Merged
Conversation
annieden
reviewed
Apr 24, 2026
Co-authored-by: annieden <94020405+annieden@users.noreply.github.com>
annieden
reviewed
Apr 24, 2026
| * Fixed OpsCenter OOM issue caused by accumulated backup status tracking data (SnapshotStatus.details) not being released after backup completion. Repeated scheduled backups no longer cause unbounded memory growth. (OPSC-17773) | ||
| * Added Google Cloud Storage (GCS) as a backup destination provider. Users can now configure GCS buckets for storing OpsCenter backups with support for Service Account JSON authentication or Application Default Credentials (ADC). (OPSC-4776) | ||
| * Fixed Azure backup destination failing with 'base64Key' was not a valid Base64 scheme error when JMX SSL is enabled. When configured, OpsCenter agent can use the JVM's default CA certificates (cacerts) for cloud provider SSL connections, bypassing the JMX truststore override. (OPSC-17613) | ||
| * Fixed an issue in the Backup Service where the on-server backup status would display as "running" until all external destination uploads completed. Local snapshots now correctly display as "completed" immediately. (OPSC-17729) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fixed an issue in the Backup Service where the on-server backup status would display as "running" until all external destination uploads completed. Local snapshots now correctly display as "completed" immediately. (OPSC-17729) | |
| * Fixed an issue in the Backup Service where the on-server backup status would display as 'running' until all external destination uploads completed. Local snapshots now correctly display a backup status of "completed" immediately. (OPSC-17729) |
annieden
reviewed
Apr 24, 2026
| * Added Google Cloud Storage (GCS) as a backup destination provider. Users can now configure GCS buckets for storing OpsCenter backups with support for Service Account JSON authentication or Application Default Credentials (ADC). (OPSC-4776) | ||
| * Fixed Azure backup destination failing with 'base64Key' was not a valid Base64 scheme error when JMX SSL is enabled. When configured, OpsCenter agent can use the JVM's default CA certificates (cacerts) for cloud provider SSL connections, bypassing the JMX truststore override. (OPSC-17613) | ||
| * Fixed an issue in the Backup Service where the on-server backup status would display as "running" until all external destination uploads completed. Local snapshots now correctly display as "completed" immediately. (OPSC-17729) | ||
| * Added the `skip_initial_backup_file_diff` config parameter to address.yaml. If set to `true` the agent will no longer attempt to compare the files on the remote system with the backup to avoid duplicating uploads. We strongly recommend only enabling this when using a backup method that will do the comparison like `rsync` with a local filesystem destination or the azure cli configured to use sync. (OPSC-17816) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Added the `skip_initial_backup_file_diff` config parameter to address.yaml. If set to `true` the agent will no longer attempt to compare the files on the remote system with the backup to avoid duplicating uploads. We strongly recommend only enabling this when using a backup method that will do the comparison like `rsync` with a local filesystem destination or the azure cli configured to use sync. (OPSC-17816) | |
| * Added the `skip_initial_backup_file_diff` configration parameter to 'address.yaml'. When set to `true` the agent no longer attempts to compare the files on the remote system with the backup to avoid duplicating uploads. We strongly recommend only enabling this when using a backup method that performs the comparison. Example backup methods are `rsync` with a local filesystem destination or the Azure command line interface (cli) configured to use sync. (OPSC-17816) |
annieden
reviewed
Apr 24, 2026
| * Fixed Azure backup destination failing with 'base64Key' was not a valid Base64 scheme error when JMX SSL is enabled. When configured, OpsCenter agent can use the JVM's default CA certificates (cacerts) for cloud provider SSL connections, bypassing the JMX truststore override. (OPSC-17613) | ||
| * Fixed an issue in the Backup Service where the on-server backup status would display as "running" until all external destination uploads completed. Local snapshots now correctly display as "completed" immediately. (OPSC-17729) | ||
