Skip to content

Comments

Update dependency io.seata:seata-server to v1.7.1#26

Open
mend-for-github-com[bot] wants to merge 1 commit into2022.xfrom
whitesource-remediate/io.seata-seata-server-1.x
Open

Update dependency io.seata:seata-server to v1.7.1#26
mend-for-github-com[bot] wants to merge 1 commit into2022.xfrom
whitesource-remediate/io.seata-seata-server-1.x

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Jan 6, 2026

This PR contains the following updates:

Package Type Update Change
io.seata:seata-server (source) compile minor 1.5.01.7.1

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability
Critical Critical 10.0 CVE-2024-1597
Critical Critical 9.8 CVE-2021-42392
Critical Critical 9.8 CVE-2022-23221
Critical Critical 9.8 CVE-2024-50379
Critical Critical 9.8 CVE-2024-52316
Critical Critical 9.8 CVE-2025-24813
Critical Critical 9.8 CVE-2025-31651
Critical Critical 9.6 CVE-2025-55754
Critical Critical 9.1 CVE-2023-34034
High High 8.6 CVE-2024-38286
High High 8.1 CVE-2021-23463
High High 8.1 CVE-2024-22259
High High 8.1 CVE-2025-27818
High High 8.1 WS-2019-0490
High High 7.5 CVE-2020-11979
High High 7.5 CVE-2021-35515
High High 7.5 CVE-2021-35516
High High 7.5 CVE-2021-35517
High High 7.5 CVE-2021-36090
High High 7.5 CVE-2022-34917
High High 7.5 CVE-2022-42003
High High 7.5 CVE-2022-42004
High High 7.5 CVE-2022-45143
High High 7.5 CVE-2023-20860
High High 7.5 CVE-2023-20883
High High 7.5 CVE-2023-24998
High High 7.5 CVE-2023-44487
High High 7.5 CVE-2023-44487
High High 7.5 CVE-2023-46589
High High 7.5 CVE-2024-24549
High High 7.5 CVE-2024-38819
High High 7.5 CVE-2025-27819
High High 7.5 CVE-2025-48976
High High 7.5 CVE-2025-48988
High High 7.5 CVE-2025-48989
High High 7.3 CVE-2024-12798
High High 7.3 CVE-2024-12798
High High 7.1 CVE-2022-31197
Medium Medium 6.6 CVE-2023-25194
Medium Medium 6.5 CVE-2023-20861
Medium Medium 6.5 CVE-2023-20863
Medium Medium 6.5 CVE-2024-31141
Medium Medium 6.5 CVE-2025-49125
Medium Medium 6.5 CVE-2025-55668
Medium Medium 6.3 CVE-2020-1945
Medium Medium 6.3 CVE-2024-23672
Medium Medium 6.1 CVE-2023-41080
Medium Medium 5.5 CVE-2021-36373
Medium Medium 5.5 CVE-2021-36374
Medium Medium 5.3 CVE-2022-41881
Medium Medium 5.3 CVE-2023-42795
Medium Medium 5.3 CVE-2023-45648
Medium Medium 5.3 CVE-2024-38809
Medium Medium 5.3 CVE-2025-58057
Medium Medium 5.3 CVE-2025-58057
Medium Medium 4.8 CVE-2024-38827
Medium Medium 4.7 CVE-2022-41946
Medium Medium 4.3 CVE-2023-28708

Release Notes

seata/seata (io.seata:seata-server)

v1.7.1: (Not Apache release)

Compare Source

Seata 1.7.1 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:
  • [#​5803] docker image supports JVM parameter injection
bugfix:
  • [#​5749] case of the pk col-name in the business sql is inconsistent with the case in the table metadata, resulting in a rollback failure
  • [#​5762] change some fields type of TableMetaCache to avoid integer overflow
  • [#​5769] fix the problem that the parameter prefix requirement of the setAttachment method in sofa-rpc is not met
  • [#​5814] fix XA transaction start exception and rollback failure
  • [#​5771] insert executor keywords unescape
  • [#​5819] fix oracle column alias cannot find
optimize:
  • [#​5804] optimize docker default timezone
  • [#​5815] support the nacos application name property
  • [#​5820] unified log output directory
  • [#​5822] upgrade some deprecated github actions
security:
  • [#​5728] fix some dependencies vulnerability
  • [#​5766] fix some serializer vulnerabilities

Thanks to these contributors for their code commits. Please report an unintended omission.

