This week, read about:
- Chinese APT Hackers Used Log4Shell Exploit to Target Academic Institution.
- The Internet Runs on Free Open-Source Software. Who Pays to Fix it?
- Apache Projects Affected by Log4j CVE-2021-44228.
Key Security, Maintenance, and Features Releases
Apache Camel 3.11.5
Upgrade to log4j 2.17.0
upgrade to logback 1.2.8
Upgrade to log4j 2.16.0
camel-nsq and camel-corda - Exclude log4j-core
[DROOLS-5314] - [DMN Designer] validation of included BKM invocation
[DROOLS-5744] - [DMN Designer] Enumeration constraint: Row check/tick sign commits all rows
[DROOLS-5828] - executable-model test failure in test-compiler-integration MatchTest
[DROOLS-6137] - executable-model test failure in test-compiler-integration UnlinkingTest
Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL-pointer dereference.
Fix an OOB read that can occur in FTS5 when reading corrupt database files.
Improved robustness of the --safe option in the CLI.
Other minor fixes to assert() statements and test cases.