Open Source News + Security Updates
This week, read about:
Linux Kernel Vulnerabilities:
Angular 17.2.4
COMPILER-CLI
CORE:
Docker/compose 2.24.7
Fixes:
Improvements:
Internal:
Dependencies:
Changelog:
New Contributors:
Gitlab-foss 16.7.7
Fixed (1 change):
Security (1 change):
Fixed (3 changes):
Security (2 changes):
Fixed (2 changes):
Security (2 changes):
Grafana 10.3.4
Features and enhancements:
Bug fixes:
Breaking changes:
Features and enhancements:
Bug fixes
Breaking changes:
Plugin development fixes & changes:
Features and enhancements:
Bug fixes:
Features and enhancements:
Bug fixes:
Bug fixes:
Bug fixes:
Node.JS 21.7.1
Notable Changes:
Commits:
[0dfe810ac7] - benchmark: update iterations of benchmark/async_hooks/async-local- (Lei Shi) #51420
[625c9e0ac9] - benchmark: update iterations of benchmark/domain/domain-fn-args.js (Lei Shi) #51408
[7ff3551bad] - build: fix arm64 host cross-compilation in GN (Cheng Zhao) #51903
[fd86ea8b71] - Revert "build: workaround for node-core-utils" (Richard Lau) #51975
[23c32ab3a7] - build: respect the NODE env variable in Makefile (Antoine du Hamel) #51743
[9617adc064] - Revert "build: fix warning in cares under GN build" (Luigi Pinca) #51865
[5864534095] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #51948
[fcf235d623] - doc: add policy for distribution (Geoffrey Booth) #51918
[87d2acc8b1] - doc: fix actual result of example is different in events (Deokjin Kim) #51925
[5908c121c6] - doc: clarify Corepack threat model (Antoine du Hamel) #51917
[20e0ba3b94] - doc,module: clarify hook chain execution sequence (Jacob Smith) #51884
[4d997971ac] - lib: make sure close net server (theanarkh) #51929
[fcc6d54aa3] - lib: return directly if udp socket close before lookup (theanarkh) #51914
[10aaabd158] - meta: bump github/codeql-action from 3.23.2 to 3.24.6 (dependabot[bot]) #51942
[78f38a0143] - meta: bump actions/upload-artifact from 4.3.0 to 4.3.1 (dependabot[bot]) #51941
[42ca5452c4] - meta: bump codecov/codecov-action from 4.0.1 to 4.1.0 (dependabot[bot]) #51940
[015a157375] - meta: bump actions/cache from 4.0.0 to 4.0.1 (dependabot[bot]) #51939
[e476cb4a32] - meta: bump actions/download-artifact from 4.1.1 to 4.1.3 (dependabot[bot]) #51938
[67e8001790] - meta: bump actions/setup-node from 4.0.1 to 4.0.2 (dependabot[bot]) #51937
[50343636e8] - src: fix --disable-single-executable-application (Joyee Cheung) #51808
[a48c9ca0db] - stream: do not defer construction by one microtick (Matteo Collina) #52005
[bee3b364f9] - test: add regression test for test_runner after hook (Colin Ihrig) #51998
[fff7f48f50] - test: reduce flakiness of test-runner-output (Antoine du Hamel) #51952
[57ba8f5acb] - test: fix flaky http-chunk-extensions-limit test (Ethan Arrowood) #51943
[9d2c03990a] - test: remove flaky designation (Luigi Pinca) #51736
[e992af81d3] - test: skip SEA tests when SEA generation fails (Joyee Cheung) #51887
[85aa6ca850] - Revert "test_runner: do not invoke after hook when test is empty" (Colin Ihrig) #5199
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Linux kernel vulnerabilities
Ansible-Core 2.16.4
Bugfixes:
Ansible AWX 23.9.0
What's Changed:
* Updated the release doc to check for awxkit tar files
* Removed `tower_legacy` module_utils that appears unused
* Added tests for websocket endpoints
* Disabled ``install_bundle`` endpoint for ingress node
* Updated release notes so they do not require maintenance
* Fixed problems with workflow nodes information section
* Labeled any changes to requirements folder with dependencies label
* Allowed dev image to build on fork
* Added YAML tab for Job Output event modal
* Added the ability to use awxkit with websocket custom URLs
* Fixed login rerouting on the user's current tab
* Fixed typo in French message
* Added new French translations on various UI screen messages
* Fixed error in French message translation of the User Details screen
* Added support for Terraform credentials in awxkit
* Added multi-arch build for AWX images in ghcr.io
* Fixed graphics, illustrations, tables, examples, and sizing associated with the Managing Capacity with Instances chapter of the *Administration Guide*
* Improved the performance for migration middleware
* Enhanced the dashboard Job Summary endpoint to contain canceled and error job counts
* Fixed ``project_update`` role/collection install
* Added ``# -*-coding:utf-8-*-`` to allow users to have Japanese, Chinese, and Korean characters in email messages
* Removed ability to use the bulky test-playbooks in tests where possible
* Sent ``QUIT`` to worker before terminating
* Fixed diagram for hop node in Instances chapter of the *Administration Guide* and added introduction text to LDAP chapter to fix formatting abnormality
* Fixed CVEs and bump receptorctl version
* Fixed ``ui_next`` banner in the AWX User Interface
* Published multi-arch manifest of AWX
* Published multi-arch for AWX execution environments
Jenkins 2.447
1. Use the symbol for parameters in build history of pending jobs. (pull 8977))
2. Do not show empty tooltips. (issue 71148))
3. Developer: Update Stapler from 1822.v120278426e1c to 1839.ved17667b_a_eb_5 to no longer generate line JavaScript with Stapler bound objects to improve compatibility with ContentSecurityPolicy Plugin. (Stapler 1839.ved17667b_a_eb_5 Release Notes))
Keycloak 24.0.0
Highlights:
The following are a few highlights of this feature;
All resolved issues
New features:
#15190 RestAPI endpoint "send-verify-email" sending execute actions email template. admin/api
#19586 @keycloak/keycloak-admin-client doesn't provide an ability to use optional client scope for access token admin/client-js
#23539 User profile attributes should only accept a single value unless configured otherwise user-profile
#25167 Implement POST logout in Keycloak JS adapter/javascript
#25446 CORS SPI oidc
#25676 Introduce new CLI config options for Infinispan remote store dist/quarkus
#25702 Encrypt network communication in JGroups dist/quarkus
#25733 Update Route53 HA guide to be compatible with ROSA and Openshift 4.14.x
#25903 Create new landing page for admin console
#25941 Issue Verifiable Credentials in the JWT-VC format core
#26028 Remove conditional statements about Windows / Linux from the docs docs
#26250 OAuth 2.0 Grant Type SPI oidc
#26455 Supported option to specify maximum threads used to handle HTTP requests dist/quarkus
#26456 Supported option to specify resource management for pods in Keycloak CR dist/quarkus
#26458 Support custom Infinispan configuration file in Keycloak CR operator
#26460 Supported option to specify site name for multi-site deployments dist/quarkus
#26500 Cookie Provider
#26936 Support EC Key-Imports for the JavaKeystoreKeyProvider
#27186 Meta description of admin-ui and account-ui cannot be changed in theme.properties
Enhancements:
#9508 Rename "Resident key" to "Discoverable Credential" docs
#9758 User attributes with a text more than 255 characters storage
#9784 Add truststore options to Keycloak CR operator
#10794 Support importing Kubernetes CA operator
#12009 Support for scope parameter in the refresh flow oidc
#12352 Align Operator config naming with Quarkus distribution operator
#12946 Add X509 thumbprint to JWT when using private_key_jwt oidc
#13250 --verbose option doesn't work in Quarkus distribution dist/quarkus
#15000 Add EdDSA/Ed25519 to WebAuthn Signature algorithms authentication/webauthn
#15714 Supporting EdDSA oidc
#16629 Increase the default iterations for Pbdkdf2-256/512 to match the updated OWASP recommendations authentication
#17574 Add failedLoginNotBefore field to existing brute force detection status API
#17735 Admin-UI: Show realm display name in realm drop down instead of realm id if available admin/ui
#19190 Add "amr" to already implemented "acr" support
#19285 Disable Groovy Closures when bootstrapping Picocli dist/quarkus
#20125 Role mapping tab no longer visible when using fine grained permissions after upgrade from 20.0.3 to 21.0.2 admin/ui
#21074 Identity providers: pagination in admin console
#21343 Upgrade welcome theme to PatternFly 5 welcome/ui
#21559 Provide raw OpenAPI specification alongside Keycloak Admin REST API html documentation
#21578 Scope parameter in Oauth 2.0 token exchange
#21771 List reload button for admin panel admin/ui
#22436 Query users by 'LDAP_ID' is not working ldap
#22922 Use Infinispan BOM instead of direct Infinispan dependencies storage
#23057 Localization tabs admin/ui
#23431 Allow user to select between `Forwarded` or `X-Forwarded-*` header
#23470 Docs: authorization_services/topics/service-authorization-obtaining-permission.adoc authorization-services
#23854 Use upstream Quarkus functionality for non-blocking probes dist/quarkus
#23878 User profile configuration scoped to user-federation provider user-profile
#23896 Changes in declarative user profile should result in admin events user-profile
#24094 Map Store Removal: Delete map profiles from testsuite storage
#24097 Map Store Removal: Delete container providers that were added to the base testsuite storage
#24102 Map Store Removal: Delete Profile.Feature.MAP_STORAGE and all its usages storage
#24103 Map Store Removal: Delete GlobalLockProvider storage
#24105 Map Store Removal: Rename Legacy* classes storage
#24107 Map Store Removal: Revert deprecated modules in model/legacy and rename "legacy" to "storage" storage
#24148 Add config property to specify a list of truststores
#24202 Cache stampede after client invalidation storage
#24245 Parse default UserProfile configuration in the build time
#24250 Allow selecting attributes from user profile when managing token mappers user-profile
#24344 Enhance error logs and error events during UserInfo endpoint and Token Introspection failure
#24412 Accessibility of 2FA method selection login/ui
#24422 UMA 2 not evaluating as expected when using permission tickets authorization-services
#24424 Query on update the ADFS FederationMetadata.xml on the keycloak instead of delete and recreating the IDP config #24310 saml
#24567 Map Store Removal: Revert changes related to map store in test classes in base testsuite storage
#24668 Features versioning
#24793 Map Store Removal: Remove `LockObjectsForModification` storage
#24798 Add truststores to keycloak cr
#24860 Initialize Infinispan earlier in the build chain dist/quarkus
#24926 Add polish translations admin/ui
#24995 Avoid deprecated API usage in testsuite/integration-arquillian/tests/base core
#25058 Add Polish Translations to Account UI account/ui
#25074 Update Kerberos provider for user-profile user-profile
#25075 Update SSSD provider for user-profile user-profile
#25103 Remove product from server info admin/ui
#25113 Add a test for the LoadBalancerCheck
#25146 Decouple "factory" methods from the "provider" methods on UserProfileProvider implementation user-profile
#25149 Replace the existing themes with the dynamic templates from user profile user-profile
#25236 Documentation about Australia Consumer Data Right security profile
#25238 Add missing Arabic messages
#25287 Upgrade Infinispan to 14.0.21.Final
#25288 Map Store Removal: Remove protostream dependency storage
#25300 Deprecate offline session preloading infinispan
#25308 Map Store Removal: Revert changes made to backchannelLogout storage
#25309 Map Store Removal: Remove ResponseSessionTask storage
#25314 Supporting OAuth 2.1 for confidential clients oidc
#25315 Client policies : executor for enforcing DPoP oidc
#25316 Supporting OAuth 2.1 for public clients oidc
#25328 Tests for client scopes/evaluate tab are missing
#25375 Extra tests for realm roles
#25388 Enable concurrent remote operations for Infinispan storage
#25403 Implements attributes field in KeycloakProfile interface admin/client-js
#25404 Adapt incremental build for latest changes in themes module ci
#25415 Describe how to use Infinispan Batch CRs for automation with the external Infinispan storage
#25416 Update UserProfileProvider.setConfiguration to accept UPConfig instead of String
#25487 Add extra tests for realm-settings in admin-ui
#25637 Client policies: executor for validate and match a redirect URI oidc
#25638 Keycloak native implementation of SD-JWT core
#25666 [Admin UI] Allow to customize built-in components administration UI via ConfiguredProvider
#25691 More info on UserProfileContext user-profile
#25738 Tooltips improvements when configuring user profile attribute user-profile
#25770 X509 client certificate login label extends out of form login/ui
#25823 Ability to declare a default "First broker login flow" per Realm
#25872 Make the `user` attribute available to the `idp-review-user-profile.ftl` template
#25882 RealmResourceProvider is not working as expected since version 23.0.0 core
#25897 Admin UI: Show realm display name on welcome page admin/ui
#25908 Could not format default value for log formats dist/quarkus
#25915 Make more clear in the documentation that the wait time is only increased on multiples of the max number of failures docs
#25935 Create Infinispan metrics with labels instead of long metric names
#25962 Missing localization of cs+sk messages
#25979 User profile attribute names with strange characters docs
#25985 Enable verify-profile required action by default user-profile
#26068 Reduce internal unsupported options in the Keycloak HA documentation
#26083 Change RHDG references to Infinispan
#26092 Do not use raw parameterized PropertyMapper dist/quarkus
#26146 Migration docs for https://github.com//issues/15190 docs
#26172 Permanently lock users out after X temporary lockouts during a brute force attack authentication
#26198 Comprehensive log for the LoggingDistTest and Quarkus IT testsuite
#26220 Don't differentiate Windows for getting started docs
#26223 Use `--http-max-queued-requests` option in Keycloak HA documentation docs
#26241 Do not use general debug log level for tests testsuite
#26315 Fully remove reasteasy-core
#26320 Allow formating numbers when rendering attributes user-profile
#26325 Remove unused HttpResponse.setWriteCookiesOnTransactionComplete
#26402 Improve wording in Concepts for configuring thread pools section in documentation
#26416 Remove support for old cookie path
#26430 Implement stricter controls at token endpoint for PKCE verification
#26457 Remove support for multiple AUTH_SESSION_ID cookies
#26469 Documentation for verify-profile required action enabled by default docs
#26485 Add missing Arabic translations translations
#26489 Ability to have alternative default user-profile configuration user-profile
#26530 Map Store Removal: Remove `RealmModel` from authorization services interfaces storage
#26552 Do we need to hide "required" settings for email? user-profile
#26570 Upgrade liquibase to 4.25.1
#26585 Improve UX of read-only attributes user-profile