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.7.0: (Not Apache release)

Compare Source

Seata 1.7.0 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:
  • [#​5476] first support native-image for seata-client
  • [#​5495] console integration saga-statemachine-designer
  • [#​5668] compatible with file.conf and registry.conf configurations in version 1.4.2 and below
bugfix:
  • [#​5682] fix saga mode replay context lost startParams
  • [#​5671] fix saga mode serviceTask inputParams json autoType convert exception
  • [#​5194] fix wrong keyword order for oracle when creating a table
  • [#​5021] fix JDK Reflection for Spring origin proxy failed in JDK17
  • [#​5023] fix seata-core dependency transitive conflict in seata-dubbo
  • [#​5224] fix oracle initialize script index_name is duplicate
  • [#​5233] fix the inconsistent configuration item names related to LoadBalance
  • [#​5266] fix server console has queried the released lock
  • [#​5245] fix the incomplete dependency of distribution module
  • [#​5239] fix getConfig throw ClassCastException when use JDK proxy
  • [#​5281] parallel request handle throw IndexOutOfBoundsException
  • [#​5288] fix auto-increment of pk columns in Oracle in AT mode
  • [#​5287] fix auto-increment of pk columns in PostgreSQL in AT mode
  • [#​5299] fix GlobalSession deletion when retry rollback or retry commit timeout
  • [#​5307] fix that keywords don't add escaped characters
  • [#​5311] remove RollbackRetryTimeout sessions during in file storage recover
  • [#​4734] check if table meta cache should be refreshed in AT mode
  • [#​5316] fix G1 jvm parameter in jdk8
  • [#​5321] fix When the rollback logic on the TC side returns RollbackFailed, the custom FailureHandler is not executed
  • [#​5332] fix bugs found in unit tests
  • [#​5145] fix global session is always begin in saga mode
  • [#​5413] fix bad service configuration file and compilation failure
  • [#​5415] fix transaction timeout on client side not execute hook and failureHandler
  • [#​5447] fix oracle xa mode cannnot be used By same database
  • [#​5472] fix if using @GlobalTransactional in RM, ShouldNeverHappenException will be thrown
  • [#​5535] fix the log file path was loaded incorrectly
  • [#​5538] fix finished transaction swallows exception when committing
  • [#​5539] fix the full table scan issue with 'setDate' condition in Oracle 10g
  • [#​5540] fix GlobalStatus=9 can't be cleared in DB storage mode
  • [#​5552] fix mariadb rollback failed
  • [#​5583] fix grpc interceptor xid unbinding problem
  • [#​5602] fix log in participant transaction role
  • [#​5645] fix oracle insert undolog failed
  • [#​5659] fix the issue of case sensitivity enforcement on the database after adding escape characters to keywords
  • [#​5663] fix the timeout is null when the connectionProxyXA connection is reused
  • [#​5675] fix compatibility between xxx.grouplist and grouplist.xxx configuration items
  • [#​5690] fix console print unauthorized error
  • [#​5711] fix get configuration item contains underlined error
optimize:
  • [#​5208] optimize throwable getCause once more
  • [#​5212] optimize log message level
  • [#​5237] optimize exception log message print(EnhancedServiceLoader.loadFile#cahtch)
  • [#​5089] optimize the check of the delay value of the TCC fence log clean task
  • [#​5243] optimize kryo 5.4.0 optimize compatibility with jdk17
  • [#​5153] Only AT mode try to get channel with other app
  • [#​5177] If server.session.enable-branch-async-remove is true, delete the branch asynchronously and unlock it synchronously.
  • [#​5273] optimize the compilation configuration of the protobuf-maven-plugin plug-in to solve the problem of too long command lines in higher versions.
  • [#​5303] remove startup script the -Xmn configuration
  • [#​5325] add store mode,config type and registry type log info
  • [#​5315] optimize the log of SPI
  • [#​5323] add time info for global transaction timeout log
  • [#​5414] optimize transaction fail handler
  • [#​5537] optimize transaction log on client side
  • [#​5541] optimize server log output
  • [#​5548] update expire gpg key and publish workflow
  • [#​5638] optimize: set server's transaction level to READ_COMMITTED
  • [#​5646] refactor ColumnUtils and EscapeHandler
  • [#​5648] optimize server logs print
  • [#​5647] support case-sensitive attributes for table and column metadata
  • [#​5678] optimize escape character for case of columnNames
  • [#​5684] optimize github actions for CodeQL, skywalking-eyes and checkout
  • [#​5700] optimize distributed lock log
security:
  • [#​5172] fix some security vulnerabilities
  • [#​5683] add Hessian Serializer WhiteDenyList
  • [#​5696] fix several node.js security vulnerabilities
test:
  • [#​5380] fix UpdateExecutorTest failed
  • [#​5382] fix multi spring version test failed

Thanks to these contributors for their code commits. Please report an unintended omission.

