Version 19.500-2
In this release, we've enhanced the security and stability of the Collector with added support for security patches and bug fixes.
Security Fixes
- Upgraded collector JRE to Amazon Corretto Version 8.412.08.1.
- Upgraded
Install4j
to version 10 for macOS. - Upgraded
com.tanuki:wrapper
to version 3.5.56. - Upgraded
org.apache.commons:commons-configuration2
to version 2.11.0 to address known security vulnerabilities (CVE-2024-29133 and CVE-2024-29131). - Upgraded
org.bouncycastle:bc-fips
to version 1.2.5.0 to address known security vulnerabilities (CVE-2024-29857). - Upgraded
org.apache.commons:commons-compress
to version 1.26.1 to address known security vulnerabilities (CVE-2024-26308 and CVE-2024-25710). - Upgraded
org.bouncycastle:bctls-fips
to version 1.0.19 to address known security vulnerabilities (CVE-2024-30171). - Upgraded
org.bouncycastle:bcpkix-jdk18on
to version 1.78 to address known security vulnerabilities (CVE-2024-30172, CVE-2024-30171, and CVE-2024-29857). - Known issues when upgrading to this version:
- Collector running as non-root user. Collector running as non-root user (run as mode) cannot be upgraded through the API/Web UI. It display an error message indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Follow the steps to upgrade manually.
- Collector running on Mac. Collector running on a Mac operating system cannot be upgraded through the API/Web UI. The process will stop, and the collector will need to be restarted manually on your machine if upgraded using API or Web UI. Use the below code to manually restart.
sudo ./collector start
Bug Fix
- Fixed the collector start issue by cleaning the temporary files on Windows.
- Fixed the issue with starting the collector on Linux RHEL OS (version 8.3 and above) with OS-level FIPS mode enabled.