Trending Topics This Week

Here is what people are talking about this week in the world of free and open source software:

  • GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks.
  • Why Now is the Right Time for an Open-Source Serverless Strategy.
  • Firefox 89: Mozilla Brought its Open Source Browser Back From the Ashes.

 

Key Security, Maintenance, and Features Releases

 

Security Updates

Apache HTTPd 2.4.48
SECURITY: CVE-2021-31618 (cve.mitre.org) mod_http2: Fix a potential NULL pointer dereference [Ivan Zhakov]
mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the fallback to mod_proxy_http for WebSocket upgrade and tunneling. [Yann Ylavic]
mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling. BZ 65294.  [Yann Ylavic]
core: Fix a regression that stripped the ETag header from 304 responses. PR 61820 [Ruediger Pluem, Roy T. Fielding]
 

Non-Security Updates

Jenkins 2.296 
Fix regressions in forms submissions from unwanted form validation in any browser (regression in 2.289). (issue 65585)
Recommend running on Java 11. (issue 65577)
Change the word 'number' to 'integer' in the error message of the number field. (pull 5538)
Show implied plugin dependencies or a count of dependencies for plugins split from core. (pull 5472)

OpenLDAP 2.5.5
Added libldap LDAP_OPT_TCP_USER_TIMEOUT support (ITS#9502)
Added lloadd tcp-user-timeout support (ITS#9502)
Added slapd-asyncmeta tcp-user-timeout support (ITS#9502)
Added slapd-ldap tcp-user-timeout support (ITS#9502)

PHP 8.0.7 and 7.4.20
8.0.7
Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
Fixed bug #80972 (Memory exhaustion on invalid string offset).
7.4.20
Fixed bug #80929 (Method name corruption related to repeated calls to call_user_func_array).
Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
Fixed bug #80972 (Memory exhaustion on invalid string offset).
 

June 17 | OpenLogic Office Hours: Save Your Seat and We'll Buy You Lunch

Join Rod Cope, Founder of OpenLogic and CTO at Perforce Software, and Rich Alloway, Enterprise Linux Developer at OpenLogic by Perforce, for an interactive discussion on the future of CentOS, new CentOS alternatives, and the state of CentOS Stream.

PLUS, when you RSVP, we'll provide your choice of a $15 GrubHub or DoorDash gift card*. You choose the food, and they'll deliver!
 

View all OpenUpdate editions >