#26587 Documentation for SuppressRefreshTokenRotationExecutor oidc
#26589 Allow Case-Insensitive Search on Provider Info Page in Admin UI admin/ui
#26598 Map Store Removal: deprecate model legacy module storage
#26626 Brute force detection should issue event for temporary lockout core
#26634 Documentation for default validation changes due user-profile enabled docs
#26683 Remove explicitly set `lit-element` version dist/quarkus
#26689 Update Maven dependency versions for docs docs
#26701 Upgrade to Quarkus 3.7.1 dist/quarkus
#26730 Add Multi-AZ Aurora DB to CI store-integration-tests
#26776 Update documentation to use new Infinispan configuration options
#26781 Update HA guide about non-blocking probes docs
#26810 Shorter lifespan for offline session cache entries in memory storage
#26812 Upgrade to embedded Infinispan 14.0.24 storage
#26819 Use version specific tag for Keycloak images in the docs docs
#26859 Upgrade to Quarkus 3.8 dist/quarkus
#26898 User profile: Add regression test for select inputs
#26910 Keycloak Operator should add service-ca.crt to the truststore operator
#26916 Upgrade to Quarkus 3.7.2 dist/quarkus
#26919 doc: add a clear mention in the documentation about the storage of the refresh and access token docs
#26921 Use latest OLM version for Operator CI testsuite
#26929 Ignore unrecognized truststore formats if `--truststore-paths` is a directory dist/quarkus
#26967 Aurora Postgres IT: Upload flaky and surefire test reports
#27036 Upgrade to Quarkus 3.7.3 dist/quarkus
#27048 Add Amazon Aurora PostgreSQL to the list of tested databases
#27078 Update Keycloak HA Guide new resource limit settings
#27084 Remove the preview note from Keycloak's HA guide
#27093 "Open ID Connect" in docs / UIs should be "OpenID Connect"
#27105 Add New User Registration Option on WebAuthn Authentication UI authentication/webauthn
#27121 Remove references to Quarkus docs and absolute URLs from HA Guide docs
#27123 Use AWS JDBC Wrapper in CI tests
#27125 Add warning about too long attribute values
#27143 Distinguish user registration action label from the security key registration action's one authentication/webauthn
#27147 Replace "Security Key" with "Passkey" in WebAuthn UIs and their documents authentication/webauthn
#27148 Allow overriding the default validators added to attributes user-profile
#27169 Tweak the default memory request and limit in the Operator operator
#27190 a11y improvements on login page
#27226 Upgrade to Quarkus 3.7.4 dist/quarkus
#27238 Add option to clients to use lightweight access token oidc
#27280 Upgrade to Infinispan 14.0.25
#27281 Allow option of using client_id instead of id_token_hint with RP-initiated logout in brokered IDP config/call. identity-brokering
#27315 Change docker image to container image
#27324 Remove RHSSO product documentation from upgrading guide docs
#27326 Edit Keycloak 24.0 release notes docs
#27327 Harmonize behaviour of different CertificateUtilsProvider implementations
#27440 Edit Keycloak 23.x Release Notes
#27452 Edit Keycloak 24 Upgrade guide
Bugs:
#9871 Remove Infinispan workarounds introduced to prevent deadlocks storage
#11178 Event for MISSING_REQUIRED_DESTINATION with idp brokering incorrectly says error is related to logout even for a login response saml
#13080 Encoded token stored as KC_RESTART cookie uses weak algorithm- HS256 authentication
#13368 Issue when using DenyAuthenticator in direct-grant flow authentication
#14448 Multiple failures in OfflineServletsAdapterTest (testServlet, testServletWithConsent, testServletWithRevoke) testsuite
#14581 HTTP Redirect 303 to wrong URL (in case port is not 80) when trailing slash is not added dist/quarkus
#14776 Mail verification isn't working for multiple accounts in one session (only on auto login by clicking the verification mail, not by logging in with the credentials) authentication
#16260 Incorrect handling of OptionParserException in kcadm admin/cli
#17155 UPDATED_PASSWORD user action shouldn't be triggered when login with linked IdP user-profile
#17449 Removing the Realm ID and saving causes the realm to be vanished from the list of the realms admin/api
#19183 token-exchange does apply clientScopes of the origin client token-exchange
#19294 Error on starting keycloak when foldername contains ")" using kc.bat. dist/quarkus
#19886 Allow configuration cookies with `SameSite=Strict` for better compliance with strict regulations and standards authentication
#20304 When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable admin/ui
#20867 Control redirect after password reset core
#21127 During password reset, the baseURL is not shown on the info page after browser restart authentication
#21151 Realm import stack overflow import-export
#21409 Brute Force Detection is disabled when updating frontenUrl via admin client authentication
#21542 Context path missing in URL on OTP page to switch between QR code and manual code core
#21730 v 22.0.0 - when creating a new realm the registration flow does not have terms and conditions step core
#21951 Unable to use `<` as part of a password admin/cli
#22082 Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceClientSessionsMultipleNodes storage
#22401 Common resources in Welcome page didn't resolve correctly welcome/ui
#22431 Localization: Admin UI doesn't pick up message bundles from realms other than master admin/ui
#22507 User profile attributes not localized in account console V3 user-profile
#22540 Description of "Configuring sources for Keycloak" inconsistent / misleading docs
#22555 Docs: server_development/topics/identity-brokering.adoc docs
#22660 Implementing custom ClientAuthenticator loses access to Client Secret Input Field in the Admin UI admin/ui
#22691 Flaky test: org.keycloak.testsuite.forms.RecoveryAuthnCodesAuthenticatorTest#test03AuthenticateRecoveryAuthnCodes authentication
#22836 Invalid redirect uri when identity provider alias has spaces identity-brokering
#22904 Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testPersistenceMultipleNodesClientSessionAtSameNode ci
#22958 KeycloakErrorHandler NullPointerException String.toLowe rCase() because message is null authentication
#23023 Undocumented change in priority of X-Forwarded-* headers as of Quarkus distribution core
#23056 Flaky test: org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently storage
#23217 NoSuchFileException with ${kc.home.dir} on Windows dist/quarkus
#23229 Realm client update via PUT returns invalid registration_client_uri with duplicated client ID in address admin/api
#23268 New Install with MySQL failing with REALM_SOCIAL_CONFIG ADD issue storage
#23399 Audience is lost after refreshing a RPT authorization-services
#23683 Default-Value in UI for krbPrincipalAttribute is error prone admin/ui
#23699 Account v3 theme - Localization not working on account console account/ui
#23786 Failure: FipsDistTest ci
#23966 Group members are displayed incorrectly when using LDAP in READ_ONLY mode admin/api
#24082 Selected locale is not taking into accoun in `keycloak.v3 account` theme account/ui
#24141 LDAP user mapper for username: user appears twice in the GUI ldap
#24144 Unable to locate entity descriptor: org.keycloak.examples.domainextension.jpa.Company core
#24200 NPE in User Session Note mapper on Token Exchange token-exchange
#24219 admin-fine-grained-authz + client authorization settings requires view-client role admin/ui
#24323 Refresh request ignores scope parameter from refresh request oidc
#24353 Keycloak operator tries to manipulate Secret which is not managed by Keycloak operator
#24361 Adding scopes via registration_client_uri does not work when using Dynamic Client Registration admin/api
#24369 UpdateUserLocaleAction does not trigger EventType.UPDATE_PROFILE event user-profile
#24459 Keycloak fails to start when uninstalling custom provider dist/quarkus
#24464 Tabbing is not working in forms inside dropdown admin/ui
#24485 NullPointerException when key is not available in the database oidc
#24506 Reopening 2 - CVE-2023-21971 - Update Connector/J to 8.0.33 dependencies
#24508 Deadlock when pre-loading remote sessions from external Infinispan storage
#24595 Leaving Single Sign Out page open for too long and then confirming logout leads to error page authentication
#24626 Upgrade testsuite to use SpringBoot 2.7 ci
#24651 Deleting a User or User Group might cause that all users suddenly get the permissions of the deleted user. authorization-services
#24652 SAML decryption fails if keycloak.saml.deprecated.encryption flag is set saml
#24718 Mapper Option "Add to access token" Toggled Off Despite Claim Added to Token admin/ui
#24767 Improve LDAP Condition implementations ldap
#24783 Keycloak Admin UI - Help text not localized in Realm Events Setting UI admin/ui
#24923 Importing Keycloak breaks typescript in esModule adapter/javascript
#24960 OpenAPI spec doesn't match the admin API admin/api
#24961 Keycloak not able to handle multiple validating X509 certificates when public key are the same saml
#24980 The `DefaultActionToken` serializes a JSON Object with duplicate keys oidc
#24986 `getMultiPartFormParameters()` always returns `EmptyMultivaluedMap` after upgrade to Resteasy Reactive core
#25001 Client redirect_uri check must be compared using exact string matching oidc
#25016 Make password visibility css classes configurable for themes login/ui
#25033 Typo in the balloon help of SAML Username Template Importer core
#25041 Incomplete Spanish translations for Admin UI translations
#25051 Unexpected Application Error when clicking "Cancel" on user creation page admin/ui
#25054 Read Only Access of the realm users' "Role mapping" tab is broken for Admin Console admin/ui
#25060 fix debug log string core
#25078 Log Injection during WebAuthn authentication/registration authentication
#25096 Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups admin/api
#25110 User Profile attribute with "Options" shows options of another attribute if none set on it user-profile
#25111 RealmAdminResource.getGroupByPathGroup does not work with space in path parameter admin/api
#25173 Make sure username is lowercase when normalizing attributes user-profile
#25183 NullPointerException thrown for UPConfig.getGroups() user-profile
#25208 GH Actions -> Keycloak CI -> MSSQL docker images fails during startup ci
#25231 CIBA and PAR are broken since 23.0.0 (NPE) when using http protocol oidc
#25235 Unable to start after updating Docker container dist/quarkus
#25290 Social Login Tests unable to retrieve Federated Access Token from user session testsuite
#25294 Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off ldap
#25322 Warning "Event object wasn't available in remote cache" when using remote store
#25392 Admin Console: Realm Dropdown should only show the realms the user has access to admin/ui
#25417 Avoid keycloak-admin-client in UI to call admin console UI extension admin/ui
#25423 Confusing error message by pr-backport.sh when not authenticated to gh ci
#25433 Key provider UI issue while saving - RSA admin/ui
#25449 Clean up translations for DE/EN/NL for a first test-run of Weblate translations
#25451 Admin cli failing when adding roles to a 3rd group in a list admin/cli
#25463 Unnecessary user profile metdata sent on user update user-profile
#25475 User Profile: If required roles ("user") and reqired scopes are set, the required scopes have no effect user-profile
#25502 Account v3 theme - theme.properties Custom theme scripts not loading account/ui
#25515 Deleting an atribute from the UI is reseting the unmanaged attribute policy user-profile
#25544 Post Logout Redirect URIs "+" behavior is inconsistent with other usages (i.e. Web Origins) oidc
#25565 OpenAPI: POST for /admin/realms response is 201 admin/api
#25566 Failure in SSSDUserProfileTest.test05MixedInternalDBUserProfile testsuite
#25584 iss not returned as query param in redirect to app when using "prompt=none" and user is not authenticated oidc
#25601 OpenAPI: POST /admin/realms/{realm}/clients response is 201 admin/api
#25604 OpenAPI: Client authz endpoints without responses admin/api
#25628 Translations missing in user details role mapping admin/ui
#25633 Parsing of labels issue IDs doesn't work with colons and the "fixes" keyword ci
#25636 "Disable realm?" displayed when disabling client admin/ui
#25642 Failure in KeycloakDistConfiguratorTest's 'missingHostname' check testsuite
#25649 OpenAPI: In ClientRepresentation the property oauth2DeviceAuthorizationGrantEnabled was not known by the API. admin/api
#25656 OpenAPI: POST /admin/realms/{realm}/clients-initial-access response is 201 admin/api
#25660 Incorrect version of the fix in release notes
#25677 Removing all group attributes no longer works with keycloak-admin-client (java) admin/client-java
#25679 `/admin/realms/{realm-name}/ui-ext/realms` endpoint leaks realms the user doesn't have access to see admin/ui
#25699 Flaky test Job URL missing on some runs ci
#25704 Custom Validator is never executed when UserProfileContext is UPDATE_EMAIL user-profile
#25714 Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet ci
#25731 /admin/realms/{realm}/groups Endpoint is slow admin/api
#25746 Using kcadm.sh create components result to 400 Bad Request admin/cli
#25752 [CI] Store Model Tests failures - UserSessionProviderOfflineModelTest, OfflineSessionPersistenceTest, UserSessionInitializerTest storage
#25753 Backchannel logout token is missing the "exp" claim oidc
#25783 Since 23, start-dev command line arguments parsing is buggy dist/quarkus
#25789 User events: labels overlap content admin/ui
#25827 admin ui uses hyphen instead of dot as realm attribute separator admin/ui
#25853 Timeouts after upgrade of download action v4 ci
#25878 HTML emails in Catalan don't contain links translations
#25883 ldap-group-mapper fails when empty member: attribute is present ldap
#25891 Optimize handling of terms and conditions during registration core
#25892 Test suite depends on artifacts built only when distribution profile is active ci
#25909 Keycloak HA Guide uses token for cross-site setup that expires
#25912 LDAP federation reports "Creating new LDAP Store..." on every login ldap
#25927 UI crash after using breadcrumb group navigation during an active group search admin/ui
#25934 On invalid submission, IdpUsernamePasswordForm sends back the user to the standard UsernamePasswordForm template authentication
#25939 Declartive user profile. When multiple attributes with options validator are defined and 1 is selected on UI shown that 2 of them have values. user-profile
#25951 Masthead tests fail often admin/ui
#25961 Native SQL Schema names broken on MySQL storage
#25977 No error message displayed when trying to add read-only attribute to some user in `Attributes` tab user-profile
