Release Notes -- Apache Jackrabbit Oak -- Version 1.42.0 Introduction ------------ Jackrabbit Oak is a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class web sites and other demanding content applications. Apache Jackrabbit Oak 1.42.0 is an incremental feature release based on and compatible with earlier stable Jackrabbit Oak 1.x releases. This release is considered stable and targeted for production use. While Oak 1.42.0 compiles and tests successfully on Java 15, Javadocs generation fails on Java 15 (but works as expected on Java 8). The Oak effort is a part of the Apache Jackrabbit project. Apache Jackrabbit is a project of the Apache Software Foundation. Changes in Oak 1.42.0 --------------------- Technical task [OAK-9470] - Move AutoMembershipPrincipals from ExternalGroupPrincipalProvider to top level [OAK-9475] - Document DynamicMembershipProvider [OAK-9574] - Update Mockito dependency to 3.12.4 [OAK-9577] - Update Tomcat dependency to 8.5.71 [OAK-9579] - standalone: upgrade spring fwk to 2.5.5 Bug [OAK-8440] - Test failure: SegmentWriteQueueTest.testFlush() [OAK-9141] - Test failure: ElasticFullTextAsyncTest.testNoStoredIndexDefinition [OAK-9262] - Incorrect session counter metric on concurrent logout [OAK-9449] - Any new (elastic) index def added after Out of the band reindexing will trigger reindexing when the async cycle will run the first index update [OAK-9453] - Segment copy test failures after Azure compaction changes [OAK-9454] - Improve nodeScopeIndex related documentation to mention a larger index size in case of using this property [OAK-9456] - Exclude all possible PSD mime types in default tika config [OAK-9457] - Lucene index is always used over ES index when the cost is minimal [OAK-9464] - Suggestion Results are not deduplicated when ES indexes are used [OAK-9465] - [Index Management] Versioned elastic index will get ignored during query execution [OAK-9469] - Unsuccessful lease refresh in AzureRepositoryLock can cause two processes using Oak to have write access [OAK-9471] - Query for split documents by Revision GC times out [OAK-9476] - Clock difference check performed too late [OAK-9477] - Time difference warning too sensitive [OAK-9483] - UpgradeIT fails when noexec is set on temp folder [OAK-9484] - PersistentRedisCacheTest fails when noexec is set on temp folder [OAK-9487] - WarnLogStringPropertySizeTest may fail with multiple fixtures [OAK-9496] - oak-solr-osgi embeds vulnerable Apache ZooKeeper [OAK-9497] - LargeLdapProviderTest: InvocationTargetException: LDAP connection has been closed [OAK-9502] - ElasticSimilarQueryTest.vectorSimilarityLargeData fails intermittently on ASF Jenkins [OAK-9512] - PrefixPattern.matches(String) always returns false [OAK-9513] - PrefixPattern ignores empty namespace perfix [OAK-9519] - TlsGuardingConnection doesn't do a TLS handshake on reused connections [OAK-9520] - CVE-2021-29262 in oak-solr-osgi [OAK-9529] - Log message "Another copy of the index update is already running" should be info [OAK-9535] - Support recovery of large branch merge [OAK-9537] - Security vulnerability in org/apache/lucene/queryparser/xml/CoreParser.java [OAK-9541] - ItemExistsException: "Node with the same UUID exists" thrown during SysView import with existing different UUID [OAK-9555] - javadoc error due to bracket mismatch [OAK-9560] - Javadoc build fails if using Java11 [OAK-9562] - Missing _bin when node is recreated after revision GC [OAK-9563] - LastRevSingleNodeRecoveryTest fails in setUp() [OAK-9565] - NullPointerException on Session.logout() [OAK-9576] - Multithreaded download synchronization issues [OAK-9582] - oak-examples/standalone: misleading documentation [OAK-9591] - Implement hashcode() and equals() method in ItemDefinitionImpl [OAK-9592] - Log exceptions when retrying find [OAK-9603] - oak-search-elastic: index name does not adhere to ES requirements [OAK-9616] - Node.setPrimaryType() does not always support expanded names [OAK-9617] - VersionGCSplitDocTest does not clean up after test [OAK-9623] - EnforceDynamicMembershipTest fails sporadically [OAK-9636] - FileWriter not closed in LocalManifestFile [OAK-9638] - Travis Build fails with "/usr/bin/python: No module named venv" [OAK-9644] - Flaky test due to HashSet [OAK-9648] - Jenkins build fails with timeout New Feature [OAK-9536] - Add support in oak run for incremental indexing [OAK-9587] - Add an attribute to enforce a strict index tag check [OAK-9602] - Script to check for inconsistent version nodes and generate a report Improvement [OAK-2437] - 'shallow' access to a node and it's properties [OAK-9418] - Improve oak-run compact to better support Azure compaction [OAK-9434] - MongoDB indexing: implement parallel chunk download [OAK-9451] - Cold Standby SSL certificates should be configurable [OAK-9452] - minor improvements to privilege management [OAK-9462] - Extensible DynamicMembershipProvider [OAK-9463] - Allow for conditional auto-membership [OAK-9468] - Define mechanism to prevent cross-IDP membership [OAK-9473] - [Cold Standby] Add configuration option for SSL key decryption password [OAK-9474] - Use Filter for SyncConfigTracker to limit respected references [OAK-9480] - Log a warning for improper usage of an index with valueRegex set [OAK-9481] - avoid range queries on like conditions [OAK-9488] - Extra logging in org.apache.jackrabbit.oak.run.DataStoreCommand [OAK-9492] - UserInitializer: info property of 'principalName' index not accurate [OAK-9494] - Check if a privilege name is included in a set/array of Privileges obtained from AccessControlManager.getPrivileges [OAK-9501] - Don't trim stack traces during unit tests and ITs [OAK-9508] - Duplicate code blocks in authorization modules [OAK-9509] - Enable minimum line and branch test coverage for oak-jcr [OAK-9511] - Improvements to security related Delegators in org.apache.jackrabbit.oak.jcr.delegate [OAK-9514] - Add RestrictionPattern.matches(@NotNull String path, boolean isProperty) [OAK-9516] - minor improvement to oak-authorization-principalbased [OAK-9517] - Incorrect time difference warning [OAK-9522] - Index cost estimation: prefer union query with path restriction [OAK-9523] - Remove warning "Missing provider for nrt/sync" for disabled indexes [OAK-9524] - Retry failed data download (resuming from the point it stopped) during indexing [OAK-9525] - Minor improvements to oak-authorization-cug [OAK-9527] - Typos in security related API [OAK-9528] - missing nullability annotations in security related code [OAK-9530] - Minor improvements to ACE.java [OAK-9531] - Improvements to oak.spi.security.authorization.permission [OAK-9532] - Add tests for DynamicMembershipProvider.EMPTY [OAK-9540] - SegmentNotFoundException in IndexDefinition.hasMatchingNodeTypeReg [OAK-9543] - AbstractServiceTracker: add protected constructor with filter properties [OAK-9544] - Refactor SyncConfigTrackerTest to use osgi mocks [OAK-9545] - fix potential NPE in CugAccessControlManager [OAK-9547] - oak-core-spi : adjust minimum.line.coverage and minimum.branch.coverage [OAK-9552] - Don't index except if it's oak:QueryIndexDefinition [OAK-9556] - remove unused constructor in SyncRuntimeException [OAK-9557] - improve tests in oak-auth-external modules [OAK-9558] - JMXUtil: add utility to create "jmx.objectname" map for service registration [OAK-9559] - Migrate previously synced users/groups to dynamic membership [OAK-9567] - Avoid NullPointerException in ReadWriteVersionManager.removeVersion [OAK-9568] - Support custom osgi LeaseFailureHandler [OAK-9572] - oak-search aggregations should ignore hidden properties [OAK-9588] - Bump and align testcontainers dependency to v1.16.0 [OAK-9598] - oak-search-elastic: reduce server load on reindex operations [OAK-9599] - Enforce dynamic membership upon user login [OAK-9604] - Minor improvements in o.a.j.oak.spi.security.authentication.external.impl.jmx [OAK-9609] - Override persistentCacheIncludes with framework property [OAK-9610] - Have a jmx to explicitly expire indexing lease in mongo mk [OAK-9613] - Define API to retrieve parent or null for a given Item [OAK-9618] - Use s.apache.org redirects for JCR specs/javadocs [OAK-9625] - Support ordered index for first value of a multi-valued property, node name, and path [OAK-9634] - CacheLIRS: test failure with ARM processor [OAK-9637] - Additional API to retrieve PrivilegeCollection to avoid manual resolution of privilege aggregation [OAK-9651] - Protection against very large queries Task [OAK-9458] - Update Oak trunk and Oak 1.22 to Jackrabbit 2.20.3 [OAK-9461] - Dynamic boost lite [OAK-9479] - oak-search-elastic: upgrade jackson-databind to 2.10.5.1 [OAK-9482] - upgrade httpclient to v 4.5.13 [OAK-9486] - Build all modules on GitHub PR [OAK-9495] - Adjust release vote template after migration to Git [OAK-9539] - Bump netty dependency from 4.1.52.Final to 4.1.66.Final [OAK-9550] - Modify oak-run-elastic pom top replace the default oak-run-elastic with the one created in assembly [OAK-9566] - Improve index stats [OAK-9573] - Make TraverseWithSort strategy the default while indexing [OAK-9580] - Fix Azure secret keys leaked in logs [OAK-9581] - oak-examples/standalone: update spring boot dependency to 1.5.22 and cleanup POM [OAK-9600] - Make "standby.secure" configurable [OAK-9601] - Refine logging to help detect dangling previous document pointers [OAK-9611] - Bump netty dependency from 4.1.66.Final to 4.1.68.Final [OAK-9615] - Update Oak trunk and Oak 1.22 to Jackrabbit 2.20.4 [OAK-9626] - Elasticsearch: support setAllowLeadingWildcard [OAK-9627] - oak-search-elastic: disable index cleaner job by default [OAK-9633] - oak-search-elastic: reliability tests [OAK-9639] - oak-segment-aws - avoid transitive log4j test dependency [OAK-9641] - Update Logback version to 1.2.8 [OAK-9643] - Update slf4j dependency to 1.7.32 [OAK-9645] - oak-solr-core - avoid transitive log4j test dependency [OAK-9652] - Update Logback version to 1.2.10 Documentation [OAK-9460] - Small documentation improvements for oak-segment-tar [OAK-9506] - Oak Security Documentation : links to Jackrabbit-API point to svn [OAK-9507] - link to PrincipalProvider points to wrong resource [OAK-9526] - Incomplete sentence in principalbased_evaluation.md [OAK-9595] - XPath queries don't support bind variables [OAK-9624] - Queries: Add logging to determine the caller In addition to the above-mentioned changes, this release contains all changes up to the previous release. For more detailed information about all the changes in this and other Oak releases, please see the Oak issue tracker at https://issues.apache.org/jira/browse/OAK Release Contents ---------------- This release consists of a single source archive packaged as a zip file. The archive can be unpacked with the jar tool from your JDK installation. See the README.md file for instructions on how to build this release. The source archive is accompanied by SHA512 checksums and a PGP signature that you can use to verify the authenticity of your download. The public key used for the PGP signature can be found at https://www.apache.org/dist/jackrabbit/KEYS. About Apache Jackrabbit Oak --------------------------- Jackrabbit Oak is a scalable, high-performance hierarchical content repository designed for use as the foundation of modern world-class web sites and other demanding content applications. The Oak effort is a part of the Apache Jackrabbit project. Apache Jackrabbit is a project of the Apache Software Foundation. For more information, visit http://jackrabbit.apache.org/oak About The Apache Software Foundation ------------------------------------ Established in 1999, The Apache Software Foundation provides organizational, legal, and financial support for more than 140 freely-available, collaboratively-developed Open Source projects. The pragmatic Apache License enables individual and commercial users to easily deploy Apache software; the Foundation's intellectual property framework limits the legal exposure of its 3,800+ contributors. For more information, visit http://www.apache.org/