Skip to content

Commit

Permalink
Update changes_history.xml for 5.4.2 and 5.4.3
Browse files Browse the repository at this point in the history
  • Loading branch information
@milamberspace @vlsi
milamberspace authored and vlsi committed Dec 25, 2021
1 parent 3236c61 commit 1977e4c
Showing 1 changed file with 218 additions and 54 deletions.
272 changes: 218 additions & 54 deletions xdocs/changes_history.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,73 +41,257 @@ Current changes are detailed in <a href="changes.html">Changes</a>.
<p><b>Changes sections are chronologically ordered from top (most recent) to bottom
(least recent)</b></p>

<!-- =================== 5.4.1 =================== -->
<!-- =================== 5.4.3 =================== -->

<h1>Version 5.4.1</h1>
<h1>Version 5.4.3</h1>
<p>
Summary
</p>
<p>This version is a fix release against the vulnerability CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.
</p>
<ul>
<li><a href="#New and Noteworthy">New and Noteworthy</a></li>
<li><a href="#Incompatible changes">Incompatible changes</a></li>
<li><a href="#Bug fixes">Bug fixes</a></li>
<li><a href="#Improvements">Improvements</a></li>
<li><a href="#Non-functional changes">Non-functional changes</a></li>
<li><a href="#Known problems and workarounds">Known problems and workarounds</a></li>
<li><a href="#Thanks">Thanks</a></li>

</ul>

<ch_section>New and Noteworthy</ch_section>
<!--
<ch_title>Core improvements</ch_title>
<ch_title>Test Plan</ch_title>
<ch_title>Scripting / Debugging enhancements</ch_title>
<ch_title>Functions</ch_title>
-->
<ch_title>UX improvements</ch_title>

<!-- =================== Incompatible changes =================== -->

<ch_section>Incompatible changes</ch_section>
<ch_section>Non-functional changes</ch_section>
<ul>
<li>Restart after LAF change has been reinstated, it had been removed in JMeter 5.3</li>
<li>Updated Apache log4j2 to 2.17.0 (from 2.16.0).</li>
</ul>
<!-- =================== Improvements =================== -->

<ch_section>Improvements</ch_section>
<!-- =================== Known bugs or issues related to JAVA Bugs =================== -->

<h3>HTTP Samplers and Test Script Recorder</h3>
<ch_section>Known problems and workarounds</ch_section>
<ul>
</ul>
<li>The Once Only controller behaves correctly under a Thread Group or Loop Controller,
but otherwise its behaviour is not consistent (or clearly specified).</li>

<h3>Other samplers</h3>
<ul>
</ul>
<li>
The numbers that appear to the left of the green box are the number of active threads / total number of threads,
the total number of threads only applies to a locally run test, otherwise it will show <code>0</code> (see <bugzilla>55510</bugzilla>).
</li>

<li>
Note that under some windows systems you may have this WARNING:
<source>
java.util.prefs.WindowsPreferences
WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0
x80000002. Windows RegCreateKeyEx(&hellip;) returned error code 5.
</source>
The fix is to run JMeter as Administrator, it will create the registry key for you, then you can restart JMeter as a normal user and you won't have the warning anymore.
</li>

<li>
You may encounter the following error:
<source>java.security.cert.CertificateException: Certificates does not conform to algorithm constraints</source>
if you run a HTTPS request on a web site with a SSL certificate (itself or one of SSL certificates in its chain of trust) with a signature
algorithm using MD2 (like <code>md2WithRSAEncryption</code>) or with a SSL certificate with a size lower than 1024 bits.
This error is related to increased security in Java 8+.
<br></br>
To allow you to perform your HTTPS request, you can downgrade the security of your Java installation by editing
the Java <code>jdk.certpath.disabledAlgorithms</code> property. Remove the MD2 value or the constraint on size, depending on your case.
<br></br>
This property is in this file:
<source>JAVA_HOME/jre/lib/security/java.security</source>
See <bugzilla>56357</bugzilla> for details.
</li>

<li>
Under Mac OSX Aggregate Graph will show wrong values due to mirroring effect on numbers.
This is due to a known Java bug, see Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8065373" >JDK-8065373</a>
The fix is to use JDK8_u45 or later.
</li>

<li>
View Results Tree may fail to display some HTML code under HTML renderer, see <bugzilla>54586</bugzilla>.
This is due to a known Java bug which fails to parse "<code>px</code>" units in row/col attributes.
See Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8031109" >JDK-8031109</a>
The fix is to use JDK9 b65 or later.
</li>

