ORACLE COHERENCE RELEASE SCHEDULE PATCH
A rollback of an earlier patch may no longer be required. Oracle Coherence 12.1.3.0.10 for Java contains following new fixes in addition to fixes from prior patches:īug 31944953 CVE-2020-14756 Fixed an issue where the JEP 290 ObjectInputFilter is bypassed when deserializing an ExternalizableLite object.īug 31935071 Fixed an issue where Coherence*Web SplitHttpSessionCollection leaked memory for sessions.īug 31594794 Fixed an issue in Coherence*Web where a thread could block indefinitely in $LockableEntry.waitForNotify.īug 30901776 Coherence cumulative OPatch patches now supersede earlier applied Coherence cumulative patches, if any. Oracle Coherence 12.1.3.0.11 for Java contains following new fixes in addition to fixes from prior patches:īug 32586439 Added a warning level log message for when HTTP session reaping takes longer than coherence-reaperdaemon-cycle-seconds.īug 32341371 CVE-2021-2277 Disabled validation during XML deserialization.īug 32152844 Fixed an issue where a cluster member may run into a StackOverflowError and shut down when processing a malformed deeply nested filter. Oracle Coherence 12.1.3.0.12 for Java contains following new fixes in addition to fixes from prior patches:īug 32822629 CVE-2021-2428 Fixed Java serialization of the Coherence JCache CoherenceEntryProcessorResult class to prevent unintended usage of this class.īug 32644155 Increased the string length limit from 32 to 66 for various member identity fields such as machine and site name.īug 32503887 CVE-2021-2344 Fixed an issue where Java array deserialization may be used for a denial of service attack using malicious bytecode sent via WLS T3 and IIOP protocols.īug 32421840 CVE-2021-2371 Fixed an issue where Java array deserialization using ExternalizableHelper may be used for a denial of service attack using malicious bytecode sent via WLS T3 and IIOP protocols. Information in this document applies to any platform. Patch n includes all the previous patches from 1.(n-1) and n.
Note: All Coherence Patches (including CPU, SPB, etc.) are cumulative patches which includes all fixes from prior patches. That is, a Coherence*Extend client running 12.1.3.0.0 can connect to a Coherence*Extend proxy running 12.1.2.0.1, however it cannot connect to a proxy running 12.1.2.0.0. However, with the introduction of Coherence 12.1.2.0.1 both forward and backward compatibility within the same major version is supported. Note: In Coherence 12.1.2.0.0 and earlier Coherence releases, the version of Coherence a Coherence*Extend client uses cannot be greater than the version the cluster is using. Please refer to the patch README file for for details. Note: Patch application has changed from previous Coherence releases.
0 kommentar(er)
