Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Cassandra 4.0.11                
* Revert CASSANDRA-16718 (CASSANDRA-18560)                
* Upgrade snappy to (CASSANDRA-18608)                
* Fix assertion error when describing mv as table (CASSANDRA-18596)                
* Track the amount of read data per row (CASSANDRA-18513)                
* Fix Down nodes counter in nodetool describecluster (CASSANDRA-18512)                
* Remove unnecessary shuffling of GossipDigests in Gossiper#makeRandomGossipDigest (CASSANDRA-18546)

Merged from 3.11:                
* Fix CAST function for float to decimal (CASSANDRA-18647)                
* Suppress CVE-2022-45688 (CASSANDRA-18643)                
* Remove unrepaired SSTables from garbage collection when only_purge_repaired_tombstones is true (CASSANDRA-14204)                
* Wait for live endpoints in gossip waiting to settle (CASSANDRA-18543)                
* Fix error message handling when trying to use CLUSTERING ORDER with non-clustering column (CASSANDRA-17818                
* Add keyspace and table name to exception message during ColumnSubselection deserialization (CASSANDRA-18346)

Merged from 3.0:                
* Suppress CVE-2023-34462 (CASSANDRA-18649)                
* Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555)                
* Suppress CVE-2023-35116 (CASSANDRA-18630)                
* Pass taskId from CompactionTask to system.compaction_history (CASSANDRA-12183)                
* Backport CASSANDRA-10508: Remove hard-coded SSL cipher suites (CASSANDRA-18575)                
* Suppress CVE-2023-2976 (CASSANDRA-18562)                
* Remove dh_python use in Debian packaging (CASSANDRA-18558)

Kafka 3.5.1               
[KAFKA-15159] - Update minor dependencies in preparation for 3.5.1               
[KAFKA-15053] - Regression for security.protocol validation starting from 3.3.0               
[KAFKA-15080] - Fetcher's lag never set when partition is idle               
[KAFKA-15096] - CVE 2023-34455 - Vulnerability identified with Apache kafka               
[KAFKA-15098] - KRaft migration does not proceed and broker dies if is set               
[KAFKA-15114] - StorageTool help specifies user as parameter not name               
[KAFKA-15137] - Don't log the entire request in KRaftControllerChannelManager               
[KAFKA-15145] - AbstractWorkerSourceTask re-processes records filtered out by SMTs on retriable exceptions               
[KAFKA-15149] - Fix not sending UMR and LISR RPCs in dual-write mode when there are new partitions

Non-Security Based Updates

Artemis 2.30.0              
ARTEMIS-4184 - Bridges with concurrency not checked/cleared properly on config reload.              
ARTEMIS-4354 - Update the recovery XAResource underlying session.              
ARTEMIS-4310 - Smaller Container / Dockerfile based on Alpine.              
ARTEMIS-4366 - Addresses with multiple subscriptions are not working with Mirroring.              
ARTEMIS-4368 - ensure predictable order of subjects for accurate logging.              
ARTEMIS-4365 - MQTT retain flag not set correctly.              
ARTEMIS-4364 - Upgrade johnzon version to 1.2.21.              
ARTEMIS-4356 - address match with wildcards seems to be broken.              
ARTEMIS-4354 - Update the recovery XAResource underlying session.              
ARTEMIS-4351 - unnecessary web console logging on impatient jolokia client.              
ARTEMIS-4338 - STOMP inoperable w/resource audit logging enabled.              
ARTEMIS-4328 - Test can hang indefinitely.              
ARTEMIS-4322 - BundleFactory should use PrivilegedAction.              
ARTEMIS-4319 - Mitigate NPE in paging log statement.              
ARTEMIS-4315 - Incorrect validation for page-limit settings.              
ARTEMIS-4095 - OpenWire clients are unable to consume from mutlicast queue after 2nd paging

