Hi all, Attached are the draft release notes for 10.10.2. It actually says 10.10.1.3 until I merge the releases in JIRA.
Please let me know if you see any irregularities, or if you think that there are bugs missing that should've been here. One thing I noticed is that the RN says 'Derby release 10.10.1.3 introduces the following new features and incompatibilities'. As we don't have new features, that's not the right wording. But it's not in releaseSummary.xml, so I'll have to track down where that comes from. MyrnaTitle: Release Notes for Apache Derby 10.10.1.3
Release Notes for Apache Derby 10.10.1.3
These notes describe the difference between Apache Derby release 10.10.1.3 and the preceding release 10.10.1.1.
Overview
The most up to date information about Derby releases can be found on the Derby download page.
Apache Derby is a pure Java relational database engine using standard SQL and JDBC as its APIs. More information about Derby can be found on the Apache web site. Derby functionality includes:
- Embedded engine with JDBC drivers
- Network Server
- Network client JDBC drivers
- Command line tools: ij (SQL scripting), dblook (schema dump) and sysinfo (system info)
Java and JDBC versions supported:
- Java SE 5 and higher with JDBC 3.0, 4.0, 4.1, and 4.2.
- Java ME CDC/Foundation Profile 1.1 with JSR-169 JDBC Optional Package for CDC/Foundation Profile.
New Features
This is a bug fix release. No new features were added.
Bug Fixes
The following issues are addressed by Derby release 10.10.1.3. These issues are not addressed in the preceding 10.10.1.1 release.
|
Issue Id
| Description |
|---|---|
| DERBY-6298 | Documentation implies column NOT NULL constraint cannot be named, but it can be. |
| DERBY-6273 | NullPointerException when using more than one parameter in COALESCE |
| DERBY-6272 | LoginTimeoutTest fails if server is missing |
| DERBY-6270 | Run Java API Documentation Updater Tool on the published javadocs |
| DERBY-6268 | Run-time statistics not collected if query contains always false predicate |
| DERBY-6258 | Restrict permissions on BACKUP.HISTORY |
| DERBY-6255 | convert i18n/messageLocale.sql |
| DERBY-6246 | convert i18n/urlLocale.sql to JUnit |
| DERBY-6244 | convert i18n/caseI_tr_TR.sql to JUnit |
| DERBY-6233 | XMLBindingTest fails on latest JDK 8 EA |
| DERBY-6225 | SecureServerTest assertion error on contents of stdout from subprocess |
| DERBY-6224 | Many test failures on latest JDK 8 EA build because of missing SQLPermission |
| DERBY-6221 | Can't select from SYS.SYSUSERS if you use a WHERE clause in the query |
| DERBY-6215 | derby.log grows enormously during StressMultiTest |
| DERBY-6212 | NullPointerException when calling a procedure with sub-query as argument |
| DERBY-6209 | Add release note omitted with 10.9 for new required Security Manager permissions after DERBY-5363 |
| DERBY-6196 | ArrayIndexOutOfBoundsException in SURQueryMixTest |
| DERBY-6193 | AutomaticIndexStatisticsTest doesn't delete its single-use database |
| DERBY-6189 | NPE involving temporary table and rollback |
| DERBY-6187 | Add a release note for metadata datatype changes introduced by JDBC 4.2 |
| DERBY-6185 | Query against view with "where name LIKE 'Col1' ESCAPE '\' " failed |
| DERBY-6183 | rlliso2multi and rlliso3multi failing with [WARNING 01004: Data truncation] |
| DERBY-6181 | fix AutoloadTest to support running concurrently when different base ports are specified. |
| DERBY-6178 | AutoloadTest does not proprogate original jvm -D flags to spawned JVM, leading to LAB regression test failures |
| DERBY-6170 | testSuccessfulConnect failure on trunk(revision 1465166) with ibm 16 |
| DERBY-6167 | Interrupt restarts clock for login timeout |
| DERBY-6160 | Fixes needed to documentation topics on security policy permissions |
| DERBY-6157 | text for message XSLA4 might encouraging people to delete part of the transaction log |
