Critical Fixes

This release of PingDirectory Server addresses critical issues from earlier versions. Update all affected servers appropriately.

  • Fixed an issue where new replicas incorrectly went into lockdown mode after initialization. This issue would happen when trying to initialize a newly-added replica to a topology that had been created some time ago. This amount of time had to exceed the replication purge delay, which is 24 hours by default. Before this fix was introduced, you could get past this by running "leave-lockdown-mode" on the new replica, then re-running "dsreplication initialize" on it.

    • Fixed in: 8.1.0.2
    • Introduced in: 8.1.0.0
    • Support identifiers: DS-42790 SF#00695648
  • Addressed an issue that could lead to slow, off-heap memory growth. This only occurred on servers whose cn=Version,cn=monitor entry was retrieved frequently.

    • Fixed in: 8.1.0.0
    • Introduced in: 5.2.0.0
    • Support identifiers: DS-41301
  • Addressed an issue where replication could incorrectly detect a backlog that never clears when updating from a pre-7.3 to a 7.3 or later version. This issue requires that servers were previously removed from the topology, and it has been seen rarely.

    • Fixed in: 8.1.0.0
    • Introduced in: 7.3.0.0
    • Support identifiers: DS-40955
  • Fixed a memory leak when performing SCIM queries on PingDirectory Server.

    • Fixed in: 8.1.0.0
    • Introduced in: 7.2.0.0
    • Support identifiers: DS-41206 SF#00681395
  • Fixed an issue that could cause the server to report an "Unable to decode a blacklist key" error while trying to open a local DB backend after an unclean shutdown.

    • Fixed in: 8.0.0.0
    • Introduced in: 7.2.0.0
    • Support identifiers: DS-40788
  • The following enhancements were made to the topology manager to make it easier to diagnose connection errors:

    • Added monitoring information for all the failed outbound connections (including the time since it has been failing and the last error message seen when the failure occurred) from a server to one of its configured peers and the number of failed outbound connections.
    • Added alarms/alerts for when a server fails to connect to a peer server within a configured grace period.
    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38334 SF#00655578
  • The topology manager will now raise a mirrored-subtree-manager-connection-asymmetry alarm when a server is able to establish outbound connections to its peer servers, but those peer servers are unable to establish connections back to the server within the configured grace period. The alarm is cleared as soon as there is connection symmetry.

    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38344 SF#00655578
  • The dsreplication tool has been fixed to work when the node being used to enable replication is currently out-of-sync with the topology master.

    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38335 SF#00655578
  • Fixed two issues in which the server could have exposed some clear-text passwords in files on the server file system.

    • Fixed in: 7.3.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38897 DS-38908
  • The following enhancements were made to the topology manager to make it easier to diagnose the connection errors:

    • Fixed in: 7.2.1.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38334 SF#00655578
  • The topology manager will now raise a mirrored-subtree-manager-connection-asymmetry alarm when a server is able to establish outbound connections to its peer servers, but those peer servers are unable to establish connections back to the server within the configured grace period. The alarm is cleared when connection symmetry is achieved.

    • Fixed in: 7.2.1.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38344 SF#00655578
  • The dsreplication tool has been fixed to work when the node being used to enable replication is currently out-of-sync with the topology master.

    • Fixed in: 7.2.1.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38335 SF#00655578
  • Addressed an issue where an InvalidKeyException could occasionally be reported by import-ldif. The error message for this problem resembles, "An unexpected error occurred during merge processing for index 'dc_example_dc_com_sn.equality': InvalidKeyException: The provided passphrase is invalid."

    • Fixed in: 7.2.0.0
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-37313
  • Fixed two issues in which the server could have exposed some clear-text passwords in files on the server file system.

    • Fixed in: 7.0.1.3
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-38897 DS-38908
  • Addressed an issue in "dsreplication enable/initialize" that prevented servers from some previous versions (5.2.0.5 and earlier and 6.0.0.*) from initializing newer servers. Servers from these prior versions can now be used to enable replication with current versions of the server.

