This week, read about:
- Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware.
- OpenSSF Membership Exceeds 100 with Many New Members Dedicated to Securing Open Source Software.
- War in Ukraine Dominated Cybersecurity in 2022.
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache ActiveMQ 5.17.3
[AMQ-6148] - When use LDAP auth, Activemq should not always connect to ldap service to do authentication
[AMQ-8596] - Jolokia-agent - File not found exception
[AMQ-8617] - RedeliveryPolicy:Exponential Backoff + NonBlockingRedelivery = too long delays
[AMQ-9062] - ActiveMQ 5.17.1: Web Console is not working in KARAF 4.4.1
Apache Tomcat 10.1.4
Fix: Correct the default implementation of HttpServletRequest.isTrailerFieldsReady() to return true so it is consistent with the default implementation of HttpServletRequest.getTrailerFields() and with the Servlet API provided by the Jakarta EE project. (markt)
Fix: Refactor WebappLoader so it only has a runtime dependency on the migration tool for Jakarta EE if configured to use the converter as classes are loaded. (markt)
Fix: Improve the behavior of the credential handler attribute that is set in the Servlet context so that it actually reflects what is used during authentication. (remm)
Fix: 66359: Update javadoc for RemoteIpValve and RemoteIpFilter with correct protocolHeader default value of "X-Forwarded-Proto". (lihan)
Urgent Upgrade Notes
(No, really, you MUST read this before you upgrade)
Deprecated beta APIs scheduled for removal in v1.26 are no longer served. See https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-26 for more information. (#111973, @liggitt)