Stay Informed
This week, read about:
- Post-Quantum Cryptography Goes GA.
- AppArmor 4.0 alpha1 Released.
- SSL/TLS Certificate Rotation Without Restarts in NGINX Open Source.
- JDK 21 Security Enhancements.
- Red Hat Enterprise Linux 10 Plans For Wayland and Xorg Serve.
- 15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack.
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
OpenLogic’s Enterprise Linux Team has recently published the following updates:
- CVE-2023-0286
- CentOS 6
- openssl-1.0.1e-58_ol003.el6
- CentOS 6
- CVE-2022-28390
- CentOS 6
- kernel-2.6.32-754.35.1_ol006
- CentOS 6
- CVE-2022-25236
- CentOS 8
- expat-2.2.5-4_ol001.el8
- CentOS 8
- CVE-2022-28390
- CentOS 8
- kernel-4.18.0-348.7.1_ol002.el8_5
- CentOS 8
We recommend that you update your CentOS 8 systems to protect against this vulnerability.
- CVE-2021-4157
- CentOS 8
- kernel-4.18.0-348.7.1_ol001.el8_5
- CentOS 8
CentOS - tzdata-2023c-1_ol001.el6
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Apache Spark 3.4.2
Notable changes
[SPARK-42784]: should still create subDir when the number of subDir in merge dir is less than conf
[SPARK-43203]: Fix DROP table behavior in session catalog
[SPARK-43393]: Address sequence expression overflow bug
[SPARK-44040]: Fix compute stats when AggregateExec node above QueryStageExec
[SPARK-44079]: Fix ArrayIndexOutOfBoundsException when parse array as struct using PERMISSIVE mode with corrupt record
[SPARK-44134]: Fix setting resources (GPU/FPGA) to 0 when they are set in spark-defaults.conf
[SPARK-44136]: Fixed an issue that StateManager may get materialized in executor instead of driver in FlatMapGroupsWithStateExec
[SPARK-44142]: Replace type with tpe in utility to convert python types to spark types
[SPARK-44180]: DistributionAndOrderingUtils should apply ResolveTimeZone
[SPARK-44206]: DataSet.selectExpr scope Session.active
[SPARK-44215]: If num chunks are 0, then server should throw a RuntimeException
[SPARK-44241]: Mistakenly set io.connectionTimeout/connectionCreationTimeout to zero or negative will cause incessant executor cons/destructions
[SPARK-44251]: Set nullable correctly on coalesced join key in full outer USING join
[SPARK-44313]: Fix generated column expression validation when there is a char/varchar column in the schema
[SPARK-44391]: Check the number of argument types in InvokeLike
[SPARK-44464]: Fix applyInPandasWithStatePythonRunner to output rows that have Null as first column value
[SPARK-44479]: Fix protobuf conversion from an empty struct type
[SPARK-44547]: Ignore fallback storage for cached RDD migration
[SPARK-44581]: Fix the bug that ShutdownHookManager gets wrong UGI from SecurityManager of ApplicationMaster
[SPARK-44588]: Fix double encryption issue for migrated shuffle blocks
[SPARK-44630]: Revert “[SPARK-43043] Improve the performance of MapOutputTracker.updateMapOutput”
[SPARK-44634]: Encoders.bean does no longer support nested beans with type arguments
[SPARK-44641]: Incorrect result in certain scenarios when SPJ is not triggered
[SPARK-44653]: Non-trivial DataFrame unions should not break caching
[SPARK-44657]: Fix incorrect limit handling in ArrowBatchWithSchemaIterator and config parsing of CONNECT_GRPC_ARROW_MAX_BATCH_SIZE
[SPARK-44805]: getBytes/getShorts/getInts/etc. should work in a column vector that has a dictionary
[SPARK-44840]: Make array_insert() 1-based for negative indexes
[SPARK-44846]: Convert the lower redundant Aggregate to Project in RemoveRedundantAggregates
[SPARK-44854]: Python timedelta to DayTimeIntervalType edge case bug
[SPARK-44857]: Fix getBaseURI error in Spark Worker LogPage UI buttons
[SPARK-44859]: Fix incorrect property name in structured streaming doc
[SPARK-44871]: Fix percentile_disc behaviour
[SPARK-44910]: Encoders.bean does not support superclasses with generic type arguments
[SPARK-44920]: Use await() instead of awaitUninterruptibly() in TransportClientFactory.createClient()
[SPARK-44925]: K8s default service token file should not be materialized into token
[SPARK-44935]: Fix RELEASE file to have the correct information in Docker images if exists
[SPARK-44937]: Mark connection as timedOut in TransportClient.close
[SPARK-44940]: Improve performance of JSON parsing when “spark.sql.json.enablePartialResults” is enabled
