Bug Fixes (3.0.3)

3.0.3

Version Case ID Internal ID Components Summary
3.0.3

40887

XE-9828

SFTP

 Too Many Requests to SFTP Server Causes Workflow to Hang

Description

When collecting files with the SFTP collection agent, the workflow hangs if the client sends hundreds of requests which the server cannot handle.

Resolution

The 3pp used by the SFTP agents have been upgraded and the maximum number of requests to the server has been limited to 16.

3.0.2

Version Case ID Internal ID Components Summary
3.0.2

40789

XE-9842

Database Agents

 Database Agent Aborts with NPE

Description

A NullPointerException is thrown when attempting to assign a null value to a primitive type of integer when trying to store the value to database.

Resolution

This problem has now been fixed, and a NullPointerException will not be thrown when assigning null values.
3.0.2

40804

XE-9810

External References

 External Reference with Escape Characters Handled Incorrectly

Description

An external reference value with escape characters, such as a new line, was literally taken, i.e. converted to a string as is when using External Reference Database or Kubernetes.

Resolution

Now the value field can contain a multi lined value. If escape characters are added these will be handled correct.
3.0.2

40804

XE-9810

External References

 Limit on External Reference Values Too Small

Description

The current limit of 1000 characters for an External Reference value is not enough to store values like private key.

Resolution

The limit has now been increased to 4000 characters.
3.0.2

41026

XE-9861

Data Veracity

Upgrade

 Users without Data Veracity Licenses Receives Errors for Workflow Properties

Description

When a user that does not have a license for Data Veracity tries to open Workflow Properties, an error will be displayed.

Resolution

This issue has now bee fixed and users without Data Veracity licenses can open Workflow Properties.

3.0.1

Version Case ID Internal ID Components Summary
3.0.1

XE-8967

Salesforce

 Salesforce Agent Throws Errors in Older Configurations

Description

When trying to open the Salesforce agent in a workflow that was created in an earlier version, you get a Null Pointer Exception.

Resolution

This problem has now been fixed and workflows with Salesforce agents created in earlier versions of MediationZone can be opened without errors.
3.0.1

XE-9431

Core

 Deserialization of UDRs May Result in a ClassCastException

Description

When stored UDRs from earlier versions of MediationZone are deserialized, you may get a ClassCast Exception.

Resolution

This problem has now been fixed and deserialization should work as intended.

3.0.0

Version Case ID Internal ID Components Summary
3.0.0

XE-8530

Web Desktop

 Vulnerability in Apache Commons

Description

The Apache Commons library contains a vulnerability (CVE-2023-24998).

Resolution

Apache Commons has been upgraded to a non-vulnerable version.
3.0.0

XE-8396

Helm

Kubernetes

 Default JVM Args Too Limiting

Description

The current default JVM args for the Platform: - XX:MaxDirectMemorySize=4096m 3 - XX:MaxMetaspaceSize=256m 4 - Xms256m 5 - Xmx512m is limiting and should be updated.

Resolution

The default values have now been updated to: - XX:MaxDirectMemorySize=4096m - XX:MaxMetaspaceSize=256m - Xms256m - Xmx512m
3.0.0

39143

XE-8281

Aggregation

 Documentation for Aggregation Write Locks Misleading

Description

The documentation regarding write locks for Aggregation is misleading regarding possible number of simultaneous locks.

Resolution

The documentation has now been updated to say that only one lock can exist in all bullet points in the Aggregation profile configuration description.
3.0.0

XE-8181

Data Veracity

 Nullpointer Exception Introduced by a Previous Fix

Description

Due to a previous bug fix, an exception is caused due to accessing an uninitialized list.

Resolution

This problem has now be sovled and a check for an empty null value of the list has been added.
3.0.0

XE-8169

Operator

 Vulnerability Detected in goyaml

Description

A CVE regarding goyaml, CVE-2022-28948, was detected in the operator.

Resolution

goyaml has now been upgraded and this vulnerability removed.
3.0.0

XE-8118

Docker

Python

 Python Vulnerabilities in Docker Images

Description

Python vulnerabilities was detected in the Docker images.

Resolution

Python vulnerabilities was detected in the Docker images.
3.0.0

XE-8117

Docker

 OS Vulnerability in Docker Images

Description

A vulnerability was detected in the OS in the Docker images.

Resolution

This issue has now been fixed and the vulnerability removed.
3.0.0

XE-8077

SCIM

 SCIM Can Now Handle Default Group

Description

SCIM rest api does not handle Default Group. Incorrect information could be showed when get a user or group.

