Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Docker images containing cryptojacking malware distributed via Docker Hub.
- Snyk report finds decline in open source vulnerabilities.
- Malware attack on GitHub repositories shows a disturbing development.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Drools 7.38.0.Final
[DROOLS-4562] - DMN validation semantic rules for DMNDI.
[DROOLS-5274] - Spreadsheet type selector is not necessary.
[DROOLS-5323] - Update CheatSheet dock to include duration() cases.
[DROOLS-4993] - [DMN Designer] Code Completion - add keywords.
JBPM 7.38.0.Final
[JBPM-9121] - REST Process APIs should return 403 when user has no permissions.
[JBPM-9147] - getTaskById does not return formName.
[JBPM-9158] - Failing UserTaskServiceIntegrationTest.
[JBPM-9163] - Couldn't find any server running in 'development' mode ERROR after creating server template manually.
Squid 4.12
Revert "Fixed prohibitively slow search for new SMP shm pages. (#523)"
Add flexible RFC 3986 URI encoder. (#617)
Fix keyblock use for Heimdal in kerberos_ldap_group helper. (#627)
Fix sending of unknown validation errors to cert. validator. (#633)
Security Based Updates
PostgreSQL JDBC Driver 42.2.13
The primary reason to release this version and to continue the 42.2.x branch is for CVE-2020-13692. Reported by David Dworken this is an XXE and more information can be found here Sehrope Sarkuni reworked the XML parsing to provide a solution in commit 14b62aca4 The build system has been changed to Gradle thanks to Vladimir PR 1627 Regression: com.github.waffle:waffle-jna, org.osgi:org.osgi.core, org.osgi:org.osgi.enterprise dependencies are listed as non-optional issue 1975.
New FluentD vs. Logstash Blog
Learn about the differences between FluentD vs. Logstash in new OpenLogic blog!