| DERBY-6151 | Derby does not report warnings raised by table functions |
| DERBY-6150 | Add automatic cleanup of connections opened with openDefaultConnection() |
| DERBY-6148 | Wrong sort elimination when using permuted join order |
| DERBY-6147 | ClosedObjectTest fails on the 10.9 branch when running on Java 8 |
| DERBY-6144 | nightly regression test failure, intermittent error : testStatisticsCorrectness(org.apache.derbyTesting.functionTests.tests.store.AutomaticIndexStatisticsTest)junit.framework.AssertionFailedError |
| DERBY-6137 | update/delete statement on table with trigger fails randomly with ERROR XSTA2 |
| DERBY-6131 | select from view with "upper" and "in" list throws a ClassCastException |
| DERBY-6129 | Reference Manual gives incorrect datatype for SYSCOLUMNS.COLUMNNAME |
| DERBY-6126 | compatibility._Suite fails if derbyTesting.jar lives in different directory than product jars |
| DERBY-6122 | InterruptResilienceTest fails with: junit.framework.ComparisonFailure: Database shutdown expected:<[08006]> but was:<[XBDA0]> |
| DERBY-6114 | OOME in XAMemTest.testDerby4137_TransactionTimeoutSpecifiedNotExceeded |
| DERBY-6108 | suites.All no longer runs with weme 6.2 |
| DERBY-6103 | Improve documentation of ROW_NUMBER function |
| DERBY-6092 | testPositionAgressive(org.apache.derbyTesting.functionTests.tests.jdbcapi.BlobClob4BlobTest)j fails with : 'The handle is invalid.: java.io.IOException'. |
| DERBY-6090 | Package javadoc publishedapi/jdbc4/index.html out of date |
| DERBY-6047 | NPE in StaticCallMethod#coerceMethodParameter with a constant argument to INOUT parameter |
| DERBY-6045 | in list multi-probe by primary key not chosen on tables with >256 rows |
| DERBY-5979 | ant release target creates a release.properties that has conflicting line endings so automatic checkin fails |
| DERBY-5932 | testAutoNetworkServerBoot fails with Invalid authentication |
| DERBY-5886 | FILE_CANNOT_REMOVE_FILE exception prints garbage. |
| DERBY-5800 | test failure in AutoloadTest; AssertionFailedError: Test process failed:Spawned caused by SQLNonTransientConnectionException - Software caused connection abort: recv failed. |
| DERBY-5610 | ServerPropertiesTest prints .java.net.SocketException: Connection reset to console but test passes |
| DERBY-5560 | Java deadlock between LogicalConnection40 and ClientXAConnection40 (patch attached) |
| DERBY-5172 | testTimeAndDateWithCalendar (jdbcapi.CallableTest) fails intermittently with AssertionFailedError: hour expected: differs from actual. |
| DERBY-4729 | add more information to the XACT_PROTOCOL_VIOLATION returned from store. |
| DERBY-4035 | i18n tests fail with Lexical error on z/os |
| DERBY-3838 | Convert derbynet/DerbyNetAutoStart to JUnit |
| DERBY-3519 | junit regression test failure in testInertTime(org.apache.derbyTesting.functionTests.tests.lang.TimeHandlingTest)junit.framework.AssertionFailedError: expected:<2> but was:<3> |
| DERBY-1915 | i18n Tests fail on zOS |
Issues
Compared with the previous release (10.10.1.1), Derby release 10.10.1.3 introduces the following new features and incompatibilities. These merit your special attention.
- Note for DERBY-6270: Frame injection vulnerability in old versions of the API documentation.
- Note for DERBY-6224: New SQLPermission needed for JDBC driver deregistration on Java SE 8.
- Note for DERBY-6187: Datatype Change in JDBC Metadata
Note for DERBY-6270
Summary of Change
Frame injection vulnerability in old versions of the API documentation.
Symptoms Seen by Applications Affected by Change
Many of the previous releases of Apache Derby were built with JDK versions whose javadoc tool produced HTML files that had a frame injection vulnerability (CVE-2013-1571). The API documentation bundled with this version of Apache Derby has been built with a version of the javadoc tool that does not suffer from the vulnerability.
Rationale for Change
The change removes a vulnerability.
