This week, read about:
- Reasons Why Every Business is a Target of DDoS Attacks.
- Open Source Developers, Who Work For Free, Are Discovering They Have Power.
- The Linux Foundation Releases The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness Research.
Key Security, Maintenance, and Features Releases
Apache Camel 3.14.1
ServicePool.doStop hangs during shutdown
Camel loading of resources using ClassResolver API doesn't work in OSGi enviroments
camel-http - httpClient parameters are not filtered out
Cannot use square brackets in HTTP parameters
Hibernate ORM 5.6.5
HHH-15044 Revert HHH-14826 fix because the provided test was wrong
HHH-15041 H2Dialect does not work properly with h2 2.0.202 due to new DDL type requirements
HHH-15014 H2Dialect does not work properly with h2 2.0.202 on sub selects with tuples
HHH-15009 H2Dialect does not work properly with h2 2.0.202 and updating schema
HHH-14985 H2Dialect does not work properly with h2 2.0.202 on inserts
Kubernetes is now built with Golang 1.17.6 (#107613, @palnabarun) [SIG Cloud Provider, Instrumentation, Release and Testing]
Fix: delete non existing Azure disk issue (#107406, @andyzhangx) [SIG Cloud Provider]
Fixes a regression in 1.23 that incorrectly pruned data from array items of a custom resource that set x-kubernetes-preserve-unknown-fields: true (#107689, @liggitt) [SIG API Machinery]
ISC BIND 9.18.0
named now supports securing DNS traffic using Transport Layer Security (TLS). TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH).
named can use either a certificate provided by the user or an ephemeral certificate generated automatically upon startup. The tls statement allows fine-grained control over TLS parameters. [GL #1840] [GL #2795] [GL #2796]
For debugging purposes, named logs TLS pre-master secrets when the SSLKEYLOGFILE environment variable is set. This enables troubleshooting of issues with encrypted traffic. [GL #2723]
Fixed libldap to init client socket port (ITS#9743)
Fixed libldap with referrals (ITS#9781)
Added slapd config keyword for logfile format (ITS#9745)
Fixed slapd to allow objectClass edits with no net change (ITS#9772)
CentOS Support News
We are pleased to announce that our Enterprise Linux Development Team has backported a fix relating to CVE-2021-4034 and the affected package known as polkit. We highly advise updating your systems to patch this vulnerability. The vulnerability is a local privilege escalation on polkit's pkexec utility. To learn more, please visit https://nvd.nist.gov/vuln/detail/CVE-2021-4034 to read the full CVE on the issue. OpenLogic has provided patches for both CentOS 6 and CentOS 8 for our Extended Support customers. Because CentOS 7 is still actively maintained by Red Hat, patches for CVE-2021-4034 are available from the official CentOS repositories directly.
Joining our existing CentOS 6 Extended Support offering, OpenLogic is now supporting CentOS 8 for five additional years past EoL (End of Life). We have moved CentOS 8 into the Extended Support category due to it going EoL at the end of December 2021. This is due to a decision by Red Hat, announced in December 2020. CentOS 6 and CentOS 8 are now at the end of their community supported life cycle. Because of this, CentOS 6 and CentOS 8 will not receive updates from Red Hat any longer. If you have any questions, comments or concerns about the transition to long term support or would like to speak to a sales person about long term support, please reach out to us at; https://www.openlogic.com/solutions/enterprise-linux-support