OpenUpdate - December 2, 2021

Stay Informed

This week, read about:

Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency.
Anjuna Security Software Secures Kubernetes Workloads and Sensitive Data Utilizing AWS Nitro Enclaves.
Toit Open-Source Language Claims to be 30x Faster Than MicroPython on ESP32.

Key Security, Maintenance, and Features Releases

Security Updates

Spring Security 5.6.0
DaoAuthenticationProviderTests#avg function doesn't return fraction #10426
Docs Should Use Section Summary #10449
MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session #10436
Revamp OAuth 2.0 Login/Client reactive documentation #8174

Non-Security Updates

Drools 7.61.0.Final
[DROOLS-6650] - kie-karaf-itests test failures in 7.59.x
[DROOLS-3330] - DMN Properties panel - UX enhancements

Firefox 94.0.2
Improved hangs experienced by users of assistive technology such as NVDA when installing Firefox through the Microsoft Store (bug 1736742)
Resolved general instability/crashes on Linux caused by a file descriptor leak when backgrounding tabs using WebGL (bug 1741997)
Updated preference design for Firefox Suggest for improved clarity.

Kubernetes 1.22.4
Kubernetes is now built with Golang 1.16.10 (#106223, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
Update debian-base, debian-iptables, setcap images to pick up CVE fixes
Debian-base to v1.9.0
Debian-iptables to v1.6.7
setcap to v2.0.4 (#106143, @cpanato) [SIG Release and Testing]

Narayana 5.12.4.Final
[JBTM-3511] - Produce a jakarta artifact for narayana-jts-integration
[JBTM-3545] - Produce jakarta artifacts for Narayana XTS
[JBTM-3546] - Produce jakarta artifacts for Narayana RTS
[JBTM-3547] - Produce a jakarta artifact for narayana.compensations

PHP 8.1.0, 8.0.13, 7.3.33 and 7.4.26
8.1.0
Fixed inclusion order for phpize builds on Windows.
Added missing hashtable insertion APIs for arr/obj/ref.
Implemented FR #77372 (Relative file path is removed from uploaded file).
Fixed bug #81607 (CE_CACHE allocation with concurrent access).
8.0.13
Fixed bug #81518 (Header injection via default_mimetype / default_charset).
Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
Fixed bug #81588 (TokyoCabinet driver leaks memory).
Fixed bug #76167 (mbstring may use pointer from some previous request).
7.3.33
Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
7.4.26
Fixed bug #81518 (Header injection via default_mimetype / default_charset).
Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
Fixed bug #76167 (mbstring may use pointer from some previous request).
Fixed bug #81494 (Stopped unbuffered query does not throw error).

SQLite 3.37.0
STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing.
When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated.
Added the PRAGMA table_list statement.

OpenUpdate - November 24, 2021

Stay Informed

This week, read about:

North Korean Hackers Found Behind a Range of Credential Theft Campaigns.
Apache CloudStack 4.16 Advances Open-Source Cloud Platform.
Daily Crunch: Microsoft Launches Loop, an Open Source, Real-Time Collaboration Tool.

Key Security, Maintenance, and Features Releases

Non-Security Updates

Apache Maven 3.8.4
[MNG-7270] - Maven startup script (init) calls which(1) which is an external command
[MNG-7285] - [Regression] MavenProject.getArtifacts() not returning correct value across multiple threads
[MNG-7300] - [Regression] Reloading web application (Enter) fails due to java.lang.ClassNotFoundException

Apache Struts 2.5.27
[WW-5116] - PostbackResult uses wrong regex range
[WW-5117] - %{id} evaluates different for data-* and value attribute
[WW-5119] - Blocking Threads in retrieving text from resource bundle
[WW-5121] - Contention when injecting Scope.SINGLETON instances

Apache Tomcat 8.0.53
Fix: Treat the <mapped-name> element of a <env-entry> in web.xml in the same way as the mappedName element of the equivalent @Resource annotation. Both now attempt to set the mappedName property of the resource. (markt)
Fix: Correct the processing of resources with <injection-target>s defined in web.xml. First look for a match using JavaBean property names and then, only if a match is not found, look for a match using fields. (markt)
Fix: When restoring a saved request with a request body after FORM authentication, ensure that calls to the HttpServletRequest methods getRequestURI(), getQueryString() and getProtocol() are not corrupted by the processing of the saved request body. (markt)
Fix: JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. (markt)

