Stay Informed

This week, read about:

• Golang Returns To the Top 10.
• Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.
• Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks. 
• GitHub Begins 2FA Rollout. 
• Linux Foundation Europe Announces Formation of OpenWallet Foundation. 

Key Security, Maintenance, and Features Releases

Security Based Updates

Jenkins 2.394     
Community reported issues: 1×JENKINS-39143     
Important security fixes. (security advisory)     
Limit the maximum number of search results.

Non-Security Based Updates

Angular 15.2.2    
Add protractor support if protractor imports are detected.

MongoDB 6.0.5   
Issues Fixed:   
SERVER-61909: Hang inserting or deleting document with large number of index entries   
SERVER-66469: Filtering timeseries with date-field does not include results from before 1970   
SERVER-68122: Investigate replicating the collection WiredTiger config string during initial sync   
SERVER-70395: Slot-Based Engine too aggressively uses disk for $group and is slow   
SERVER-73232: Change the default log-verbosity for _killOperations

Node.js 18.5.0  
Notable Changes:  
[63563f8a7a] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #46017  
[28a775b32f] - test_runner: add initial code coverage support (Colin Ihrig) #46017  
[4d50db14b3] - (SEMVER-MINOR) test_runner: add reporters (Moshe Atlow) #45712  
[643545ab79] - (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) #46358  
[110ead9abb] - (SEMVER-MINOR) vm: expose cachedDataRejected for vm.compileFunction (Anna Henningsen) #46320  
[02632b42cf] - (SEMVER-MINOR) v8: support gc profile (theanarkh) #46255  
[f09b838408] - (SEMVER-MINOR) src,lib: add constrainedMemory API for process (theanarkh) #46218  
[cb5bb12422] - (SEMVER-MINOR) buffer: add isAscii method (Yagiz Nizipli) #46046

Nexus 3.49.0 
Fixes: 
NEXUS-30166: Error responses from the roles REST API now use a consistent format. 
NEXUS-30811: Fixed an issue that was causing staging moves to fail with an NPE for multi-arch Docker images. 
NEXUS-34600: Adding old privileges to a role after migrating to PostgreSQL now works as expected. 
NEXUS-36244: The Security Users view in the user interface no longer unnecessarily queries the database for all user role mappings. 
NEXUS-36296: Changing a proxy repository's online state no longer enables/disables the Audit and Quarantine capability. 
NEXUS-36555: Component links in the Browse UI no longer delimit GAV paths with "%2F" instead of a forward slash. 
NEXUS-36784: Fixed an issue that was causing assets downloaded via the UI to be saved with group ID and underscores instead of the expected name and extension. 
NEXUS-37385: Fixed an issue that was causing the Database Migrator to fail if a blobstore name contained a colon. 
NEXUS-37490: Fixed the blobref parsing so that it can handle blobstore names with colon.