Stay Informed

This week, read about:

  • Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild.
  • The End of Open Source?
  • Square is Building a New Open-Source Platform for Bitcoin, and It's Calling it 'TBD'.


Key Security, Maintenance, and Features Releases


Security Updates

Apache Ant 1.9.16 and 1.10.11
When reading a specially crafted archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.
It affects reading (or updating) tar archives as well as archives using the zip format or formats derived from it. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.
This was fixed in revision 6594a2d.
These issues are similar to CVE-2021-35517 and CVE-2021-36090 present in Apache Commons Compress which has been detected by OSS Fuzz.
Affects: up to 1.9.15 / 1.10.10. Versions prior to 1.4 are not affected, versions prior to 1.9.0 are not affected when reading tar archives.

Non-Security Updates

Apache Camel K 1.5.0
chore: Remove Camel Sources support from Knative trait #2460 (astefanutti)
chore: Update embedded camel-catalog-1.8.0-SNAPSHOT.yaml #2459 (astefanutti)
chore: Remove unsupported probe-path property from container trait #2458 (astefanutti)
fix: Filter influencing traits to lookup matching kits #2457 (astefanutti)

Firefox 90
On Windows, updates can now be applied in the background while Firefox is not running.
Firefox for Windows now offers a new page about:third-party to help identify compatibility issues caused by third-party applications
Exceptions to HTTPS-Only mode can be managed in about:preferences#privacy
Print to PDF now produces working hyperlinks

Hibernate ORM 5.3.21
HHH-14616 Optimistic Lock throws org.hibernate.exception.SQLGrammarException: could not retrieve version
HHH-14608 Merge causes StackOverflow when JPA proxy compliance is enabled
HHH-14537 EntityNotFoundException thrown when non-existing association with @NotFound(IGNORE) mapped has proxy in PersistenceContext
HHH-14247 Automatic release scripts, wrong Jira release url

Jenkins 2.302
Optimize access control checks affecting (at least) Pipeline node steps. (pull 5586)
Developer: The hudson.util.SubClassGenerator and experimental hudson.model.TreeView class have been removed without replacement. (pull 5566, pull 5603)

Kubernetes 1.21.2
Fix scoring for NodeResourcesMostAllocated and NodeResourcesBalancedAllocation plugins when nodes have containers with no requests. This was leaving to under-utilization of small nodes. (#102925, @alculquicondor) [SIG Scheduling]
ServiceOwnsFrontendIP shouldn't report error when the public IP doesn't match (#102516, @nilo19) [SIG Cloud Provider]
Switch scheduler to generate the merge patch on pod status instead of the full pod (#103133, @marwanad) [SIG Scheduling]
VSphere: Fix regression during attach disk if datastore is within a storage folder or datastore cluster. (#102969, @gnufied) [SIG Cloud Provider]

Spring Framework 5.3.9
Configure CommonsMultipartResolver to support specific HTTP methods #27161
Allow BeanDefinitionBuilder to set an instance supplier with a ResolvableType #27160
Reason of @ResponseStatus on handler method is not resolved by MessageSource #27156
ResourceHandlerRegistry#getHandlerMapping should initialize handler once in outer loop #27153

Squid Web Cache 4.16
- Regression Fix: --with-valgrind-debug build broken since 4.15
- Bug 5129 pt1: remove Lock use from HttpRequestMethod
- Bug 5128: Translation: Fix '% i' typo in es/ERR_FORWARDING_DENIED
- Bug 4528: ICAP transactions quit on async DNS lookups

Guide to Open Source Relational Databases

Choosing a database is a big decision for any enterprise, and one that can have lasting repercussions. In this blog, we look at open source relational database management systems (open source RDBMS), and the factors that organizations should consider before choosing a RDBMS.

View all OpenUpdate editions >