Application Changes Required
API documentation for old versions of Apache Derby on public-facing web servers should be fixed by
- removing the old versions of the API documentation, or
- replacing the old versions of the API documentation with the new, fixed version in this release, or
- repairing the vulnerable versions of the API documentation using Oracle's Java API Documentation Updater Tool
Note for DERBY-6224
Summary of Change
New SQLPermission needed for JDBC driver deregistration on Java SE 8.
Symptoms Seen by Applications Affected by Change
The symptoms are only seen when running an application under a Java security manager on Java SE 8 or later.
When running the Apache Derby embedded driver under a Java security
manager on Java SE 8, the embedded driver will not be deregistered
during system shutdown
unless SQLPermission("deregisterDriver") has been granted
to derby.jar.
If this situation has occurred, the following message will be printed to the Derby error log (derby.log) along with a stack trace that tells where the call was made:
Could not deregister the JDBC driver during engine shutdown. Make sure SQLPermission("deregisterDriver") is granted to derby.jar.
Also, if an application attempts to deregister a JDBC driver by
calling java.sql.DriverManager.deregisterDriver()
directly, it may fail with an AccessControlException. This is not
limited to the Apache Derby embedded driver; it will happen for any
JDBC driver, including the Apache Derby network client driver.
Incompatibilities with Previous Release
When running on Java SE 7 or earlier, shutting down an embedded Derby
engine would also deregister the embedded driver
from java.sql.DriverManager's list of JDBC drivers.
When running on Java SE 8 or later, the embedded driver will still be
registered after shutdown if derby.jar is not allowed to
invoke java.sql.DriverManager.deregisterDriver().
Rationale for Change
This is a change in the java.sql.DriverManager class in Java
SE 8. It is not a change in Apache Derby.
Application Changes Required
Applications that run under a Java security manager, and that depend
on the driver being deregistered as a side-effect of shutting down the
embedded engine, need to
grant java.sql.SQLPermission("deregisterDriver")
to derby.jar.
Applications that run under a Java security manager, and that
call java.sql.DriverManager.deregisterDriver() directly,
need to grant java.sql.SQLPermission("deregisterDriver")
to the application code base, and possibly also change the call
to deregisterDriver() to go
through java.security.AccessController.doPrivileged().
Note for DERBY-6187
Summary of Change
Datatype Change in JDBC Metadata
Symptoms Seen by Applications Affected by Change
The datatype has changed for two of the columns in the ResultSet returned by DatabaseMetadata.getIndexInfo(). Previously, the CARDINALITY and PAGES columns were INTs. Now they are BIGINTs.
Rationale for Change
JDBC 4.2 changed the datatype of these columns.
Application Changes Required
Note that on Derby, the contents of these columns is always NULL. Applications may need to be recoded if they expect the metadata for these columns to report that they have INT type rather than BIGINT type.
Build Environment
Derby release 10.10.1.3 was built using the following environment:
- Branch - Source code came from the 10.10 branch.
- Machine - Mac OSX 10.7.5.
- Ant - Apache Ant version 1.7.1 compiled on June 27 2008.
- Compiler - All classes were compiled using IBM 1.6 SR14 jvm (32 bit).
- JSR 169 - Java ME support was built using libraries from IBM's j9 jvm from WEME6.2.
Verifying Releases
It is essential that you verify the integrity of the downloaded files using the PGP and MD5 signatures. MD5 verification ensures the file was not corrupted during the download process. PGP verification ensures that the file came from a certain person.
The PGP signatures can be verified using
PGP or
GPG.
First download the Apache Derby
KEYS
as well as the asc signature file for the particular
distribution. It is important that you get these files from the ultimate
trusted source - the main ASF distribution site, rather than from a mirror.
Then verify the signatures using ...
% pgpk -a KEYS % pgpv db-derby-X.Y.tar.gz.asc or % pgp -ka KEYS % pgp db-derby-X.Y.tar.gz.asc or % gpg --import KEYS % gpg --verify db-derby-X.Y.tar.gz.asc
To verify the MD5 signature on the files, you need to use a program
called md5 or md5sum, which is
included in many unix distributions. It is also available as part of
GNU
Textutils. Windows users can get binary md5 programs from here, here, or
here.
We strongly recommend that you verify your downloads with both PGP and MD5.