Kubernetes 1.22.3
EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added (#106132, @robscott) [SIG Apps, Network and Testing]
Fix a bug that --disabled-metrics doesn't function well. (#105793, @Huang-Wei) [SIG API Machinery, Cluster Lifecycle and Instrumentation]
Fix a panic in kubectl when creating secrets with an improper output type (#106356, @lauchokyip) [SIG CLI]
Fix concurrent map access causing panics when logging timed-out API calls. (#106112, @marseel) [SIG API Machinery]

ISC Bind 9.16.23
Reloading a catalog zone which referenced a missing/deleted member zone triggered a runtime check failure, causing named to exit prematurely. This has been fixed. [GL #2308]

OpenUpdate - November 18, 2021

Stay Informed

This week, read about:

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses.
HAProxy Celebrates 20th Anniversary in Open Source.
Huawei hands its cloud Linux to China's only Open Source Foundation.

Key Security, Maintenance, and Features Releases

Security Updates

PostgreSQL
14.1
Make the server reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)
A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.)
The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23214)
Make libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)
A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214.
The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23222)
13.5
Make the server reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)
A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.)
The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23214)
Make libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)
A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214.
The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23222)
12.9
Make the server reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)
A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could be abused to send faked SQL commands to the server, although that would only work if the server did not demand any authentication data. (However, a server relying on SSL certificate authentication might well not do so.)
The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23214)
Make libpq reject extraneous data after an SSL or GSS encryption handshake (Tom Lane)
A man-in-the-middle with the ability to inject data into the TCP connection could stuff some cleartext data into the start of a supposedly encryption-protected database session. This could probably be abused to inject faked responses to the client's first few queries, although other details of libpq's behavior make that harder than it sounds. A different line of attack is to exfiltrate the client's password, or other sensitive data that might be sent early in the session. That has been shown to be possible with a server vulnerable to CVE-2021-23214.
The PostgreSQL Project thanks Jacob Champion for reporting this problem. (CVE-2021-23222)

Non-Security Updates

Apache Camel 3.13.0
CAMEL-17198
Camel Salesforce Maven Plugin generates 'PicklistEnumConverter' imports, but that class doesn't exist
CAMEL-17167
Camel-AWS2-SQS: Message attributes can be at most 10
CAMEL-17159
rest-dsl - clientRequestValidation fails then operation produces more than just xml and/or json
CAMEL-17153
afterprocess of UnitOfWork doesn't work properly

Apache Tomcat 9.0.55 and 10.0.13
9.0.55
Fix: Improve robustness of JNDIRealm for exceptions occurring when getting the connection. Also add missing close when running into issues getting the passord of a user. (remm)
Docs: Add Javadoc comment which listeners must be nested whithin Server elements only. (michaelo)
Add: Add support for custom caching strategies for web application resources. This initial implementation allows control over whether or not a resource is cached. (markt)
Update: Log warning if a listener is not nested inside a Server element although it must have been. (michaelo)
10.0.13
Fix: Improve robustness of JNDIRealm for exceptions occurring when getting the connection. Also add missing close when running into issues getting the passord of a user. (remm)
Docs: Add Javadoc comment which listeners must be nested whithin Server elements only. (michaelo)
Add: Add support for custom caching strategies for web application resources. This initial implementation allows control over whether or not a resource is cached. (markt)
Update: Log warning if a listener is not nested inside a Server element although it must have been. (michaelo)

Docker Compose 2.1.1
Fix the maintainers array in MAINTAINERS by @rumpl in #8868
Introduce up --wait condition by @ndeloof in #8777
Don't exit on container destroy events by @sdt in #8859
Update golang to 1.17 by @rumpl in #8873

jBoss Drools 7.61.0.Final
[DROOLS-6650] - kie-karaf-itests test failures in 7.59.x
[DROOLS-3330] - DMN Properties panel - UX enhancements

