DID THIS PAGE HELP YOU?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here

Introduction

This patch is cumulative. It includes the previous generally available patches from Talend ESB Runtime 8.0.1.R2023-08-RT.

NOTE : To download this patch, contact Talend Support.

Prerequisites

Consider the following requirements for your system:

Talend ESB Runtime 8.0.1.R2023-08-RT or 8.0.1.R2023-10-RT must be installed. More information about the installation of this version is available in the online documentation: https://help.talend.com/r/en-US/Cloud/installation-guide-linux/upgrading-runtime. Depending on the product, {container} is Talend-ESB-V8.0.1.R2023-08-RT/container/ or Talend-Runtime-V8.0.1.R2023-08-RT/ , Talend-ESB-V8.0.1.R2023-10-RT/container/ or Talend-Runtime-V8.0.1.R2023-10-RT/

if property already present (commented or uncommented), won't insert

if property not already present, will backup related file in dir {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/backup/ and insert property

For all updated properties:

if property commented or not already present, won't update

if property already present, will backup related file in dir {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/backup/ and update property

If any change required, update value after patch execution.

Installation

Container

Start Runtime Container

Extract & replace the content of ZIP directory container into {container} directory

Structure after extract & replace should be :

{container}
├───bin     : existing dir
├───deploy  : existing dir
├───etc     : existing dir
├───...
├───patches : dir from current or previous patch
│   └───Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT
│           patch.bat
│           patch01.commands
│           patch02.commands
│           patch.sh
│           mvnrepo.zip
│           talend-esb-patch-<version>.jar
│           logs/ : directory for logs installation
├───system  : existing dir
│   ├───... : existing dir
├───...
            
Ensure username/password are right in {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/patch.bat or {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/patch.sh
... -u {username} -p {password} -f patch.commands ... 
        
Execute {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/patch.bat or {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/patch.sh
            Ensure directory {container}/patches/Patch_20240224_R2024-02_v1-RT-8.0.1.R2023-08-RT/logs contains new log files :
                
xxx-installation.log: patch installation log
                
xxx-init.log: state before patch installation
                    xxx-installed.log: state after patch installation
Please note that Routes using cMap (TDM feature) are not automatically restarted by the patch procedure.
You will need to restart the Runtime Container for changes to take effect.
In the scope of R2024-02, two Karaf console commands have been renamed. The previous command "tesb:start-all" has
become "tesb:start-demo-all", and "tesb:stop-all" has become "tesb:stop-demo-all".
The command name change may not be effective immediately after patching, but the Talend ESB runtime has to be
re-started.
The behaviour of the commands has not changed. If you are using these commands in a script, just replace the command
names. However, for best security and optimized resource consumption it is recommended to verify whether you really
need all services installed via "tesb:start-demo-all", and to consider starting only those you actually use.
Warning: JRE 11.0.20 or 17.0.8 may refuse to open JAR or other ZIP files from Talend ESB runtime or the patch
installer. They complain about invalid CEN headers. This is caused by an incompatibility with JARs and other ZIP
files created by commonly used Apache tools. It has been fixed with JRE 11.0.21 and 17.0.9, and you need to upgrade
your JRE to one of these or a newer version.
    
Notes
    
Bundle resolution errors
        The updates are performed in three iterations. During the first and second iteration bundle resolution errors are showing up on the console and in the logs. This is expected, and these errors are resolved in the third iteration.
        The total patch process takes several minutes, but should not exceed 15 minutes depending on the number of features installed and the hardware.
    
TPS-5591
    
Issues fixed in TPS-5591
        
TPRUN-7743 : Fix patching issue on windows for 2023-10 base version
    
R2024-02
    
Issues fixed in 2024-02
    
TPRUN
        
TPRUN-7472: CVE-2023-46749 Apache Shiro update from 1.12.0 to 1.13.0
        
TPRUN-7476: Fix Apache Camel CVEs in CQL and SQL components - CVE-2024-23114, CVE-2024-22369
        
TPRUN-7395: Hardening of access to Derby DB in Talend ESB runtime - 8.0.1 - remove DB server and change to embedded DB access (TPRUN-7419)
        
TPRUN-7453: Change tesb:start-all command
        
TPRUN-7563: Minor security updates in Talend ESB runtime
        
TDM-9177: Remove support for JavaBean Representation (Phase 1)
        
TDM-9392: Remove XSLT Support in TDM
        
TDM-10577: Remove database XA Transaction support
    
CVE fixed in 2024-02
        
CVE-2023-46749  shiro-core 1.12.0 -> 1.13.0
        
CVE-2023-34042  spring-security 5.7.10 -> 5.7.11
        
CVE-2024-22369  camel-sql - backported (3.20.6.20240122)
        
CVE-2024-23114  camel-cassandraql - backported (3.20.6.20240122)
    
R2024-01
    
Issues fixed in 2024-01
    
TPRUN
        
TPRUN-7387: Error when using HTTP "Patch" in Talend 8 : javax.ws.rs.ProcessingException: java.net.ProtocolException: Invalid HTTP method: PATCH.
        
