[
https://issues.apache.org/jira/browse/CASSANDRA-15678?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Erick Ramirez updated CASSANDRA-15678:
--------------------------------------
Bug Category: Parent values: Correctness(12982)
Complexity: Normal
Discovered By: User Report
Severity: Normal
Status: Open (was: Triage Needed)
> Updates for 3.11.6 got overwritten for NEWS.txt, CHANGES.txt
> ------------------------------------------------------------
>
> Key: CASSANDRA-15678
> URL: https://issues.apache.org/jira/browse/CASSANDRA-15678
> Project: Cassandra
> Issue Type: Bug
> Components: Documentation/NEWS.txt
> Reporter: Erick Ramirez
> Assignee: Erick Ramirez
> Priority: Normal
>
> h2. Background
> I discovered by accident that the C* 3.11.6 sections are missing from the
> {{trunk}} version ofÂ
> [NEWS.txt|[https://github.com/apache/cassandra/blob/trunk/NEWS.txt]] and
> [CHANGES.txt|https://github.com/apache/cassandra/blob/trunk/CHANGES.txt].
> I've posted the missing text below.
> h2.
> [NEWS.txt|https://github.com/apache/cassandra/blob/cassandra-3.11.6/NEWS.txt]
> {noformat}
> PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
> ------------------------------------------------------------------
> QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
> SocketServer and ServerSocketReceiver components.Logback has not been
> upgraded to avoid breaking deployments and customizations
> based on older versions. If you are using vulnerable components you will need
> to upgrade to a newer version of Logback or stop using the vulnerable
> components. {noformat}
> {noformat}
> 3.11.6
> ======
> Upgrading
> ---------
> - Sstables for tables using with a frozen UDT written by C* 3.0 appear as
> corrupted.
> Background: The serialization-header in the -Statistics.db sstable
> component contains the type information
> of the table columns. C* 3.0 write incorrect type information for
> frozen UDTs by omitting the
> "frozen" information. Non-frozen UDTs were introduced by CASSANDRA-7423
> in C* 3.6. Since then, the missing
> "frozen" information leads to deserialization issues that result in
> CorruptSSTableExceptions, potentially other
> exceptions as well.
> As a mitigation, the sstable serialization-headers are rewritten to
> contain the missing "frozen" information for
> UDTs once, when an upgrade from C* 3.0 is detected. This migration does
> not touch snapshots or backups.
> The sstablescrub tool now performs a check of the sstable
> serialization-header against the schema. A mismatch of
> the types in the serialization-header and the schema will cause
> sstablescrub to error out and stop by default.
> See the new `-e` option. `-e off` disables the new validation code. `-e
> fix` or `-e fix-only`, e.g.
> `sstablescrub -e fix keyspace table`, will validate the
> serialization-header, rewrite the non-frozen UDTs
> in the serialzation-header to frozen UDTs, if that matches the schema,
> and continue with scrub.
> See `sstablescrub -h`.
> (CASSANDRA-15035)
> - repair_session_max_tree_depth setting has been added to
> cassandra.yaml to allow operators to reduce
> merkle tree size if repair is creating too much heap pressure. See
> CASSANDRA-14096 for details.
> - Nothing specific to this release, but please see previous upgrading
> sections,
> especially if you are upgrading from 3.0.
> {noformat}
> h2.
> [CHANGES.txt|https://github.com/apache/cassandra/blob/cassandra-3.11.6/CHANGES.txt]
> {noformat}
> 3.11.6
> * Fix bad UDT sstable metadata serialization headers written by C* 3.0 on
> upgrade and in sstablescrub (CASSANDRA-15035)
> * Fix nodetool compactionstats showing extra pending task for TWCS - patch
> implemented (CASSANDRA-15409)
> * Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
> * Fix LegacyLayout to have same behavior as 2.x when handling unknown column
> names (CASSANDRA-15081)
> * Update nodetool help stop output (CASSANDRA-15401)
> Merged from 3.0:
> * Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
> * Include updates to static column in mutation size calculations
> (CASSANDRA-15293)
> * Fix point-in-time recoevery ignoring timestamp of updates to static
> columns (CASSANDRA-15292)
> * GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
> * Fix sstabledump's position key value when partitions have multiple rows
> (CASSANDRA-14721)
> * Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364)
> * Bump generations and document changes to system_distributed and
> system_traces in 3.0, 3.11
> (CASSANDRA-15441)
> * Fix system_traces creation timestamp; optimise system keyspace upgrades
> (CASSANDRA-15398)
> * Fix various data directory prefix matching issues (CASSANDRA-13974)
> * Minimize clustering values in metadata collector (CASSANDRA-15400)
> * Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
> * validate value sizes in LegacyLayout (CASSANDRA-15373)
> * Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by
> default (CASSANDRA-15385)
> * Make sure index summary redistribution does not start when compactions are
> paused (CASSANDRA-15265)
> * Ensure legacy rows have primary key livenessinfo when they contain illegal
> cells (CASSANDRA-15365)
> * Fix race condition when setting bootstrap flags (CASSANDRA-14878)
> Merged from 2.2:
> * Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
> * In-JVM DTest: Set correct internode message version for upgrade test
> (CASSANDRA-15371)
> * In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
> * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
