Erick Ramirez created CASSANDRA-15678:
-----------------------------------------
Summary: Updates for 3.11.6 got overwritten for NEWS.txt,
CHANGES.txt
Key: CASSANDRA-15678
URL: https://issues.apache.org/jira/browse/CASSANDRA-15678
Project: Cassandra
Issue Type: Bug
Components: Documentation/NEWS.txt
Reporter: Erick Ramirez
Assignee: Erick Ramirez
h2. Background
I discovered by accident that the C* 3.11.6 sections are missing from the
{{trunk}} version ofÂ
[NEWS.txt|[https://github.com/apache/cassandra/blob/trunk/NEWS.txt]] and
[CHANGES.txt|https://github.com/apache/cassandra/blob/trunk/CHANGES.txt]. I've
posted the missing text below.
h2.
[NEWS.txt|https://github.com/apache/cassandra/blob/cassandra-3.11.6/NEWS.txt]
{noformat}
PLEASE READ: CVE-2017-5929 LOGBACK BEFORE 1.2.0 SERIALIZATION VULNERABILITY
------------------------------------------------------------------
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the
SocketServer and ServerSocketReceiver components.Logback has not been upgraded
to avoid breaking deployments and customizations
based on older versions. If you are using vulnerable components you will need
to upgrade to a newer version of Logback or stop using the vulnerable
components. {noformat}
{noformat}
3.11.6
======
Upgrading
---------
- Sstables for tables using with a frozen UDT written by C* 3.0 appear as
corrupted.
Background: The serialization-header in the -Statistics.db sstable
component contains the type information
of the table columns. C* 3.0 write incorrect type information for frozen
UDTs by omitting the
"frozen" information. Non-frozen UDTs were introduced by CASSANDRA-7423
in C* 3.6. Since then, the missing
"frozen" information leads to deserialization issues that result in
CorruptSSTableExceptions, potentially other
exceptions as well.
As a mitigation, the sstable serialization-headers are rewritten to
contain the missing "frozen" information for
UDTs once, when an upgrade from C* 3.0 is detected. This migration does
not touch snapshots or backups.
The sstablescrub tool now performs a check of the sstable
serialization-header against the schema. A mismatch of
the types in the serialization-header and the schema will cause
sstablescrub to error out and stop by default.
See the new `-e` option. `-e off` disables the new validation code. `-e
fix` or `-e fix-only`, e.g.
`sstablescrub -e fix keyspace table`, will validate the
serialization-header, rewrite the non-frozen UDTs
in the serialzation-header to frozen UDTs, if that matches the schema,
and continue with scrub.
See `sstablescrub -h`.
(CASSANDRA-15035)
- repair_session_max_tree_depth setting has been added to
cassandra.yaml to allow operators to reduce
merkle tree size if repair is creating too much heap pressure. See
CASSANDRA-14096 for details.
- Nothing specific to this release, but please see previous upgrading
sections,
especially if you are upgrading from 3.0.
{noformat}
h2.
[CHANGES.txt|https://github.com/apache/cassandra/blob/cassandra-3.11.6/CHANGES.txt]
{noformat}
3.11.6
* Fix bad UDT sstable metadata serialization headers written by C* 3.0 on
upgrade and in sstablescrub (CASSANDRA-15035)
* Fix nodetool compactionstats showing extra pending task for TWCS - patch
implemented (CASSANDRA-15409)
* Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075)
* Fix LegacyLayout to have same behavior as 2.x when handling unknown column
names (CASSANDRA-15081)
* Update nodetool help stop output (CASSANDRA-15401)
Merged from 3.0:
* Run in-jvm upgrade dtests in circleci (CASSANDRA-15506)
* Include updates to static column in mutation size calculations
(CASSANDRA-15293)
* Fix point-in-time recoevery ignoring timestamp of updates to static columns
(CASSANDRA-15292)
* GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306)
* Fix sstabledump's position key value when partitions have multiple rows
(CASSANDRA-14721)
* Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364)
* Bump generations and document changes to system_distributed and
system_traces in 3.0, 3.11
(CASSANDRA-15441)
* Fix system_traces creation timestamp; optimise system keyspace upgrades
(CASSANDRA-15398)
* Fix various data directory prefix matching issues (CASSANDRA-13974)
* Minimize clustering values in metadata collector (CASSANDRA-15400)
* Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405)
* validate value sizes in LegacyLayout (CASSANDRA-15373)
* Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by
default (CASSANDRA-15385)
* Make sure index summary redistribution does not start when compactions are
paused (CASSANDRA-15265)
* Ensure legacy rows have primary key livenessinfo when they contain illegal
cells (CASSANDRA-15365)
* Fix race condition when setting bootstrap flags (CASSANDRA-14878)
Merged from 2.2:
* Fix SELECT JSON output for empty blobs (CASSANDRA-15435)
* In-JVM DTest: Set correct internode message version for upgrade test
(CASSANDRA-15371)
* In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429)
* Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426)
{noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
