This week, read about:
- Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems.
- Small Open Source Projects Pose Significant Security Risk.
- Open Source Software Host Fosshost Shutting Down as CEO Unreachable.
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache Artemis 2.27.1
[ARTEMIS-4030] - AMQ222010 (No such file or directory) during startup
[ARTEMIS-4078] - Divert filter not added/updated/removed on configuration change
[ARTEMIS-4083] - when artemis streaming enabled then artemis-core client is not closing inputstream for Bytes message, blocking deletion of file after its processed in windows
[ARTEMIS-4084] - Rollbacking massive amounts of messages might crash broker
Apache Camel 3.18.4
camel-yaml-dsl - Intercept is not added in the route definition.
camel-yaml-dsl - OnCompletion is not added in the route definition.
Duplicate schema/cxfEndpoint.xsd resource in camel-cxf-spring-rest and camel-cxf-spring-soap jars
camel-report-maven-plugin - Class missing when generating the route coverage report
Apache Tomcat 9.0.70
Fix: Correct the default implementation of HttpServletRequest.isTrailerFieldsReady() to return true so it is consistent with the default implementation of HttpServletRequest.getTrailerFields() and with the Servlet API provided by the Jakarta EE project. (markt)
Fix: Improve the behavior of the credential handler attribute that is set in the Servlet context so that it actually reflects what is used during authentication. (remm)
Fix: 66359: Update javadoc for RemoteIpValve and RemoteIpFilter with correct protocolHeader default value of "X-Forwarded-Proto". (lihan)
Fix: When an HTTP/2 stream was reset, the current active stream count was not reduced. If enough resets occurred on a connection, the current active stream count limit was reached and no new streams could be created on that connection. (markt)
Docker Compose 2.14.0
Only stop services started by up when interrupted (#10028)
Load implicit profiles for targeted services (#10025)
Do not require service.build.platforms to be set if service.platform is set (#10017)
Use plain output during buildx image builds if --ansi=never is set (#10020)
Update appearance and framework for tooltips. (pull 6408)
Upgrade Spring Security from 5.7.5 to 5.8.0. Spring Security 5.8.0 includes 71 fixes and improvements. (Spring Security 5.8.0)
Delete .disabled files when uninstalling a plugin. (issue 68194)
Developer: better error logging for unexpected problems in Computer.threadPoolForRemoting. (pull 7284)