#25980 Force reauthentication is ignored during identity brokering when mapping between OIDC and SAML protocols saml
#25981 GitHub Status check is green if the build fails ci
#26021 `mvn clean` does not work in js directory account/ui
#26032 Duplicate tooltip/label for refresh button on device activity page account/ui
#26036 subgroups clickopen not working admin/ui
#26040 Subgroups-check is incorrect, and therefore subgroups are not clickable admin/ui
#26051 Name ID Format field is confusing for User Attribute Mapper For NameID saml
#26052 Configure OTP Form regenerates Secret on reload authentication
#26059 Attempting to update settings for realm with "dots" in the name fails due to client side validation admin/ui
#26060 Various Localization tab issues
#26075 Next time you start message references the wrong command dist/quarkus
#26088 Rest custom JAX-RS resource in kc 23: Method not allowed core
#26131 Localization: Realm overrides subtab admin/ui
#26132 Localization: Effective message bundles subtab admin/ui
#26148 Keycloak JavaScript CI: client_scopes_test.spec.ts ci
#26156 A11y critical violation in ProviderId form field admin/ui
#26168 KC_DB_DRIVER is not propagated properly admin/cli
#26177 Invalidate authentication session on repeated OTP failures authentication
#26180 Invalidate authentication session on repeated Recovery Code failures authentication
#26228 With fine grained permissions enabled, the grouptree rights check is not working correctly admin/ui
#26231 keycloak-admin-client missing recent changes to group query parameters admin/client-js
#26236 Ensure community-maintained translations are not part of product build account/ui
#26266 Importing Realm with declarative user profile attributes fails user-profile
#26281 Incorrect example in the Keycloak operator configuration operator
#26291 Workflow failure: FIPS IT - KcSamlEncryptedIdTest#testEncryptedElementIsReadableInDeprecatedMode ci
#26295 Incomplete Chinese Translation for Login Page translations
#26308 Error when migrating from a realm where the user profile component does not hold any entry in the configuration user-profile
#26323 Reset credentials action fails when triggered from first broker login flow identity-brokering
#26330 HTTP status code 413 Request Entity Too Large for large SAMLResponse since Keycloak 23 saml
#26334 Resource and permission titles missing for a new client admin/ui
#26335 Bind flow modal broken admin/ui
#26337 Write tests to cover binding a flow testsuite
#26350 Fix more A11y violations admin/ui
#26358 Apparently incorrect tooltip on "type" field for a "resource" in a client admin/ui
#26363 Search dialog for authorization policy is wrong? admin/ui
#26374 Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode ci
#26375 The role Unassign button enabled in admin console even if no roles are selected admin/ui
#26383 Labels for WebAuthN missing in Account Console account/ui
#26390 More A11y Violations Detected admin/ui
#26400 Workflow failure: Admin UI E2E - realm_test.spec.ts ci
#26407 Typo in disable dialog admin/ui
#26409 Duplicate `key` for credentials on sign in page account/ui
#26418 Failed to link identity broker to user with a verified email by IdP email verification flow identity-brokering
#26420 Labels for WebAuthN Passwordless missing in Account Console account/ui
#26427 Operator CSV uses wrong format for `createdAt` field operator
#26452 Row remains selected when "cancel" clicked on deleting translation in the Localization/Realm Overrides tab admin/ui
#26464 "Test connection" on LDAPS URI does not test TLS handshake admin/api
#26468 SPI-truststore-file-type option appears to be invalid docs
#26490 Update Keycloak sizing guide after change of default hashing configuration core
#26507 Failed to link the user with an existing read-token role from the federation provider when AddReadTokenRoleOnCreate was enabled for the IdP. storage
#26529 Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode ci
#26549 Mysterious settings changes due to Keycloak cluster changes admin/ui
#26564 Issues related to IDNHomographValidator user-profile
#26584 User details locale select broken in realm specific admin console admin/ui
#26588 Infinite loop during X509 authentication authentication
#26597 Keycloak UI meets "Internal Sever Error" after save "Refresh Token Max Reuse" number core
#26604 Arc container is null dist/quarkus
#26609 allow sending realm in request without changing the kc admin object admin/client-js
#26612 Wrong delete messages in Realm overrides admin/ui
#26618 CLIENT_ATTRIBUTES index idx_client_att_by_name_value no longer exists since KC 20 (postgres) storage
#26631 Keycloak HA guide with blank and callout docs
#26635 Account UI ships too much Beer in user attributes user-profile
#26636 Immediately reflect flow binding status on flow definition page in Admin UI when binding an auth flow admin/ui
#26643 Replace "message bundle" text to "translation" in realm overrides admin/ui
#26649 PhantomJS does not send secure cookies over http://localhost core
#26651 [keycloak.js] useNonce parameter is all-or-nothing adapter/javascript
#26653 Disallow removing required filters when searching for effective message bundle. admin/ui
#26665 Unable to modify access token lifespan at realm level. Keycloak stops working. core
#26668 Wrong help for "Create initial access token" expiration field admin/ui
#26686 Not possible to build documentation after quarkus upgrade docs
#26697 When creating a user federation mapper changing the type doesn't change User Roles Retrieve Strategy admin/ui
#26716 User Profile Applies Validation To Service Account Users user-profile
#26727 Auto layout of authenticator flow graph only applies the second time admin/ui
#26747 Tooltip for attribute name in user-profile configuration is incorrect user-profile
#26750 Empty error message when validation issue due the PersonNameProhibitedValidator validation user-profile
#26782 Accessing userinfo fails with CORS when token is expired or session is deleted oidc
#26790 Workflow failure: Operator IT on OpenShift ci
#26792 User profile 'uri' validator not working user-profile
#26816 Keycloak server admin docs needs change with the new hashing iteration changes docs
#26818 bug in operator example yaml operator
#26826 Freemarker erroneously escapes/sanitizes URL in template.ftl (&) login/ui
#26830 Duplicate "Refresh" buttons present in admin-ui admin/ui
#26834 Disabling "Reset OTP" in "Reset credentials" flow throws error on "forgot password" authentication
#26853 Fixing anchors in security apps guide in prod profile docs
#26856 Remove custom user attributes section in server developer guide user-profile
#26937 Once all default client scopes are deleted from the realm we can't create a new custom role. core
#26941 When loading entries from a remote store at startup, no lifespan or expiry is set core
#26951 Roles admin REST API for creating roles: Composite roles are expanded admin/api
#26983 Group not found in list after creation core
#27002 Refresh doesn't work in Localization/Effective message bundles admin/ui
#27005 Unable to approve/deny permission requests account/ui
#27031 Having read-only attributes stored at a user leads to validation warning on every login user-profile
#27095 Cache Keys for Group pagination and other entries cannot be invalidated and updated infinispan
#27120 Microsoft social login failure testsuite
#27133 Workflow failure: Keycloak CI - Store IT (aurora-postgres) ci
#27137 Users with fine-grained permissions can not create a user admin/ui
#27140 Locale selector is unnecessarily visible without rights to locales admin/ui
#27162 Default locale is set to null when not explicitly choosing a locale admin/ui
#27173 Newly created authentication subflow is always disabled admin/ui
#27234 Cannot update email in account console with `update-email` feature enabled account/ui
#27243 Account console not working when lightweight-access-tokens used oidc
#27271 AuthorityKeyIdentifierExtension should be calculated from caCert (if it present) in generateV3Certificate, not from subjPubKeyInfo core
#27284 FolderTheme does not support Locales with extensions core
#27290 AWS JDBC driver throws ConcurrentModificationException storage
#27297 Check for duplicated usernames and emails when Login with email option is enabled user-profile
#27316 Server admin guide not building downstream due to missing IDs docs
#27337 Workflow failure: Admin UI E2E - realm_settings_user_profile_enabled admin/ui
#27344 Secure Redirect URI executor issues oidc
#27345 Workflow failure: Keycloak CI - OAuth 2.0 Grant Type SPI ci
#27406 JavaDocs generation broken after removal of resteasy-core
#27409 Apply remote store workaround also for configuration via CLI options
#27412 OAuth 2.1 default profile lacks oauth-2-1-compliant setting for SecureRedirectUrisEnforcerExecutor oid
Wildfly 31.0.0.
Feature Request:
[WFLY-15405] - Add support for AMQP Connector in MP Reactive Messaging
[WFLY-18838] - Preview support for Jakarta MVC 2.1
[WFLY-18866] - Update WF feature pack to use preview stability level
Enhancement:
[WFLY-18383] - Quickstart for MicroProfile LRA
[WFLY-18460] - bmt Quickstart Common Enhancements CY2023Q3
[WFLY-18463] - ee-security Quickstart Common Enhancements CY2023Q3
[WFLY-18465] - ejb-remote Quickstart Common Enhancements CY2023Q3
[WFLY-18466] - ejb-security-context-propagation Quickstart Common Enhancements CY2023Q3
[WFLY-18467] - ejb-security-programmatic-auth Quickstart Common Enhancements CY2023Q3
[WFLY-18468] - ejb-throws-exception Quickstart Common Enhancements CY2023Q3
[WFLY-18469] - ejb-timer Quickstart Common Enhancements CY2023Q3
[WFLY-18473] - helloworld-jms Quickstart Common Enhancements CY2023Q3
[WFLY-18477] - helloworld-singleton Quickstart Common Enhancements CY2023Q3
[WFLY-18478] - helloworld-ws Quickstart Common Enhancements CY2023Q3
[WFLY-18405] - JCA: make sure WorkManager doesn't relate on jboss-threads executor's blocking API
[WFLY-18480] - hibernate Quickstart Common Enhancements CY2023Q3
[WFLY-18481] - http-custom-mechanism Quickstart Common Enhancements CY2023Q3
[WFLY-18482] - jaxrs-client Quickstart Common Enhancements CY2023Q3
[WFLY-18483] - jaxrs-jwt Quickstart Common Enhancements CY2023Q3
[WFLY-18484] - jaxws-ejb Quickstart Common Enhancements CY2023Q3
[WFLY-18485] - jaxws-retail Quickstart Common Enhancements CY2023Q3
[WFLY-18487] - jta-crash-rec Quickstart Common Enhancements CY2023Q3
[WFLY-18488] - jts Quickstart Common Enhancements CY2023Q3
[WFLY-18490] - logging Quickstart Common Enhancements CY2023Q3
[WFLY-18491] - mail Quickstart Common Enhancements CY2023Q3
[WFLY-18494] - microprofile-fault-tolerance Quickstart Common Enhancements CY2023Q3
[WFLY-18495] - microprofile-health Quickstart Common Enhancements CY2023Q3
[WFLY-18499] - microprofile-rest-client Quickstart Common Enhancements CY2023Q3
[WFLY-18502] - remote-helloworld-mdb Quickstart Common Enhancements CY2023Q3
[WFLY-18504] - servlet-async Quickstart Common Enhancements CY2023Q3
[WFLY-18505] - servlet-filterlistener Quickstart Common Enhancements CY2023Q3
[WFLY-18506] - servlet-security Quickstart Common Enhancements CY2023Q3
[WFLY-18508] - spring-resteasy Quickstart Common Enhancements CY2023Q3
[WFLY-18512] - todo-backend Quickstart Common Enhancements CY2023Q3
[WFLY-18513] - websocket-endpoint Quickstart Common Enhancements CY2023Q3
[WFLY-18514] - websocket-hello Quickstart Common Enhancements CY2023Q3
[WFLY-18544] - managed deployment in content repository duplicated in tmp/vfs/temp directory
[WFLY-18578] - Allow channel-based overriding of the org.jboss.as.product data
[WFLY-18644] - Remove xerces from distribution
[WFLY-18743] - Change NoAuditLogTestCase class to use the system default encoding to read the log file
[WFLY-18768] - Add Micrometer quickstart
[WFLY-18769] - Publish Quickstarts docs
[WFLY-18790] - Convert testsuite provisioning from galleon-maven-plugin to wildfly-maven-plugin
[WFLY-18792] - External configuration of channels to use when testing
[WFLY-18793] - Dynamic configuration of channels to use when testing
[WFLY-18819] - Quickstart READMEs XML snippets for server provisioning/bootable jar should not specify layers
[WFLY-18856] - Document stability levels
[WFLY-18890] - "docs/schema" does not contain "orm_3-1.xsd"
[WFLY-18901] - OpenShift CI support for MicroProfile LRA Quickstart
Bug:
[WFLY-14769] - Lookup of txn:LocalUserTransaction makes it possible to illegally use UserTransaction in a CMT context
[WFLY-16929] - ForwardedHandlerTestCase fails with security manager
[WFLY-17349] - WebJPATestCase intermittently fails
[WFLY-18009] - WildFly lacks support for LZ4 compression, which is needed by Kafka clients
[WFLY-18054] - Operations on any child resource of an Undertow servlet container fail with DuplicateServiceException
[WFLY-18215] - license correction for jipijapa-hibernate6 + wildfly-jpa
[WFLY-18240] - org.apache.activemq.artemis is required as an explicit dependency for some deployments
[WFLY-18384] - [CLUSTERING] File containing session data is never shrunk or deleted
[WFLY-18397] - Fix Standalone Old Faces 4.0 TCK 26 failures
[WFLY-18533] - Simplest JAXRS app is failing when deployed in server provisioned with jaxrs
[WFLY-18560] - Galleon layers reference javax API alias packages
[WFLY-18639] - Improve resiliency of reflection based-externalizers and marshallers
[WFLY-18653] - i18n of exception messages in ApplicationClientParsingDeploymentProcessor
[WFLY-18654] - i18n of exception message in WildFlyJobXmlResolver
[WFLY-18656] - i18n of exception messages in connector
[WFLY-18657] - i18n of exception messages in ee
[WFLY-18658] - i18n of exception messages in ejb3
[WFLY-18659] - i18n of exception messages in jpa
[WFLY-18660] - i18n of exception messages in messaging-activemq
[WFLY-18661] - i18n of exception messages in naming
[WFLY-18662] - i18n of exception messages in pojo
[WFLY-18663] - i18n of exception messages in sar
[WFLY-18665] - i18n of exception messages in webservices
[WFLY-18666] - i18n of exception messages in weld
[WFLY-18667] - i18n of exception messages in xts
[WFLY-18683] - Blocked JDBC store threads prevent shutdown
[WFLY-18694] - Broken link in Application Client documentation
[WFLY-18702] - In WildFly Preview jaxrs-server layer does not provision MP Rest Client
[WFLY-18703] - Misleading error message for XA DataSource class
[WFLY-18708] - Disable counter-productive "distributable" behavior in Mojarra
[WFLY-18718] - license.xml has different line endings when provisioned on Windows
[WFLY-18726] - Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions when started by ps1 script
[WFLY-18727] - ATTRIBUTE granularity distributed sessions should always replicate on setAttribute(...)
