You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by vl...@apache.org on 2021/12/25 13:18:03 UTC
[jmeter] branch master updated: Update changes_history.xml for 5.4.2 and 5.4.3
This is an automated email from the ASF dual-hosted git repository.
vladimirsitnikov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git
The following commit(s) were added to refs/heads/master by this push:
new 1977e4c Update changes_history.xml for 5.4.2 and 5.4.3
1977e4c is described below
commit 1977e4c2dd0c49d037ade10e0946c36970da25eb
Author: Milamber <mi...@apache.org>
AuthorDate: Thu Dec 23 17:51:02 2021 +0100
Update changes_history.xml for 5.4.2 and 5.4.3
---
xdocs/changes_history.xml | 272 +++++++++++++++++++++++++++++++++++++---------
1 file changed, 218 insertions(+), 54 deletions(-)
diff --git a/xdocs/changes_history.xml b/xdocs/changes_history.xml
index b0e24c9..8b8b4f4 100644
--- a/xdocs/changes_history.xml
+++ b/xdocs/changes_history.xml
@@ -41,73 +41,257 @@ Current changes are detailed in <a href="changes.html">Changes</a>.
<p><b>Changes sections are chronologically ordered from top (most recent) to bottom
(least recent)</b></p>
-<!-- =================== 5.4.1 =================== -->
+<!-- =================== 5.4.3 =================== -->
-<h1>Version 5.4.1</h1>
+<h1>Version 5.4.3</h1>
<p>
Summary
</p>
+<p>This version is a fix release against the vulnerability CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.
+</p>
<ul>
-<li><a href="#New and Noteworthy">New and Noteworthy</a></li>
-<li><a href="#Incompatible changes">Incompatible changes</a></li>
-<li><a href="#Bug fixes">Bug fixes</a></li>
-<li><a href="#Improvements">Improvements</a></li>
<li><a href="#Non-functional changes">Non-functional changes</a></li>
<li><a href="#Known problems and workarounds">Known problems and workarounds</a></li>
-<li><a href="#Thanks">Thanks</a></li>
</ul>
-<ch_section>New and Noteworthy</ch_section>
-<!--
-<ch_title>Core improvements</ch_title>
-<ch_title>Test Plan</ch_title>
-<ch_title>Scripting / Debugging enhancements</ch_title>
-<ch_title>Functions</ch_title>
--->
-<ch_title>UX improvements</ch_title>
-
-<!-- =================== Incompatible changes =================== -->
-
-<ch_section>Incompatible changes</ch_section>
+<ch_section>Non-functional changes</ch_section>
<ul>
- <li>Restart after LAF change has been reinstated, it had been removed in JMeter 5.3</li>
+ <li>Updated Apache log4j2 to 2.17.0 (from 2.16.0).</li>
</ul>
-<!-- =================== Improvements =================== -->
-<ch_section>Improvements</ch_section>
+ <!-- =================== Known bugs or issues related to JAVA Bugs =================== -->
-<h3>HTTP Samplers and Test Script Recorder</h3>
+<ch_section>Known problems and workarounds</ch_section>
<ul>
-</ul>
+<li>The Once Only controller behaves correctly under a Thread Group or Loop Controller,
+but otherwise its behaviour is not consistent (or clearly specified).</li>
-<h3>Other samplers</h3>
-<ul>
-</ul>
+<li>
+The numbers that appear to the left of the green box are the number of active threads / total number of threads,
+the total number of threads only applies to a locally run test, otherwise it will show <code>0</code> (see <bugzilla>55510</bugzilla>).
+</li>
+
+<li>
+Note that under some windows systems you may have this WARNING:
+<source>
+java.util.prefs.WindowsPreferences
+WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0
+x80000002. Windows RegCreateKeyEx(…) returned error code 5.
+</source>
+The fix is to run JMeter as Administrator, it will create the registry key for you, then you can restart JMeter as a normal user and you won't have the warning anymore.
+</li>
+
+<li>
+You may encounter the following error:
+<source>java.security.cert.CertificateException: Certificates does not conform to algorithm constraints</source>
+ if you run a HTTPS request on a web site with a SSL certificate (itself or one of SSL certificates in its chain of trust) with a signature
+ algorithm using MD2 (like <code>md2WithRSAEncryption</code>) or with a SSL certificate with a size lower than 1024 bits.
+This error is related to increased security in Java 8+.
+<br></br>
+To allow you to perform your HTTPS request, you can downgrade the security of your Java installation by editing
+the Java <code>jdk.certpath.disabledAlgorithms</code> property. Remove the MD2 value or the constraint on size, depending on your case.
+<br></br>
+This property is in this file:
+<source>JAVA_HOME/jre/lib/security/java.security</source>
+See <bugzilla>56357</bugzilla> for details.
+</li>
+
+<li>
+Under Mac OSX Aggregate Graph will show wrong values due to mirroring effect on numbers.
+This is due to a known Java bug, see Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8065373" >JDK-8065373</a>
+The fix is to use JDK8_u45 or later.
