Release notes version 7.2.0.x

• Added a migration script for existing applications and toolkits that utilized streams_boost. See the product-installation-root-directory/7.2.0.1/bin/streams-boost-migration-tool.sh script for more information.
• Enhanced keystore and certificate bundling
  • When exporting keystores, a value of all may be used to export all keystores into a single one grouped by aliases.
  • Added new --ext option to streamtool gencertificate to allow setting X.509 v3 certificate extension fields.
  • Updated streamtool renewcertificate to preserve dn and extension
• Improved streamtool resource clean up
• Improved security of temporarily file usage by restricting permissions

Core product

• Addressed initialization issues while running with Java 21 or higher
• Fixed issue where root user was unable to uninstall Streams
• Improved data service startup and recovery
• Fixed the following SPL compiler issues:
  • JVM allocation was not working with Java 17.0.15
  • Compiler did not immediately produce an error when an invalid expression in output clause was found. Issue was introduced in 4.3.0.
• Fixed an issue handling the "$" character in streamtool command-line arguments
• Fixed the following application runtime issues for Java operators:
  • Operator classloading was not correct in certain situations
  • Ordered JSONs were not correctly ordered

Toolkits

• Reduced toolkit migration script scope to shipped toolkits only
• Fixed Boost library linking bug by removing dependency on Boost::Filesystem in the following toolkit operators:
  • Cybersecurity - DomainProfiling, HostProfiling, BWListTagger
  • TEDA - BloomFilter
  • Timeseries - DSPFilter2, DSPFilterFinite, GAMLearner, GAMScorer, Kalman
• CrossDCFailover:
  • Improved SQL queries to better utilize prepared statements
• DPS:
  • Fixed several incorrect trace messages levels to be INFO instead of ERROR
  • Improved memory safety by utilizing std::strings
• Inetserver:
  • Fixed websocket servlet initialization
• Network:
  • Fixed filesystem and initialization issues in the IPASNEnricher and IPSpatialEnricher operators
  • Ship source files for operator-to-DPDK bridge. Compatible with DPDK 22 and higher
• TEDA:
  • Fixed Perl module and module lookup issue
• Timeseries:
  • Corrected C++ namespace for native functions
  • Fixed Java library dependency bug in BoundedAnomalyDetector, BATS, and HoltWinters3 operators
• Topology:
  • Fixed Python 3.9 and higher support
  • Fixed kafka and mqtt messaging support
• Websocket:
  • Utilize stream operator threads
  • Improve closed connection handling

The following security vulnerabilities have been fixed in this release:

• CVE-2025-23184
• CVE-2025-26791
• CVE-2025-27817
• CVE-2025-27818
• CVE-2025-46762

Third-party libraries have been updated for currency and security reasons. This includes the following primary dependencies which were updated to the specified versions.

Core product

• Upgraded IBM WebSphere Liberty to 25.0.0.5
• Upgraded SLF4J to 2.0.17
• Upgraded ICU4J to 77.1

Toolkits

• DPS: upgraded hiredis to 1.3.0
• Hbase: upgraded hbase to 2.6.2-hadoop3
• Kafka: upgraded kafka-client to 3.9.1
• MessageHub: upgraded kafka-client to 3.9.1
• ObjectStorage: upgraded ibm-cos-java-sdk-bundle to 2.14.1
• Rabbitmq: upgraded amqp-client to 5.25.0

Core product

• Product has been renamed to Teracloud Streams
  • Teracloud Streams is the continuation of the proven IBM Streams technology. The product was acquired from IBM by 21CS, a subsidiary of Teracloud, and initially branded as 21CS Streams. As part of our strategy to unify our product portfolio, it has now been rebranded as Teracloud Streams. This transition preserves the robust capabilities that enterprises have relied upon while enabling accelerated innovation and modernization under Teracloud's leadership.
  • As part of this transition, some aspects of the product have changed:
    • The default installation directory has changed to /opt/teracloud/streams (for root user installation) and $HOME/teracloud/streams (for non-root user installation).
    • The name of the system service was changed from ibm-streams-domain-id to teracloud-streams-domain-id. If the domain ID contains globalization characters, the system service name will be encoded.
• Support for Red Hat Enterprise Linux (RHEL) 8.10 and 9.4 or later
• Streams now requires a Java Development Kit (JDK) 17 or later install
  • IBM JDK 8 is no longer required nor shipped with the product. Users can now use any JDK 17 or later installation from their favorite vendor. See Java requirements, options, and settings for Teracloud Streams for more information and to configure the JDK to be used with Streams.
• Support for Java 17 and C++ 17
  • With the jump to newer RHEL and JDK versions, applications now support Java 17 and C++ 17 features.
    Important: Existing C++ and Java operators may require changes in order to be compiled. See Oracle's JDK Migration Guide for removed Java APIs, Changes between C++11 and C++14, and Changes between C++14 and C++17 for removed C++ features.
• New Python Operator
  • Add python scripts to your SPL application using Python operators. See Developing Python primitive operators to get started.
• Enhanced REST API
  • Manage your domain and instances with the new REST API. As part of this enhancement, domains now have a new rest service. Additionally, a live view of the REST API reference is now provided with every running domain. See the new REST API reference for a full list of capabilities.
• New Data Exchange feature
  • Directly inject and retrieve tuples from an application using a REST API backed by the Streams Authentication and Authorization service. For more information, see Enabling Streams data exchange.
• TLS 1.3 is now the default cryptographic protocol
  • To make Streams more secure by default, TLS 1.3 is enabled for service-to-service communication and PE-to-PE communication. If the protocol needs to be changed, see Changing the cryptogrpahic protocol and Configuring transport mechanisms.
• Additional enhancements and fixes
  • Keystores for domains now use pkcs12 format instead of JKS.
  • PE containers now gracefully handle disconnected clients.
  • Applications using Export operators better clean up dynamic connections.

Toolkits

• Toolkits have been rebranded to Teracloud Streams
  • Toolkit namespaces have changed from com.ibm.streams[x]. to com.teracloud.streams. to standardize naming conventions and easily identify which toolkits are supported by Teracloud. To help migrate existing applications to the new namespace, see the product-installation-root-directory/7.2.0.0/bin/teracloud-toolkit-migration-tool.sh script.
  • As part of the rebranding, all toolkit major version number have been incremented and require Streams 7.2.0.0 or later product versions.
• New toolkits
  • crossdcfailover - Provides application-level failover across two data centers enabling Disaster Recovery (DR) and Business Continuity (BC)
  • inetserver - Provides support HTTP-Server operators and functions
• Username support for Redis data stores in the DPS toolkit
  • Redis 6 introduced Access Control Lists (ACLs) which allows a username to be specified in the AUTH commands. The DPS toolkit has been updated to allow for this support in the store configuration. See the DPS toolkit reference for more information.