Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?
- Linux and Open Source: The biggest Issue in 2020
- Why You Should Trust Open Source Software Security
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Tomcat 9.0.40
Fix: 55559: Add a new attribute, localJndiResource, that allows a UserDatabaseRealm to obtain a UserDatabase instance from the local (web application) JNDI context rather than the global JNDI context. This option is only useful when the Realm is defined on the Context. (markt)
Fix: 64805: Correct imports used by JMXProxyServlet. (markt)
Fix: Fix JNDIRealm pooling problems retrying on another bad connection. Any retries are made on a new connection, just like with the single connection scenario. Also remove all connections from the pool after an error. (remm)
Fix: Remove the entry for org.apache.tomcat.util.descriptor.tld.LocalStrings from tomcat-embed-core's GraalVM tomcat-resource.json. It no more part of the jar since Fix unwanted JPMS dependency of embed-core on embed-jasper. (mgrigorov)
Hibernate ORM 5.4.24.Final
A fix for the NPE thrown when an Entity A has a map collection having an Embeddable with an association to A as index (HHH-14257).
An improvement that permits to use a query hint to specify the table names to which a native query refers. During the auto flush, Hibernate will check whether there are pending operation affected by those tables, and if so automatically flush those changes. When the native query performs an update or delete operation, the table names are also used to determine if any second level cache region is affected and then need to be invalidated (HHH-14325).
Bytecode enhanced entities wouldn’t always detect dirty state correctly for mutable embeddable types (HHH-14329).
Pessimistic locking modes could trigger an invalid FOR UPDATE clause on outer joins statements (HHH-14333).
Jenkins 2.267
Add the ability to specify a reason for quieting down Jenkins ("Prepare for shutdown"). (issue 1877)
Show security and non-security notifications in separate categories with their associated icons. (issue 63977)
Wildfly 21.0.1.final
[WFLY-13982] - Upgrade Bootable JAR Maven plugin to 2.0.1.Final
[WFLY-14080] - Upgrade Hibernate ORM to 5.3.20.Final to fix CVE-2020-25638
[WFLY-14081] - Upgrade WildFly Core to 13.0.3.Final
ActiveMQ Artemis
ActiveMQ Artemis, the heir-apparent to ActiveMQ 5, marks a substantial departure from its predecessor. In this blog, we discuss the history of the ActiveMQ project, the differences between ActiveMQ Artemis vs. ActiveMQ, and considerations for teams who want to use Artemis in production.