<li>
JTable selection with keyboard (<keycombo><keysym>SHIFT</keysym><keysym>up/down</keysym></keycombo>) is totally unusable with Java 7 on Mac OSX.
This is due to a known Java bug <a href="https://bugs.openjdk.java.net/browse/JDK-8025126" >JDK-8025126</a>
The fix is to use JDK 8 b132 or later.
</li>

<li>
Since Java 11 the JavaScript implementation <a href="https://openjdk.java.net/jeps/335">Nashorn has been deprecated</a>.
Java will emit the following deprecation warnings, if you are using JavaScript based on Nashorn.
<source>
Warning: Nashorn engine is planned to be removed from a future JDK release
</source>
To silence these warnings, add <code>-Dnashorn.args=--no-deprecation-warning</code> to your Java arguments.
That can be achieved by setting the enviroment variable <code>JVM_ARGS</code>
<source>
export JVM_ARGS="-Dnashorn.args=--no-deprecation-warning"
</source>
</li>

<li>
With Java 15 the JavaScript implementation <a href="https://openjdk.java.net/jeps/372">Nashorn has been removed</a>. To add back a JSR-223 compatible JavaScript engine you have two options:
<dl>
<dt>Use Mozilla Rhino</dt>
<dd>Copy <a href="https://github.com/mozilla/rhino/releases/download/Rhino1_7_13_Release/rhino-engine-1.7.13.jar">rhino-engine-1.7.13.jar</a> into <code>$JMETER_HOME/lib/ext</code>.</dd>
<dt>Use OpenJDK Nashorn</dt>
<dd>
The OpenJDK Nashorn implementation comes as a module. To use it, you will have to download it and add it to the module path. A hacky way to download the version 15.0 and its dependencies and set the module path is outlined below:
<source>
mkdir lib/modules
pushd lib/modules
wget https://repo1.maven.org/maven2/org/openjdk/nashorn/nashorn-core/15.0/nashorn-core-15.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm/9.0/asm-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-commons/9.0/asm-commons-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-util/9.0/asm-util-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-tree/9.0/asm-tree-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-analysis/9.0/asm-analysis-9.0.jar
popd
export JVM_ARGS="--modulepath $PWD/lib/modules"
./bin/jmeter
</source>
</dd>
</dl>
</li>

<h3>Controllers</h3>
<ul>
</ul>

<h3>Listeners</h3>
<!-- =================== 5.4.2 =================== -->

<h1>Version 5.4.2</h1>
<p>
Summary
</p>
<p>This version is a fix release against the vulnerability CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.
</p>
<ul>
<li><a href="#Non-functional changes">Non-functional changes</a></li>
<li><a href="#Known problems and workarounds">Known problems and workarounds</a></li>

</ul>

<h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
<ch_section>Non-functional changes</ch_section>
<ul>
<li>Updated Apache log4j2 to 2.16.0 (from 2.13.3).</li>
</ul>

<h3>Functions</h3>
<!-- =================== Known bugs or issues related to JAVA Bugs =================== -->

<ch_section>Known problems and workarounds</ch_section>
<ul>
<li>The Once Only controller behaves correctly under a Thread Group or Loop Controller,
but otherwise its behaviour is not consistent (or clearly specified).</li>

<li>
The numbers that appear to the left of the green box are the number of active threads / total number of threads,
the total number of threads only applies to a locally run test, otherwise it will show <code>0</code> (see <bugzilla>55510</bugzilla>).
</li>

<li>
Note that under some windows systems you may have this WARNING:
<source>
java.util.prefs.WindowsPreferences
WARNING: Could not open/create prefs root node Software\JavaSoft\Prefs at root 0
x80000002. Windows RegCreateKeyEx(&hellip;) returned error code 5.
</source>
The fix is to run JMeter as Administrator, it will create the registry key for you, then you can restart JMeter as a normal user and you won't have the warning anymore.
</li>

<li>
You may encounter the following error:
<source>java.security.cert.CertificateException: Certificates does not conform to algorithm constraints</source>
if you run a HTTPS request on a web site with a SSL certificate (itself or one of SSL certificates in its chain of trust) with a signature
algorithm using MD2 (like <code>md2WithRSAEncryption</code>) or with a SSL certificate with a size lower than 1024 bits.
This error is related to increased security in Java 8+.
<br></br>
To allow you to perform your HTTPS request, you can downgrade the security of your Java installation by editing
the Java <code>jdk.certpath.disabledAlgorithms</code> property. Remove the MD2 value or the constraint on size, depending on your case.
<br></br>
This property is in this file:
<source>JAVA_HOME/jre/lib/security/java.security</source>
See <bugzilla>56357</bugzilla> for details.
</li>

