DSE 6.8.2 release notes

DataStax Enterprise 6.8.x release notes are now hosted here: DSE 6.8.4 and later release notes

31 July 2020

6.8.2 DSE database

6.8.2 DSE security

6.8.2 DSE Analytics

6.8.2 DSE Search

6.8.2 DSEFS

6.8.2 DataStax Graph

6.8.2 DataStax Studio

6.8.2 Components

All components from DSE 6.8.2 are listed. Components updated since DSE 6.8.1 (if any) are indicated with an asterisk (*).

  • Apache Solr™ 6.0.1.4.2769

  • Apache Spark™ 2.4.0.16

  • Apache TinkerPop™ 3.4.5 with additional production-certified changes

  • Apache Tomcat® 8.0.53

  • DSE Java Driver 1.10.0-dse+20200217

  • Netty 4.1.25.7.dse

  • Spark JobServer 0.8.0.49

DSE 6.8.2 is compatible with Apache Cassandra 3.11 and adds additional production-certified changes, if any.

Along with Cassandra 3.11.6, DSE 6.8.2 is supported by DataStax Kubernetes Operator for Apache Cassandra.

Experimental features

DataStax Labs provides the Apache Cassandra and DataStax communities with non-supported previews of potential production software enhancements, tools, aids, and partner software designed to increase productivity. See DataStax Labs and DSE OpsCenter Labs features.

DSE 6.8.2 Highlights

DSE database

  • New systemd units for package installs on RHEL and other compatible operating systems. See RedHat systemd configuration.

  • New nodetool import command that lets you import SSTables from one or more directories. See nodetool import.

  • Several new settings in cassandra.yaml. See 6.8.2 DSE database changes and enhancements below.

  • Storage-Attached Indexing (SAI), a beta feature, adds supports for defining an index based on an individual column that is part of the table’s composite partition key. You can define separate, additional SAI indexes on other individual columns in the same table’s composite partition key. SAI 6.8.x continues to support defining multiple SAI indexes on any non-partition key column in the same table. See Examine SAI column index and query rules.

DSE security

Enhanced LDAP settings to properly handle nested groups so that LDAP enumerates all ancestors of a user’s distinguishedName. Inherited groups retrieval with directory_search and members_search types. Fixed fetching parent groups of a role that’s mapped to an LDAP group. See the security section of this topic.

6.8.2 DSE database

Changes and enhancements:

  • New systemd units for package installs on RHEL and other compatible operating systems. See RedHat systemd configuration. (DSP-7603)

  • New nodetool import command that lets you import SSTables from one or more directories. See nodetool import. (DB-3253)

  • New disk-usage guardrail, disk_usage_max_disk_size_in_gb, added in cassandra.yaml. See disk_usage_max_disk_size_in_gb. (DB-4380)

  • New snapshot_before_dropping_column configuration option added in cassandra.yaml. See snapshot_before_dropping_column.(DB-2690)

  • Increased the default direct_reads_size_in_mb value in cassandra.yaml. See direct_reads_size_in_mb. (DB-4348)

  • New entries to jvm.options to assist with capturing thread dumps. (DSP-20778)

  • If encryption is set on an SSTable, the SAI indexes are encrypted as well. Specifically the entire trie string terms dictionary is encrypted. Also, the user-readable sections of the kdtree are encrypted. See About SAI encryption. (DSP-16939)

  • Storage-Attached Indexing (SAI) adds support for queries using SAI indexes based on INET columns (IPv4 and IPv6). The queries may use EQ, GT, LT, GE, and LE operators. (DSP-17734)

  • Storage-Attached Indexing (SAI), a beta feature, adds supports for defining an index based on an individual column that is part of the table’s composite partition key. You can define separate, additional SAI indexes on other individual columns in the same table’s composite partition key. SAI 6.8.x continues to support defining multiple SAI indexes on any non-partition key column in the same table. See Examine SAI column index and query rules. (DSP-20634)

  • PKCS11 keystore is supported in Advanced workloads. See keystore_type. (DSP-20094)

  • Python 2.7.x and 3.6+ are supported for cqlsh. (DB-4151)

