Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

  • Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies
  • Linux and Open Source: The Biggest Issue in 2020
  • Sony Goes Open Source With Tech That Regulates Renewable Energy
     

Key Security, Maintenance, and Features Releases

 

Non-Security Updates

Apache Tomcat 7.0.107
fix :Correct numerous spellings throughout the code base. Based on a pull request from John Bampton. (markt)
fix 64735: Ensure that none of the methods on a ServletContext instance always fail when running under a SecurityManager. Pull request provided by Kyle Stiemann. (markt)
fix 64765: Ensure that the number of currently processing threads is tracked correctly when a web application is undeployed, long running requests are being processed and renew ThreadsWhenStoppingContext is enabled for the web application. (markt)
add: Improve the error messages when running under JPMS without the necessary options to enable reflection required by the memory leak prevention / detection code. (markt)

ISC BIND 9.16.9
named could crash with an assertion failure if a TCP connection were closed while a request was still being processed. [GL #2227]
named acting as a resolver could incorrectly treat signed zones with no DS record at the parent as bogus. Such zones should be treated as insecure. This has been fixed. [GL #2236]
After a Negative Trust Anchor (NTA) is added, BIND performs periodic checks to see if it is still necessary. If BIND encountered a failure while creating a query to perform such a check, it attempted to dereference a NULL pointer, resulting in a crash. [GL #2244]
A problem obtaining glue records could prevent a stub zone from functioning properly, if the authoritative server for the zone were configured for minimal responses. [GL #1736]

GnuPG 2.2.24
* Allow Unicode file names on Windows almost everywhere.  Note that it is still not possible to use Unicode strings on the command line.  This change also fixes a regression in 2.2.22 related to non-ascii file names.  [#5098]
* Fix localized time printing on Windows.  [#5073]
* gpg: New command --quick-revoke-sig.  [#5093]
* gpg: Do not use weak digest algos if selected by recipient preference during sign+encrypt.  [4c181d51a6]

PHP 8.0.0, 7.3.25 and 7.4.13
8.0.0
Fixed bug #36365 (scandir duplicates file name at every 65535th file).
Fixed bug #49555 (Fatal error "Function must be a string" message should be renamed).
Fixed bug #62294 (register_shutdown_function() does not correctly handle exit code).
Fixed bug #62609 (Allow implementing Traversable on abstract classes).
7.3.25
Fixed bug #64076 (imap_sort() does not return FALSE on failure).
Fixed bug #76618 (segfault on imap_reopen).
Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
Fixed minor regression caused by fixing bug #80220.
7.4.13
Fixed bug #64076 (imap_sort() does not return FALSE on failure).
Fixed bug #76618 (segfault on imap_reopen).
Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
Fixed minor regression caused by fixing bug #80220.
 

ActiveMQ vs. RabbitMQ 

Finding the right open source message broker is critical to efficiently solving messaging issues in a variety of application types. Read this blog, for an overview of message brokers, then dive in on a comparison of ActiveMQ vs. RabbitMQ in terms of features, performance, and enterprise readiness.

View all OpenUpdate editions >