Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository                
OpenLogic’s Enterprise Linux Team has recently published the following updates:

We recommend that you update your CentOS 8 systems to protect against this vulnerability. As usual, please ensure that you test these updates before deploying to production.

If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

Zookeeper 3.9.0        
ZOOKEEPER-2108 - Compilation error in with GCC 4.7 or later        
ZOOKEEPER-3652 - Improper synchronization in ClientCnxn        
ZOOKEEPER-3908 - zktreeutil multiple issues        
ZOOKEEPER-3996 - Flaky test: ReadOnlyModeTest.testConnectionEvents        
ZOOKEEPER-4026 - CREATE2 requests embeded in a MULTI request only get a regular CREATE response        
ZOOKEEPER-4296 - NullPointerException when ClientCnxnSocketNetty is closed without being opened        
ZOOKEEPER-4308 - Flaky test: EagerACLFilterTest.testSetDataFail        
ZOOKEEPER-4393 - Problem to connect to zookeeper in FIPS mode        
ZOOKEEPER-4466 - Support different watch modes on same path        
ZOOKEEPER-4471 - Remove WatcherType.Children break persistent watcher's child events        
ZOOKEEPER-4473 - zooInspector create root node fail with path validate        
ZOOKEEPER-4475 - Persistent recursive watcher got NodeChildrenChanged event        
ZOOKEEPER-4477 - Single Kerberos ticket renewal failure can prevent all future renewals since Java 9        
ZOOKEEPER-4504 - ZKUtil#deleteRecursive causing deadlock in HDFS HA functionality        
ZOOKEEPER-4505 - CVE-2020-36518 - Upgrade jackson databind to        
ZOOKEEPER-4511 - Flaky test: FileTxnSnapLogMetricsTest.testFileTxnSnapLogMetrics        
ZOOKEEPER-4514 - ClientCnxnSocketNetty throwing NPE        
ZOOKEEPER-4515 - ZK Cli quit command always logs error        
ZOOKEEPER-4537 - Race between SyncThread and CommitProcessor thread        
ZOOKEEPER-4549 - ProviderRegistry may be repeatedly initialized        
ZOOKEEPER-4565 - Config watch path get truncated abnormally and fail chroot zookeeper client        
ZOOKEEPER-4647 - Tests don't pass on JDK20 because we try to mock InetAddress        
ZOOKEEPER-4654 - Fix C client test compilation error in        
ZOOKEEPER-4674 - C client tests don't pass on CI        
ZOOKEEPER-4719 - Use bouncycastle jdk18on instead of jdk15on        
ZOOKEEPER-4721 - Upgrade OWASP Dependency Check to 8.3.1

New Features:        
ZOOKEEPER-4570 - Admin server API for taking snapshot and stream out the data        
ZOOKEEPER-4655 - Communicate the Zxid that triggered a WatchEvent to fire

ZOOKEEPER-3731 - Disable HTTP TRACE Method        
ZOOKEEPER-3806 - TLS - dynamic loading for client trust/key store        
ZOOKEEPER-3860 - Avoid reverse DNS lookup for hostname verification when hostnames are provided in the connection url        
ZOOKEEPER-4289 - Reduce the performance impact of Prometheus metrics        
ZOOKEEPER-4303 - ZooKeeperServerEmbedded could auto-assign and expose ports        
ZOOKEEPER-4464 - zooinspector display "Ephemeral Owner" in hex for easy match to jmx session        
ZOOKEEPER-4467 - Missing op code (addWatch) in Request.op2String        
ZOOKEEPER-4472 - Support persistent watchers removing individually        
ZOOKEEPER-4474 - ZooDefs.opNames is unused        
ZOOKEEPER-4490 - Publish Clover results to SonarQube        
ZOOKEEPER-4491 - Adding SSL support to Zktreeutil        
ZOOKEEPER-4492 - Merge readOnly field into ConnectRequest and Response        
ZOOKEEPER-4494 - Fix error message format        
ZOOKEEPER-4518 - remove useless log in the PrepRequestProcessor#pRequest method        
ZOOKEEPER-4519 - Testable interface should have a testableCloseSocket() method        
ZOOKEEPER-4529 - Upgrade netty to 4.1.76.Final        
ZOOKEEPER-4531 - Revert Netty TCNative change 
ZOOKEEPER-4551 - Do not log spammy stacktrace when a client closes its connection        
ZOOKEEPER-4566 - Create tool for recursive snapshot analysis        
ZOOKEEPER-4573 - Encapsulate request bytebuffer in Request        
ZOOKEEPER-4575 - ZooKeeperServer#processPacket take record instead of bytes        
ZOOKEEPER-4616 - Upgrade docker image for the dev enviroment to resolve CVEs        
ZOOKEEPER-4622 - Add Netty-TcNative OpenSSL Support        
ZOOKEEPER-4636 - Fix for AIX        
ZOOKEEPER-4657 - Publish SBOM artifacts        
ZOOKEEPER-4659 - Upgrade Commons CLI to 1.5.0 due to OWASP failing on 1.4 CVE-2021-37533        
ZOOKEEPER-4660 - Suppress false positive OWASP failure for CVE-2021-37533        
ZOOKEEPER-4661 - Upgrade Jackson Databind to for CVE-2022-42003 CVE-2022-42004        
ZOOKEEPER-4705 - Restrict GitHub merge button to allow squash commit only        
ZOOKEEPER-4717 - Cache serialize data in the request to avoid repeat serialize.        
ZOOKEEPER-4718 - Removing unnecessary heap memory allocation in serialization can help reduce GC pressure.