Resolution

Default group can now be added on POST, PUT, PATCH commands. Users and groups are always showing the correct information.
3.0.0

XE-8076

SCIM

 SCIM Fails when Parameter mz.security.user.restricted.login is Set

Description

SCIM rest api can not be used when parameter mz.security.user.restricted.login is set.

Resolution

SCIM can now be used with mz.security.user.restricted.login.
3.0.0

37567

XE-8011

PCC

 PCC Proxy Cannot Access PCC REST APIs Dynamically

Description

It is not possible to use the PCC Proxy to access PCC REST APIs via the platform without setting up NodePort services for the EC web server, since you have to explicitly point out the EC host in the mz.pcc.restful.host property.

Resolution

The PCC proxy now dynamically detects registered clients. As long as you have any running ECD with PCC enabled no explicit configuration is needed.
3.0.0

35090

XE-7962

OpenAPI Profile

 JsonEncodeUdr APL Function Does Not Retain Original Field Name

Description

When encoding UDRs with the JsonEncodeUdr APL function, the UDRs containing field names starting with numbers or symbols are modified to satisfy Java class naming rules.

Resolution

Fix the encoding function to retain the original field name.
3.0.0

35530

36058

XE-7932

EC Deployments

 ECDs with PackageImages Fail to Startup

Description

When having a package image defined for an ECD, the check for existing workflows is done before docker init, and since it is the docker init that does the import in the CI/CD pipeline, the workflows will not be present when the check is done and the ECD will never startup and return a 404 error.

Resolution

This problem has now been fixed, and ECDs with package images start up as expected.
3.0.0

XE-7923

Documentation

 Missing Documentation for System Tasks

Description

Documentation for many System Tasks is missing.

Resolution

The documentation has now been updated to describe System Tasks.
3.0.0

35504

XE-7790

Aggregation

 Cache Update by the System Fails Due to Version Change of Workflow Package

Description

When updating the cache, the system tries to update all the classes referred in the Workflow package import irrespective of whether the referred classes may or may not be present/used in the packages.

Resolution

Skip unused/unavailable classes and type info during cache update.
3.0.0

XE-7763

Netty

 Vulnerability in Netty

Description

A CVE regarding Netty, CVE-2022-41881, was detected.

Resolution

Netty has now been upgraded and this vulnerability is removed.
3.0.0

XE-7750

Web Services

 Vulnerability in Apache CXF

Description

Apache CXF contains vulnerabilities (CVE-2022-46364 and CVE-2022-46363).

Resolution

Apache CXF have been upgraded to a non-vulnerable version.
3.0.0

XE-7748

Operator

 Debian Version in Operator EOL

Description

The Debian version used by the operator has now reached end of support and needs to be upgraded.

Resolution

The Debian version has now been upgraded to Debian 11.
3.0.0

XE-7712

MZSH

 Incorrect Handling of Some MZSH Command Failures

Description

Some mzsh commands failures are not reported by the mzsh command line tool. Instead mzsh just silently fails, giving no feedback or error message.

Resolution

This problem has now been fixed and for any exceptions, an explicit message will be displayed.
3.0.0

34957

XE-7709

Data Veracity

 Data Veracity Masking Does Not Mask All Selected Fields

Description

When using Data Veracity Masking, UDR List type fields can be selected for masking but the values are not masked in view UDR.

Resolution

This problem has now been fixed, and the selected UDR List fields are now masked.
3.0.0

XE-7677

Apache

 Vulnerability in Commons-Net

Description

Commons-Net contain a vulnerability (CVE-2021-37533).

Resolution

Commons-net have been upgraded to a non-vulnerable version.
3.0.0

35051

35291

XE-7663

OpenAPI Profile

 OpenAPI Throws Error When Decoding Array Schema

Description

When using the Http agents with Open API Profile, the agent does not handle requests that contains array schema properly and throws null pointer exception.

Resolution

This issue has now been fixed and the agent can handle requests with array schemas. Array schemas will be added to the open api class but will be skipped during decoding.
3.0.0

XE-7658

HTTP/2

 Netty Version Upgraded

Description

A security vulnerability has been found in Netty versions 3.10.6.Final and 4.1.15.Final.

Resolution

Netty version is now upgraded to 4.1.73.Final to mitigate the reported vulnerability.
3.0.0

XE-7657

Ultra

 bit_block Constructs Not Supported in Switch Statement Prefix

Description

Ultra doesn't support declaring bit_blocks in the prefix of a switched_set.

