Pivotal GemFire Release Notes

Note: General support includes security vulnerability resolutions and critical bug fixes in all supported minor versions, while other maintenance is applied only to the latest supported minor release.

What’s New in Pivotal GemFire 9.0

  • Pivotal GemFire 9.0 provides all the benefits of open source software, as it is based on the Apache Geode 1.0.0-incubating release. It also includes fixes from later Apache Geode releases. Pivotal GemFire 9.0 and Apache Geode share a common set of documentation. Therefore, references to both GemFire and Apache Geode appear throughout this documentation; consider them equivalents.

  • Region values may be stored in off heap memory, instead of heap memory. Off heap memory is not subject to Java garbage collection, leading to performance advantages for some applications. See Managing Off-Heap Memory for details.

  • The new Integrated Security feature provides a simpler and more powerful way of doing authentication and authorization. See Security for details. Users of GemFire 8.x should strongly consider reimplementing system-wide security measures under the new method, especially since the 8.x Authenticator and AccessControl APIs have been superseded by the new interface. The 8.x implementation is supported, but is now deprecated. If any 9.0 integrated security properties are specified (such as security-manager), GemFire will not honor the 8.x configuration and the entire app must migrate to the 9.0 scheme.

  • A new scheme for configuring SSL is both simpler and more powerful than its predecessor. The older SSL configuration scheme used separate, single-valued properties with component-specific prefixes such as cluster- and server-. The new configuration scheme uses a simpler naming scheme in which a smaller number of properties using the ssl- prefix can take multiple values. See SSL for details.

    The older SSL scheme is supported, but is now deprecated. If any new-style properties are specified (those with the ssl- prefix), then GemFire will not honor the older configuration, and the entire app must migrate to the new scheme.

    The pre-GemFire 8.x SSL scheme, formerly deprecated, is now unsupported.

  • All member discovery is through locators. Multicast communication can no longer be used for discovery.

  • Due to licensing restrictions with Apache Software Foundation, the JGroups implementation used in Pivotal GemFire has been replaced and updated to a compatible version. This also allows GemFire to deal with JGroups as an external dependency and keep up with recent versions as needed.

  • Tomcat version 8 is now supported for HTTP session management.

  • The Visual Statistics Display (VSD) utility is no longer included in the Gemfire installation. VSD is available for download from the Pivotal GemFire download page.

  • An adapter that allows GemFire to function as a drop-in replacement for a Redis data store is available in an experimental implementation. See Experimental Features to read about this feature.

  • OQL aggregate functions are available in an experimental implementation. See Experimental Features to read about this feature.

  • An experimental implementation does a rebalance operation on a periodic basis, basing a decision to do the rebalance on a minimum quantity of bytes that would be transferred and/or on the ratio of the bytes that would be transferred to the total number of bytes stored. See Experimental Features to read about this automated rebalance feature.

  • An experimental implementation allows the creation of Apache Lucene indexes on data stored in GemFire.

Installing Pivotal GemFire 9.0

This Pivotal GemFire 9.0 version is available in ZIP and TAR formats.

You can download Pivotal GemFire 9.0 from the Pivotal GemFire product download page.

Pivotal GemFire 9.0 is available as:

  • ZIP or tar.gz file
  • Homebrew for MacOSX
  • Maven repository

The Pivotal GemFire 9.0 installation download includes GemFire tools such as Pulse, VSD, Developer REST APIs, and Pivotal GemFire HTTP Modules.

For details on how to install Pivotal GemFire 9.0, see Installing Pivotal GemFire.

Upgrading to Pivotal GemFire 9.0

To upgrade from an earlier version of GemFire to the current version, see Upgrading Pivotal GemFire.

For this Pivotal GemFire 9.0 release, packages use their org.apache.geode names. A section within Upgrade Pivotal GemFire explains the changes.

Removed From Pivotal GemFire 9.0

  • No 32-bit binaries are shipped.

  • The Hibernate Cache module has been removed until it can be updated.

  • DTD files prior to version 7.0 have been removed.

Issues Resolved in Pivotal GemFire 9.0.4

The following issues have been resolved in GemFire 9.0.4. Ticket numbers of the form GEODE-NNNN can be inspected at the Apache Software Foundation site for Geode issues.

  • GEODE-1971/GEM-983: Fixed a shutDownAll hang that was caused by a new member joining while the shutdown was in progress.

  • GEODE-2155: Improved reliability of auto-reconnect by terminating attempts to reconnect when cache.xml is invalid.

  • GEODE-2193: Fixed a problem in which a membership request was denied if it was received during a membership coordinator transition.

  • GEODE-2642: Fixed a race condition that sometimes caused a client to skip a scheduled ping of the server.

  • GEODE-2671: Embedded Pulse now honors a custom jmx-manager-port setting on locator start up when trying to connect to the locator.

