Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Keycloak 21.1.2          
#20613 Avoid using user property mapper when resolving root user attributes keycloak          
#17165 Issue with "User-Initiated Action Lifespan" keycloak admin/ui          
#19080 Vulnerable packages and or dependencies found in keycloak 21.0.1 quarkus distribution keycloak dist/quarkus          
#19286 CVE-2022-1471 keycloak dependencies          
#19491 Cannot set initial password for new users when using a custom UserFederation keycloak          
#19689 SAML Encryption: Missing Support for keycloak saml          
#19835 Keycloak issues on edge and after chrome upgarde to 112 (with experimental features) keycloak oidc          
#19865 Enabling Dynamic Scope missing in UI keycloak admin/ui          
#19879 Incorrect function is used in 'keycloak-admin-client' library in getToken function keycloak adapter/javascript          
#19883 Saving client admin-cli in master realm gives a javascript error keycloak admin/ui          
#19966 Paginating on the group tree view doesn't work keycloak admin/ui          
#19974 Dropdown options on Documentation pointing to 21.1 endpoint instead of latest and throwing 404 when clicking on it. keycloak docs          
#19981 Keycloak 21.1.1: Paging and filtering not working in "Assign roles" popup for Groups keycloak admin/ui          
#19999 Keycloak 21.1.1: filter on Sessions gets stuck keycloak admin/ui          
#20032 Processing of env variable references in config file broken keycloak dist/quarkus          
#20068 LDAP Mapper Action Menu Error keycloak admin/ui          
#20087 Event-Type: "User info request error" does not work keycloak admin/ui          
#20096 Create new user UI: username is not marked with an asterisk keycloak admin/ui          
#20140 role filter has no effect on roles list keycloak admin/ui          
#20143 required fields don't show errors when user profile is enabled keycloak account/ui          
#20258 OTP devices are not shown in the admin UI keycloak admin/ui          
#20307 Test `InternationalizationTest` fails in CI keycloak testsuite          
#20370 Deleting a client scope in the Admin UI should redirect to the list of ClientScopes keycloak admin/ui          
#20379 SAML Protocol Mapper's NameIDFormat is null keycloak admin/ui          
#20515 Headers is not defined keycloak admin/client-js          
#20663 Fix for certificate revalidation keycloak 

Gitlab 16.1.1         
Security (12 changes):

  • Revert 'security-leaked-ci-job-token-permission-16-1' from '16-1' (merge request)
  • Use fully qualified ref when loading code owner file (merge request)
  • Maintainer can leak masked webhook secrets by manipulating URL masking (merge request)
  • Remove approvals when the only commit gets amended (merge request)
  • Add authorization validation to GithubController#failures action (merge request)
  • Fix for fork permissions check in compare controller (merge request)
  • Webhook token leaked in Sidekiq logs if log format is 'default' (merge request)
  • Mitigate epic reference filter ReDOS (merge request)
  • Increasing security for CI_JOB_TOKEN on public and internal projects (merge request)
  • Adjust access to value stream create, edit and destroy actions (merge request)
  • Sanitize user email addresses in admin confirm user dialog (merge request)
  • Obfuscate email of service desk issue creator in issue REST API (merge request)

Non-Security Based Updates

Angular 16.1.3        
Fix - expose input transform function on ComponentFactory and ComponentMirror        
Fix - support input transform functions        
Fix – wait until animation completion before destroying renderer

