Skip to content

Coherence CE v21.06.1
Compare
Choose a tag to compare
@harveyraja harveyraja released this 30 Jul 21:46
21.06.1
c896ba5

This is Patch 1 of the Coherence CE v21.06 release.

Fixed Issues

  • Fixed an issue with serializing classes annotated with PortableType that have not specified an ID.
  • Fixed an issue where an ArrayIndexOutOfBoundsException could be thrown when using the PortableType annotation.
  • Fixed an issue in persistence to ensure errors are caught in a rare and unexpected part of the recovery protocol.
  • Fixed an issue where a topic subscriber with only a single channel allocated will not stop polling even when the channel is empty.
  • Fixed an issue where the Java gRPC client will hang when getting caches if no connection to the server can be made.
  • CVE-2021-2428 Fixed Java serialization of the Coherence JCache CoherenceEntryProcessorResult class to prevent unintended usage of this class.
  • CVE-2021-2344 Fixed an issue where Java array deserialization may be used for a denial of service attack using malicious bytecode sent via WLS T3 and IIOP protocols.
  • CVE-2021-2371 Fixed an issue where Java array deserialization using ExternalizableHelper may be used for a denial of service attack using malicious bytecode sent via WLS T3 and IIOP protocols.
Assets 2
Loading