+</li>
+
+<li>
+View Results Tree may fail to display some HTML code under HTML renderer, see <bugzilla>54586</bugzilla>.
+This is due to a known Java bug which fails to parse "<code>px</code>" units in row/col attributes.
+See Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8031109" >JDK-8031109</a>
+The fix is to use JDK9 b65 or later.
+</li>
+
+<li>
+JTable selection with keyboard (<keycombo><keysym>SHIFT</keysym><keysym>up/down</keysym></keycombo>) is totally unusable with Java 7 on Mac OSX.
+This is due to a known Java bug <a href="https://bugs.openjdk.java.net/browse/JDK-8025126" >JDK-8025126</a>
+The fix is to use JDK 8 b132 or later.
+</li>
+
+<li>
+Since Java 11 the JavaScript implementation <a href="https://openjdk.java.net/jeps/335">Nashorn has been deprecated</a>.
+Java will emit the following deprecation warnings, if you are using JavaScript based on Nashorn.
+<source>
+Warning: Nashorn engine is planned to be removed from a future JDK release
+</source>
+To silence these warnings, add <code>-Dnashorn.args=--no-deprecation-warning</code> to your Java arguments.
+That can be achieved by setting the enviroment variable <code>JVM_ARGS</code>
+<source>
+export JVM_ARGS="-Dnashorn.args=--no-deprecation-warning"
+</source>
+</li>
+
+<li>
+With Java 15 the JavaScript implementation <a href="https://openjdk.java.net/jeps/372">Nashorn has been removed</a>. To add back a JSR-223 compatible JavaScript engine you have two options:
+ <dl>
+ <dt>Use Mozilla Rhino</dt>
+ <dd>Copy <a href="https://github.com/mozilla/rhino/releases/download/Rhino1_7_13_Release/rhino-engine-1.7.13.jar">rhino-engine-1.7.13.jar</a> into <code>$JMETER_HOME/lib/ext</code>.</dd>
+ <dt>Use OpenJDK Nashorn</dt>
+ <dd>
+ The OpenJDK Nashorn implementation comes as a module. To use it, you will have to download it and add it to the module path. A hacky way to download the version 15.0 and its dependencies and set the module path is outlined below:
+ <source>
+mkdir lib/modules
+pushd lib/modules
+wget https://repo1.maven.org/maven2/org/openjdk/nashorn/nashorn-core/15.0/nashorn-core-15.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm/9.0/asm-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-commons/9.0/asm-commons-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-util/9.0/asm-util-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-tree/9.0/asm-tree-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-analysis/9.0/asm-analysis-9.0.jar
+popd
+export JVM_ARGS="--modulepath $PWD/lib/modules"
+./bin/jmeter
+ </source>
+ </dd>
+ </dl>
+</li>
-<h3>Controllers</h3>
-<ul>
</ul>
-<h3>Listeners</h3>
+<!-- =================== 5.4.2 =================== -->
+
+<h1>Version 5.4.2</h1>
+<p>
+Summary
+</p>
+<p>This version is a fix release against the vulnerability CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.
+</p>
<ul>
+<li><a href="#Non-functional changes">Non-functional changes</a></li>
+<li><a href="#Known problems and workarounds">Known problems and workarounds</a></li>
+
</ul>
-<h3>Timers, Assertions, Config, Pre- & Post-Processors</h3>
+<ch_section>Non-functional changes</ch_section>
<ul>
+ <li>Updated Apache log4j2 to 2.16.0 (from 2.13.3).</li>
</ul>
-<h3>Functions</h3>
+ <!-- =================== Known bugs or issues related to JAVA Bugs =================== -->
+
+<ch_section>Known problems and workarounds</ch_section>
<ul>
+<li>The Once Only controller behaves correctly under a Thread Group or Loop Controller,
+but otherwise its behaviour is not consistent (or clearly specified).</li>
+
+<li>
+The numbers that appear to the left of the green box are the number of active threads / total number of threads,
+the total number of threads only applies to a locally run test, otherwise it will show <code>0</code> (see <bugzilla>55510</bugzilla>).
+</li>
+
+<li>
+Note that under some windows systems you may have this WARNING:
+<source>
+java.util.prefs.WindowsPreferences
+WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0
+x80000002. Windows RegCreateKeyEx(…) returned error code 5.
+</source>
+The fix is to run JMeter as Administrator, it will create the registry key for you, then you can restart JMeter as a normal user and you won't have the warning anymore.
+</li>
+
+<li>
+You may encounter the following error:
+<source>java.security.cert.CertificateException: Certificates does not conform to algorithm constraints</source>
+ if you run a HTTPS request on a web site with a SSL certificate (itself or one of SSL certificates in its chain of trust) with a signature
+ algorithm using MD2 (like <code>md2WithRSAEncryption</code>) or with a SSL certificate with a size lower than 1024 bits.
+This error is related to increased security in Java 8+.
+<br></br>
+To allow you to perform your HTTPS request, you can downgrade the security of your Java installation by editing
+the Java <code>jdk.certpath.disabledAlgorithms</code> property. Remove the MD2 value or the constraint on size, depending on your case.
