Pivotal GemFire Release Notes
Pivotal GemFire 9.7 is based on Apache Geode version 1.8. Pivotal GemFire 9.7 and Apache Geode share a common set of documentation. Therefore, references to both GemFire and Apache Geode appear throughout this documentation; consider them equivalents.
Pivotal GemFire v9.7.6 does not introduce new features; it is a maintenance release. See Issues Resolved in Pivotal GemFire 9.7.6 for issues addressed in this release.
Pivotal GemFire 9.7 includes the following improvements:
- GemFire clients support trust and keystore rotation
- Endpoint validation during SSL handshake is enabled
- Improved latency characteristics of Serial Gateway Sender Queues
- Function security is dynamically determined by function arguments
- Added support for Tomcat 9
gfshcommand hints are now case-independent
Pivotal GemFire 9.7 Breaking Change
The configuration options for JNDI bindings have changed,
whether configured through XML or
gfsh create jndi-binding:
--jdbc-driver-classoption is now optional.
--urlis an alias for the
--typeoption now defaults to
--type=POOLEDoption defaults to creating a Hikari pool. Or, implement
org.apache.geode.datasource.PooledDataSourceFactoryto customize the class that implements the pool.
The breaking change represents a rare use case.
The change is that
a custom class that implements the pool must now implement the
You can download Pivotal GemFire 9.7 from the Pivotal GemFire product download page.
For details on how to install Pivotal GemFire 9.7, see Installing Pivotal GemFire.
To upgrade from an earlier version of GemFire to the current version, see Upgrading Pivotal GemFire.
Reinstating Secure Messaging
When servers are upgraded to this GemFire version from a version prior to version 9.1.1, their authentication of client messages is disabled in order to facilitate rolling upgrades. If your clients are set up to send authenticated messages, the servers will honor those messages, but will not enforce authentication until you reinstate authentication on each of the upgraded servers.
To reinstate secure client/server messaging, restart each server with
geode.disallow-internal-messages-without-credentials system property set to
gfsh>start server --name=server_name --dir=server_config_dir \ --J=-Dgeode.disallow-internal-messages-without-credentials=true
Note: The fix for issue GEODE-7628/GEM-2747 introduces a new requirement: To create MBeans, a Security Manager must be enabled. This may affect applications upgrading from earlier versions. See Enable Security with Property Definitions for more information.
The GemFire 9.7 release is based on the Apache Geode 1.8 release. This section describes issue resolutions that significantly affect GemFire applications. For a list of all issues resolved in Geode 1.8, see the Geode 1.8 Release Notes. Ticket numbers of the form GEODE‑NNNN can be inspected at the Apache Software Foundation site for Geode issues.
GEODE-7728, GEM-2819: Fixed an exception thrown when executing an equi-join query and both fields are indexed.
GEODE-7628, GEM-2747: Block JMX Mbean creation when no
SecurityManager interface is implemented.
GEODE-7334, GEM-2705: Fixed a problem in which the system, by default, was loading a JodaModule JAR file that prevented the developers REST API from starting.
GEODE-7373, GEM-2746: Corrected a JMX deserialization vulnerability by restricting the types of credentials considered acceptable.
GEODE-7465, GEM-2773: Fixed a problem in which an asynchronous event queue could fail to restart with a RegionDestroyedException due to incomplete cleanup of the queue at the time it was stopped.
GEODE-7473, GEM-2774: Fixed a memory leak in WAN gateway senders caused by accumulation of entry event objects.
GEODE-7079, GEM-2623: Fixed a null-pointer exception encountered during restart when event message conflation was in effect for a gateway sender queue.
GEODE-7080, GEM-2648: Fixed an
EntryDestroyedException by ensuring that the gfsh
export offline-disk-store operation does not attempt to export deleted keys.
GEODE-7085, GEM-2647: Fixed a problem in which a very large region version number (greater than
Integer.MAX_VALUE) prevented disk store recovery.
GEM-2538: Fixed a bug in which the gfsh
alter region command overwrote gateway senders, async event queues, and cache listeners configured on a region.
GEODE-3948/GEM-2542: Ensured that client/server connection read timeout is honored.
GEODE-4958, GEM-2477: Changed logging when org.apache.geode.security.AuthenticationRequiredException is encountered to now log as a “warn” statement rather than throwing the exception with a call stack.
GEODE-5959, GEM-2261: Fixed a performance issue related to execution of nested functions.
GEODE-6035, GEM-2272: Increased TCP/IP backlog defaults to enhance peer-to-peer connection formation.
GEODE-6064, GEM-2256: Protected SSL keystore password so it is no longer visible in plain text gfsh command results.
