vitess.io/vitess@v0.16.2/changelog/11.0/11.0.2/release_notes.md

vitess.io/vitess@v0.16.2/changelog/11.0/11.0.2/release_notes.md (about)

     1  # Release of Vitess v11.0.2
     2  ## Announcement
     3  
     4  This patch is providing an update regarding the Apache Log4j security vulnerability (CVE-2021-44228) (#9364), along with a few bug fixes.
     5  
     6  ## Known Issues
     7  
     8  - A critical vulnerability [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) in the Apache Log4j logging library was disclosed on Dec 9 2021.
     9    The project provided release `2.15.0` with a patch that mitigates the impact of this CVE. It was quickly found that the initial patch was insufficient, and additional CVEs
    10    [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046) and [CVE-2021-44832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832) followed.
    11    These have been fixed in release `2.17.1`. This release of Vitess, `v11.0.2`, uses a version of Log4j below `2.17.1`, for this reason, we encourage you to use version `v11.0.4` instead, to benefit from the vulnerability patches.
    12  
    13  - An issue where the value of the `-force` flag is used instead of `-keep_data` flag's value in v2 vreplication workflows (#9174) is known to be present in this release. A workaround is available in the description of issue #9174.
    14  
    15  ------------
    16  ## Changelog
    17  
    18  ### Bug fixes
    19  #### VReplication
    20  * Fix how we identify MySQL generated columns #8796
    21  ### CI/Build
    22  #### Build/CI
    23  * CI: ubuntu-latest now has MySQL 8.0.26, let us override it with latest 8.0.x #9374
    24  ### Internal Cleanup
    25  #### Java
    26  * build(deps): bump log4j-api from 2.13.3 to 2.15.0 in /java #9364
    27  
    28  
    29  The release includes 7 commits (excluding merges)
    30  
    31  Thanks to all our contributors: @askdba, @deepthi, @systay, @tokikanno