This week, read about:
- Golang Returns To the Top 10.
- Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.
- Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks.
- GitHub Begins 2FA Rollout.
- Linux Foundation Europe Announces Formation of OpenWallet Foundation.
Key Security, Maintenance, and Features Releases
Security Based Updates
Important security fixes. (security advisory)
Limit the maximum number of search results.
Non-Security Based Updates
Add protractor support if protractor imports are detected.
SERVER-61909: Hang inserting or deleting document with large number of index entries
SERVER-66469: Filtering timeseries with date-field does not include results from before 1970
SERVER-68122: Investigate replicating the collection WiredTiger config string during initial sync
SERVER-70395: Slot-Based Engine too aggressively uses disk for $group and is slow
SERVER-73232: Change the default log-verbosity for _killOperations
[63563f8a7a] - doc,lib,src,test: rename --test-coverage (Colin Ihrig) #46017
[28a775b32f] - test_runner: add initial code coverage support (Colin Ihrig) #46017
[4d50db14b3] - (SEMVER-MINOR) test_runner: add reporters (Moshe Atlow) #45712
[643545ab79] - (SEMVER-MINOR) fs: add statfs() functions (Colin Ihrig) #46358
[110ead9abb] - (SEMVER-MINOR) vm: expose cachedDataRejected for vm.compileFunction (Anna Henningsen) #46320
[02632b42cf] - (SEMVER-MINOR) v8: support gc profile (theanarkh) #46255
[f09b838408] - (SEMVER-MINOR) src,lib: add constrainedMemory API for process (theanarkh) #46218
[cb5bb12422] - (SEMVER-MINOR) buffer: add isAscii method (Yagiz Nizipli) #46046
NEXUS-30166: Error responses from the roles REST API now use a consistent format.
NEXUS-30811: Fixed an issue that was causing staging moves to fail with an NPE for multi-arch Docker images.
NEXUS-34600: Adding old privileges to a role after migrating to PostgreSQL now works as expected.
NEXUS-36244: The Security Users view in the user interface no longer unnecessarily queries the database for all user role mappings.
NEXUS-36296: Changing a proxy repository's online state no longer enables/disables the Audit and Quarantine capability.
NEXUS-36555: Component links in the Browse UI no longer delimit GAV paths with "%2F" instead of a forward slash.
NEXUS-36784: Fixed an issue that was causing assets downloaded via the UI to be saved with group ID and underscores instead of the expected name and extension.
NEXUS-37385: Fixed an issue that was causing the Database Migrator to fail if a blobstore name contained a colon.
NEXUS-37490: Fixed the blobref parsing so that it can handle blobstore names with colon.