This week, read about:
- New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security.
- Two Open-Source Projects Vulnerable to ‘GitHub Environment Injection’.
- Google Will Now Pay Bounties for Open Source Software Bugs
Key Security, Maintenance, and Features Releases
Non-security Based Updates
Apache ActiveMQ 5.17.2
[AMQ-8520] - Default maven build does not build all modules
[AMQ-8597] - Active Consumers not being shown post Activmq 5.17.1 upgrade
[AMQ-8601] - UpdateVirtualDestinationsTask gives inaccurate log message saying "Removing virtual destination ... " after already applied the removal
[AMQ-8971] - ActiveMQ OSGI feature, activemq-client, using JMS 2.0 bundle, which fails resolution, from 5.16.3 on
Apache Cassandra 4.2
* Prevent a user from manually removing ephemeral snapshots (CASSANDRA-17757)
* Remove dependency on Maven Ant Tasks (CASSANDRA-17750)
* Update ASM(9.1 to 9.3), Mockito(1.10.10 to 1.12.13) and ByteBuddy(3.2.4 to 4.7.0) (CASSANDRA-17835)
* Add the ability for operators to loosen the definition of "empty" for edge cases (CASSANDRA-17842)
Hibernate ORM 5.6.11.Final
Thanks to Sanne Grinovero and Bernd Meisel an issue causing severe performance drops in large projects has been fixed (see HHH-15100).
Thanks to Ladislav Thon Hibernate 5.6.11 is now compatible with both Jandex 2.4 and 3.0.0 (see HHH-15466).
@NotFound and Hibernate Criteria
We have fixed a bug causing an exception when trying to select the id of an association annotated with @NotFound (see HHH-15425 and User guide).
Fix searchBar is null issue in setup wizard and when using custom Jenkins headers. (issue 69250)
Fix a potential FileAlreadyExistsException error on startup on systems with slow I/O. (issue 67624)
Add focus state in radio buttons. (issue 69398)
Developer: Temporarily restore compatibility with PowerMock-based tests (regression in 2.358). Support for PowerMock will be completely removed on or after June 1, 2023. (pull 7033)
[WFLY-15485] - OIDC client adapter doesn't work correct with Bearer-only
[WFLY-16377] - Remote Artemis queue connection requires createDurableQueue permission
[WFLY-16397] - clustered-ejb-timer: ORA-00923: FROM keyword not found where expected
[WFLY-16448] - Duplicate key in LocalDescriptions.properties file
jQuery 3.6.1 has been released! It’s been a while since our previous release. We were looking at fixing some elusive edge cases related to focus and blur, but we never quite got the fix right. If there’s any area of jQuery that’s hard to change, it’s likely related to focus somehow. We’re leaving those as-is for now and will address them in the future, especially since the changes may end up warranting a major version release. See gh-4856 and gh-4950 for more details.
Add (long overdue) support for RIGHT and FULL OUTER JOIN.
Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards.
Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses.
Added the sqlite3_db_name() interface.
- Regression Fix: Typo in manager ACL
- Bug 5186: noteDestinationsEnd check failed: transportWait
- Bug 5160: Test suite fails with -flto=auto
- Bug 3193 pt2: NTLM decoder truncating strings