  • When working on encrypted SSTables, Cassandra tools such as sstabledump or sstablesplit need to create a remote connection in ReplicatedKeyProvider to a Cassandra node in order to be able to decrypt the sstables. (The sstableloader tool is not affected.) However, if security is enabled on the cluster, the tools won’t be able to decrypt the sstables because they have no way of specifying security parameters for the cluster connection. (DSP-12666)

  • LDAP servers can now handle multiple, comma separated addresses, with or without a port. If the port is not provided, the ldap_options.server_port parameter is used by default. See LDAP options. (DSP-13086)

Resolved issues:

  • Recording a slow CQL query to the log will no longer block the thread. (DSP-20894)

  • Fixed an issue where after a node replacement procedure, the bootstrap indexing in DSE Search was happening only on one TPC core. (DB-4049)

  • Fixed an issue to prevent an unbounded number of flushing tasks for memtables that are almost empty. (DB-4376)

  • Fixed an issue that caused nodes to crash after an upgrade from DSE 5.1 to 6.7.7. (DB-4379)

  • Fixed the problem with unrepairable digest mismatch between nodes running DSE 5.0.x and DSE 5.1+ (during upgrade) where the query includes a subset of columns. (DB-4399)

  • Fix an issue that was causing excessive contention during encryption/decryption operations. The fix resulted in an encryption/decryption performance improvement. (DB-4419)

  • Fixed an issue where during a large test run that reached a density of about 9TB/node, several instances of a TPC WouldBlockException messages, related to NodeSync, appeared in the logs of multiple nodes. (DB-4456)

  • Fixed a problem with the treatment of zeroes in the type decimal that could cause assertion errors, or not being able to find some rows if their key is 0 written using different precisions, or both. (DB-4472)

  • Fixed the NullPointerException issue described in CASSANDRA-14200: NPE when dumping sstable with null value for timestamp column. (DB-4512)

  • An issue that occurred while attempting to create an SSTable index (SASI) in 6.8.0 has been fixed. Previously, attempts to create a SASI index resulted in a NoSuchMethod error. (DSP-20720)

  • Fixed an issue where the bloom filter false-positive rate calculation did not properly take into account true negatives, such as cases where read operations were attempted on non-existing rows. (DB-3246)

Known issues:

  • None.

6.8.2 DSE security

Changes and enhancements:

  • Enhanced LDAP settings to properly handle nested groups so that LDAP enumerates all ancestors of a user’s distinguishedName. (DSP-20107)

    • Implemented inherited groups retrieval with both directory_search and memberof_search types. Before the change, even though inherited groups were requested, our LDAP feature did not take it into account at all. Users will see the difference immediately; no change in configuration is required (given the LDAP configuration is correct).

    • Fixed fetching parent groups of a role which is mapped to an LDAP group. Previously when DSE needed to ascertain the roles that the particular role belonged to, DSE could get the roles only if the role of interest represented an LDAP user. When it represented an LDAP group, DSE sometimes received an empty set; in some cases, it worked by coincidence. To make this feature work, update its group search configuration. Refer to the group_search_filter description in dse.yaml.

    • Added new options that allow you to configure optimized retrieval of parent groups including inherited ones in a single round-trip, when LDAP server supports such queries. In dse.yaml, see all_groups_xxx under ldap_options.

  • Two new LDAP options in dse.yaml (DSP-12612)

  • While there is no change in default behavior, there is a new render_cql_literals option in dse.yaml under audit logging section, which is false by default. When enabled, bound variables for logged statements will be rendered as CQL literals, which means there will be additional quotation marks and escaping, as well as values of all complex types (collections, tuples, UDTs) will be in human readable format. (DSP-17032)

  • When DSE tries one authentication scheme and finds that the password is invalid, DSE now tries another scheme, but only if the user has a scheme permission for that other scheme. Example scenarios:

    if user has permission to authenticate with scheme A, try scheme A
   if authenticated with A, success, exit
if user has permission to authenticate with scheme B, try scheme B
   if authenticated with B, success, exit
otherwise
   fail, exit

    In summary, DSE controls which schemes should be tried by applying scheme permissions. Also, DSE will not try to use the scheme for which the user has no permission. (DSP-20903)

  • Raised the upper bound limit on DSE LDAP caches. See ldap_options.credentials_validity_in_ms and ldap_options.search_validity_in_seconds. (DSP-21072)