| * Added the `skip_initial_backup_file_diff` config parameter to address.yaml. If set to `true` the agent will no longer attempt to compare the files on the remote system with the backup to avoid duplicating uploads. We strongly recommend only enabling this when using a backup method that will do the comparison like `rsync` with a local filesystem destination or the azure cli configured to use sync. (OPSC-17816) | ||
| * Fixed a bug where backups showed incorrect keyspace counts (e.g. 9/31 instead of 31/31) in the UI. (OPSC-17836) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fixed a bug where backups showed incorrect keyspace counts (e.g. 9/31 instead of 31/31) in the UI. (OPSC-17836) | |
| * Fixed a bug where backups displayed incorrect keyspace counts (e.g., 9/31 instead of 31/31) in the user interface (UI). (OPSC-17836) |
annieden
reviewed
Apr 24, 2026
| * Fixed an issue in the Backup Service where the on-server backup status would display as "running" until all external destination uploads completed. Local snapshots now correctly display as "completed" immediately. (OPSC-17729) | ||
| * Added the `skip_initial_backup_file_diff` config parameter to address.yaml. If set to `true` the agent will no longer attempt to compare the files on the remote system with the backup to avoid duplicating uploads. We strongly recommend only enabling this when using a backup method that will do the comparison like `rsync` with a local filesystem destination or the azure cli configured to use sync. (OPSC-17816) | ||
| * Fixed a bug where backups showed incorrect keyspace counts (e.g. 9/31 instead of 31/31) in the UI. (OPSC-17836) | ||
| * Fix bug where schema mismatched. (OPSC-17799) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fix bug where schema mismatched. (OPSC-17799) | |
| * Fixed bug where schema mismatched. (OPSC-17799) |
annieden
reviewed
Apr 24, 2026
| * Added the `skip_initial_backup_file_diff` config parameter to address.yaml. If set to `true` the agent will no longer attempt to compare the files on the remote system with the backup to avoid duplicating uploads. We strongly recommend only enabling this when using a backup method that will do the comparison like `rsync` with a local filesystem destination or the azure cli configured to use sync. (OPSC-17816) | ||
| * Fixed a bug where backups showed incorrect keyspace counts (e.g. 9/31 instead of 31/31) in the UI. (OPSC-17836) | ||
| * Fix bug where schema mismatched. (OPSC-17799) | ||
| * Improved memory usage of snapshot cleanup. Introduced `focused-tag-cleanup` in address.yaml to allow prioritization of optimizing memory usage over cleaning up snapshots no longer included in the metadata of any backup. (OPSC-17838) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Improved memory usage of snapshot cleanup. Introduced `focused-tag-cleanup` in address.yaml to allow prioritization of optimizing memory usage over cleaning up snapshots no longer included in the metadata of any backup. (OPSC-17838) | |
| * Improved memory usage of snapshot cleanup. Introduced `focused-tag-cleanup` in 'address.yaml' to allow prioritization of optimizing memory usage over cleaning up snapshots no longer included in the metadata of any backup. (OPSC-17838) |
annieden
reviewed
Apr 24, 2026
| * Fixed a UnicodeEncodeError when saving or validating Azure backup destinations containing an invisible UTF-8 BOM (Byte Order Mark) character in the SAS token or other fields. The BOM can be introduced when copy-pasting values from Windows editors, Azure Portal, or PowerShell. Destination string values are now sanitized on input to strip BOM characters. (OPSC-17793) | ||
|
|
||
| ## Provisioning | ||
| * Made the meld location on the remote machine configurable in opscenterd.conf [lifecycle_manager] remote_meld_exec_path. Meld will not be uploaded during a job if this value is set. (OPSC-11286) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Made the meld location on the remote machine configurable in opscenterd.conf [lifecycle_manager] remote_meld_exec_path. Meld will not be uploaded during a job if this value is set. (OPSC-11286) | |
| * Made the Meld location on the remote machine configurable in the 'opscenterd.conf' file. Setting the '[lifecycle_manager] remote_meld_exec_path' prevents Meld from being uploaded during a job. (OPSC-11286) |
annieden
reviewed