Jenkins 2.321
Only apply trimLabels operation to affected nodes when adding or removing them. (issue 67099)
Upgrade the [Guice](https://github.com/google/guice) library from [4.0](https://github.com/google/guice/releases/tag/4.0) (released on April 28, 2015) to [5.0.1](https://github.com/google/guice/releases/tag/5.0.1) (released on March 2, 2021). (pull 5858)
Remove superfluous user interface elements, including images, mask-icon, and unnecessary resize handles. (pull 5777)
Modernise the table design and add support for Ionicons. (pull 5851)

JBPM 7.61.0.Final
[JBPM-9917] - OptimisticLockException in ProcessServiceImpl.getProcessInstanceVariable
[JBPM-9925] - DB scripts tests fail in drop statements
[JBPM-9926] - Auto ack of errors in process doesn't work on Sybase
[JBPM-9940] - Kafka WIH tests are failing due to "EntityManagerFactory is closed"

OpenUpdate - November 11, 2021

Stay Informed

This week, read about:

U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws.
Over 30,000 GitLab Servers Still Unpatched Against Critical Bug.
Securing Open Source Software is About Process, Tools and Developers.

Key Security, Maintenance, and Features Releases

Security Updates

PHP 7.3.32
Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation). (CVE-2021-21703)

Non-Security Updates

Docker 2.1.0
Fix support for devices by @ndeloof in #8732
Make command descriptions consistent by @mat007 in #8739
Restore missing version commands by @Shikachuu in #8738
Add step in README to install on linux by @Yopadd in #8755

Firefox 94.0.1
Fixed browser hangs when viewing fullscreen videos on macOS 10.12 (bug 1737998)

Wildfly 25.0.1.Final
[WFLY-15406] - ha-singleton-service quickstart fails to build
[WFLY-15420] - [25.x] Release module cannot be build if we are skipping WildFly preview module
[WFLY-15424] - Port fix of stability issue with ContextPropagationTestCase to WF 25
[WFLY-15465] - Use of maven-resource-plugin filtering during feature pack generation is picking up binary files

OpenLDAP 2.6.0 was released with no release notes

OpenUpdate - November 4, 2021

Stay Informed

This week, read about:

New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code.
ESA and NASA Launch Revolutionary Open-Source Platform.
Yugabyte Stores Up $188M More for its Open-Source Distributed SQL Database Model, Now Valued at $1.3B+.

Key Security, Maintenance, and Features Releases

Security Updates

ISC Bind 9.16.22
The lame-ttl option controls how long named caches certain types of broken responses from authoritative servers (see the security advisory for details). This caching mechanism could be abused by an attacker to significantly degrade resolver performance. The vulnerability has been mitigated by changing the default value of lame-ttl to 0 and overriding any explicitly set value with 0, effectively disabling this mechanism altogether. ISC’s testing has determined that doing that has a negligible impact on resolver performance while also preventing abuse. Administrators may observe more traffic towards servers issuing certain types of broken responses than in previous BIND 9 releases, depending on client query patterns. (CVE-2021-25219)
ISC would like to thank Kishore Kumar Kothapalli of Infoblox for bringing this vulnerability to our attention. [GL #2899]

Non-Security Updates

Hibernate ORM 5.6.0
HHH-13295 @EmbeddedId + @MapsId targeting a derived entity giving an error on bootstraping
HHH-14857 Some more APIs marked as deprecated in preparation for v. 6
HHH-14868 Upgrade to ByteBuddy 1.11.20

Kubernetes 1.22.3
Fix: consolidate logs for instance not found error (#105366, @nilo19) [SIG Cloud Provider]
Fix: ignore not a VMSS error for VMAS nodes in EnsureBackendPoolDeleted. (#105400, @ialidzhikov) [SIG Cloud Provider]
Fixes a regression on Kubelet restart and pod statuses. (#105560, @rphillips) [SIG Node and Testing]
Fixes kubelet memory regression in 1.22 (#105452, @liggitt) [SIG Node]

PostgreSQL JDBC Driver 42.3.1
improv: Arrays in Object[] PR 2330 when an Object[] contains other arrays, treat as though it were a multi-dimensional array the one exception is byte[], which is not supported.
improv: Use jre utf-8 decoding PR 2317 Remove use of custom utf-8 decoding.
perf: improve performance of bytea string decoding PR 2320 improve the parsing of bytea hex encoded string by making a lookup table for each of the valid ascii code points to the 4 bit numeric value
feat: intern/canonicalize common strings PR 2234 ### Added

Spring Framework 5.3.12
Update warn log message for empty static resource locations #27575
Default content type of response changed in v5.3.11 #27573
Fix assertion failure messages in DefaultDataBuffer.checkIndex() #27567

OpenUpdate - October 28, 2021

Stay Informed

This week, read about:

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks.
Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains.
Linus Torvalds on 30 years of Linux, Rust and the Open-Source Community.

