This week, read about:
- PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects.
- Even robots have the right to learn from open source.
- Open Source Software Security Begins to Mature.
- Rocky Linux 9 GA Release Now Available.
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache Camel 3.18.0
camel-kafka: idempotent repository may report incorrect number of messages
BridgeExceptionHandlerToErrorHandler with OnCompletion prevents processing Exception
When a Call to Salesforce timeouts then we have Exchange.HTTP_RESPONSE_CODE Exchange Header set as "0"
camel-core - Invalid ThreadName pattern
Jboss Drools 7.72.0.Final
[DROOLS-7017] - "_this cannot be resolved" in LambdaExtractor when involving a declaration in pattern
[DROOLS-6990] - Add dispose in archetypes example codes
Kubernetes is now built with Golang 1.17.11 (#110423, @cpanato) [SIG Cloud Provider, Instrumentation, Release and Testing]
EndpointSlices marked for deletion are now ignored during reconciliation. (#110483, @aryan9600) [SIG Apps and Network]
Fixed a kubelet issue that could result in invalid pod status updates to be sent to the api-server where pods would be reported in a terminal phase but also report a ready condition of true in some cases. (#110480, @bobbypage) [SIG Node and Testing]
Pods will now post their readiness during termination. (#110417, @aojea) [SIG Network, Node and Testing]
fix: queries with up to 65535 (inclusive) parameters are supported now (previous limit was 32767) PR #2525, Issue #1311
fix: workaround JarIndex parsing issue by using groupId/artifactId-version directory namings. Regression since 42.2.13. PR #2531, issue #2527
fix: use Locale.ROOT for toUpperCase() toLowerCase() calls
doc: add Vladimir Sitnikov's PGP key
Fix DirectWriteRolloverStrategy should use the current time when creating files. Fixes LOG4J2-3339. rgoers
Update Upgrade the Flume Appender to Flume 1.10.0. Fixes LOG4J2-3536. rgoers
Fix Fix LevelRangeFilterBuilder to align with log4j1's behavior. Fixes LOG4J2-3534. yueki1993
Fix Don't use Paths.get() to avoid circular file systems. Fixes LOG4J2-3527.
PHP 8.1.8 and 8.0.21
Fixed bug GH-8338 (Intel CET is disabled unintentionally).
Fixed leak in Enum::from/tryFrom for internal enums when using JIT
Fixed calling internal methods with a static return type from extension code.
Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references).
Fixed potential use after free in php_binary_init().
Fixed GH-8827 (Intentionally closing std handles no longer possible).
Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
Spring Framework 5.3.21
Expose ThreadPoolTaskExecutor queue size and capacity for metrics #28583
Lazily initialize DataSize.PATTERN #28560
MockMvcWebTestClient forces HTTP POST for multipart requests #28545
Support for CGLIB BeanCopier utility on JDK 17 #28530
Spring Security 5.7.2
Some Security Expressions cause NPE when used within @Query #11289
CsrfWebFilter null save content-type check #11341
Docs example uses access(String) with authorizeHttpRequests() #11296
Fix typo in BasicLookupStrategy Javadoc #11339
Add (long overdue) support for RIGHT and FULL OUTER JOIN.
Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards.
Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses.
Added the sqlite3_db_name() interface.