DSE 6.8.x is compatible with Apache Cassandra™ 3.11 and adds additional production-certified changes, if any. Components that are indicated with an asterisk (*) (if any) are known to be updated since the prior patch version.
Release notes of versions prior to 6.8.4 can be found here.
13 November 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.33*
- Apache TinkerPop™ 3.4.14-20241028-e6912cf4*
- Apache Tomcat® 8.5.100*
- DSE Java Driver 1.10.0-dse-20241015* (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.56
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Updated the JDK used to build DSE to versions
8u422
and11.0.24
. (DSP-23997)
- Fixed sstablescrub to run with
-t
disabled by default. (DSP-24501) - Added a guardrail warning for large columns in the
cassandra.yaml
file. The new field,column_value_size_warn_threshold_in_kb
, can be used to receive warnings when a column exceeds a specified size. By default, this field is not utilized. (DSP-24384)
- Updated DSE Java Driver with fix for JAVA-2738. (DSP-24514)
- Updated DSE Java Driver with fix for JAVA-3125. (DSP-24556)
- Updated the spark version to
2.4.0.31
to pull in the latest ivy library (vs 2.5.2) for a vulnerability fix. (DSP-23685, CVE-2022-46751) - Upgraded tomcat-embed-core to version
8.5.100
. (DSP-24013, CVE-2023-46589) - Upgraded nimbus-jose-jwt to
9.41.2
, json-smart to2.5.1
, commons-lang3 to3.17.0
, commons-io to2.17.0
, and Azure SDK BOM to1.2.28
. (DSP-24015, CVE-2023-52428) - Updated aws-java-sdk library from
1.12.549
to1.12.774
to address CVE 2024-21634. (DSP-24018, CVE-2024-21634) - Upgraded Docker images to OpenJDK 1.8.0.422 and 11.0.24. (DSP-24534, CVE-2024-21147)
- Upgraded orc-core from version
1.5.2
to1.9.4
. (DSP-24538, CVE-2024-36114) - Upgraded Apache Avro to version
1.11.4
. (DSP-24540, CVE-2024-47561, CVE-2023-39410) - Upgraded reload4j to version
1.2.25
. (DSP-24551, CWE-611) - Upgraded Spotify DNS Wrapper Library to version 3.3.2 and dnsjava library to version 3.4.2. (DSP-24545, CVE-2024-25638, CVE-2023-50868, CVE-2023-50387)
- Upgraded tika-core to version
1.28.5
. (DSP-23425, CVE-2022-30126, CVE-2022-30973)
9 September 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240520 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.56
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Fixed SSBR to prevent dropping unused UDTs on restore. (DSP-24376)
- Fixed a bug in backup error handling that led to backups being stuck indefinitely in the running state, resulting in snapshots not getting cleaned up. (DSP-24390)
- Improved
libjemalloc
detection to detectlibmalloc2
in systems where this package is present. (DSP-24402) - Fixed a race condition in disabling of in-progress compactions when interrupting compaction types are initiated. Added debug logging to help identify in-progress and interrupting compactions. (DSP-24318)
- Improved Kerberos authentication provider for
cqlsh
by making it pluggable so you can plug in or customize how it works in your environment. (DSP-24129)
- Fixed the NPE in TieredTableStats. Return all TieredTableStats for all initialized tables for each jmx request, uninitialized tables are ignored until they are initialized and can be identified as TieredCompactionStrategy tables. (DSP-24395)
- Updated Debian package dependencies on
libaio1
so that it can be installed on Ubuntu 24.04 (Noble Numbat). (DSP-24359)
- Upgraded jetty to version
9.4.56.v20240826
. (DSP-24447, CVE-2024-22201) - Upgraded
commons-compress
to version 1.26.2. (DSP-24380, CVE-2024-25710)
12 July 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240520 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.56*
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Fixed the loop situation on reconnections with overloaded nodes. (DSP-24194)
- Added the option to temporarily lock a role after too many failed authentication requests. This feature is enabled per role through role options by setting
unauthorized_access_max_attempts
and, optionally,unauthorized_access_lockout_duration_seconds
(default is 15 minutes). Added the configuration parameter-Dauthentication_options.role_lockout_expire_seconds
to set the maximum retention of expired locks (default is 1 day). Allowedthe dsetool
command with itsrole_locks
option to show and remove extant role locks. (DSP-23953)
10 June 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240520* (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Prevents a Java driver request timeout for
drain()
operations executed via Management API by setting the request timeout to 0. The request timeout change only affects the internal Java driver used in Management API and is only set to 0 explicitly for thedrain()
operation. (DSP-23994)
- Secondary Index: Don't fail queries if one node is not available. (DSP-24163)
- Fix IllegalStateException when flushing range deletes with TWCS split_during_flush=true. (DSP-21571)
- Fixed, Spark-sql cast errors handling dates on joins. (DSP-24215)
- Fixed, observe spark.directJoin and spark.directJoinSizeRatio parameters. (DSP-24258)
- Adds partial support for client and internode connections using TLSv1_3. (DSP-23989)
- Upgraded JDK 8 and 11 versions in DSE Docker images to
8u402
and11.0.22
respectively. (DSP-24250)
- Upgrades
dse-java-driver
to handle newer versions of Guava. (DSP-24191)
- Improved performance and lowered memory use of querying data based on SAI index for a table with large partitions. (DSP-24254)
13 May 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240212 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Fixed
NoClassDefFoundError
in Azure backups that are configured to authenticate through a pod identity. (DSP-24143)
- Upgraded to Bouncy Castle v1.78.1, its latest known version. (DSP-24188, CVE-2024-30371)
25 April 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240212 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Adds two configuration parameters enabling reduction of table histogram metrics cardinality. Those are
-Dcassandra.table_metrics_default_histograms_aggregation=[INDIVIDUAL|AGGREGATED]
which controls whether tables use individual (default) or keyspace histograms, and-Dtable_metrics_export_globals=[true|false]
which controls whether global table histograms exist (default). (DSP-24166)
23 April 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240212 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Changed the default location of the histogram aggregation work, offloading it by default to a thread pool different than the main one. This unblocks the TPC threads when large numbers of tables exist. (DSP-24165)
This release is an internal DSE release identical to 6.8.46
release.
