Hitachi Content Intelligence v2.2.1 Release Notes
About this document
This document provides information about the Hitachi Content Intelligence (HCI) software, including new features, important enhancements, as well as fixed and known issues.
Intended audience
This document is intended for system administrators, Hitachi Vantara representatives, and authorized service providers who configure and operate the HCI software.
About this release
This release of HCI applies a critical CVE fix around Apache Commons Text for CVE-2022-42889.
Major features
General updates
This release of HCI addresses a critical CVE regarding Apache Commons Text v1.6 for CVE-2022-42889. The vulnerability has been fixed by upgrading Apache Commons Text to v1.10 in our product.
For more information, see Resolved CVEs.
Resolved issues
|
Issue |
Area affected |
Description |
Outcome |
| HCI-8378 | Security | The Apache Commons Text v1.6 JAR file used in HCI is associated with critical CVE-2022-42889 . | The vulnerability was addressed by upgrading Apache Commons Text v1.6 to Apache Commons Text v1.10.
For more information, see Resolved CVEs. |
Known issues
|
Issue |
Area affected |
Description |
Outcome/Workaround |
| HCI-286 | Workflow Designer App | Using Retry Failed Documents manually in a workflow that has failures doesn't add to the output metrics after it has successfully indexed those files. | The results of the Retry Failed Documents setting do not affect output metrics and the files are still indexed successfully. |
| HCI-353 | Job Driver | When attempting to migrate data to a namespace that has already hit its hard quota, 413 errors are received without any failure notifications in the workflow. The failures are instead reported in the advanced historic metrics. | N/A |
| HCI-1047 | Content Monitor App | Replication links with forward slashes (/) do not appear in the Replication metrics. | Replace the forward slashes in the Replication link name with any other ASCII character (space, %, etc.). |
| HCI-1737 | Workflow Designer | Enabling Process all documents ignores the HCP and Sharepoint connector's directories when a workflow is resumed. | N/A |
| HCI-1918 | Metrics | Metrics service cannot be scaled to twice the current number of instances. |
|
| HCI-6103 | Workflow Designer App |
On a multi-node cluster, if one of the nodes goes down, the workflow halts with a task error. The task error states that the driver heap limit is too low for the workflow, but raising this value in the workflow settings does not restart the workflow. |
The workflow-agent job type is configured to run on all nodes in a cluster by default. Scaling the workflow-agent off of the bad node will allow workflows to resume. |
| HCI-6109 | Admin App | HCI enters a bad state after rebooting 2 of the 3 master nodes available on a 4-node cluster. | Reboot all HCI master nodes at the same time and the clusters will return normally. |
| HCI-6128 | Metrics | Metrics from historical logs are ignored after an update and present an OOM message. |
If you notice your imported logs missing after update, reimport them and the metrics will display correctly. |
| HCI-6304 | Workflow Designer App | Testing a data connection accessible by proxy shows a blank certificate and cancelling it makes the system seem unresponsive. |
If your data connection can only be accessed by proxy and requires a certificate, download the certificate from the other system and manually add it to the Admin App To do this, navigate to Configuration > Certificates > Client and click UPLOAD CLIENT CERTIFICATE. |
| HCI-6540 | Solr | During an update, Solr shards appear in the Gone state if Marathon references the old port number and node name pairing when starting the Solr service. |
Delete the Gone shards:
|
| HCI-6857 | Search App | Search App exclusive users with bulk action permissions are able to see Workflow Designer as an option in their SSO menu. Clicking it presents a message telling the user the page cannot be displayed. | N/A |
| HCI-7020 | Admin App | When updating from HCI 1.6.x to 1.10.1, the doc folder is owned by root on several nodes in the cluster, causing an update failure. | Changing the user from root to hci and retrying the failure resolves the issue. |
| HCI-7341 | Solr | When attempting to recreate a delete Solr collection with a different initial schema, the old schema is still present in the UI. This is an internal HCI ticket to track the progress of SOLR-15674, which was filed directly with Apache. | N/A |
| HCI-7366 | Search App | The autocomplete functionality of the search bar in Search App does not work for file names in Chinese after reindexing text field changes. | N/A |
| HCI-7368 | Solr | If an index is created without using a SolrCloud connection URL, attempts to create bulk actions using the index will fail. | N/A |
| HCI-7369 | Solr | When attempting to remove a copy field from an index, the delete fails with a "Collection not found" error and the index is unable to be written to. | N/A |
| HCI-7370 | Solr | Solr can only use comparatives with small numbers and returns 0 results (in error) when using larger ones. | N/A |
| HCI-8242 | Import | Importing a Solr alias bundle containing an index associated with HCP for Cloud Scale Bucket Indexing results in an error. |
|
| HCI-8243 | Import | After importing specific components from a bundle, an error message is received when attempting to add additional components. | Import the bundle in its entirety. If the error persists, contact your Hitachi Vantara representative. |
Resolved CVEs
This table lists the high and critical CVEs that no longer affect HCI as of v2.2.1. For more information, refer to https://nvd.nist.gov.