GEODE-6205, GEM-2337: Modified the create disk-store command to save the absolute path name rather than the relative one.
GEODE-6281, GEM-2344: Fixed a problem in which the utility that generates XML included entry values in the generated XML, causing Out of Memory errors during debugging operations.
GEODE-6527, GEM-2511: Fixed an issue in which a member that creates a partitioned region can result in “java.lang.IllegalStateException: Incompatible CacheLoader. CacheLoader is null in partitionedRegion Parent on another datastore” when the partitioned region had previously been altered in another member to change the cache writer or cache loader.
GEODE-6544, GEM-4883: Allowed retry of Pulse login following an unsuccessful login attempt.
GEODE-6559, GEM-2449: Modified auto-reconnect so it no longer loads outdated classes from cached JARs.
GEODE-6721/GEM-2506: Corrected the behavior of the gfsh start locator command to honor a request specifying the secondary IP, instead of always using the host’s primary IP address.
GEODE-6746: Fixed an issue where the log message “Your SSL configuration disables hostname validation. ssl-endpoint-identification-enabled should be set to true when SSL is enabled” was repeatedly printed at the warning level. The message now prints only once as an info-level message.
GEODE-6767, GEM-2511: Fixed an issue in which a partitioned region that is colocated with another partitioned region is altered to change entry time-to-live or idle-timeout while rebalancing, causing a loss of full bucket redundancy.
GEODE-6806, GEM-2545: Improved OQL’s handling of joining multiple regions with indexes by preventing the LIMIT clause from being applied in intermediate execution steps.(
GEODE-6821; GEM-2548: Fixed an issue where the shared P2P message reader blocked when processing a message on a region with a serial sender.
GEODE-6922, GEM-2550: Improved the retrieval of active sessions count by load-balancing the operations among multiple servers.
GEODE-6929/GEM-2590: Fixed an internal messaging problem that could cause customer logs to fill with spurious “Trying to reply twice to a message” errors.
GEODE-6244: Fixed a case in which a slowly responding member could mistakenly initiate disconnection of a better-responding member.
GEODE-6271, GEM-2356: Improved support of clients connected to multiple distributed systems by copying serialized types between clusters.
GEODE-6369: Terminate auto-reconnect attempts if reconnect is not possible.
GEODE-6309, GEODE-6363: Restarting locator tries harder to find an existing cluster coordinator before assuming the role itself.
GEODE-6423, GEM-2410: Availability check following a network outage honors member timeout setting before disconnecting.
GEODE-6451, GEODE-6522: Fixed a membership issue that could cause the server to hang during shutdown.
GEODE-6488, GEM-2400: Improved handling of query tasks so timed-out queries can be re-executed and multiple cancellation tasks will not be ignored.
GEODE-92: Fixed a bug in which custom expiry code that called getValue() could cause a deadlock that resulted in no region operations completing. The previous fix for GEODE-92 did not cover all possibilities.
GEODE-5747, GEODE-6065: Improved the WAN gateway sender’s resilience in the face of intermittent DNS failures or unexpected socket resets in the underlying operating system.
GEODE-6177: Improved the gateway sender’s ability to re-authenticate upon reconnection following a dropped WAN connection.
GEODE-6215, GEM-2341: Fixed a bug with the HTTP session store that resulted in the session region not being created on all servers.
GEODE-6267, GEODE-6287, GEM-2352: Fixed server side memory leaks that occurred during client departure.
GEODE-6328, GEODE-6329, GEM-2376: Fixed issues with the gfsh show missing-disk-stores command, in which the command listed instances that were not missing or duplicate entries.
GEODE-6344, GEM-2365: Fixed a source of spurious “socket read timeout” exceptions on client proxy reconnection requests by replacing existing proxies with new instances.
GEODE-5857, GEM-2233: Resolved some race conditions in JMX registration during startup and shutdown.
GEODE-5861: JDBC Connector now uses gfsh jndi-binding instead of jdbc-connection.
GEODE-5925, GEM-2262: Fixed an issue where
AcceptorImpl was sending out unnecessary profile update messages during cache closure operations.
GEODE-6078, GEM-2265: Use of Pool APIs for doing operations when
multiuser-secure-mode-enabled is set to
true no longer causes a
General support includes security vulnerability resolutions and critical bug fixes in all supported minor versions, while other maintenance is applied only to the latest supported minor release.
Obtaining and Installing Security Updates
New versions of Pivotal GemFire often include important security fixes, so Pivotal recommends you keep up to date with the latest releases.
For details about any security fixes in a particular release, see the Pivotal security page.