12 April 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240212 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Fixed millisecond precision point in time restore. (DSP-23993)
- Added support for AWS EC2 IMDSv2. Please beware that if you use Ec2Snitch or Ec2MultiRegionSnitch, by default it will communicate with AWS IMDSv2. This change is transparent and does not need anything done upon upgrade. Consult cassandra-rackdc.properties for more details. (DSP-23995)
- Fixed nodetool viewbuildstatus to query the responsible replica. It prevents returning unknown status when system_distributed RF is smaller than the number of nodes in the cluster. (DSP-23806)
- Fixed Solr credentials parsing. (DSP-24102)
- Added possibility to close/block connection per role by specifying
connection_idle_timeout_seconds
andconnection_idle_behavior
via a role custom options. (DSP-23951)
11 March 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.30*
- Apache TinkerPop™ 3.4.14-20240307-bcc67d14*
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20240212* (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Reverted the regression caused by DSP-23913 which introduced a change in batch size calculation that impacts the behaviour of the batch_size guardrail. Introduced a new guardrail called
batch_size_with_pk_warn_threshold_in_kb
,batch_size_with_pk_fail_threshold_in_kb
instead that honours the updated logic. (DSP-24011)
- Fixed issue causing indefinite waits during flush operations when TPC executor gets overloaded and default queue size is exceeded. (DSP-23774)
- Modified DSE Advanced Authentication to preserve credentials cache in case of an LDAP internal error causing authentication failure. (DSP-12590)
- Improved LDAP logging by decreasing the frequency of search reference warning messages. (DSP-21177)
- Changed DSE Advanced Authentication to only record in audit log a login error when authentication fails due to matching credentials (and not for provider internal errors). (DSP-23952)
- Upgraded JDK versions in DSE Docker images to
8u392
and11.0.21
. (DSP-23213)
- Upgraded
org.json:json
to version20240205
. (DSP-23784, CVE-2023-5072) - Upgraded
snappy-java
to version1.1.10.4
. (DSP-23819, CVE-2023-43642) - Upgraded
jnr-posix
to version3.1.8
. (DSP-23820, CWE-416)
5 February 2024
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.29
- Apache TinkerPop™ 3.4.14-20231030-479dc6d7
- Apache Tomcat® 8.5.94
- DSE Java Driver 1.10.0-dse-20220616 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Fixed mutation size calculation formula by taking into account static column updates. Backporting CASSANDRA-15293 achieved this fix. (DSP-23933)
- Fixed batch size guardrail to take into account the mutation primary key size. That prevents flooding the cluster with operations for tables that use the primary key without clustering columns. (DSP-23913)
- Fixed DSEFS file path handling that could fail when using filenames containing colons. (DSP-23947)
- Removed Python 2.7 libraries from
collectd
. (DSP-23764)
- Upgraded the DSE 6.8 dependency on Ehcache to Terracotta's version of Ehcache v2.10.10.17.20. The Terracotta version does not include extra libraries (specifically Jackson databind). The previous Ehcache v2.10.9.2 was exposing a security vulnerability CVE-2020-36518. The vulnerability in
jackson-databind
before v2.13.0 allowed a Java StackOverflow exception and denial of service via a large depth of nested objects. (DSP-23508, CVE-2020-36518, CVE-2017-17485, CVE-2017-7525, CVE-2018-11307, CVE-2018-7489, CVE-2019-16942)
18 December 2023
- Apache Solr™ 6.0.1.4.2964
- Apache Spark™ 2.4.0.29
- Apache TinkerPop™ 3.4.14-20231030-479dc6d7
- Apache Tomcat® 8.5.94*
- DSE Java Driver 1.10.0-dse-20220616 (DSE internal-only version)
- Netty 4.1.100.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Fixed deadlock in indexes initialization that occurs when the same table has both a secondary index and a search index and the entries in
IndexInfo
table are missing. The deadlock is resolved by marking the SOLR index as built in a different thread than the main DSE thread. (DSP-23828)
- Fixed the
ConcurrentModificationException
