Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

runC Vulnerabilities

  • Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
  • The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.

Nginx 1.25.4
*) Security: when using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation fault in a worker process (for SSL proxying) might occur if AIO was used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL proxying was used along with the "image_filter" directive and errors with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.

Cassandra 4.1.4
* Memoize Cassandra verion and add a backoff interval for failed schema pulls (CASSANDRA-18902)
* Fix StackOverflowError on ALTER after many previous schema changes (CASSANDRA-19166)
* Fixed the inconsistency between distributedKeyspaces and distributedAndLocalKeyspaces (CASSANDRA-18747)
* Internode legacy SSL storage port certificate is not hot reloaded on update (CASSANDRA-18681)
* Nodetool paxos-only repair is no longer incremental (CASSANDRA-18466)
* Waiting indefinitely on ReceivedMessage response in StreamSession#receive() can cause deadlock (CASSANDRA-18733)
* Allow empty keystore_password in encryption_options (CASSANDRA-18778)
* Skip ColumnFamilyStore#topPartitions initialization when client or tool mode (CASSANDRA-18697)

Merged from 4.0:
* Skip version check if an endpoint is dead state in Gossiper#upgradeFromVersionSupplier (CASSANDRA-19187)
* Fix Gossiper::hasMajorVersion3Nodes to return false during minor upgrade (CASSANDRA-18999)
* Revert unnecessary read lock acquisition when reading ring version in TokenMetadata introduced in CASSANDRA-16286 (CASSANDRA-19107)
* Support max SSTable size in sorted CQLSSTableWriter (CASSANDRA-18941)
* Fix nodetool repair_admin summarize-pending command to not throw exception (CASSANDRA-19014)
* Fix cassandra-stress in simplenative mode with prepared statements (CASSANDRA-18744)
* Fix filtering system ks sstables for relocation on startup (CASSANDRA-18963)
* Remove completed coordinator sessions (CASSANDRA-18903)
* Make StartupConnectivityChecker only run a connectivity check if there are no nodes which are running a version prior to Cassandra 4 (CASSANDRA-18968)
* Retrieve keyspaces metadata and schema version concistently in DescribeStatement (CASSANDRA-18921)
* Gossip NPE due to shutdown event corrupting empty statuses (CASSANDRA-18913)
* Fix closing iterator in SecondaryIndexBuilder (CASSANDRA-18361)
* Update hdrhistogram to 2.1.12 (CASSANDRA-18893)
* Improve performance of compactions when table does not have an index (CASSANDRA-18773)
* JMH improvements - faster build and async profiler (CASSANDRA-18871)
* Enable 3rd party JDK installations for Debian package (CASSANDRA-18844)
* Fix NTS log message when an unrecognized strategy option is passed (CASSANDRA-18679)
* Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582)
* Migrate Python optparse to argparse (CASSANDRA-17914)

Merged from 3.11:
* Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756)
* Revert CASSANDRA-18543 (CASSANDRA-18854)
* Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739)

Merged from 3.0:
* Suppress CVE-2023-6378 (CASSANDRA-19142)
* Do not set RPC_READY to false on transports shutdown in order to not fail counter updates for deployments with coordinator and storage nodes with transports turned off (CASSANDRA-18935)
* Suppress CVE-2023-44487 (CASSANDRA-18943)
* Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935)
* Implement the logic in bin/stop-server (CASSANDRA-18838)
* Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878)
* Add cqlshrc.sample and credentials.sample into Debian package (CASSANDRA-18818)
* Refactor validation logic in StorageService.rebuild (CASSANDRA-18803)
* Make alternation of a user type validate the same way as creation of a user type does (CASSANDRA-18585)
* CQLSH emits a warning when the server version doesn't match (CASSANDRA-18745)
* Fix missing speculative retries in tablestats (CASSANDRA-18767)
* Fix Requires for Java for RPM package (CASSANDRA-18751)
* Fix CQLSH online help topic link (CASSANDRA-17534)
* Remove unused suppressions (CASSANDRA-18724)

