Stay Informed

This week, read about:

• Introducing PyPI Organizations.
• DentOS 3.0 Unveiled: Open Source NOS Powering Distributed Enterprise Edge Brings Network Management, Scalability, and Security via New Rapid Release Cycle.
• Plugging the Infosec Holes Before the Bad Guys Can Sneak In.
• Apache Superset: A Story of Insecure Default Keys, Thousands of Vulnerable Systems, Few Paying Attention.
• You Can Cross 'Quantum Computers to Smash Crypto' Off Your List of Existential Fears for 30 Years.
• You Don't Have to Wait for Quantum Computing to Prepare For It.
• 10 Reasons Why Companies Choose OpenLogic for OSS Support.
• Kafka MirrorMaker Overview: Key Features and Benefits.

Key Security, Maintenance, and Features Releases

Security Based Updates

Keycloak 21.1.1    
*17514 SAML2 Client Signing Keys Config does not accept PEM import keycloak admin/ui    
*19469 ClientPolicies: Deserialization of `MultivaluedString ` config property doesn't work properly between new admin-ui and backend keycloak admin/ui    
*19513 Trusted Hosts configuration in Client Registration Policy not working keycloak admin/ui    
*19532 When editing JS policy, the text area with "Code" should be read-only keycloak admin/ui    
*19582 UI glitches in Users - Groups - Join Group keycloak admin/ui    
*19609 Declarative user profile attribute options validator is not added correctly keycloak admin/ui    
*19673 Sessions displayed multiple times keycloak admin/ui    
*19800 Installation of keycloak-js fails with npm and yarn keycloak adapter/javascript    
*19801 Documentation doesn't have versions set properly keycloak docs    
*19803 `.\kc.bat start-dev` on Windows failed to start in 21.1.0 keycloak dist/quarkus    
*19841 Upgrade from 21.0.2 to 21.1.0 fails on oracle db keycloak storage    
*19850 Keycloak Quarkus Server dependency broken keycloak dependencies    
*19867 Not possible to override default or built-in providers keycloak core    
*19875 Validators not saved when creating new User profile -> Attribute keycloak admin/ui 

Non-Security Based Updates

Grafana 9.5.1  
*Upgrade Go to 1.20.3 
Grafana 9.5.0 
Bug Fixes: 
API: Fix "Updated by" Column in dashboard versions table. 
AccessControl: Allow editors to access GET /api/datasources. 
Alerting: Add "backend" label to state history writes metrics. 
Alerting: Add alert instance labels to Loki log lines in addition to stream labels. 
Alerting: Elide requests to Loki if nothing should be recorded. 
Alerting: Fix DatasourceUID and RefID missing for DatasourceNoData alerts. 
Alerting: Fix ambiguous handling of equals in labels when bucketing Loki state history streams. 
Alerting: Fix attachment of external labels to Loki state history log streams. 
Alerting: Fix creating a recording rule when having multiple datasources. 
Alerting: Fix explore link in alert detail view. 
Alerting: Fix share URL for Prometheus rules on subpath. 
Alerting: Fix stats that display alert count when using unified alerting. 
Alerting: Hide mute timing actions when dealing with vanilla prometheus. 
Alerting: Paginate result previews. 
Alerting: Prometheus-compatible Alertmanager timings editor. 
Alerting: Update scheduler to get updates only from database. 
Alerting: Use a completely isolated context for state history writes. 
Alerting: Use displayNameFromDS if available in preview. 
Annotation List: Fix panel not updating when variable is changed. 
Annotations: Ignore unique constraint violations for tags. 
Auth: Fix orgrole picker disabled if isSynced user. 
AzureMonitor: Fix Log Analytics portal links. 
BrowseDashboards: Fix move to General folder not working. 
Catalog: Show install error with incompatible version. 
Chore: Update Grafana to use Alertmanager v0.25.1-0.20230308154952-78fedf89728b. 
CloudMonitoring: Add project selector for MQL editor[fix]. 
CloudWatch Logs: Fix running logs queries with expressions. 
CloudWatch Logs: Fix to make log queries use a relative time if available. 
CloudWatch Logs: Revert "Queries in an expression should run synchronously". 
CloudWatch: Fix cachedQueries insights not being updated for metric queries. 
Cloudwatch: Pass refId from query for expression queries. 
Dashboards: Evaluate provisioned dashboard titles in a backwards compatible way. 
Dashboards: Fix Mobile support dashboard issues on new iOS 16.3. 
Dashboards: Fix broken internal data links. 
Database: Don't sleep 10ms before every request. 
Elasticsearch: Fix processing of response with multiple group by for alerting. 
Elasticsearch: Handle multiple annotation structures. 
Email: Mark HTML comments as "safe" in email templates. 
Emails: Preserve HTML comments. (Enterprise) 
ErrorHandling: Fixes issues with bad error messages. 
ErrorView: Better detection of no-data responses. 
Explore: Make DataSourcePicker visible on small screens. 
Fix: DataLinks from data sources override user defined data link. 
Fix: Top table rendering and update docs. 
Frontend: Fix broken links in /plugins when pathname has a trailing slash. 
Geomap: Fix route layer zoom behavior. 
Google Cloud Monitoring: Fix project variable. 
HeatMap: Sort y buckets when all bucket names are numeric. 
InfluxDB: Fix querying with hardcoded retention policy. 
InfluxDB: Fix sending retention policy with InfluxQL queries. 
KVStore: Include database field in migration. 
LDAP: Always synchronize Server Admin role through role sync if role sync is enabled. 
Library panels: Ensure pagination controls are always correctly displayed. 
Loki: Fix autocomplete situations with multiple escaped quotes. 
MegaMenu: Fixes mega menu showing scroll indicator when it shouldn't. 
Navigation: Redirect to root page when switching organization. 
Navigation: Scrolled hamburger menu links now navigate correctly in Safari. 
NestedFolders: Fix nested folder deletion. 
New Panel Header: Fix when clicking submenu item the parent menu item onClick get's triggered. 
Phlare: Fix error when there are no profileTypes to send from backend. 
PieChart: Show long labels properly. 
PluginExtensions: Fixed issue with incorrect type being exposed when configuring an extension. 
Plugins: Ensure proxy route bodies are valid JSON. 
Plugins: Fix width for README pages with tables. 
Plugins: Markdown fetch retry with lowercase. 
Plugins: Skip instrumenting plugin build info for core and bundled plugins. 
PublicDashboards: Query collapsed panels inside rows. 
Query Splitting: Fix for handling queries with no requestId. 
SQL Datasources: Fix variable throwing error if query returns no data. 
SQL Datasources: Prevent Call Stack Overflows with Large Numbers of Values for Variable. 
SQLStore: Fix SQLite error propagation if query retries are disabled. 
Stat Panel: Fix issue with clipping text values. 
Table Panel: Fix panel migration for options cell type. 
Table: Fix migrations from old angular table for cell color modes. 
Table: Fixes issue with pagination summary causing scrollbar. 
Table: Fixes table panel gauge alignment. 
TablePanel: Fix table cells overflowing when there are multiple data links. 
TablePanel: fix footer bug; no footer calculated values after "hidden" column override. 
Team sync: Fix apply query string instead of param. (Enterprise) 
Templating: Allow percent encoding of variable with custom all. 
Tempo: Set default limit if none is provided for traceql queries. 
TimeSeries: Don't extend stepped interpolation to graph edges. 
TimeSeries: Improve stacking direction heuristic. 
Trace View: Update the queryType to traceql for checking if same trace when clicking span link. 
TraceView: Don't require preferredVisualisationType to render. 
Utils: Reimplement util.GetRandomString to avoid modulo bias. 
XYChart: Add all dataset columns in tooltip. 
Breaking Changes:

