This week, read about:
- Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations.
- Operating Systems & Productivity Software Publishing Global Market Report 2022: Rapid Growth in Investments in Smart City Projects Driving Sector - ResearchAndMarkets.com.
- Capital One Joins Open Source Security Foundation.
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache Cassandra 4.0.5
- The config properties for setting the streaming throughput `stream_throughput_outbound_megabits_per_sec` and `inter_dc_stream_throughput_outbound_megabits_per_sec` were incorrectly interpreted as mebibits. This has been fixed by CASSANDRA-17243, so the values for these properties will now indicate a throughput ~4.6% lower than what was actually applied in previous versions. This also affects the setters and getters for these properties in the JMX MBean `org.apache.cassandra.db:type=StorageService` and the nodetool commands `set/getstreamthroughput` and `set/getinterdcstreamthroughput`.
- Before you upgrade, if you are using `cassandra.auth_bcrypt_gensalt_log2_rounds` property, confirm it is set to value lower than 31 otherwise Cassandra will fail to start. See CASSANDRA-9384 for further details. You also need to regenerate passwords for users for who the password was created while the above property was set to be more than 30 otherwise they will not be able to log in.
- As part of the Internode Messaging improvement work in CASSANDRA-15066, internode_send_buff_size_in_bytes and internode_recv_buff_size_in_bytes were renamed to internode_socket_send_buffer_size_in_bytes and internode_socket_receive_buffer_size_in_bytes. To support upgrades pre-4.0, we add backward compatibility and currently both old and new names should work. Cassandra 4.0.0 and Cassandra 4.0.1 work ONLY with the new names (They weren't updated in cassandra.yaml though).
Docker Compose 2.10.2
Properly respect DOCKER_TLS_VERIFY and DOCKER_CERT_PATH (#9792)
Improved Makefile for usage within docker/docker-ce-packaging (#9776)
Revert "Apply newly loaded envvars to DockerCli and APIClient" by @milas in #9792
Makefile: mutualize local and Dockerfile build opts by @crazy-max in #9776
Subtitles are now available for Disney+ in Picture-in-Picture.
Firefox now supports both the scroll-snap-stop property as well as re-snapping. You can use the scroll-snap-stop property's always and normal values to specify whether or not to pass the snap points, even when scrolling fast. Re-snapping tries to keep the last snap position after any content/layout changes.
The Firefox profiler can analyze power usage of a website (Apple M1 and Windows 11 only).
Fix the resize behavior of Execute Shell build steps. (issue 69320)
Allow agent processes to access the changed inbound agent connection URL (regression in 2.364). (issue 69370)
Restore focus state for checkboxes (regression in 2.361). (issue 69276)
Developer: Deprecate AdministrativeError. (pull 6987)
Developer: Upgrade Spring Security from 5.7.2 to 5.7.3. Spring Security 5.7.3 includes 19 fixes and improvements. (pull 6997, Spring Security 5.7.3 changelog)
PodSecurityPolicy is Removed, Pod Security Admission graduates to Stable
PodSecurityPolicy was initially deprecated in v1.21, and with the release of v1.25, it has been removed. The updates required to improve its usability would have introduced breaking changes, so it became necessary to remove it in favor of a more friendly replacement. That replacement is Pod Security Admission, which graduates to Stable with this release. If you are currently relying on PodSecurityPolicy, please follow the instructions for migration to Pod Security Admission.
Ephemeral Containers Graduate to Stable
Ephemeral Containers are containers that exist for only a limited time within an existing pod. This is particularly useful for troubleshooting when you need to examine another container but cannot use kubectl exec because that container has crashed or its image lacks debugging utilities. Ephemeral containers graduated to Beta in Kubernetes v1.23, and with this release, the feature graduates to Stable.
PostgreSQL JDBC Driver 42.5.0
fix: revert change in PR #1986 where float was aliased to float4 from float8. float now aliases to float8 PR #2598 fixes Issue #2597
Dave Cramer (5): fix: revert change in PR 2597 where float was aliased to float4 from float8. float now aliases to float8 (#259
ISC Bind 9.18.6
The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy (e.g. Red Hat Enterprise Linux 9). Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. [GL #3469]
Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. [GL #3461]