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.6.1: (Not Apache release)

Compare Source

Seata 1.6.1 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:
  • [#​5115] support for spring-boot:3.x
bugfix:
  • [#​5179] fix ClassNotFoundException when server starts using Eureka
optimize:
  • [#​5120] unify the format of configuration items in yml files
  • [#​5180] GlobalTransactionScanner,SeataAutoDataSourceProxyCreator declare @​bean methods as static
  • [#​5182] fix some security vulnerabilities in GGEditor
  • [#​5183] optimize the default values for some switches

Thanks to these contributors for their code commits. Please report an unintended omission.

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.6.0: (Not Apache release)

Compare Source

Seata 1.6.0 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:
  • [#​4863] support oracle and postgresql multi primary key
  • [#​4649] seata-server support multiple registry
  • [#​4779] support Apache Dubbo3
  • [#​4479] TCC mode supports tcc annotation marked on both interface and implementation class
  • [#​4877] seata client support jdk17
  • [#​4914] support mysql update join sql
  • [#​4542] support oracle timestamp types
  • [#​5111] support Nacos contextPath
  • [#​4802] dockerfile support arm64
bugfix:
  • [#​4780] fix can't post TimeoutRollbacked event after a successful timeout rollback
  • [#​4954] fix output expression incorrectly throws npe
  • [#​4817] fix in high version springboot property not Standard
  • [#​4838] fix when use Statement.executeBatch() can not generate undo log
  • [#​4533] fix rollback event repeated and some event status not correct
  • [#​4912] fix mysql InsertOnDuplicateUpdate column case is different and cannot be matched
  • [#​4543] fix support Oracle nclob types
  • [#​4915] fix failed to get server recovery properties
  • [#​4919] fix XID port and address null:0 before coordinator.init
  • [#​4928] fix rpcContext.getClientRMHolderMap NPE
  • [#​4953] fix InsertOnDuplicateUpdate bypass modify pk
  • [#​4978] fix kryo support circular reference
  • [#​4874] fix startup failure by using OpenJDK 11
  • [#​5018] fix loader path in startup scripts
  • [#​5004] fix duplicate image row for update join
  • [#​5032] fix mysql InsertOnDuplicateUpdate sql query error caused by placeholder index calculation error
  • [#​5033] fix null exception when sql columns is empty for insert on duplicate
  • [#​5038] remove @​EnableConfigurationProperties({SagaAsyncThreadPoolProperties.class})
  • [#​5050] fix global session is not change to Committed in saga mode
  • [#​5052] fix update join condition placeholder param error
  • [#​5031] fix mysql InsertOnDuplicateUpdate should not use null index value as image sql query condition
  • [#​5075] fix InsertOnDuplicateUpdateExecutor could not intercept the sql which has no primary and unique key
  • [#​5093] fix access key loss after seata server restart
  • [#​5092] fix when seata and jpa are used together, their AutoConfiguration order is incorrect
  • [#​5109] fix NPE caused when there is no @​GlobalTransactional annotation on the RM side
  • [#​5098] Druid disable oracle implicit cache
  • [#​4860] fix metrics tags coverage in the seata-server side
  • [#​5028] fix insert value null parsed as string in insert on duplicate SQL
  • [#​5078] fix could not intercept the sql witch has no primary and unique key
  • [#​5097] fix access key loss after server restart
  • [#​5131] fix rollback xa connection active state
  • [#​5134] fix hikari datasource auto proxy fail
  • [#​5163] fix bad service configuration file and compilation failure
optimize:
  • [#​4774] optimize mysql8 dependencies for seataio/seata-server image
  • [#​4790] Add a github action to publish Seata to OSSRH
  • [#​4765] mysql 8.0.29 not should be hold for connection
  • [#​4750] optimize unBranchLock romove xid
  • [#​4797] optimize the github actions
  • [#​4800] Add NOTICE as Apache License V2
  • [#​4681] optimize the check lock during global transaction
  • [#​4761] use hget replace hmget because only one field
  • [#​4414] exclude log4j dependencies
  • [#​4836] optimize BaseTransactionalExecutor#buildLockKey(TableRecords rowsIncludingPK) method more readable
  • [#​4865] fix some security vulnerabilities in GGEditor
  • [#​4590] auto degrade enable to dynamic configure
  • [#​4490] tccfence log table delete by index
  • [#​4911] add license checker workflow
  • [#​4917] upgrade package-lock.json fix vulnerabilities
  • [#​4924] optimize pom dependencies
  • [#​4932] extract the default values for some properties
  • [#​4925] optimize java doc warning
  • [#​4921] fix some vulnerabilities in console and upgrade skywalking-eyes
  • [#​4936] optimize read of storage configuration
  • [#​4946] pass the sqlexception to client when get lock
  • [#​4962] optimize build and fix the base image
  • [#​4974] optimize cancel the limit on the number of globalStatus queries in Redis mode
  • [#​4981] optimize tcc fence record not exists errMessage
  • [#​4985] fix undo_log id repeat
  • [#​4995] fix mysql InsertOnDuplicateUpdate duplicate pk condition in after image query sql
  • [#​5047] remove useless code
  • [#​5051] undo log dirty throw BranchRollbackFailed_Unretriable
  • [#​5075] intercept the InsertOnDuplicateUpdate statement which has no primary key and unique index value
  • [#​5104] remove the druid dependency in ConnectionProxy
  • [#​5124] support oracle on delete tccfence logs
  • [#​4468] support kryo 5.3.0
  • [#​4807] optimize docker image and oss publish
  • [#​4445] optimize transaction timeout judgment
  • [#​4958] do not execute triggerAfterCommit() if timeout
  • [#​4582] redis mode support sorted set by timeout
  • [#​4963] add ARM64 CI workflow
  • [#​4434] remove seata-server's CMS parameters

