Issues fixed in MarkLogic Server 11.0.0

ZLib library upgraded to 1.2.13 to address CVE-2022-37434

The ZLib library used in MarkLogic server is upgraded to 1.2.13 to address CVE-2022-37434

Upgrade apache xerces in MLCP to address security vulnerability

Upgrade apache xerces to 2.12.2 to fix security vulnerability CVE-2022-23437

Segmentation fault in Handle.h

The server segfaults at svc::Handle<xdmp::QNameVal>::operator* at services/Handle.h:74

Large SQL/SPARQL/Optic API queries can be cancelled if they use too much memory

Queries that use a lot of memory---for example, many joins on multiple columns across many tables---may be cancelled with XDMP-MEMCANCELED.

sem:curie-expand() not properly handling empty prefix

sem:curie-expand() throws an error if the prefix on the curie is blank; e.g., ":X", even if there's a blank entry in the provided namespace map.

SAML authentication loop due to cache miss when SAML assertion host populated

In certain scenarios when SAML assertion host is populated, SAML authentication is stuck in loop.

Segmentation fault in xdmp::OverloadedFunDecl::getFDecl

Server restarts showing a segmentation fault in xdmp::OverloadedFunDecl::getFDecl

New Instances not taking the right ENI and Volumes from existing shutting down instance

Old instance stuck in shutting down state is not able to release ENI and EBS volumes attached to it. So, when new ASG created new instance to replace the old one it can't find the existing ENI and volumes and end up creating new volumes.

Coupling clusters with "xdqp ssl allow tls" set to false returns internal server error

Internal Server Error returned while coupling clusters when fips is enabled and "xdqp ssl allow tls" is set to false. While coupling clusters, if both "xdqp ssl allow sslv3" and "xdqp ssl allow tls" are set to false, you are prompted to set true to atleast one of the parameters. After choosing one parameter to true and try to couple the cluster, it results in "500: Internal Server Error"

Kerberos negotiation failed followed by Critical Thread ACCESS_VIOLATION

Whenever a user tries to authenticate using Kerberos the MarkLogic server on Windows restarts after an ACCESS_VIOLATION

New Instances not taking the right ENI from existing shutting down instance

Old instance stuck in shutting down state is not able to release ENI attached to it. So, when new ASG created new instance to replace the old one it can not find the existing ENI and ends up creating new volumes and ENI

Security Certificate template import of private key with passphrase does not work

Importing certificates with an encrypted private key doesn't fail upon import, but when used with an app-server, will cause issues. Usually, the private key cannot be used (since it can't be decrypted) and the app-server can't be accessed. Import will fail with encrypted private key import.

rdf:langString-language crashes on a rdf:langString without language

Calling rdf:langString-language() on an rdf:langString without language (e.g., rdf:langString-language(rdf:langString("string"))) crashes the server

Rest API GET/manage/v2/forests is giving REST-INVALIDTYPE for parameter view=counts

Rest management API GET /manage/v2/forests for parameter view with value 'counts' fails with 'REST-INVALIDTYPE: (rest:INVALIDTYPE) Invalid type in view: counts is not one of describe|default|status|metrics|schema|storage|properties-schema' error message.

op:where does not work with op:from-search

An op:from-search query could not be restricted by a op:where(cts:query)

Unsuppported function fn:distinct-nodes

As a result of the semantic changes from XQuery 0.9-ml to XQuery 1.0-ml, the function fn:distinct-nodes is no longer supported

When valid non-temp certificate is already installed then self signed certificate regeneration should not occur during app server configuration change

When editing the configuration of an app-server with a certificate template that contains a signed CA certificate, it causes the deletion of the signed CA and regenerates a self-signed certificate. Once external certificate is imported, self regeneration of temporary self-signed certificate on any configuration change should stop.

Admin UI deletes CA signed certificates when Certificate Template is renamed

When a certificate template with a signed CA certificate is present and the name of the template is changed, the signed CA certificate gets deleted and a self-signed certificate gets generated.

xdmp:spawn/spawn-function incorrect user

In some situations running xdmp:spawn or xdmp:spawn-function, resulted in the outer transaction incorrectly getting assigned the username of the inner transaction.

MLCP may lose records when multibyte characters present with -split_input is enabled

When split input is enabled, depending on the split size, mlcp may lose records when multi-byte characters are present in the input.

Unable to update domains in Content Processing

There is an issue that causes the error "XDMP-UNEXPECTED: (err:XPST0003) Unexpected token syntax error, unexpected QName_, expecting Equals_" to be thrown while updating domains.

No support for gp3 volume types on AWS CFT

The CFT solution offered by MarkLogic doesn't have support for gp3 volume type.

