Pivotal GemFire Release Notes
Note: General support includes security vulnerability resolutions and critical bug fixes in all supported minor versions, while other maintenance is applied only to the latest supported minor release.
Pivotal GemFire 9.2 is based on Apache Geode version 1.3. Pivotal GemFire 9.2 and Apache Geode share a common set of documentation. Therefore, references to both GemFire and Apache Geode appear throughout this documentation; consider them equivalents.
The authorization levels supported by the security implementation have been refined to be finer-grained. They now permit specifying a target component. See Implementing Authorization for details.
The import and export of the data of partitioned regions may be distributed across servers and accomplished in parallel, such that each server handles its own primary data. See the new
gfsh export dataand.
gfsh import datafor details.
These previously deprecated items have been removed:
- Deprecated methods of
- Deprecated methods of
You can download Pivotal GemFire 9.2 from the Pivotal GemFire product download page.
For details on how to install Pivotal GemFire 9.2, see Installing Pivotal GemFire.
Note that the file name extension for the compressed TAR file has changed from
To upgrade from an earlier version of GemFire to the current version, see Upgrading Pivotal GemFire.
When servers are upgraded to this GemFire version from a version prior to version 9.1.1, their authentication of client messages is disabled in order to facilitate rolling upgrades. If your clients are set up to send authenticated messages, the servers will honor those messages, but will not enforce authentication until you reinstate authentication on each of the upgraded servers.
To reinstate secure client/server messaging, restart each server with
geode.disallow-internal-messages-without-credentials system property set to
gfsh>start server --name=server_name --dir=server_config_dir \ --J=-Dgeode.disallow-internal-messages-without-credentials=true
GemFire 9.2 releases are based on the Apache Geode 1.3 release. Here is a list of all issues resolved for Geode 1.3. Ticket numbers of the form GEODE‑NNNN can be inspected at the Apache Software Foundation site for Geode issues.
The following issues have been resolved in GemFire 9.2.4.
GEODE-4615, GEM-1902: Fixed a deadlock that could occur when a cache was being closed at the same time a new connection was being added.
GEODE-5173, GEM-633, GEM-2159: Eliminated a
that occurred during a transaction when value recovery was disabled.
GEODE-5255: Fixed a race condition that could lead to redundancy loss when nodes are restarted during a rebalance operation.
GEODE-5278, GEM-2092: Fixed a synchronization issue that caused a
CommitConflictException during server startup.
GEODE-5302, GEM-2046: Fixed a bug that resulted in a large number of spurious log messages due to compaction.
GEODE-5307, GEM-1835: Eliminated a server hang that occurred when a
putAll operation intersected with the closing of a partitioned region.
GEODE-5559, GEM-2183: Decreased server startup time when recovering region data.
GEODE-5646, GEM-2188: Fixed an error in client-locator communications that could occur when a locator is shutting down.
GEODE-5649, GEM-2203: Fixed a bug that could lead to
requests taking too long on a single client.
GEODE-6391, GEM-2386: Eliminated a
prevented the dispatch of a destroy-region event.
GEM-1936: Detect tombstones and do not add them to an OQL index during region initialization.
GEM-1958: Fixed a bug in which the
was not honored during long queries and before hitting an out-of-memory
The following issues have been resolved in GemFire 9.2.3.
GEODE-5631, GEM-2195: Fixed a bug that could lead to increased memory footprint when using asynchronous event listeners.
GEODE-4293, GEM-1874: Pulse no longer encounters spurious security issues when the
jmx-manager-password-file property is specified.
GEODE-3588: Two restarts of a locator no longer result in a “split brain” condition.
GEODE-4184, GEM-1860: Fixed a problem in which index update threads were hanging and causing high CPU usage.
The following issues have been resolved in GemFire 9.2.2.
GEM-1863: Restored ability to set JMX manager security property files using the old security model (pre 9.0).
GEODE-4087: Removed an obsolete override that imposed the GemFire SSL configuration on non-GemFire sockets opened by the JVM.
