Stay Informed

This week, read about:

 

Key Security, Maintenance, and Features Releases

 

Non-Security Updates

Apache Tomcat 9.0.50 and 10.0.8
10.0.8
Code:  Refactor the RemoteIpValve to use the common utility method for list to comma separated string conversion. (markt)
Code:  Refactor JNDIRealm$JNDIConnection so its fields are accessible to sub-classes of JNDIRealm. (markt)
Fix:  Fix serialization warnings in UserDatabasePrincipal reported by SpotBugs. (markt)
Fix:  65397: Calls to ServletContext.getResourcePaths() no longer include symbolic links in the results unless allowLinking has been set to true. If a resource is skipped because of this change, a warning will be logged as this typically indicates a configuration issue. (markt)
9.0.50
Fix:  Jakarta to Javax backport issue in tests. (remm)

PHP 7.4.21, 7.3.29 and 8.0.8
7.4.21
Fixed bug #81068 (Double free in realpath_cache_clean()).
Fixed bug #76359 (open_basedir bypass through adding "..").
Fixed bug #81090 (Typed property performance degradation with .= operator).
Fixed bug #81070 (Integer underflow in memory limit comparison).
7.3.29
Fixed bug #76448: Stack buffer overflow in firebird_info_cb. (CVE-2021-21704)
Fixed bug #76449: SIGSEGV in firebird_handle_doer. (CVE-2021-21704)
Fixed bug #76450: SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)
Fixed bug #76452: Crash while parsing blob data in firebird_fetch_blob. (CVE-2021-21704)
8.0.8
Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
Fixed bug #81068 (Double free in realpath_cache_clean()).
Fixed bug #76359 (open_basedir bypass through adding "..").
Fixed bug #81090 (Typed property performance degradation with .= operator).
 

The New Stack: Cassandra, Kafka, and Spark

This new white paper shows how this open source stack for streaming data is transforming sales, supply chain management, and overall business outcomes.

View all OpenUpdate editions >