Issues fixed in MarkLogic Server 10.0-10

op.fromSearchDocs() performance could be improved

Optic queries that use op.fromSearchDocs() run a lot slower than equivalent cts.search() calls. This can also be seen in Optic queries that use op.joinDocCols().

The cluster status page on the admin UI can time out for large clusters

The cluster status page on the admin UI can time out when viewing it for large clusters or clusters with 100s of forests.

New Instances not taking the right ENI from existing shutting down instance

Old instance stuck in shutting down state is not able to release ENI attached to it. So, when new ASG created new instance to replace the old one it can not find the existing ENI and ends up creating new volumes and ENI

Segfault at svc::Hash64Table<svc::Handle<xdmp::FunDecl> >::size () at services/Hash.h

The server segfaults (crashes) at svc::Hash64Table<svc::Handle<xdmp::FunDecl> >::size () at services/Hash.h:973

REST Manage API is failing with MANAGE-INVALIDTOKENFUNCTION

REST Manage API tokenization failing with MANAGE-INVALIDTOKENFUNCTION when created user password contains "$" in string

Segmentation fault in xdmp::OverloadedFunDecl::getFDecl

Server restarts showing a segmentation fault in xdmp::OverloadedFunDecl::getFDecl

QConsole not showing links to documentation for typeahead completion

QConsole is not showing the documentation dialog for typeahead as it should.

Coupling clusters with "xdqp ssl allow tls" set to false returns internal server error

Internal Server Error returned while coupling clusters when fips is enabled and "xdqp ssl allow tls" is set to false. While coupling clusters, if both "xdqp ssl allow sslv3" and "xdqp ssl allow tls" are set to false, you are prompted to set true to atleast one of the parameters. After choosing one parameter to true and try to couple the cluster, it results in "500: Internal Server Error"

The /v1/values REST API errors out when the constraint references multiple json-property values

The /v1/values REST API does does not work with constraints that reference multiple json-property values.

Upgrade Hadoop Library in MLCP to address security vulnerability

Upgrade Hadoop Library to 3.3.4 to fix security vulnerability CVE-2021-37404

Incorrect value in the warning about forest size

The warning shows HEALTH-FOREST-MAX-FOREST-SIZE as 250GB

Kerberos negotiation fails followed by Critical Thread ACCESS_VIOLATION

Whenever a user tries to authenticate using Kerberos the MarkLogic server on Windows restarts after an ACCESS_VIOLATION

The URI search bar in QConsole is not working correctly

The URI search bar would sometimes reset the contents making it hard, or even impossible sometimes, to enter a URL string to match.

PDF conversion errors when inserting pdf document via rest api

When inserting a PDF document via REST API and then using PDF conversion, PDF conversion errors out due to the way the document was inserted. The example in the documentation should be improved.

Lack of logging to diagnose SSL socket errors

When SSL socket errors occur, it is difficult to diagnose. Additional logging should be added.

Segmentation fault in xdmp::FunctionImpl::FunctionImpl

Server restarts showing a segmentation fault in xdmp::FunctionImpl::FunctionImpl

RPM do not have SHA256 signatures

MarkLogic Server RPM packages do not include SHA256 signatures both in the header and payload.

Query Console error: Parser Error: Cannot parse result as XML

When editing some text files in Query Console, they are incorrectly treated as XML

op:from-lexicons is slower than cts:values

Using op.fromLexicons is slower than the equivalent cts.valueTuples.

Unable to update domains in Content Processing

There is an issue that causes the error "XDMP-UNEXPECTED: (err:XPST0003) Unexpected token syntax error, unexpected QName_, expecting Equals_" to be thrown while updating domains.

Admin GUI: Deleting database replication configuration using latest browsers

Deleting database replication configuration using latest browsers in case of a disaster results in 403 error

Users receive a server error when adding certificate templates without required fields

In the Admin UI, when adding a certificate template, if some required fields are not filled in, the user will receive a server error rather than the UI validating the fields before sending them.

