LATEST VERSION: 9.2.3 - RELEASE NOTES
Pivotal GemFire® v9.2

Pivotal GemFire Release Notes

Note: General support includes security vulnerability resolutions and critical bug fixes in all supported minor versions, while other maintenance is applied only to the latest supported minor release.

Pivotal GemFire 9.2 is based on Apache Geode version 1.3. Pivotal GemFire 9.2 and Apache Geode share a common set of documentation. Therefore, references to both GemFire and Apache Geode appear throughout this documentation; consider them equivalents.

What’s New in Pivotal GemFire 9.2

  • The authorization levels supported by the security implementation have been refined to be finer-grained. They now permit specifying a target component. See Implementing Authorization for details.

  • The import and export of the data of partitioned regions may be distributed across servers and accomplished in parallel, such that each server handles its own primary data. See the new --parallel option of gfsh export data and. gfsh import data for details.

  • These previously deprecated items have been removed:

    • AttributesMutator.setCacheListener method
    • Deprecated methods of TransactionEvent
    • BridgeServer system properties
    • Deprecated methods of LocatorLauncher and ServerLauncher

Installing Pivotal GemFire 9.2

You can download Pivotal GemFire 9.2 from the Pivotal GemFire product download page.

For details on how to install Pivotal GemFire 9.2, see Installing Pivotal GemFire.

Note that the file name extension for the compressed TAR file has changed from .tar.gz to .tgz.

Upgrading to Pivotal GemFire 9.2

To upgrade from an earlier version of GemFire to the current version, see Upgrading Pivotal GemFire.

When servers are upgraded to this GemFire version from a version prior to version 9.1.1, their authentication of client messages is disabled in order to facilitate rolling upgrades. If your clients are set up to send authenticated messages, the servers will honor those messages, but will not enforce authentication until you reinstate authentication on each of the upgraded servers.

To reinstate secure client/server messaging, restart each server with the geode.disallow-internal-messages-without-credentials system property set to true. For example:

gfsh>start server --name=server_name --dir=server_config_dir \
--J=-Dgeode.disallow-internal-messages-without-credentials=true

Resolved Issues

GemFire 9.2 releases are based on the Apache Geode 1.3 release. Here is a list of all issues resolved for Geode 1.3. Ticket numbers of the form GEODE‑NNNN can be inspected at the Apache Software Foundation site for Geode issues.

Issues Resolved in Pivotal GemFire 9.2.3

The following issues have been resolved in GemFire 9.2.3.

GEODE-5631, GEM-2195: Fixed a bug that could lead to increased memory footprint when using asynchronous event listeners.

GEODE-4293, GEM-1874: Pulse no longer encounters spurious security issues when the jmx-manager-password-file property is specified.

GEODE-3588: Two restarts of a locator no longer result in a “split brain” condition.

GEODE-4184, GEM-1860: Fixed a problem in which index update threads were hanging and causing high CPU usage.

Issues Resolved in Pivotal GemFire 9.2.2

The following issues have been resolved in GemFire 9.2.2.

GEM-1863: Restored ability to set JMX manager security property files using the old security model (pre 9.0).

GEODE-4087: Removed an obsolete override that imposed the GemFire SSL configuration on non-GemFire sockets opened by the JVM.

Issues Resolved in Pivotal GemFire 9.2.1

The following issues have been resolved in GemFire 9.2.1.

GEODE-2296: Eliminated authorization on internal message size checks.

GEODE-3964, GEM-1747: Added a new alert that is triggered by the failure to expel a slow-to-respond member from the cluster after a considerable time period.

GEODE-4076, GEMNC-394: Restores the behavior of servers such that they again throw an AuthenticationRequiredException for clients that authenticate using the older security framework. The security framework incorrectly threw a GemfireSecurityException.

Issues Resolved in Pivotal GemFire 9.2.0

The following issues have been resolved in GemFire 9.2.0.

Security Vulnerabilities: Pivotal GemFire 9.2 is based on Apache Geode version 1.3.0, which addressed the following security vulnerabilities:

GEODE-3059: Corrected connection counting statistics.

GEODE-3062: Fixed a bug that caused security manager properties to be ignored when using the cluster configuration service.

GEODE-3117, GEM-1523: Eliminated a NullPointerException that was incorrectly thrown for gateway senders and gateway receivers using Authenticator.authenticate.

GEODE-3247: Improved query string validation.

GEODE-3248: Added validation of the region name when passing it as a bind parameter.

GEODE-3407, GEM-1256: Eliminated a deadlock between JMX and the membership tasks.

GEODE-3470: Increased the serial gateway sender token timeout from 15 to 120 seconds.

GEODE-3507, GEM-1602: Corrected the calculation of the actualRedundantCopies partitioned region statistic.

GEODE-3566, GEM-1584: Corrected the calculation of overflow statistics due to a rebalance operation.

GEODE-3619, GEM-1692: Corrected the calculation of the CachePerfStats diskTasksWaiting statistic.

GEODE-3647, GEM-385: Eliminated a race condition that could result in buckets with incorrect information if attribute mutator methods run concurrently with bucket creation.

GEODE-3685, GEM-1713: Ensured the proper wrapping of MBeans.

GEODE-3941: Fixed a bug that prevented Pulse from working when the security manager is enabled.

Known Issues

The following known issues affect GemFire 9.2:

GEM-2341: The HTTP session module creates its region that holds metadata on only one server within a cluster. The region needs to be hosted on all the servers.

To correct the issue on a running cluster, alter the region holding the metadata twice, restarting servers between the two gfsh alter region commands.

  1. Connect to the cluster with the gfsh connect command.

  2. The first alteration temporarily sets an unused attibute to the value 1, and the alteration command will fail on all servers but the single server that hosted the metadata region. However, the correct metadata region configuration will be propagated to all servers. The command has the form:

    alter region --name=REGION-NAME --eviction-max=1
    

    If the metadata region’s name is set within the context.xml file, substitute that name for REGION-NAME in the command.

    If the metadata region’s name is not set within the context.xml file, then use a REGION-NAME of gemfire_modules_sessions. Using this default results in the gfsh command:

    gfsh>alter region --name=gemfire_modules_sessions --eviction-max=1
    

    Note that this gfsh alter region command will fail on all but one server. Make note of the SERVER-NAME of each server for which the command fails.

  3. Work sequentially through the list of servers that failed the gfsh alter region command to restart each server by stopping and then starting it. First, stop the server with a command of the form:

    stop server --name=SERVER-NAME
    

    Then, start the server with a command of the form:

    start server --name=SERVER-NAME --use-cluster-configuration=true
    
  4. The second alteration resets the unused attribute to its original value of 0. The command has the form:

    alter region --name=REGION-NAME --eviction-max=0
    

    If the metadata region’s name is set within the context.xml file, substitute that name for REGION-NAME in the command.

    If the metadata region’s name is not set within the context.xml file, then use a REGION-NAME of gemfire_modules_sessions. Using this default results in the gfsh command:

    gfsh>alter region --name=gemfire_modules_sessions --eviction-max=0
    
  5. You can verify that the region is hosted on all servers with a gfsh command of the form:

    describe region --name=REGION-NAME
    

GEM-1197: If the initialization of a Spring container is not complete upon the start or restart of an embedded locator, deadlock can result. Avoid this issue by completing Spring container initialization before starting locators or servers; start GemFire processes in the Spring container’s startup event.

Obtaining and Installing Security Updates

New versions of Pivotal GemFire often include important security fixes, so Pivotal recommends you keep up to date with the latest releases.

For details about any security fixes in a particular release, see the Pivotal security page.