  • Provided information about how to get tools — such as sstabledump, sstablerepairedset, and sstableloader — working with SSTables that are encrypted with Transparent Data Encryption. See Using tools with TDE-encrypted SSTables. (DSP-20940)

Resolved security issues:

  • CVE security issues:

    • Fixed CVE-2019-20444 issue in which HttpObjectDecoder.java in Netty, before 4.1.44, allowed an HTTP header that lacked a colon. (DB-4068)

    • Addressed the Jackson databind vulnerability (CVE-2020-8840) by upgrading jackson-databind to 2.9.10.4. (DSP-20981)

  • Fixed some security vulnerabilities for Solr HTTP REST API when authorization is enabled. Now, users with no appropriate permissions can perform search operations. Resources can be deleted when authorization is enabled, given the correct permissions. (DSP-20749)

  • Fixed an issue where the audit logging did not capture search queries. (DSP-21058)

  • Fixed an error condition when DSE failed to get the LDAP roles while refreshing a database schema. (DSP-21075)

6.8.2 DSE Analytics

Changes and enhancements:

PKCS11 keystore is supported in Advanced workloads. See keystore_type. (DSP-20094)

6.8.2 DSEFS

Changes and enhancements:

  • In DSEFS, fsck (file system consistency check) throttling is possible via p or -parallelism arguments. In the following example, the command performs fsck by repairing up to 8 files at a time:

    dse fs fsck -p 8

    This feature provides is a way to minimize fsck impact on overloaded clusters. The LocationService relies on Cassandra gossip. As a result of this change, connection/request timeouts no longer mark locations as unavailable. See the fsck reference topic. (DSP-20773)

Resolved DSEFS issues:

  • Backported the fix from DSP-15762: optimize remove recursive implementation - to lower the tombstone impact on Spark jobs. (DSP-20750)

  • Fixed excessive number of connections. (DSP-21021)

[[#682search]] === 6.8.2 DSE Search

Changes and enhancements:

  • PKCS11 keystore is supported in Advanced workloads. See keystore_type. (DSP-20094)

  • Reduced the encrypted search core loading/reloading time. (DSP-20692)

Resolved Search issues:

  • Fixed some security vulnerabilities for Solr HTTP REST API when authorization is enabled. Now, users with no appropriate permissions can perform search operations. Resources can be deleted when authorization is enabled, given the correct permissions. (DSP-20749)

  • Fixed an issue where a decryption block cache occasionally was not operational (SOLR-14498) (DSP-20987)

  • Fixed an issue where the audit logging did not capture search queries. (DSP-21058)

  • Fixed an issue where, after an LCM upgrade, the Solr http API was broken either through curl or the Solr UI. (DSP-21115)

  • Fixed an issue where after a node replacement procedure, the bootstrap indexing in DSE Search was happening only on one TPC core. (DB-4049)

6.8.2 DataStax Graph

Changes and enhancements:

PKCS11 keystore is supported in Advanced workloads. See keystore_type. (DSP-20094)

Resolved Graph issues:

Fixed an issue where DataStax Graph failed to complete a search query based on timestamp. (DSP-21117)

DataStax Studio

DataStax Bulk Loader

Cassandra changes for DSE 6.8.2

DataStax Enterprise 6.8.2 is compatible with Apache Cassandra™ 3.11 and includes all production-certified enhancements from previous versions.

General upgrade advice for DSE 6.8.2

General upgrade advice for DataStax Enterprise 6.8.0

DataStax Enterprise 6.8.2 is compatible with Apache Cassandra® 3.11. All upgrade advice from previous versions applies. Carefully reviewing the DataStax Enterprise upgrade planning and upgrade instructions can ensure a smooth upgrade and avoid pitfalls and frustrations.

DataStax Enterprise 6.8.2 is compatible with Apache Cassandra 3.11 and adds Cassandra changes for DSE 6.8.2.

For additional advice about upgrading between versions of Apache Cassandra, see General upgrade advice for DSE 6.8.1.

TinkerPop changes for DSE 6.8.2

DataStax Enterprise (DSE) 6.8.2 includes all changes from previous DSE versions. See TinkerPop upgrade documentation for all changes.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com