[WFLY-18733] - Deployments of SharedClientContextTestCase should be undeployed
[WFLY-18736] - Remove okhttp dependency
[WFLY-18740] - On cache writes, Infinispan store=hotrod throws ISE: Only byte[] instances are supported currently
[WFLY-18742] - Provisioning micrometer and opentelemetry layers issue
[WFLY-18746] - Revisit telemetry layers inclusion rules.
[WFLY-18756] - WildFly throws UnknownHostExceptions and XARecovery fails when Connected to an AMQ Cluster in OpenShift
[WFLY-18775] - Intermittent NPE in distributed timers TimerScheduler
[WFLY-18782] - Dependency tree - wildfly-model-test & commons-text should only be in test scope
[WFLY-18785] - Client fail rate degradation in tests with Oracle database: IJ000453: Unable to get managed connection for ... + StoreUnavailableException
[WFLY-18787] - WFLY-18683 fix causes marshalling errors when SQLExceptions are propagated to caller
[WFLY-18800] - Misleading example in "Configure Authentication with Certificates" section of Elytron security doc
[WFLY-18811] - Reduce visibility org.infinispan module to only those packages containing public API
[WFLY-18813] - Predicates not applied correctly to gzip filters
[WFLY-18814] - A typo in run-integration-tests-with-provisioned-server.adoc
[WFLY-18820] - Queue creation might fail if auto-create-addresses is set to false
[WFLY-18823] - Fix Flaky AbstractValidationUnitTest
[WFLY-18844] - Invalid XmlMerge output on Windows
[WFLY-18849] - Official installation modules can produce installations with a '.galleon/history' folder
[WFLY-18853] - QS websocket-hello, websocket-endpoint and servlet-async are missing wildfly-maven-plugin in pluginManagement section in pom.xml
[WFLY-18855] - MicroProfile spec support table is out of date
[WFLY-18868] - Ensure MMR delegates implement getStability()
[WFLY-18869] - max-active-sessions=-1 causes ISPN000424 error for distributable webapp
[WFLY-18873] - Missing client dependency in user BOM
[WFLY-18880] - missing dependency to org.wildfly.clustering.marshalling.spi in clustering.ee.cache module.xml
[WFLY-18882] - JCA: resource adapter subsystem dependency should be added based on capabilities
[WFLY-18883] - Install and Deploy fails. due to duplicated artifacts attached
[WFLY-18885] - Unable to look up deployed datasource when name differs from runtime-name
[WFLY-18887] - todo-backend quickstart CI test fails
[WFLY-18897] - testsuite manual-expansion is missing the parsson dependency.
[WFLY-18914] - Shared distributed session manager triggers duplicate expiration listeners
[WFLY-18922] - Give the Apache Lucene module access to jdk.management
[WFLY-18931] - Galleon layers doc does not list the microprofile-telemetry layer as a dependency of observability
[WFLY-18936] - NetworkHealthTestCase doesn't cleanup it's configuration affecting other tests
[WFLY-18941] - Update jipijapa EclipseLink reference in documentation as refers to transformed version
Components Upgrade:
[WFLY-18406] - Upgrade ironjacamar to 3.0.6.Final
[WFLY-18442] - Upgrade MP Config API to 3.1 (MP 6.1)
[WFLY-18443] - Upgrade MP Telemetry API to 1.1 (MP 6.1)
[WFLY-18555] - Upgrade to Hibernate 6.4.1.Final release
[WFLY-18630] - Upgrade Infinispan to 14.0.20.Final
[WFLY-18645] - Upgrade openjdk-orb to 10.0.0.Final
[WFLY-18646] - Upgrade Jastow to 2.2.7.Final
[WFLY-18647] - Upgrade HAL to 3.6.16.Final
[WFLY-18655] - Upgrade Eclipse ECJ to 3.32.0
[WFLY-18674] - Bump version.com.fasterxml.jackson from 2.15.2 to 2.15.3
[WFLY-18679] - Upgrade jaxbintros from 2.0.0 to 2.0.1
[WFLY-18682] - Upgrade WildFly Http Client to 2.0.5.Final
[WFLY-18685] - Upgrade santuario to 3.0.3 (addresses CVE-2023-44483)
[WFLY-18688] - Update JBeret to 2.1.3.Final
[WFLY-18690] - Upgrade the Jakarta XML Binding API to 4.0.1 and the Implementation to 4.0.4
[WFLY-18693] - Upgrade to SmallRye Reactive Messaging 4.11.0
[WFLY-18704] - Upgrade Artemis to 2.31.2 (resolves CVE-2023-46604)
[WFLY-18707] - Upgrade WildFly Core to 23.0.0.Beta1
[WFLY-18713] - Upgrade RESTEasy to 6.2.6.Final
[WFLY-18714] - Upgrade Galleon to 5.2.2.Final and Galleon plugins to 6.5.3.Final
[WFLY-18725] - Upgrade WildFly Http Client to 2.0.6.Final
[WFLY-18729] - Upgrade Netty from 4.1.100 to 4.1.104
[WFLY-18732] - Upgrade SmallRye Config to 3.4.3
[WFLY-18735] - Upgrade to SmallRye OpenTelemetry 2.6.0
[WFLY-18738] - Upgrade to Mojarra 4.0.5
[WFLY-18750] - Upgrade to MP Config 3.0.3
[WFLY-18751] - Upgrade RxJava to 3.1.8
[WFLY-18752] - Upgrade Jakarta JSTL Implementation to 3.0.1
[WFLY-18754] - Upgrade WSS4j from 3.0.1 to 3.0.2
[WFLY-18755] - Upgrade stax2-api from 4.2.1 to 4.2.2
[WFLY-18760] - Upgrade smallrye-open-api to 3.7.0
[WFLY-18767] - Upgrade Byteman to 4.0.22
[WFLY-18772] - Upgrade the WildFly Maven Plugin to 4.2.1
[WFLY-18774] - Upgrade Infinispan to 14.0.21.Final
[WFLY-18777] - Upgrade joda-time:joda-time from 2.12.1 to 2.12.5
[WFLY-18778] - Upgrade Jakarta JSP API to 3.1.1
[WFLY-18779] - Upgrade WildFly Core to 23.0.0.Beta2
[WFLY-18795] - Bump jakarta.enterprise.concurrent:jakarta.enterprise.concurrent-api from 3.0.2 to 3.0.3
[WFLY-18797] - Upgrade to SmallRye Config 3.4.4
[WFLY-18804] - Upgrade to Hibernate Search 7.0
[WFLY-18805] - Upgrade to Elasticsearch client 8.11
[WFLY-18806] - Upgrade to Lucene 9.8
[WFLY-18810] - Update Micrometer to 1.12.0
[WFLY-18826] - Upgrade smallrye-health to 4.0.4
[WFLY-18833] - Upgrade ironjacamar to 3.0.7.Final
[WFLY-18836] - Upgrade WildFly Core to 23.0.0.Beta3
[WFLY-18841] - Upgrade com.sun.xml.fastinfoset:FastInfoset from 2.1.0 to 2.1.1
[WFLY-18842] - Upgrade mod_cluster to 2.0.4.Final
[WFLY-18845] - Upgrade wildfly-transaction-client to 3.0.3.Final
[WFLY-18861] - Upgrade WildFly Core to 23.0.0.Beta4
[WFLY-18904] - Update ANTLR to 4.13.0 for Hibernate 6.4
[WFLY-18905] - Upgrade JBeret to 2.2.0.Final
[WFLY-18906] - Upgrade WildFly Core to 23.0.0.Beta5
[WFLY-18915] - Upgrade HAL to 3.6.17.Final
[WFLY-18916] - Upgrade RESTEasy from 6.2.6.Final to 6.2.7.Final
[WFLY-18917] - Upgrade RESTEasy MicroProfile from 2.1.4.Final to 2.1.5.Final
[WFLY-18923] - Upgrade to WildFly Glow 1.0.0.Beta5
[WFLY-18924] - Upgrade ironjacamar to 3.0.8.Final
[WFLY-18926] - Upgrade com.github.luben:zstd-jni from 1.5.2-1 to 1.5.5-11
[WFLY-18927] - Upgrade to Hibernate 6.4.2.Final release
[WFLY-18928] - Upgrade H2 to 2.2.224
[WFLY-18930] - Upgrade mvc-krazo integration to 0.8.2.Final
[WFLY-18934] - Upgrade WildFly Core to 23.0.0.Final
[WFLY-18940] - Upgrade WildFly Core to 23.0.1.Final
Task:
[WFLY-15723] - Some Java source files use Red Hat Middleware LLC in copyright header
[WFLY-17755] - Better handling of licenses
[WFLY-17772] - Migrate from Apache DS to Apache Kerby for Kerberos testing
[WFLY-18332] - Update LayersTestBase and LayersTestCase(s)
[WFLY-18430] - Rework Galleon provisioning in tests to not specify Galleon layers
[WFLY-18574] - Get todo-backend working on OpenShift CI
[WFLY-18651] - Remove org.wildfly.build plugins from the poms
[WFLY-18673] - Reduce the number of GitHub CI jobs that run
[WFLY-18677] - Disable testsuite/layers[-expansion] provisioning if -DskipTests is set
[WFLY-18687] - Some add-ons in Galleon layer metadata are missing a description
[WFLY-18689] - Quickstarts CI: input param to customize matrix.jdk
[WFLY-18691] - Add documentation for adding integrity checking for an existing filesystem realm to wildfly docs
[WFLY-18692] - Simplify helloworld, removing CDI
[WFLY-18697] - Switch ejb subsystem test dep from groovy-all to groovy
[WFLY-18699] - Adapt WildFly to use ModuleSpecification.getMutableUserDependencies returning a Collection interface
[WFLY-18709] - Drop obsolete workaround for WFLY-3044
[WFLY-18712] - Quickstarts CI support for non root deployment dir
[WFLY-18717] - Update the WildFly vs WildFly Preview document for current differences
[WFLY-18728] - Control the maven repos used by dependabot
[WFLY-18737] - Remove shopping-cart quickstart
[WFLY-18741] - Add a github action shared file to build and test WildFly
[WFLY-18757] - Update WildFly docs to add instructions for converting cli scripts generated by elytron-tool to be used in domain mode
[WFLY-18758] - Use PermissionUtils to create permissions.xml
[WFLY-18759] - Move MicroProfile tck artifacts from boms/common-expansion to boms/standard-test-expansion
[WFLY-18764] - Update HostExcludesTestCase configuration to work with WF31
[WFLY-18770] - Remove WFCORE-6591 workaround in LayersTestCase
[WFLY-18771] - Remove libthrift from dependencyManagement
[WFLY-18791] - Create channel and manifest artifacts for the three feature packs
[WFLY-18799] - Fix linking for distributed-realm and failover-realm so their documentation is rendered
[WFLY-18808] - Remove uses of deprecated ModuleSpecification API
[WFLY-18822] - Remove bean-validation-custom-constraint quickstart
[WFLY-18840] - Remove obsolete RedHat URLs
[WFLY-18850] - Rework testsuite/preview/basic
[WFLY-18852] - Clean up exclusions in galleon-shared/pom.xml
[WFLY-18854] - Classes still have LGPL header
[WFLY-18858] - Do not deploy channel manifests
[WFLY-18908] - Update version.org.eclipse.microprofile to 6.1
[WFLY-18920] - Remove DomainTestSupport.stop() method usage
Sub-task:
[WFLY-16887] - Modify description in jaxrs of subsystem to its correct sentence
[WFLY-16890] - Modify description in datasources of subsystem to its correct sentence
[WFLY-16895] - Modify description in ejb3 of subsystem to its correct sentence
[WFLY-17760] - Upgrade licenses-plugin to make use of known licenses
[WFLY-18562] - Reevalute test exclusions in the integration/basic module
[WFLY-18605] - Reevalute test exclusions in the integration/elytron module
[WFLY-18606] - Reevalute test exclusions in the integration/web module
[WFLY-18642] - Reevalute test exclusions in the integration/microprofile module
[WFLY-18788] - Replace Consumers/Functions with utility methods from wildfly-common
[WFLY-18871] - Replace capability name resolvers with versions from wildfly-controller
[WFLY-18879] - Consolidate CommandDispatcherFactory interfaces from API vs SPI modules
[WFLY-18893] - Pass Platform TCK Signature Tests on Java 21
Wildfly 31.0.0
Bug:
[WFLY-18700] - java.lang.OutOfMemoryError: Direct buffer memory
[WFLY-18959] - Mail Quickstart maven dependencies have wrong scope
[WFLY-18969] - Give the Apache Lucene module access to jdk.unsupported
[WFLY-19010] - SSL Client context not loaded with AMQP Connector used in bootable jar
[WFLY-19019] - Exception that happened during deployment is being hidden
[WFLY-19020] - JakartaEE application client: module "org.hibernate" is not added to classpath
[WFLY-19040] - Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan
Task:
[WFLY-19029] - Hibernate ORM 6.4+ should export services to consumer classpath
Component upgrade:
[WFLY-18946] - Upgrade Infinispan to 14.0.22.Final
[WFLY-18977] - Upgrade jgroups-kubernetes to 2.0.2.Final
[WFLY-18989] - Upgrade to Hibernate 6.4.4.Final release
[WFLY-19003] - Upgrade Netty to 4.1.106
[WFLY-19032] - Upgrade Snappy Java to 1.1.10.5 (CVEs CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-43642)
[WFLY-19034] - Upgrade nimbus-jose-jwt to 9.37.3 [CVE-2023-52428]
[WFLY-19042] - Upgrade HAL to 3.7.0.Final (WildFly 31.0.1.Final)
[WFLY-19045] - Upgrade Infinispan to 14.0.24.Final
[WFLY-19046] - Upgrade JGroups to 5.2.22.Final
[WFLY-19048] - Upgrade WildFly Core to 23.0.2.Final
[WFLY-19058] - Upgrade WildFly Core to 23.0.3.Final
Enhancement:
[WFLY-18956] - Add sha1 to Quickstart's dist module
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Apache Spark 3.5.1
[SPARK-39910] - DataFrameReader API cannot read files from hadoop archives (.har)
[SPARK-40154] - PySpark: DataFrame.cache docstring gives wrong storage level
[SPARK-43393] - Sequence expression can overflow
[SPARK-44683] - Logging level isn't passed to RocksDB state store provider correctly
[SPARK-44805] - Data lost after union using spark.sql.parquet.enableNestedColumnVectorizedReader=true
[SPARK-44840] - array_insert() give wrong results for ngative index
[SPARK-44843] - flaky test: RocksDBStateStoreStreamingAggregationSuite
[SPARK-44880] - Remove unnecessary curly braces at the end of the thread locks info
[SPARK-44910] - Encoders.bean does not support superclasses with generic type arguments
[SPARK-44971] - [BUG Fix] PySpark StreamingQuerProgress fromJson
[SPARK-44973] - Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-45014] - Clean up fileserver when cleaning up files, jars and archives in SparkContext
[SPARK-45057] - Deadlock caused by rdd replication level of 2
[SPARK-45072] - Fix Outerscopes for same cell evaluation
[SPARK-45075] - Alter table with invalid default value will not report error
[SPARK-45078] - The ArrayInsert function should make explicit casting when element type not equals derived component type
[SPARK-45081] - Encoders.bean does no longer work with read-only properties
[SPARK-45098] - Custom jekyll-rediect-from redirect.html template
[SPARK-45106] - percentile_cont gets internal error when user input fails runtime replacement's input type check
[SPARK-45117] - Implement missing otherCopyArgs for the MultiCommutativeOp expression
[SPARK-45124] - Do not use local user ID for Local Relations
[SPARK-45132] - Fix IDENTIFIER clause for functions
[SPARK-45142] - Specify the range for Spark Connect dependencies in pyspark base image
[SPARK-45167] - Python Spark Connect client does not call `releaseAll`
[SPARK-45171] - GenerateExec fails to initialize non-deterministic expressions before use
[SPARK-45182] - Ignore task completion from old stage after retrying indeterminate stages
[SPARK-45205] - Since version 3.2.0, Spark SQL has taken longer to execute "show paritions",probably because of changes introduced by SPARK-35278