Apr 24, 2026
| * Made the meld location on the remote machine configurable in opscenterd.conf [lifecycle_manager] remote_meld_exec_path. Meld will not be uploaded during a job if this value is set. (OPSC-11286) | ||
|
|
||
| ## Repair Service | ||
| * Fixed an issue where the OpsCenter repair dashboard displayed the "Remaining" time in scientific notation (e.g., 2.84e+50h 0m 0s) during idle periods of subrange repair. The display now correctly shows a human-readable duration. (OPSC-17746) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fixed an issue where the OpsCenter repair dashboard displayed the "Remaining" time in scientific notation (e.g., 2.84e+50h 0m 0s) during idle periods of subrange repair. The display now correctly shows a human-readable duration. (OPSC-17746) | |
| * Fixed an issue where the OpsCenter repair dashboard displayed the 'Remaining' time in scientific notation (e.g., 2.84e+50h 0m 0s) during idle periods of subrange repair. The display now correctly shows a human-readable duration. (OPSC-17746) |
annieden
reviewed
Apr 24, 2026
| * Fixed an issue where the OpsCenter repair dashboard displayed the "Remaining" time in scientific notation (e.g., 2.84e+50h 0m 0s) during idle periods of subrange repair. The display now correctly shows a human-readable duration. (OPSC-17746) | ||
|
|
||
| ## Security | ||
| * Update vulnerabilities in commons-text, commons-beanutils, commons-configuration2, jackson-core, c3p0, and xmlunit-core. (OPSC-17826) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Update vulnerabilities in commons-text, commons-beanutils, commons-configuration2, jackson-core, c3p0, and xmlunit-core. (OPSC-17826) | |
| * Updated vulnerabilities in 'commons-text', 'commons-beanutils', 'commons-configuration2', 'jackson-core', 'c3p0', and 'xmlunit-core'. (OPSC-17826) |
annieden
reviewed
Apr 24, 2026
|
|
||
| ## Security | ||
| * Update vulnerabilities in commons-text, commons-beanutils, commons-configuration2, jackson-core, c3p0, and xmlunit-core. (OPSC-17826) | ||
| * Update Apache Directory API + Apache MINA, Upgraded BouncyCastle, migrate from commons-lang to commons-lang3 (OPSC-17862) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Update Apache Directory API + Apache MINA, Upgraded BouncyCastle, migrate from commons-lang to commons-lang3 (OPSC-17862) | |
| * Updated Apache Directory API and Apache MINA, upgraded BouncyCastle, and migrated from 'commons-lang' to 'commons-lang3 '. (OPSC-17862) |
annieden
reviewed
Apr 24, 2026
| ## Security | ||
| * Update vulnerabilities in commons-text, commons-beanutils, commons-configuration2, jackson-core, c3p0, and xmlunit-core. (OPSC-17826) | ||
| * Update Apache Directory API + Apache MINA, Upgraded BouncyCastle, migrate from commons-lang to commons-lang3 (OPSC-17862) | ||
| * Upgraded clj-commons:fs from 1.6.310 to 1.6.312, which brings commons-compress 1.28.0, addressing CVE-2024-25710 (CWE-835: Infinite Loop) and CVE-2024-26308 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17864) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded clj-commons:fs from 1.6.310 to 1.6.312, which brings commons-compress 1.28.0, addressing CVE-2024-25710 (CWE-835: Infinite Loop) and CVE-2024-26308 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17864) | |
| * Upgraded 'clj-commons:fs' from v1.6.310 to v1.6.312, which brings commons-compress v1.28.0 to address CVE-2024-25710 (CWE-835: Infinite Loop) and CVE-2024-26308 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17864) |
annieden
reviewed
Apr 24, 2026
| * Update vulnerabilities in commons-text, commons-beanutils, commons-configuration2, jackson-core, c3p0, and xmlunit-core. (OPSC-17826) | ||
| * Update Apache Directory API + Apache MINA, Upgraded BouncyCastle, migrate from commons-lang to commons-lang3 (OPSC-17862) | ||
| * Upgraded clj-commons:fs from 1.6.310 to 1.6.312, which brings commons-compress 1.28.0, addressing CVE-2024-25710 (CWE-835: Infinite Loop) and CVE-2024-26308 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17864) | ||
| * Upgraded com.esri.geometry:esri-geometry-api from 1.2.1 to 2.2.4, which removes the transitive org.json dependency entirely, addressing CVE-2023-5072 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17865) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded com.esri.geometry:esri-geometry-api from 1.2.1 to 2.2.4, which removes the transitive org.json dependency entirely, addressing CVE-2023-5072 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17865) | |
