Product DocumentationAppearance
6.5.1 Yellowbrick Release Notes
Date: August 16, 2023
Yellowbrick Version 6.5.1 Release Notes
Yellowbrick Data Warehouse Version 6.5.1 is supported for AWS and Microsoft Azure cloud deployments. This version of Yellowbrick Data Warehouse is installed on Cloud Data Warehouse Manager (CDWM) Version 3.65. We recommend that minimum 6.5 version to use is 6.5.1.
| Cloud Provider | CDWM Version | Yellowbrick Data Warehouse Version | Kubernetes Version |
|---|---|---|---|
| AWS | 3.65.12-527.06079e02 | 6.5.1-4828.f23a29cd | EKS 1.23 |
| Azure | 3.65.12-527.06079e02 | 6.5.1-4828.f23a29cd | AKS 1.25 |
Upgrade Requirements
Read the following information before beginning an upgrade to Version 6.5.1.
- Contact Customer Support to review the process and schedule the upgrade.
- Only upgrades from Version 6.4.x to 6.5.1 are supported. These upgrades apply to both CDWM and data warehouse instances.
- Instances must be running and not suspended before being upgraded.
- Version 6.5.1 requires EKS 1.23. Please use the EKS migration tool to upgrade to version 1.23 before upgrading to Version 6.5.1.
- Azure customer must move to Yellowbrick Version 6.6 by December 2023 due to AKS constraints.
AWS Upgrades from Version 6.4.x
For each Yellowbrick upgrade:
- Version 6.5.1 requires EKS 1.23. Please use the EKS migration tool to upgrade to version 1.23 before upgrading to Version 6.5.1.Upgrade CDWM in Yellowbrick Manager.
- Upgrade your data warehouse instances in Yellowbrick Manager. Before upgrading data warehouse instances, make sure they are running. You cannot upgrade suspended instances.
- Once the upgrade process completes, check that the CDWM is reporting the correct version of
3.65.12-527.06079e02and YBD is version6.5.1-4828.f23a29cd
Azure Upgrades from Version 6.4.x
You have to upgrade from 6.4.x to 6.5.1, upgrade from prior versions are not allowed.
You can upgrade directly from 6.4.x to Version 6.5.1. Note that Version 6.5.1 requires AKS version 1.25, but this version is supplied as part of the Yellowbrick upgrade.
From az cli; run the following commands or script to push the Azure deployment scripts to target environment. Note the name of the templateSpec used in the script.
These settings must be changed for your environment including the url to the files.
- Shut down the instance before beginning the upgrade.
- Push the installer files using below script (this is needed only if the customer needs the additional CVE fixes.)
!/bin/bash
templateSpec=yb-az-install
cdwmVersion=3-65-12-527-06079e02
resourceGroup=<resource_group>
subscription=<az_subscription>
region=<region>
curl https://<container_registry_path>/3-65-12-527-06079e02/installer-scripts/formDefinition.json -o formDefinition.json;
curl https://<container_registry_path>/3-65-12-527-06079e02/installer-scripts/yb-cdw.json -o yb-cdw.json;
az ts create --name "${templateSpec}" --version "${cdwmVersion}" --resource-group "${resourceGroup}" --subscription "${subscription}" --location "${region}" --temp- From Azure portal, select the template spec used; click Deploy button and select the subscription and resource group for your environment. Enter in the exact name of the Cluster name (Kubernetes service) for your environment.
- Follow prompts for steps, ensuring fields are updated according to your environment including Azure AD tenant ID and Azure AD admin group IDs for your environment. Update allowed CIDRs for your environment. Once all the fields are verified; click Create button to start the upgrade process.
- Once the upgrade process completes, check that the CDWM is reporting the correct version of 3.65.12-527.06079e02 and YBD is version 6.5.1-4828.f23a29cd
Changes in Behavior and Compatibility
ybtools Compatibility
Yellowbrick recommends that you always upgrade ybtools to match the Yellowbrick server version you are running (for example, upgrade to ybtools Version 6.5 before connecting to a Version 6.5 database). In most cases, using an older version of ybtools, such as 5.2 or 6.4, to connect to a Version 6.4 database will work but is not recommended.
Using Version 6.5 of ybtools with an older server version (such as Version 6.4 or 5.2) may result in error messages for some commands or a mismatch between client and server features.
The Version 5.2 and 5.4 ybtools packages install two sets of backup and restore tools: legacy tools (BAR1) and current versions of the tools (BAR2). The legacy tools are deprecated and have been removed from the 6.x releases.
BAR2 and Replication Compatibility
Important: The source and target systems used for database backup and restore (BAR2) and database replication must be compatible. To support full functionality, the source and target systems should both be running a 6.4 version of Yellowbrick software.
Nonetheless, you can back up and restore a database, or replicate a database, from:
- 5.2.x to 6.4.x
- 5.4.3 or later to 6.4.x
- 6.1.x to 6.4.x
- 6.2.x to 6.4.x
- 6.3.x to 6.4.x
- 6.4.x to 6.5.x
Although you can start replication from a 5.2, 5.4, 6.1, or 6.2, 6.3 or 6.4 source to a 6.5 target, and you can fail over to the 6.5 target, you cannot fail back to the 5.2, 5.4, 6.1, 6.2, 6.3 or 6.4 source. In general, you cannot fail back to a Yellowbrick version with a catalog version that is earlier than the current catalog version.
What's New in Version 6.5.1
Version 6.5.1 provides critical bug fixes for issues reported by customers.
Issues Fixed in Version 6.5.1
The following issues are fixed in Version 6.5.1.
| Release | Issue | Description |
|---|---|---|
| 6.5.1 | 32571, 32542 | The Java-based client tools (ybload, ybunload, ybbackup, ybrestore) do not support the --auth-token connection option. Support for this option is added in this release. |
| 6.5.1 | 29045 | BAR2: Could not create temp directory for caching of metadata for use with ybbar |
| 6.5.1 | 31970 | Could not handle object store path containing spaces on YbFileInfo/Ybload |
| 6.5.1 | 32533 | Could not support JSON lookup for not null column |
| 6.5.1 | 32538 | Unable to connect using --auth-token on all java based client tools (i.e. ybload) |
| 6.5.1 | 32721 | Accomodate user specified start/end time for diagnostics |
CVE addressed in Version 6.5.1
The following CVEs were addressed Yellowbrick Version 6.5.1:
| CVE | Summary |
|---|---|
| CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers |
| CVE-2023-2975 | AES-SIV implementation ignores empty associated data entries |
| CVE-2023-3446 | Excessive time spent checking DH keys and parameters |
| CVE-2023-3817 | Excessive time spent checking DH q parameter value |
| CVE-2023-35945 | Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |
| CVE-2022-3715 | A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. |
| CVE-2022-41409 | Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. |
| CVE-2022-4899 | A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. |
| CVE-2016-1585 | In all versions of AppArmor mount rules are accidentally widened when compiled. |
| CVE-2016-2568 | pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. |
| CVE-2023-34969 | D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. |