Issues fixed in MarkLogic Server 10.0-9.5

MLCP getting XCC ServerConnectionException with AWS ALB

MLCP continuously encountering XCC ServerConnectionException: Premature EOF Exception when using ALB in AWS

MLCP 3rd party library security vulnerabilities

There are security vulnerabilities in some of the 3rd party libraries used by MLCP. Refer to the Release notes for a complete list of Security vulnerabilities resolved by this update.

Backup with Journal Archiving to Microsoft Azure Blob Storage Failures

Backup with Journal Archiving to Microsoft Azure Blob Storage may cause primary forest corruption. When this occurs, MarkLogic Server may fail to start. During a MarkLogic process restart, forests may remain in a mounted state and are unable to come back up. If this happens in a critical environment, contact the MarkLogic Technical support team immediately for steps to recover the forest safely and to get the MarkLogic cluster back online.

XCC doesn't handle "Connection:close" header issued by the Azure AG

mlcp run against Azure Application Gateway with -batch_size > 100 exceeds the limit of requests per connection of the AG. The AG will issue "Connection:close" but XCC doesn't repect this.

MLCP : Jackson-databind jar security vulnerabilities

Upgraded the Jackson-databind jar used by MLCP to resolve security vulnerabilities.

XML SVM Classifier segmentation fault on extremely large training set

When cts:classify () is run on a training dataset that is extremely large, the SVM classifier may result in a segmentation fault.

Query Console : CodeMirror package security vulnerability

Upgraded the CodeMirror package used by Query Console from version 5.11.0 to 5.65.8 to address CVE-2020-7760.

MLCP : Httpclient jar security vulnerabilities

upgraded the Httpclient jar used by MLCP to resolve known security vulnerabilities

[10.0-9.2 Regression] Detected Huge page size capped;

In 10.0-9.2, 10.0-9.3, & 10.0-9.4, MarkLogic only detects huge pages up to at 3/8 * MemTotal / hugepagesize; (MemTotal is the total usable RAM, hugepagesize is the size of a single unit of huge page. These are available in /proc/meminfo); Resolution is to restore the behavior prior to 10.0-9.2 (MarkLogic will detect all configured huge pages).

Jetty library security vulnerability

MLCP uses the Jetty libraries as interdependency with the hadoop libraries. Prior version is no longer supported and had known security vulnerabilities. Upgraded the Jetty library to 9.4.20

Improved logging for stand deletion failures

When merges complete, old stands are removed. We added new error logging (XDMP-RECURSIVEREMOVEFAILED & XDMP-OBSOLETESTANDNOTDELETED) in the situation where old stands fail to delete to give more detail regarding the cause and to highlight that there might be system level issues that will need to be corrected.

MLCP import fails on Windows with OpenJDK 11

In MLCP, an incompatibility between an old Hadoop library and Java 11 resulted in ava.lang.ExceptionInInitializerError. The Hadoop libraries have been upgraded.

Database assignment policy does not default to "bucket" when a database is created via the management APIs

As of 10.0-9, the default assignment policy for databases created via the admin UI was set to "bucket". The default assignment policy for databases created via the management API is still "segment" though.

logback-classic jar security vulnerabilities

Upgraded the the logback-classic jar used by MLCP to resolve known security vulnerabilities

Xstream jar security vulnerabilities

Upgraded the XStream jar used by MLCP to resolve security vulnerabilities

MLCP has Hadoop libraries which had security vulnerabilities

Hadoop libraries have security vulnerabilities, so they needed to be upgraded

MLCP Security vulnerabilities in Hadoop libraries

Older Hadoop libraries included security vulnerabilities in the mlcp project. These are upgraded to resolve these vulnerabilities CVE-2017-3162 and CVE-2012-4449.