[SPARK-45211] - Scala 2.13 daily test failed
[SPARK-45227] - Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend where an executor process randomly gets stuck
[SPARK-45237] - Correct the default value of `spark.history.store.hybridStore.diskBackend` in `monitoring.md`
[SPARK-45255] - Spark connect client failing with java.lang.NoClassDefFoundError
[SPARK-45291] - Use unknown query execution id instead of no such app when id is invalid
[SPARK-45306] - Make `InMemoryColumnarBenchmark` use AQE-aware utils to collect plans
[SPARK-45311] - Encoder fails on many "NoSuchElementException: None.get" since 3.4.x, search for an encoder for a generic type, and since 3.5.x isn't "an expression encoder"
[SPARK-45346] - Parquet schema inference should respect case sensitive flag when merging schema
[SPARK-45371] - FIx shading problem in Spark Connect
[SPARK-45383] - Missing case for RelationTimeTravel in CheckAnalysis
[SPARK-45389] - Correct MetaException matching rule on getting partition metadata
[SPARK-45424] - Regression in CSV schema inference when timestamps do not match specified timestampFormat
[SPARK-45430] - FramelessOffsetWindowFunctionFrame fails when ignore nulls and offset > # of rows
[SPARK-45433] - CSV/JSON schema inference when timestamps do not match specified timestampFormat with only one row on each partition report error
[SPARK-45449] - Cache Invalidation Issue with JDBC Table
[SPARK-45473] - Incorrect error message for RoundBase
[SPARK-45484] - Fix the bug that uses incorrect parquet compression codec lz4raw
[SPARK-45498] - Followup: Ignore task completion from old stage after retrying indeterminate stages
[SPARK-45508] - Add "--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED" so Platform can access cleaner on Java 9+
[SPARK-45543] - InferWindowGroupLimit causes bug if the other window functions haven't the same window frame as the rank-like functions
[SPARK-45561] - Convert TINYINT catalyst properly in MySQL Dialect
[SPARK-45580] - Subquery changes the output schema of the outer query
[SPARK-45584] - Execution fails when there are subqueries in TakeOrderedAndProjectExec
[SPARK-45592] - AQE and InMemoryTableScanExec correctness bug
[SPARK-45604] - Converting timestamp_ntz to array<timestamp_ntz> can cause NPE or SEGFAULT on parquet vectorized reader
[SPARK-45616] - Usages of ParVector are unsafe because it does not propagate ThreadLocals or SparkSession
[SPARK-45631] - Broken backward compatibility in PySpark: StreamingQueryListener due to the addition of onQueryIdle
[SPARK-45670] - SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45678] - Cover BufferReleasingInputStream.available under tryOrFetchFailedException
[SPARK-45786] - Inaccurate Decimal multiplication and division results
[SPARK-45791] - Rename `SparkConnectSessionHodlerSuite.scala` to `SparkConnectSessionHolderSuite.scala`
[SPARK-45814] - ArrowConverters.createEmptyArrowBatch may cause memory leak
[SPARK-45847] - CliSuite flakiness due to non-sequential guarantee for stdout&stderr
[SPARK-45878] - ConcurrentModificationException in CliSuite
[SPARK-45883] - Upgrade ORC to 1.9.2
[SPARK-45896] - Expression encoding fails for Seq/Map of Option[Seq/Date/Timestamp/BigDecimal]
[SPARK-45920] - group by ordinal should be idempotent
[SPARK-45935] - Fix RST files link substitutions error
[SPARK-45943] - DataSourceV2Relation.computeStats throws IllegalStateException in test mode
[SPARK-45963] - Restore documentation for DSv2 API
[SPARK-46006] - YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46014] - Run RocksDBStateStoreStreamingAggregationSuite on a dedicated JVM
[SPARK-46016] - Fix pandas API support list properly
[SPARK-46019] - Fix HiveThriftServer2ListenerSuite and ThriftServerPageSuite to create java.io.tmpdir if it doesn't exist
[SPARK-46033] - Fix flaky ArithmeticExpressionSuite
[SPARK-46062] - CTE reference node does not inherit the flag `isStreaming` from CTE definition node
[SPARK-46064] - EliminateEventTimeWatermark does not consider the fact that isStreaming flag can change for current child during resolution
[SPARK-46092] - Overflow in Parquet row group filter creation causes incorrect results
[SPARK-46189] - Various Pandas functions fail in interpreted mode
[SPARK-46239] - Hide Jetty info
[SPARK-46274] - Range operator computeStats() proper long conversions
[SPARK-46275] - Protobuf: Permissive mode should return null rather than struct with null fields
[SPARK-46330] - Loading of Spark UI blocks for a long time when HybridStore enabled
[SPARK-46339] - Directory with number name should not be treated as metadata log
[SPARK-46388] - HiveAnalysis misses pattern guard `query.resolved`
[SPARK-46396] - LegacyFastTimestampFormatter.parseOptional should not throw exception
[SPARK-46443] - Decimal precision and scale should decided by JDBC dialect.
[SPARK-46453] - SessionHolder doesn't throw exceptions from internalError()
[SPARK-46464] - Fix the scroll issue of tables when overflow
[SPARK-46466] - vectorized parquet reader should never do rebase for timestamp ntz
[SPARK-46478] - Revert SPARK-43049
[SPARK-46480] - Fix NPE when table cache task attempt
[SPARK-46514] - Fix HiveMetastoreLazyInitializationSuite
[SPARK-46535] - NPE when describe extended a column without col stats
[SPARK-46546] - Fix the formatting of tables in `running-on-yarn` pages
[SPARK-46562] - Remove retrieval of `keytabFile` from `UserGroupInformation` in `HiveAuthFactory`
[SPARK-46577] - HiveMetastoreLazyInitializationSuite leaks hive's SessionState
[SPARK-46590] - Coalesce partiton assert error after skew join optimization
[SPARK-46598] - OrcColumnarBatchReader should respect the memory mode when creating column vectors for the missing column
[SPARK-46602] - CREATE VIEW IF NOT EXISTS should never throw `TABLE_OR_VIEW_ALREADY_EXISTS` exception
[SPARK-46609] - avoid exponential explosion in PartitioningPreservingUnaryExecNode
[SPARK-46640] - RemoveRedundantAliases does not account for SubqueryExpression when removing aliases
[SPARK-46663] - Disable memory profiler for pandas UDFs with iterators
[SPARK-46676] - dropDuplicatesWithinWatermark throws error on canonicalizing plan
[SPARK-46684] - CoGroup.applyInPandas/Arrow should pass arguments properly
[SPARK-46700] - count the last spilling for the shuffle disk spilling bytes metric
[SPARK-46747] - Too Many Shared Locks due to PostgresDialect.getTableExistsQuery - LIMIT 1
[SPARK-46763] - ReplaceDeduplicateWithAggregate fails when non-grouping keys have duplicate attributes
[SPARK-46769] - Refine timestamp related schema inference
[SPARK-46779] - Grouping by subquery with a cached relation can fail
[SPARK-46786] - Fix MountVolumesFeatureStep to use ReadWriteOncePod instead of ReadWriteOnce
[SPARK-46794] - Incorrect results due to inferred predicate from checkpoint with subquery
[SPARK-46796] - RocksDB versionID Mismatch in SST files
[SPARK-46855] - Add `sketch` to the dependencies of the `catalyst` module in `module.py`
[SPARK-46861] - Avoid Deadlock in DAGScheduler
[SPARK-46862] - Incorrect count() of a dataframe loaded from CSV datasource
[SPARK-46893] - Remove inline scripts from UI descriptions
[SPARK-46945] - Add `spark.kubernetes.legacy.useReadWriteOnceAccessMode` for old K8s clusters
[SPARK-47019] - AQE dynamic cache partitioning causes SortMergeJoin to result in data loss
[SPARK-47022] - Fix `connect/client/jvm` to have explicit `commons-lang3` test dependency
[SPARK-47053] - Docker image for release has to bump versions of some python libraries for 3.5.1
New Feature
[SPARK-45360] - Initialize spark session builder configuration from SPARK_REMOTE
[SPARK-45706] - Makes entire Binder build fails fast during setting up
[SPARK-45735] - Reenable CatalogTests without Spark Connect
[SPARK-46732] - Propagate JobArtifactSet to broadcast execution thread
Apache Kafka 3.7.0
New Feature:
[KAFKA-9800] - [KIP-580] Client Exponential Backoff Implementation
[KAFKA-15215] - The default.dsl.store config is not compatible with custom state stores
[KAFKA-15428] - Cluster-wide dynamic log adjustments for Connect
[KAFKA-15445] - KIP-975: Docker Image for Apache Kafka
[KAFKA-15448] - Streams StandbyTaskUpdateListener
[KAFKA-15470] - Allow creating connectors in a stopped state
Improvement:
[KAFKA-9693] - Kafka latency spikes caused by log segment flush on roll
[KAFKA-10199] - Separate state restoration into separate threads
[KAFKA-14127] - KIP-858: Handle JBOD broker disk failure in KRaft
[KAFKA-14780] - Make RefreshingHttpsJwksTest#testSecondaryRefreshAfterElapsedDelay deterministic
[KAFKA-14855] - Harden integration testing logic for asserting that a connector is deleted
[KAFKA-14912] - Introduce a configuration for remote index cache size, preferably a dynamic config.
[KAFKA-15022] - Support rack aware task assignment in Kafka streams
[KAFKA-15046] - Produce performance issue under high disk load
[KAFKA-15047] - Handle rolling segments when the active segment's retention is breached incase of tiered storage is enabled.
[KAFKA-15141] - High CPU usage with log4j2
[KAFKA-15147] - Measure pending and outstanding Remote Segment operations
[KAFKA-15208] - Upgrade Jackson dependencies to version 2.16.0
[KAFKA-15241] - Compute tiered offset by keeping the respective epochs in scope.
[KAFKA-15248] - Add BooleanConverter to Kafka Connect
[KAFKA-15273] - Log common name of expired client certificate
[KAFKA-15315] - Use getOrDefault rather than get
[KAFKA-15401] - Segment with corrupted index should not be uploaded to remote storage
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15418] - Update statement on decompression location
[KAFKA-15432] - RLM Stop partitions should not be invoked for non-tiered storage topics
[KAFKA-15464] - Allow dynamic reloading of certificates with different DN / SANs
[KAFKA-15471] - Allow independently stop KRaft controllers or brokers
[KAFKA-15476] - Improve checkstyle performance
[KAFKA-15485] - Support building with Java 21 (LTS release)
[KAFKA-15492] - Enable spotbugs when building with Java 21
[KAFKA-15493] - Ensure system tests work with Java 21
[KAFKA-15521] - Refactor build.gradle to align gradle swagger plugin with swagger dependencies
[KAFKA-15527] - Add reverseRange and reverseAll query over kv-store in IQv2
[KAFKA-15536] - dynamically resize remoteIndexCache
[KAFKA-15542] - Release member assignments on errors
[KAFKA-15563] - Provide informative error messages when Connect REST requests time out
[KAFKA-15566] - Flaky tests in FetchRequestTest.scala in KRaft mode
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3
[KAFKA-15629] - proposal to introduce IQv2 Query Types: TimestampedKeyQuery and TimestampedRangeQuery
[KAFKA-15685] - Add missing compatibility for MinGW and MSYS2 (windows)
[KAFKA-15769] - Fix wrong log with exception
[KAFKA-15774] - Respect default.dsl.store Configuration Without Passing it to StreamsBuilder
[KAFKA-15831] - List Client Metrics Configuration Resources
[KAFKA-15837] - Throw error on use of Consumer.poll(long timeout)
[KAFKA-15866] - Refactor OffsetFetchRequestState Error handling to be more consistent with OffsetCommitRequestState
[KAFKA-15868] - KIP-951 - Leader discovery optimisations for the client
[KAFKA-15906] - Emit offset syncs more often than offset.lag.max for low-throughput/finite partitions
[KAFKA-15922] - Add MetadataVersion for JBOD
[KAFKA-15971] - Re-enable consumer integration tests for new consumer
[KAFKA-15980] - Add KIP-1001 CurrentControllerId metric
[KAFKA-16007] - ZK migrations can be slow for large clusters
[KAFKA-16210] - Upgrade jose4j to 0.9.4
Bug:
[KAFKA-12679] - Rebalancing a restoring or running task may cause directory livelocking with newly created task
[KAFKA-13327] - Preflight validations of connectors leads to 500 responses
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-13988] - Mirrormaker 2 auto.offset.reset=latest not working
[KAFKA-14067] - Sink connector override.consumer.group.id can conflict with worker group.id
[KAFKA-14616] - Topic recreation with offline broker causes permanent URPs
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-14927] - Prevent kafka-configs.sh from setting non-alphanumeric config key names
[KAFKA-15000] - High vulnerability PRISMA-2023-0067 reported in jackson-core
[KAFKA-15117] - SslTransportLayerTest.testValidEndpointIdentificationCN fails with Java 20 & 21
[KAFKA-15152] - Fix incorrect format specifiers when formatting string
[KAFKA-15221] - Potential race condition between requests from rebooted followers
[KAFKA-15230] - ApiVersions data between controllers is not reliable
[KAFKA-15311] - Fix docs about reverting to ZooKeeper mode during KRaft migration
[KAFKA-15372] - MM2 rolling restart can drop configuration changes silently
[KAFKA-15392] - RestServer starts but does not stop ServletContextHandler
[KAFKA-15412] - Reading an unknown version of quorum-state-file should trigger an error
[KAFKA-15465] - MM2 not working when its internal topics are pre-created on a cluster that disallows topic creation
[KAFKA-15473] - Connect connector-plugins endpoint shows duplicate plugins
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15489] - split brain in KRaft cluster
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15500] - Code bug in SslPrincipalMapper.java
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15507] - adminClient should not throw retriable exception when closing instance
[KAFKA-15510] - Follower's lastFetchedEpoch wrongly set when fetch response has no record
[KAFKA-15511] - Exception not handled correctly if indexFile is corrupted.
