| <html lang="en"> |
| <title>Release Notes for Apache Derby 10.12.0.0</title> |
| <body> |
| <h1> |
| <a name="Release Notes for Apache Derby 10.12.0.0"></a>Release Notes for Apache Derby 10.12.0.0</h1> |
| <div> |
| <p>These notes describe the difference between Apache Derby release 10.12.0.0 and the preceding release 10.11.1.1.</p> |
| </div> |
| <ul> |
| <li> |
| <a href="#Overview">Overview</a> |
| </li> |
| <li> |
| <a href="#New Features">New Features</a> |
| </li> |
| <li> |
| <a href="#Bug Fixes">Bug Fixes</a> |
| </li> |
| <li> |
| <a href="#Issues">Issues</a> |
| </li> |
| <li> |
| <a href="#Build Environment">Build Environment</a> |
| </li> |
| <li> |
| <a href="#Verifying Releases">Verifying Releases</a> |
| </li> |
| </ul> |
| <h2> |
| <a name="Overview"></a>Overview</h2> |
| <div> |
| |
| |
| <p> |
| The most up to date information about Derby releases can be found on the |
| <a href="http://db.apache.org/derby/derby_downloads.html">Derby download page</a>. |
| </p> |
| |
| |
| <p> |
| Apache Derby is a pure Java relational database engine using standard SQL and |
| JDBC as its APIs. More information about Derby can be found on the |
| <a href="http://db.apache.org/derby/">Apache web site</a>. |
| Derby functionality includes: |
| </p> |
| |
| |
| <ul> |
| |
| <li>Embedded engine with JDBC drivers</li> |
| |
| <li>Network Server</li> |
| |
| <li>Network client JDBC drivers</li> |
| |
| <li>Command line tools: ij (SQL scripting), dblook (schema dump) and sysinfo (system info)</li> |
| |
| </ul> |
| |
| |
| <p> |
| Support for Java SE 6 and Java SE 7 is being sunsetted. The 10.13 release family will not support those platforms. The 10.12 release family supports the following Java and JDBC versions: |
| </p> |
| |
| <ul> |
| |
| <li>Java SE 6 and higher with JDBC 4.0, 4.1, and 4.2.</li> |
| |
| <li>Java SE 8 compact profile 2.</li> |
| |
| </ul> |
| |
| </div> |
| <h2> |
| <a name="New Features"></a>New Features</h2> |
| <div> |
| |
| |
| <p> |
| This is a feature release. The following new features were added: |
| </p> |
| |
| |
| <ul> |
| |
| |
| <li> |
| <b>ALTER TABLE and identity columns</b> - The ALTER TABLE command can be used to add identity columns now. See the section on this statement in the Derby Reference Manual.</li> |
| |
| |
| <li> |
| <b>Cache-monitoring MBean</b> - An MBean has been added for monitoring internal Derby caches. See the description of <i>CacheManagerMBean</i> in the "Introduction to the Derby MBeans" section of the Derby Server and Administration Guide.</li> |
| |
| |
| <li> |
| <b>Optional Tool for Handling JSON Data</b> - An optional tool has been added for packing query results into JSON documents and for unpacking JSON documents into tabular result sets. See the section on the <i>simpleJson</i> optional tool in the Derby Tools and Utilities Guide.</li> |
| |
| |
| <li> |
| <b>Statistics aggregates</b> - SQL Standard VAR_POP(), VAR_SAMP(), STDDEV_POP(), and STDDEV_SAMP() aggregates have been added. See the "Aggregates (set functions)" section in the Derby Reference Manual.</li> |
| |
| |
| </ul> |
| |
| |
| </div> |
| <h2> |
| <a name="Bug Fixes"></a>Bug Fixes</h2> |
| <div> |
| <p>The following issues are addressed by Derby release 10.12.0.0. These issues are not addressed in the preceding 10.11.1.1 release.</p> |
| <table border="2"> |
| <tr> |
| <th> |
| <div style="width:110px;">Issue Id</div> |
| </th><th>Description</th> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6829">DERBY-6829</a></td><td>Document the simpleJson optional tool and the SimpleJsonVTI.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6825">DERBY-6825</a></td><td>Add basic JSON support to Derby.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6824">DERBY-6824</a></td><td>Move ShutdownException into shared code area</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6820">DERBY-6820</a></td><td>Improve error handling in XmlVTI</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6807">DERBY-6807</a></td><td>XXE attack possible by using XmlVTI and the XML datatype</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6801">DERBY-6801</a></td><td>Implement MessageUtils class so client and server can share message argument encoding/decoding</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6800">DERBY-6800</a></td><td>Implement DerbySQLIntegrityConstraintViolationException class</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6783">DERBY-6783</a></td><td>WHEN clause in CREATE TRIGGER for UPDATE is not working for the sql script below</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6774">DERBY-6774</a></td><td>background post commit threads cause ASSERTS/errors on interaction with alter table add column</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6769">DERBY-6769</a></td><td>sane.derbyTesting.jar.lastcontents can be "out of date" but no build error