Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Undetectable Linux malware targeting docker servers with exposed APIs
- Raspberry Tablet CutiePi lets developers customize hardware and firmware.
- System76 new reveal an open source PC surprise.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Jenkins 2.249
Do not throw exceptions when building environment for certain build steps (regression in 2.248). In particular, the Powershell step from the Powershell plugin was affected. (issue 63168)
Align the Plugin Manager table headers. (pull 4858)
Fix an issue where the header of certain elements such as the authorization matrix would have wrong styles. (pull 4861)
GnuPG 2.2.21
gpg: Improve symmetric decryption speed by about 25%. See commit 144b95cc9d.
gpg: Support decryption of AEAD encrypted data packets.
gpg: Add option --no-include-key-block. [#4856]
gpg: Allow for extra padding in ECDH. [#4908]
jQuery 3.5.1
Specifically, we had changed our internal data object to use Object.create( null ) instead of a plain object ({}). We did that to prevent collisions with keys on Object.prototype properties. However, this also meant that users (especially plugins) could no longer check what was in jQuery data with the native .hasOwnProperty() method, and it broke some code. We’ve reverted that change, but plan to put it back in jQuery 4.0. This change is the only code change in this release. Other changes include some minor updates to our docs and build system.
Security Based Updates
Firefox 78.0.2
CVE-2020-15648: X-Frame-Options bypass using object or embed tags.
Reporter: Frederik Braun
Impact: moderate
Description: Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header.
References: Bug 1644076
Planning for CentOS 6 EOL
Also, read new OpenLogic blog on planning for CentOS 6 EOL!