Stay Informed

This week, read about:

• PrivateGPT.
• Upcoming Improvements to Red Hat Enterprise Linux Minor Release Betas.
• Ubuntu 22.04.4 LTS Released.
• RabbitMQ 3.13: Classic Queues Changes.
• Hybrid Post-Quantum Crypto.
• Interview with Javier Perez on the 2024 State of Open Source Report.
• Download the 2024 State of Open Source Report.

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

• CVE-2023-4911
  • CentOS 8 
    • glibc-2.28-164_ol002.el8
• CVE-2018-25032 
  • CentOS 8 
    • zlib-1.2.11-17_ol002.el8
• CVE-2022-2526
  • CentOS 8
    •  systemd-239-51_ol001.el8_5.2 
• CVE-2021-4157 
  • CentOS 8
    • kernel-4.18.0-348.7.1_ol001.el8_5
• CentOS 6 
  •  tzdata-2023c-1_ol001.el6

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

runC Vulnerabilities

• Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
• The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.

Non-Security Based Updates

Apache Spark 3.5.1
[SPARK-39910] - DataFrameReader API cannot read files from hadoop archives (.har)
[SPARK-40154] - PySpark: DataFrame.cache docstring gives wrong storage level
[SPARK-43393] - Sequence expression can overflow
[SPARK-44683] - Logging level isn't passed to RocksDB state store provider correctly
[SPARK-44805] - Data lost after union using spark.sql.parquet.enableNestedColumnVectorizedReader=true
[SPARK-44840] - array_insert() give wrong results for ngative index
[SPARK-44843] - flaky test: RocksDBStateStoreStreamingAggregationSuite
[SPARK-44880] - Remove unnecessary curly braces at the end of the thread locks info
[SPARK-44910] - Encoders.bean does not support superclasses with generic type arguments
[SPARK-44971] - [BUG Fix] PySpark StreamingQuerProgress fromJson
[SPARK-44973] - Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-45014] - Clean up fileserver when cleaning up files, jars and archives in SparkContext
[SPARK-45057] - Deadlock caused by rdd replication level of 2
[SPARK-45072] - Fix Outerscopes for same cell evaluation
[SPARK-45075] - Alter table with invalid default value will not report error
[SPARK-45078] - The ArrayInsert function should make explicit casting when element type not equals derived component type
[SPARK-45081] - Encoders.bean does no longer work with read-only properties
[SPARK-45098] - Custom jekyll-rediect-from redirect.html template
[SPARK-45106] - percentile_cont gets internal error when user input fails runtime replacement's input type check
[SPARK-45117] - Implement missing otherCopyArgs for the MultiCommutativeOp expression
[SPARK-45124] - Do not use local user ID for Local Relations
[SPARK-45132] - Fix IDENTIFIER clause for functions
[SPARK-45142] - Specify the range for Spark Connect dependencies in pyspark base image
[SPARK-45167] - Python Spark Connect client does not call `releaseAll`
[SPARK-45171] - GenerateExec fails to initialize non-deterministic expressions before use
[SPARK-45182] - Ignore task completion from old stage after retrying indeterminate stages
[SPARK-45205] - Since version 3.2.0, Spark SQL has taken longer to execute "show paritions",probably because of changes introduced by SPARK-35278
[SPARK-45211] - Scala 2.13 daily test failed
[SPARK-45227] - Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend where an executor process randomly gets stuck
[SPARK-45237] - Correct the default value of `spark.history.store.hybridStore.diskBackend` in `monitoring.md`
[SPARK-45255] - Spark connect client failing with java.lang.NoClassDefFoundError
[SPARK-45291] - Use unknown query execution id instead of no such app when id is invalid
[SPARK-45306] - Make `InMemoryColumnarBenchmark` use AQE-aware utils to collect plans
[SPARK-45311] - Encoder fails on many "NoSuchElementException: None.get" since 3.4.x, search for an encoder for a generic type, and since 3.5.x isn't "an expression encoder"
[SPARK-45346] - Parquet schema inference should respect case sensitive flag when merging schema
[SPARK-45371] - FIx shading problem in Spark Connect
[SPARK-45383] - Missing case for RelationTimeTravel in CheckAnalysis
[SPARK-45389] - Correct MetaException matching rule on getting partition metadata
[SPARK-45424] - Regression in CSV schema inference when timestamps do not match specified timestampFormat
[SPARK-45430] - FramelessOffsetWindowFunctionFrame fails when ignore nulls and offset > # of rows
[SPARK-45433] - CSV/JSON schema inference when timestamps do not match specified timestampFormat with only one row on each partition report error
[SPARK-45449] - Cache Invalidation Issue with JDBC Table
[SPARK-45473] - Incorrect error message for RoundBase
[SPARK-45484] - Fix the bug that uses incorrect parquet compression codec lz4raw
[SPARK-45498] - Followup: Ignore task completion from old stage after retrying indeterminate stages
[SPARK-45508] - Add "--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED" so Platform can access cleaner on Java 9+
[SPARK-45543] - InferWindowGroupLimit causes bug if the other window functions haven't the same window frame as the rank-like functions
[SPARK-45561] - Convert TINYINT catalyst properly in MySQL Dialect
