[SECURITY] CVE-2021-41079 Apache Tomcat DoS
CVE-2021-41079 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.2 Apache Tomcat 9.0.0-M1 to 9.0.43 Apache Tomcat 8.5.0 to 8.5.63 Description: When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 10.0.4 or later - Upgrade to Apache Tomcat 9.0.44 or later - Upgrade to Apache Tomcat 8.5.64 or later Note: This issue was fixed in Apache Tomcat 10.0.3 but the release vote for the 10.0.3 release candidate did not pass. Therefore, although users must download 10.0.4 to obtain a version that includes a fix for this issue, version 10.0.3 is not included in the list of affected versions. Credit: The Apache Tomcat Security Team would like to thank: - Thomas Wozenilek for originally reporting this issue - David Frankson of Infinite Campus for providing a test case that reproduced the issue. History: 2021-09-15 Original advisory References: [1] https://tomcat.apache.org/security-10.html [2] https://tomcat.apache.org/security-9.html [3] https://tomcat.apache.org/security-8.html
[ANNOUNCE] Apache IoTDB 0.12.2 is released
The Apache IoTDB team is pleased to announce the release of Apache IoTDB 0.12.2. Apache IoTDB (Database for Internet of Things) is an IoT native database with high performance for data management and analysis, deployable on the edge and the cloud. This is a bug-fixed version of 0.12.1, which includes a number of improvements: ## New Features * [IOTDB-959] Add create storage group Grammar * [IOTDB-1399] Add a session interface to connect multiple nodes * [IOTDB-1466] Support device template * [IOTDB-1491] UDTF query supported in cluster * [IOTDB-1496] Timed flush memtable * [IOTDB-1536] Support fuzzy query REGEXP * [IOTDB-1561] Support fill by specific value * [IOTDB-1565] Add sql: set system to readonly/writable * [IOTDB-1569] Timed close TsFileProcessor * [IOTDB-1586] Support mysql-style Like clause * [ISSUE-3811] Provide a data type column for the last query dataset * TTL can be set to the prefix path of storage group * add JMX monitor to all ThreadPools in the server module ## Improvements * [IOTDB-1566] Do not restrict concurrent write partitions * [IOTDB-1585] ModificationFile‘s write interface blocking * [IOTDB-1587] SessionPool optimization: a more aggressive Session creation strategy * Use StringCachedPool in TsFileResource to reduce the memory size * write performance optimization when replicaNum == 1 * Optimize Primitive Array Manager * Function Improvement: add overlapped page rate in Tracing ## Bug Fixes * [IOTDB-1282] fix C++ class SessionDataSet mem-leak * [IOTDB-1407] fix Filtering time series based on tags query fails Occasionally * [IOTDB-1437] Fix the TsFileSketchTool NPE * [IOTDB-1442] Time filter & TTL do not take effect in cluster * [IOTDB-1452] remove compaction log/ change logger to daily * [IOTDB-1447] ClientPool is blocking other nodes when one node fails * [IOTDB-1456] Fix Error occurred while executing delete timeseries statement * [IOTDB-1461] Fix compaction conflicts with ttl * [IOTDB-1462] Fix cross space compaction recover null pointer bug * [IOTDB-1464] fix take byte array null pointer * [IOTDB-1469] fix cross space compaction lost data bug * [IOTDB-1471] Fix path not right in "sg may not ready" log * [IOTDB-1475] MeasurementId check while create timeseries or template/ disable time or timestamp in timeseries path * [IOTDB-1488] Fix metaMember's forwarding clientPool timeout in cluster module * [IOTDB-1494] fix compaction block flush bug * [IoTDB-1499] Remove series registration using IoTDBSink * [IoTDB-1501] Fix compaction recover delete tsfile bug * [IOTDB-1529] Fix mlog recover idx bug and synchronize setStorageGroup * [IOTDB-1537] fix insertTablet permission * [IOTDB-1539] Fix delete operation with value filter is abnormal * [IOTDB-1540] Bug Fix: 500 when using IN operator * [IOTDB-1541] Fix query result not right due to non-precise time index of resource * [IOTDB-1542] Cpp client segment fault: char[] buffer overflow caused by long exception message * [IOTDB-1545] Query dataset memory leak on server caused by cpp client * [IOTDB-1546] Optimize the Upgrade Tool rewrite logic to reduce the temp memory cost * [IOTDB-1552] Only allow equivalent filter for TEXT data type * [IOTDB-1556] Abort auto create device when meet exception in setStorageGroup * [IOTDB-1574] Deleted file handler leak * [IOTDB-1580] Error result of order by time desc when enable time partition * [IOTDB-1584] Doesn't support order by time desc in cluster mode * [IOTDB-1588] Bug fix: MAX_TIME is incorrect in cluster mode * [IOTDB-1594] Fix show timeseries returns incorrect tag value * [IOTDB-1600] Fix InsertRowsOfOneDevicePlan being not supported in cluster mode * [IOTDB-1610] Fix TsFileRewriteTool writing incorrect data file * [ISSUE-3116] Bug when using natural month unit in time interval in group by query * [ISSUE-3316] Query result with the same time range is inconsistent in group by query * [ISSUE-3436] Fix query result not right after deleting multiple time interval of one timeseries * [ISSUE-3458] fix load configuration does not take effect * [ISSUE-3545] Fix Time interval value is disorder in group by month * [ISSUE-3653] fix Max_time and last return inconsistent result * [ISSUE-3690] Memory leaks on the server when cpp client invokes checkTimeseriesExists * [ISSUE-3805] OOM caused by Chunk cache * [ISSUE-3865] Meaningless connection reset issues caused by low default value for SOMAXCONN * Fix DataMigrationExample OOM if migrate too many timeseries * Handle false positive cases which may cause NPE of tsfile bloom filter * Fix Windows shell error on JDK11 & fix iotdb-env.bat not working * Fix cluster auto create schema bug when retry locally * Fix thrift out of sequence in cluster module * Skip non exist measurement in where clause in align by device * fix blocking query when selecting TsFile in compaction * Fix redundant data in compaction recover * Fix load tsfile with time partition enable ## Incompatible changes * [IOTDB-1485] Replace tsfile_size_threshold by