Node.js 21.6.2
This is a security release.
Notable changes:
- CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- undici version 5.28.3
- libuv version 1.48.0
- OpenSSL version 3.0.13+quic1

Non-Security Based Updates

Angular 17.2.1
-fix broken version detection condition

Camel 4.4.0
BUG (36):
CAMEL-20401 camel-kudu: Potential NullPointerException on endpoint stop
CAMEL-20399 String to short type conversion fails
CAMEL-20394 camel-jbang wrong transformation when rests and routes tags are used together
CAMEL-20392 camel-jq - Inclined jq in simple language should keep quotes
CAMEL-20380 Kafka Batch Consumer: doesn't honor the poll timeout set
CAMEL-20378 Languages that can take source from header or property is not thread safe
CAMEL-20375 Camel-ical: Camel-20370 brought a NPE in some cases
CAMEL-20373 camel-kafka - KafkaIdempotentRepository may allow some duplicates after application restart
CAMEL-20370 dataformat configurer is not generated for camel-beanio
CAMEL-20362 Camel-Netty-HTTP: Headers validation should be enabled by default
CAMEL-20356 camel-core - LoggerHelper returns wrong name for source code line precise
CAMEL-20354 camel-jbang - Using camel run --source-dir component should be able to load from classpath
CAMEL-20352 camel.springboot.includeNonSingletons is not respected anymore: prototype Route Builders are always initialized.
CAMEL-20351 Camel Jbang execution from remote file doesn't work anymore
CAMEL-20350 camel-observation - Null values should be null instead of a string null literal value
CAMEL-20349 camel-salesforce: ClassCastException when a request is retried after a 401
CAMEL-20342 camel-openapi-java - NPE in OpenApiHelper
CAMEL-20340 camel-jbang - camel dependency list throws Exception for dataformats
CAMEL-20339 camel-yaml-dsl - Saga EIP with options causes NPE
CAMEL-20334 AWS S3 cloudevents data type does not set proper data Content-Type
CAMEL-20307 camel-quickfix -Queue Full
CAMEL-20301 Camel retains objects when restarting route via policy
CAMEL-20292 Probable bug in DependencyDownloaderConsole - inverted flags in output
CAMEL-20280 camel-jcache - JCachePolicy does not init bypassExpression
CAMEL-20262 camel-spring-boot - TomcatEmbeddedWebappClassLoader return nested instead file in jar file path
CAMEL-20254 camel-http - pre-emptive authentication breaks basic auth
CAMEL-20250 camel-kinesis: resume API fails to resume properly
CAMEL-20248 camel-salesforce: Most integration tests failing
CAMEL-20239 Camel-Azure-Files: The component doesn't set account parameter on the URI
CAMEL-20232 camel-core - Kamelets with Enrich and PollEnrich dynamic endpoints with template parameters
CAMEL-20218 KafkaIdempotentRepository cache incorrectly flagged as ready
CAMEL-20121 camel-smpp SMPPSession should be closed after receiving Unbind from peer
CAMEL-19849 camel-zipfile: fails to release exchange due to Exceptions
CAMEL-19262 camel-azure-eventbus - Apache Camel wrapper for Service Bus stops receiving message.
CAMEL-17722 MDC - custom properties in MDC Unit Of Work are not cleared at the end of route
CAMEL-17721 MDC - custom MDC property value is fixed to first assigned value by MDCUnitOfWork

DEPENDENCY UPGRADE (6):
CAMEL-20344 camel-spring-boot - Upgrade to 3.2.2
CAMEL-20278 Upgrade Wildfly Elytron to 2.x version
CAMEL-20116 Upgrade to Jackson BOM 2.16.0
CAMEL-19971 Camel-Consul: Consul-client repository is now read only
CAMEL-19722 camel-etcd3 - Upgrade jedtc to 0.7.6
CAMEL-19620 camel-coap - Upgrade to Californium Scandium 3.x

