Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

GitLab Security Release: 15.10.1, 15.9.4, and 15.8.5       
Multiple CVEs and security defects have been fixed. It is recommended to upgrade as soon as possible.

Non-Security Based Updates

Camel 3.18.6      
[CAMEL-18980] - camel snmp - SNMP Ver1 trap does not work      
[CAMEL-19004] - XML IO DSL do not parse route configuration with XML namespace      
[CAMEL-19006] - XML IO DSL do not load templatedRoutes without XML namespace      
[CAMEL-19018] - camel-vertx-http: Headers may get erroneously duplicated      
[CAMEL-19031] - When camel saga do compensated, the saga route don't stop it still run the next task.      
[CAMEL-19034] - Camel-AWS2-S3: GetObject should preserve the metadata      
[CAMEL-19066] - Multicast EIP sets correlationId on original Exchange      
[CAMEL-19075] - camel-bean - Incorrect choice of overloaded method with several arguments, if one of them has brackets.      
[CAMEL-19081] - Start a route with aggregation fails due to NPE in AggregateProcessor      
[CAMEL-19098] - Possible performance issue invoking a bean method with a string parameter      
[CAMEL-19113] - Platform-http-vertx: consume with comma separated does not work      
[CAMEL-19150] - camel-olingo4: queryParams option of read method does not work      
[CAMEL-19151] - The 'ignoreInvalidEndpoint' option isn't relevant for a static URI for WireTap component      
[CAMEL-19158] - camel-core: ThrowExceptionProcessor may silently ignore exceptions in constructing the exception object      
[CAMEL-19162] - camel-ehcache - llegalStateException: Close not supported from UNINITIALIZED. When context.addRouteDefinition() called multiple times in route with Ehcache consumer      
[CAMEL-19169] - camel-olingo2: queryParams option of read method does not work      
[CAMEL-19174] - Jira component: duplicate messages with the new issues consumer      
[CAMEL-19198] - Dynamic Router EIP component does not evaluate filters by order of priority attribute      
[CAMEL-18636] - azure data lake component: authentication can not be configured using string properties      
[CAMEL-18967] - camel-platform-http-vertx: Improve handling of whether an HTTP request body is allowed or not      
[CAMEL-19078] - camel-platform-http-vertx: Allow response headers with empty values to be returned      
[CAMEL-19083] - camel-yaml-dsl: Add a doc section that links to the schema      
[CAMEL-19109] - camel-vertx-websocket: Consumer should avoid blocking the Vert.x event loop

Elasticsearch 8.7.0     
Bug Fixes     

  • Don’t create a new DoubleHistogram instance for empty buckets #92547
  • Fix: do not allow map key types other than String #88686 (issue: #66057)


  • Fallback to the actual shard size when forecast is not available #93461
  • Skip DiskThresholdMonitor when cluster state is not recovered #93699
  • Suppress response headers in AllocationActionMultiListener #93777 (issue: #93773)


  • Correctly remove domain from realm when rewriting Authentication for compatibility with node versions that don’t support domains #93276


  • Fix Security’s expression resolver to not remove unavailable but authorized names #92625


  • Deduplicate Heavy CCR Repository CS Requests #91398


  • Avoid NPE in Stateless Get/mGet #94164
  • Do not refresh all indices in TransportBulkAction #93417

Cluster Coordination:

  • Delay master task failure notifications until commit #92693 (issue: #92677)

Data streams:

  • Allow different filters per DataStream in a DataStreamAlias #92692 (issue: #92050)


  • Build index qualified name in cross cluster vector tile search #94574 (issue: #94557)
  • Check GeohexGrid bounds on geopoint using spherical coordinates #92460
  • Fix bug when clipping Geometry collections in vector tiles #93562


  • Take into account max_headroom in disk watermark calculations #93157 (issue: #93155)


  • Allow ILM step transition to the phase terminal step #91754
  • Avoiding BulkProcessor deadlock in ILMHistoryStore #91238 (issues: #68468, #50440)
  • Fixed changing only the forceMerge flag in SearchableSnapshotAction wouldn’t update the policy #93847
  • Preventing ILM and SLM runtime state from being stored in a snapshot #92252


  • Restore printing bootstrap checks as errors #93178 (issue: #93074)


  • Add jdk.internal.reflect permission to es codebase #92387 (issue: #92356)
  • Add checks for exception loops through suppressed exceptions only #93944 (issue: #93943)
  • Ensure one-shot wrappers release their delegates #92928
  • Fix InputStream#readAllBytes on InputStreamIndexInput #92680
  • Fix indices resolver for datemath with colon #92973
  • Make FilterStreamInput less trappy #92422