Thanks to these contributors for their code commits. Please report an unintended omission.

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.

v1.5.2: (Not Apache release)

Seata 1.5.2 Released.

Seata is an easy-to-use, high-performance, open source distributed transaction solution.

The version is updated as follows:

feature:
  • [#​4661] support xid consistency load balance
  • [#​4676] support server to expose Nacos services by mounting SLB
  • [#​4642] support batch message parallel processing
  • [#​4567] support where method condition(find_in_set)
bugfix:
  • [#​4515] fix the error of SeataTCCFenceAutoConfiguration when database unused
  • [#​4661] fix sql exception with PostgreSQL in module console
  • [#​4667] fix the exception in RedisTransactionStoreManager for update map During iteration
  • [#​4678] fix the error of key transport.enableRmClientBatchSendRequest cache penetration if not configure
  • [#​4701] fix missing command line args
  • [#​4607] fix bug on skipping lock check
  • [#​4696] fix oracle database insert value
  • [#​4726] fix batch message send may return NullPointException
  • [#​4729] fix set AspectTransactional.rollbackForClassName with wrong value
  • [#​4653] fix the sql exception when pk is non-numeric in INSERT_ON_DUPLICATE SQL
optimize:
  • [#​4650] fix some security vulnerabilities
  • [#​4670] optimize the thread pool size of branchResultMessageExecutor
  • [#​4662] optimize rollback transaction metrics
  • [#​4693] optimize the console navigation bar
  • [#​4700] fix maven-compiler-plugin and maven-resources-plugin execute failed
  • [#​4711] separate lib dependencies for deployments
  • [#​4720] optimize pom description
  • [#​4728] upgrade logback dependency to 1.2.9
  • [#​4745] support mysql8 in release package
  • [#​4626] Replace flatten-maven-plugin with easyj-maven-plugin to fix the conflict between shade and flatten
  • [#​4629] check relation of before status and after status when updating global session
  • [#​4662] make EnhancedServiceLoader more readable
test:
  • [#​4544] optimize jackson dependencies in TransactionContextFilterTest
  • [#​4731] fix UT failed in AsyncWorkerTest and LockManagerTest

Thanks to these contributors for their code commits. Please report an unintended omission.

Also, we receive many valuable issues, questions and advices from our community. Thanks for you all.


  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jan 6, 2026
@mend-for-github-com mend-for-github-com bot changed the title Update dependency io.seata:seata-server to v1.7.1 Update dependency io.seata:seata-server to v1.7.1 - autoclosed Jan 23, 2026
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/io.seata-seata-server-1.x branch January 23, 2026 01:42
@mend-for-github-com mend-for-github-com bot changed the title Update dependency io.seata:seata-server to v1.7.1 - autoclosed Update dependency io.seata:seata-server to v1.7.1 Jan 27, 2026
@mend-for-github-com mend-for-github-com bot reopened this Jan 27, 2026
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/io.seata-seata-server-1.x branch 2 times, most recently from afe29cf to f34f538 Compare January 27, 2026 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants