Stay Informed

This week, read about:

  • New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild.
  • Open Source Developers Urged to Ditch GitHub Following Copilot Launch.
  • Databricks Steps Up Open-Source Data Lakehouse Contributions.

Key Security, Maintenance, and Features Releases

Non-Security Updates

Apache Camel 3.14.4
camel-jira: components field is not updated
camel-core - Pooled exchanges in batch consumer may use an exchange concurrently
camel-mongodb-gridfs - initial delay is not configured correctly
slack: inconsistent message payload when batch ends

Apache TomEE 8.0.12
TOMEE-3935 BOM Regeneration fails due to GitHub Actions permission issue
TOMEE-3969 javax.cache API not part of Jakarta EE 8
TOMEE-3903 Investigate *.tar.gz distributions aren’t installed correctly to Maven Repository
TOMEE-3849 EclipseLink JPA provider not discoverable in TomEE Plume libraries

Firefox 102
Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more.
Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode.
When using a screen reader on Windows, pressing enter to activate an element no longer fails or clicks the wrong element and/or another application window. For those blind or with very limited vision, this technology reads out loud what is on the screen, and users can adapt them to their needs (now, on our platform, without errors).
Various security fixes.

Hibernate ORM 6.1.1
HHH-15369 UnknownTableReferenceException when two subclasses have same field with different type
HHH-15361 Update assignment type check should allow subtypes
HHH-15360 Listagg with nulls clause emulation in H2 before 2.0
HHH-15358 @Where annotation with globally_quoted_identifiers causes Unable to determine TableReference Exception

Jboss Web Services 6.0.0.Final 
[JBWS-4275] - Make correction to jbws-testsuite-jms-elytron.groovy
[JBWS-4277] - Restore JASPI integration
[JBWS-4278] - RuntimeException: Provider for jakarta.activation.spi.MailcapRegistryProvider cannot be found from UDPTransportTest
[JBWS-4288] - Support Jakarta EE 9.1

Jenkins 2.357
Require Java 11 or newer. (Blog post, issue 68570, JEP-236, pull 6083)
The script has been removed from the Docker containers after 18 months as a deprecated script. Manage plugin versions in containers with the plugin installation manager tool. The plugin installation manager tool is available in the image as jenkins-plugin-cli. (Plugin installation manager tool, pull 1380)
The instance-identity module has been converted to a detached plugin. (issue 55582)
Update the minimum required Remoting version to 4.2.1. (pull 6671)

Jetty 11.0.11
#8187 - Fix test-distribution classpath re resolver (@cstamas)
#8175 - Removing invalid maxConnections references
#8163 - RegexPathSpec documentation and MatchedPath improvements
#8162 - Migrate code from jetty-util Logger to slf4j Logger

MyBatis 3.5.10
Unexpected illegal reflective access warning (or InaccessibleObjectException on Java 16+) when calling method in OGNL expression. #2392
IllegalAccessException when auto-mapping Records (JEP-359) #2195
'interrupted' status is not set when PooledConnection#getConnection() is interrupted. #2503

View all OpenUpdate editions >