Zookeeper 3.9.0             
ZOOKEEPER-4718 - Removing unnecessary heap memory allocation in serialization can help reduce GC pressure.             
ZOOKEEPER-4719 - Use bouncycastle jdk18on instead of jdk15on.             
ZOOKEEPER-4717 - Cache serialize data in the request to avoid repeat serialize.             
ZOOKEEPER-4674 - C client tests don't pass on CI             
ZOOKEEPER-4599 - Upgrade Jetty to avoid CVE-2022-2048.             
ZOOKEEPER-4565 - Config watch path get truncated abnormally and fail chroot zookeeper client.             
ZOOKEEPER-4549 - ProviderRegistry may be repeatedly initialized.             
ZOOKEEPER-4537 - Race between SyncThread and CommitProcessor thread.             
ZOOKEEPER-4514 - ClientCnxnSocketNetty throwing NPE.             
ZOOKEEPER-4505 - CVE-2020-36518 - Upgrade jackson databind to             
ZOOKEEPER-4504 - ZKUtil#deleteRecursive causing deadlock in HDFS HA functionality.             
ZOOKEEPER-4494 - Fix error message format.             
ZOOKEEPER-4492 - Merge readOnly field into ConnectRequest and Response.             
ZOOKEEPER-4491 - Adding SSL support to Zktreeutil.             
ZOOKEEPER-4477 - Single Kerberos ticket renewal failure can prevent all future renewals since Java 9.             
ZOOKEEPER-4475 - Persistent recursive watcher got NodeChildrenChanged event.             
ZOOKEEPER-4472 - Support persistent watchers removing individually.             
ZOOKEEPER-4393 - Problem to connect to zookeeper in FIPS mode.             
ZOOKEEPER-4296 - NullPointerException when ClientCnxnSocketNetty is closed without being opened.             
ZOOKEEPER-4289 - Reduce the performance impact of Prometheus metrics.             
ZOOKEEPER-4026 - CREATE2 requests embeded in a MULTI request only get a regular CREATE response.             
ZOOKEEPER-3806 - TLS - dynamic loading for client trust/key store.             
ZOOKEEPER-3860 - Avoid reverse DNS lookup for hostname verification when hostnames are provided in the connection url.             
ZOOKEEPER-3652 - Improper synchronization in ClientCnxn.             
ZOOKEEPER-2108 - Compilation error in with GCC 4.7 or later.

Docker Compose 2.20.2            
Bug Fixes and Enhancements:            
*Added support for the depends_on.required attribute.            
*Fixed an issue where build tries to push unnamed service images.            
*Fixed a bug which meant the target secret path on Windows was not checked.            
*Fixed a bug resolving build context path for services using extends.file.

Wildfly 29.0.0           
New and Notable:           
During the WildFly 29 development cycle the WildFly contributors were heavily focused on bug fixing, plus a lot internal housekeeping that needed doing after all the recent work toward Jakarta EE 10. But we do have some new goodies:

  • It is now possible to secure the management console with WildFly’s native support for OpenID Connect.
  • You can use Galleon to add Keycloak’s SAML adapter to your WildFly installation using the new Keycloak SAML Adapter feature pack.
  • You can use Galleon to add MyFaces 4 support to your WildFly installation using the 1.0.0.Beta1 release of the new WildFly MyFaces feature pack. (Note that the feature pack is still a Beta.)
  • The elytron subsystem’s new Distributed Realm attribute ignore-unavailable-realms enables a user to switch to ignoring unavailable realms during search and continue searching in subsequent realms.

