Uploaded image for project: 'Apache Cassandra'
  1. Apache Cassandra
  2. CASSANDRA-15678

Updates for 3.11.6 got overwritten for NEWS.txt, CHANGES.txt

    XMLWordPrintableJSON

Details

    Description

      Background

      I discovered by accident that the C* 3.11.6 sections are missing from the trunk version of [NEWS.txt|https://github.com/apache/cassandra/blob/trunk/NEWS.txt] and CHANGES.txt. I've posted the missing text below.

      NEWS.txt

      PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
      ------------------------------------------------------------------
      QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
      SocketServer and ServerSocketReceiver components.Logback has not been upgraded to avoid breaking deployments and customizations
      based on older versions. If you are using vulnerable components you will need
      to upgrade to a newer version of Logback or stop using the vulnerable components. 
      3.11.6
      ======
      
      Upgrading
      ---------
          - Sstables for tables using with a frozen UDT written by C* 3.0 appear as corrupted.
      
            Background: The serialization-header in the -Statistics.db sstable component contains the type information
            of the table columns. C* 3.0 write incorrect type information for frozen UDTs by omitting the
            "frozen" information. Non-frozen UDTs were introduced by CASSANDRA-7423 in C* 3.6. Since then, the missing
            "frozen" information leads to deserialization issues that result in CorruptSSTableExceptions, potentially other
            exceptions as well.
      
            As a mitigation, the sstable serialization-headers are rewritten to contain the missing "frozen" information for
            UDTs once, when an upgrade from C* 3.0 is detected. This migration does not touch snapshots or backups.
      
            The sstablescrub tool now performs a check of the sstable serialization-header against the schema. A mismatch of
            the types in the serialization-header and the schema will cause sstablescrub to error out and stop by default.
            See the new `-e` option. `-e off` disables the new validation code. `-e fix` or `-e fix-only`, e.g.
            `sstablescrub -e fix keyspace table`, will validate the serialization-header, rewrite the non-frozen UDTs
            in the serialzation-header to frozen UDTs, if that matches the schema, and continue with scrub.
            See `sstablescrub -h`.
            (CASSANDRA-15035)
      	- repair_session_max_tree_depth setting has been added to cassandra.yaml to allow operators to reduce
      	  merkle tree size if repair is creating too much heap pressure. See CASSANDRA-14096 for details.
          - Nothing specific to this release, but please see previous upgrading sections,
            especially if you are upgrading from 3.0.
      

      CHANGES.txt

      3.11.6
       * Fix bad UDT sstable metadata serialization headers written by C* 3.0 on upgrade and in sstablescrub (CASSANDRA-15035)
       * Fix nodetool compactionstats showing extra pending task for TWCS - patch implemented (CASSANDRA-15409)
       * Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
       * Fix LegacyLayout to have same behavior as 2.x when handling unknown column names (CASSANDRA-15081)
       * Update nodetool help stop output (CASSANDRA-15401)
      Merged from 3.0:
       * Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
       * Include updates to static column in mutation size calculations (CASSANDRA-15293)
       * Fix point-in-time recoevery ignoring timestamp of updates to static columns (CASSANDRA-15292)
       * GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
       * Fix sstabledump's position key value when partitions have multiple rows (CASSANDRA-14721)
       * Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364)
       * Bump generations and document changes to system_distributed and system_traces in 3.0, 3.11
         (CASSANDRA-15441)
       * Fix system_traces creation timestamp; optimise system keyspace upgrades (CASSANDRA-15398)
       * Fix various data directory prefix matching issues (CASSANDRA-13974)
       * Minimize clustering values in metadata collector (CASSANDRA-15400)
       * Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
       * validate value sizes in LegacyLayout (CASSANDRA-15373)
       * Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by default (CASSANDRA-15385)
       * Make sure index summary redistribution does not start when compactions are paused (CASSANDRA-15265)
       * Ensure legacy rows have primary key livenessinfo when they contain illegal cells (CASSANDRA-15365)
       * Fix race condition when setting bootstrap flags (CASSANDRA-14878)
      Merged from 2.2:
       * Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
       * In-JVM DTest: Set correct internode message version for upgrade test (CASSANDRA-15371)
       * In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
       * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
      

      Attachments

        1. 15678-trunk.txt
          5 kB
          Erick Ramirez (deprecated)

        Issue Links

          Activity

            People

              flightc Erick Ramirez (deprecated)
              flightc Erick Ramirez (deprecated)
              Erick Ramirez (deprecated)
              Jon Haddad
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m