This week, read about:
- The latest releases of OpenJDK 8, 11, and 17 are now available on OpenLogic's website.
- GitLab 'Strongly Recommends' Patching Max Severity Flaw ASAP.
- Azure Linux Released at Build – Where Microsoft Revealed Why it Did Not Fork Fedora.
- Podman Desktop 1.0 Released: A Challenge to Docker Desktop.
- Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims.
- Patch the Cloud Native Development Talent Gap with Platform Engineering.
- Patching CentOS: What You Need to Know.
- PyTorch 2.0: Our Next Generation Release That Is Faster, More Pythonic and Dynamic As Ever.
OpenLogic Cloud Image Releases:
Rocky Linux 9.2
Key Security, Maintenance, and Features Releases
Security Based Updates
Fix arbitary file read via filename param (merge request)
Non-Security Based Updates
fix: adds missing symbols for animation standalone bundling test.
fix: fix Self flag inside embedded views with custom injectors.
fix - 199ff4fe7f host directives incorrectly validating aliased bindings.
fix: create macrotask during request handling instead of load start (#50406)
CAMEL-19371 RedeliveryErrorHandler's suppressed exceptions cause memory leak and logging issue
CAMEL-19345 KameletDiscoveryTest fails to find routeTemplate
CAMEL-19342 Rest Inline Routes mixed with direct routes.
CAMEL-19339 karaf - ConnectionFactory not found when use camel-activemq
CAMEL-19314 camel-aws - Connection pool shutdown when aws health checks are used
CAMEL-19298 Snmp: version 3 is not supported for several actions for the component
CAMEL-19296 Unable to init camel file with JBang for multi dot file name suffix - eg 'foo.camel.xml'
CAMEL-19293 camel-spring-ldap - base is set twice when using SB AutoConfiguration
CAMEL-19281 Aws2- healthchecks not closing resources for awsClient
CAMEL-19095 Camel Karaf using buggy Saxon bundle with wrong imports
CAMEL-18985 camel-kafka: messages are getting lost with "breakOnFirstError"
Dependency Upgrades (3):
CAMEL-19372 camel-spring-boot - Upgrade to 2.7.12
CAMEL-19351 camel-jackson - Upgrade to 2.14.3
CAMEL-19301 camel-jbang - Upgrade to hawtio 2.17.2
CAMEL-19370 camel-jbang - Make it possible to show full url for very long endpoints
CAMEL-19366 camel-core - Trigger reload via dev console make it async
CAMEL-19361 camel-jbang - Parse trait.camel.apache.org/camel.properties from KameletBinding:
CAMEL-19360 camel-jbang - Export a set of files
CAMEL-19357 camel-jbang - Use a vertx task for tasks to avoid blocking io thread
CAMEL-19352 Improve camel-mybatis documentation
CAMEL-19333 ensure cxf springboot autoconfiguration works OOTB in camel-cxf Springboot Starters:
CAMEL-19326 camel-jbang - Register reload services eager
CAMEL-19324 Be able to convert all elements from CXF MessageContentsList.class to String.class if not in "CXF Context"
CAMEL-19322 camel-jbang - Source Dir to support application.properties
CAMEL-19313 camel-jbang - Provide a way to append Maven repository provided from command-line to the one provided in configuration
CAMEL-19306 camel-jbang - Allow to load yaml files with beans only
CAMEL-19302 Use filename to generate id of route when creating Camel file in XML DSL with Camel JBang
CAMEL-17652 camel-minio - Auto create bucket should not be done in endpoint
New Features (5):
CAMEL-19344 camel-jbang - Reload to source dir via http
CAMEL-19320 camel-jbang - Add command to reload
CAMEL-19309 camel-jbang - Run with empty folder
CAMEL-19299 camel-console - Add dev console for bean registry
CAMEL-19099 Camel-Jbang Export: Add a flag to include secret refresh properties in application.properties
- Merge two histograms using the higher number of digits among all histograms #93704 (issue: #92822)
- Avoid copying during iteration of all shards in routing table #94417
- Avoid duplicate application of RoutingTable diff #94379
- Balance priorities during reconciliation #95454
- Fix RebalanceOnlyWhenActiveAllocationDecider #96025
- Streamline AsyncShardFetch#getNumberOfInFlightFetches #93632 (issue: #93631)
- Check if an analytics event data stream exists before installing pipeline #95621
- [Behavioral Analytics] Use a client with ent-search origin in the BulkProcessorFactory #95614
- Fix role transformation to include missing properties #94714
- [Fleet] Add read privileges to profiling-* for symbolization support #95596
- Avoid null Location in post write refresh #95229