    • Fixed in: 7.0.0.0
    • Introduced in: 5.2.0.5
    • Support identifiers: DS-35528 SF#624368
  • Fixed a very rare race condition with the Frequently Accessed Entry Cache which could lead to an index being marked as degraded and requiring a rebuild.

    • Fixed in: 7.0.0.0
    • Introduced in: 5.2.0.6
    • Support identifiers: DS-35616 SF#00625189
  • Addressed an issue where an index key could incorrectly be reported as exceeding the index-entry-limit after one billion entries had been imported or added to the directory server. The directory server does not need to contain one billion entries at the same time to be affected by this issue since the entry ID will always increase for each added entry even if entries are deleted. Environments that have experienced this issue should export and reimport their data after applying this patch.

    • Fixed in: 7.0.0.0
    • Introduced in: 2.0.0.0
    • Support identifiers: DS-35790 SF#00625942
  • Fixed an issue that could allow users with locked accounts to change their own passwords using the password modify extended operation.

    • Fixed in: 6.2.0.0
    • Introduced in: 5.2.0.3
    • Support identifiers: DS-17074
  • Addressed an issue specific to entry-balanced environments where changes received through replication are applied in the incorrect backend. This can occur if a restricted domain is disabled prior to disabling the global domain. With the restricted domain disabled, the affected server could apply the changes originally targeted for the restricted domain in the global domain. In addition, other servers in the topology will reset their generation ID for the restricted domain.

    • Fixed in: 6.2.0.0
    • Introduced in: 2.1.4.0
    • Support identifiers: DS-17237 SF#3746
  • Added an alarm at warning level to notify if any of the important JVM startup arguments are missing or misconfigured.

    • Fixed in: 6.2.0.0
    • Introduced in: 5.0.0.0
    • Support identifiers: DS-12216
  • Addressed an issue where a server could incorrectly report missed replication changes at startup in rare circumstances. Server A could report missed changes at startup where

    • Fixed in: 6.2.0.0
    • Introduced in: 3.5.0.0
    • Support identifiers: DS-18035 SF#00614612
  • Fixed an issue that could prevent the server from properly closing a database transaction under a sustained load of heavily conflicting write operations on a system that is processing those operations at an abnormally slow rate (for example, if the database is not cached and the disk subsystem is completely saturated).

    • Fixed in: 6.2.0.0
    • Introduced in: 6.0.1.0
    • Support identifiers: DS-18070
  • Fixed an issue that could allow users with locked accounts to change their own passwords using the password modify extended operation.

    • Fixed in: 6.2.0.0
    • Introduced in: 5.2.0.3
    • Support identifiers: DS-17074
  • Addressed an issue specific to entry-balanced environments where changes received through replication are applied in the incorrect backend. This can occur if a restricted domain is disabled prior to disabling the global domain. With the restricted domain disabled, the affected server could apply the changes originally targeted for the restricted domain in the global domain. In addition, other servers in the topology will reset their generation ID for the restricted domain.

    • Fixed in: 6.2.0.0
    • Introduced in: 2.1.4.0
    • Support identifiers: DS-17237 SF#3746
  • Added an alarm at warning level to notify if any of the important JVM startup arguments are missing or misconfigured.

    • Fixed in: 6.2.0.0
    • Introduced in: 5.0.0.0
    • Support identifiers: DS-12216
  • Addressed an issue where a server could incorrectly report missed replication changes at startup in rare circumstances. Server A could report missed changes at startup where

    • Fixed in: 6.2.0.0
    • Introduced in: 3.5.0.0
    • Support identifiers: DS-18035 SF#00614612
  • Fixed an issue that could prevent the server from properly closing a database transaction under a sustained load of heavily conflicting write operations on a system that is processing those operations at an abnormally slow rate (for example, if the database is not cached and the disk subsystem is completely saturated).

    • Fixed in: 6.2.0.0
    • Introduced in: 6.0.1.0
    • Support identifiers: DS-18070
  • Fixed an issue where opening the backend database might fail with an IllegalStateException that references "exploded-index-background-deletes" when there are several backend exploded indexes.

