December 2, 2021 | OpenLogic by Perforce

Stay Informed

This week, read about:

Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency.
Anjuna Security Software Secures Kubernetes Workloads and Sensitive Data Utilizing AWS Nitro Enclaves.
Toit Open-Source Language Claims to be 30x Faster Than MicroPython on ESP32.

Key Security, Maintenance, and Features Releases

Security Updates

Spring Security 5.6.0
DaoAuthenticationProviderTests#avg function doesn't return fraction #10426
Docs Should Use Section Summary #10449
MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session #10436
Revamp OAuth 2.0 Login/Client reactive documentation #8174

Non-Security Updates

Drools 7.61.0.Final
[DROOLS-6650] - kie-karaf-itests test failures in 7.59.x
[DROOLS-3330] - DMN Properties panel - UX enhancements

Firefox 94.0.2
Improved hangs experienced by users of assistive technology such as NVDA when installing Firefox through the Microsoft Store (bug 1736742)
Resolved general instability/crashes on Linux caused by a file descriptor leak when backgrounding tabs using WebGL (bug 1741997)
Updated preference design for Firefox Suggest for improved clarity.

Kubernetes 1.22.4
Kubernetes is now built with Golang 1.16.10 (#106223, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
Update debian-base, debian-iptables, setcap images to pick up CVE fixes
Debian-base to v1.9.0
Debian-iptables to v1.6.7
setcap to v2.0.4 (#106143, @cpanato) [SIG Release and Testing]

Narayana 5.12.4.Final
[JBTM-3511] - Produce a jakarta artifact for narayana-jts-integration
[JBTM-3545] - Produce jakarta artifacts for Narayana XTS
[JBTM-3546] - Produce jakarta artifacts for Narayana RTS
[JBTM-3547] - Produce a jakarta artifact for narayana.compensations

PHP 8.1.0, 8.0.13, 7.3.33 and 7.4.26
8.1.0
Fixed inclusion order for phpize builds on Windows.
Added missing hashtable insertion APIs for arr/obj/ref.
Implemented FR #77372 (Relative file path is removed from uploaded file).
Fixed bug #81607 (CE_CACHE allocation with concurrent access).
8.0.13
Fixed bug #81518 (Header injection via default_mimetype / default_charset).
Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
Fixed bug #81588 (TokyoCabinet driver leaks memory).
Fixed bug #76167 (mbstring may use pointer from some previous request).
7.3.33
Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
7.4.26
Fixed bug #81518 (Header injection via default_mimetype / default_charset).
Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
Fixed bug #76167 (mbstring may use pointer from some previous request).
Fixed bug #81494 (Stopped unbuffered query does not throw error).

SQLite 3.37.0
STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing.
When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated.
Added the PRAGMA table_list statement.

View all OpenUpdate editions >