noun_Email_707352 noun_917542_cc Map point Play Untitled Retweet Group 3 Fill 1

Findwise i3 3.11 Release Notes

Release date: July 4, 2023

Release Highlights

Named Entity Recognition available in i3 Process OOTB, mitigation of recent important vulnerabilities and foundation for new SEP service.

 

Improvements

  • [FP-362] Named Entity Recognition is available! NER is a natural language processing method that extracts information from the plain text. It detects and categorizes requested subjects, such as names, locations, companies, products, as well as themes, topics, times or monetary values. i3 gained new Process stage and Reference configuration.
    • Example text: Kendall Jenner just bought an $8.55 million house in Beverly Hills - take a look inside
      • Entities detected:
        • Location: „Beverly Hills
        • MonetaryValue: „$8.55 million
        • Person: „Kendall Jenner
  • [FP-334] Multi-arch docker images: starting from this release, i3 images are now built for ARM64 architecture, which is more cost-effective in cloud environments
  • [FP-87] Create a skeleton of new SEP: foundation for new SEP service is ready
  • [FP-675] Mitigate "json stack overflow" vulnerability that allows attackers to cause a DoS via crafted JSON or XML data, more info here
  • [FP-674] Mitigate "uncontrolled recursion in JSONArray" vulnerability that leads to a StackOverflowError exception, more info here
  • [FP-671] Mitigate "constructor deserialization remote code execution" vulnerability, more info here 
  • [FP-668] Upgrade Spring Boot to 2.7 the latest to mitigate i.e. the following vulnerabilities:

 

Bug fixes

  • [FP-729] The authentication provider token is not properly removed after sending it in the request header. It can be found in the logs, which can cause data leakage. ProfileConsumerAuthenticationFilter does not remove it properly
  • [FP-676] Document removal during the processing with (rewritten) Elasticsearch Writer returns an error
  • [FP-509] SharepointOnlineBinaryDownloader $value parameter is added as a query parameter but should be part of the path; more info here

 

Removals

  • None

 

Versions of key components

  • Elasticsearch 7.17.9
  • Apache Solr 8.11.1
  • OpenSearch 1.3.6
  • MongoDB 4.4.18
  • Neo4j 4.4.11

 

Changelog

Connect Service 2.8.0
  • Vulns for i3 v3.11: [FP-674] Mitigate "Uncontrolled Recursion in JSONArray" vulnerability - Task
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
  • Vulns for i3 v3.11: [FP-671] Mitigate "Constructor Deserialization Remote Code Execution" vulnerability - Task
  • [FP-509] SharepointOnlineBinaryDownloader $value parameter bug - Bug
  • [FP-334] GitLab CI/CD pipelines build multi-arch docker images - Task
Process Service 1.24.0
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
  • Vulns for i3 v3.11: [FP-671] Mitigate "Constructor Deserialization Remote Code Execution" vulnerability - Task
  • [FP-362] Review NER code & contribution - Task
  • [FP-676] Document removal in processing with Elasticsearch Writer returns error - Bug
  • [FP-334] GitLab CI/CD pipelines build multi-arch docker images - Task
Index Service 4.9.0
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
  • Vulns for i3 v3.11: [FP-671] Mitigate "Constructor Deserialization Remote Code Execution" vulnerability - Task
  • [FP-334] GitLab CI/CD pipelines build multi-arch docker images - Task
Search Service 2.23.0
  • Vulns for i3 v3.11: [FP-675] Mitigate "json stack overflow vulnerability" vulnerability - Task
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
  • Vulns for i3 v3.11: [FP-671] Mitigate "Constructor Deserialization Remote Code Execution" vulnerability - Task
  • [FP-334] GitLab CI/CD pipelines build multi-arch docker images - Task
  • [FP-729] Tokens in header parameters are not removed properly - Bug
Search Editor Portal 2.17.0
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
    Vulns for i3 v3.11: [FP-671] Mitigate "Constructor Deserialization Remote Code Execution" vulnerability - Task
    [FP-334] GitLab CI/CD pipelines build multi-arch docker images - Task
Reference 3.11.0
  • [FP-362] Review NER code & contribution - Task
Parent 3.11.0
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
  • Vulns for i3 v3.11: [FP-671] Mitigate "Constructor Deserialization Remote Code Execution" vulnerability - Task
Commons 1.18.0
  • Vulns for i3 v3.11: [FP-668] Upgrade Spring Boot to 2.7.latest - Task
  • [FP-362] Review NER code & contribution - Task

 

 

Questions? Please reach out to findwise.i3.dev@tietoevry.com

Share on Facebook Tweet Share on LinkedIn