Bug Fixes:           
[WFLY-8718] - JDBC driver's xa-datasource-class vs. driver-xa-datasource-class-name in the datasources subsystem           
[WFLY-11173] - The JPADefinition.DEPLOY_INSTANCE ResourceDefinition is not correct           
[WFLY-12019] - Cannot remove a undertow server resource at one time           
[WFLY-12631] - Server doesn't start when DNS_PING is configured           
[WFLY-14387] - Resource adapters subsystem does not accept expression for wm-security attribute           
[WFLY-15358] - PolicyContextTestCase fails once Undertow extension no longer references PicketBox module           
[WFLY-15487] - wfly-25 security config missing support for picketbox "auth-module" impl of           
[WFLY-16013] - Discovery Group can't change from Socket binding to Jgroups cluster.           
[WFLY-16042] - WildFly basic tests started to fail on IBM JDK11           
[WFLY-16528] - JSFDeploymentProcessorTestCase fails with Faces 4           
[WFLY-16722] - ContextServiceImpl.getTransactionSetupProvider returns null when use-transaction-setup-provider=true           
[WFLY-17016] - todo-backend QS has outdated Readme instructions           
[WFLY-17169] - NPE in JSF BeanValidator.validate           
[WFLY-17349] - WebJPATestCase intermittently fails           
[WFLY-17563] - Restore *module.xml necessary for manual installation of different jsf implementations           
[WFLY-17699] - Elytron security tests fail since IBM JDK (IBM Semeru Runtime Certified Edition           
[WFLY-17704] - Broken formatting in the Getting Started Developing Applications Guide           
[WFLY-17783] - Intermittent failures in ReactiveMessagingKafkaUserApiTestCase           
[WFLY-17790] - Remove the package from testsuite/shared           
[WFLY-17899] - Asciidoc errors reported during build           
[WFLY-17921] - Add missing org.jboss.vfs to RESTEasy Spring deployments           
[WFLY-17939] - Update HostExcludesTestCase configuration to work with WF29           
[WFLY-17947] - todo-backend Readme OpenShift instructions results in a non-functional QS app           
[WFLY-17948] - todo-backend bootable jar Helm chart needs to be updated           
[WFLY-17950] - 28.0.0.SP1 Quickstart READMEs refer to 28.0.0.Final tag           
[WFLY-17953] - Do not use the JBoss Modules MavenResolver for resolving dependencies in tess           
[WFLY-17957] - EJB timer schedule increment 0 should be considered as single value           
[WFLY-17959] - OpenTelemetry is complaining about "java.lang.NoClassDefFoundError: sun/misc/Unsafe"           
[WFLY-17960] - LRA causes a failure in the ContextPropagationTestCase           
[WFLY-17961] - Spurious Micrometer error on shutdown           
[WFLY-17962] - Remove the ResteasyBootstrap listener from being registered in the AbstractRTSService           
[WFLY-17967] - MicroProfile LRA layer should depend on MicroProfile Config layer           
[WFLY-18002] - ExpirationMetaData.isExpired() test does not conform to logic in LocalScheduler           
[WFLY-18011] - Add java.base/ package to recommended client side JPMS settings           
[WFLY-18012] - The JaxrsIntegrationProcessor should not attempt to get the RESTEasy configuration when not a REST deployment.           
[WFLY-18014] - Missing EE API license entries from core; wrong Apache license URLs           
[WFLY-18021] - ee-security quickstart produce WFLYCTL0212: Duplicate resource           
[WFLY-18023] - @SessionScoped EJBs are replicating proxy placeholders unnecessarily           
[WFLY-18024] - CacheIdentity and IdentityContainer instances are replicating unnecessarily           
[WFLY-18026] - Configuration applied on ServerAdd shouldn't apply runtime changes on boot for the sub resources           
[WFLY-18036] - Marshalling optimizations are not getting applied to @SessionScoped @Stateful EJBs           
[WFLY-18038] - JGroups transport thread pool configuration is ignored           
[WFLY-18040] - EJB: make deployments share client context if only static interceptors are used           
[WFLY-18043] - WildFly BOMs don't build after WFLY-18018           
[WFLY-18046] - Quickstart Readme minor inconsistencies           
[WFLY-18050] - When provisioning additional feature packs together with wildfly's feature pack, the generated license.html is incorrect           
[WFLY-18065] - Distributed @SessionScoped @Stateful EJBs require excessive cache transactions per invocation           
[WFLY-18066] - ByteBufferMarshalledValue generates duplicate buffers during a single marshalling operation           
[WFLY-18068] - Quickstart archive contains redundant files           
[WFLY-18069] - Eliminate unnecessary buffer copy when writing an object with known size via ProtoStream           
[WFLY-18077] - Dependencies in the http-custom-mechanism should be provided           
[WFLY-18078] - Dependencies in the helloworld-ws quickstart should be provided           
[WFLY-18080] - Regular failures of FaultToleranceMicrometerIntegrationTestCase           
[WFLY-18081] - Custom appclient container yaml configuration with additional Messaging settings should be allowed           
[WFLY-18083] - Upgrade to Hibernate ORM release           
[WFLY-18084] - Galleon layers for micrometer and opentelemetry are not documented.           
[WFLY-18089] - Error creating a remote connector using ssl-context           
[WFLY-18090] - Update removed jboss.server.deploy.dir with jboss.server.content.dir           
[WFLY-18095] - Using affinity=primary-owner with a local-cache throws a ClassCastException           
[WFLY-18115] - Opentelemetry sampler-type cannot be configured correctly           
[WFLY-18117] - Messaging deployment descriptor doesn't parse entries correctly           
[WFLY-18128] - Incorrect licenses for some artifacts           
[WFLY-18134] - Angus Activation and Angus Mail should be private modules           
[WFLY-18137] - Concurrency TCK failure           
[WFLY-18141] - Several clustering-related modules should be private           
[WFLY-18150] - DistributableTimerService.getTimers() collection may omit timers during concurrent rescheduling process           
[WFLY-18155] - Can't build BOMs after switching Jakarta Faces implementation in WildFly           
[WFLY-18157] - Add Jakarta Faces API dep back to BOM           
[WFLY-18158] - Oracle JDBC driver deployed as deployment needs dependency on module           
[WFLY-18170] - Fix Faces 4.0 TCK failures           
[WFLY-18179] - Undertow configuration=handler/filter resource require redundant runtime steps           
[WFLY-18191] - Fix Faces 4.0 TCK failures + errors           
[WFLY-18196] - Various minor inconsistencies in QS Readme files           
[WFLY-18200] - Upgrade to Hibernate ORM 6.2.6.Final release           
[WFLY-18202] - WildFly 26-28 document logo url incorrect           
[WFLY-18206] - Typo preventing galleon state from being generated           
[WFLY-18208] - BouncyCastleModuleTestCase fails with Security Manager enabled           
[WFLY-18213] - asciidoctor-maven-plugin attribute sourceHighlighter should be source-highlighter           
[WFLY-18224] - ClassNotFoundException thrown when processing enums with annotations           
[WFLY-18230] - Several security subsystem resource require redundant runtime steps           
[WFLY-18246] - Upgrade jacoco from 0.8.7 to 0.8.10 and fix coverage reporting configuration           
[WFLY-18252] - Fix the Hibernate ElasticSearch tests to work with ElasticSearch 8.8.x           
[WFLY-18254] - NullPointerException during rebalance           
[WFLY-18256] - Line endings in license file are not changed to unix

