Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Flaws in Apache Web Server Software.
- Open Source Python static analyzer from Facebook.
- Microsoft shares open source contributions.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Drools 7.42.0.Final
[DROOLS-5511] - Grid keyboard control after collection editor in use.
[DROOLS-5521] - OutOfBound Exception for last Table cell.
[DROOLS-5534] - MarshallingException occurs during REST request (JSON) unmarshalling in KIE server.
[DROOLS-5538] - DMN strongly typed class compile errors for collection types.
Jenkins 2.253
Major update of the Alpine-based Jenkins Docker image. Jenkins Docker image for Alpine now uses Alpine 3.12 and AdoptOpenJDK 8u262. (LTS upgrade guide)
Fix button that copies API token to clipboard (regression in 2.238). (issue 63274)
Fix a deadlock in agent logging. (issue 63082)
Fix Cmd + Enter not running the script in the Script Console on a Mac (regression in 2.248). (issue 63342)
ISC Bind 9.16.6
It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message. This was disclosed in CVE-2020-8620.
ISC would like to thank Emanuel Almeida of Cisco Systems, Inc. for bringing this vulnerability to our attention. [GL #1996]
named could crash after failing an assertion check in certain query resolution scenarios where QNAME minimization and forwarding were both enabled. To prevent such crashes, QNAME minimization is now always disabled for a given query resolution process, if forwarders are used at any point. This was disclosed in CVE-2020-8621.
ISC would like to thank Joseph Gullo for bringing this vulnerability to our attention. [GL #1997]
It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request. This was disclosed in CVE-2020-8622.
JBPM 7.42.0.Final
[JBPM-9105] - Project with the same name as the previously deleted one shows wrong number of assets.
[JBPM-9156] - WorkItemHandler archetype can't be uploaded into business-central.
[JBPM-9177] - Missing ERROR as EntryType for retrieving full History by EntryType.
[JBPM-9232] - "GAV not found in the Maven repository" Error while creating deployment unit from business-central UI.
Squid 4.12
Enforce token characters for field-name (#700)
Fix livelocking in peerDigestHandleReply (#698)
Improve Transfer-Encoding handling (#702)
WCCP: Fix GCC-10 -Wstringop-truncation failures (#708)
OpenLogic Virtual Conference
Also, join us September 16 for Open@Home the free, 1-day virtual conference with live and recorded sessions on open source technologies, adoption trends, and best practices.