Critical Fixes

This release of the Data Sync Server addresses critical issues from earlier versions. Update all affected servers appropriately.

  • Addressed an issue that could lead to slow, off-heap memory growth. This only occurred on servers whose cn=Version,cn=monitor entry was retrieved frequently.

    • Fixed in: 8.1.0.0
    • Introduced in: 5.2.0.0
    • Support identifiers: DS-41301
  • Fixed a memory leak when performing SCIM queries on the Directory Server.

    • Fixed in: 8.1.0.0
    • Introduced in: 7.2.0.0
    • Support identifiers: DS-41206 SF#00681395
  • The following enhancements were made to the topology manager to make it easier to diagnose connection errors:

    • Added monitoring information for all the failed outbound connections (including the time since it has been failing and the last error message seen when the failure occurred) from a server to one of its configured peers and the number of failed outbound connections.
    • Added alarms/alerts for when a server fails to connect to a peer server within a configured grace period.
    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38334 SF#00655578
  • The topology manager will now raise a mirrored-subtree-manager-connection-asymmetry alarm when a server is able to establish outbound connections to its peer servers, but those peer servers are unable to establish connections back to the server within the configured grace period. The alarm is cleared as soon as there is connection symmetry.

    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38344 SF#00655578
  • The dsreplication tool has been fixed to work when the node being used to enable replication is currently out-of-sync with the topology master.

    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38335 SF#00655578
  • Fixed two issues in which the server could have exposed some clear-text passwords in files on the server file system.

    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38897 DS-38908
  • The following enhancements were made to the topology manager to make it easier to diagnose the connection errors:

    • Fixed in: 7.2.1.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38334 SF#00655578
  • The topology manager will now raise a mirrored-subtree-manager-connection-asymmetry alarm when a server is able to establish outbound connections to its peer servers, but those peer servers are unable to establish connections back to the server within the configured grace period. The alarm is cleared when connection symmetry is achieved.

    • Fixed in: 7.2.1.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38344 SF#00655578
  • The dsreplication tool has been fixed to work when the node being used to enable replication is currently out-of-sync with the topology master.

    • Fixed in: 7.2.1.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38335 SF#00655578
  • Fixed two issues in which the server could have exposed some clear-text passwords in files on the server file system.

    • Fixed in: 7.0.1.3
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38897 DS-38908
  • Fixed an issue with the sync connect and response timeouts being set with incorrect units of time.

    • Fixed in: 6.2.0.0
    • Introduced in: 6.0.0.0
    • Support identifiers: DS-18026 SF#00616763
  • Fixed an issue with the sync connect and response timeouts being set with incorrect units of time.

    • Fixed in: 6.2.0.0
    • Introduced in: 6.0.0.0
    • Support identifiers: DS-18026 SF#00616763
  • The server can now detect an "out of file handles" situation on the operating system, and shut down to prevent running in an unreliable state.

    • Fixed in: 5.1.0.0
    • Introduced in: 2.1.0.0
    • Support identifiers: DS-12579 SF#2655
  • Disabled support for SSLv3 by default in the LDAP, HTTP, and JMX connection handlers, and for replication communication. The recently-discovered POODLE vulnerability could potentially allow a network attacker to determine the plaintext behind an SSLv3-encrypted session, which would effectively negate the primary benefit of the encryption.

    • Fixed in: 5.0.0.0
    • Introduced in: 2.1.0.0
    • Support identifiers: DS-11782
  • Change the default behavior of the Synchronization Server to not lock entries across all Sync Pipes when processing changes.

    • Fixed in: 3.2.0.0
    • Introduced in: 3.0.0.0
    • Support identifiers: DS-4202 SF#1527

Resolved Issues

The following issues have been resolved with this release of the Data Sync Server:

Ticket ID Description
DS-40828

Fixed an issue where some state associated with a JMX connection was not freed after the connection was closed. This led to a slow memory leak in servers that were monitored by an application that created a new JMX connection each polling interval.

DS-41964

Fixed an issue with the manage-profile tool where files in a server profile's dsconfig/ directory without a ".dsconfig" extension could cause failures in manage-profile replace-profile when validating updated dsconfig files.

DS-42687

Upgrade to Jetty 9.4.30