IMPROVEMENT (51):
CAMEL-20409 camel-core - ModelReifierFactory should detect custom on classpath
CAMEL-20403 Support Knative broker as source/sink in Pipe
CAMEL-20400 Support for Knative SinkBinding
CAMEL-20398 camel-kubernetes - Add option on component to create kubernetes client
CAMEL-20396 camel-kudu: Allow KuduClient to be autowired
CAMEL-20391 camel-core - All languages should support expression loaded from external resource
CAMEL-20387 camel-tracing - Use case insensitive headers
CAMEL-20386 camel-jq - Add @JQ for bean annotation
CAMEL-20382 camel-kafka - RecordMetadata header should be named like the other headers
CAMEL-20376 camel-xpath - XPath language add support for variables
CAMEL-20369 camel-beanio - Bring back beanio as v3
CAMEL-20365 camel-ftp - Add option to configure yes/no answer to create known host file
CAMEL-20364 camel-jms - Remove JMSCorrelationIDAsBytes header as its not needed
CAMEL-20363 camel-jms - Make getting JMSCorrelationID more robust for brokers that has bugs
CAMEL-20359 camel-groovy - Consistent name to refer to exchangeProperties
CAMEL-20358 camel-microprofile-config: CamelMicroProfilePropertiesSource should consider active profiles when loading properties
CAMEL-20355 Throttle EIP: milliseconds not available anymore
CAMEL-20346 camel-core - Simple language contains function can be improved
CAMEL-20345 camel-core - Simple binary operator in predicates better detected by predicate parser
CAMEL-20308 Change order of camel-spring-boot-bom and spring-boot-dependencies in dependencyManamgent
CAMEL-20306 Camel-CassandraQL: Add ObjectInputFilter String pattern parameter in CassandraAggregationRepository to be used in unmarshall operations
CAMEL-20303 Camel-Sql: Add ObjectInputFilter String pattern parameter in JdbcAggregationRepository to be used in unmarshall operations
CAMEL-20298 Enhancing JSONata Compatibility for Full Reference Port
CAMEL-20281 Camel-AWS Components: Make it possible to use AwsSessionCredentials to support temporary credentials
CAMEL-20275 components - Mark options that can are used for text inputs such as a SQL query
CAMEL-20274 camel-management - Add option to allow updating routes
CAMEL-20273 camel-jbang - Stub dataformat and language during export
CAMEL-20271 Camel-AWS-Cloudtrail: Improve consumers by adding more information as exchange headers
CAMEL-20258 [JBang] Use quartz out of the box for camel-cron
CAMEL-20253 camel-jbang - Add support for jolokia 2.x
CAMEL-20249 camel-jbang - Reload routes with micrometer should clean up old routes
CAMEL-20247 Rework Dynamic Router EIP Component
CAMEL-20246 camel-core - WireTap should not create correlated exchange copy
CAMEL-20245 camel-jbang - Startup should log http summary if already started such as when using supervised route controller
CAMEL-20243 camel-main - Move route controller options into its own group
CAMEL-20242 camel-routes health check reports UP right before routes were attempted to be setup when using supervising route controller
CAMEL-20241 camel-jbang - Pretty print xml body should not have noisy empty lines
CAMEL-20238 Add spring-boot-starter-jdbc dependency to camel-spring-jdbc-starter
CAMEL-20236 camel-salesforce: add missing properties to bulk 2.0 Job class
CAMEL-20233 camel-jbang - camel catalog other does not list kotlin-dsl
CAMEL-20231 camel-jasypt - make generators configurable
CAMEL-20230 camel-core - PollEnrich and Enrich EIP should eager start component if possible
CAMEL-20228 camel-jbang - camel export doesn't recognize component in pollenrich
CAMEL-20219 Add Protobuf data type transformer
CAMEL-20202 camel-azure - Consumers should avoid loading entire payload into memory
CAMEL-19956 camel-jbang - Run with custom log4j2.properties file
CAMEL-19413 camel-parquet-avro: add some defaulted values as options on dataformat to make it more configurable
CAMEL-19411 camel-kamelet - Should be using noErrorHandler
CAMEL-18969 Support mongodb connection string/uri to configure camel-mongodb component
CAMEL-18590 Camel-Azure components: Define a unique configuration for authentication
CAMEL-14028 Allow DataFormats to unmarshal known data formats without first converting to bytes