[KAFKA-15537] - Unsafe metadata.version downgrade is not supported
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15689] - KRaftMigrationDriver not logging the skipped event when expected state is wrong
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15695] - Local log start offset is not updated on the follower after rebuilding remote log auxiliary state
[KAFKA-15704] - ControllerRegistrationRequest must set ZkMigrationReady field if appropriate
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15817] - Avoid reconnecting to the same IP address if multiple addresses are available
[KAFKA-15819] - KafkaServer leaks KafkaRaftManager when ZK migration enabled
[KAFKA-15824] - SubscriptionState's maybeValidatePositionForCurrentLeader should handle partition which isn't subscribed yet
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration
[KAFKA-15836] - KafkaConsumer subscribes to multiple topics does not respect max.poll.records
[KAFKA-15860] - ControllerRegistration must be written out to the metadata image
[KAFKA-15888] - DistributedHerder log context should not use the same client ID for each Connect worker by default
[KAFKA-15890] - Consumer.poll with long timeout unaware of assigned partitions
[KAFKA-15904] - Downgrade tests are failing with directory.idÂ
[KAFKA-15932] - Flaky test - PlaintextConsumerTest.testSeek("kraft+kip-848","consumer")
[KAFKA-15946] - AsyncKafkaConsumer should retry commits on the application thread instead of auto-retry
[KAFKA-15965] - Test failure: org.apache.kafka.common.requests.BrokerRegistrationRequestTest
[KAFKA-15967] - Fix revocation in reconcilation logic
[KAFKA-15978] - New consumer sends OffsetCommit with empty member ID
[KAFKA-15986] - New consumer group protocol integration test failures
[KAFKA-16005] - ZooKeeper to KRaft migration rollback missing disabling controller and migration configuration on brokers
[KAFKA-16012] - Incomplete range assignment in consumer
[KAFKA-16015] - kafka-leader-election timeout values always overwritten by default values
[KAFKA-16017] - Checkpointed offset is incorrect when task is revived and restoring
[KAFKA-16029] - Investigate cause of "Unable to find FetchSessionHandler for node X" in logs
[KAFKA-16046] - Stream Stream Joins fail after restoration with deserialization exceptions
[KAFKA-16078] - Be more consistent about getting the latest MetadataVersion
[KAFKA-16085] - remote copy lag bytes/segments metrics don't update all topic value
[KAFKA-16094] - BrokerRegistrationRequest.logDirs field must be ignorable
[KAFKA-16101] - KRaft migration rollback documentation is incorrect
[KAFKA-16120] - Fix partition reassignment during ZK migration
[KAFKA-16131] - Repeated UnsupportedVersionException logged when running Kafka 3.7.0-RC2 KRaft cluster with metadata version 3.6
[KAFKA-16133] - Commits during reconciliation always time out
[KAFKA-16141] - StreamsStandbyTask##test_standby_tasks_rebalanceArguments:{ “metadata_quorumâ€: “ISOLATED_KRAFTâ€, “use_new_coordinatorâ€: false} fails consistently in 3.7
[KAFKA-16144] - Controller leader checkQuorum timer should skip only 1 controller case
[KAFKA-16157] - Topic recreation with offline disk doesn't update leadership/shrink ISR correctly
[KAFKA-16162] - New created topics are unavailable after upgrading to 3.7
[KAFKA-16216] - Reduce batch size for initial metadata load during ZK migration
[KAFKA-16221] - IllegalStateException from Producer
Elasticsearch 8.12.2
Bug fixes:
Application:
Authentication:
Downsampling:
ES|QL:
Indices APIs:
Ingest Node:
Machine Learning:
Network:
Search:
Snapshot/Restore:
Transform:
Jenkins 2.446
Community reported issues: 2×JENKINS-72759
Keycloak 23.0.7
Enhancements:
Bugs:
Kibana 8.12.2
Bug Fixes:
Alerting:
Elastic Security:
For the Elastic Security 8.12.2 release information, refer to Elastic Security Solution Release Notes.
Fleet:
Machine Learning:
Management:
Observability:
Plugins:
Prometheus 2.50.0 and 2.50.1
[BUGFIX – 2.25.1] API: Fix metadata API using wrong field names. #13633
[CHANGE] Remote Write: Error storage.ErrTooOldSample is now generating HTTP error 400 instead of HTTP error 500. #13335
[FEATURE] Remote Write: Drop old inmemory samples. Activated using the config entry sample_age_limit. #13002
[FEATURE] Experimental: Add support for ingesting zeros as created timestamps. (enabled under the feature-flag created-timestamp-zero-ingestion). #12733 #13279
[FEATURE] Promtool: Add analyze histograms command. #12331
[FEATURE] TSDB/compaction: Add a way to enable overlapping compaction. #13282 #13393 #13398
[FEATURE] Add automatic memory limit handling. Activated using the feature flag. auto-gomemlimit #13395
[ENHANCEMENT] Promtool: allow specifying multiple matchers in promtool tsdb dump. #13296
[ENHANCEMENT] PromQL: Restore more efficient version of NewPossibleNonCounterInfo annotation. #13022
[ENHANCEMENT] Kuma SD: Extend configuration to allow users to specify client ID. #13278
[ENHANCEMENT] PromQL: Use natural sort in sort_by_label and sort_by_label_desc. This is experimental. #13411
[ENHANCEMENT] Native Histograms: support native_histogram_min_bucket_factor in scrape_config. #13222
[ENHANCEMENT] Native Histograms: Issue warning if histogramRate is applied to the wrong kind of histogram. #13392
[ENHANCEMENT] TSDB: Make transaction isolation data structures smaller. #13015
[ENHANCEMENT] TSDB/postings: Optimize merge using Loser Tree. #12878
[ENHANCEMENT] TSDB: Simplify internal series delete function. #13261
[ENHANCEMENT] Agent: Performance improvement by making the global hash lookup table smaller. #13262
[ENHANCEMENT] PromQL: faster execution of metric functions, e.g. abs(), rate() #13446
[ENHANCEMENT] TSDB: Optimize label values with matchers by taking shortcuts. #13426
[ENHANCEMENT] Kubernetes SD: Check preconditions earlier and avoid unnecessary checks or iterations in kube_sd. #13408
[ENHANCEMENT] Promtool: Improve visibility for promtool test rules with JSON colored formatting. #13342
[ENHANCEMENT] Consoles: Exclude iowait and steal from CPU Utilisation. #9593
[ENHANCEMENT] Various improvements and optimizations on Native Histograms. #13267, #13215, #13276 #13289, #13340
[BUGFIX] Scraping: Fix quality value in HTTP Accept header. #13313
[BUGFIX] UI: Fix usage of the function time() that was crashing. #13371
[BUGFIX] Azure SD: Fix SD crashing when it finds a VM scale set. #13578
RabbitMQ 3.13.0
This release includes several new features, optimizations, internal changes in preparation for RabbitMQ 4.x, and an updated documentation website. The user-facing areas that have seen the biggest improvements in this release are:
Bug Fixes:
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Nginx 1.25.4
*) Security: when using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation fault in a worker process (for SSL proxying) might occur if AIO was used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL proxying was used along with the "image_filter" directive and errors with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
Cassandra 4.1.4
* Memoize Cassandra verion and add a backoff interval for failed schema pulls (CASSANDRA-18902)
* Fix StackOverflowError on ALTER after many previous schema changes (CASSANDRA-19166)
* Fixed the inconsistency between distributedKeyspaces and distributedAndLocalKeyspaces (CASSANDRA-18747)
* Internode legacy SSL storage port certificate is not hot reloaded on update (CASSANDRA-18681)
* Nodetool paxos-only repair is no longer incremental (CASSANDRA-18466)
* Waiting indefinitely on ReceivedMessage response in StreamSession#receive() can cause deadlock (CASSANDRA-18733)
* Allow empty keystore_password in encryption_options (CASSANDRA-18778)
* Skip ColumnFamilyStore#topPartitions initialization when client or tool mode (CASSANDRA-18697)
Merged from 4.0:
* Skip version check if an endpoint is dead state in Gossiper#upgradeFromVersionSupplier (CASSANDRA-19187)
* Fix Gossiper::hasMajorVersion3Nodes to return false during minor upgrade (CASSANDRA-18999)
* Revert unnecessary read lock acquisition when reading ring version in TokenMetadata introduced in CASSANDRA-16286 (CASSANDRA-19107)
* Support max SSTable size in sorted CQLSSTableWriter (CASSANDRA-18941)
* Fix nodetool repair_admin summarize-pending command to not throw exception (CASSANDRA-19014)
* Fix cassandra-stress in simplenative mode with prepared statements (CASSANDRA-18744)
* Fix filtering system ks sstables for relocation on startup (CASSANDRA-18963)
* Remove completed coordinator sessions (CASSANDRA-18903)
* Make StartupConnectivityChecker only run a connectivity check if there are no nodes which are running a version prior to Cassandra 4 (CASSANDRA-18968)
* Retrieve keyspaces metadata and schema version concistently in DescribeStatement (CASSANDRA-18921)
* Gossip NPE due to shutdown event corrupting empty statuses (CASSANDRA-18913)
* Fix closing iterator in SecondaryIndexBuilder (CASSANDRA-18361)
* Update hdrhistogram to 2.1.12 (CASSANDRA-18893)
* Improve performance of compactions when table does not have an index (CASSANDRA-18773)
* JMH improvements - faster build and async profiler (CASSANDRA-18871)
* Enable 3rd party JDK installations for Debian package (CASSANDRA-18844)
* Fix NTS log message when an unrecognized strategy option is passed (CASSANDRA-18679)
* Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582)
* Migrate Python optparse to argparse (CASSANDRA-17914)
Merged from 3.11:
* Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756)
* Revert CASSANDRA-18543 (CASSANDRA-18854)
* Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739)
Merged from 3.0:
* Suppress CVE-2023-6378 (CASSANDRA-19142)
* Do not set RPC_READY to false on transports shutdown in order to not fail counter updates for deployments with coordinator and storage nodes with transports turned off (CASSANDRA-18935)
* Suppress CVE-2023-44487 (CASSANDRA-18943)
* Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935)
* Implement the logic in bin/stop-server (CASSANDRA-18838)
* Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878)
* Add cqlshrc.sample and credentials.sample into Debian package (CASSANDRA-18818)
* Refactor validation logic in StorageService.rebuild (CASSANDRA-18803)
* Make alternation of a user type validate the same way as creation of a user type does (CASSANDRA-18585)
* CQLSH emits a warning when the server version doesn't match (CASSANDRA-18745)
* Fix missing speculative retries in tablestats (CASSANDRA-18767)
* Fix Requires for Java for RPM package (CASSANDRA-18751)
* Fix CQLSH online help topic link (CASSANDRA-17534)
* Remove unused suppressions (CASSANDRA-18724)
Node.js 21.6.2
This is a security release.
Notable changes:
- CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- undici version 5.28.3
- libuv version 1.48.0
- OpenSSL version 3.0.13+quic1
Angular 17.2.1
-fix broken version detection condition
Camel 4.4.0
BUG (36):
CAMEL-20401 camel-kudu: Potential NullPointerException on endpoint stop
CAMEL-20399 String to short type conversion fails
CAMEL-20394 camel-jbang wrong transformation when rests and routes tags are used together
CAMEL-20392 camel-jq - Inclined jq in simple language should keep quotes
CAMEL-20380 Kafka Batch Consumer: doesn't honor the poll timeout set
CAMEL-20378 Languages that can take source from header or property is not thread safe
CAMEL-20375 Camel-ical: Camel-20370 brought a NPE in some cases
CAMEL-20373 camel-kafka - KafkaIdempotentRepository may allow some duplicates after application restart
CAMEL-20370 dataformat configurer is not generated for camel-beanio
CAMEL-20362 Camel-Netty-HTTP: Headers validation should be enabled by default
CAMEL-20356 camel-core - LoggerHelper returns wrong name for source code line precise
CAMEL-20354 camel-jbang - Using camel run --source-dir component should be able to load from classpath
CAMEL-20352 camel.springboot.includeNonSingletons is not respected anymore: prototype Route Builders are always initialized.
