Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases


Non-security Based Updates

Apache Kafka 3.2.3
[KAFKA-14107] - Upgrade Jetty for CVE fixes
[KAFKA-14111] - Dynamic config update fails for "password" configs in KRaft
[KAFKA-14115] - Password configs are logged in plaintext in KRaft
[KAFKA-14136] - AlterConfigs in KRaft does not generate records for unchanged values
 
Apache Struts 6.0.3
[WW-5185] - TilesDefinition is not found and the request for a Struts action fails after an upgrade from Struts 2.5.30 to Struts 6.0.
[WW-5189] - Add missing struts-6.0.dtd
[WW-5190] - StackOverflowError when dispatching to JSP
[WW-5191] - template/simple/textarea.ftl not rendering parameters correctly
 
Docker Compose 2.11.0
Correctly capture exit code when service has dependencies by @laurazard in #9794
Fix down with --rmi by @ulyssessouza in #9715
Fix docker-compose convert that turns $ into $$ when using the --no-interpolate option by @BergLucas in #9703
patch: build.go access custom labels directly cause panic by @RiskyFeryansyahP in #9810
 
Firefox 104.0.2
Fixed a bug making it impossible to use touch or a stylus to drag the scrollbar on pages (bug 1787361).
Fixed an issue causing some users to crash in out-of-memory conditions (bug 1774155).
Fixed an issue that would sometimes affect video & audio playback when loaded via a cross-origin iframe src attribute (bug 1781759).
Fixed an issue that would sometimes affect video & audio playback when served with Content-Security-Policy: sandbox (bug 1781063).
 
Jenkins 2.368
Community reported issues: 1×JENKINS-69526
Show recommended actions (e.g., to update affected plugins) in security warnings popup. (pull 7046)
Fix thread safety in websockets handling. (issue 69543)
 
Kubernetes 1.25.1
Adds back in unused flags on kubectl run command, which did not go through the required deprecation period before being removed. (#112249, @brianpursley) [SIG CLI]
Avoid propagating hosts' search . into containers' /etc/resolv.conf (#112204, @lucab) [SIG Network and Node]
Fix an ephemeral port exhaustion bug caused by improper connection management that occurred when a large number of objects were handled by kubectl while exec auth was in use. (#112336, @enj) [SIG API Machinery and Auth]
Fix problem in updating VolumeAttached in node status (#112305, @xing-yang) [SIG Apps]
 
Log4j 2.19.0
Update Add getExplicitLevel method to LoggerConfig. Fixes LOG4J2-3572.              rgeors
Update Allow Plugins to be injected with the LoggerContext reference. Fixes LOG4J2-3589.            rgoers
Update Allow PropertySources to be added. Fixes LOG4J2-3588. rgoers
Fix           Generate new SSL certs for testing. Fixes LOG4J2-3578.
 
MyBatis 3.5.11
OGNL could throw IllegalArgumentException when invoking inherited method. #2609
returnInstanceForEmptyRow is not applied to constructor auto-mapping. #2665

View all OpenUpdate editions >