NEW FEATURE (25):
CAMEL-20408 camel-core - Tracer should include exchange variables
CAMEL-20406 camel-core - Route scoped variables
CAMEL-20379 [camel-test-infra-cli] Improve container configuration, adding external maven repositories
CAMEL-20338 Camel JMS producer should add headers
CAMEL-20336 Add a WebAssembly component and language
CAMEL-20333 Kotlin API
CAMEL-20289 camel-core - FluentProducerTemplate - Add withVariable and withProperty
CAMEL-20288 camel-core - Convert header and variable To another name
CAMEL-20286 camel-netty: add support for native transport over KQueue
CAMEL-20285 camel-json-validator: Add ability to configure ObjectMapper using endpoint properties
CAMEL-20277 camel-grpc: gRPC proxy with streaming
CAMEL-20270 Introduce plugins for Camel JBang
CAMEL-20251 Add Camel K commands to Camel JBang
CAMEL-20229 Camel-Azure-Storage-Queue: Add CloudEvents Data Type Transformer
CAMEL-20223 Camel-Spring-Boot: Camel Azure Key Vault should Support Azure Identity in the component and secrets function
CAMEL-20220 Camel Azure Key Vault: Support Azure Identity in the component and secrets function
CAMEL-19749 camel-core - Allow users to use variables in route to store data instead of headers
CAMEL-19241 Adding a Kafka Batch Consumer
CAMEL-18559 Components which do remote communication should be marked as such
CAMEL-18082 camel-jbang - Prompt mode for required values
CAMEL-17825 Hash generator in the Simple language
CAMEL-17719 camel-salesforce: allow to retrieve CDC json schema from meta service
CAMEL-16064 camel-kafka - Add batching consumer
CAMEL-15570 camel-jte - Template Engine component
CAMEL-15252 Google Pubsub Component manual acknowledgement mode

Tomcat 10.1.19
Catalina:

  •  Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by removing reference to org.apache.catalina.ssi package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt)
  •  Fix ServiceBindingPropertySource so that trailing \r\n sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt)
  •  Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz)
  • Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm)
  •  68089: Further improve the performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt)
  •  68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt)

Coyote:

  •  Setting a null value for a cookie attribute should remove the attribute. (markt)
  •  Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt)
  •  Make asynchronous error handling more robust. Ensure that once the call to AsyncListener.onError() has returned to the container, only container threads can access the AsyncContext. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext.
  •  Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm)
  •  Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ. (markt)
  •  Partial fix for 68558: Cache the result of converting to String for request URI, HTTP header names and the request Content-Type value to improve performance by reducing repeated byte[] to String conversions. (markt)
  •  Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt)
  • Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt)

Jasper:

  •  68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm)
  •  Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm)

WebSocket:

  •  Correct a regression in the fix for 66508 that could cause an UpgradeProcessor leak in some circumstances. (markt)
  •  Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm)
  •  Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt)

Web Applications:

  •  Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz)

Other:

  •  Correct the remaining OSGi contract references in the manifest files to refer to the Jakarta EE contract names rather than the Java EE contract names. Based on pull request #685 provided by Paul A. Nicolucci. (markt)
  •  Update Checkstyle to 10.13.0. (markt)
  •  Update JSign to 6.0. (markt)
  •  Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.7. (markt)
  •  Update Tomcat Native to 2.0.7. (markt)
  •  Add strings for debug level messages. (remm)
  •  Improvements to French translations. (remm)
  •  Improvements to Japanese translations by tak7iji. (markt)

Docker compose 2.24.6
Fixes:

  • Fix load .env from project directory when project file is set by COMPOSE_FILE by @ndeloof in #11405
  • Pass All option to backend api.Service when length statuses is not equal to zero by @1arp in #11475
  • Fix deadlock collecting large logs by @ndeloof in #11496