  • Ensure ordering of plugin initialization #93882 (issue: #93851)
  • Fix unclosed directory stream in ClassReaders #92890 (issue: #92866)
  • Update the version of asm used by plugin scanner #92784 (issue: #92782)


  • [Rest Api Compatibility] Format response media type with parameters #92695


  • Fix NPE when method was called on an array type #91713 (issue: #87562)


  • Fix parse failures for ILM operator settings #94477 (issue: #94465)

Ingest Node:

  • Better names and types for ingest stats #93533 (issue: #80763)
  • Correctly handle an exception case for ingest failure #92455
  • Disable ingest-attachment logging #93878
  • Download the geoip databases only when needed #92335 (issue: #90673)
  • Forwarding simulate calls to ingest nodes #92171
  • Grok returns a list of matches for repeated pattern names #92092 #92586 (issue: #92092)
  • Handle a default/request pipeline and a final pipeline with minimal additional overhead #93329 (issues: #92843, #81244, #93118)
  • Ingest-attachment module tika dependency versions #93755
  • More accurate total ingest stats #91730 (issue: #91358)
  • Speed up ingest geoip processors #92372
  • Speed up ingest set and append processors #92395

Machine Learning:

  • Allocate trained models if zone awareness attributes not set #94128 (issue: #94123)
  • Fix data counts race condition when starting a datafeed #93324 (issue: #93298)
  • Fix tokenization bug when handling normalization in BERT and MPNet #92329
  • Free resources correctly when model loading is cancelled #92204
  • Stop the frequent_items aggregation reporting a subset when a superset exists #92239
  • Use long inference timeout at ingest #93731


  • Fix dynamic mapping detection for invalid dates #94115 (issue: #93888)
  • No length check for source-only keyword fields #93299 (issue: #9304)


  • Delay Connection#onRemoved while pending #92546
  • Fix fransport handshake starting before tls handshake completes #90534 (issue: #77999)
  • Protect NodeConnectionsService from stale conns #92558 (issue: #92029)


  • Disable recovery monitor before recovery start #93551 (issue: #93542)
  • Fix potential leak in RemoteRecoveryHandler #91802
  • Report recovered files as recovered from snapshot for fully mounted searchable snapshots #92976


  • Downsampling unmapped text fields #94387 (issue: #94346)
  • Propagate timestamp format and convert nanoseconds to milliseconds #94141 (issue: #94085)
  • Stop processing TransportDownsampleAction on failure #94624
  • Support downsampling of histogram as labels #93445 (issue: #93263)


  • Add null check for sort fields over collapse fields #94546 (issue: #94407)
  • Annotated highlighter does not match when search contains both annotation and annotated term #92920 (issue: #91944)
  • Clear field caps index responses on cancelled #93716 (issue: #93029)
  • Do not include frozen indices in PIT by default #94377
  • Fix NPE thrown by prefix query in strange scenarios #94369
  • Fix _id field fetch issue. #94528 (issue: #94515)
  • Fix metadata _size when it comes to stored fields extraction #94483 (issue: #94468)
  • Fix missing override for matches in ProfileWeight #92360
  • Nested path info shouldn’t be added during copy_to #93340 (issue: #93117)
  • Use all profiling events on startup #92087
  • Use keyword analyzer for untokenized fields in TermVectorsService #94518
  • [Profiling] Adjust handling of last data slice #94283
  • [Profiling] Ensure responses are only sent once #93692 (issue: #93691)
  • [Profiling] Handle response processing errors #93860


  • Fix unhandled exception when blobstore repository contains unexpected file #93914
  • Support for GCS proxies everywhere in the GCS API #92192 (issue: #91952)


  • Avoid capturing cluster state in TBbNA #92255


  • Fix synthetic _source for sparse _doc_count field #91769 (issue: #91731)

Task Management:

  • Fix context leak in list tasks API #93431 (issue: #93428)


  • Integrate "sourceHasChanged" call into failure handling and retry logic #92762 (issue: #92133)

Vector Search:

  • Fix maxScore calculation for kNN search #93875
  • Fix explain for kNN search matches #93876

FluentD 1.16.0    
#3961 in_tcp: Add send_keepalive_packet option    
#4025 buffer: backup broken file chunk    
#4027 Add warning messages for restoring buffer with flush_at_shutdown true    
#4028 Add logs for time period of restored buffer possibly broken    
Bug Fixes:    
#3987 http_server_helper: Fix format of log messages originating from Async gem    
#4034 #4043 Change to not generate a sigdump file after receiving a SIGTERM signal on non-Windows    
#4030 out_forward: fix error of ack handling conflict on stopping with require_ack_response enabled    
#4064 #4065 #4086 #4090 #4096 Fix problem that some system configs are not reflected    
#4091 Fix bug that the logger outputs some initial log messages without applying some settings such as format    
#4054 Windows: Fix a bug that the wrong log file is reopened with log rotate setting when flushing or graceful reloading    
#4081 Fix race condition of out_secondary_file    
#4087 Suppress warning using different secondary for out_secondary_file    
#4066 Fix value of system_config.workers at run_configure.    
Change argument type of Fluent::Plugin::Base::configure() to Fluent::Config::Element only.    
#4092 Fix bug that Fluentd sometimes tries to use an unavailable port and fails to start on Windows

