Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

We recommend that you update your CentOS 8 systems to protect against this vulnerability. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.

The vulnerability affects the following versions:

  • Apache ActiveMQ 5.18.0 before 5.18.3
  • Apache ActiveMQ 5.17.0 before 5.17.6
  • Apache ActiveMQ 5.16.0 before 5.16.7
  • Apache ActiveMQ before 5.15.16
  • Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
  • Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
  • Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
  • Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16

Non-Security Based Updates

Angular 16.2.12
Animations:
fix - remove finish listener once player is destroyed (#51136)

common:
fix - apply fixed_srcset_width values only to fixed srcsets (#52486)

compiler-cli:
fix - properly emit literal types in input coercion function arguments (#52437)
fix - use originally used module specifier for transform functions (#52437)

Jenkins 2.430

  • Fix drag and drop handles for existing repeatables (regression in 2.335).
  •  Refer to the correct option in the security configuration help text.
  •  Restore security configuration help text and remove obsolete help text.
  •  Turkish localization fixes for build, login, and user management pages.
  •  Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket.

RabbitMQ 3.12.8
Minimum Supported Erlang Version
As of 3.12.0, RabbitMQ requires Erlang 25. Nodes will fail to start on older Erlang releases. Users upgrading from 3.11.x (or older releases) on Erlang 25 to 3.12.x on Erlang 26 (both RabbitMQ and Erlang are upgraded at the same time) must consult the v3.12.0 release notes first.

Changes Worth Mentioning:
Release notes can be found on GitHub at rabbitmq-server/release-notes.

Core Server
Bug Fixes:

  • Avoids a potential exception in the autoheal partition handler.

Enhancements:

  • raft.segment_max_entries is now validated to prevent the value from overflowing its 16-bit segment file field.
    Maximum supported value is now 65535.

Shovel Plugin
Enhancements:

  • Significantly faster Shovel startup in environments where there are many of them (one thousand or more).

AMQP 1.0 Erlang Client
Enhancements:

  • User-provided credentials are now obfuscated using an one-off key pair generated on node boot.
    This keeps sensitive client state information from being logged by the runtime exception logger.

Redis 7.2.3
Upgrade urgency: HIGH, Fixes critical bugs affecting most users.

Bug fixes:

  • Fix file descriptor leak preventing deleted files from freeing disk space on
    replicas
  • Fix a possible crash after cluster node removal

View all OpenUpdate editions >