[SPARK-44973]: Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-44990]: Reduce the frequency of get spark.sql.legacy.nullValueWrittenAsQuotedEmptyStringCsv
[SPARK-45054]: HiveExternalCatalog.listPartitions should restore partition statistics
[SPARK-45057]: Avoid acquire read lock when keepReadLock is false
[SPARK-45071]: Optimize the processing speed of BinaryArithmetic#dataType when processing multi-column data
[SPARK-45075]: Fix alter table with invalid default value will not report error
[SPARK-45078]: Fix array_insert ImplicitCastInputTypes not work
[SPARK-45079]: Fix an internal error from percentile_approx()on NULL accuracy
[SPARK-45081]: Encoders.bean does no longer work with read-only properties
[SPARK-45100]: Fix an internal error from reflect()on NULL class and method
[SPARK-45109]: Fix log function in Connect
[SPARK-45187]: Fix WorkerPage to use the same pattern for logPage urls
[SPARK-45227]: Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend
[SPARK-45282]: Correctness issue in AQE with InMemoryTableScanExec
[SPARK-45389]: Correct MetaException matching rule on getting partition metadata
[SPARK-45430]: Fix for FramelessOffsetWindowFunction when IGNORE NULLS and offset > rowCount
[SPARK-45433]: Fix CSV/JSON schema inference when timestamps do not match specified timestampFormat
[SPARK-45473]: Fix incorrect error message for RoundBase
[SPARK-45508]: Add “–add-opens=java.base/jdk.internal.ref=ALL-UNNAMED” so Platform can access Cleaner on Java 9+
[SPARK-45592]: Correctness issue in AQE with InMemoryTableScanExec
[SPARK-45604]: Add LogicalType checking on INT64 -> DateTime conversion on Parquet Vectorized Reader
[SPARK-45652]: SPJ: Handle empty input partitions after dynamic filtering
[SPARK-45670]: SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45678]: Cover BufferReleasingInputStream.available/reset under tryOrFetchFailedException
[SPARK-45749]: Fix Spark History Server to sort Duration column properly
[SPARK-45786]: Fix inaccurate Decimal multiplication and division results
[SPARK-45814]: Make ArrowConverters.createEmptyArrowBatch call close() to avoid memory leak
[SPARK-45882]: BroadcastHashJoinExec propagate partitioning should respect CoalescedHashPartitioning
[SPARK-45896]: Construct ValidateExternalType with the correct expected type
[SPARK-45920]: group by ordinal should be idempotent
[SPARK-46006]: YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46012]: EventLogFileReader should not read rolling logs if app status file is missing
[SPARK-46062]: Sync the isStreaming flag between CTE definition and reference
[SPARK-46064]: Move out EliminateEventTimeWatermark to the analyzer and change to only take effect on resolved child
Dependency Changes
While being a maintenance release we did still upgrade some dependencies in this release they are:
[SPARK-44415]: Upgrade snappy-java to 1.1.10.2
[SPARK-44513]: Upgrade snappy-java to 1.1.10.3
[SPARK-45103]: Update ORC to 1.8.5
[SPARK-45884]: Update ORC to 1.8.6
- Refine build status icons. (pull 8705)
- FIPS mode now requires a minimum of 14 characters for a password. (pull 8694)
- Allow configuration of disk thresholds globally and for each agent. Improve warning when disk space is too low. Ensure agents are taken offline when disk space is low. (issue 72009)
- Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production. (pull 8714)
- Add support for Unix domain sockets. (pull 442 (packaging))
Keycloack 23.0.1
#23841 Users page with LDAP User Storage Provider Cannot read properties of undefined admin/ui
#23872 Attempt to request storage access in Firefox oidc
#24261 „Unlink users“-Option greyed out in ldap federation admin/ui
#24958 Error handling in admin console when update of user fails due the 400 HTTP error code admin/ui
#24961 Keycloak not able to handle multiple validating X509 certificates when public key are the same saml
#24984 Operator is missing CRDs metadata in CSV operator
#25008 Group search when creating user admin/ui
#25022 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token idc
Node.js 21.4.0
Notable Changes
This release fixes a regression introduced in v21.3.0 that caused the fs.writeFileSync method to throw when called with 'utf8' encoding, no flag option, and if the target file didn't exist yet.