Jenkins 2.415          
*Replace browser confirm with modal dialogs in many places.          
*Add last build status to job page.          
*Remove the rebuild plugin from the setup wizard plugin selection.          
*Estimate project duration accurately in more cases (regression in 2.407).          
*Developer: API for alert, confirm, prompt, modal and form dialogs          
*Remove long deprecated hudson.util.IOUtils#DIR_SEPARATOR, hudson.util.IOUtils#DIR_SEPARATOR_WINDOWS, hudson.util.IOUtils#DIR_SEPARATOR_UNIX, hudson.util.IOUtils#LINE_SEPARATOR, hudson.util.IOUtils#LINE_SEPARATOR_WINDOWS, and hudson.util.IOUtils#LINE_SEPARATOR_UNIX which are available from

Keycloak 22.0.1         
#10503 Revisit Pod-Template in Keycloak CR keycloak operator         
#15344 Support configurable custom Identity Providers keycloak         
#21626 [REG 21->22] Error messages on kc build keycloak dist/quarkus         
#17711 Accessibility/Clients List: Minor Issues keycloak admin/ui         
#21607 `keycloakCRName` and `realm` are no longer marked as required in KeycloakRealmImport CRD keycloak operator         
#21625 Version 22.0.0 not started in dev mode and build mode keycloak dist/quarkus         
#21629 Migration for 22.0.0 is missing from the documentation keycloak docs         
#21637 Broken links to quickstarts in documentation keycloak docs         
#21657 Account V3 Missing translate Refresh keycloak account/ui         
#21698 Keycloak is storing error events even if storing events is disabled keycloak storage         
#21733 Fixing broken JSON translation files keycloak admin/ui

Kubernetes 1.27.4        
Changes by Kind        

  • Fixes the alpha CloudDualStackNodeIPs feature.
  • Kubernetes is now built with Go 1.20.6

Bug or Regression:

  • Fix component status calling etcd health endpoint over http which exposed kubernetes to the risk of complete watch starvation and is inconsistent with other etcd probing done by kube-apiserver.
  • Fix cronjob controller handling of complex schedules, like "30 6-16/4 * * 1-5"
  • Fix deletion of non-admissible pods that are deleted during Kubelet restart
  • Fixed #118052: nodeAffinity on pods can change prior to scheduling gates being removed even when podSpec.affinity is nil in the initial spec, this matches the 1.28 behavior to allow consistent integrators to be written.
  • Fixed a performance issue where pods weren't created/deleted in parallel for a StatefulSet with podManagementPolicy: Parallel.
  • Fixed vSphere cloud provider not to skip detach volumes from nodes at kube-controller-startup.
  • Kubectl explain should correctly work for all resources
  • Only declare Job as finished after removing all Pod finalizers to avoid orphan Pods
  • The Daemonset controller creates replacements for terminal Pods, which can appear during VM preemptions or when using Pod finalizers
  • The pod_scheduling_duration_seconds metrics won't consider the time when a Pod fails PreEnqueue (like being gated).
  • This PR adds additional validation for endpoint ip configuration while iterating through queried endpoint list.
  • Updated cAdvisor to v0.47.2 - Fix metrics in cri-o when a container restarts

Node.js 20.5.0       
Notable Changes:       
[45be29d89f] - doc: add atlowChemi to collaborators       
[a316808136] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal       
[986b46a567] - fs: add a fast-path for readFileSync utf-8       
[0ef73ff6f0] - (SEMVER-MINOR) test_runner: add shards support

[eb0aba59b8] - bootstrap: use correct descriptor for Symbol.{dispose,asyncDispose}       
[e2d0195dcf] - bootstrap: hide experimental web globals with flag kNoBrowserGlobals       
[67a1018389] - build: do not pass target toolchain flags to host toolchain       
[7d843bb942] - child_process: use addAbortListener       
[4e08160f8c] - child_process: support Symbol.dispose       
[ef7728bf36] - deps: update nghttp2 to 1.55.1       
[1454f02499] - deps: update nghttp2 to 1.55.0       
[fa94debf46] - deps: update minimatch to 9.0.3       
[c73cfcc144] - deps: update acorn to 8.10.0       
[b7a076a052] - deps: V8: cherry-pick cb00db4dba6c       
[150e15536b] - deps: upgrade npm to 9.8.0       
[c47b2cbd35] - dgram: socket add asyncDispose       
[002ce31cca] - dgram: use addAbortListener       
[45be29d89f] - doc: add atlowChemi to collaborators       
[69b55d2261] - doc: fix ambiguity in and       
[caccb051c7] - doc: clarify transform._transform() callback argument logic       
[999ae0c8c3] - doc: fix copy node executable in Windows       
[7daefaeb44] - doc: drop <b> of v20 changelog       
[dd7ea3e1df] - doc: mention git node release prepare       
[cc7809df21] - esm: fix emit deprecation on legacy main resolve       
[67b13d1dba] - events: fix bug listenerCount don't compare wrapped listener       
[a316808136] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal       
[986b46a567] - fs: add a fast-path for readFileSync utf-8       
[e4333ac41f] - http2: use addAbortListener       
[4a0b66e4f9] - http2: send RST code 8 on AbortController signal       
[1295c76fce] - lib: use addAbortListener       
[dff6c25a36] - meta: bump actions/checkout from 3.5.2 to 3.5.3       
[b5cb69ceaa] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1       
[332e480b46] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0       
[25c5a0aaee] - meta: bump github/codeql-action from 2.3.6 to 2.20.1       
[6406f50ab1] - module: add SourceMap.lineLengths       
[cfa69bd48c] - net: server add asyncDispose       
[ac11264cc5] - net: use addAbortListener       
[82d6b13bf6] - permission: add debug log when inserting fs nodes       
[f4333b1cdd] - permission: v8.writeHeapSnapshot and       
[f691dca6c9] - readline: use addAbortListener       
[227e6bd898] - src: pass syscall on fs.readFileSync fail operation       
[a9a4b73653] - src: make BaseObject iteration order deterministic       
[d99ea4845a] - src: remove kEagerCompile for CompileFunction       
[df363d0010] - src: deduplicate X509 getter implementations       
[9cf2e1f55b] - src,lib: reducing C++ calls of esm legacy main resolve       
[daeb21dde9] - stream: fix deadlock when pipeing to full sink       
[5a382d02d6] - stream: use addAbortListener       
[6e82077dd4] - test: deflake test-net-throttle       
[d378b2c822] - test: move test-net-throttle to parallel       
[dfa0aee5bf] - Revert "test: remove test-crypto-keygen flaky designation"       
[0ef73ff6f0] - (SEMVER-MINOR) test_runner: add shards support       
[e2442bb7ef] - timers: support Symbol.dispose       
[4398ade426] - tools: run with Python 3

RabbitMQ 3.11.20     
Core Server      
Bug Fixes:      
*Fixed a potential resource leak in at-least-once dead lettering from quorum queues. 

