Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Critical GRUB2 Bootloader bug affects billions of Linux and Windows systems.
- Technology and Enterprise leaders combine efforts for open source security.
- State of open source security and Node.js applications.
Key Security, Maintenance, and Features Releases
Non-Security Updates
jBoss Drools 7.41.0.Final
[DROOLS-3271] - [DMN Designer] Double-clicking connectors in DRD throws exceptions.
[DROOLS-5262] - java.lang.Number import remains in the list of imports after deletion.
[DROOLS-5317] - Scenario Simulation shows misleading data type if DMN applies a constraint.
[DROOLS-5384] - Clicking rightmost column's header in DMN decision table raises an error.
Hibernate 5.4.19
[HHH-12268] - LazyInitializationException thrown from lazy collection when batch fetching enabled and owning entity refreshed with lock.
[HHH-13214] - DML batch delete re-firing SQL from previous calls.
[HHH-13410] - "order_inserts = true" causes FK Violation when inserting with a special case of Unidirectional Relations between 4 Entities.
[HHH-13926] - StaleStateException message should not contain SQL parameters.
jBPM 7.41.0.Final
[JBPM-9204] - Make jbpm-work-items repository compile with JDK 11.
[JBPM-9214] - The zoom does not work when start a new process from Process Definition.
[JBPM-9225] - Wrong HTTP media type separator used in Kie server.
[JBPM-9247] - Fields attribute isn't processed in Accept header.
Jetty 9.4.31
+ 1100 JSR356 Encoder#init is not called when created on demand
+ 4736 Update Import-Package version start ranges
+ 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in SETTINGS Frame.
+ 4904 WebsocketClient creates more connections than needed.
Security Based Updates
Firefox 79
CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
CVE-2020-6514: WebRTC data channel leaks internal address to peer
CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
CVE-2020-15653: Bypassing iframe sandbox when allowing popups
Future of Open Source Software
Also, read new OpenLogic blog on the future of open source software development!