ActiveMQ 5.18.2       
[AMQ-9233] - NPE in SubQueueSelectorCacheBroker.removeConsumer       
[AMQ-9242] - activemq-partition module should not have a compile time dependency on log4j-slf4j2-impl       
[AMQ-9254] - KahaDB minor fix when db files may be larger than max length       
[AMQ-9262] - Composite consumers do not work properly with a network of brokers       
[AMQ-9283] - Memory leak on stomp transport when a client unsubscribe       
[AMQ-9285] - User is informed to inspect missing file during start-up       
New Feature       
[AMQ-8149] - Create Docker Image       
[AMQ-9243] - Remove deprecated jetty-continuation module from activemq-web       
[AMQ-9257] - Disabled expire message checking when pauseDispatch=true       
[AMQ-8150] - Support multiple OS and JDK docker image combinations       
[AMQ-9260] - Upgrade to maven-assembly-plugin 3.6.0       
[AMQ-9261] - Upgrade to maven-enforcer-plugin 3.3.0       
[AMQ-9263] - Upgrade to maven-compiler-plugin 3.11.0       
[AMQ-9264] - Upgrade to maven-javadoc-plugin 3.5.0       
[AMQ-9265] - Upgrade to maven-plugin-plugin 3.9.0       
[AMQ-9266] - Upgrade to maven-project-info-reports-plugin 3.4.5       
[AMQ-9267] - Upgrade to maven-release-plugin 3.0.1       
[AMQ-9268] - Upgrade to maven-source-plugin 3.3.0       
[AMQ-9269] - Upgrade to maven-surefire-plugin 3.1.2       
[AMQ-9270] - Upgrade to build-helper-maven-plugin 3.4.0       
[AMQ-9271] - Upgrade to dependency-check-maven 8.2.1       
[AMQ-9273] - Upgrade to maven-shade-plugin 3.4.1       
Dependency Upgrades:       
[AMQ-9245] - Upgrade to Spring 5.3.27       
[AMQ-9246] - Upgrade to jettison 1.5.4       
[AMQ-9272] - Upgrade to xbean 4.23       
[AMQ-9274] - Upgrade to jackson 2.15.2       
[AMQ-9275] - Upgrade to rome 2.1.0       
[AMQ-9276] - Upgrade to commons-daemon 1.3.4       
[AMQ-9280] - Upgrade to commons-io 2.13.0       
[AMQ-9284] - Update to Proton-J 0.34.1 and Qpid JMS 1.9.0       
[AMQ-9286] - Upgrade to Apache POM 30

Docker Compose Engine 2.19.1      

  • Dependencies upgrade: bump compose-go to v1.15.1

Bug Fixes and Enhancements:

  • Fixed sporadic “container not connected to network” errors on compose up.
  • Fixed “please specify build context” errors on compose build.
  • Compose now warns if using a bind mount in a service watch configuration.

Elasticsearch 8.8.2     
Bug Fixes     

  • Fix iteration of empty percentiles throwing Null Pointer Exception #96668 (issue: #96626)     


  • Uses ClusterSettings instead of Node Settings in HealthMetadataService #96843 (issue: #96219)     

Ingest Node:     

  • Support dotted field notations in the reroute processor #96243     

Machine Learning:  

  • Ensure NLP model inference queue is always cleared after shutdown or failure #96738     


  • Fix translation of queries involving Version vals #96540 (issue: #96509)    


  • Increase concurrent request of opening point-in-time #96782 


  • The get data stream api incorrectly prints warning log for upgraded tsdb data streams #96606     


  • Change rollup thread pool settings #96821 (issue: #96758)


  • Adding null check to fix potential NPE #96785 (issue: #96781)

Jenkins 2.412    
*Improve CSP compatibility.    
*Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files.    
*Improve CSP compatibility by removing inline JS event handlers.    
*Use CSS variables for logger colours.

Kibana 8.8.2   
Bug Fixes:  

  • Circuit breaker and performance improvements for service map #159883
  • Fixes the latency graph displaying all service transactions, rather than the selected one, on the transaction detail page #159085


  • Fixes styling of top nav bar #159754
  • Fixes alias redirect and update error handling #159742
  • Fixes time range regression #159337

Elastic Security:

  • For the Elastic Security 8.8.2 release information, refer to Elastic Security Solution Release Notes.

Enterprise Search:

  • For the Elastic Enterprise Search 8.8.2 release information, refer to Elastic Enterprise Search Documentation Release notes.


  • Fixes usage of AsyncLocalStorage for audit log #159807
  • Fixing issue of returning output API key #159179


  • Fixes log categorization UI failure due to an infinite loop #159090

Machine Learning:

  • Hiding pattern analysis button for non-time series data #160051
  • Fixes blocking forced downgrades/installation if indices can’t be deleted #159814


  • Fixes layer group loading indicator always on when group has non-visible layer #159517
  • Fixes geo line source not loading unless the Maps application is open #159432
  • Fixes Maps orphan sources on layer deletion #159067


  • Permanently hide the telemetry notice on dismissal #159893


  • Handle buildEsQuery error (such as leading wildcard) in status change #159891


  • Fixes global search crash on missing tag #159196
  • Fixes a regression where the "saved_object_resolve" audit action was not being logged per object #160014