Incorrect search results on JSON documents with "lang" or "language" property

MarkLogic server may return incorrect search results after a reindex on JSON documents with the "lang" or "language" property set to a language other than the database language setting. With stemming enabled, a JSON document containing a language property, for example, doc1.json: { "lang": "fr", "type": "bonjour" } would be indexed in the specified language, in this case "fr" (French) even if the default database language is not set to the document's language. A query with a specified matching language, in this case, "fr", for example, cts:search(fn:doc(),cts:json-property-value-query("type", "bonjour","lang=fr")) will match this document. However, upon reindexing a JSON document with a non-default language property, a query with a non-default language that yielded a match for the JSON document before reindexing would stop yielding a match. Only queries using the default database language might match documents with a non-default language. For example, after reindexing, cts:search(fn:doc(),cts:json-property-value-query("type", "bonjour","lang=fr")) would stop yielding doc1.json. However, cts:search(fn:doc(),cts:json-property-value-query("type", "bonjour")), would incorrectly yield a match for doc1.json.

Upgrade jackson-databind in MLCP address security vulnerability

Upgrade jackson-databind to 2.14.0-rc1 in MLCP to address security vulnerability CVE-2022-42003

results panel interferes with Editor Options buttons in Query Console

Open the Editor Options in Query Console, if the results panel bar overlaps with the buttons then the resize icon appears in front of the buttons and the user cannot click on the cancel or submit button.

Query console's import workspace functionality failing in AWS cluster

'Import Workspace...' functionality for workspaces in the Query console fails in the AWS cluster with the 'Workspace import failed' message.

xdmp.getRequestField now properly process a file with content type

xdmp.getRequestField ignores content type for form-data files with filename. Using -F "xmlParam=@test.xml;type=application/xml" in curl will create a text node for xdmp.getRequestField.

Segmentation fault in xdmp::FunctionImpl::FunctionImpl

Server restarts showing a segmentation fault in xdmp::FunctionImpl::FunctionImpl

op:from-lexicons slower than cts:values

Using op.fromLexicons is slower than the equivalent cts.valueTuples.

Special characters in admin password makes the instance inaccessible

If admin password had special characters like $*. Stack gets created successfully, but you cannot access admin UI nor healthcheck (7997)

Query Console: Help link invalidates session

Clicking on help page link from Query Console multiple times invalidates session and results in SECURITY-BADREQUEST error

updated Azure CA root certificates

Azure has updated the set of CA root certificates. MarkLogic has updated those root certificates accordingly.

Upgrade com.fasterxml.woodstox:woodstox-core in MLCP to address severity vulnerability

Upgrade com.fasterxml.woodstox:woodstox-core in MLCP address severity vulnerability CVE-2022-40153

Optic op:where(cts:query) is missing cost information for optimization

Optic op:where(cts:query) does not store cost information such as estimated counts for use when optimizing.

Properties fragments are not picked up when reindexing after reloading of tde

Reindexing does not automatically run after creating a range index related to document properties

Range index creation not triggering reindex

Reindexing does not automatically run after creating a range index related to document properties, any queries with this new range index would not return the data from document properties.

Fixed "Error Log" button on MacOS MarkLogic control panel

In the MarkLogic control panel under System Preferences, clicking the Error Log button has no effect on newer OS versions.

Query Console: Profile tab displays results in wrong order

Profile tab in Query Console displays results with Shallow % sorted ascending rather than descending

Admin GUI: Deleting database replication configuration using latest browsers

Deleting a primary database replication configuration after removing the replica database replication configuration results in HTTP 403 cross-origin resource sharing error when using latest browsers.

op.sem.uuidString() returns the same value for multiple rows

op.sem.uuidString() was not returning a new result per row

Admin UI: Expand/Collapse functionality on left tree menu does not work

Admin UI: Expand/Collapse functionality on left tree menu does not work

Upgrade Hadoop Library in MLCP to address security vulnerability

Upgrade Hadoop Library to 3.3.4 to fix security vulnerability CVE-2021-37404

Incorrect value in the warning about forest size

The warning shows HEALTH-FOREST-MAX-FOREST-SIZE as 250GB

Upgrade openssl to 1.0.2zd

Following security advisory upgrading openssl to 1.0.2zd

Incremental backups not purged

when a separate directory is used for Incremental backups, they are not being purged after associated full backup is automatically deleted to satisfy max-backups constraint

ODBC server still accepting requests while disabled

The ODBC Server will still accept requests even if the app server is disabled.

Azure TLS Certificate changes resuts in decryption failures when using Encryption at Rest

MarkLogic can't reach out to Azure Vault service because of the certificate verification failure.

New Instances not taking the right EBS volume

Old instance stuck in shutting down state is not able to release EBS volumes attached to it. Newly ASG created instance to replace the old one can't find the existing volume and ends up creating a new volume

Query Console explore pane back and forward buttons incorrect

Click on a link for a document in the explore results and then any of the tabs to view Collections, Permissions, Metadata, Properties. Click the back arrow, it does nothing on the first click. Click it a second time then it takes you back. Then click the Forward arrow it and it returns you to the tab for that document but has the Forward arrow still active.

LDAP negative cache

Added new ldap negative cache timeout separate from the existing cache timeout in external security.

hidden columns like fragmentId can't be selected

hidden columns like fragmentId are not returned even when explicitly projected

Upgrade jackson-databind in XCC to address security vulnerabilities

jackson-databind library in XCC build is updated to address security vulnerability.

Query Console: CTRL+A shortcut

CTRL+A shortcut to select result text not working on Query Console