Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Trusting open source in a cloud world.
- Overcoming vulnerabilities in open source code.
- Popular iOS SDK accused of spying on users.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Hibernate ORM 5.4.21
[HHH-13380] - Bytecode enhanced entities might throw LazyInitializationException from custom equals/hashcode implementations.
[HHH-14149] - Improve efficiency of LazyAttributesMetadata#getLazyAttributeNames.
[HHH-14152] - Query fails after upgrading to 5.4.20.Final.
[HHH-14153] - HQL update query on abstract entity generates temporary table.
PostgreSQL JDBC Driver 42.2.16
Arrays sent in binary format are now sent as 1 based. This was a regression for multi-dimensional arrays as well as text/varchar, oid and bytea arrays. Since 42.2.0 single dimensional arrays were stored 0 based. They are now sent 1 based which is the SQL standard, and the default for Postgres when sent as strings such as '{1,2,3}'. Fixes issue 1860 in PR 1863.
GnuPG 2.2.22
gpg: Change the default key algorithm to rsa3072.
gpg: Add regular expression support for Trust Signatures on all platforms. [#4843]
gpg: Fix regression in 2.2.21 with non-default --passphrase-repeat option. [#4991]
gpg: Ignore --personal-digest-prefs for ECDSA keys. [#5021]
Security Updates
Firefox 80
CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in es-calation of privilege.
CVE-2020-15664: Attacker-induced prompt for extension installation.
CVE-2020-12401: Timing-attack on ECDSA signature generation.
CVE-2020-6829: P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signa-ture generation.
OpenLogic Virtual Conference
Also, join us September 16 for Open@Home the free, 1-day virtual conference with live and recorded sessions on open source technologies, adoption trends, and best practices.