Internal:

  • [CI] docker engine version matrix by @ndeloof in #11459
  • Include all networks in ContainerCreate call if API >= 1.44 by @laurazard in #11429
  • Chore(load): ensure context passed to load by @milas in #11466
  • Feat(tracing): add project hash attribute by @milas in #11465
  • Add OTEL build,depends and capabilities to attributes by @jhrotko in #11485
  • Use listener for file metadata by @jhrotko in #11492
  • Docs: unify no trailing dots in docstrings and help by @PiotrDabrowskey in #11301
  • Chore(watch): remove old docker cp implementation by @milas in #11497
  • Docs: update cli reference link by @dvdksn in #11487
  • Use listeners to collect include metrics by @ndeloof in #11503

Grafana 10.3.3
Bug fixes:

  • Elasticsearch: Fix creating of legend so it is backward compatible with frontend produced frames.
  • ShareModal: Fixes url sync issue that caused issue with save drawer.

Jenkins 2.446

  •  Modernize progress bar UI in various locations. (issue 69113)
  •  Add ability for custom update centers to override the suggested plugin list. (pull 8951)
  •  Enable readonly mode for dropdown menus when using the Extended Read Permission plugin. (pull 8955)
  •  Restore progress animation in build history and build time trend views (regression in 2.434). (issue 72711)
  •  Admin monitor does not animate on page load (regression in 2.445). (pull 8954)
  •  Make the Agent/Provision permission available in the global Security configuration when using matrixbased authorization strategies. (issue 72637)
  •  Remove the extra margin when viewing in read only mode. (pull 8938)
  •  Create an index page for heap dump creation. (pull 8929)
  •  Allow button clicks after closing an administrative monitor popup. (issue 72679)
  •  Developer: Grant access to more FilePath APIs. (pull 8924)

Kubernetes 1.29.2
Feature:

  • Add process_start_time_seconds to /metrics/slis endpoint of all components (#122750, @richabanker) [SIG Architecture, Instrumentation and Testing]
  • Kubernetes is now built with go 1.21.7
  • update setcap/debian-base to bookworm-v1.0.1
  • update distroless-iptables to v0.4.5 (#123218, @cpanato) [SIG API Machinery, Architecture, Cloud Provider, Release, Storage and Testing]

Bug or Regression:

  • Fix deprecated version for pod_scheduling_duration_seconds that caused the metric to be hidden by default in 1.29. (#123042, @alculquicondor) [SIG Instrumentation and Scheduling]
  • Fixed a bug in ValidatingAdmissionPolicy that caused policies which were using CRD parameters to fail to synchronize (#123080, @alexzielenski) [SIG API Machinery and Testing]
  • Fixes a 1.29 regression in "kubeadm init" that caused a user-specified --kubeconfig file to be ignored. (#122792, @avorima) [SIG Cluster Lifecycle]
  • Fixes a race condition in the iptables mode of kube-proxy in 1.27 and later that could result in some updates getting lost (e.g., when a service gets a new endpoint, the rules for the new endpoint might not be added until much later). (#122756, @hakman) [SIG Network]
  • If a pvc has an empty storageClassName, persistentvolume controller won't try to assign a default StorageClass (#122704, @carlory) [SIG Apps and Storage]
  • Kubeadm: do not upload kubelet patch configuration into kube-system/kubelet-config ConfigMap (#123108, @SataQiu) [SIG Cluster Lifecycle]
  • Kubeadm: fix a bug where the --rootfs global flag does not work with "kubeadm upgrade node" for control plane nodes. (#123096, @neolit123) [SIG Cluster Lifecycle]

PHP Interpreter 8.3.3
Core:
Fixed timer leak in zend-max-execution-timers builds.
Fixed bug GH-12349 (linking failure on ARM with mold).
Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception).
Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed when used in trait).
Fixed bug GH-13215 (GCC 14 build failure).

Curl:
Fix missing error check in curl_multi_init().

