Today we're releasing version v2.1.0 of the Meroxa CLI, which includes python3 support for Turbine and additional UX improvements:
With Meroxa CLI version v2.0.2, if you're running a CLI built from source, you should expect to see exactly what git commit sha you are running and some extra information.
With Meroxa CLI version v2.0.0, we're introducing a new set of commands to operate with Turbine Data Applications, and we're also deprecating the ones that won't apply going forward. New commands are:
apps deployto deploy a Turbine Data Application.
apps describeto inspect more information about your Turbine Data Application.
apps initto initialize a new Turbine Data Application locally in the language of your choice.
apps listto list all your available Turbine Data Applications.
apps removeto remove a Turbine Data Application.
apps runto run locally a Turbine Data Application.
build describeto inspect a Meroxa Process Build.
build logsto a Meroxa Process Build's Logs.
If you want to read more about the Turbine Data Applications Beta check out the beta overview. If you wanted to get started building your first Turbine Data Application, check out our documentation to get started.
On December 10th, 2021 researchers published details of an exploit affecting the popular Java logging library Log4j (CVE-2021-44228). The vulnerability in question exploited a feature (Lookups) introduced into v2.x that would allow for malicious messages logged via the system to be interpreted, ultimately allowing the execution of arbitrary code.
The Meroxa Data Platform is largely built on Go (Golang) and as such exposure to this CVE is very limited. Specifically Java (and therefore Log4j) is only used by Apache Kafka and the various Apache Kafka ecosystem components deployed on the platform.
In the case of Apache Kafka and Apache Kafka Connect, both use Log4j-v1.2.17 which is not affected by the recently disclosed vulnerability. You can find more details on the Apache Kafka website (CVE list).
Kafka Connect Connectors however can utilize different versions of the Log4j library. As such we have audited all connectors currently supported on the platform and have deployed updated (remediated) versions. Specifically we have upgraded to versions using Log4j v2.16.0 which removes the feature entirely that introduced the vulnerability.
Additionally we have audited our configurations to confirm that no user generated data is logged via any supported connectors further limiting the ability for this vulnerability to be exploited on the Meroxa Data Platform.
We will of course continue to monitor developments related to the CVE and will take any actions necessary to ensure the security of our platform.
$ meroxa resources create sourcedb --type cosmosdb --url cosmosdb://$COSMOS_ACCOUNT_NAME:$COSMOS_PRIMARY_KEY@$COSMOS_ACCOUNT_NAME.documents.azure.com:443/$COSMOS_DATABASE
With the release of Meroxa CLI version v1.4.0, we've updated the output of the
connector describe command to display the error trace of failed connectors.
With Meroxa CLI version v1.3.0, we're introducing some changes on two commands that operate with Meroxa Connectors.
With Meroxa CLI version v1.2.0, we're adding the
--no-headers option to any command that lists a Meroxa Platform resource.
This option is useful when performing scripting operations that depends on a specific number.