This week, read about:
- Hackers Had Access to LastPass’s Development Systems for Four Days.
- JFrog Collaborates with the Rust Foundation to Root-out Open Source Software Vulnerabilities.
- Linux Launches Foundation to Bolster Open-Source, Multi-Purpose Crypto Wallets.
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache Kafka 3.2.3
[KAFKA-14107] - Upgrade Jetty for CVE fixes
[KAFKA-14111] - Dynamic config update fails for "password" configs in KRaft
[KAFKA-14115] - Password configs are logged in plaintext in KRaft
[KAFKA-14136] - AlterConfigs in KRaft does not generate records for unchanged values
Apache Struts 6.0.3
[WW-5185] - TilesDefinition is not found and the request for a Struts action fails after an upgrade from Struts 2.5.30 to Struts 6.0.
[WW-5189] - Add missing struts-6.0.dtd
[WW-5190] - StackOverflowError when dispatching to JSP
[WW-5191] - template/simple/textarea.ftl not rendering parameters correctly
Docker Compose 2.11.0
Correctly capture exit code when service has dependencies by @laurazard in #9794
Fix down with --rmi by @ulyssessouza in #9715
Fix docker-compose convert that turns $ into $$ when using the --no-interpolate option by @BergLucas in #9703
patch: build.go access custom labels directly cause panic by @RiskyFeryansyahP in #9810
Fixed a bug making it impossible to use touch or a stylus to drag the scrollbar on pages (bug 1787361).
Fixed an issue causing some users to crash in out-of-memory conditions (bug 1774155).
Fixed an issue that would sometimes affect video & audio playback when loaded via a cross-origin iframe src attribute (bug 1781759).
Fixed an issue that would sometimes affect video & audio playback when served with Content-Security-Policy: sandbox (bug 1781063).
Community reported issues: 1×JENKINS-69526
Show recommended actions (e.g., to update affected plugins) in security warnings popup. (pull 7046)
Fix thread safety in websockets handling. (issue 69543)
Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. (#112249, @brianpursley) [SIG CLI]
Avoid propagating hosts' search . into containers' /etc/resolv.conf (#112204, @lucab) [SIG Network and Node]
Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112336, @enj) [SIG API Machinery and Auth]
Fix problem in updating VolumeAttached in node status (#112305, @xing-yang) [SIG Apps]
Update Add getExplicitLevel method to LoggerConfig. Fixes LOG4J2-3572. rgeors
Update Allow Plugins to be injected with the LoggerContext reference. Fixes LOG4J2-3589. rgoers
Update Allow PropertySources to be added. Fixes LOG4J2-3588. rgoers
Fix Generate new SSL certs for testing. Fixes LOG4J2-3578.
OGNL could throw IllegalArgumentException when invoking inherited method. #2609
returnInstanceForEmptyRow is not applied to constructor auto-mapping. #2665