| * Upgraded 'com.esri.geometry:esri-geometry-api' from v1.2.1 to v2.2.4, which removes the transitive org.json dependency entirely and addresses CVE-2023-5072 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17865) |
annieden
reviewed
Apr 24, 2026
| * Update version of jackson-core, lz4-java and awssdk to resolve security vulnerabilities. (OPSC-17846) | ||
|
|
||
| ## Monitoring | ||
| * Fix Tiered Storage alerts to handle Java Driver 4.x (OPSC-17794) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Fix Tiered Storage alerts to handle Java Driver 4.x (OPSC-17794) | |
| * Fixed Tiered Storage alerts to handle Java Driver 4.x . (OPSC-17794) |
annieden
reviewed
Apr 24, 2026
| * Update Apache Directory API + Apache MINA, Upgraded BouncyCastle, migrate from commons-lang to commons-lang3 (OPSC-17862) | ||
| * Upgraded clj-commons:fs from 1.6.310 to 1.6.312, which brings commons-compress 1.28.0, addressing CVE-2024-25710 (CWE-835: Infinite Loop) and CVE-2024-26308 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17864) | ||
| * Upgraded com.esri.geometry:esri-geometry-api from 1.2.1 to 2.2.4, which removes the transitive org.json dependency entirely, addressing CVE-2023-5072 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17865) | ||
| * Upgraded org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.7, which brings reload4j 1.2.22, addressing CVE-2022-45868 (CWE-200: Information Exposure) in the log4j 1.2.x fork. (OPSC-17866) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.7, which brings reload4j 1.2.22, addressing CVE-2022-45868 (CWE-200: Information Exposure) in the log4j 1.2.x fork. (OPSC-17866) | |
| * Upgraded org.slf4j:slf4j-reload4j from v1.7.36 to v2.0.7, which brings reload4j v1.2.22 to address CVE-2022-45868 (CWE-200: Information Exposure) in the log4j 1.2.x fork. (OPSC-17866) |
annieden
reviewed
Apr 24, 2026
| * Upgraded clj-commons:fs from 1.6.310 to 1.6.312, which brings commons-compress 1.28.0, addressing CVE-2024-25710 (CWE-835: Infinite Loop) and CVE-2024-26308 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17864) | ||
| * Upgraded com.esri.geometry:esri-geometry-api from 1.2.1 to 2.2.4, which removes the transitive org.json dependency entirely, addressing CVE-2023-5072 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17865) | ||
| * Upgraded org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.7, which brings reload4j 1.2.22, addressing CVE-2022-45868 (CWE-200: Information Exposure) in the log4j 1.2.x fork. (OPSC-17866) | ||
| * Upgraded org.apache.mina:mina-core to 2.2.5, addressing CVE-2024-52046 (CWE-502: Deserialization of Untrusted Data). (OPSC-17869) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded org.apache.mina:mina-core to 2.2.5, addressing CVE-2024-52046 (CWE-502: Deserialization of Untrusted Data). (OPSC-17869) | |
| * Upgraded org.apache.mina:mina-core to v2.2.5 to address CVE-2024-52046 (CWE-502: Deserialization of Untrusted Data). (OPSC-17869) |
annieden
reviewed
Apr 24, 2026
| * Upgraded com.esri.geometry:esri-geometry-api from 1.2.1 to 2.2.4, which removes the transitive org.json dependency entirely, addressing CVE-2023-5072 (CWE-770: Uncontrolled Resource Consumption). (OPSC-17865) | ||
| * Upgraded org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.7, which brings reload4j 1.2.22, addressing CVE-2022-45868 (CWE-200: Information Exposure) in the log4j 1.2.x fork. (OPSC-17866) | ||
| * Upgraded org.apache.mina:mina-core to 2.2.5, addressing CVE-2024-52046 (CWE-502: Deserialization of Untrusted Data). (OPSC-17869) | ||
| * Upgraded lodash and lodash-amd to 4.18.1, addressing CVE-2021-23337 (CWE-94: Improper Control of Generation of Code) and prototype-pollution advisories in earlier lodash releases. (OPSC-17870) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded lodash and lodash-amd to 4.18.1, addressing CVE-2021-23337 (CWE-94: Improper Control of Generation of Code) and prototype-pollution advisories in earlier lodash releases. (OPSC-17870) | |
| * Upgraded lodash and lodash-amd to v4.18.1, to address CVE-2021-23337 (CWE-94: Improper Control of Generation of Code) and prototype-pollution advisories occurring in earlier lodash releases. (OPSC-17870) |
annieden
reviewed
Apr 24, 2026
