Scan bug identified (CLIENT-1637)

A bug might occur when a client performing a scan hits a “Partition Unavailable” during an unstable cluster (in both high availability (AP) and strong consistency (CP) modes). Previous versions of the client aborted the scan and put the connection back into the pool, which might cause unprocessed results to be sent to a different transaction (of the same client), possibly resulting in incorrect application behavior. This has been fixed by Java Clients 5.1.11 and 4.4.20, C# Clients 4.2.7 and 3.9.15, C Clients 5.2.6 and 4.6.24.

Partition scans were added in Aerospike Database 4.9. If you make use of scans, we strongly recommend that you upgrade your clients at the earliest opportunity. We will be updating this post as new patched clients are released (please watch it for notifications by email). If you do not use scans you are unaffected. If you use Aerospike Database < 4.9 you are unaffected.

Also, one client cannot affect another client. This means, for example, that an asbackup running in the background against an Aerospike Database 5.6, which is migrating due to a cluster change, and hitting this bug, cannot affect another application built on the Java client.

Upgrade Notes

Applications that work with Aerospike Database versions < 4.9 are built on clients that do not have partition scans, and which are therefore unaffected.

Java Client

  • Users of the Java client < 4.4.9 are unaffected.
  • Users of Java client 5.1.x should upgrade to Java client 5.1.11.
  • Users of Java client 5.0.0 - 5.0.7 that do not use Policy.priority , ScanPolicy.scanPercent or ScanPolicy.failOnClusterChange, can safely upgrade to Java client 5.1.11.
  • Users of Java client 4.4.9 - 4.4.18 should upgrade to Java client 4.4.20.

C Client

  • Users of the C client < 4.6.14 are unaffected.
  • Users of C client 5.2.x should upgrade to C client 5.2.6.
  • Users of C client 5.1.0 - 5.1.1 that do not use as_scan.priority, as_scan.percent , as_policy_scan.fail_on_cluster_change, don’t rely on sending a password hash when using authentication, can safely upgrade to C client 5.2.6.
  • Users of C client 4.6.14 - 4.6.23 should upgrade to C client 4.6.24.

C# Client

  • Users of the C# client < 3.9.4 are unaffected.
  • Users of C# client 4.2.x should upgrade to C# client 4.2.7.
  • Users of C# client 4.0.0 - 4.1.6 that do not use Policy.priority, ScanPolicy.scanPercent and ScanPolicy.failOnClusterChange, can safely upgrade to C# client 4.2.7.
  • Users of C# client 3.9.4 - 3.9.14 should upgrade to C# client 3.9.15.

Python Client

  • Users of the Python client < 4.0.0 are unaffected.
  • Users of Python client 6.0.0 should upgrade to Python client 6.1.0.
  • Users of Python client 5.0.0 that do not use the Scan options priority, percent, and Scan policy fail_on_cluster_change, and are on Python 3.6+, can safely upgrade to Python client 6.1.0.

Node.js Client

  • Users of the Node.js client < 3.16.0 are unaffected.
  • Users of Node.js client 3.16 should upgrade to Node.js client 3.16.7

REST Client

  • Users of the REST client < 1.3.0 are unaffected.
  • Users of REST client 1.7.0 - 1.10.3 should upgrade to REST client 1.10.4.
  • Users of REST client 1.3.0 - 1.6.4 using Aerospike Database version >= 4.9 can safely upgrade to REST client 1.10.4.

Unaffected Clients

Our initial assessment is that the following clients are unaffected.

Go Client

  • Users of the Go client < 4.2.0 are unaffected.
  • Newer versions of the Go client are unaffected.

Ruby Client

Partition scanning hasn’t been added yet to the client.

Rust Client

Partition scanning hasn’t been added yet to the client.

PHP Client

Partition scanning hasn’t been added yet to the client.