Gitlab Community 16.2.2       
Added (1 change):      
Add MR reviewers to BitBucketServer import to 16-2

Fixed (2 changes):      
Disable IAT verification by default       
Enable descendant_security_scans by default GitLab Enterprise Edition

Security (17 changes):       
Fix undefined method licenses for nil:NilClass bug (merge request)       
Fix undefined method page error in list dependencies (merge request)       
Add pagination for license scanning (merge request)       
Prevent leaking emails of newly created users (merge request)      
Added redirect to filtered params (merge request)       
Relocate PlantUML config and disable SVG support (merge request)       
Sanitize multiple hardlinks from import archives (merge request)       
Validates project path availability (merge request)       
Fix policy project assign (merge request)       
Fix bug where comments on files with incorrect sha breaks UI (merge request)       
Fix pipeline schedule authorization for protected branch/tag (merge request)       
Mitigate autolink filter ReDOS (merge request)       
Fix XSS vector in Web IDE (merge request)       
Mitigate project reference filter ReDOS (merge request)       
Add a stricter regex for the Harbor search param (merge request)       
Update pipeline user to the last policy MR author (merge request)       
Prohibit 40 character hex plus a hyphen if branch name is path (merge request)

Non-Security Based Updates

Jenkins 2.417      
* Small optimization in computer list.      
* Remove the treeview option for artifactList.      
* Remove a workaround that was only necessary for OpenJDK 11.0.16 and earlier.      
* Use new jenkins-button styling for 'expandableTextbox' button.      
* Log agent usage by job.      
* Make tab panes accessible via keyboard.      
* RPM users with a custom log directory no longer have a logrotate(8) configuration out-of-the-box. (RPM Remove System V initialization script)      
* Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.      
* Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing.      
* Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414).

MongoDB 7.0 (Upcoming)     
General Changes:    
*Cache Refresh Time Fields     
* Compound Wildcard Indexes     
* Large Change Stream Events     
* Store Application Data on Config Shards     
* User Roles System Variable     
* New Sharding Statistics for Chunk Migrations     
* New Slow Query Log Message     
* New Parameters

* Queryable Encryption General Availability     
* KMIP 1.0 and 1.1 Support     
* Backward-Incompatible Feature

MySQL 8.1    
Account Management Notes    
Audit Log Notes    
Binary Logging    
C API Notes    
Compilation Notes    
Component Notes    
Deprecation and Removal Notes    
IPv6 Support    
Logging Notes    
Performance Schema Notes    
Spatial Data Support    
SQL Syntax Notes    
Functionality Added or Changed    
Bugs Fixed

Ansible AWX 22.6.0   
*Refined release documentation   
*Restore pre-upgrade pg_notify notifcation behavior   
*Add organization column notification template list   
*HostMetricSummaryMonthly command + scheduled task   
*Upgrade django to 4.2.3   
*Migrate from django-redis to Django's built-in Redis caching support   
*Tell Makefile and that they are bash   
*Allow job_template collection module to set verbosity to 5   
*Changing how associations work in awx collection   
*Make dispatcher timeout use SIGUSR1, not SIGTERM   
*Small doc fixes for workflow and task manager   
*Wrap Django RedisCache to mute exceptions 
*Require pyyaml >= 6.0.1   
*Only push the production images for main repo   
*Remove License fields when SUBSCRIPTION_USAGE_MODEL is blank   
*Fix collection module docs for names, IDs, and named URLs   
*Remove host update code which can be non performant   
*Updating release process doc for operator hub instructions   
*Add missing trigger for failed-to-start nodes   
*Re-enable chdir to project sync to support project-local roles/coll…   
*Add a link to EE getting started guide   
*Explicitly turn off autocomplete for API login form   
*Fix docs link for controller versions >= 4.3   
*Only show the product version header when the requester is authenticated   
*Add support to collection for named urls   
*Simplifications for DependencyManager   
*Fix dependencies tag in PR labeler   
*Adds autoComplete attribute to forms that were missing it   
*Drop unused django-taggit dependency

Strimzi 0.36.1  
Important: Strimzi 0.36.1 supports only Kubernetes 1.21 and newer! Kubernetes versions 1.19 and 1.20 are not supported anymore since Strimzi 0.36.   
Important: Direct upgrade from Strimzi 0.22 or earlier is not supported anymore!  
*Support for Apache Kafka 3.5.1.  
*Fix Grafana Dashboards in the Helm Chart.  
*Fix issues with 2-node ZooKeeper deployment.  
*Documentation fixes.

View all OpenUpdate editions >