13.7.3. What’s Fixed in 7.4.0

This section describes bugs fixed in Observability Framework 7.4.0. These are fixes since 7.3.0.

RTI® Connext® 7.4.0 is an early access release. See the Connext Versions and Lifecycle page for more information on RTI’s software release model.

For what’s new and fixed in other products in the Connext suite, see those products’ release notes on the RTI Community Portal or in your installation.

[Critical]: System-stopping issue, such as a crash or data loss.
[Major]: Significant issue with no easy workaround.
[Minor]: Issue that usually has a workaround.
[Trivial]: Small issue, such as a typo in a log.

13.7.3.1. Hangs

13.7.3.1.1. [Critical] Observability Collector Service hung when several applications were discovered simultaneously

When several applications with RTI Monitoring Library 2.0 enabled were discovered at the same time, Collector Service hung due to a lock inversion on its threads. After the hang, Collector Service could not process any new incoming data. As a result, Observability Dashboard may not have displayed all applications because discovery did not work as expected. This issue was more likely to have occurred if multiple applications were started simultaneously.

[RTI Issue ID OCA-339]

13.7.3.2. Other

13.7.3.2.1. [Minor] Prometheus listen port was not correctly configured

The Prometheus listen port was not updated when the default value (9090) was changed.

[RTI Issue ID GRAF-170]

13.7.3.3. Vulnerabilities

13.7.3.3.1. [Critical] Stack Overflow could occur when using XML configuration file referencing environment variables

An out-of-bounds write on the stack in Collector Service could have occurred while parsing XML files containing references to external environment variables.

13.7.3.3.1.1. User Impact without Security

This vulnerability in Observability Framework could have resulted in the following:

  • Stack buffer overflow when parsing a malicious XML file.

  • Exploitable by providing malicious XML code to the applications during startup.

  • CVSS 3.1 Score: 6.1 MEDIUM

  • CVSS 3.1 Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

13.7.3.3.1.2. User Impact with Security

Same impact as described in “User Impact without Security,” above.

[RTI Issue ID OCA-360]