exception occurring in error during the NodeSync old validations cleanup process. (DSP-23821)
- Upgraded Jetty to version
9.4.53.v20231009
. (DSP-23734, CVE-2023-44487) - Upgraded Apache Tomcat to version
8.5.94
. (DSP-23779, CVE-2023-45648)
7 November 2023
- Apache Solr™ 6.0.1.4.2964*
- Apache Spark™ 2.4.0.29
- Apache TinkerPop™ 3.4.14-20231030-479dc6d7*
- Apache Tomcat® 8.5.93
- DSE Java Driver 1.10.0-dse-20220616 (DSE internal-only version)
- Netty 4.1.100.1.dse*
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Ensured that tombstones get NodeSynced before expiring by assigning segments that have never successfully been NodeSynced an urgent priority. (DSP-23710)
- Upgraded Netty to version
4.1.100.1.dse
that is based on4.1.100.Final
. (DSP-23763, CVE-2023-44487, CVE-2022-41881, CVE-2023-34462) - Removed
htrace
coming from Hadoop libraries (see HADOOP-17424). Removedjackson-databind
version2.4.0
that was a transitive dependency ofhtrace
. (DSP-23450) - Removed the
htrace
version from thelucene-solr
library.htrace
is an unused dependency in DSE 6.8. This removal resolved security vulnerabilities related to thehtrace
dependency, despite its being unused. (DSP-23756)
9 October 2023
- Apache Solr™ 6.0.1.4.2959
- Apache Spark™ 2.4.0.29
- Apache TinkerPop™ 3.4.14-20230814-301fd418
- Apache Tomcat® 8.5.93
- DSE Java Driver 1.10.0-dse-20220616 (DSE internal-only version)
- Netty 4.1.86.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Ensured that DSE uses only version 1.12.x of the
aws-sdk-java
library. Removed the dependency on version 1.11.x which also eliminated the need for the outdated and vulnerablejackson-databind
version 2.6.7.3. (DSP-23613)
11 September 2023
- Apache Solr™ 6.0.1.4.2959
- Apache Spark™ 2.4.0.29*
- Apache TinkerPop™ 3.4.14-20230814-301fd418*
- Apache Tomcat® 8.5.93*
- DSE Java Driver 1.10.0-dse-20220616 (DSE internal-only version)
- Netty 4.1.86.1.dse
- Spark JobServer 0.8.0.54
NOTE: above-listed DSE Java Driver is an internal-version only. If you're developing applications, please refer to the Java Driver documentation to choose an appropriate version.
- Changed logging level from
error
towarn
for a log message that is issued when folders are removed during a snapshot that calculates folder size. (DSP-23432) - Added a check to prevent running cleanup operations concurrently with operations that lead to token ownership changes, such as node addition or node decommission. Prior to this fix, running such concurrent operations could unintentionally delete valid data replicas. (DSP-23507)
- Changed reads from an SSTable to be delimited by and not exceed the declared row size in the row preamble. This prevents Out of Memory issues (OOM) with a corrupted SSTable. (DSP-23336)
- Upgraded
snappy-java
to version 1.1.10.3. (DSP-23499)
- Improved SAI queries response time by reducing the number of skips in the predicate intersection algorithm when selectivity of predicates varies significantly. (DSP-23435)
- Added a JVM configuration option to disable Storage Attached Index (SAI) segment compaction. Disable compaction by setting the
cassandra.sai.enable_segment_compaction
JVM flag tofalse
. The default value istrue
. (DSP-23440) - Fixed SAI index build failure for huge SSTables. (DSP-23478)
- Changed to use
collectd
v0.1.6 bundle based on Ubuntu:18.04. (DSP-23519)
- Fixed the
nodetool repair --trace
command to prevent it from hanging when it is run on an empty keyspace or on a keyspace with nodesync-enabled tables. (DSP-23408)
- Fixed a bug where Key Management Interoperability Protocol (KMIP) server failover was not working as intended because of exceptions that changed in the KMIP client library. (DSP-23343)
- Upgraded SnakeYAML library to the latest
2.0
version. (DSP-23429, CVE-2022-1471) - Upgraded
java-xmlbuilder
to version 1.3. (DSP-23489, CVE-2014-125087) - Upgraded Apache Tomcat to version 8.5.93. (DSP-23522, CVE-2023-41080)
- Upgraded ‘Google Guava’ to version 32.1.2-jre to remove CVE-2023-2976. Upgraded ‘FasterXML Jackson’ libraries to version 2.13.5. (DSP-23525, CVE-2023-2976)
- Enforced
net.sf.ehcache
library to use version 2.10.9.2 instead of 2.10.4. Removed indirect dependency onjackson-databind
version 2.3.3. (DSP-23528)
10 July 2023