October 22, 2020

Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

• Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
• Open-Source Application Security Flaws: What You Should Know And How to Spot Them
• How to Contribute to Open Source Projects—Without Writing Code

Key Security, Maintenance, and Features Releases

Non-Security Updates

Hibernate ORM 5.4.22
[HHH-9422] - Metamodel Generator should close streams opened to persistence.xml and referenced mapping files
[HHH-13058] - Criteria API correlated subquery with outer join generates incorrect SQL
[HHH-13201] - FromElement orign check fails when fetching @ElementCollection and association
[HHH-14148] - Invalid SQL when null precedence, @OrderBy and entity graph are used

Jenkins 2.262
Stop showing JavaScript in the footer (regression in 2.261). (issue 63798)
Restore reporting of ClassNotFoundException stacktraces in AntClassLoader and ClassicPluginStrategy due to the regressions for some agent types (regression in 2.261). (issue 63937)
Developer: Update ArtifactArchiver to no longer consult with environment variables injected by EnvironmentContributingAction added during the build, including ArtifactManager ones. (pull 4933)

MySQL 8.0.22
InnoDB: Code related to transaction support for histogram sampling was removed, including related assertion code that caused test failures. Transaction support is not required for histogram sampling. (Bug #31787736)
InnoDB: Encryption information was not set for redo log archive log writer thread write operations. (Bug #31690196)
InnoDB: The TTASEventMutex::exit function was optimized for ARM64. Thanks to Krunal Bauskar for the contribution. (Bug #31589019, Bug #100132)
InnoDB: InnoDB failed to compile with the DISABLE_PSI_RWLOCK CMake option enabled. (Bug #31578289)

PostgreSQL JDBC Driver 42.2.18
Unfortunately changing the default of gssEncMode to ALLOW was not enough. The GSSEncMode Enum was not changed as well fixed in #1920

Wildfly 21
A RESTEasy client can now make use of Elytron’s configuration on the client side of a REST deployment to use credentials, bearer tokens and SSLContexts. For this to happen, the Elytron client artifacts must be present on the classpath during the build of RESTEasy client.
Users are now able to configure Elytron to use credentials established externally from the server to authenticate the client with HTTP. This will allow users to propagate authentication from mod-cluster/ajp to WildFly.
Two new kinds of Elytron security realms have been added:
A failover-realm is a security realm wrapper containing a delegate and a failover realm. If the delegate throws a RealmUnavailableException during identity lookup, it will be caught and failover realm will be used instead.
A distributed-realm is a security realm wrapper containing a list of other security realms allowing the server to sequentially invoke them until one succeeds.

JBPM 7.44.0.Final 
Release notes not yet published.

MyBatis 3.5.6
Possible NoSuchPropertyException under heavy load. #1648
Possible InvalidPathException when registering type aliases by specifying package name. #1974
Possible OutOfMemoryError when using BlockingCache. #2044
 

ActiveMQ Applied

Implementing high-availability message-oriented middleware that can perform at scale is hard. But with the increased demand for applications that can handle big data, that messaging is no longer optional — it’s a necessity. Luckily, open source message brokers like ActiveMQ can help make that process easier and less expensive. But how should ActiveMQ be used, and what considerations do development teams need to make before they jump in? Find out in this on-demand webinar.