- [32acafeeb6] - (SEMVER-MINOR) fs: introduce dirent.parentPath (Antoine du Hamel) #50976
- [724548674d] - fs: use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) #50990
Commits
- [b24ee15fb2] - benchmark: update iterations in benchmark/crypto/hkdf.js (Lei Shi) #50866
- [f79b54e60e] - benchmark: update iterations in benchmark/crypto/get-ciphers.js (Lei Shi) #50863
- [dc049acbbb] - benchmark: update number of iterations for util.inspect (kylo5aby) #50651
- [d7c562ae38] - deps: update googletest to 76bb2af (Node.js GitHub Bot) #50555
- [59a45ddbef] - deps: update googletest to b10fad3 (Node.js GitHub Bot) #50555
- [099ebdb781] - deps: update undici to 5.28.1 (Node.js GitHub Bot) #50975
- [4b1bed04f7] - deps: update undici to 5.28.0 (Node.js GitHub Bot) #50915
- [b281e98b1e] - doc: add additional details about --input-type (Shubham Pandey) #50796
- [b7036f2028] - doc: add procedure when CVEs don't get published (Rafael Gonzaga) #50945
- [7adf239af0] - doc: fix some errors in esm resolution algorithms (Christopher Jeffrey (JJ)) #50898
- [759ebcaead] - doc: reserve 121 for Electron 29 (Shelley Vohr) #50957
- [cedc3427fa] - doc: run license-builder (github-actions[bot]) #50926
- [30a6f19769] - doc: document non-node_modules-only runtime deprecation (Joyee Cheung) #50748
- [eecab883f0] - doc: add doc for Unix abstract socket (theanarkh) #50904
- [ec74b93b38] - doc: remove flicker on page load on dark theme (Dima Demakov) #50942
- [724548674d] - fs: use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) #50990
- [32acafeeb6] - (SEMVER-MINOR) fs: introduce dirent.parentPath (Antoine du Hamel) #50976
- [c1ee506454] - fs: remove workaround for esm package (Yagiz Nizipli) #50907
- [1cf087dfb3] - lib: refactor to use validateFunction in diagnostics_channel (Deokjin Kim) #50955
- [c37d18d5e1] - lib: streamline process.binding() handling (Joyee Cheung) #50773
- [246cf73631] - lib,src: replace toUSVString with toWellFormed() (Yagiz Nizipli) #47342
- [9bc79173a0] - loader: speed up line length calc used by moduleProvider (Mudit) #50969
- [812ab9e4f8] - meta: bump step-security/harden-runner from 2.6.0 to 2.6.1 (dependabot[bot]) #50999
- [1dbe1af19a] - meta: bump github/codeql-action from 2.22.5 to 2.22.8 (dependabot[bot]) #50998
- [bed1b93f8a] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #50931
- [1e7d101428] - src: make ModifyCodeGenerationFromStrings more robust (Joyee Cheung) #50763
- [709ac479eb] - src: disable uncaught exception abortion for ESM syntax detection (Yagiz Nizipli) #50987
- [f6ff11c9f9] - src: fix backtrace with tail [[noreturn]] abort (Chengzhong Wu) #50849
- [74f5a1cbc9] - src: print MKSNAPSHOT debug logs to stderr (Joyee Cheung) #50759
- [3a1c664a97] - test: replace forEach to for.. test-webcrypto-export-import-cfrg.js (Angelo Parziale) #50785
- [ac3a6eefe3] - test: log more information in SEA tests (Joyee Cheung) #50759
- [94462d42f5] - test: consolidate utf8 text fixtures in tests (Joyee Cheung) #50732
- [8e1a70a347] - tools: add triggers to update release links workflow (Moshe Atlow) #50974
- [ca10cbb774] - tools: update lint-md-dependencies to rollup@4.5.2 (Node.js GitHub Bot) #50913
- [1e40c4a366] - tools: fix current version check (Marco Ippolito) #50951
- [3faed331e1] - typings: fix JSDoc in internal/modules/esm/hooks (Alex Yang) #50887
- [6a087ceffa] - url: throw error if argument length of revokeObjectURL is 0 (DylanTet) #50433
Janusgraph 1.0.0
Notable new features
- Upgrade to TinkerPop 3.7.0
- Support for Cassandra 4
- (Official) support for Java 11
- Cache performance improvements
- Upgrade to Log4j2
- Use mixed indices for numeric aggregations (min(), max(), mean(), sum())
- Support TEXTSTRING mapping in Solr
- New graph API to evaluate Gremlin scripts if JanusGraph is used embedded
- ConfiguredGraphFactory can now create different indexes for different graphs in Elasticsearch
- Add management API to remove ghost vertices
- Add possibility to remove stale graph index entries
- Improved support for Geoshapes in GraphBinary
- Remove dependency on cassandra-all
- Support TTL for CQL backend on Amazon Managed KeySpace
- Improved index life-cycle. Better index management, possibility to remove indexes.
- Support for ElasticSearch 8
- Possibility to use dedicated ScyllaDB driver when JanusGraph is used embedded
- Possibility to explicitly remove configuration options
- Possibility to use ASCI String for vertex ids
- CQL storage layer transitioned to asynchronous calls instead of a thread pool
- Enhanced CQL storage parallelism for queries using multiple slices in the same step (multiple edge labels or multiple property keys)
- Retrieval of SINGLE properties is now grouped in CQL queries (by default up to 20 properties for a single vertex)
- Added possibility to group CQL queries for different vertices stored on the same token ranges or same replica sets
- Improved batch-query (multiQuery) capabilities. Enhanced parent steps usage. Added batch-query optimisation to almost all execution steps (exception: ‘match’ step).
- Added possibility to improve parallelism for storage layer implementations by supporting multi-slice and multi-key parallelism