDoc index" under high load
Using a spatial query in library mode with a web application under high load could cause an exception.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1220 - JDG 7.1.0 logging is not compatible with EAP 7.1.0.DR16+
JBoss Enterprise Application Platform 7.1.0 included jboss-logging 3.3.1, but JBoss Data Grid 7.1.0 includes jboss-logging 3.3.0. Update jboss-logging in JDG 7.1.1 to 3.3.1 to be compatible with EAP 7.1.0.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1240 - Do not require a trust store for the HotRod server configuration builder
When configuring the Hot Rod server for SSL the validation code required a trust store to be enabled when one wasn’t actually needed.
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1262 - DSL queries filtering only on type are always executed without index
In a query if the WHERE clause was empty, or a tautology (true), the query was wrongly executed unindexed even though the index should at least be used for filtering on type. Example queries that could cause this are below:
FROM org.infinispan.test.Person // and: qf.from(Person.class).build();
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1277 - @public packages missing from API documentation
The following packages were missing from the API documentation:
- org.infinispan.cdi.common
- org.infinispan.objectfilter
- org.infinispan.persistence.leveldb
- org.infinispan.persistence.leveldb.configuration
org.infinispan.scripting
This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1283 - Quickstart spark issues
In the Spark Quickstart
README.mdfile there were references toispn-cli.shandispn-cli.batbut the filesnames are actualycli.shandcli.bat. Additionally, the Spark version referenced was 1.6+ but the quickstart actually works with version 2.0.2+.This issue is resolved as of JBoss Data Grid 7.1.1.
- JDG-1311 - CVE-2017-12629 lucene: Solr: Code execution via entity expansion [jdg-7.1.0]
It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr’s Config API.
JBoss Data Grid included only the Lucene components relevant to this flaw, and was not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw was determined to be Moderate.
This issue is resolved as of JBoss Data Grid 7.1.1.
