Stay Informed

This week, read about:


Key Security, Maintenance, and Features Releases

Security Updates

Firefox 100.0.2
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

Non-Security Updates

Apache Camel 3.17.0
camel-core - Pooled exchanges with netty-http/jetty/servlet can cause reference leaks
camel-karaf - Cannot load OSGi blueprint due to Resumable classloading hell
camel-karaf - exception when initiating no-java cxf endpoint with blueprint: camelContext must be specified
camel-jbang - Health Check should report HTTP status codes for DOWN
Apache Kafka 3.2.0
log4j 1.x is replaced with reload4j
StandardAuthorizer for KRaft (KIP-801)
Send a hint to the partition leader to recover the partition (KIP-704)
Top-level error code field in DescribeLogDirsResponse (KIP-784)
Docker Compose 2.5.1
Fix relative paths on envfile label by @ulyssessouza in #9422
down: Reject all arguments by @Jille in #9158
Clarify what default work dir is when multiple compose files by @quite in #9423
compose down exit=0 if nothing to remove by @ndeloof in #9440
Hibernate ORM 5.6.9
HHH-15270 Inconsistent precedence of orm.xml implicit catalog over "default_catalog" in XML-mapped entities
HHH-15265 SchemaExport.execute does not add the configured schema to comments
HHH-15212 SchemaExport.execute does not replace the ${schema}-placeholder in HBM database-object with configured schema
HHH-15142 CriteriaQuery with Like predicate fails when repeated with java.lang.IllegalArgumentException: Parameter value [] did not match expected type [java.lang.String (n/a)]
Jenkins 2.348
Announce Java 8 end of life for weekly line as June 21 2022 (pull 6566)
Use native Java Platform functionality rather than Ant to load classes. The old behavior can be restored by setting -Dhudson.ClassicPluginStrategy.useAntClassLoader=true. (pull 6571)
Upgrade Spring Framework from 5.3.19 to 5.3.20. Spring Framework 5.3.20 includes 14 fixes and improvements. In addition, this releases include fixes for 2 vulnerabilities. (pull 6565, Spring Framework 5.3.20 changelog, CVE-2022-22970, CVE-2022-22971)
Remove Java Web Start support for launching inbound agents, along with the GUI mode, the platform-specific agent installers, and the JAR signature. (pull 6543, Java Web Start)
Wildfly 26.1.1
[WFLY-15998] - Session context returns wrong caller principal
[WFLY-16256] - Tracer Instance Leak in WildFlyClientTracingRegistrarProvider
[WFLY-16300] - Intermittent failures in StopFromDifferentNodeTestCase
[WFLY-16358] - It is not possible to set ssl-context for mod_cluster proxy

View all OpenUpdate editions >