This week, read about:
- AlmaLinux vs Rocky Linux.
- Russia Bans VyprVPN, Opera VPN Services for Not Complying with Blacklist Request.
- DroneAnalyst: The Rise of Open Source Drones.
Key Security, Maintenance, and Features Releases
Apache Camel 3.4.6
Validator component fails with java.lang.IllegalArgumentException: protocol = https host = null
camel-jsonpath - results from $.concat(...) seems to be cached on following calls
XML DSL tokenize with token in simple language and group does not set the delimiter correctly
TimeoutException does not trigger Resilience4j circuit breaker
Apache Tomcat 9.0.48, 10.0.7 and 8.5.68
Fix: Regression when generating reflection due to removed NIO classes in 9.0.47. (remm)
Add: Use JSign to integrate the build script with the code signing service to enable release builds to be created on Linux as well as Windows. (markt)
Fix: 65301: RemoteIpValve will now avoid getting the local host name when it is not needed. (remm)
Fix: 65308: NPE in JNDIRealm when no userRoleAttribute is given. (fschumacher)
Add: #412: Add commented out, sample users for the Tomcat Manager app to the default tomcat-users.xml file. Based on a PR by Arnaud Dagnelies. (markt)
Add: #418: Add a new option, pass-through, to the default servlet's useBomIfPresent initialization parameter that causes the default servlet to leave any BOM in place when processing a static file and not to use the BOM to determine the encoding of the file. Based on a pull request by Jean-Louis Monteiro. (markt)
Update: Update to the Java 7 compatible build of JSign 3.1 to pick up a fix for SHA-512 signatures. (markt)
Apache TomEE 8.0.6
No release notes available.
CentOS 8 (2105)
We are pleased to announce the general availability of the latest version of CentOS Linux 8. Effectively immediately, this is the current release for CentOS Linux 8 and is tagged as 2105, derived from Red Hat Enterprise Linux 8.4 Source Code.
As always, read through the Release Notes at: http://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2105 - these notes contain important information about the release and details about some of the content inside the release from the CentOS QA team. These notes are updated constantly to include issues and incorporate feedback from users.
Hibernate ORM 5.5.2.Final
It seems there are popular answers on StackOverflow which suggest to disable loading of Database metadata during bootstrap of Hibernate ORM, so to have it boot faster.
In these forums an internal flag is being suggested which was meant to be used exclusively for tooling, and which we would not suggest you use for your regular application as some metadata we fetch from the database can have strong impact on internal strategies and workarounds, so making your favourite ORM smarter, more efficient, and sometimes even able to workaround bugs in specific DB versions. In some cases, disabling this metadata can also lead to tricky to diagnose bugs.
But some users reported very slow boot times, mostly in relation with very large databases, and to workaround this really prefer to skip this phase. This was not expected so we investigated more. We could remove some operations which are currently unnecessary, and automatically skip some others depending on actual need.
The end result is that it will now boot even faster, much faster if you had such issues, and without needing to set any flag or have to make tradeoffs with important safety features.
Added jitter factor to lease controller that better smears load on kube-apiserver over time. (#101652, @marseel) [SIG API Machinery and Scalability]
Avoid caching the Azure VMSS instances whose network profile is nil (#100948, @feiskyer) [SIG Cloud Provider]
Azure: avoid setting cached Sku when updating VMSS and VMSS instances (#102005, @feiskyer) [SIG Cloud Provider]
Fix a bug on the endpoint slices mirroring controller where endpoint NotReadyAddresses were mirrored as Ready to the corresponding EndpointSlice (#102683, @aojea) [SIG Apps and Network]
[WFLY-13625] - Security Realms should support specifying the charset and encoding for credentials.
[WFLY-13916] - Elytron server-ssl-context allowed protocols
[WFLY-14007] - Certificate Revocation Lists
[WFLY-14563] - As a developer, I can use a quickstart to showcase WildFly connecting to a DB on OpenShift
ISC Bind DNS 9.16.18
When preparing DNS responses, named could replace the letters W (uppercase) and w (lowercase) with \000. This has been fixed. [GL #2779]
The configuration-checking code failed to account for the inheritance rules of the key-directory option. As a side effect of this flaw, the code detecting key-directory conflicts for zones using KASP incorrectly reported unique key directories as being reused. This has been fixed. [GL #2778]
OpenLogic Announces Support Offerings for Rocky Linux and AlmaLinux
Fresh off the inaugural Rocky Linux GA release, OpenLogic has announced SLA-backed support for both Rocky Linux and AlmaLinux distributions.