- Read register current term asynchronously in StoreHeartbeatService #95351
- Remove rollover cluster setting validator #94447
- [DLM] Fix the new endpoint rest-api specification #95665
- Allow deletion of component templates that are specified in the ignore_missing_component_templates array #95527
- Fix searching a filtered and unfiltered data stream alias #95865 (issue: #95786)
- Check shard availability before including in stats #96015 (issues: #96000, #87001)
- Fix GetPipelineResponse equality #93695
- Ensure refresh to return the latest commit generation #94249
- Adjust BoundedGeoHexGridTiler#FACTOR to prevent missing hits #96088 (issue: #96057)
- Fix bug where geo_line does not respect sort_order #94734 (issue: #94733)
- Retry downsample ILM action using a new target index #94965 (issue: #93580)
- Strip disallowed chars from generated snapshot name #95767 (issue: #95593)
- [ILM] Fix the migrate to tiers service and migrate action tiers configuration #95934
- Fix race condition in NodeEnvironment.close() #94677 (issue: #94672)
- Use double wildcards for filtered excludes properly #94195 (issue: #92632)
- Add level parameter validation in REST layer #94136 (issue: #93981)
- Allow low level paging in LeafDocLookup #93711
- Revert usage of SafeMustacheFactory in CustomMustacheFactory #95557
- Fix Grok.match() with offset and suffix pattern #95003 (issue: #95002)
- Fix bug in verbose simulations of the ingest pipeline API #95232
- Avoid expensive source parsing by using doc values when querying model definition meta fields #95590
- Longer timeout for mapping update during resize #95221
- Fix RecyclerBytesStreamOutput corrupting when ending write on page boundary #95114
- Fix maximum seek limit RecyclerBytesStreamOutput #95133
- Fix versioning for tests cases using a randomly generated rank builder #95514
- Fix _terms_enum display values #94080 (issue: #94041)
- Support ignore malformed in boolean fields #93239 (issue: #89542)
- Support search template api explain query string argument #94832 (issue: #83363)
- Cancel cold cache prewarming tasks if store is closing #95891 (issue: #95504)
- Fix 0 default value for repo snapshot speed #95854 (issue: #95561)
- Fix Azure InputStream#read method #96034
- Stop sorting indices in get-snapshots API #94890
- Call listener in order to prevent the request from hanging #96221
- Do not fail upon ResourceAlreadyExistsException during destination index creation #96274 (issue: #95310)
- Fix privileges check failures by adding allow_restricted_indices flag #95187
- Secondary credentials used with transforms should only require source and destination index privileges, not transform privileges #94420
- Use monotonic time in TransformScheduler #95456 (issue: #95445)
- Fixes Delete Schedule button padding issue #154503
- Fixes error message flash and throttle value reset #154497
- Fixes broken custom snooze recurrences with monthly frequency #154251
- Fixes an issue where you were unable to use retry on updateAPIKey conflict #151802
- Fixes an issue where you were uneable to enable framework alerts as data by default #154076
- Upgraded EUI to v76.0.0 #152506
- Fixes an issue where the OpenTelemetry process and system metrics were unsupported #151826
- Fixes createElement callback #154398
- Fixes the Lens visualization in the comment and description markdown on the New Case page #155897
- Fixes unsaved changes bug on empty dashboard #155648
- Removed Reload on Clone and Replace Panel #155561
- Fixes z index of toolbar items #154501
- Fixes inherited input race condition #154293
- Fixes Changing label of a geospatial filter causes filter disappear from map #154087
- Adds a "Temporary" badge for temporary data views in the Alerts flyout #155717
- Adds the ability to exclude counter fields from Breakdown options #155532
- Adds the ability to skip requests for the time series metric counter field #154319
- Fixes KQL autocomplete suggestions, which now support IP-type fields when the `autocomplete:valueSuggestionMethod advanced setting is set to terms_enum #154111
- Fixes an issue where saved search "Manage searches" button was unable to apply the "search" type filter #152565
- For the Elastic Security 8.8.0 release information, refer to Elastic Security Solution Release Notes.
- For the Elastic Enterprise Search 8.8.0 release information, refer to Elastic Enterprise Search Documentation Release notes.
