July 16, 2020

Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

• Google makes Tsunami vulnerability scanner open source. 
• Microsoft ports open source Java to Windows 10 on ARM.
• New critical SAP bug could leave corporate servers vulnerable to attackers.

Key Security, Maintenance, and Features Releases

Non-Security Updates

Apache Tomcat 7.0.105
fix           64470: The default value of the solidus handling should reflect the associated system property. (remm)
add         Add application/wasm to the media types recognised by Tomcat. Based on a PR by Thiago Henrique Hüpner. (markt)
fix           64541: Refactor the DTD used to validate mbeans-descriptors.xml files to avoid issues when XML entity expansion is limited or disabled. (markt)
add         64483: Log a warning if an AJP request is rejected because it contains an unexpected request attribute. (markt)
 
Drools 7.40.0.Final
[DROOLS-3799] - Check and fix i18n
[DROOLS-5079] - enumeration in business central doens't handle well items with a ' in it
[DROOLS-5223] - User cannot open malformed scesim file. Loading popup is spining infinitive times
[DROOLS-5291] - Import of empty scesim file leads to Unexpected error
 
MySQL 8.0.21
The full list of changes for this version of MySQL can be found here. 
 
jBPM 7.40.0.Final
[JBPM-9097] - Case variable: "readonly" tag permits changing value after reopening case.
[JBPM-9196] - ProcessMigrationIntegrationTest test methods fails on Jenkins.
[JBPM-9205] - Make jbpm-workitems-webservice to compile to JDK 8 target with JDK 11.
[JBPM-9207] - Missing jaxb-xjc at jbpm-workitems-bpmn2 for jdk11.
 
PHP 7.3.20, 7.2.32 and 7.4.8
7.3.20
Fixed bug #79650 (php-win.exe 100% cpu lockup).
Fixed bug #79668 (get_defined_functions(true) may miss functions).
Fixed possibly unsupported timercmp() usage.
7.2.32
Rebuild of official Windows binaries with patched libcurl. No PHP source changes.
7.4.8
Fixed bug #79595 (zend_init_fpu() alters FPU precision).
Fixed bug #79650 (php-win.exe 100% cpu lockup).
Fixed bug #79668 (get_defined_functions(true) may miss functions).
Fixed bug #79657 ("yield from" hangs when invalid value encountered).

OpenJDK Software Vulnerabilities

Also, learn about OpenJDK software vulnerabilities to be aware of in this new OpenLogic blog.

READ BLOG