Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

Key Security, Maintenance, and Features Releases

 

Non-Security Updates

Firefox 83
Firefox keeps getting faster as a result of significant updates to SpiderMonkey, our JavaScript engine, you will now experience improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. We have replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time.
Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures that every connection Firefox makes to the web is secure and alerts you when a secure connection is not available. You can enable it in Firefox Preferences.
Pinch zooming will now be supported for our users with Windows touchscreen devices and touchpads on Mac devices. Firefox users may now use pinch to zoom on touch-capable devices to zoom in and out of webpages.
Picture-in-Picture now supports keyboard shortcuts for fast forwarding and rewinding videos: use the arrow keys to move forward and back 15 seconds, along with volume controls. For a list of supported commands see Support Mozilla

Hibernate 5.3.20
[HHH-14225] - CVE-2020-25638 Potential for SQL injection on use_sql_comments logging enabled
[HHH-14324] - Add .gradletasknamecache to .gitignore

GnuPG 2.2.24
Allow Unicode file names on Windows almost everywhere.  Note that it is still not possible to use Unicode strings on the command line.  This change also fixes a regression in 2.2.22 related to non-ascii file names. [#5098]
Fix localized time printing on Windows.  [#5073]
gpg: New command --quick-revoke-sig.  [#5093]
gpg: Do not use weak digest algos if selected by recipient preference during sign+encrypt.  [4c181d51a6]

Log4J 2.14.0
Fix: Fix broken link in FAQ. Fixes LOG4J2-2925. rgoers
Add: Add JsonTemplateLayout. Fixes LOG4J2-2957. vy
Fix: Log4j2EventListener in spring.cloud.config.client listens for wrong event. Fixes LOG4J2-2911. rgoers
Update Add date pattern support for HTML layout. Fixes LOG4J2-2889. Thanks to Geng Yuanzhe.
 

Security Based Updates

PostgreSQL 13.1, 12.5 and 
13.1
Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch)
This is essentially a leak in the “security restricted operation” sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser.
The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695)
12.5
Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch)
This is essentially a leak in the “security restricted operation” sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser.
The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695)
11.10
Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries (Noah Misch)
This is essentially a leak in the “security restricted operation” sandbox mechanism. An attacker having permission to create non-temporary SQL objects could parlay this leak to execute arbitrary SQL code as a superuser.
The PostgreSQL Project thanks Etienne Stalmans for reporting this problem. (CVE-2020-25695)
 

How to Install Docker on CentOS

Docker has quickly become the most popular program for containerization. For CentOS users, that means an increase in the need to install Docker on CentOS. Luckily, the process for Docker installation on CentOS 6, CentOS 7, and CentOS 8 is fairly simple. Read this blog to see how to complete a successful CentOS Docker installation, then look at some Docker basics that can help you to get started.

View all OpenUpdate editions >