results</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6768">DERBY-6768</a></td><td>List the enabled protocols in derby.log for network server configuration</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6753">DERBY-6753</a></td><td>Docs for IDENTITY_VAL_LOCAL needs to be updated to indicate that the return value will be impacted by single row UPDATE of identity column</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6751">DERBY-6751</a></td><td>Prevent user code from getting the LanguageConnectionContext from an EmbedConnection</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6748">DERBY-6748</a></td><td>Localize messages introduced or changed in 10.11.1</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6744">DERBY-6744</a></td><td>Update the documentation of security policy files to include the new usederbyinternals SystemPermission</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6742">DERBY-6742</a></td><td>For update statement, collect generated keys if Statement.RETURN_GENERATED_KEYS flag is supplied to the JDBC call.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6741">DERBY-6741</a></td><td>User code can get the ContextManager from an EmbedConnection</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6737">DERBY-6737</a></td><td>CLOB retrieve exceptions after moving cursor around</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6733">DERBY-6733</a></td><td>Implement an MBean for monitoring caches</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6730">DERBY-6730</a></td><td>Cannot create a Lucene index if a key column's name is case-sensitive</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6724">DERBY-6724</a></td><td>NPE if insert statement needs recompilation after having fired a trigger</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6722">DERBY-6722</a></td><td>GenericStatementContext.cleanupOnError() needs protection from later errors during statement cleanup</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6720">DERBY-6720</a></td><td>Add derbyoptionaltools.jar to the maven artifacts we publish</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6719">DERBY-6719</a></td><td>Add derbyoptionaltools.jar to the class paths of the scripts in the bin directory</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6717">DERBY-6717</a></td><td>Policies with multiple SystemPermissions are not handled well</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6714">DERBY-6714</a></td><td>RuntimeInfoTest failed with insufficient data from server</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6705">DERBY-6705</a></td><td>Triggers should not allow MERGE statements that reference temporary tables</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6703">DERBY-6703</a></td><td>MERGE statement fails with NullPointerException if ON clause references non-existent column</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6662">DERBY-6662</a></td><td>DatabaseMetaData.usesLocalFiles() returns true for in-memory databases</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6654">DERBY-6654</a></td><td>Require that generated code live in the org.apache.derby.exe package.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6648">DERBY-6648</a></td><td>Application code should not be able to call ContextService.getContextOrNull()</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6636">DERBY-6636</a></td><td>The public api of BaseDataFileFactory may allow blackhats to assume elevated privileges.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6635">DERBY-6635</a></td><td>OptimizerTracer.unloadTool() could be used to write garbage over Derby data files.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6632">DERBY-6632</a></td><td>Applications may be able to use StorageFactoryService to delete Derby databases and overwrite service.properties.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6631">DERBY-6631</a></td><td>FileMonitor can be used to elevate an application's privileges</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6630">DERBY-6630</a></td><td>Applications can use JCECipherFactory to elevate their privileges to those granted to Derby</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6619">DERBY-6619</a></td><td>After silently swallowing SecurityExceptions, Derby can leak class loaders</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6617">DERBY-6617</a></td><td>Silently swallowed SecurityExceptions may disable Derby features, including security features.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6592">DERBY-6592</a></td><td>Update the version of ant which we tell new developers to use.