+<br></br>
+This property is in this file:
+<source>JAVA_HOME/jre/lib/security/java.security</source>
+See <bugzilla>56357</bugzilla> for details.
+</li>
+
+<li>
+Under Mac OSX Aggregate Graph will show wrong values due to mirroring effect on numbers.
+This is due to a known Java bug, see Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8065373" >JDK-8065373</a>
+The fix is to use JDK8_u45 or later.
+</li>
+
+<li>
+View Results Tree may fail to display some HTML code under HTML renderer, see <bugzilla>54586</bugzilla>.
+This is due to a known Java bug which fails to parse "<code>px</code>" units in row/col attributes.
+See Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8031109" >JDK-8031109</a>
+The fix is to use JDK9 b65 or later.
+</li>
+
+<li>
+JTable selection with keyboard (<keycombo><keysym>SHIFT</keysym><keysym>up/down</keysym></keycombo>) is totally unusable with Java 7 on Mac OSX.
+This is due to a known Java bug <a href="https://bugs.openjdk.java.net/browse/JDK-8025126" >JDK-8025126</a>
+The fix is to use JDK 8 b132 or later.
+</li>
+
+<li>
+Since Java 11 the JavaScript implementation <a href="https://openjdk.java.net/jeps/335">Nashorn has been deprecated</a>.
+Java will emit the following deprecation warnings, if you are using JavaScript based on Nashorn.
+<source>
+Warning: Nashorn engine is planned to be removed from a future JDK release
+</source>
+To silence these warnings, add <code>-Dnashorn.args=--no-deprecation-warning</code> to your Java arguments.
+That can be achieved by setting the enviroment variable <code>JVM_ARGS</code>
+<source>
+export JVM_ARGS="-Dnashorn.args=--no-deprecation-warning"
+</source>
+</li>
+
+<li>
+With Java 15 the JavaScript implementation <a href="https://openjdk.java.net/jeps/372">Nashorn has been removed</a>. To add back a JSR-223 compatible JavaScript engine you have two options:
+ <dl>
+ <dt>Use Mozilla Rhino</dt>
+ <dd>Copy <a href="https://github.com/mozilla/rhino/releases/download/Rhino1_7_13_Release/rhino-engine-1.7.13.jar">rhino-engine-1.7.13.jar</a> into <code>$JMETER_HOME/lib/ext</code>.</dd>
+ <dt>Use OpenJDK Nashorn</dt>
+ <dd>
+ The OpenJDK Nashorn implementation comes as a module. To use it, you will have to download it and add it to the module path. A hacky way to download the version 15.0 and its dependencies and set the module path is outlined below:
+ <source>
+mkdir lib/modules
+pushd lib/modules
+wget https://repo1.maven.org/maven2/org/openjdk/nashorn/nashorn-core/15.0/nashorn-core-15.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm/9.0/asm-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-commons/9.0/asm-commons-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-util/9.0/asm-util-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-tree/9.0/asm-tree-9.0.jar
+wget https://repo1.maven.org/maven2/org/ow2/asm/asm-analysis/9.0/asm-analysis-9.0.jar
+popd
+export JVM_ARGS="--modulepath $PWD/lib/modules"
+./bin/jmeter
+ </source>
+ </dd>
+ </dl>
+</li>
+
</ul>
-<h3>I18N</h3>
+<!-- =================== 5.4.1 =================== -->
+
+<h1>Version 5.4.1</h1>
+<p>
+Summary
+</p>
<ul>
+<li><a href="#Incompatible changes">Incompatible changes</a></li>
+<li><a href="#Non-functional changes">Non-functional changes</a></li>
+<li><a href="#Known problems and workarounds">Known problems and workarounds</a></li>
+<li><a href="#Thanks">Thanks</a></li>
+
</ul>
-<h3>Report / Dashboard</h3>
+<ch_section>Incompatible changes</ch_section>
<ul>
+ <li>Restart after LAF change has been reinstated, it had been removed in JMeter 5.3</li>
</ul>
+<!-- =================== Improvements =================== -->
+
+<ch_section>Improvements</ch_section>
<h3>General</h3>
<ul>
@@ -153,32 +337,12 @@ Summary
the case of waiting for an EOM.</li>
</ul>
-<h3>Controllers</h3>
-<ul>
-</ul>
-
<h3>Listeners</h3>
<ul>
<li><bug>64821</bug>When importing XML formatted jtl files, sub samplers will get renamed</li>
<li><bug>65052</bug>XPath2 Tester and JSON JMESPath Tester are missing in <code>view.results.tree.renderers_order</code> property</li>
</ul>
-<h3>Timers, Assertions, Config, Pre- & Post-Processors</h3>
-<ul>
-</ul>
-
-<h3>Functions</h3>
-<ul>
-</ul>
-
-<h3>I18N</h3>
-<ul>
-</ul>
-
-<h3>Report / Dashboard</h3>
-<ul>
-</ul>
-
<h3>Documentation</h3>
<ul>
<li><bug>64960</bug>Change scheduler reference in Thread Group documentation. Contributed by Ori Marko</li>