Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Critical flaws found in Zoom.
- Eclipse Foundations adds record new members.
- Are all open source resources the same for licensing?
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache ActiveMQ 5.15.13
[AMQ-7439] - AbstractMQTTSocket#getProtocolConverter: Race condition in double-checked lock-ing object initialization.
[AMQ-7463] - ActiveMQ throws concurrentModificationException in failovertransport class.
[AMQ-7465] - Xerver Double Slash Authentication Bypass detected on ActiveMQ directory.
[AMQ-7476] - HTTP client with proxy throws UnsupportedSchemeException.
Apache Tomcat 9.0.36 and 8.5.56
9.0.36
Fix: 64432: Correct a refactoring regression that broke handling of multi-line configuration in the RewriteValve. Patch provided by Jj. (markt)
Fix: Fix use of multiple parameters when defining RewriteMaps. (remm/fschumacher)
Update: Add the special internal rewrite maps for case modification and escaping. (remm/fschumacher)
Fix: Correct a regression in an earlier fix that broke the loading of configuration files such as key-stores via URIs on Windows. (markt)
8.5.56
Fix: 64432: Correct a refactoring regression that broke handling of multi-line configuration in the RewriteValve. Patch provided by Jj. (markt)
Update: Add the special internal rewrite maps for case modification and escaping. (remm/fschumacher)
Fix: 64470: The default value of the solidus handling should reflect the associated system property. (remm)
Fix: Implement a few rewrite SSL env that correspond to Servlet request attributes. (remm)
Firefox 77.0.1
Disabled automatic selection of DNS over HTTPS providers during a test to enable wider deploy-ment in a more controlled way (bug 1642723)
Jenkins 2.240
Make RSS field and agent disconnected images transparent for dark theme. (pull 4772)
Show in plugin manager when newer releases of plugins exist but aren't being offered due to unsat-isfied requirements. (issue 62332)
Add support for Dark Theme in the login screen. (issue 62515, pull 4673, Dark Theme repository)
Update bundled Script Security Plugin from 1.71 to 1.73. (pull 4769)
OpenSSH 8.3
* sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts.
* sshd(8): allow the IgnoreRhosts directive to appear anywhere in a sshd_config, not just before any Match blocks; bz3148
* ssh(1): add %TOKEN percent expansion for the LocalFoward and RemoteForward keywords when used for Unix domain socket forwarding. bz#3014
* all: allow loading public keys from the unencrypted envelope of a private key file if no corre-sponding public key file is present.
PostgreSQL JDBC Driver 42.2.13
I/O error ru translation PR 1756
Issue 1771 PgDatabaseMetaData.getFunctions() returns procedures fixed in PR 1774
getTypeMap() returning null PR 1781
Updated openssl example command PR 1763
Wildfly 20
Instead of needing to first add a credential to a credential store in order to reference it from a credential-reference, WildFly 20 adds the ability to automatically add a credential to a previously defined credential store. Check out Farah Juma’s blog post for an introduction to this new feature.
The Elytron subsystem configuration was enhanced to allow the definition of a regex-based security role mapping mechanism. With this functionality it is possible for users to easily translate a list of roles (eg. *-admin, *-user) to simpler roles (eg. admin, user) without having to implement their own custom components.
It is now possible to make use of the IP address of a remote client when making authorization deci-sions.
Jetty 9.4.29
+ 2188 Lock contention creating HTTP/2 streams
+ 4235 communicate the reason of failure to the OpenID error page
+ 4695 HttpChannel recycling in h2
+ 4764 HTTP2 Jetty Server does not send back content-length
MyBatis 3.5.5
You can reference single List or Collection type parameter using its actual parameter name when useActualParamName is enabled. #1237
You can specify resultMap in @One and @Many. #1771
You can specify columnPrefix in @One and @Many. #1829
A new option shrinkWhitespacesInSql to remove extra whitespaces in SQL. #1901
Spring Framework 5.2.7
Implement reliable invocation order for advice within an @Aspect #25186
Performance enhancement in execution of ResponseEntity.of() #25183
Support for shared GroovyClassLoader in GroovyScriptFactory #25177
Suggest making a Set.size() > 0 judgement for AbstractApplicationContext.earlyApplicationEvents #25161
Spring Security 5.3.3
Delay AuthenticationPrincipalArgumentResolver Lookup #8614
Fix typos in BCryptPasswordEncoder documentation #8601
Fixing typo in SAML 2.0 Sample README #8600
Mock request with non-standard HTTP method in test #8597
New OpenJDK Guide
Also, check out new OpenJDK Guide from OpenLogic on migration tools and cost-saving resources.