Aerospike Node.js Client Release 3.16.5 (April 14, 2021)
Aerospike Node.js Client Release 3.16.6 (July 13, 2021)
Aerospike Python Client Release 5.0.0 (February 17, 2021)
Aerospike Python Client Release 6.0.0 (May 10, 2021)
Aerospike C# Client Release 4.2.6 (November 22, 2021)
Aerospike C# Client Release 4.2.4 (October 18, 2021)
Aerospike C# Client Release 4.2.3 (September 17, 2021)
Aerospike C# Client Release 4.2.2 (August 11, 2021)
Aerospike C# Client Release 4.2.1 (July 15, 2021)
Aerospike C# Client Release 4.1.3 (February 5, 2021)
Aerospike C# Client Release 4.1.1 (December 18, 2020)
Aerospike C# Client Release 4.0.1 (October 28, 2020)
Aerospike C Client Release 4.6.14 (April 5, 2020)
Aerospike C Client Release 4.6.15 (April 28, 2020)
Aerospike C Client Release 4.6.16 (May 11, 2020)
Aerospike C Client Release 4.6.17 (July 9, 2020)
Aerospike C Client Release 4.6.21 (April 13, 2021)
Aerospike C Client Release 4.6.22 (May 25, 2021)
Aerospike C Client Release 5.1.1 (March 22, 2021)
Aerospike C Client Release 5.2.0 (April 30, 2021)
Aerospike C Client Release 5.2.1 (June 15, 2021)
Aerospike Java Client Release 4.4.9 (February 11, 2020)
Aerospike Java Client Release 4.4.11 (May 6, 2020)
Aerospike C# Client Release 4.2.0 (April 30, 2021)
Aerospike C# Client Release 4.1.5 (March 17, 2021)
Aerospike C Client Release 4.6.23 (July 12, 2021)
Aerospike C Client Release 5.1.0 (February 5, 2021)
Aerospike C Client Release 5.2.2 (July 26, 2021)
Aerospike C Client Release 5.2.3 (August 27, 2021)
Aerospike C Client Release 5.2.4 (September 29, 2021)
Aerospike C Client Release 5.2.5 (October 5, 2021)
Aerospike Java Client Release 4.4.10 (April 5, 2020)
Aerospike Java Client Release 4.4.16 (August 14, 2020)
Aerospike Java Client Release 4.4.18 (September 22, 2020)
Aerospike Java Client Release 5.0.0 (October 21, 2020)
Aerospike Java Client Release 5.0.1 (November 11, 2020)
Aerospike Java Client Release 5.0.2 (December 11, 2020)
Aerospike Java Client Release 5.0.3 (January 22, 2021)
Aerospike C# Client Release 4.1.6 (April 14, 2021)
Aerospike C# Client Release 4.1.4 (March 2, 2021)
Aerospike C# Client Release 4.1.2 (January 19, 2021)
Aerospike C# Client Release 4.1.0 (December 8, 2020)
Aerospike C# Client Release 4.0.3 (November 11, 2020)
Aerospike C# Client Release 4.0.2 (November 2, 2020)
Aerospike C# Client Release 4.0.0 (October 21, 2020)
Aerospike C Client Release 4.6.18 (August 14, 2020)
Aerospike C Client Release 4.6.19 (November 30, 2020)
Aerospike C Client Release 4.6.20 (February 8, 2021)
Aerospike Java Client Release 4.4.12 (May 27, 2020)
Aerospike Java Client Release 4.4.13 (June 10, 2020)
Aerospike Java Client Release 4.4.14 (June 26, 2020)
Aerospike Java Client Release 4.4.15 (July 15, 2020)
Aerospike Java Client Release 5.0.4 (February 5, 2021)
Aerospike Java Client Release 5.0.7 (April 11, 2021)
Aerospike Java Client Release 5.1.4 (June 24, 2021)
Aerospike Java Client Release 4.4.17 (August 17, 2020)
Aerospike Java Client Release 5.0.5 (February 24, 2021)
Aerospike Java Client Release 5.0.6 (March 31, 2021)
Aerospike Java Client Release 5.1.0 (April 30, 2021)
Aerospike Java Client Release 5.1.1 (May 10, 2021)
Aerospike Java Client Release 5.1.2 (May 12, 2021)
Aerospike Java Client Release 5.1.6 (August 2, 2021)
Aerospike Java Client Release 5.1.7 (August 6, 2021)
Aerospike Java Client Release 5.1.8 (September 20, 2021)
Aerospike Java Client Release 5.1.3 (June 8, 2021)
Aerospike Java Client Release 5.1.5 (June 29, 2021)
Aerospike Java Client Release 5.1.9 (November 11, 2021)
Aerospike Java Client Release 5.1.10 (November 19, 2021)
Aerospike Node.js Client Release 3.16.0 (May 18, 2020)
Aerospike Node.js Client Release 3.16.1 (June 30, 2020)
Aerospike Node.js Client Release 3.16.2 (December 4, 2020)
Aerospike Node.js Client Release 3.16.3 (February 9, 2021)
Aerospike Node.js Client Release 3.16.4 (February 21, 2021)

Updated this announcement on December 18 2021 at 7:40pm pacific.

Updates REST client information on December 20 2021 at 8:50am pacific.

Updated the description of the bug, and information about the Python, Node.js and Go clients, on December 20 2021 at 1:41pm pacific.

Updated with information for the new backports on January 3rd 9:48pm pacific:

  • Java client 4.4.19 for anyone on Java client versions 4.4.9 - 4.4.18
  • C client 4.6.24 for anyone on C client versions 4.6.14 - 4.6.23

Also we determined that the Go client is unaffected by this bug.

Updated with information on the new backports on January 5th at 7pm pacific:

  • Java client 4.4.20 (instead of 4.4.19, which had missing artifacts) for anyone on Java client versions 4.4.9 - 4.4.18
  • C# client 3.9.15 for anyone on C# client 3.9.4 - 3.9.14

The new Node.js client 3.16.7 gives any 3.16.x user an upgrade that fixes this problem. Updated on January 10 at 9pm pacific.

© 2021 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.