CLI Tools      
*A new command, rabbitmqctl deactivate_free_disk_space_monitoring, can be used to (temporarily or permanently) disable      
free disk space monitoring on a node.      
To re-activate it, use rabbitmqctl activate_free_disk_space_monitoring.

AMQP 1.0 Plugin      
Bug Fixes:      
*AMQP 1.0 clients that try to publish in a way that results in the message not being routed      
anywhere are now notified with a more sensible settlement status.

Prometheus Plugin      
*Prometheus scraping API endpoints now support optional authentication.      
*The plugin now filters out values that are undefined or NaN, simply excludingthem from the API endpoint response.Previously, if a metric was not computed for any reason (e.g. free disk space monitor      
was disabled on the node), its value could end up being rendered as undefined or NaN,      
two values that Prometheus scrapers cannot handle (for numerical types such as gauges).      

Management Plugin      
Bug Fixes:      
*It was not possible to close a table column selection pane on      
screens that had little vertical space.

Sonatype Nexus Repository 3.58.1

  • Critical Fix for 3.57.0 and 3.58.0 Deployments Using Sonatype Repository Firewall (3.58.1)
  • This release fixes a critical bug that could allow users to unintentionally download quarantined components. The bug impacts 3.57.0 and 3.58.0 Sonatype Nexus Repository deployments using Sonatype Repository Firewall.

Bug Fixes:    
NEXUS-39766: Docker Subdomain connectors work with nGrok again as expected.    
NEXUS-39415: Added logging for and made Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems tasks configurable via the user interface.

Spring boot 3.1.2   
Bug Fixes:   
*Native reflection hints missing for nested properties declared in a superclass   
*Connecting to Mongo fails with an UnknownHostException when is configured   
*Auto-configured ExemplarSampler bean only backs off when a DefaultExemplarSampler is defined   
*OTel Span is missing required attributes #36423   
*Auto-configured JacksonJsonpMapper is conditional on an ObjectMapper bean but does not use such a bean   
*Application fails to start when @Importing a @ConfigurationProperties class that is eligible for constructor binding   
*Only one health group can be exposed using when using Jersey   
*Mongo auto-configuration fails when username or password properties contains a colon (:) or at-sign (@)   
*MockitoPostProcessor doesn't check FactoryBean.OBJECT_TYPE_ATTRIBUTE correctly   
*Saml2RelyingPartyRegistrationConfiguration can choose the wrong RelyingPartyRegistration.Builder when using a metadata file with multiple providers   
*ConfigurationPropertiesReportEndpoint does not display primitive wrapper types   
*ConfigurationPropertyName#equals is not symmetric when element has trailing dashes   
*ScheduledTasksEndpoint throws NPE if PeriodicTrigger is used with custom SchedulingConfigurer   
*Java system properties can not be applied to RestTemplate HttpClient connection in some cases   
*Excluding auto-configuration class that relates to a TemplateAvailabilityProvider causes property binding to fail for native images   
*When using Flyway 9.20.0, auto-configuration fails with a NoSuchMethodError due to the removal of Oracle-related methods from FluentConfiguration   
*Dependency management for Selenium 4.8.x is incorrect   
*Slice test annotations do not include SslAutoConfiguration   
*Methods in KafkaConnectionDetails are named inconsistently

Apache Solr 9.3.0  
Solr 9.3.0 Release Highlights:

  • The Lucene version used by Solr has been upgraded to 9.7.
  • Solr releases now have a slim variant, both for the binary release and the docker image.
    • The Slim variant is the same as the normal variant, except that it does not include Solr modules or the Prometheus exporter.
  • Vector Search
    • Added support for byte vector encoding in DenseVectorField and KnnQParser
    • High dimensional vectors are now supported in Solr
    • Solr can now take advantage of SIMD optimizations for Vector calculations, when run with Java 20 or 21.
    • A new "vectorSimilarity" function query has been added to calculate similarity scores for DenseVectorFields
  • Solr now provides an "Install Shard" API to allow users who have built (per-shard) indices offline to import them into SolrCloud shards.
  • Solr’s experimental "v2" API has seen a number of improvements in the 9.3 release.
    • It is now approaching parity with the functionality offered by Solr’s v1 API.
    • The v2 API as a whole is being redesigned to be more REST-ful and intuitive  
      See the Changelog and upgrade notes for information on which v2 APIs have backward-incompatible changes.
  • New APIs for MigrateReplicas and BalanceReplicas. These work out-of-the-box with the built-in PlacementPlugins.
    • The AffinityPlacementPlugin now supports co-location of shards between collections, using the "withCollectionShards" parameter.
  • Join Queries may handle equally sharded collections on both sides.
    • Collections shards should be collocated via AffinityPlacementPlugin.withCollectionShards
    • This operation doesn't support SplitShard
  • Unknown cores are no longer deleted by default when Solr starts. Use "solr.deleteUnknownCores=true" to use the previous behavior.
  • Warning: Solr cannot be used with Java 20 on MacOS with the Java Security Manager.  
    Please use the environment variable SOLR_SECURITY_MANAGER_ENABLED=false when running with Java 20 on MacOS.

Strimzi 0.36 
Main changes since 0.35 
This release contains the following new features and improvements:

  • Add support for Apache Kafka 3.4.1 and 3.5.0, and remove support for 3.3.1 and 3.3.2
  • Enable SCRAM-SHA authentication in KRaft mode (supported in Apache Kafka 3.5.0 and newer)
  • Add support for insecure flag in Maven artifacts in Kafka Connect Build
  • Improve Kafka rolling update to avoid rolling broker in log recovery
  • Added support for Kafka Exporter topic exclude and consumer group exclude parameters
  • Add support for Kafka node pools according to Strimzi Proposal #
  • Add support for Unidirectional Topic Operator according to Strimzi Proposal
  • Fixed ordering of JVM performance options

It also has several notable changes, deprecations, and removals:

  • From Strimzi 0.36.0 on, we support only Kubernetes 1.21 and newer.
  • Kubernetes 1.19 and 1.20 are not supported anymore.
  • Enabling the UseKRaft feature gate is now possible only together with the KafkaNodePools feature gate.
  • To deploy a Kafka cluster in the KRaft mode, you have to use the KafkaNodePool resources.
  • The Helm Chart repository at is now deprecated.
  • Please use the Helm Chart OCI artifacts from our Helm Chart OCI repository instead.
  • Option customClaimCheck of 'oauth' authentication which relies on JsonPath changed the handling of equal comparison against null as the behaviour was buggy and is now fixed in the updated version of JsonPath library OAuth

Gitlab 16.2.0

  • Added (176 changes)
  • Fixed (143 changes)
  • Changed (218 changes)
  • Deprecated (2 changes)
  • Removed (30 changes)
  • Security (17 changes)
  • Add authorization to the subscriptions group controller
  • Migrate resource_link_events to ghost users (merge request) GitLab Enterprise Edition
  • Revert 'security-leaked-ci-job-token-permission' from 'master'
  • Use fully qualified ref when loading code owner file
  • Increasing security for CI_JOB_TOKEN on public and internal projects
  • Remove approvals when the only commit gets amended
  • Maintainer can leak masked webhook secrets by manipulating URL masking
  • Adjust access to value stream create, edit and destroy actions
  • Add authorization validation to GithubController#failures action
  • Mitigate epic reference filter ReDOS
  • Sanitize user email addresses in admin confirm user dialog
  • Fix for fork permissions check in compare controller
  • Webhook token leaked in Sidekiq logs if log format is 'default'
  • Obfuscate email of service desk issue creator in issue REST API
  • Fixes typo on PrometheusClient concern
  • Fixes typo on Note model
  • Fixes typo on Ci::BuildTraceChunk
  • Performance (13 changes)
  • Other (92 changes)

View all OpenUpdate editions >