|
Issue |
Area affected |
Description |
| CVE-2022-42889 | Apache Commons Text |
Apache Commons Text vulnerability Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. For more information on this CVE, see https://nvd.nist.gov/vuln/detail/CVE-2022-42889. Resolution HCI has upgraded Apache Commons Text v1.6 to Apache Commons Text v1.10, which fixed the issue. |
System requirements
This section lists the hardware, networking, and operating system requirements for running an HCI system with one or more instances.
Hardware requirements
This table shows the minimum and recommended hardware requirements for each instance in an HCI running Hitachi Content Search.
|
Resource |
Minimum |
Recommended |
|
RAM |
16 GB |
32 GB |
|
CPU |
4-core |
8-core |
|
Available disk space |
50 GB |
500 GB |
Software requirements
The following table shows the minimum requirements and best-practice software configurations for each instance in an HCI system.
| Resource | Minimum | Best |
| IP addresses | (1) static | (2) static |
| Firewall Port Access | Port 443 for SSL traffic
Port 8000 for System Management App GUI Port 8888 for Content Search App GUI |
Same |
| Network Time | IP address of time service (NTP) | Same |
Operating system and Docker minimum requirements
Each server or virtual machine you provide must have the following:
- A 64-bit Linux distribution
- Docker version 1.13.1 or later installed
- IP and DNS addresses configured
Additionally, you should install all relevant patches on the operating system and perform appropriate security hardening tasks.
- Install the current Docker version suggested by your operating system, unless that version is earlier than 1.13.1. The system cannot run with Docker versions prior to 1.13.1.
- HCI will not function on an operating system that uses cgroups v2. If your system currently utilizes it, you must downgrade to cgroups v1 prior to installation.
Operating system and Docker qualified versions
This table shows the operating systems, as well as the Docker and SELinux configurations, on which this HCI release was qualified. It acts a point of reference for our customers to better share how we operate within our internal environment and does not represent any requirements that need to be followed within your own.
| Operating system | Docker version | Docker storage configuration | SELinux setting |
| CentOS 7.6 | Docker 18.03.1-ce | device-mapper | Enforcing |
| CentOS 8.1 | Docker 19.03.13 | overlay2 | Enforcing |
| Red Hat Enterprise Linux 8.1 | Docker 20.10.14 | overlay2 | Enforcing |
| Ubuntu 18.04.4 LTS | Docker 18.03.1-ce | overlay2 | Not Installed |
Docker considerations
The Docker installation folder on each instance must have at least 20 GB available for storing the HCI Docker images.
Make sure that the Docker storage driver is configured correctly on each instance before installing HCI. To view the current Docker storage driver on an instance, run docker info.
If you are using the Docker devicemapper storage driver:
- Make sure that there's at least 40 GB of Docker metadata storage space available on each instance. HCI needs 20 GB to install successfully and an additional 20 GB to successfully update to a later version. To view Docker metadata storage usage on an instance, run docker info.
- On a production system, do not run
devicemapperinloop-lvmmode. This can cause slow performance or, on certain Linux distributions, HCI might not have enough space to run.
SELinux considerations
You should decide whether you want to run SELinux on system instances and enable or disable it before installing HCI. To enable or disable SELinux on an instance, you must restart the instance. To view whether SELinux is enabled on an instance, run: sestatus
To enable SELinux on the system instances, use a Docker storage driver that supports it. The storage drivers that SELinux supports differ depending on the Linux distribution you're using. For more information, see the Docker documentation.
Time source requirements
If you are installing a multi-instance system, each instance should run NTP (network time protocol) and use the same external time source. For information, see support.ntp.org.
Supported browsers
The following browsers are qualified for use with HCI software. Other browsers or versions might also work.
- Google Chrome (latest version as of the date of this publication)
- Microsoft Edge (latest version as of the date of this publication)
- Mozilla Firefox (latest version as of the date of this publication)
Documentation set
Along with your release notes, the following guides and documentation comprise the full set of HCI reference documentation:
- Hitachi Content Intelligence Installing Hitachi Content Intelligence
- Hitachi Content Intelligence Deploying the HCI Example OVF
- Hitachi Content Intelligence (HCI) Getting Started Guide
- Hitachi Content Intelligence Workflow Designer Help
- Hitachi Content Intelligence Search Help
- Hitachi Content Intelligence Content Monitor Help
- Hitachi Content Intelligence Administrator Help
To learn more, visit the HCI Knowledge page.