You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jon Haddad (Jira)" <ji...@apache.org> on 2020/04/01 19:36:00 UTC
[jira] [Commented] (CASSANDRA-15678) Updates for 3.11.6 got
overwritten for NEWS.txt, CHANGES.txt
[ https://issues.apache.org/jira/browse/CASSANDRA-15678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17073130#comment-17073130 ]
Jon Haddad commented on CASSANDRA-15678:
----------------------------------------
Thanks, committed.
> Updates for 3.11.6 got overwritten for NEWS.txt, CHANGES.txt
> ------------------------------------------------------------
>
> Key: CASSANDRA-15678
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15678
> Project: Cassandra
> Issue Type: Bug
> Components: Documentation/NEWS.txt
> Reporter: Erick Ramirez
> Assignee: Erick Ramirez
> Priority: Normal
> Labels: pull-request-available
> Fix For: 4.0-alpha
>
> Attachments: 15678-trunk.txt
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> h2. Background
> I discovered by accident that the C* 3.11.6 sections are missing from the {{trunk}} version of [NEWS.txt|[https://github.com/apache/cassandra/blob/trunk/NEWS.txt]] and [CHANGES.txt|https://github.com/apache/cassandra/blob/trunk/CHANGES.txt]. I've posted the missing text below.
> h2. [NEWS.txt|https://github.com/apache/cassandra/blob/cassandra-3.11.6/NEWS.txt]
> {noformat}
> PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
> ------------------------------------------------------------------
> QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
> SocketServer and ServerSocketReceiver components.Logback has not been upgraded to avoid breaking deployments and customizations
> based on older versions. If you are using vulnerable components you will need
> to upgrade to a newer version of Logback or stop using the vulnerable components. {noformat}
> {noformat}
> 3.11.6
> ======
> Upgrading
> ---------
> - Sstables for tables using with a frozen UDT written by C* 3.0 appear as corrupted.
> Background: The serialization-header in the -Statistics.db sstable component contains the type information
> of the table columns. C* 3.0 write incorrect type information for frozen UDTs by omitting the
> "frozen" information. Non-frozen UDTs were introduced by CASSANDRA-7423 in C* 3.6. Since then, the missing
> "frozen" information leads to deserialization issues that result in CorruptSSTableExceptions, potentially other
> exceptions as well.
> As a mitigation, the sstable serialization-headers are rewritten to contain the missing "frozen" information for
> UDTs once, when an upgrade from C* 3.0 is detected. This migration does not touch snapshots or backups.
> The sstablescrub tool now performs a check of the sstable serialization-header against the schema. A mismatch of
> the types in the serialization-header and the schema will cause sstablescrub to error out and stop by default.
> See the new `-e` option. `-e off` disables the new validation code. `-e fix` or `-e fix-only`, e.g.
> `sstablescrub -e fix keyspace table`, will validate the serialization-header, rewrite the non-frozen UDTs
> in the serialzation-header to frozen UDTs, if that matches the schema, and continue with scrub.
> See `sstablescrub -h`.
> (CASSANDRA-15035)
> - repair_session_max_tree_depth setting has been added to cassandra.yaml to allow operators to reduce
> merkle tree size if repair is creating too much heap pressure. See CASSANDRA-14096 for details.
> - Nothing specific to this release, but please see previous upgrading sections,
> especially if you are upgrading from 3.0.
> {noformat}
> h2. [CHANGES.txt|https://github.com/apache/cassandra/blob/cassandra-3.11.6/CHANGES.txt]
> {noformat}
> 3.11.6
> * Fix bad UDT sstable metadata serialization headers written by C* 3.0 on upgrade and in sstablescrub (CASSANDRA-15035)
> * Fix nodetool compactionstats showing extra pending task for TWCS - patch implemented (CASSANDRA-15409)
> * Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
> * Fix LegacyLayout to have same behavior as 2.x when handling unknown column names (CASSANDRA-15081)
> * Update nodetool help stop output (CASSANDRA-15401)
> Merged from 3.0:
> * Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
> * Include updates to static column in mutation size calculations (CASSANDRA-15293)
> * Fix point-in-time recoevery ignoring timestamp of updates to static columns (CASSANDRA-15292)
> * GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
> * Fix sstabledump's position key value when partitions have multiple rows (CASSANDRA-14721)
> * Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364)
> * Bump generations and document changes to system_distributed and system_traces in 3.0, 3.11
> (CASSANDRA-15441)
> * Fix system_traces creation timestamp; optimise system keyspace upgrades (CASSANDRA-15398)
> * Fix various data directory prefix matching issues (CASSANDRA-13974)
> * Minimize clustering values in metadata collector (CASSANDRA-15400)
> * Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
> * validate value sizes in LegacyLayout (CASSANDRA-15373)
> * Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by default (CASSANDRA-15385)
> * Make sure index summary redistribution does not start when compactions are paused (CASSANDRA-15265)
> * Ensure legacy rows have primary key livenessinfo when they contain illegal cells (CASSANDRA-15365)
> * Fix race condition when setting bootstrap flags (CASSANDRA-14878)
> Merged from 2.2:
> * Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
> * In-JVM DTest: Set correct internode message version for upgrade test (CASSANDRA-15371)
> * In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
> * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org