Key Security, Maintenance, and Features Releases

Non-Security Updates

Jboss Drools 7.60.0.final
[DROOLS-5823] - executable-model test failure in test-compiler-integration NamedConsequencesTest
[DROOLS-5827] - executable-model test failure in test-compiler-integration NullSafeDereferencingTest
[DROOLS-6337] - today() and now() functions not evaluated correctly in Test Scenarios
[DROOLS-6374] - Unknown variable: $object in foreach loop

PHP 7.4.25 and 8.0.12
7.4.25
Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
Fixed bug #78987 (High memory usage during encoding detection).
Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
8.0.12
Fixed bug #81496 (Server logs incorrect request method).
Fixed bug #81435 (Observer current_observed_frame may point to an old (overwritten) frame).
Fixed bug #81380 (Observer may not be initialized properly).
Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).

OpenUpdate - October 21, 2021

Stay Informed

This week, read about:

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns.
There’s Nothing Automattic About Balancing Commercial Growth With an Open Source Developer Community.
IBM launches Open Source Cloud Guide for Developers.

Key Security, Maintenance, and Features Releases

Non-Security Updates

MySQL 8.0.27
ncompatible Change: For all SELECT statements on a view, the query digest was based on the view definition. As a result, different queries had the same digest and aggregated together in the Performance Schema table events_statements_summary_by_digest, so statistics in that table were not usable for distinguishing distinct SELECT statements.
The query digest for each SELECT statement on a view now is based on the SELECT, not the view definition. This enables distinguishing distinct SELECT statements in the events_statements_summary_by_digest table. However, tools that use query digests may need some adjustment to account for this change. For example, MySQL Enterprise Firewall and query rewrite plugins rely on query digests and existing rules for them that are associated with views may need to be updated. (Bug #27540213, Bug #89559, Bug #31761802)
Important Change: EXPLAIN FORMAT=TREE now shows whether an index scan uses a covering index, and thus does not need to look up other columns from the table/clustered index. For example, if idx1 is a covering index, the old output Index scan on t1 using idx1 is now shown as Covering index scan on t1 using idx1. Previously, this information was shown only for FORMAT=TRADITIONAL and FORMAT=JSON.
This fix also improves the wording used for full-text search to align with this change. For example, the old output Indexed full text search on t1 (which was the same in both the covering and non-covering cases) is now Full-text index search on t1 when there is no covering index, and Full-text covering index search on t1 when a covering index is used. (Bug #32825235)

GNU PG 2.3.3
* agent: Fix segv in GET_PASSPHRASE (regression). [#5577]
* dirmngr: Fix Let's Encrypt certificate chain validation. [#5639]
* gpg: Change default and maximum AEAD chunk size to 4 MiB. [ad3dabc9fb]
* gpg: Print a warning when importing a bad cv25519 secret key. [#5464]

Spring Framework 5.3.11
Enhance DefaultResponseErrorHandler to allow logging complete error response body #27552
Include correct keyword in CookieAssertions failure messages #27550
Use Arrays.hashCode() in ByteArrayResource.hashCode() #27544
Allow default CacheAwareContextLoaderDelegate configuration via a system property #27540

OpenUpdate - October 14, 2021

Stay Informed

This week, read about:

Firms Running CentOS Need Alternatives as Support Runs Out in Dec.
Digital Signature Spoofing Flaws Uncovered in OpenOffice and LibreOffice.
SD Times Open Source Project of the Week: Appsmith.