Resolution

Ultra has been updated to support bit_blocks in the prefix of a switched_set. The fields inside the bit_block can be used as any other field in the prefix.
3.0.0

XE-7655

MZSH

 mzsh user Command Not Handling Input As Expected

Description

The "mzsh mzadmin/dr help user" command returns an output that does not corroborate with the information specified in the documentation. It describes that the "command" and "command options" are optional. Also, when running the command without any argument like "help", a long java.lang.IndexOutOfBoundsException error is displayed.

Resolution

The issue is fixed by specifying the format of the command to be used on the console. When entering the command without any arguments like help, an "Invalid command was entered" error is displayed along with information on how to use the command.
3.0.0

XE-7654

Avro

 Unable to Decode Boolean Data Type Avro

Description

Unable to decode Avro if boolean data types exist in the middle of field definition.

Resolution

Fixed the boolean decode with the correct offset reading.
3.0.0

XE-7653

Aggregation

 Validate Storage not Fixing Storage

Description

If session files are corrupted in file storage aggregation then validate storage should fix corrupted files. In some cases it does not work.

Resolution

Full (raw and decoded) file reading is implemented for validate storage to identify invalid sessions and remove it make the file valid.
3.0.0

XE-7651

LDAP

 Users Belonging to Multiple non-MZ Groups Failing Login to mzsh

Description

When LDAP is configured for an MZ instance, the mzsh command does not work for users belonging to multiple non-MZ groups.

Resolution

A filter has been added to check only for users from MZ groups.
3.0.0

XE-7646

Azure

 Vulnerability in Azure Libraries

Description

The Azure Libraries package contain a vulnerability (CVE-2022-31684).

Resolution

The Azure Libraries package have been upgraded to a non-vulnerable version.
3.0.0

XE-7639

Operator

 Upgrade of Golang in Operator

Description

The version of Golang used within the Operator is vulnerable to multiple CVEs.

Resolution

The Operator have been patched to use Golang 1.19.3.
3.0.0

XE-7624

PCC

 Redis Cannot be Used as Storage for PCC

Description

When using Usage Engine Private Edition 2.3, it is not possible to use Redis as storage for PCC as described.

Resolution

This problem has now been fixed and Redis can be used as storage for PCC.
3.0.0

XE-7623

Postgres

 Vulnerability in Postgres driver

Description

The Postgres driver contain a vulnerability (CVE-2022-41946).

Resolution

The Postgres driver has been upgraded to a non-vulnerable version.
3.0.0

34957

XE-7618

Documentation

 Unsupported Data Type for Data Veracity Only Mentioned in the Data Veracity Search Page

Description

We do not support List and Map types for Data Veracity filter, repair and data masking. The documentation only mentions this fact in the Data Veracity search page.

Resolution

The note for unsupported data types for Data Veracity has now been added into the other parts of the documentation for Data Veracity. Namely in the filter, repair and data masking pages.
3.0.0

XE-7614

Pico

 Increased Startup Times for Platform and ECDs

Description

The startup time for the Platform and ECDs have increased gradually between the last three releases.

Resolution

This problem has now been addressed and the startup time reduced considerably.
3.0.0

34944

35480

XE-7584

Aggreagation

 Aggregation Session Inspector Cannot Handle Separate Storage per Workflow

Description

If there is a issue when fetching information about which EC group has been used with an Aggregation profile, the Aggregation Inspector returns an error instead of displaying information about any aggregation profiles that can be procured. This was caused by incorrect checking of EC group names by the Aggregation Inspector.

Resolution

The Aggregation Inspector code has been fixed to perform a proper search for EC groups that an Aggregation profile uses.
3.0.0

XE-7561

Prometheus

 Vulnerability in JMX-exporter

Description

JMX-exporter contains vulnerabilities (CVE-2022-38752).

Resolution

JMX-exporter have been upgraded to a non-vulnerable version.
3.0.0

XE-7529

SFTP

 Sort Order Criteria not Always Applied to SFTP Collection Agent

Description

When using the SFTP Collection Agent, the configured Sort Order criteria is not applied to subfolders when the SFTP collection agent setting is as follow:Include Subfolder option under Source tab is selected andEnable Sort Order option under Sort Order tab is selected andthe specified Directory contains only 1 subfolder (the said subfolder)The SFTP collection workflow run is expected to abort when the said subfolder does not meet the Sort Order criteria but instead the workflow runs successfully without error.