The following issues have been resolved in GemFire 9.2.1.
GEODE-2296: Eliminated authorization on internal message size checks.
GEODE-3964, GEM-1747: Added a new alert that is triggered by the failure to expel a slow-to-respond member from the cluster after a considerable time period.
GEODE-4076, GEMNC-394: Restores the behavior of servers such that
they again throw an
AuthenticationRequiredException for clients that
authenticate using the older security framework.
The security framework incorrectly threw a
The following issues have been resolved in GemFire 9.2.0.
Security Vulnerabilities: Pivotal GemFire 9.2 is based on Apache Geode version 1.3.0, which addressed the following security vulnerabilities:
- CVE-2017-9795: Apache Geode OQL method invocation vulnerability
- CVE-2017-9796: Apache Geode OQL bind parameter vulnerability
- CVE-2017-12622: Apache Geode gfsh authorization vulnerability
GEODE-3059: Corrected connection counting statistics.
GEODE-3062: Fixed a bug that caused security manager properties to be ignored when using the cluster configuration service.
GEODE-3117, GEM-1523: Eliminated a
that was incorrectly thrown for gateway senders and gateway receivers
GEODE-3247: Improved query string validation.
GEODE-3248: Added validation of the region name when passing it as a bind parameter.
GEODE-3407, GEM-1256: Eliminated a deadlock between JMX and the membership tasks.
GEODE-3470: Increased the serial gateway sender token timeout from 15 to 120 seconds.
GEODE-3507, GEM-1602: Corrected the calculation of
actualRedundantCopies partitioned region statistic.
GEODE-3566, GEM-1584: Corrected the calculation of overflow statistics due to a rebalance operation.
GEODE-3619, GEM-1692: Corrected the calculation of the
GEODE-3647, GEM-385: Eliminated a race condition that could result in buckets with incorrect information if attribute mutator methods run concurrently with bucket creation.
GEODE-3685, GEM-1713: Ensured the proper wrapping of MBeans.
GEODE-3941: Fixed a bug that prevented Pulse from working when the security manager is enabled.
The following known issues affect GemFire 9.2:
GEM-2341: The HTTP session module creates its region that holds metadata on only one server within a cluster. The region needs to be hosted on all the servers.
Note: This issue applies only to clusters in which the region for metadata was created for you using default settings (that is, if the metadata region’s name is not set within the
If you created your own custom region for the metadata (that is, if the metadata region’s name is set within the
file), do not apply this workaround.
To correct the issue on a running cluster,
alter the region holding the metadata twice,
restarting servers between the two gfsh
alter region commands.
Connect to the cluster with the gfsh
The first alteration temporarily sets an unused attibute to the value 1, and the alteration command will fail on all servers but the single server that hosted the metadata region. However, the correct metadata region configuration will be propagated to all servers.
gfsh>alter region --name=gemfire_modules_sessions --eviction-max=1
Note that this gfsh
alter regioncommand will fail on all but one server. Make note of the
SERVER-NAMEof each server for which the command fails.
Work sequentially through the list of servers that failed the gfsh
alter regioncommand to restart each server by stopping and then starting it. First, stop the server:
stop server --name=SERVER-NAME
Then, start the server with a command of the form:
start server --name=SERVER-NAME --use-cluster-configuration=true
The second alteration resets the unused attribute to its original value of 0.
gfsh>alter region --name=gemfire_modules_sessions --eviction-max=0
You can verify that the region is hosted on all servers with a gfsh command of the form:
describe region --name=gemfire_modules_sessions
GEM-1197: If the initialization of a Spring container is not complete upon the start or restart of an embedded locator, deadlock can result. Avoid this issue by completing Spring container initialization before starting locators or servers; start GemFire processes in the Spring container’s startup event.
Obtaining and Installing Security Updates
New versions of Pivotal GemFire often include important security fixes, so Pivotal recommends you keep up to date with the latest releases.
For details about any security fixes in a particular release, see the Pivotal security page.