Stay Informed
This week, read about:
- North Korean Hackers Found Behind a Range of Credential Theft Campaigns.
- Apache CloudStack 4.16 Advances Open-Source Cloud Platform.
- Daily Crunch: Microsoft Launches Loop, an Open Source, Real-Time Collaboration Tool.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Maven 3.8.4
[MNG-7270] - Maven startup script (init) calls which(1) which is an external command
[MNG-7285] - [Regression] MavenProject.getArtifacts() not returning correct value across multiple threads
[MNG-7300] - [Regression] Reloading web application (Enter) fails due to java.lang.ClassNotFoundException
Apache Struts 2.5.27
[WW-5116] - PostbackResult uses wrong regex range
[WW-5117] - %{id} evaluates different for data-* and value attribute
[WW-5119] - Blocking Threads in retrieving text from resource bundle
[WW-5121] - Contention when injecting Scope.SINGLETON instances
Apache Tomcat 8.0.53
Fix: Treat the <mapped-name> element of a <env-entry> in web.xml in the same way as the mappedName element of the equivalent @Resource annotation. Both now attempt to set the mappedName property of the resource. (markt)
Fix: Correct the processing of resources with <injection-target>s defined in web.xml. First look for a match using JavaBean property names and then, only if a match is not found, look for a match using fields. (markt)
Fix: When restoring a saved request with a request body after FORM authentication, ensure that calls to the HttpServletRequest methods getRequestURI(), getQueryString() and getProtocol() are not corrupted by the processing of the saved request body. (markt)
Fix: JNDI resources that are defined with injection targets but no value are now treated as if the resource is not defined. (markt)
Kubernetes 1.22.3
EndpointSlice Mirroring controller now cleans up managed EndpointSlices when a Service selector is added (#106132, @robscott) [SIG Apps, Network and Testing]
Fix a bug that --disabled-metrics doesn't function well. (#105793, @Huang-Wei) [SIG API Machinery, Cluster Lifecycle and Instrumentation]
Fix a panic in kubectl when creating secrets with an improper output type (#106356, @lauchokyip) [SIG CLI]
Fix concurrent map access causing panics when logging timed-out API calls. (#106112, @marseel) [SIG API Machinery]
ISC Bind 9.16.23
Reloading a catalog zone which referenced a missing/deleted member zone triggered a runtime check failure, causing named to exit prematurely. This has been fixed. [GL #2308]