PDF conversion sometimes reports that the config file cannot be found

In some cases, PDF conversion is reporting that the config file cannot be found; ICN-CANTOPENCONFIG

Upgrade apache xerces in MLCP to address security vulnerability

Upgrade apache xerces to 2.12.2 to fix security vulnerability CVE-2022-23437

Returning constraints from search endpoint results in invalid JSON

When using the "return-constraints" query option with JSON format, the JSON returned is in an invalid as there are multiple "constraint" properties at the same level.

When valid non-temp certificate is already installed then self signed certificate regeneration should not occur during app server configuration change

When editing the configuration of an app-server with a certificate template that contains a signed CA certificate, it causes the deletion of the signed CA and regenerates a self-signed certificate.

Range index creation not triggering reindex when the index is related to path field on a document property

Reindexing does not automatically run after creating a range index related to document properties, any queries with this new range index would not return the data from document properties.

The admin UI does not report that there are hosts in the cluster on different patch versions

When upgrading to a new patch release, the server reports that all hosts are on the same version even if some hosts in the cluster have been upgraded.

SPARQL queries with multiple OPTIONALs could return the wrong results

SPARQL queries that contain multiple OPTIONALs could return the the wrong results in some cases.

Detecting indexes can cause backups to take a long time to start up

When starting a backup, the index detection process can cause a significant delay when there a large number of forests in the database.

Admin UI deletes CA signed certificates when Certificate Template is renamed

When a certificate template with a signed CA certificate is present and the name of the template is changed, the signed CA certificate gets deleted and a self-signed certificate gets generated.

Unexpected duplicated content from XSLT special case

Templates are applied too many times if a child node satisfies the "match"

xdmp.filesystemFile returns xs.string Object instead of a JavaScript String

The xdmp.filesystemFile() function returns as an xs.string Object instead of a JavaScript String as documented.

MLCP may lose records when multibyte characters present with -split_input is enabled

When split input is enabled, depending on the split size, mlcp may lose records when multi-byte characters present.

xdmp.filesystemFileDelete() is not documented

The xdmp.filesystemFileDelete() function is not documented so it's use is not supported.

In AWS, the /var/tmp/marklogic.host file is written with permissions of rw-rw-rw- (666)

When running the AWS AMI, the /var/tmp/marklogic.host file is written with permissions of rw-rw-rw- (666) which is flagged by security scanners.

Protected Paths Fail When Protecting Elements at the Same Place with Different Attribute Value

With multiple protected paths protecting the same elements but different attribute value, some protected elements fail to be protected so they are visible to users who do not have the permission, while some other protected elements fail to show up to users who do have the permission. For example, given the two protected path '/foo/bar[@attribute="a1"]' and '/foo/bar[@attribute="a2"]'. Users with only the read permission for the first path might be able to see an element that's '/foo/bar[@attribute="a2"]', while users with only read permission for the second path might fail to see the element '/foo/bar[@attribute="a2"]'.

Unable to disable weak TLS protocols on all ports

admin:appserver-set-ssl-disabled-protocols does not disable protocols on App-Service port.

New Instances not taking the right Volumes from existing shutting down instance

Old instance stuck in shutting down state is not able to release EBS volumes attached to it. So, when new ASG created new instance to replace the old one it can't find the existing volumes and end up creating new volumes.

ZLib library upgraded to 1.2.13 to address CVE-2022-37434

The ZLib library used in MarkLogic server is upgraded to 1.2.13 to address CVE-2022-37434

Restricted use of the asterisk (*) in the admin password for MarkLogic CloudFormation templates 10.0 and 11.0

AWS CloudFormation will not create the ML stack and throw an error if the admin password contains an asterisk(*).

EBS volumes are not mounted with 'nodev flag

AWS EBS volumes are not mounted with 'nodev' which is required by most security policies.

Query Console results panel interferes with Editor Options buttons

Open the Editor Options in Query Console, if the results panel bar overlaps with the buttons then the resize icon appears in front of the buttons and the user cannot click on the cancel or submit button.