  • Ensures that users can configure custom Content-Type headers for HTTP monitors in the Synthetics app #159737
  • Fixes an issue where alerting on Synthetics monitors was sometimes delayed #159511

Logstash 8.8.2 
Translate Filter - 3.4.2:

  • Fix JRuby 9.4 compatibility issue #98

Aws Integration - 7.1.4:

  • Fix use_aws_bundled_ca to use bundled ca certs per plugin level instead of global #33
  • Add an option use_aws_bundled_ca to use bundled ca certs that ships with AWS SDK to verify SSL peer certificates #32
  • Fix JRuby 9.4 compatibility issue #29

Jdbc Integration - 5.4.4:

  • Fix: adaptations for JRuby 9.4 #125

Rabbitmq Integration - 7.3.3:

  • Fix the cancellation flow to avoid multiple invocations of basic.cancel #55

Csv Output - 3.0.9:

  • Fix JRuby 9.4 compatibility issue #25

Elasticsearch Output - 11.15.8:

  • Fix a regression introduced in 11.14.0 which could prevent Logstash 8.8 from establishing a connection to Elasticsearch for Central Management and Monitoring core features #1141

Ansible AWX 22.4.0

  • Add subsystem metrics for the dispatcher
  • Remove unused settings and associated code
  • [dev docs] Re-document websockets infrastructure
  • Change logging setting for task analytic scheduler
  • Adding capability of pretty error pages
  • Updated sqlparse library
  • Spelling corrections in markdown files
  • Rename heartbeet daemon to ws_heartbeat
  • Related #13336 - DNS resolution is preventing awx_collection to work with http[s]_proxy
  • Add instance_group to bulk api
  • Use PATCH request when updating wf nodes
  • Adds managed_by_policy checkbox to instances form. Adds warnings when associating or disassociating instances from instance groups.
  • Adds missing rel="noopener noreferrer" to each link element with target="_blank"
  • Fix ovirt source
  • AAP-8038 - enable/disable services on reboot
  • Manually run subquery for parent event updates
  • Removes dependabot for opening ui dependency pr's
  • Apply only very conservative database connection reduction changes
  • Adds RTL tests to new component, and to Instances List
  • [rsyslog] Enable disk-assisted queuing on output
  • Send real client remote address in TACACS+ authentication packet
  • Fix /api/swagger endpoint (available only in development mode)
  • Update Mesh.js to allow for running AWX at non-root path (URL prefixing)
  • Add management command to precreate partitioned tables
  • Two silly internal cleanups
  • Generate random UUID by default for added remote nodes
  • Remove random UUIDs from swagger json
  • Fix : preserve hosts fails when there are no hosts
  • Awx.credential plugin.tss
  • Fix task_system logs twice
  • Rename/relocate receptor cert and keys
  • Remove whitespace artifacts from black with f-strings
  • Update Patternfly and related deps.
  • Remove install bundle download restriction
  • Changed pin of rsyslog version
  • Fix ARM builds
  • bugfix collection role module target_teams and instance_groups options
  • Lazy init VERSION vars in Makefile
  • Check for a list of all option instead of string b
  • Upgrade psycopg2 to psycopg3
  • Add dynamically configurable debug settings
  • Removed automatic failure of job template launch when last project update is failed and update on launch is enabled
  • Add AWS Secretsmanager plugin
  • Fix PR and issue labeler job permissions
  • Add new ANSIBLE_COLLECTIONS_PATH in preparation for deprecation of plural version
  • Fixed typo in integration test for group module
  • Rename work signing private key filename
  • Improve performance for awx cli export
  • Add None check back to get_post_fields
  • Fix for Save on the Jobs settings page not responding
  • In collection, give changed status in workflow_job_template when destroying nodes
  • Add instance_groups on resource_list_param_keys in awx_collection
  • Rename work signing private key filename
  • Add --interval to launch monitor command
  • Using execution_environment option in ad_hoc_command module
  • Tooling for running collection tests locally ad hoc
  • [wsrelay] Give connection tasks time to clean up
  • Remove reference to unmaintained runner image
  • Add example for ad_hoc_command module

View all OpenUpdate editions >