Key Security, Maintenance, and Features Releases

Security Updates

Apache HTTPd 2.4.51
*) SECURITY: CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) (cve.mitre.org) It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. Credits: Reported by Juan Escobar from Dreamlab Technologies, Fernando MuÃ±oz from NULL Life CTF Team, and Shungo Kumasaka
core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Joe Orton]

OpenSSL 3.1

The default SSL/TLS security level has been changed from 1 to 2. RSA, DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys of 160 bits and above and less than 224 bits were previously accepted by default but are now no longer allowed. By default TLS compression was already disabled in previous OpenSSL versions. At security level 2 it cannot be enabled. Matt Caswell
The SSL_CTX_set_cipher_list family functions now accept ciphers using their IANA standard names. Erik Lax
The PVK key derivation function has been moved from b2i_PVK_bio_ex() into the legacy crypto provider as an EVP_KDF. Applications requiring this KDF will need to load the legacy crypto provider. Paul Dale
The various OBJ_* functions have been made thread safe. Paul Dale

Non-Security Updates

Apache Camel 3.11.3
CAMEL-17043
camel-rest-openapi - Endpoint query parameters not forwarded to underlaying component endpoint
CAMEL-17039
Camel-AWS2-S3: When includeBody is false, the message Body should not be set
CAMEL-17034
Camel-Github: StartingSha should be an URI param and not an URI path
CAMEL-17017
camel-metrics - Cannot be used out of the box due to mixed jackson JARs

Apache Tomcat 8.5.72
Fix: 65553: Implement a work-around for a JRE bug that can trigger a memory leak when using the JNDI realm. (markt)
Fix: #451: Improve the usefulness of the thread name cache used in JULI. Pull request provided by t-gergely. (markt)
Fix: Further improvements in the management of the connection flow control window. This addresses various bugs that caused streams to incorrectly report that they had timed out waiting for an allocation from the connection flow control window. (markt)
Fix: 65577: Fix a AccessControlException reporting when running an NIO2 connector with TLS enabled. (markt)

Docker 2.0.1
Added support for running the plugin as a standalone program. Like docker-compose v1 would behave
compute sha256 checksums while releasing
Allow combination of --status and --services
Fix build cache_from option

Firefox 93
Firefox now supports the new AVIF image format, which is based on the modern and royalty free AV1 video codec. It offers significant bandwidth savings for sites compared to existing image formats. It also supports transparency and other advanced features.
Firefox PDF viewer now supports filling more forms (XFA-based forms, used by multiple governments and banks). Learn more.
When available system memory is critically low, Firefox on Windows will automatically unload tabs based on their last access time, memory usage, and other attributes. This should help reduce Firefox out-of-memory crashes. Switching to an unloaded tab automatically reloads it.
To prevent session loss for macOS users who are running Firefox from a mounted .dmg file, they’ll now be prompted to finish installation. This permission prompt only appears the first time these users run Firefox on their computer.

Wildfly 25
[WFLY-14017] - Native support for OpenID Connect
[WFLY-14798] - Upgrade to MicroProfile Reactive Messaging 2.0
[WFLY-14854] - Add OpenTelemetry Tracing support to WildFly
[WFLY-14899] - Document: Add environment variables as a source for model expression resolution

OpenLDAP 2.5.8
Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668)
Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696)
Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341)
Fixed slapd to normalize the suffix in rootDSE (ITS#9664)

Spring Framework 5.3.10
Invalid JavaBean property 'logoutHandlers' being accessed (warning in the logs for Spring Security's ConcurrentSessionFilter) #27372
Convenient configuration of type permissions for XStream 1.4.18 #27343
Add SmallRye Mutiny support to ReactiveAdapterRegistry #27331
Introduce ExceptionCollector testing utility #27316

Stay Informed about Open Source News and Security Updates

As open source support experts, we monitor community projects to ensure our customers’ environments include the latest releases and are protected against emerging threats. We share what we learn about important open source news including software releases, trending topics, and other related information including upcoming OpenLogic events in our OpenUpdate Weekly newsletter.

Complete the form to receive an email message when we post a new OpenUpdate.

Have Questions or Need Support?

If you have any questions about the content in this week’s newsletter, or are interested in getting support for your open source software, please contact one of our experts.

Talk To An Expert

Learn more about open source including technologies, industry trends, and available services.

See All Resources