Query console's import workspace functionality failing in AWS cluster

'Import Workspace...' functionality for workspaces in the Query console fails in the AWS cluster with the 'Workspace import failed' message.

Segmentation fault in Handle.h

The server segfaults at svc::Handle<xdmp::QNameVal>::operator* at services/Handle.h:74

SAML authentication loop due to cache miss when SAML assertion host populated

In certain scenarios when SAML assertion host is populated, SAML authentication is stuck in loop.

Forest Status page Replica Table shows data in the wrong columns for number of large replica forests

The columns in the forest status page replica table shift and causing data to be displayed under the wrong columns when there is a large list of replica forests.

No support for gp3 volume types on AWS CFT

The CFT solution offered by MarkLogic doesn't have support for the gp3 volume type.

xdmp:spawn-function hangs with fn:last()

Using a predicate with last() in a range isn't working inside of xdmp:spawn-function. For example, the following query hangs and does not return: let $words := fn:tokenize("one two three four five", " ") return xdmp:spawn-function(function() { xdmp:log($words[2 to last()]) })

Usage telemetry can crash the server if it cannot access the keystore

Under certain conditions after an upgrade, usage telemetry can crash the server if it cannot access the keystore.

Weekly scheduled backups that are set to run every two weeks run once a week

Scheduled backups setup to run every two weeks will still run once a week.

LEFT JOIN with IS NULL condition on a nullable column unexpectedly returning no results

LEFT JOIN in optic query with IS NULL (op.not(op.isDefined())) condition unexpectedly returns no results

New Instances not taking the right ENI and Volumes from existing shutting down instance

Old instance stuck in shutting down state is not able to release ENI and EBS volumes attached to it. So, when new ASG created new instance to replace the old one it can't find the existing ENI and volumes and end up creating new volumes.

Higher Time limit set by xdmp:set-request-time-limit() is not respected for execution leading to SVC-EXTIME

This issue happens only when the target forest of the database was located on a remote host and xdmp:set-request-time-limit() tried to extend the time limit.

Segmentation fault in xdmp::LogRecordCache::getAt () for xdmp:logfile-scan()

There can be a segmentation fault in xdmp::LogRecordCache::getAt () when using xdmp:logfile-scan() under certain conditions.

XQuery mapping operator ! does not work for recursive calls

The XQuery mapping operator ! throws an error when used for recursively calling functions in a sequence.

Environment UI messages with /n do not display correctly

In MarkLogic 10.0-9 and later, environment UI messages configured via the /cluster-ui-settings.xml document that have /n characters are not rendered correctly.

Unable to create/edit XQuery modules containing XML in Query Console Explore New and Edit editor

When creating or editing XQuery modules in QConsole, if the code has embedded XML, QConsole throws an error trying to save the module: XDMP-ARGTYPE: (err:XPTY0004)

Azure TLS Certificate changes resuts in decryption failures when using Encryption at Rest

MarkLogic can't reach out to Azure Vault service anymore because of the certificate verification failure.

/manage/v2/databases/{id|name}/triggers/{id|name}/properties does not support database name

When a trigger is stored with a database name instead of an id, /manage/v2/databases/{id|name}/triggers/{id|name}/properties throws XDMP-CAST.

LDAP negative cache

Added new ldap negative cache timeout separate from the existing cache timeout in external security.

Optic op:where(cts:query) is missing cost information for optimization

Optic op:where(cts:query) does not store cost information such as estimated counts for use when optimizing.

User scope remain same outside xdmp:Spawn transaction.

User scope remain same outside xdmp:Spawn transaction even after calling xdmp:spawn or xdmp:spawn-function with exclusive user-id option.

Security Certificate template import of private key with passphrase does not work

Importing certificates with an encrypted private key doesn't fail upon import, but when used with an app-server, will cause issues. Usually, the private key cannot be used (since it can't be decrypted) and the app-server can't be accessed.

SQL where clauses that have columns that include the database name do not work

SQL where clauses that have columns that include the database name such as DBNAME.SCHEMA.COLUMN do not work.