Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

•    Top 5 tips for leaders to keep in mind when implementing open source. 
•    Hackers target military and aerospace staff by posing as job offerings.
•    How virtualization and open source are unending the telecom industry.


Key Security, Maintenance, and Features Releases

Non-Security Updates

Apache Camel 3.4

This release is mostly about robustness and bug fixes.

We have also continued the work to make Camel more modular and lighter. This time we removed the dependency on JAXB in the Swagger and OpenAPI modules. This helps Camel on GraalVM and native compilation as JAXB is a heavy piece of stack, allowing GraalVM to eliminate it more easily.

We continued to remove usage of reflection in Camel and found a few spots more where reflection was in use, when configuring nested options.

We also added back support for configuring duration values using the shorthand syntax, such as timeout=30000 can be specified as timeout=30s. We had to remove this in earlier versions of Camel 3 due to optimizations. But for Camel 3.4 we found a new way.


Hibernate ORM 5.4.18

[HHH-14077] - CVE-2019-14900 SQL injection issue using JPA Criteria API.

[HHH-14081] - CompositeIdFkGeneratedValueIdentityTest and CompositeIdFkGeneratedValueTest failures on Oracle db.

[HHH-14075] - Changes to loaders and TwoPhaseLoad to allow "internal" loading to be reused by hibernate-reactive.

[HHH-14023] - H2: Adapt to sequence and column types changes in 1.4.201

[HHH-14083] - Gradle, add task to automate the CI release process.


Spring Framework 5.2.7

Implement reliable invocation order for advice within an @Aspect #25186

Performance enhancement in execution of ResponseEntity.of() #25183

Support for shared GroovyClassLoader in GroovyScriptFactory #25177

Suggest making a Set.size() > 0 judgement for AbstractApplicationContext.earlyApplicationEvents #25161


Spring Security 5.3.3

Delay AuthenticationPrincipalArgumentResolver Lookup #8614

Fix typos in BCryptPasswordEncoder documentation #8601

Fixing typo in SAML 2.0 Sample README #8600

Mock request with non-standard HTTP method in test #8597


New OpenJDK Vulnerabilities Blog

Also, check out new OpenJDK Vulnerabilities blog from OpenLogic to ensure your software is secure!


View all OpenUpdate editions >