August 6, 2020

Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

• Critical GRUB2 Bootloader bug affects billions of Linux and Windows systems. 
• Technology and Enterprise leaders combine efforts for open source security. 
• State of open source security and Node.js applications. 

Key Security, Maintenance, and Features Releases

Non-Security Updates

jBoss Drools 7.41.0.Final
[DROOLS-3271] - [DMN Designer] Double-clicking connectors in DRD throws exceptions.
[DROOLS-5262] - java.lang.Number import remains in the list of imports after deletion.
[DROOLS-5317] - Scenario Simulation shows misleading data type if DMN applies a constraint.
[DROOLS-5384] - Clicking rightmost column's header in DMN decision table raises an error.

Hibernate 5.4.19
[HHH-12268] - LazyInitializationException thrown from lazy collection when batch fetching enabled and owning entity refreshed with lock.
[HHH-13214] - DML batch delete re-firing SQL from previous calls.
[HHH-13410] - "order_inserts = true" causes FK Violation when inserting with a special case of Unidirectional Relations between 4 Entities.
[HHH-13926] - StaleStateException message should not contain SQL parameters.
 
jBPM 7.41.0.Final
[JBPM-9204] - Make jbpm-work-items repository compile with JDK 11.
[JBPM-9214] - The zoom does not work when start a new process from Process Definition.
[JBPM-9225] - Wrong HTTP media type separator used in Kie server.
[JBPM-9247] - Fields attribute isn't processed in Accept header.
 
Jetty 9.4.31
+ 1100 JSR356 Encoder#init is not called when created on demand
+ 4736 Update Import-Package version start ranges
+ 4890 JettyClient behavior when SETTINGS_HEADER_TABLE_SIZE is set to 0 in SETTINGS Frame.
+ 4904 WebsocketClient creates more connections than needed.

Security Based Updates

Firefox 79
CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker
CVE-2020-6514: WebRTC data channel leaks internal address to peer
CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy
CVE-2020-15653: Bypassing iframe sandbox when allowing popups

Future of Open Source Software

Also, read new OpenLogic blog on the future of open source software development!

READ BLOG