CAMEL-20351 Camel Jbang execution from remote file doesn't work anymore
CAMEL-20350 camel-observation - Null values should be null instead of a string null literal value
CAMEL-20349 camel-salesforce: ClassCastException when a request is retried after a 401
CAMEL-20342 camel-openapi-java - NPE in OpenApiHelper
CAMEL-20340 camel-jbang - camel dependency list throws Exception for dataformats
CAMEL-20339 camel-yaml-dsl - Saga EIP with options causes NPE
CAMEL-20334 AWS S3 cloudevents data type does not set proper data Content-Type
CAMEL-20307 camel-quickfix -Queue Full
CAMEL-20301 Camel retains objects when restarting route via policy
CAMEL-20292 Probable bug in DependencyDownloaderConsole - inverted flags in output
CAMEL-20280 camel-jcache - JCachePolicy does not init bypassExpression
CAMEL-20262 camel-spring-boot - TomcatEmbeddedWebappClassLoader return nested instead file in jar file path
CAMEL-20254 camel-http - pre-emptive authentication breaks basic auth
CAMEL-20250 camel-kinesis: resume API fails to resume properly
CAMEL-20248 camel-salesforce: Most integration tests failing
CAMEL-20239 Camel-Azure-Files: The component doesn't set account parameter on the URI
CAMEL-20232 camel-core - Kamelets with Enrich and PollEnrich dynamic endpoints with template parameters
CAMEL-20218 KafkaIdempotentRepository cache incorrectly flagged as ready
CAMEL-20121 camel-smpp SMPPSession should be closed after receiving Unbind from peer
CAMEL-19849 camel-zipfile: fails to release exchange due to Exceptions
CAMEL-19262 camel-azure-eventbus - Apache Camel wrapper for Service Bus stops receiving message.
CAMEL-17722 MDC - custom properties in MDC Unit Of Work are not cleared at the end of route
CAMEL-17721 MDC - custom MDC property value is fixed to first assigned value by MDCUnitOfWork
DEPENDENCY UPGRADE (6):
CAMEL-20344 camel-spring-boot - Upgrade to 3.2.2
CAMEL-20278 Upgrade Wildfly Elytron to 2.x version
CAMEL-20116 Upgrade to Jackson BOM 2.16.0
CAMEL-19971 Camel-Consul: Consul-client repository is now read only
CAMEL-19722 camel-etcd3 - Upgrade jedtc to 0.7.6
CAMEL-19620 camel-coap - Upgrade to Californium Scandium 3.x
IMPROVEMENT (51):
CAMEL-20409 camel-core - ModelReifierFactory should detect custom on classpath
CAMEL-20403 Support Knative broker as source/sink in Pipe
CAMEL-20400 Support for Knative SinkBinding
CAMEL-20398 camel-kubernetes - Add option on component to create kubernetes client
CAMEL-20396 camel-kudu: Allow KuduClient to be autowired
CAMEL-20391 camel-core - All languages should support expression loaded from external resource
CAMEL-20387 camel-tracing - Use case insensitive headers
CAMEL-20386 camel-jq - Add @JQ for bean annotation
CAMEL-20382 camel-kafka - RecordMetadata header should be named like the other headers
CAMEL-20376 camel-xpath - XPath language add support for variables
CAMEL-20369 camel-beanio - Bring back beanio as v3
CAMEL-20365 camel-ftp - Add option to configure yes/no answer to create known host file
CAMEL-20364 camel-jms - Remove JMSCorrelationIDAsBytes header as its not needed
CAMEL-20363 camel-jms - Make getting JMSCorrelationID more robust for brokers that has bugs
CAMEL-20359 camel-groovy - Consistent name to refer to exchangeProperties
CAMEL-20358 camel-microprofile-config: CamelMicroProfilePropertiesSource should consider active profiles when loading properties
CAMEL-20355 Throttle EIP: milliseconds not available anymore
CAMEL-20346 camel-core - Simple language contains function can be improved
CAMEL-20345 camel-core - Simple binary operator in predicates better detected by predicate parser
CAMEL-20308 Change order of camel-spring-boot-bom and spring-boot-dependencies in dependencyManamgent
CAMEL-20306 Camel-CassandraQL: Add ObjectInputFilter String pattern parameter in CassandraAggregationRepository to be used in unmarshall operations
CAMEL-20303 Camel-Sql: Add ObjectInputFilter String pattern parameter in JdbcAggregationRepository to be used in unmarshall operations
CAMEL-20298 Enhancing JSONata Compatibility for Full Reference Port
CAMEL-20281 Camel-AWS Components: Make it possible to use AwsSessionCredentials to support temporary credentials
CAMEL-20275 components - Mark options that can are used for text inputs such as a SQL query
CAMEL-20274 camel-management - Add option to allow updating routes
CAMEL-20273 camel-jbang - Stub dataformat and language during export
CAMEL-20271 Camel-AWS-Cloudtrail: Improve consumers by adding more information as exchange headers
CAMEL-20258 [JBang] Use quartz out of the box for camel-cron
CAMEL-20253 camel-jbang - Add support for jolokia 2.x
CAMEL-20249 camel-jbang - Reload routes with micrometer should clean up old routes
CAMEL-20247 Rework Dynamic Router EIP Component
CAMEL-20246 camel-core - WireTap should not create correlated exchange copy
CAMEL-20245 camel-jbang - Startup should log http summary if already started such as when using supervised route controller
CAMEL-20243 camel-main - Move route controller options into its own group
CAMEL-20242 camel-routes health check reports UP right before routes were attempted to be setup when using supervising route controller
CAMEL-20241 camel-jbang - Pretty print xml body should not have noisy empty lines
CAMEL-20238 Add spring-boot-starter-jdbc dependency to camel-spring-jdbc-starter
CAMEL-20236 camel-salesforce: add missing properties to bulk 2.0 Job class
CAMEL-20233 camel-jbang - camel catalog other does not list kotlin-dsl
CAMEL-20231 camel-jasypt - make generators configurable
CAMEL-20230 camel-core - PollEnrich and Enrich EIP should eager start component if possible
CAMEL-20228 camel-jbang - camel export doesn't recognize component in pollenrich
CAMEL-20219 Add Protobuf data type transformer
CAMEL-20202 camel-azure - Consumers should avoid loading entire payload into memory
CAMEL-19956 camel-jbang - Run with custom log4j2.properties file
CAMEL-19413 camel-parquet-avro: add some defaulted values as options on dataformat to make it more configurable
CAMEL-19411 camel-kamelet - Should be using noErrorHandler
CAMEL-18969 Support mongodb connection string/uri to configure camel-mongodb component
CAMEL-18590 Camel-Azure components: Define a unique configuration for authentication
CAMEL-14028 Allow DataFormats to unmarshal known data formats without first converting to bytes
NEW FEATURE (25):
CAMEL-20408 camel-core - Tracer should include exchange variables
CAMEL-20406 camel-core - Route scoped variables
CAMEL-20379 [camel-test-infra-cli] Improve container configuration, adding external maven repositories
CAMEL-20338 Camel JMS producer should add headers
CAMEL-20336 Add a WebAssembly component and language
CAMEL-20333 Kotlin API
CAMEL-20289 camel-core - FluentProducerTemplate - Add withVariable and withProperty
CAMEL-20288 camel-core - Convert header and variable To another name
CAMEL-20286 camel-netty: add support for native transport over KQueue
CAMEL-20285 camel-json-validator: Add ability to configure ObjectMapper using endpoint properties
CAMEL-20277 camel-grpc: gRPC proxy with streaming
CAMEL-20270 Introduce plugins for Camel JBang
CAMEL-20251 Add Camel K commands to Camel JBang
CAMEL-20229 Camel-Azure-Storage-Queue: Add CloudEvents Data Type Transformer
CAMEL-20223 Camel-Spring-Boot: Camel Azure Key Vault should Support Azure Identity in the component and secrets function
CAMEL-20220 Camel Azure Key Vault: Support Azure Identity in the component and secrets function
CAMEL-19749 camel-core - Allow users to use variables in route to store data instead of headers
CAMEL-19241 Adding a Kafka Batch Consumer
CAMEL-18559 Components which do remote communication should be marked as such
CAMEL-18082 camel-jbang - Prompt mode for required values
CAMEL-17825 Hash generator in the Simple language
CAMEL-17719 camel-salesforce: allow to retrieve CDC json schema from meta service
CAMEL-16064 camel-kafka - Add batching consumer
CAMEL-15570 camel-jte - Template Engine component
CAMEL-15252 Google Pubsub Component manual acknowledgement mode
Tomcat 10.1.19
Catalina:
tomcat-enbed-core.jar
by removing reference to org.apache.catalina.ssi
package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt)\r\n
sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt)ApplicationHttpRequest
and ApplicationRequest
. (markt)Coyote:
null
value for a cookie attribute should remove the attribute. (markt)AsyncListener.onError()
has returned to the container, only container threads can access the AsyncContext
. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext
.SSLContext
instances configured on SSLHostConfigCertificate
instances. Based on pull request #673 provided by Hakan Altındağ. (markt)String
for request URI, HTTP header names and the request Content-Type
value to improve performance by reducing repeated byte[]
to String
conversions. (markt)Jasper:
WebSocket:
UpgradeProcessor
leak in some circumstances. (markt)Web Applications:
Other:
Docker compose 2.24.6
Fixes:
Internal:
Grafana 10.3.3
Bug fixes:
Kubernetes 1.29.2
Feature:
Bug or Regression:
PHP Interpreter 8.3.3
Core:
Fixed timer leak in zend-max-execution-timers builds.
Fixed bug GH-12349 (linking failure on ARM with mold).
Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception).
Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed when used in trait).
Fixed bug GH-13215 (GCC 14 build failure).
Curl:
Fix missing error check in curl_multi_init().
FPM:
Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).
GD:
Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90).
LibXML:
Fix crashes with entity references and predefined entities.
MySQLnd:
Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes).
Opcache:
Fixed bug GH-13145 (strtok() is not comptime).
Fixed type inference of range().
Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on).
OpenSSL:
Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).
PDO_Firebird:
Fix GH-13119 (Changed to convert float and double values into strings using `H` format).
Phar:
Fixed bug #71465 (PHAR doesn't know about litespeed).
Fixed bug GH-13037 (PharData incorrectly extracts zip file).
Random:
Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines).
Session:
Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader).
Standard:
Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault).
Streams:
Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail).
RabbitMQ 3.12.13
Core Broker
Bug Fixes:
CLI Tools
Enhancement:
GitHub issue: #10461
Bug Fixes:
Stream Plugin
Bug Fixes:
Management Plugin
Bug Fixes:
Shovel Plugin
Bug Fixes:
Federation Plugin
Bug Fixes:
Solr 9.5.0
New Features (3):
Improvements (24):
Optimizations (2):
Bug Fixes (11):
AWX 23.8.1
What's Changed:
AWX Operator:
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Apache Kafka 3.6.1
Improvement:
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3
Bug:
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration
GitLab Security Release: 16.8.2, 16.7.5, 16.6.7
Table of fixes:
Title | Severity |
---|---|
Restrict group access token creation for custom roles | Medium |
Project maintainers can bypass group's scan result policy block_branch_modification setting | Medium |
ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax | Medium |
Resource exhaustion using GraphQL vulnerabilitiesCountByDay | Medium |
Elasticsearch 8.12.1
Bug fixes:
Allocation
Application
Data streams
Downsampling
ES|QL
Infra/Resiliency
Ingest Node
Machine Learning
Network
Search
Snapshot/Restore
TSDB
Transform
Kibana 8.12.1
Enhancements:
Elastic Security
Observability
Bug Fixes:
Alerting
APM
Dashboard
Elastic Security
Fleet
Lens & Visualizations
Machine Learning
Security
Plugins:
Http Filter - 1.5.1
Syslog_pri Filter - 3.2.1:
Logstash Integration - 1.0.2
PostgreSQL 16.2
E.1.2. Changes:
Sonatype Nexus Repository 3.65.0
NEXUS-34334:
NEXUS-34968:
NEXUS-36807:
NEXUS-39665:
NEXUS-39881:
NEXUS-40111:
NEXUS-40213:
NEXUS-40378:
NEXUS-40680:
NEXUS-40987:
NEXUS-40994:
NEXUS-41211:
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
Full Changelog
EtcD 3.5.12
etcd server
Dependencies
Jenkins 2.443
Community reported issues: 2×JENKINS-72592
Keycloak 23.0.6
Bugs
AWX 23.7.0
What's Changed
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Jenkins 2.442
Arbitrary file read vulnerability through the CLI can lead to RCE
SECURITY-3314 / CVE-2024-23897
Severity (CVSS): Critical
Description:
Apache Cassandra 4.0.12
* Skip version check if an endpoint is dead state in Gossiper#upgradeFromVersionSupplier (CASSANDRA-19187)
* Fix Gossiper::hasMajorVersion3Nodes to return false during minor upgrade (CASSANDRA-18999)
* Revert unnecessary read lock acquisition when reading ring version in TokenMetadata introduced in CASSANDRA-16286 (CASSANDRA-19107)
* Support max SSTable size in sorted CQLSSTableWriter (CASSANDRA-18941)
* Fix nodetool repair_admin summarize-pending command to not throw exception (CASSANDRA-19014)
* Fix cassandra-stress in simplenative mode with prepared statements (CASSANDRA-18744)
* Fix filtering system ks sstables for relocation on startup (CASSANDRA-18963)
* Remove completed coordinator sessions (CASSANDRA-18903)
* Make StartupConnectivityChecker only run a connectivity check if there are no nodes which are running a version prior to Cassandra 4 (CASSANDRA-18968)
* Retrieve keyspaces metadata and schema version concistently in DescribeStatement (CASSANDRA-18921)
* Gossip NPE due to shutdown event corrupting empty statuses (CASSANDRA-18913)
* Synchronize CQLSSTableWriter#build on the Schema.instance object (CASSANDRA-18317)
* Fix closing iterator in SecondaryIndexBuilder (CASSANDRA-18361)
* Update hdrhistogram to 2.1.12 (CASSANDRA-18893)
* Improve performance of compactions when table does not have an index (CASSANDRA-18773)
* JMH improvements - faster build and async profiler (CASSANDRA-18871)
* Enable 3rd party JDK installations for Debian package (CASSANDRA-18844)
* Fix NTS log message when an unrecognized strategy option is passed (CASSANDRA-18679)
* Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582)
* Migrate Python optparse to argparse (CASSANDRA-17914)
Merged from 3.11:
* Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756)
* Revert CASSANDRA-18543 (CASSANDRA-18854)
* Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739)
* Moved jflex from runtime to build dependencies (CASSANDRA-18664)
Merged from 3.0:
* Suppress CVE-2023-6378 (CASSANDRA-19142)
* Do not set RPC_READY to false on transports shutdown in order to not fail counter updates for deployments with coordinator and storage nodes with transports turned off (CASSANDRA-18935)
* Suppress CVE-2023-44487 (CASSANDRA-18943)
* Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935)
* Implement the logic in bin/stop-server (CASSANDRA-18838)
* Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878)
* Add cqlshrc.sample and credentials.sample into Debian package (CASSANDRA-18818)
* Refactor validation logic in StorageService.rebuild (CASSANDRA-18803)
* Make alternation of a user type validate the same way as creation of a user type does (CASSANDRA-18585)
* Backport of CASSANDRA-16905 Further restrict schema column drop/recreate conversions (CASSANDRA-18760)
* CQLSH emits a warning when the server version doesn't match (CASSANDRA-18745)
* Fix missing speculative retries in tablestats (CASSANDRA-18767)
* Fix Requires for Java for RPM package (CASSANDRA-18751)
* Fix CQLSH online help topic link (CASSANDRA-17534)
* Remove unused suppressions (CASSANDRA-18724)
ActiveMQ Artemis 2.32.0
Bug:
* [ARTEMIS-4415] - org.apache.activemq.artemis.tests.integration.server.LVQTest#testMultipleMessages fails intermittently
* [ARTEMIS-4585] - Mirror may fail with previously created SNF queues if metrics plugin is in use
Improvement:
* [ARTEMIS-4579] - Add the *FirstMessage* API for scheduled messages
Docker Compose 2.24.3
Internal:
introduce stopAndRemoveContainer to share logic scaling down
Grafana 10.3.1
-Navigation updates*
-Table data in PDF reports
-Dashboards and visualizations
-Canvas visualization supports pan and zoom
-Data visualization quality of life improvements
-New Transformations UI experience and documentation upgrades
-Profiles
-Alerting
Wildfly 31.0.0
Application Server Features
Keycloak 23.0.5
Fix compilation error with ServerInfoAdminResource
Fix logic error in AbstractOAuth2IdentityProvider
fixed possible undefined enabled flag
Fix search in group picker dialog
Fix missing CRD metadata in Operator CSV
Fix typo in the balloon help of SAML Username Template Importer
Revert "Fix lowerCaseHostname to lower-case scheme and host properly"
Node.js 21.6.1
This release fixes a bug in undici using WebStreams
Commits:
[662ac95729] - Revert "stream: fix cloned webstreams not being unref'd" (Matteo Collina) #51491
Prometheus 2.45.3
This release contains security fixes in dependencies and has been built with go1.21.6. #13450.