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6569">DERBY-6569</a></td><td>NULLIF may return incorrect results if first operand calls non-deterministic function</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6475">DERBY-6475</a></td><td>Update documentation for SYSTRIGGERS after DERBY-5866 changes</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-6414">DERBY-6414</a></td><td>Incorrect handling when using an UPDATE to SET an identity column to DEFAULT</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-5466">DERBY-5466</a></td><td>Add support for SQL Standard statistics functions, such as STDDEV_POP, STDDEV_SAMP, VAR_POP, VAR_SAMP</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-5165">DERBY-5165</a></td><td>Prepared XA transaction locks are not kept across DB restart</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-4057">DERBY-4057</a></td><td>Space is not reclaimed if transaction is rolled back</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-3888">DERBY-3888</a></td><td>ALTER TABLE ... ADD COLUMN cannot add identity columns</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-3195">DERBY-3195</a></td><td>Describe if default security manager & policy is installed or not on each of the mechanisms to start the network server.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-3005">DERBY-3005</a></td><td>Document possibility to specify method signature in EXTERNAL NAME when creating a procedure/function</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-2238">DERBY-2238</a></td><td>Example of ScalarSubquery in Derby Reference Manual is not ScalarSubquery</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-2051">DERBY-2051</a></td><td>CachedItem's comments and code are inconsistent wrt. syncronization</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-691">DERBY-691</a></td><td>committed deleted row space reclamation may be missed if delete is actually an aborted insert.</td> |
| </tr> |
| <tr> |
| <td><a href="https://issues.apache.org/jira/browse/DERBY-600">DERBY-600</a></td><td>Document that DB is booted in read-only mode if not able to create db.lck file</td> |
| </tr> |
| </table> |
| </div> |
| <h2> |
| <a name="Issues"></a>Issues</h2> |
| <div> |
| <p>Compared with the previous release (10.11.1.1), Derby release 10.12.0.0 introduces the following new features and incompatibilities. These merit your special attention.</p> |
| <ul> |
| <li> |
| <a href="#Note for DERBY-6807"><span>Note for DERBY-6807: |
| XML parsing is now performed more securely. |
| </span></a> |
| </li> |
| <li> |
| <a href="#Note for DERBY-6648"><span>Note for DERBY-6648: |
| Security policy files must grant a new permission to derby.jar, |
| derbynet.jar, and derbyoptionaltools.jar. |
| </span></a> |
| </li> |
| <li> |
| <a href="#Note for DERBY-6414"><span>Note for DERBY-6414: |
| UPDATE statements now accept DEFAULT as a valid value for identity columns. |
| </span></a> |
| </li> |
| </ul> |
| <hr> |
| <h3> |
| <a name="Note for DERBY-6807"></a>Note for DERBY-6807</h3> |
| <div> |
| |
| |
| <h4>Summary of Change</h4> |
| |
| <p> |
| XML parsing is now performed more securely. |
| </p> |
| |
| |
| |
| <h4>Symptoms Seen by Applications Affected by Change</h4> |
| |
| <p> |
| If no Java Security Manager was in place, Derby applications were vulnerable |
| to XML External Entity Expansion attacks (XXE attacks). Such attacks could |
| result in disclosure of sensitive information that the application's user |
| should not have been allowed to view. |
| </p> |
| |
| <p> |
| If a Derby application used the XmlVTI to parse XML documents, that application |
| was also vulnerable if not protected by a Security Manager policy. |
| </p> |
| |
| |
| |
| <h4>Incompatibilities with Previous Release</h4> |
| |
| <p> |
| Applications which depended on the ability to have Derby's XML parser expand |
| external entities may now be unable to use that functionality unless they |
| correctly deploy a Java Security Manager policy authorizing the filesystem |
| access performed by the entity expansion. |
| </p> |
| |
| |
| |
| <h4>Rationale for Change</h4> |
| |
| <p> |
| This change was made to prevent any unauthorized information disclosure by |
| the XML parser. |
| </p> |
| |
| |
| <h4>Application Changes Required</h4> |
| |
| <p> |
| For detailed information on configuring Derby with a Java Security Manager |
| policy, please see <a href="http://db.apache.org/derby/docs/10.11/security/"> |
| the Derby Security Guide</a>. |
| </p> |
| |
| |
| |
| </div> |
| <hr> |
| <h3> |
| <a name="Note for DERBY-6648"></a>Note for DERBY-6648</h3> |
| <div> |
| |
| |
| <h4>Summary of Change</h4> |
| |
| <p> |
| Security policy files must grant a new permission to derby.jar, |
| derbynet.jar, and derbyoptionaltools.jar. |
| </p> |
| |
| |
| |
| <h4>Symptoms Seen by Applications Affected by Change</h4> |
| |
| <p> |
| Unless this new permission is granted, databases won't boot, the |
| network server won't come up, and the Lucene plugin won't be usable. |
| If Derby runs under a SecurityManager whose policy file doesn't include |
| this new permission, then users will see the following error when booting |
| databases and servers and when using the Lucene plugin: |