Jenkins 2.397   
*Add missing Turkish translations for plugins management page. (pull 7767)   
*Add missing Turkish translations for tools management page. (pull 7762)   
*Don't remove id inside symbol. (issue 70730)   
*Fix "delete build" button text overflow. (issue 70809)   
*Bump spring-framework-bom from 5.3.25 to 5.3.26. (Spring framework BOM 5.3.26 *release notes, pull 7760)

nginx 1.23.4  
*Change: now TLSv1.3 protocol is enabled by default.  
*Change: now nginx issues a warning if protocol parameters of a listening socket are redefined.  
*Change: now nginx closes connections with lingering if pipelining was used by the client.  
*Feature: byte ranges support in the ngx_http_gzip_static_module.  
*Bugfix: port ranges in the "listen" directive did not work; the bug had appeared in 1.23.3.  
*Bugfix: incorrect location might be chosen to process a request if a prefix location longer than 255 characters was used in the configuration.  
*Bugfix: non-ASCII characters in file names on Windows were not supported by the ngx_http_autoindex_module, the ngx_http_dav_module, and the "include" directive.  
*Change: the logging level of the "data length too long", "length too short", "bad legacy version", "no shared signature algorithms", "bad digest length", "missing sigalgs extension", "encrypted length too long", "bad length", "bad key update", "mixed handshake and non handshake data", "ccs received early", "data between ccs and finished", "packet length too long", "too many warn alerts", "record too small", and "got a fin before a ccs" SSL errors has been lowered from "crit" to "info".  
*Bugfix: a socket leak might occur when using HTTP/2 and the "error_page" directive to redirect errors with code 400.  
*Bugfix: messages about logging to syslog errors did not contain information that the errors happened while logging to syslog.  
*Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng.  
*Bugfix: in the mail proxy server.

Ansible AWX 21.14.0 
*Use ansible-runner change to get periodic keep-alive messages in K8S by @AlanCoding in #13608 
*Change docker-clean build rule in Makefile by @jjwatt in #13604 
*Analytics: instance_info.json v1.3 by @slemrmartin in #13408 
*Fix Dockerfile collision between awx-kube-build and docker-compose-build by @TheRealHaoLiu in #13633 
*Automatically build image for feature branch by @TheRealHaoLiu in #13656 
*Fix analytics collector by @slemrmartin in #13663 
*Feature: add Bulk add host and bulk job launch by @jainnikhil30 in #13462 
*Update Makefile to account for being inside or outside of a container by @akus062381 in #13667 
*TestAutoScaling wait for process to stop by @fosterseth in #13677 
*Make docker-compose wait for pg to be ready by @fosterseth in #13670 
*Add scm_branch to inventory source and inventory update by @fosterseth in #13644 
*Fix migration name collision by @gamuniz in #13679 
*Fix for Issue Thycotic SSH Key Template #13384 by @tarunchy in #13427 
*Update inventory import to cancel on failure from cli. by @gamuniz in #13648 
*Update templates for feature removals by @AlanCoding in #13591 
*Add instance groups roles by @gamuniz in #13584 
*Adds support for a pseudolocalization and lang query params by @mabashian in #13661 
*Fix some survey tests were being skipped by @relrod in #13703 
*Turn off auto completion on the login form by @mabashian in #13471 
*Fix linting hint in awx/ui/src/constants.js by @Vaibhavg4651 in #13621 
*Match CodeMirror mode to value type on initialization by @marshmalien in #13708 
*Fix race with heartbeat and reaper logic by @gamuniz in #13713 
*Expose execution node var for playbook by @lucas-benedito in #13418 
*Add migration for new cyberark plugin names by @obaranov in #13692 
*Fixes bug where editing a node always defaulted to all convergence by @mabashian in #13693 
*Fix bug with manual type alias by @AlanCoding in #13671 
*Introducing tech preview of the new AWX UI by @TheRealHaoLiu in #13660 
*Update node affinity description by @fosterseth in #13741 
*Turn ui-next make targets non-PHONY by @TheRealHaoLiu in #13743 
*Fix automation analytics link in license page by @marshmalien in #13225 
*Don't use githubusercontent for containers.conf and podman-contianers.conf by @jainnikhil30 in #13705 
*Fixes #6556 Expose SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL by @Klaas- in #13641

View all OpenUpdate editions >