[BUGFIX] TSDB: Remove double memory snapshot on shutdown. #13110
This week, read about:
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Solr 9.4.1
Bug Fixes:
Non-Security Based Updates
MySQL 8.3.6
Audit Log Notes:
audit_log_read
(
audit_log_read_bookmark
() )
led to an Out of memory error. (Bug #35957453)-DWITH_ZLIB=system
check. (Bug #35968195)no-error=deprecated-declarations
flag to no-deprecated-declarations
for the OpenSSL 3 library.Our thanks to karry zhang for the contribution. (Bug #112209, Bug #35755328)
HASH
field to check for uniqueness. (Bug #109548, Bug #34959356)A8D3785C
) used to sign MySQL downloadable packages has been updated. The previous GnuPG build key (3A79BD29
) expired on 2023-12-14. For information about verifying the integrity and authenticity of MySQL downloadable packages using GnuPG signature checking, or to obtain a copy of our public GnuPG build key, see Signature Checking Using GnuPG.Due to the GnuPG key update, systems configured to use repo.mysql.com
may report a signature verification error when upgrading to MySQL 8.0.36 and higher or to MySQL 8.3.0 and higher using apt
or yum
. Use one of the following methods to resolve this issue:
As of this release, all stored procedure micro instructions (statement/sp/%
), except statement/sp/stmt
, are disabled by default. (Bug #27934653)
MESSAGE_TEXT
data is now more efficient. (Bug #112621, Bug #35916912)AUTHENTICATION_PAM_LOG
environment variable used in debugging the PAM authentication plugin is changed as follows:AUTHENTICATION_PAM_LOG
to an arbitrary value (except as noted in the next item) no longer includes passwords in its diagnostic messages.AUTHENTICATION_PAM_LOG=PAM_LOG_WITH_SECRET_INFO
.For more information, see PAM Authentication Debugging. (Bug #74313, Bug #20042010)
Functionality Added or Changed:
innodb_validate_tablespace_paths
option will no longer be enforced and instead the MySQL server will proceed to validate all tablespaces. Otherwise, secondary indexes could end up corrupted. (Bug #35208990)Log_event
events in Performance Schema memory instrumentation made it appear as though the sql/replica_sql
thread on the replica grew endlessly and never decreased in size. (Bug #35546877)CREATE TABLE AS SELECT
caused the server to exit. (Bug #33934013)START GROUP_REPLICATION
while a replication channel was in an error state could lead to an unplanned server exit. (Bug #34724344)/opt/rh/gcc-toolset-12
), and they now check that the corresponding dwz tool is available. (Bug #36086236)handler::ha_index_end()
in handler.cc
. (Bug #35877600)MYSQL_FIREWALL
plugin was configured to use a custom schema, but failed to initialize properly during the server startup, subsequent errors and failures could occur. (Bug #35853298)GROUP BY
were not handled correctly. (Bug #35846402, Bug #35945822)References: This issue is a regression of: Bug #32918400.
MD5()
encryption function could halt the server. (Bug #35764496)CREATE TABLE ... SELECT
could stop the server unexpectedly. (Bug #35735937)UPDATE HISTOGRAM
did not behave as expected in all cases.UPDATE HISTOGRAM did not behave as expected in all cases. (Bug #35710404)
EXPLAIN ANALYZE
did not always produce the expected result. (Bug #35710383)References: This issue is a regression of: Bug #35184353.
HAVING
queries did not produce expected results. (Bug #35710183)OVER (PARTITION ...)
were not always executed successfully. (Bug #35627798)ROLLUP
were not always handled correctly. (Bug #35621842, Bug #35804794)INFO_BIN
and INFO_SRC
files are always installed. (Bug #35529968)INFO_SRC
file. (Bug #35400142)SELECT
statement within a prepared statement unexpectedly returned different results on successive executions. (Bug #35340987, Bug #35846585, Bug #35846873)References: This issue is a regression of: Bug #35060385.
SELECT DISTINCT
queries were not always handled correctly. (Bug #33725447)sql/field.cc
. (Bug #112503, Bug #35846221)SELECT AVG(...) OVER (PARTITION BY ...)
were not always handled correctly. (Bug #112460, Bug #35710179, Bug #35845413)ROLLUP
while the matching item was not. (Bug #111665, Bug #35498378, Bug #35570065, Bug #35826171)References: This issue is a regression of: Bug #33349994.
References: See also: Bug #110847, Bug #35340987.
musl
version of libc
.Our thanks to Sam James for the contribution. (Bug #110808, Bug #35330950)
Docker Compose 2.24.1
Fixes:
Internal:
Dependencies:
new item
page only if from
has a valid job name. (issue 66530)Elasticsearch 8.12.0
Breaking changes:
Notable changes:
There are notable changes in 8.12 that you need to be aware of but that we do not consider breaking, items that we may consider as notable changes are
Authorization:
ES|QL:
Infra/Plugins:
Bug fixes
Aggregations:
Application:
Authentication:
Authorization:
Data streams:
Distributed:
Downsampling:
EQL:
ES|QL:
Engine:
Geo:
ILM+SLM:
Indices APIs:
Infra/Core:
Infra/Node Lifecycle:
Infra/Plugins:
Infra/Scripting:
Infra/Settings:
Ingest Node:
License:
Machine Learning:
Monitoring:
Network:
Ranking:
Reindex:
Search:
Snapshot/Restore:
TSDB:
Transform:
Vector Search:
Watcher:
Enhancements
Aggregations:
Allocation:
Application:
Authentication:
Authorization:
CAT APIs:
CRUD:
Data streams:
Distributed:
EQL:
ES|QL:
Engine:
Geo:
Health:
ILM+SLM:
Indices APIs:
Infra/CLI:
Infra/Core:
Infra/Logging:
Ingest Node:
Machine Learning:
Mapping:
Monitoring:
Network:
Search:
Security:
Snapshot/Restore:
Stats:
Store:
Transform:
Vector Search:
New features
Application:
Authentication:
Cluster Coordination:
Data streams:
ES|QL:
Infra/Core:
Ingest Node:
Security:
Vector Search:
Regressions
Infra/Core:
Kibana 8.12.0
Breaking changes
Features:
Alerting:
APM:
Elastic Security:
For the Elastic Security 8.12.0 release information, refer to Elastic Security Solution Release Notes.
Elastic Search:
Fleet:
Lens & Visualizations:
Machine Learning:
Observability:
Security:
Uptime:
Logstash 8.12
New features and enhancements:
Notable issues fixed:
Updates to dependencies:
Documentation enhancements:
Plugins
Elasticsearch Input - 4.19.1:
Http Input - 3.8.0:
Elastic_enterprise_search Integration - 3.0.0:
Kafka Integration - 11.3.3:
Logstash Integration - 1.0.1:
Elasticsearch Output - 11.22.2:
Kubernetes 1.29.1
API Change:
Feature:
Bug or Regression:
Other (Cleanup or Flake):
Node.js 21.6.0
New connection attempt events
Three new events were added in the net.createConnection flow:
Changes to the Permission Model:
Other Notable Changes:
PHP 8.3.2
Core:
Cli:
DOM:
FFI:
Intl:
Hash:
ODBC:
Opcache:
OpenSSL:
PDO:
PDO_ODBC:
PGSQL:
Phar:
PHPDBG:
SimpleXML:
Tidy:
Prometheus 2.49.0 and 2.49.1
[FEATURE] Promtool: Add --run flag promtool test rules command. #12206
[FEATURE] SD: Add support for NS records to DNS SD. #13219
[FEATURE] UI: Add heatmap visualization setting in the Graph tab, useful histograms. #13096 #13371
[FEATURE] Scraping: Add scrape_config.enable_compression (default true) to disable gzip compression when scraping the target. #13166
[FEATURE] PromQL: Add a promql-experimental-functions feature flag containing some new experimental PromQL functions. #13103 NOTE: More experimental functions might be added behind the same feature flag in the future. Added functions:
Experimental mad_over_time (median absolute deviation around the median) function. #13059
Experimental sort_by_label and sort_by_label_desc functions allowing sorting returned series by labels. #11299
[FEATURE] SD: Add __meta_linode_gpus label to Linode SD. #13097
[FEATURE] API: Add exclude_alerts query parameter to /api/v1/rules to only return recording rules. #12999
[FEATURE] TSDB: --storage.tsdb.retention.time flag value is now exposed as a prometheus_tsdb_retention_limit_seconds metric. #12986
[FEATURE] Scraping: Add ability to specify priority of scrape protocols to accept during scrape (e.g. to scrape Prometheus proto format for certain jobs). This can be changed by setting global.scrape_protocols and scrape_config.scrape_protocols. #12738
[ENHANCEMENT] Scraping: Automated handling of scraping histograms that violate scrape_config.native_histogram_bucket_limit setting. #13129
[ENHANCEMENT] Scraping: Optimized memory allocations when scraping. #12992
[ENHANCEMENT] SD: Added cache for Azure SD to avoid rate-limits. #12622
[ENHANCEMENT] TSDB: Various improvements to OOO exemplar scraping. E.g. allowing ingestion of exemplars with the same timestamp, but with different labels. #13021
[ENHANCEMENT] API: Optimize /api/v1/labels and /api/v1/label/<label_name>/values when 1 set of matchers are used. #12888
[ENHANCEMENT] TSDB: Various optimizations for TSDB block index, head mmap chunks and WAL, reducing latency and memory allocations (improving API calls, compaction queries etc). #12997 #13058 #13056 #13040
[ENHANCEMENT] PromQL: Optimize memory allocations and latency when querying float histograms. #12954
[ENHANCEMENT] Rules: Instrument TraceID in log lines for rule evaluations. #13034
[ENHANCEMENT] PromQL: Optimize memory allocations in query_range calls. #13043
[ENHANCEMENT] Promtool: unittest interval now defaults to evaluation_intervals when not set. #12729
[BUGFIX] SD: Fixed Azure SD public IP reporting #13241
[BUGFIX] API: Fix inaccuracies in posting cardinality statistics. #12653
[BUGFIX] PromQL: Fix inaccuracies of histogram_quantile with classic histograms. #13153
[BUGFIX] TSDB: Fix rare fails or inaccurate queries with OOO samples. #13115
[BUGFIX] TSDB: Fix rare panics on append commit when exemplars are used. #13092
[BUGFIX] TSDB: Fix exemplar WAL storage, so remote write can send/receive samples before exemplars. #13113
[BUGFIX] Mixins: Fix url filter on remote write dashboards. #10721
[BUGFIX] PromQL/TSDB: Various fixes to float histogram operations. #12891 #12977 #12609 #13190 #13189 #13191 #13201 #13212 #13208
[BUGFIX] Promtool: Fix int32 overflow issues for 32-bit architectures. #12978
[BUGFIX] SD: Fix Azure VM Scale Set NIC issue. #13283
[BUGFIX] TSDB: Fixed a wrong q= value in scrape accept header #13313
As open source support experts, we monitor community projects to ensure our customers’ environments include the latest releases and are protected against emerging threats. We share what we learn about important open source news including software releases, trending topics, and other related information including upcoming OpenLogic events in our OpenUpdate Weekly newsletter.
Complete the form to receive an email message when we post a new OpenUpdate.
If you have any questions about the content in this week’s newsletter, or are interested in getting support for your open source software, please contact one of our experts.
Learn more about the content in this newsletter and how you can achieve your goals with your choice of open source software.