<li>
Under Mac OSX Aggregate Graph will show wrong values due to mirroring effect on numbers.
This is due to a known Java bug, see Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8065373" >JDK-8065373</a>
The fix is to use JDK8_u45 or later.
</li>

<li>
View Results Tree may fail to display some HTML code under HTML renderer, see <bugzilla>54586</bugzilla>.
This is due to a known Java bug which fails to parse "<code>px</code>" units in row/col attributes.
See Bug <a href="https://bugs.openjdk.java.net/browse/JDK-8031109" >JDK-8031109</a>
The fix is to use JDK9 b65 or later.
</li>

<li>
JTable selection with keyboard (<keycombo><keysym>SHIFT</keysym><keysym>up/down</keysym></keycombo>) is totally unusable with Java 7 on Mac OSX.
This is due to a known Java bug <a href="https://bugs.openjdk.java.net/browse/JDK-8025126" >JDK-8025126</a>
The fix is to use JDK 8 b132 or later.
</li>

<li>
Since Java 11 the JavaScript implementation <a href="https://openjdk.java.net/jeps/335">Nashorn has been deprecated</a>.
Java will emit the following deprecation warnings, if you are using JavaScript based on Nashorn.
<source>
Warning: Nashorn engine is planned to be removed from a future JDK release
</source>
To silence these warnings, add <code>-Dnashorn.args=--no-deprecation-warning</code> to your Java arguments.
That can be achieved by setting the enviroment variable <code>JVM_ARGS</code>
<source>
export JVM_ARGS="-Dnashorn.args=--no-deprecation-warning"
</source>
</li>

<li>
With Java 15 the JavaScript implementation <a href="https://openjdk.java.net/jeps/372">Nashorn has been removed</a>. To add back a JSR-223 compatible JavaScript engine you have two options:
<dl>
<dt>Use Mozilla Rhino</dt>
<dd>Copy <a href="https://github.com/mozilla/rhino/releases/download/Rhino1_7_13_Release/rhino-engine-1.7.13.jar">rhino-engine-1.7.13.jar</a> into <code>$JMETER_HOME/lib/ext</code>.</dd>
<dt>Use OpenJDK Nashorn</dt>
<dd>
The OpenJDK Nashorn implementation comes as a module. To use it, you will have to download it and add it to the module path. A hacky way to download the version 15.0 and its dependencies and set the module path is outlined below:
<source>
mkdir lib/modules
pushd lib/modules
wget https://repo1.maven.org/maven2/org/openjdk/nashorn/nashorn-core/15.0/nashorn-core-15.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm/9.0/asm-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-commons/9.0/asm-commons-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-util/9.0/asm-util-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-tree/9.0/asm-tree-9.0.jar
wget https://repo1.maven.org/maven2/org/ow2/asm/asm-analysis/9.0/asm-analysis-9.0.jar
popd
export JVM_ARGS="--modulepath $PWD/lib/modules"
./bin/jmeter
</source>
</dd>
</dl>
</li>

</ul>

<h3>I18N</h3>
<!-- =================== 5.4.1 =================== -->

<h1>Version 5.4.1</h1>
<p>
Summary
</p>
<ul>
<li><a href="#Incompatible changes">Incompatible changes</a></li>
<li><a href="#Non-functional changes">Non-functional changes</a></li>
<li><a href="#Known problems and workarounds">Known problems and workarounds</a></li>
<li><a href="#Thanks">Thanks</a></li>

</ul>

<h3>Report / Dashboard</h3>
<ch_section>Incompatible changes</ch_section>
<ul>
<li>Restart after LAF change has been reinstated, it had been removed in JMeter 5.3</li>
</ul>
<!-- =================== Improvements =================== -->

<ch_section>Improvements</ch_section>

<h3>General</h3>
<ul>
Expand Down Expand Up @@ -153,32 +337,12 @@ Summary
the case of waiting for an EOM.</li>
</ul>

<h3>Controllers</h3>
<ul>
</ul>

<h3>Listeners</h3>
<ul>
<li><bug>64821</bug>When importing XML formatted jtl files, sub samplers will get renamed</li>
<li><bug>65052</bug>XPath2 Tester and JSON JMESPath Tester are missing in <code>view.results.tree.renderers_order</code> property</li>
</ul>

<h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
<ul>
</ul>

<h3>Functions</h3>
<ul>
</ul>

<h3>I18N</h3>
<ul>
</ul>

<h3>Report / Dashboard</h3>
<ul>
</ul>

<h3>Documentation</h3>
<ul>
<li><bug>64960</bug>Change scheduler reference in Thread Group documentation. Contributed by Ori Marko</li>
Expand Down

0 comments on commit 1977e4c

Please sign in to comment.