Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Google makes Tsunami vulnerability scanner open source.
- Microsoft ports open source Java to Windows 10 on ARM.
- New critical SAP bug could leave corporate servers vulnerable to attackers.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Tomcat 7.0.105
fix 64470: The default value of the solidus handling should reflect the associated system property. (remm)
add Add application/wasm to the media types recognised by Tomcat. Based on a PR by Thiago Henrique Hüpner. (markt)
fix 64541: Refactor the DTD used to validate mbeans-descriptors.xml files to avoid issues when XML entity expansion is limited or disabled. (markt)
add 64483: Log a warning if an AJP request is rejected because it contains an unexpected request attribute. (markt)
Drools 7.40.0.Final
[DROOLS-3799] - Check and fix i18n
[DROOLS-5079] - enumeration in business central doens't handle well items with a ' in it
[DROOLS-5223] - User cannot open malformed scesim file. Loading popup is spining infinitive times
[DROOLS-5291] - Import of empty scesim file leads to Unexpected error
MySQL 8.0.21
The full list of changes for this version of MySQL can be found here.
jBPM 7.40.0.Final
[JBPM-9097] - Case variable: "readonly" tag permits changing value after reopening case.
[JBPM-9196] - ProcessMigrationIntegrationTest test methods fails on Jenkins.
[JBPM-9205] - Make jbpm-workitems-webservice to compile to JDK 8 target with JDK 11.
[JBPM-9207] - Missing jaxb-xjc at jbpm-workitems-bpmn2 for jdk11.
PHP 7.3.20, 7.2.32 and 7.4.8
7.3.20
Fixed bug #79650 (php-win.exe 100% cpu lockup).
Fixed bug #79668 (get_defined_functions(true) may miss functions).
Fixed possibly unsupported timercmp() usage.
7.2.32
Rebuild of official Windows binaries with patched libcurl. No PHP source changes.
7.4.8
Fixed bug #79595 (zend_init_fpu() alters FPU precision).
Fixed bug #79650 (php-win.exe 100% cpu lockup).
Fixed bug #79668 (get_defined_functions(true) may miss functions).
Fixed bug #79657 ("yield from" hangs when invalid value encountered).
OpenJDK Software Vulnerabilities
Also, learn about OpenJDK software vulnerabilities to be aware of in this new OpenLogic blog.