| * Upgraded org.slf4j:slf4j-reload4j from 1.7.36 to 2.0.7, which brings reload4j 1.2.22, addressing CVE-2022-45868 (CWE-200: Information Exposure) in the log4j 1.2.x fork. (OPSC-17866) | ||
| * Upgraded org.apache.mina:mina-core to 2.2.5, addressing CVE-2024-52046 (CWE-502: Deserialization of Untrusted Data). (OPSC-17869) | ||
| * Upgraded lodash and lodash-amd to 4.18.1, addressing CVE-2021-23337 (CWE-94: Improper Control of Generation of Code) and prototype-pollution advisories in earlier lodash releases. (OPSC-17870) | ||
| * Upgraded ua-parser-js to 0.7.41, addressing CVE-2020-7793 and CVE-2020-7733 (CWE-1333: Inefficient Regular Expression Complexity — Regular Expression Denial of Service). (OPSC-17871) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded ua-parser-js to 0.7.41, addressing CVE-2020-7793 and CVE-2020-7733 (CWE-1333: Inefficient Regular Expression Complexity — Regular Expression Denial of Service). (OPSC-17871) | |
| * Upgraded ua-parser-js to v0.7.41 to address CVE-2020-7793 and CVE-2020-7733 (CWE-1333: Inefficient Regular Expression Complexity — Regular Expression Denial of Service). (OPSC-17871) |
annieden
reviewed
Apr 24, 2026
| * Upgraded org.apache.mina:mina-core to 2.2.5, addressing CVE-2024-52046 (CWE-502: Deserialization of Untrusted Data). (OPSC-17869) | ||
| * Upgraded lodash and lodash-amd to 4.18.1, addressing CVE-2021-23337 (CWE-94: Improper Control of Generation of Code) and prototype-pollution advisories in earlier lodash releases. (OPSC-17870) | ||
| * Upgraded ua-parser-js to 0.7.41, addressing CVE-2020-7793 and CVE-2020-7733 (CWE-1333: Inefficient Regular Expression Complexity — Regular Expression Denial of Service). (OPSC-17871) | ||
| * Upgraded dojo, dijit, dojox, and dojo-util to 1.17.3, addressing CVE-2021-23450 (CWE-1321: Improperly Controlled Modification of Object Prototype Attributes Prototype Pollution). (OPSC-17872) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Upgraded dojo, dijit, dojox, and dojo-util to 1.17.3, addressing CVE-2021-23450 (CWE-1321: Improperly Controlled Modification of Object Prototype Attributes Prototype Pollution). (OPSC-17872) | |
| * Upgraded dojo, dijit, dojox, and dojo-util to v1.17.3 to address CVE-2021-23450 (CWE-1321: Improperly Controlled Modification of Object Prototype Attributes Prototype Pollution). (OPSC-17872) |
annieden
reviewed
Apr 24, 2026
| * Upgraded lodash and lodash-amd to 4.18.1, addressing CVE-2021-23337 (CWE-94: Improper Control of Generation of Code) and prototype-pollution advisories in earlier lodash releases. (OPSC-17870) | ||
| * Upgraded ua-parser-js to 0.7.41, addressing CVE-2020-7793 and CVE-2020-7733 (CWE-1333: Inefficient Regular Expression Complexity — Regular Expression Denial of Service). (OPSC-17871) | ||
| * Upgraded dojo, dijit, dojox, and dojo-util to 1.17.3, addressing CVE-2021-23450 (CWE-1321: Improperly Controlled Modification of Object Prototype Attributes Prototype Pollution). (OPSC-17872) | ||
| * Update version of jackson-core, lz4-java and awssdk to resolve security vulnerabilities. (OPSC-17846) |
Contributor
There was a problem hiding this comment.
Suggested change
| * Update version of jackson-core, lz4-java and awssdk to resolve security vulnerabilities. (OPSC-17846) | |
| * Updated versions of jackson-core, lz4-java, and awssdk to resolve security vulnerabilities. (OPSC-17846) |
annieden
reviewed
Apr 24, 2026
Contributor
annieden
left a comment
annieden
left a comment
There was a problem hiding this comment.
Made some grammatical and tense edits on several of these. Once fixed, I can approve.
added 3 commits
April 26, 2026 20:19
Collaborator
|
I applied the review suggestions and then also applied last minute updates that happened to the release. See my first commit for details. |
annieden
reviewed
Apr 27, 2026
annieden
reviewed
Apr 27, 2026
annieden
approved these changes
Apr 27, 2026
Contributor
annieden
left a comment
annieden
left a comment
There was a problem hiding this comment.
I edited the two new RNs that Orion added, and these are ready to be committed. I approve pending that commit.
Co-authored-by: annieden <94020405+annieden@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release Notes Automation
If you name your pull-request as "Product x.y.z Release ...", after merging the
PR, a GitHub Action will automatically create a product version tag "product-x.y.z".
Supported product names are:
Version supports 3 sets or 4 sets of digits.