• default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. Having default named retention policy is not breaking anything. We will make sure to use the actual default retention policy under the hood. To change the hardcoded retention policy in the dashboard.json, users must they select the right retention policy from dropdown and save the panel/dashboard. Issue #66466
• Grafana Alerting rules with NoDataState configuration set to Alerting will now respect "For" duration. Issue #65574
• Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. Issue #58820

Jenkins 2.402

• Community reported issues: 3×JENKINS-71156
• Update appearance and framework for link dropdown menus.
• Remove duplicate section headers from the Tools page. Remove border at the top of the Tools page for consistency with other pages.
• Hide the filter field when there's no build in Build History Widget. 
• Restore conditional rendering of headers in some pages and remove non-functional drag handle from some headers (regression in 2.335).
• Upgrade Winstone from 6.10 to 6.11. This includes the upgrade of Jetty from 10.0.13 to 10.0.15.

RabbitMQ 3.11.15

• As of 3.11.0, RabbitMQ requires Erlang 25. Nodes will fail to start on older Erlang releases.
• Erlang 25 as our new baseline means much improved performance on ARM64 architectures, profiling with flame graphs   
  across all architectures, and the most recent TLS 1.3 implementation available to all RabbitMQ 3.11 users.
• Fix: Operator policies now can define "ha-sync-mode", a classic mirrored queue setting. Note that classic mirrored queues are deprecated and will be removed in RabbitMQ 4.0.
• All users of CMQs should migrate to quorum queues or streams, or a combination of both.

Solr 9.2.1   
Fixes:   
*SOLR-16731: Use the right cluster property for displaying if TLS is enabled   
*SOLR-16730: Fix NPE in SystemInfoHandler for inter-node requests that would cause the Nodes page not to load. SystemInfoHandler no longer populates the username, roles and permissions in inter-node requests.   
*SOLR-16728: Fix Classloading Exception for inter-node requests when using SSL and HTTP2. All Jetty classes are able to be shared between the Jetty server and webApp now.   
*SOLR-16734: SOLR_DATA_HOME is only honored in verbode mode   
*SOLR-16721: Java version detection fails when `_JAVA_OPTIONS` is set   
*SOLR-16649: Http2SolrClient.processErrorsAndResponse uses wrong instance of ResponseParser   
*SOLR-16240: Fix KerberosPlugin module classloading when using the hadoop-auth module. Plugins in modules/packages that require the Thread contextClassLoader on startup should now work.   
*SOLR-16755: bin/solr's '-noprompt' option no longer works for examples   
*SOLR-16741: CLUSTERSTATUS API returns wrong value for state ,leader for PRS collections