vitess.io/vitess@v0.16.2/changelog/12.0/12.0.1/release_notes.md

vitess.io/vitess@v0.16.2/changelog/12.0/12.0.1/release_notes.md (about)

     1  # Release of Vitess v12.0.1
     2  
     3  ## Announcement
     4  
     5  This patch is providing an update regarding the Apache Log4j security vulnerability (CVE-2021-44228) (#9357), along with a few bug fixes.
     6  
     7  ## Known Issues
     8  
     9  * A critical vulnerability CVE-2021-44228 in the Apache Log4j logging library was disclosed on Dec 9 2021.
    10    The project provided release `2.15.0` with a patch that mitigates the impact of this CVE. It was quickly found that the initial patch was insufficient, and additional CVEs
    11    CVE-2021-45046 and CVE-2021-44832 followed.
    12    These have been fixed in release `2.17.1`. This release of Vitess, `v12.0.1`, uses a version of Log4j below `2.17.1`, for this reason, we encourage you to use version `v12.0.3` instead, to benefit from the vulnerability patches.
    13  
    14  ------------
    15  ## Changelog
    16  
    17  ### Bug fixes
    18  #### Query Serving
    19  * Ensure that hex query predicates are normalized for planner cache #9145
    20  * Gen4: Fail cross-shard join query with aggregation and grouping #9167
    21  * Make sure to copy bindvars when using them concurrently #9246
    22  * Remove keyspace from query before sending it on #9247
    23  * Use decoded hex string when calculating the keyspace ID #9293
    24  #### VReplication
    25  * Fix boolean parameter order in DropSources call for v2 flows #9178
    26  * Take MySQL Column Type Into Account in VStreamer #9355
    27  #### Cluster management
    28  * Restoring 'vtctl VExec' command #9227
    29    * This change restores vtctl VExec functionality. It was removed based on the assumption the only uses for this command were for Online DDL command. This was wrong, and VExec is also used as a wrapper around VReplication.
    30  
    31  ### CI/Build
    32  #### Build/CI
    33  * CI: ubuntu-latest now has MySQL 8.0.26, let us override it with latest 8.0.x #9373
    34  ### Internal Cleanup
    35  #### Java
    36  * build(deps): bump log4j-api from 2.13.3 to 2.15.0 in /java #9357
    37  
    38  
    39  The release includes 21 commits (excluding merges)
    40  
    41  Thanks to all our contributors: @GuptaManan100, @askdba, @deepthi, @dependabot[bot], @frouioui, @hallaroo, @harshit-gangal, @mattlord, @rohit-nayak-ps, @shlomi-noach, @systay, @vmg