    • Fixed in: 6.0.0.0
    • Introduced in: 4.6.0.0
    • Support identifiers: DS-15094
  • The server can now detect an "out of file handles" situation on the operating system, and shut down to prevent running in an unreliable state.

    • Fixed in: 5.1.0.0
    • Introduced in: 2.1.0.0
    • Support identifiers: DS-12579 SF#2655
  • Added a fail safe to the pending changes queue for the Changelog Backend that can detect and ignore recovered changes that do not need to be committed in order to prevent holding up other changes in the queue.

    • Fixed in: 5.0.0.0
    • Introduced in: 4.5.1.0
    • Support identifiers: DS-11720 SF#2453
  • Disabled support for SSLv3 by default in the LDAP, HTTP, and JMX connection handlers, and for replication communication. The recently-discovered POODLE vulnerability could potentially allow a network attacker to determine the plaintext behind an SSLv3-encrypted session, which would effectively negate the primary benefit of the encryption.

    • Fixed in: 5.0.0.0
    • Introduced in: 2.1.0.0
    • Support identifiers: DS-11782
  • Fixed a problem that could interfere with access to an exploded attribute index after performing an online index rebuild for that attribute.

    • Fixed in: 4.6.0.0
    • Introduced in: 4.5.1.0
    • Support identifiers: DS-10470
  • Fix a bug in low level protocol buffer that could result in "uncaught exception" errors.

    • Fixed in: 4.5.0.0
    • Introduced in: 3.2.0.0
    • Support identifiers: DS-9268 SF#2002
  • Improve server stability by disabling explicit garbage collections that were being caused by JMX connections.

    • Fixed in: 4.0.0.0
    • Introduced in: 3.5.0.0
    • Support identifiers: DS-7633
  • Fix a bug in the LDAP Changelog where the changelog index manager could capture new changes for an attribute in one index after already hitting the end of another index. This created the possibility for changes to be missed when processing get-changelog-batch-requests at the same time that live traffic is happening.

    • Fixed in: 3.6.0.0
    • Introduced in: 3.2.0.0
    • Support identifiers: DS-7422
  • Fix a bug that allows users with expired passwords to change attributes in their own entry other than password.

    • Fixed in: 3.5.0.0
    • Introduced in: 3.2.0.0
    • Support identifiers: DS-6054
  • Address an issue where a directory server might resend duplicate changes when processing a GetChangelogBatch request in an environment that is under heavy load.

    • Fixed in: 3.5.0.0
    • Introduced in: 3.2.0.0
    • Support identifiers: DS-5656
  • Update PingDirectory Server to apply access controls when processing the GetAuthorizationEntryRequestControl.

    • Fixed in: 3.5.0.0
    • Introduced in: 2.0.0.0
    • Support identifiers: DS-854
  • Fix a bug where PingDirectory Servers could potentially miss some update messages in large topologies after a restart.

    • Fixed in: 3.2.0.0
    • Introduced in: 3.1.0.0
    • Support identifiers: DS-3592

Resolved Issues

The following issues have been resolved with this release of PingDirectory Server:

Ticket ID Description
DS-40828

Fixed an issue where some state associated with a JMX connection was not freed after the connection was closed. This led to a slow memory leak in servers that were monitored by an application that created a new JMX connection each polling interval.

DS-41964

Fixed an issue with the manage-profile tool where files in a server profile's dsconfig/ directory without a ".dsconfig" extension could cause failures in manage-profile replace-profile when validating updated dsconfig files.

DS-42438

Fixed an issue that could cause the remove-defunct-server tool to not remove certain replication attributes when run with a topology json file.

DS-42687

Upgrade to Jetty 9.4.30

DS-42790

Fixed an issue where new replicas incorrectly went into lockdown mode after initialization.

This issue would happen when trying to initialize a newly-added replica to a topology that had been created some time ago. This amount of time had to exceed the replication purge delay, which is 24 hours by default. Before this fix was introduced, you could get past this by running "leave-lockdown-mode" on the new replica, then re-running "dsreplication initialize" on it.