FPM:
Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).

GD:
Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90).

LibXML:
Fix crashes with entity references and predefined entities.

MySQLnd:
Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes).

Opcache:
Fixed bug GH-13145 (strtok() is not comptime).
Fixed type inference of range().
Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on).

OpenSSL:
Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).

PDO_Firebird:
Fix GH-13119 (Changed to convert float and double values ​​into strings using `H` format).

Phar:
Fixed bug #71465 (PHAR doesn't know about litespeed).
Fixed bug GH-13037 (PharData incorrectly extracts zip file).

Random:
Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines).

Session:
Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader).

Standard:
Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault).

Streams:
Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail).

RabbitMQ 3.12.13
Core Broker
Bug Fixes:

  • When a channel is closed, its consumer metric samples will now be cleared differently
    depending on the number of them. In #9356, it was over optimized for the uncommon case with
    a very large number of consumers per channel, hurting the baseline case with one or a few consumers
    per channel.

CLI Tools
Enhancement:

  • CLI tool startup time was reduced.

GitHub issue: #10461

Bug Fixes:

  • JSON output formatter now avoids ANSI escape sequences.
  • ANSI escape sequences are no longer used on Windows.

Stream Plugin
Bug Fixes:

  • If a stream publisher cannot be set up, a clearer message will be logged.

Management Plugin
Bug Fixes:

  • GET /api/nodes/{name} failed with a 500 when called with a non-existed node name.

Shovel Plugin
Bug Fixes:

  • AMQP 1.0 Shovels will no longer set a delivery mode header that is not meaningful in AMQP 1.0.

Federation Plugin
Bug Fixes:

  • Upstream node shutdown could produce a scary looking exception in the log.
  • Exchange federation links could run into an exception.

Solr 9.5.0
New Features (3):

  • SOLR-17006: Collection creation & adding replicas: User-defined properties are persisted to state.json and applied to new replicas, available for use as property substitution in configuration files.
  • SOLR-16974: Circuit Breakers can now be configured globally
  • SOLR-16743: When using TLS, Solr can now auto-reload the keystore and truststore without the need to restart the process. This is enabled by default when running with TLS and can be disabled or configured in solr.in.sh

Improvements (24):

  • SOLR-17053: Distributed search with shards.tolerant: if all shards fail, fail the request
  • SOLR-16924: RESTORECORE now sets the UpdateLog to ACTIVE state instead of requiring a separate REQUESTAPPLYUPDATES call in Collection restore.
  • SOLR-16907: Fail when parsing an invalid custom permission definition from security.json
  • SOLR-13748: Add support for mm (min should match) parameter to bool query parser
  • SOLR-17046: SchemaCodecFactory is now the implicit default codec factory.
  • SOLR-16943: Extend Solr client tracing coverage to both Jetty Client and Apache HttpClient
  • SOLR-16397: Swap core v2 endpoints have been updated to be more REST-ful. SWAP is now available at `POST /api/cores/coreName/swap`
  • SOLR-17011: Add tracing spans to internal collection commands
  • SOLR-17041: Make CommitTracker currentTlogSize lazy
  • SOLR-16397: The rename-core v2 endpoint has been updated to be more REST-ful. RENAME is now available at `POST /api/cores/coreName/rename`
  • SOLR-17035: Add trace id to jetty thread names to improve debuggability via stack traces
  • SOLR-17079: Allow to declare replica placement plugins in solr.xml
  • SOLR-16959: Make the internal CoreSorter implementation configurable in solr.xml
  • SOLR-17050: Use compact JSON for Learning to Rank (LTR) feature and model storage.
  • SOLR-17094: Close objects contained inside an ObjectCache.
  • SOLR-16577: Ensure core load failures are always logged.
  • SOLR-17063: Do not retain log param references in LogWatcher
  • SOLR-17066: SolrClient builders now allow users to specify a "default" collection or core using the `withDefaultCollection` method. Use of the Builder methods is preferable to including the collection in the base URL accepted by certain client implementations.
  • SOLR-15960: Unified use of system properties and environment variables
  • SOLR-16397: The MERGEINDEXES v2 endpoint has been updated to be more REST-ful. MERGEINDEXES is now available at `POST /api/cores/coreName/merge-indices`
  • PR#2186: Include the external file name in the log instead of the hard-coded value in FileFloatSource.java.
  • SOLR-17096: solr.xml now supports declaring clusterSingleton plugins
  • SOLR-16397: The v2 endpoint to request the status of asynchronous CoreAdmin commands has been updated to be more REST-ful. Now available at `GET /api/node/commands/someRequestId`
  • SOLR-17068: bin/solr post CLI use of options is now aligned closely with bin/post CLI tool, and is consistently referenced throughout the Ref Guide and source code, and is used through out our tests. The bin/post tool remains and has been tested to work.