  • GEODE-2732: Auto-reconnect now honors a gfsh command-line request for restarting a server on a non-default port.

  • GEODE-2756: Ensured that security-related properties are not visible in environment variables or log files.

  • GEODE-2764: Added checks on new region names to prune any function calls that appear in the name string.

  • GEODE-2775: Corrected setting of the Pulse SSL Manager flag from System properties instead of pulse.properties when running in embedded mode.

  • GEODE-2801/GEM-1389: Changed key reference Ids to be thread safe. This fixes an intermittent ArrayIndexOutOfBoundsException that could occur when performing a disk store backup.

  • GEODE-2808/GEM-1380: Fixed lock ordering issues that sometimes resulted in deadlocks during session expiration.

  • GEM-1397: Corrected synchronization to prevent hangs of the gfsh show missing-disk-stores command when a cache has not completed initializing.

Issues Resolved in Pivotal GemFire 9.0.3

The following issues have been resolved in GemFire 9.0.3. Ticket numbers of the form GEODE-NNNN can be inspected at the Apache Software Foundation site for Geode issues.

  • GEODE-2670: Updated the authorization implementation, restricting data access via Pulse, to address CVE-2017-5649.

Issues Resolved in Pivotal GemFire 9.0.2

The following issues have been resolved in GemFire 9.0.2. Ticket numbers of the form GEODE-NNNN can be inspected at the Apache Software Foundation site for Geode issues.

  • GEODE-1272/GEM-1133: The index creation operation now correctly handles exceptions and does not deserialize PDX objects.

  • GEODE-1969/GEM-1243: An IOException will no longer occur due to an oplog closure when the gemfire.syncWrites property is true.

  • GEODE-2129: A hash of the pdxType reduces collisions on the identifiers.

  • GEODE-2174/GEM-778: Improved the server’s logging of client unregistration details.

  • GEODE-2179/GEODE-2186/GEM-1104: The gateway sender status displayed in Pulse has been corrected.

  • GEODE-2209/GEM-1114: Increased the number of gateway senders supported from 16 to 128.

  • GEODE-2212: Case insensitive, security-related properties specified in HTTP headers are correctly handled.

  • GEODE-2213: A fix eliminates a potential deadlock upon a connection request of a new member.

  • GEODE-2215: Eliminates an erroneous null pointer exception from the view creator.

  • GEODE-2216/GEM-1133: Failure to create an index on one of a set of nodes resulted in an unpopulated index which returned incorrect results for queries.

  • GEODE-2224/GEM-1123: The local QueryService no longer throws an exception when running a query within a transaction.

  • GEODE-2228: Fixed a bug that caused a transaction to hang, when the member that grants locks changes during the transaction.

  • GEODE-2242: Fixed a bug that caused destroy operations on preloaded regions to not be applied in a receiving WAN site.

  • GEODE-2267/GEODE-2416/GEODE-2419/GEODE-2576: The gfsh export logs command has been improved to send all logs to the locator’s file system when communication is over JMX. When the command is sent via an HTTP request, the logs are sent to the requester, and the temporary copy is deleted.

  • GEODE-2277: Ensures that a new PDX type gets distributed to all nodes across a WAN prior to issuing an operation that uses the new type.

  • GEODE-2279/GEM-1108: Corrected the value of statistic messageQueueSize.

  • GEODE-2297/GEM-1183: Fixed a deadlock condition caused by an alert generated during server startup.

  • GEODE-2333: Eliminated a race condition that could cause off heap memory space to be freed more than once.

  • GEODE-2354: Increased the duration of a security session.

  • GEODE-2497: A fix avoids a system hang when waiting for a response to a startup message from a surprise member.

  • GEODE-2534: Fixed a bug that manifested in the failure to create a single, unified system when two locators started concurrently.

  • GEODE-2547: Fixed a bug that caused a cache loader to be incorrectly invoked upon registration of interest in a key that has been destroyed.

  • GEODE-2594/GEM-1292: The Attach API and placement of the tools.jar file on the classpath are no longer used by default. As a result, java_pid files are no longer left in /tmp.

  • GEODE-2616/GEM-1195: Fixed a memory leak associated with the closing of colocated regions.

  • GEODE-2633: When fine logging is enabled, the logs no longer save the keystore password in clear text.

  • GEODE-2638/GEM-1282: Fixed a gateway sender start failure when the remote locator’s host name cannot be resolved.

  • GEM-1287: Fixed a bug in SSL configuration that manifested in gfsh being unable to connect via JMX.

  • GEM-1254: Updated the commons-fileupload library to version 1.3.2 to address CVE-2016-3092. Updated the commons-beanutils library to version 1.9.3 to address CVE-2014-0114. Updated the spring library to version 4.3.6 to address CVE-2016-9878. Updated the shiro library to version 1.3.2 to address CVE-2016-6802.

