Critical fixes

This release of PingDataMetrics Server addresses critical issues from earlier versions. Update all affected servers appropriately.

  • Fixed an issue where secret keys under cn=Topology,cn=config could be lost when removing a server from the topology. When a server is removed via the dsreplication disable or remove-defunct-server tools, its secret keys will now be distributed among the remaining members of the topology. The keys from the rest of the topology will also be copied to the server being removed.

    The cipher secret keys in the topology that are affected by this change are used by reversible password storage schemes (except for AES256, which uses the encryption settings database). If you are using a reversible password storage scheme other than AES256, prior to this fix, you could lose access to keys that had been used for reversible password encryption when removing servers from the topology.

    Note:

    Since this change only applies to the most recent version of remove-defunct-server and dsreplication disable, if you are removing a server from a multi-version topology, you should run that tool from the most recent version. In the past dsreplication and remove-defunct-server could only be run from an older version, but now in the case of removing a server from the topology, they should be run from the most recent version in the topology. If you run the tool from an older server, it will not include this fix, and you might lose access to secret keys from servers that are removed from the topology.

    • Fixed in: 8.2.0.7
    • Introduced in: 7.0.0.0
    • Support identifiers: DS-44591

Resolved Issues

The following issues have been resolved with this release of the Data Metrics Server.

Ticket ID Description

DS-44591

Fixed an issue where secret keys under cn=Topology,cn=config could be lost when removing a server from the topology. When a server is removed via the dsreplication disable or remove-defunct-server tools, its secret keys will now be distributed among the remaining members of the topology. The keys from the rest of the topology will also be copied to the server being removed.

The cipher secret keys in the topology that are affected by this change are used by reversible password storage schemes (except for AES256, which uses the encryption settings database). If you are using a reversible password storage scheme other than AES256, prior to this fix, you could lose access to keys that had been used for reversible password encryption when removing servers from the topology.

Note:

Since this change only applies to the most recent version of remove-defunct-server and dsreplication disable, if you are removing a server from a multi-version topology, you should run that tool from the most recent version. In the past dsreplication and remove-defunct-server could only be run from an older version, but now in the case of removing a server from the topology, they should be run from the most recent version in the topology. If you run the tool from an older server, it will not include this fix, and you might lose access to secret keys from servers that are removed from the topology.

DS-45124

Removed -XX:RefDiscoveryPolicy=1 from the default start-server Java arguments. In rare cases, this argument was related to segmentation faults in the JVM, especially when used with the G1 garbage collector.

DS-45190

Added support for the use of JDKs obtained through BellSoft.