Resolution

This is fixed so that Sort Order criteria is applied when there is only 1 subfolder within the specified Directory.
3.0.0

XE-7521

OSGI

 bndlib Version Getting Old

Description

Newer versions of bndlib has been released that we should upgrade to.

Resolution

bndlib has now been updated to 6.3.1.
3.0.0

34356

XE-7483

Data Veracity

 Unable to Specify Schema for Data Veracity Tables

Description

Postgres schema name may be something else other than username. When using Postgres DB with Data Veracity, it was not possible to edit table names in Data Veracity Profile to include schema name with a dot '.', e.g.: schemaName.dvTableName. Any dots in the specified table name simply gets replaced with underscores "_".

Resolution

This fix allows schema name to be specified for Data Veracity table names. Data Veracity interprets the portion of name before the 1st dot '.' as schema name.
3.0.0

XE-7480

SAP CC

 SAP CC Online agent timeout functionality working as expected now

Description

SAP CC Online agent ignored the timeout value.

Resolution

Revert the refactor implementation code, SAP CC Online agent timeout function is working as before.
3.0.0

34339

XE-7443

SFTP

 Extra Dot/Slash in SFTP Collection Error Message

Description

SFTP Collection agent displays an ugly path containing extra dot and slash in exception message.

Resolution

Before the program throws out an exception which displays an ugly path, it requires normalization to get rid of the unwanted dot and slash.
3.0.0

34339

XE-7442

SFTP

 Sorting Causes SFTP Collection to Crash

Description

Using relative paths on the Directory field in SFTP collection agent causes workflows to abort because the absolute path is constructed incorrectly.

Resolution

Avoid changing the the working directory as the program traverses into different folders and subfolders. Instead, construct the absolute path dynamically each time as it tries to find the list of files and folders available in the current folder.
3.0.0

34424

XE-7353

Aggregation

Couchbase

 Properties for Couchbase Incorrectly Displayed in Aggregation Agent for Batch Workflows

Description

Despite Couchbase storage not being supported by batch workflows, the Couchbase properties were still displayed when configuring the Aggregation profile.

Resolution

Couchbase properties will not be displayed during configuration unless it is a real-time workflow.
3.0.0

30923

XE-7347

Workflow Engine

 Failing to Stop Workflow May Cause the Workflow to Hang in Stopping State

Description

If a workflow stop fails, the workflow state may get into an unrecoverable state. It will then be Running and can not be stopped unless the Execution Context is restarted.

Resolution

A workflow stop command will now always attempt to stop the workflow, even if the stop signal has already been sent.
3.0.0

XE-7315

Web Desktop

 Vulnerability in WebSwing

Description

WebSwing contains vulnerabilities (CVE-2022-42920, CVE-2022-3171, CVE-2022-42003 and CVE-2022-42004).

Resolution

WebSwing have been upgraded to a non-vulnerable version.
3.0.0

XE-7228

Jackson

 Vulnerability in Jackson libraries

Description

The Jackson libraries contain vulnerabilities (CVE-2022-42003 and CVE-2022-42004).

Resolution

Jackson and Jackson-databind have been upgraded to a non-vulnerable version.
3.0.0

32605

XE-7109

Documentation

 Database Property Parameter Missing in Documentation

Description

The documentation for EC Properties was missing a database property, connectionpool.strict.pool.size.

Resolution

The missing parameter is now added to the Infozone under the section of EC properties.
3.0.0

XE-7100

Salesforece

 Vulnerability in CometD

Description

The CometD Library contain a vulnerability (CVE-2022-24721).

Resolution

The CometD library have been upgraded to a non-vulnerable version.
3.0.0

33129

XE-6961

EC Deployment

 Broken Error Handling for EC Deployment API

Description

Sometimes the ResponseBody of an kubernetes ApiException can be null, which results in a null pointer exception in the EC Deployment API.

Resolution

This problem has now been fixed and if the ResponseBody is null, an error message will be displayed.
3.0.0

XE-7783

SAP CC

 Wrong Password May Allow SAP CC Workflow to Start

Description

When user insert a wrong SAP CC login password, workflow can be start without abort, no authentication failed message at debug mode.

Resolution

When authentication failed it will immediately showing error and abort the workflow.
3.0.0

XE-2445

mzcli

 Variable Substitution not Working for mzcli

Description

The mzcli script is unable to substitute environment variables in a command.

Resolution

This issue has now been fixed and the environment variables are substituted successfully.