Release 10.15.3
Management Tools

PAM-34268
Code coverage broken by wrong correlator MD5 hashes on UTF8 BOM files.
epl_coverage uses a hash comparison for locating the files in the specified source directory. An issue has been fixed so that this will now work for files in a non-UTF-8 locale, or with a UTF-8 byte order marker, which previously would have been missed.
Designer

PAM-34304
ApamaDoc and Designer provide incorrect action return type from action body.
Action variables declared in the body of an action could cause incorrect ApamaDoc to be generated for the outer action. This issue has now been fixed.
EPL Plug-ins

PAM-33912
Old C/C++ EPL plug-in API still exists.
Some files such as the header files AP_CorrelatorInterface.hpp and AP_PluginCommon.h from the old plug-in API removed in 10.15 still existed in the product. These files were not required and any plug-ins which still include them should remove the reference.
Cumulocity IoT Transport

PAM-34264
Unable to send email with empty bcc field.
Starting with 10.16, Cumulocity IoT platform performs more strict validations on incoming fields of email requests. When bccfield of SendEmail is empty, the Apama HTTP client for Cumulocity IoT incorrectly forwarded the bcc field as an empty string instead of as a JSON array causing the requests to be rejected. This issue has now been fixed.
Connectivity and Adapters

PAM-34206
The measurement payload contains null keys.
A regression was introduced in 10.15 when a measurement was received containing multiple fragments/series with multiple "value and unit" entries. NULL keys were generated in the resulting representation. This issue has now been fixed.
Correlator

PAM-34259
Vulnerable third party component Snakeyaml used.
SnakeYAML has been updated to version 2.0 to resolve vulnerabilities associated with earlier versions. The Jackson project libraries have been upgraded to be compatible with the SnakeYAML version.

PAM-34221
Type mismatch while trying to cast actions.
If calling anything that resulted in a call to any.getaction(), this could cause an incorrect cast exception or cause a crash. This has now been fixed.

PAM-34178
Vulnerable component OpenSSL (1.1.x and 3.0.x).
OpenSSL has been updated to version 3.0.8 to resolve high severity vulnerabilities.

PAM-34176
Support cgroups v2 and fix v1 to check /proc/self/cgroups.
Support has been added for cgroups v2 and the implementation of cgroups v1 has been fixed.

PAM-34124
persistenceStoreLocation created even if persistence is disabled.
The correlator does not validate the persistence storeLocation value when persistence is disabled, and will treat the empty string the same as being unset (uses the current working directory).