Trending Topics This Week
Here is what people are talking about this week in the world of free and open source software:
- Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials.
- The Linux Foundation and IBM Announce New Open Source Projects to Promote Racial Justice.
- Understanding Open Source Databases.
Key Security, Maintenance, and Features Releases
Security Updates
ISC Bind 9.16.12
When tkey-gssapi-keytab or tkey-gssapi-credential was configured, a specially crafted GSS-TSIG query could cause a buffer overflow in the ISC implementation of SPNEGO (a protocol enabling negotiation of the security mechanism to use for GSSAPI authentication). This flaw could be exploited to crash named. Theoretically, it also enabled remote code execution, but achieving the latter is very difficult in real-world conditions. (CVE-2020-8625)
This vulnerability was responsibly reported to us as ZDI-CAN-12302 by Trend Micro Zero Day Initiative. [GL #2354]
Non-Security Updates
Firefox 85.0.2
Fixed a deadlock during startup (bug 1679933)
Jenkins 2.280
Important security fix. (security advisory)
Fix plugin search over multiple update sites (regression in 2.270). (issue 64840)
Show available plugin updates by reloading update center data on upgrade/downgrade. (issue 41727)
Update JNA from 5.6.0 to 5.7.0. (pull 5273, JNA 5.7.0 changelog)
Provide new translations for Polish language. (pull 5271)
PostgreSQL JDBC Driver 42.2.19
Now the driver uses SASLprep normalization for SCRAM authentication fixing some issues with spaces in passwords.
Fix: Actually close unclosed results. Previously was not closing the first unclosed result fixes #1903 (#1905) There is a small behaviour change here as a result. If closeOnCompletion is called on an existing statement and the statement is executed a second time it will fail.
Jetty 11.0.1
#5993 - Change more modules to glassfish-jstl
#5941 - Use jakarta.servlet.jsp.jstl version 2 implementation from Eclipse Glassfish
#5901 - Starting Jetty with JPMS produces warnings about Servlet resources not found
#5761 - Remove unneeded dependencies from apache-jsp module
Spring Framework 5.3.4
Enforce standard Java types in YamlProcessor #26530
Fall back on awaitToBodylessEntity when awaitBody is used with Unit #26504
Expose HttpHandler Decoration as a bean #26502
Inefficient reflection operations for destroy method determination #26498
What is Rancher?
For Companies considering container and container orchestration solutions, Rancher provides an attractive option. In this blog, we give an overview of the Rancher platform and features as well as available Rancher software. Lastly, we discuss when companies should consider Rancher, and when they should pursue other options.