TPRUN-7323: Locator issues after runtime restart
        
TPRUN-7395: Hardening of access to Derby DB in Talend ESB runtime - 8.0.1 - restrict DB server access to localhost
    
R2023-12
    
Issues fixed in 2023-12
    
TPRUN
            TPRUN-7099: Hardening of access to Karaf web console.
            Applying the patch will not uninstall the webconsole feature, but in full installation it will not be installed by default.
            If not used, it's recommended to disable the console using the command "feature:uninstall webconsole"
        
TPRUN-6947: Update to netty-handler:4.1.101.Final
    
R2023-11
    
Issues fixed in 2023-11
    
TPRUN
        
TPRUN-6956: CVE-2023-46604 Update activemq in Talend ESB runtime to 5.17.6
        
TPRUN-6852: Feature dependency camel-cassandraql/0.0.0 is not available on Runtime R2023-08-RT
        
TPRUN-6923: Talend ESB runtime security updates for 8.0.1.R2023-11
        
TDM-10092: json pretty format not work as expected when mandatory element is 'null'
        
TDM-10389: Mapping cannot work in Talend 8
        
TDM-10415: Date cannot be viewed in the Map
        
TDM-10433: [DSQL Test Run] Test run fail with fatal while standard map just prompt warnings
        
TDM-10441: [Standard Map] Test run with "Failed to write output data error" when output is json
        
TDM-10454: [TDM 8.0.1] problem with Time type using thmap in function ExtractfromDateType
        
TDM-10467: JSON Writer not handling invisible arrays of choices correctly
        
TDM-10480: Update Saxon PE license
        
TDM-10498: databaselookup with mysql5 throw npe
        
TDM-10501: performance issue when reading a 2M big file
    
CVE fixed in 2023-11
        
CVE-2023-46604  activemq 5.17.4 -> 5.17.6
        
CVE-2023-46120  com.rabbitmq:amqp-client 5.14.0 -> 5.18.0
        
CVE-2023-44483  xmlsec 2.3.0 -> 2.3.4
        
CVE-2023-5072   hazelcast 5.2.4 -> 5.3.5 (embedded json)
    
R2023-10
    
Issues fixed in 2023-10
    
TPRUN
        
TPRUN-6874: [8.0.1] ESB Runtime NCSA not working as expected after the upgrade to R2023-08
        
TPRUN-6901: Update license "Talend General Terms (formerly EULA)" to "Qlik Customer Agreement (QCA)" for Talend 8
        
TPRUN-6881: Add camel-avro dependencies to camel-kafka feature for Runtime
        
TPRUN-5432: [Runtime] Integrate updated org.apache.servicemix.bundles.kafka-clients with Confluent Kafka dependencies to 801 Runtime patch
        
TPRUN-6854: zookeeper:3.7.1 | CVE-2023-44981
        
TPRUN-6853: Json:20230227 | CVE-2023-5072
        
TPRUN-6837: CVE Http2 update to Netty 4.1.100
        
TPRUN-6836: CVE Http2 update to Jetty 9.4.53.v20231009
        
TPRUN-6744: AMQP refresh org.talend.esb.job.controller
        
TPRUN-6742: CVE-2023-43642 [8.0.1] TESB-RT: update snappy-java from 1.1.10.3 to 1.1.10.4 (further update to 1.1.10.5)
        
TPRUN-6741: CVE-2023-39410 [8.0.1] TESB-RT: update avro from 1.11.2 to 1.11.3
        
TPRUN-6739: Dependency alignments after Google Guava security update
        
TPRUN-6722: MSSQL component uses mssql-jdbc version "x.x.x.jre8" when "pax-jdbc-mssql" feature is enabled
        
TPRUN-6626: tHTTPClient causing features deployment to fail with Java 17
        
TPRUN-6649: [Runtime] client script generates the exception NoClassDefFoundError
        
TPRUN-6647: cMail dependency bug in R2023-08-RT
        
TPRUN-6597: Talend ESB runtime security updates for 8.0.1.R2023-10
        
TDM-9999: Upgrade HikariCP to 4.0.3
        
TDM-10397: DSQL-based Map Editor and Runtime [BETA]
    