Optimizations (2):

  • SOLR-17084: LBSolrClient (used by CloudSolrClient) now returns the count of core tracked as not live AKA zombies instead of the full list of cores. This list is potentially as long as the number of cores. When there are many cores, this leads to high CPU and memory usage.
  • SOLR-17036: UpdateLog lazy creates VersionBucket large array, and VersionBucket do not keep the highest version anymore. This optimization reduces the memory usage, specially when the SolrCore is not used for indexing

Bug Fixes (11):

  • SOLR-17045: DenseVectorField w/ vectorDimension > 1024 now work automatically with _default configset, due to implicit use of SchemaCodecFactory.
  • SOLR-10653: When there's a UUIDField in the schema and atomic update touches another field the error occurs when leader updates replica
  • SOLR-17093: Collection restore API command now returns "requestid" when executed asynchronously like other APIs
  • SOLR-16952: In distributed i.e. multi-shard cloud mode returned dense vector 'fl' fields are now a list of numbers instead of strings.
  • SOLR-17090: The v2 "delete alias" API no longer errantly returns a 405 status code
  • SOLR-17121: Fix SchemaCodecFactory to get PostingsFormat and DocValues from field.
  • SOLR-17116: The INSTALLSHARDDATA "collection-admin" API now reports errors correctly when run asynchronously.
  • SOLR-17074: Fixed not correctly escaped quote in bin/solr script
  • SOLR-17120: Fix NullPointerException in UpdateLog.applyOlderUpdates that can occur if there are multiple partial updates of the same document in separate requests using commitWithin.
  • SOLR-17112: bin/solr script doesn't do ps properly on some systems.
  • SOLR-17149: Backups on collections with too many shards fail due to restrictive Executor queue size

AWX 23.8.1
What's Changed:

  • Fixed the pip-compile command when multiple files are passed in so that the command line would no longer parse it as one long file path (@jbradberry #14875)
  • Removed the LDAP volume when cleaning all volumes (@thedoubl3j #14874)
  • Increased lock down of websocket path (@chrismeyersfsu #14871)
  • Silenced unnecessary setuptools-scm related error messages (@chrismeyersfsu #14827)
  • Added multi-arch operator release changes (@rooftopcellist #14772)
  • Fixed email with custom notifications to work properly (@dmzoneill #14839)
  • Added dockerx make target for building AWX for ARM64 (@rooftopcellist #14774)
  • Added iputils to the Dockerfile (@wolfsoldier47 #14338)
  • Added support for websocket per-endpoint authentication (@chrismeyersfsu #14879)
  • Added Python 3.12 dependencies (@dangoncalves #14869)
  • Updated the command for the sos-report websocket relay status (@TheRealHaoLiu #14878)
  • Updated the downtime setting to respect old downtime setting name if the user has already set it (@AlanCoding #14361)
  • Added mesh ingress content to the Instances chapter of the AWX Administration Guide (@tvo318 #14854)
  • Reverted the change to drop the cython dependencies (@AlanCoding #14884)
  • Fixed the persistent breakage when cleaning up Github branches (@jbradberry #14887)

AWX Operator:

  • Released with AWX Operator v2.12.1

View all OpenUpdate editions >