January 14, 2021

Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software: 

• New Attack Could Let Hackers Clone Your Google Titan 2FA Security Keys
• What is Open-Source Urbanism?
• Open-Source Developer and Manager David Recordon Named White House Director of Technology

Key Security, Maintenance, and Features Releases

Security Updates

Firefox 84.0.2
CVE-2020-16044: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk

PHP 8.0.1, 7.3.26 and 7.4.14
8.0.1
Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
Fixed bug #80391 (Iterable not covariant to mixed).
Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
7.3.26
Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
Fixed bug #80457 (stream_get_contents() fails with maxlength=-1 or default).
7.4.14
Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).
Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
Fixed bug #80362 (Running dtrace scripts can cause php to crash).
 

Non-Security Updates

Hibernate ORM 5.4.27.Final
[HHH-13954] - PostgreSQL - partitioned table: Schema-validation: missing table (when table exists)
[HHH-14380] - Join ordering logic wrongly pushes cross joins from subqueries to parent

Jenkins 2.273
Reduce lock contention around jenkins queue. (issue 58101)
Prevent user input of 'e' or 'E' as 'positive-number', 'non-negative-number', or 'number'. (issue 64439)
Update jnr-posix library from 3.0.45 to 3.1.4. (pull 5129, Commits from jnr-posix 3.0.45 to 3.1.4)
Update Java native access (jna) library from 5.3.1 to 5.6.0 for most recent platform library fixes and enhancements. (pull 5125, JNA 5.6.0 changelog, JNA 5.5.0 changelog, JNA 5.4.0 changelog)

Log4J 2.14.0
Fix           Fix broken link in FAQ. Fixes LOG4J2-2925.            rgoers
Add        Add JsonTemplateLayout. Fixes LOG4J2-2957.     vy
Fix           Log4j2EventListener in spring.cloud.config.client listens for wrong event. Fixes LOG4J2-2911.        rgoers
Update Add date pattern support for HTML layout. Fixes LOG4J2-2889. Thanks to Geng Yuanzhe.

OpenLDAP 2.4.56
Fixed slapd to remove assert in certificateListValidate (ITS#9383)
Fixed slapd to remove assert in csnNormalize23 (ITS#9384)
Fixed slapd to better parse ldapi listener URIs (ITS#9379)

Spring Framework 5.3.3
Add null check for ExceptionHandlerMethodResolvers #26339
ClassNotFoundException: ExchangeFunction when using WebTestClient with Spring MVC #26308
Early support for JDK 17 #26307
Assertion error details lost in rethrow in assertWithDiagnostics #26303
 

OpenShift vs. Kubernetes   

For teams considering containerization, understanding the technologies needed to break from the monolith can be tricky. With new technologies, concepts (and acronyms) born every day, getting a grasp on the landscape is a challenging endeavor. The two container technologies we look at today, OpenShift and Kubernetes, are a prime example. So what separates OpenShift vs. Kubernetes, and when should teams buy in to the OpenShift platform over Kubernetes? Learn in this blog.