Issues Resolved in Pivotal GemFire 9.0.1

The following issues have been resolved in GemFire 9.0.1. Ticket numbers of the form GEODE-NNNN can be inspected at the Apache Software Foundation site for Geode issues.

  • GEODE-2212: GemFire now correctly accepts case-insensitive HTTP headers.

  • GEODE-2214: The session cache supports using TCCL.

Issues Resolved in Pivotal GemFire 9.0.0

The following issues have been resolved in GemFire 9.0.0. Ticket numbers of the form GEODE-NNNN can be inspected at the Apache Software Foundation site for Geode issues.

  • GEODE-136: Fixed a bug that could lead to an incorrect NullPointerException when using the gfsh list regions command.

  • GEODE-538: Revised conditions under which a restart of persistent, colocated regions are ready to handle operations.

  • GEODE-706: Fixed a race condition within the ExpirationManager.

  • GEODE-1247: gfsh command may now be used to stop a server when working over HTTP.

  • GEODE-1532: Pulse is no longer vulnerable to clickjacking.

  • GEODE-1902: Custom logging in a log4j2.xml file may now use the GEODE_VERBOSE marker instead of the GEMFIRE_VERBOSE one.

  • GEODE-1912: Improved the parsing of gfsh commands.

  • GEODE-1938: Revise error handling of very large snapshots.

  • GEODE-1966: Ensure that Pulse does not reveal version details to anonymous users.

  • GEODE-1967: Fixed a bug that resulted in keys not being removed from an updated index.

  • GEODE-1981: Synchronize invocations of resultCollector from multiple threads.

  • GEODE-1986: Fixed a bug that incorrectly enabled the cluster configuration service for embedded locators.

  • GEODE-2000/GEM-776: Clients now see the server-bind-address in the event member ID.

  • GEODE-2011/GEM-1096: Fixed a NullPointerException generated in the CacheWriter for the PdxTypes Region.

  • GEODE-2012: Fixed a bug that could result in a corrupted statistics archive file.

  • GEODE-2104: Corrects the parsing of commands that have a --J option.

  • GEODE-2021: Improved discovery of non colocated data within a transaction.

  • GEODE-2025: Changed the default port number for the http server port.

  • GEODE-2123/GEM-1099: Fixed a bug that caused an unrelated gateway sender’s AckReaderThread to stop when a gateway sender is stopped.

  • GEODE-2124: Fixed a bug that caused queries to fail with a ClassCastException.

  • GEODE-2133/GEM-1100: Fixed a bug in which a logging failure in a gateway receiver could cause the the gateway sender to stop.

  • GEODE-2136/GEM-1072: Eliminate cookie duplication in HTTP responses to avoid stale cookies.

  • GEM-1034: Fixed a bug that presented itself as not honoring the entry-idle-time attribute.

  • GEM-1070: Fixed a bug in the REST interface’s POST put implementation that prevented it from working with a region valueConstraint.

Known Issues

The following known issues affect GemFire 9.0:

GEM-2341: The HTTP session module creates its region that holds metadata on only one server within a cluster. The region needs to be hosted on all the servers.

Note: This issue applies only to clusters in which the region for metadata was created for you using default settings (that is, if the metadata region’s name is not set within the context.xml file). If you created your own custom region for the metadata (that is, if the metadata region’s name is set within the context.xml file), do not apply this workaround.


To correct the issue on a running cluster, alter the region holding the metadata twice, restarting servers between the two gfsh alter region commands.

  1. Connect to the cluster with the gfsh connect command.

  2. The first alteration temporarily sets an unused attibute to the value 1, and the alteration command will fail on all servers but the single server that hosted the metadata region. However, the correct metadata region configuration will be propagated to all servers.

    gfsh>alter region --name=gemfire_modules_sessions --eviction-max=1

    Note that this gfsh alter region command will fail on all but one server. Make note of the SERVER-NAME of each server for which the command fails.

  3. Work sequentially through the list of servers that failed the gfsh alter region command to restart each server by stopping and then starting it. First, stop the server:

    stop server --name=SERVER-NAME

    Then, start the server with a command of the form:

    start server --name=SERVER-NAME --use-cluster-configuration=true
  4. The second alteration resets the unused attribute to its original value of 0.

    gfsh>alter region --name=gemfire_modules_sessions --eviction-max=0
  5. You can verify that the region is hosted on all servers with a gfsh command of the form:

    describe region --name=gemfire_modules_sessions
  6. You can verify that the region is hosted on all servers with a gfsh command of the form:

    describe region --name=REGION-NAME

GEM-868/GEODE-2180: Reconfiguration of the cache when autoreconnecting does not work with the default settings for use-cluster-configuration if the cache is configured through API calls. Either disable autoreconnect or disable using the cluster configuration service.