Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

Key Security, Maintenance, and Features Releases

Non-Security Updates

Hibernate ORM 5.4.21
[HHH-13380] - Bytecode enhanced entities might throw LazyInitializationException from custom equals/hashcode implementations.
[HHH-14149] - Improve efficiency of LazyAttributesMetadata#getLazyAttributeNames.
[HHH-14152] - Query fails after upgrading to 5.4.20.Final.
[HHH-14153] - HQL update query on abstract entity generates temporary table.
PostgreSQL JDBC Driver 42.2.16
Arrays sent in binary format are now sent as 1 based. This was a regression for multi-dimensional arrays as well as text/varchar, oid and bytea arrays. Since 42.2.0 single dimensional arrays were stored 0 based. They are now sent 1 based which is the SQL standard, and the default for Postgres when sent as strings such as '{1,2,3}'. Fixes issue 1860 in PR 1863.
GnuPG 2.2.22
gpg: Change the default key algorithm to rsa3072.
gpg: Add regular expression support for Trust Signatures on all platforms.  [#4843]
gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat option.  [#4991]
gpg: Ignore --personal-digest-prefs for ECDSA keys.  [#5021]

Security Updates

Firefox 80
CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in es-calation of privilege.
CVE-2020-15664: Attacker-induced prompt for extension installation.
CVE-2020-12401: Timing-attack on ECDSA signature generation.
CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signa-ture generation.

OpenLogic Virtual Conference

Also, join us September 16 for Open@Home the free, 1-day virtual conference with live and recorded sessions on open source technologies, adoption trends, and best practices.


View all OpenUpdate editions >