This week, read about:
- New 'GoodWill' Ransomware Forces Victims to Donate Money and Clothes to the Poor.
- Open-Source Can Play A Critical Role In Tackling the UK’s Developer Shortage.
- Tech Giants Pledge Multimillion Down Payment to Secure Open Source.
Key Security, Maintenance, and Features Releases
Apache Tomcat 8.5.79
Fix: 65736: Disable the forceString option for the JNDI BeanFactory and replace it with an automatic search for an alternative setter with the same name that accepts a String. This is a security hardening measure. (markt)
Code: 65853: Refactor the CsrfPreventionFilter to make it easier for sub-classes to modify the nonce generation and storage. Based on suggestions by Marvin Fröhlich. (markt)
Fix: 65991: Avoid NPE with SSLAuthenticator when boundOnInit is used on a connector, during the check for client certificate authentication availability. (remm)
Fix: 66009: Use getSubjectX500Principal().toString() rather than getSubjectX500Principal().getName(...) to retrieve a certificate DN, to match the output of the deprecated getSubjectDN().getName() that was used previously. (remm)
Fix JobTrackingWithFinalizers that:
was declaring a job finished before counting all the created pods in the status
was leaving pods with finalizers, blocking pod and job deletions
JobTrackingWithFinalizers is still disabled by default. (#109486, @alculquicondor) [SIG Apps and Testing]