Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software:

  • Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Router.
  • New Linux Foundation Project Takes Blockchain and the Open Source Approach to the Insurance Industry.
  • CyberArk Unveils Open Source Pen Testing Tool for Kubernetes.

 

Key Security, Maintenance, and Features Releases
 

Security Updates

Jenkins 2.287
SECURITY-1721 / CVE-2021-21639
Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the config.xml REST API endpoint of a node.
This allows attackers with Computer/Configure permission to replace a node with one of a different type.
Jenkins 2.287, LTS 2.277.2 validates the type of object created and rejects objects of unexpected types.
 

Non-Security Updates

Apache Tomcat 10.0.5, 9.0.45 and 8.5.65
10.0.5
Fix:  Improve consistency of OpenSSL error stack handling in the TLS engine, and log all errors found as debug. (remm)
Fix:  Ensure that HTTP/2 streams are only recycled once as multiple attempts to recycle an HTTP/2 stream may result in NullPointerExceptions. (markt)
Code:  Simplify the closing on an HTTP/2 stream when an error condition is present. (markt)
Fix:  64771: Prevent concurrent calls to ServletInputStream.isReady() corrupting the input buffer. (markt)
9.0.45
Fix:  Improve consistency of OpenSSL error stack handling in the TLS engine, and log all errors found as debug. (remm)
Fix:  Ensure that HTTP/2 streams are only recycled once as multiple attempts to recycle an HTTP/2 stream may result in NullPointerExceptions. (markt)
Code:  Simplify the closing on an HTTP/2 stream when an error condition is present. (markt)
Fix:  64771: Prevent concurrent calls to ServletInputStream.isReady() corrupting the input buffer. (markt)
8.5.65
Fix:  Improve consistency of OpenSSL error stack handling in the TLS engine, and log all errors found as debug. (remm)
Code:  Re-factor the HTTP/2 implementation classes to better align with 9.0.x and 10.0.x to make maintenance simpler. (markt)
Fix:  Ensure that HTTP/2 streams are only recycled once as multiple attempts to recycle an HTTP/2 stream may result in NullPointerExceptions. (markt)
Code:  Simplify the closing on an HTTP/2 stream when an error condition is present. (markt)

SQLite 3.35.4
Fix a defect in the query planner optimization identified by item 8b above. Ticket de7db14784a08053.
Fix a defect in the new RETURNING syntax. Ticket 132994c8b1063bfb.
Fix the new RETURNING feature so that it raises an error if one of the terms in the RETURNING clause references a unknown table, instead of silently ignoring that error.
Fix an assertion associated with aggregate function processing that was incorrectly triggered by the push-down optimization.
 

Download Our Latest Open Source Trend Report

In our new Open Source Trend Report, we present the results of two surveys regarding open source operating systems, as well as data and cloud technologies.

View all OpenUpdate editions >