CVE fixed in 2023-10
        
CVE-2023-5072   json 20230227 -> 20231013
        
CVE-2023-44981  zookeeper: 3.7.1 -> 3.7.2
        
CVE-2023-36478  jetty: 9.4.52.v20230823 -> 9.4.53.v20231009
        
CVE-2023-36478  netty: 4.1.94.Final -> 4.1.100.Final
        
CVE-2023-43642  snappy-java 1.1.10.3 -> 1.1.10.5
        
CVE-2023-39410  avro 1.11.2 -> 1.11.3
        
CVE-2021-28170  org.glassfish:jakarta.el 3.0.3 -> 3.0.4
        
CVE-2023-42503  commons-compress 1.22 -> 1.24.0
        
CVE-2023-40167  jetty 9.4.51.v20230217 -> 9.4.52.v20230823, pax-web 8.0.20 -> 8.0.22
        
Various CVE     Removal of narayana transaction manager support (no longer maintained under OSGi, unsecure embedded libraries)
        
Various CVE     Removal of decanter cassandra appender (no longer maintained, outdated unsecure shaded guava)
    
R2023-09
    
Issues fixed in 2023-09
    
TPRUN
        
TPRUN-6462: Talend ESB runtime security fixes after core upgrade
        
TPRUN-5951: org.simpleframework.xml.strategy.Strategy cannot be found when built from Studio
        
TPRUN-6505: [8.0.1] batik-bridge:1.16 | CVE-2022-44729
        
TPRUN-6506: [8.0.1] batik-transcoder:1.16 | CVE-2022-44729
        
TPRUN-6507: [8.0.1] batik-script:1.16 | CVE-2022-44730
        
TDM-10363 [8.0.1] Restore maintenance/8.0 as single source for Studio and ESB runtime
    
CVE fixed in 2023-09
        
CVE-2021-33813  org.apache.servicemix.bundles.jdom 2.0.61 -> 2.0.6.11
        
CVE-2023-33201  bouncycastle 1.73 -> 1.74 (in pax-web features)
        
CVE-2022-44729, CVE-2022-44730  xmlgraphics batik 1.16 -> 1.17
        
Various CVE     kudu 1.16.0 -> 1.17.0 (several updates of unsecure embedded libraries)
        
Various CVE     remove camel-python and camel-robotframework because of insufficiently maintained dependencies with unsecure embedded libraries
        
CVE-2023-34455  snappy 1.1.7.7 -> 1.1.10.3 (in add-ons, full build only)
        
CVE-2023-1436   jettison 1.53 -> 1.54 (in add-ons, full build only)
        
CVE-2023-26048  jetty (9.4.43.v20210629, 9.4.50.v20221201) -> 9.4.51.v20230217 (in add-ons, full build only)
        
CVE-2021-21290  netty 4.1.76.Final -> 4.1.94.Final (in add-ons, full build only)
    
R2023-08
    
Issues fixed in 2023-08
    
TPRUN
        
TPRUN-3588: Camel version upgrade to 3.20.6 LTS
        
TPRUN-4800: Karaf version upgrade to 4.4.3
        
TPRUN-5093: CXF version upgrade to 3.5.6
        
TPRUN-5095: ActiveMQ version upgrade to 5.17.4
        
TPRUN-5105: Zookeeper version upgrade to 3.7.1
        
TPRUN-6482: Talend ESB runtime - remove obsolete Karaf features with security issues.
        
TPRUN-6483: [8.0] cMessagingEndpoint doesn't support camel-jira in Runtime
        
TDM-10336 Upgrade 8.0.1 to avro 1.11.2
    
CVE fixed in 2023-08
        
CVE-2022-39368  californium 2.6.3 -> 2.7.4
        
CVE-2023-24998  commons-fileupload 1.4 -> 1.5
        
CVE-2020-17521  groovy2 2.4.4 -> 2.4.21
        
CVE-2022-25647  gson 2.8.7 -> 2.10.1
        
CVE-2023-2976, CVE-2020-8908, CVE-2018-10237  guava (19.0 - 31.0.1-jre) -> 32.1.1-jre
        
CVE-2023-33265  hazelcast 4.2.1 > 5.2.4
        
CVE-2020-13956  httpclient 4.5.13 -> 4.5.14
        
CVE-2023-33008  johnzon (1.2.14, 1.2.18) -> 1.2.21
        
CVE-2023-1370  json-smart 2.4.9 -> 2.4.10
        
CVE-2022-41946  postgresql-jdbc (42.2.8, 42.2.14) -> 42.6.0
        
CVE-2023-34455  snappy 1.1.7.3 -> 1.1.10.1
        
CVE-2023-34034  spring-security 5.6.9 -> 5.7.10
        
CVE-2023-32697  sqlite-jdbc 3.34.0 -> 3.42.0.0
        
CVE-2023-35887  sshd-osgi 2.9.2 -> 2.10.0
        
CVE-2022-42890, CVE-2022-41704  xmlgraphics-batik 1.14 -> 1.16
        
CVE-2023-33201  bcprov-jdk15on 1.69 -> 1.74
    
For previous patches : see 2023-07 patch release notes
                            
Did this page help you?
                            
If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!
 
                            
Leave your feedback here