- Fixes package license check to use new conditions.elastic.subscription field #154831
- Fixes the OpenAPI spec from /agent/upload to /agent/uploads for Agent uploads API #151722
- Adds a 404 page for metrics and logs #153005
- Fixes the slow process event for queries + xterm.js #155326
Kibana Home & Add Data:
- Fixes the guided onboarding API prefix to indicate that it’s intended for internal use #155643
Lens & Visualizations:
- Adds a default label on field changes for counter rate in Lens #155509
- Panel titles and descriptions are now transferred to the converted Lens panels in TSVB #154713
- Adds the ability to use the empty label for / terms in TSVB #154647
- Fixes the formatting for the legend actions title #153747
- Adds support for negative filter ratios in TSVB #152053
- Adds the ability to always retain source order for multi-metric partition chart layers in Lens #151949
- Data Frame Analytics/Anomaly Detection: Custom URLs - entity dropdown reflects Data View update #155096
- AIOps: Fix race condition where stale url state would reset search bar #154885
- Fixes anomalies table drilldown time range for longer bucket spans #153678
- Do not match time series counter fields with aggs in wizards #153021
- Anomaly Detection datafeed chart: ensure chart y axis minimum set correctly #152051
- Improves the display when there are many columns #155119
- Fixes stale submit handler ref update #154242
- Fixes terms aggregation support in wizard for Transforms #151879
- Fixes an issue where you were unable to accept additional dynamic field values for an index template #150543
- Fixes raster layer is missing in pdf/png exports #154686
- Fixes RegionMap chart type does not work with reporting #153492
- Fixes layers are not displayed in offline environment and map.includeElasticMapsService not set to false #152396
- Removes usage for the stats endpoint #151082
- Adds space-specific feature privileges #154734
- Adds the ability to properly handle NO DATA with multiple conditions with a mix of aggregations and document count thresholds #154690
- Adds additional types to the fields to be use with cardinality aggregation for Metric Threshold Rule #154197
- Adds persistent normalization mode #153116
- Fixes refresh every in the alert search bar #152246
- Fixes badge counter for global settings #150869
Querying & Filtering:
- Adds the ability to unload a selected query when it is deleted #154644
- Removes failures in wrong custom timerange #154643
- Fixes report generation when image panel is in the end of the layout #153846
- Updates Chromium to 111.0.5555.0 (r1095492) and Puppeteer to 19.7.2 #153033
- Fixes default date range on errors page #155661
- Removes the "Beta" labels in Synthetics #155589
- Fixes ML job/rule edit error #155212
Notable Issues Fixed:
- Fix a race condition that prevents Logstash from updating a pipeline’s configuration with in-flight events experiencing connection errors. #14739 This issue primarily manifests following the update of Elasticsearch credentials through Central Management, after credentials expired while events were in-flight. It causes the Elasticsearch Output to get stuck attempting to send events with the expired credentials instead of using the updated ones. To address this problem, Logstash has improved the pipeline shutdown phase functionality to allow an output plugin to request the termination of the in-flight batch of events; hence preventing the need for administrators to manually restart Logstash. Furthermore, when used in combination with a persistent queue to prevent data loss, the batch is eligible for reprocessing on pipeline restart. Plugin developers can now decide whether to make use of such functionality on output plugins. #14940
*Replace disconnect and system info symbols for agents. (pull 8015)
*Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named elements. (issue 71200)
*Developer: Expose UserSeedChangeListener extension point. (pull 7997)
*Developer: do not call SaveableListener.fireOnChange anymore when reloading an AbstractItem. (pull 7984)
*Developer: Added a utility HttpServletFilter to the API. (pull 7892)
*Feature: experimental HTTP/3 support.
Sonartype Nexus 3.54.1
The following bug fix is included in the 3.54.1 release:
*Added recently provided patch fixing the GroovyCastException that was occurring when installing the nexus gem.
The following bug fixes are included in the 3.54.0 release:
*Fixed the known issue from 3.53.0 for those using community or custom plugins. These plugins now load as expected.
*Added validation so that users can only add valid content selector privileges.
*NEXUS-37518 - Fixed an issue that was causing errors when running the Docker - Delete unused manifests and images task.
*NEXUS-38740 - Fixed an issue that was preventing NuGet v3 search from returning components with ".<numeral>" in the component name under some search conditions.
*Plugins bundled as .kar files that are installed via $install-dir/deploy now start as expected.
*Updated documentation to better explain how metadata is impacted during repository import.