Stay Informed

This week, read about:

• Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky.
• Microsoft: Lazarus Hackers Are Weaponizing Open-Source Software.
• Lawmakers Introduce Bill To Tackle Open-Source Software.

Key Security, Maintenance, and Features Releases

Non-security Based Updates

Apache Camel 3.19.0
CAMEL-18544
camel-http - ToD optimized context-path with spaces problem
CAMEL-18530
Camel box cannot authorize
CAMEL-18514
camel-health - health check for not automatically started routes should always be up
CAMEL-18510
camel-jbang - camel bind may not work with --local-kamelet-dir
 
Apache Kafka 3.3.1
KIP-833: Mark KRaft as Production Ready
KIP-778: KRaft to KRaft upgrades
KIP-835: Monitor KRaft Controller Quorum health
KIP-794: Strictly Uniform Sticky Partitioner
 
Apache Tomcat 9.0.68 and 10.0.27
9.0.68
Fix:  Update the RewriteValve to perform pattern matching using dotall mode to avoid unexpected behaviour if the URL includes encoded line terminators. (markt)
Fix:  66276: Fix incorrect class cast when adding a descendant of HTTP/2 streams. (lihan)
Fix:  66281: Fix unexpected timeouts that may appear as client disconnections when using HTTP/2 and NIO2. (markt)
Fix:  Enforce the requirement of RFC 7230 onwards that a request with a malformed content-length header should always be rejected with a 400 response. (markt)
10.0.27
Fix:  Update the RewriteValve to perform pattern matching using dotall mode to avoid unexpected behaviour if the URL includes encoded line terminators. (markt)
Fix:  66276: Fix incorrect class cast when adding a descendant of HTTP/2 streams. (lihan)
Fix:  66281: Fix unexpected timeouts that may appear as client disconnections when using HTTP/2 and NIO2. (markt)
Fix:  Enforce the requirement of RFC 7230 onwards that a request with a malformed content-length header should always be rejected with a 400 response. (markt)
 
Jenkins 2.372
Improve the error message when running the controller on an unsupported Java version. (pull 7185)
Add a "Reset to default" button to reset update site url to default. (issue 69032)
Modernize update center check button. (pull 7183)
Modernize session termination button. (pull 7182)

Security Based Updates

OpenSSH 9.1
OpenSSH 9.1 was released on 2022-10-04. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html
Changes since OpenSSH 9.0: This release is focused on bug fixing.