| </p> |
| |
| |
| <pre> |
| java.security.AccessControlException: access denied org.apache.derby.security.SystemPermission( "engine", "usederbyinternals" ) |
| </pre> |
| |
| |
| |
| <h4>Incompatibilities with Previous Release</h4> |
| |
| <p> |
| When Derby is run under a Security Manager, databases and servers |
| won't boot and the Lucene plugin won't be usable unless a new permission is added to the |
| security policy. |
| </p> |
| |
| |
| <h4>Rationale for Change</h4> |
| |
| <p> |
| Additional security has been added to Derby. When running under a |
| Security Manager, embedding applications and database |
| routines can no longer access certain sensitive internal structures. |
| </p> |
| |
| |
| <h4>Application Changes Required</h4> |
| |
| <p> |
| Users who run Derby under a SecurityManager must edit the policy file |
| and grant the following additional permission to derby.jar, |
| derbynet.jar, and derbyoptionaltools.jar: |
| </p> |
| |
| |
| <pre> |
| permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals"; |
| </pre> |
| |
| |
| </div> |
| <hr> |
| <h3> |
| <a name="Note for DERBY-6414"></a>Note for DERBY-6414</h3> |
| <div> |
| |
| |
| <h4>Summary of Change</h4> |
| |
| <p> |
| UPDATE statements now accept DEFAULT as a valid value for identity columns. |
| </p> |
| |
| |
| |
| <h4>Symptoms Seen by Applications Affected by Change</h4> |
| |
| <p> |
| In previous releases of Derby, the following UPDATE statements would |
| raise exceptions: |
| </p> |
| |
| |
| <pre> |
| create table t1( a int generated always as identity, b int ); |
| insert into t1( a, b ) values ( default, 100 ); |
| update t1 set a = default; |
| ERROR 42Z23: Attempt to modify an identity column 'A'. |
| |
| create table t2( a int generated by default as identity, b int ); |
| insert into t2( a, b ) values ( default, 100 ); |
| update t2 set a = default; |
| ERROR 23502: Column 'A' cannot accept a NULL value. |
| </pre> |
| |
| |
| <p> |
| The fix for DERBY-6414 makes the above two UPDATE statements work. Now |
| those statements update the identity columns with their next generated values. |
| </p> |
| |
| |
| <h4>Rationale for Change</h4> |
| |
| <p> |
| The new behavior conforms to the SQL Standard. |
| </p> |
| |
| |
| |
| <h4>Application Changes Required</h4> |
| |
| <p> |
| Applications no longer need to look for exceptions 42Z23 and 23502 when updating identity columns. |
| </p> |
| |
| |
| |
| </div> |
| </div> |
| <h2> |
| <a name="Build Environment"></a>Build Environment</h2> |
| <div> |
| <p>Derby release 10.12.0.0 was built using the following environment:</p> |
| <ul> |
| <li> |
| <b>Branch</b> - Source code came from the 10.12 branch.</li> |
| <li> |
| <b>Machine</b> - Mac OSX 10.7.5.</li> |
| <li> |
| <b>Ant</b> - Apache Ant(TM) version 1.9.2 compiled on July 8 2013.</li> |
| <li> |
| <b>Compiler</b> - All classes were compiled by the javac from the 1.8.0-b132 JDK, Java HotSpot(TM) 64-Bit Server VM (build 25.0-b70, mixed mode).</li> |
| <li> |
| <b>JSR 169</b> - Support for JSR 169 has been deprecated.</li> |
| </ul> |
| </div> |
| <h2> |
| <a name="Verifying Releases"></a>Verifying Releases</h2> |
| <div> |
| |
| |
| <p>It is essential that you verify the integrity of the downloaded |
| files using the PGP and MD5 signatures. MD5 verification ensures the |
| file was not corrupted during the download process. PGP verification |
| ensures that the file came from a certain person.</p> |
| |
| |
| <p>The PGP signatures can be verified using |
| <a href="http://www.pgpi.org/">PGP</a> or |
| <a href="http://www.gnupg.org/">GPG</a>. |
| First download the Apache Derby |
| <a href="http://svn.apache.org/repos/asf/db/derby/code/trunk/KEYS">KEYS</a> |
| as well as the <code>asc</code> signature file for the particular |
| distribution. It is important that you get these files from the ultimate |
| trusted source - the main ASF distribution site, rather than from a mirror. |
| Then verify the signatures using ...</p> |
| |
| |
| <pre> |
| % pgpk -a KEYS |
| % pgpv db-derby-X.Y.tar.gz.asc |
| |
| <em>or</em> |
| |
| % pgp -ka KEYS |
| % pgp db-derby-X.Y.tar.gz.asc |
| |
| <em>or</em> |
| |
| % gpg --import KEYS |
| % gpg --verify db-derby-X.Y.tar.gz.asc |
| |
| </pre> |
| |
| |
| <p>To verify the MD5 signature on the files, you need to use a program |
| called <code>md5</code> or <code>md5sum</code>, which is |
| included in many unix distributions. It is also available as part of |
| <a href="http://www.gnu.org/software/textutils/textutils.html">GNU |
| Textutils</a>. Windows users can get binary md5 programs from <a href="http://www.fourmilab.ch/md5/">here</a>, <a href="http://www.pc-tools.net/win32/freeware/console/">here</a>, or |
| <a href="http://www.slavasoft.com/fsum/">here</a>.</p> |
| |
| |
| <p>We strongly recommend that you verify your downloads with both PGP and MD5.</p> |
| |
| |
| |
| </div> |
| </body> |
| </html> |