Stay Informed
This week, read about:
- Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability.
- EU Commission Adopts New Rules for Open Source Software Distribution.
- New Fundamentals of Open Source IT and Cloud Computing Training Makes it Easy to Start an IT Career.
Key Security, Maintenance, and Features Releases
Security Updates
CentOS 8 is EOL at the end of the month
Apache Struts 2.5.28.1
(warning) Log4j has been upgrade to version 2.12.2 to address security vulnerability CVE-2021-45046
Spring Security 5.5.4
Documentation has wrong code example in the 'Customizing OpenSAML’s AuthnRequest Instance' section #10527
Invalid_request failures in JwtTokenValidators are always turned into invalid_token errors #10561
MissingCsrfTokenException message is misleading when not storing the CSRF tokens in the session #10531
Multi-tenancy Documentation - com.nimbusds.jwt.proc.JWTProcessor does not have a setJWTClaimSetJWSKeySelector method #10520
Non-Security Updates
Apache Camel 3.14.0
CAMEL-17322
Google Pubsub needs scopes set on Credentials
CAMEL-17303
camel-jbang: FailedToCreateRouteException
CAMEL-17298
camel-vertx-http duplicates path
CAMEL-17295
REST DSL (With Servlet Component) Fails to Resolve Endpoint if Query Parameter Is Part of URI Parameter
Firefox 95.0.2
Addresses frequent crashes experienced by users with C/E/Z-Series "Bobcat" CPUs running on Windows 7, 8, and 8.1.
Hibernate ORM 5.6.2
HHH-14956 Invalid link to MetadataBuilderContributor javadocs in Configurations docs
HHH-14937 SybaseDialect does not support schema anymore
HHH-14936 JdbcConnectionContext in hibernate-testing throws NPE when user/password are not provided in configuration
HHH-14927 "Current" documentation is 5.5 instead of 5.6
Kubernetes 1.23.1
Deprecation of FlexVolume
FlexVolume is deprecated. Out-of-tree CSI driver is the recommended way to write volume drivers in Kubernetes. See this doc for more information. Maintainers of FlexVolume drivers should implement a CSI driver and move users of FlexVolume to CSI. Users of FlexVolume should move their workloads to CSI driver.
Deprecation of klog specific flags
To simplify the code base, several logging flags got marked as deprecated in Kubernetes 1.23. The code which implements them will be removed in a future release, so users of those need to start replacing the deprecated flags with some alternative solutions.
Wildfly 26
[WFLY-14800] - Modernise the MicroProfile Reactive Messaging QuickStart for Reactive Messaging 2.0
[WFLY-15095] - Test case and community documentation to verify the uses of jboss.server.[base,log,data,temp].dir properties as JVM managed server options
[WFLY-15657] - Documentation for LoginModule compatible security realm.
ISC BIND 9.16.24
Feature Changes
Previously, when an incoming TCP connection could not be accepted because the client closed the connection early, an error message of TCP connection failed: socket is not connected was logged. This message has been changed to Accepting TCP connection failed: socket is not connected. The severity level at which this type of message is logged has also been changed from error to info for the following triggering events: socket is not connected, quota reached, and soft quota reached. [GL #2700]
dnssec-dsfromkey no longer generates DS records from revoked keys. [GL #853]
Bug Fixes
Removing a configured catalog-zone clause from the configuration, running rndc reconfig, then bringing back the removed catalog-zone clause and running rndc reconfig again caused named to crash. This has been fixed. [GL #1608]
MyBatis 3.5.8
Avoid NullPointerException when mapping an empty string to java.lang.Character. #2368
Fixed an incorrect argument when initializing static object. This resolves a compatibility issue with quarkus-mybatis. #2284
Performance improvements. #2297 #2335 #2340
And many doc updates!
PHP 8.1.1, 8.0.14 and 7.4.27
8.1.1
Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
Update bundled PCRE2 to 10.39.
Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
8.0.14
Fixed bug #81582 (Stringable not implicitly declared if __toString() came from a trait).
Fixed bug #81591 (Fatal Error not properly logged in particular cases).
Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
Fixed bug #81631 (::class with dynamic class name may yield wrong line number).
7.4.27
Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
Fixed bug #71316 (libpng warning from imagecreatefromstring).
Fixed bug #75725 (./configure: detecting RAND_egd).
Working with open source software?
Take our 10-minute survey for a chance at a $200 Amazon gift card!