Skip to main content
Tungsten Replicator

Tungsten Replicator 8.0.4

Build: 132
Release Date: 1 Jun 2026
Release 8.0.4 contains a number of stability improvements and minor bug fixes.

Behavior Changes (2)

The following changes may affect existing scripts and integration tools. Any scripts or environment which make use of these tools should check and update for the new configuration:

Installation and Deployment (1)

  • Upgraded 3rd party libraries to remove critical and high severity CVEs. The full list is as follows:

    • zookeeper 3.4.14 → 3.9.4 — CVE-2023-44981 (SASL Quorum auth bypass)
    • log4j-api / log4j-core 2.23.1 → 2.25.3 (consolidated) — keeps log4j current; no known critical post-2.17 CVEs but stays ahead
    • commons-text 1.9 → 1.12.0 / 1.13.0 — CVE-2022-42889 (Text4Shell)
    • commons-compress 1.21 → 1.27.1 — CVE-2024-25710, CVE-2024-26308 (DoS via crafted archives)
    • commons-configuration2 (replaced commons-configuration 1.9) → 2.11.0 — CVE-2024-29131, CVE-2024-29133
    • commons-io 2.11.0 → 2.18.0 — CVE-2024-47554
    • jackson-databind 2.13.0 → 2.17.2 / 2.18.2 — CVE-2022-42003, CVE-2022-42004
    • guava 31.0.1-jre → 33.4.0-jre — CVE-2023-2976
    • h2 1.4.199 → 2.3.232 — CVE-2021-23463, CVE-2022-23221
    • postgresql JDBC 42.5.4 → 42.7.7 — CVE-2024-1597, CVE-2022-31197, CVE-2022-26520
    • dom4j 1.6.1 → 2.1.4 — CVE-2018-1000632, CVE-2020-10683
    • xstream 1.4.20 → 1.4.21 — CVE-2024-47072
    • velocity-engine-core 2.3 → 2.4.1 — CVE-2020-13936 era cleanup
    • kafka-clients 0.10.2.2 → 3.9.1 — CVE-2023-25194, CVE-2024-27309
    • junit 4.12 → 4.13.2 — CVE-2020-15250 (temp-dir disclosure; test-time only)
    • netty / xz xz 1.8 → 1.9 — CVE-2022-26259 era
    • protobuf-java 2.6.1 → 4.33.5 — CVE-2024-7254, CVE-2022-3171

     

    The following libraries are no longer required and have been removed entirely:

    • bonecp 0.8.0 — abandoned upstream
    • derby 10.12.1.1
    • postgresql 9.0-801.jdbc3 and 9.3-1102.jdbc4 — many old PG-JDBC CVEs gone
    • sqljdbc4 (replaced by mssql-jdbc 12.10.0) — CVE-2022-23270 era
    Issues: CT-2752, CT-2677, CT-2681

Core Clustering (1)

  • Replicator will now generate a heap dump upon out of memory issues, located in tungsten-replicator/log/replicator.hprof.
    Issue: CT-2669

Improvements, new features and functionality (5)

Command-line Tools (2)

  • The tpm diag command now captures all MySQL configuration files referenced by any !include/!includedir directives, with a sudo fallback so root-owned 0640 configs are captured too.
    Issue: CT-2745
  • A new thl stats command has been added that allows you to gather statistics on the THL content, such as number of DML and DDL statements grouped by date, schema and table.
    Issues: CT-2720, CT-2760

Core Replicator (2)

  • Improved logging performance of "UPDATE or DELETE statement did not process any row." messages.

    While these messages should be rare, performance could decrease when displaying a lot of rows. Also, the message format was changed when policy is set to WARN, previously:

    Event seqno=3726720187/fragno=0 : UPDATE or DELETE statement did not process any row. 
        DELETE FROM `someSchema`.`someTable` WHERE `id` = ?  
        Arguments: - ROW# = 0 - KEY(index=1 name=id type=4 [INTEGER] length=8 unsigned=true blob=false desc=BIGINT UNSIGNED) (size = 3) = 123

    Now, only the first line will be displayed by default:

    Event seqno=3726720187/fragno=0 : UPDATE or DELETE statement did not process any row.

    The detailed view of the statement / values that did not change the database will be logged only if log4j is set in DEBUG

    Issue: CT-2733

  • It is now possible to deploy a "cluster-extractor" topology with the standalone Replicator package via Docker.

    For more detiails and a step-by-step guide, see "Deploying a Replicator through Docker"

    Issue: CT-2591

Documentation (1)

  • All documentation URL references in help text output and template files have been updated.
    Issue: CT-2686

Bug Fixes (5)

Installation and Deployment (1)

  • tpm validate-update no longer exits with error when upgrading from 6.x versions and modifications of tungsten.ini are required for SSL setup.
    Issue: CT-2658

Command-line Tools (3)

  • tpm purge-thl / tungsten_purge_thl : the "running on a Primary node" warning and the --files flag now both behave correctly when there is only a single THL file (previously skipped via an early return).
    Issue: CT-2750
  • THL and query replicator command-line tools now send log4j output to stderr instead of stdout, so callers piping/parsing their output get clean data even when warnings or errors are logged.
    Issue: CT-2744
  • The tpm report command no longer issues warnings about "Duplicate specification for option".
    Issue: CT-2672

Security (1)

  • Fixed an issue with tpm wrongly trying to validate keystores with database SSL off + THL SSL on.
    Issue: CT-2691