[SPARK-45580] - Subquery changes the output schema of the outer query
[SPARK-45584] - Execution fails when there are subqueries in TakeOrderedAndProjectExec
[SPARK-45592] - AQE and InMemoryTableScanExec correctness bug
[SPARK-45604] - Converting timestamp_ntz to array<timestamp_ntz> can cause NPE or SEGFAULT on parquet vectorized reader
[SPARK-45616] - Usages of ParVector are unsafe because it does not propagate ThreadLocals or SparkSession
[SPARK-45631] - Broken backward compatibility in PySpark: StreamingQueryListener due to the addition of onQueryIdle
[SPARK-45670] - SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45678] - Cover BufferReleasingInputStream.available under tryOrFetchFailedException
[SPARK-45786] - Inaccurate Decimal multiplication and division results
[SPARK-45791] - Rename `SparkConnectSessionHodlerSuite.scala` to `SparkConnectSessionHolderSuite.scala`
[SPARK-45814] - ArrowConverters.createEmptyArrowBatch may cause memory leak
[SPARK-45847] - CliSuite flakiness due to non-sequential guarantee for stdout&stderr
[SPARK-45878] - ConcurrentModificationException in CliSuite
[SPARK-45883] - Upgrade ORC to 1.9.2
[SPARK-45896] - Expression encoding fails for Seq/Map of Option[Seq/Date/Timestamp/BigDecimal]
[SPARK-45920] - group by ordinal should be idempotent
[SPARK-45935] - Fix RST files link substitutions error
[SPARK-45943] - DataSourceV2Relation.computeStats throws IllegalStateException in test mode
[SPARK-45963] - Restore documentation for DSv2 API
[SPARK-46006] - YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46014] - Run RocksDBStateStoreStreamingAggregationSuite on a dedicated JVM
[SPARK-46016] - Fix pandas API support list properly
[SPARK-46019] - Fix HiveThriftServer2ListenerSuite and ThriftServerPageSuite to create java.io.tmpdir if it doesn't exist
[SPARK-46033] - Fix flaky ArithmeticExpressionSuite
[SPARK-46062] - CTE reference node does not inherit the flag `isStreaming` from CTE definition node
[SPARK-46064] - EliminateEventTimeWatermark does not consider the fact that isStreaming flag can change for current child during resolution
[SPARK-46092] - Overflow in Parquet row group filter creation causes incorrect results
[SPARK-46189] - Various Pandas functions fail in interpreted mode
[SPARK-46239] - Hide Jetty info
[SPARK-46274] - Range operator computeStats() proper long conversions
[SPARK-46275] - Protobuf: Permissive mode should return null rather than struct with null fields
[SPARK-46330] - Loading of Spark UI blocks for a long time when HybridStore enabled
[SPARK-46339] - Directory with number name should not be treated as metadata log
[SPARK-46388] - HiveAnalysis misses pattern guard `query.resolved`
[SPARK-46396] - LegacyFastTimestampFormatter.parseOptional should not throw exception
[SPARK-46443] - Decimal precision and scale should decided by JDBC dialect.
[SPARK-46453] - SessionHolder doesn't throw exceptions from internalError()
[SPARK-46464] - Fix the scroll issue of tables when overflow
[SPARK-46466] - vectorized parquet reader should never do rebase for timestamp ntz
[SPARK-46478] - Revert SPARK-43049
[SPARK-46480] - Fix NPE when table cache task attempt
[SPARK-46514] - Fix HiveMetastoreLazyInitializationSuite
[SPARK-46535] - NPE when describe extended a column without col stats
[SPARK-46546] - Fix the formatting of tables in `running-on-yarn` pages
[SPARK-46562] - Remove retrieval of `keytabFile` from `UserGroupInformation` in `HiveAuthFactory`
[SPARK-46577] - HiveMetastoreLazyInitializationSuite leaks hive's SessionState
[SPARK-46590] - Coalesce partiton assert error after skew join optimization
[SPARK-46598] - OrcColumnarBatchReader should respect the memory mode when creating column vectors for the missing column
[SPARK-46602] - CREATE VIEW IF NOT EXISTS should never throw `TABLE_OR_VIEW_ALREADY_EXISTS` exception
[SPARK-46609] - avoid exponential explosion in PartitioningPreservingUnaryExecNode
[SPARK-46640] - RemoveRedundantAliases does not account for SubqueryExpression when removing aliases
[SPARK-46663] - Disable memory profiler for pandas UDFs with iterators
[SPARK-46676] - dropDuplicatesWithinWatermark throws error on canonicalizing plan
[SPARK-46684] - CoGroup.applyInPandas/Arrow should pass arguments properly
[SPARK-46700] - count the last spilling for the shuffle disk spilling bytes metric
[SPARK-46747] - Too Many Shared Locks due to PostgresDialect.getTableExistsQuery - LIMIT 1
[SPARK-46763] - ReplaceDeduplicateWithAggregate fails when non-grouping keys have duplicate attributes
[SPARK-46769] - Refine timestamp related schema inference
[SPARK-46779] - Grouping by subquery with a cached relation can fail
[SPARK-46786] - Fix MountVolumesFeatureStep to use ReadWriteOncePod instead of ReadWriteOnce
[SPARK-46794] - Incorrect results due to inferred predicate from checkpoint with subquery
[SPARK-46796] - RocksDB versionID Mismatch in SST files
[SPARK-46855] - Add `sketch` to the dependencies of the `catalyst` module in `module.py`
[SPARK-46861] - Avoid Deadlock in DAGScheduler
[SPARK-46862] - Incorrect count() of a dataframe loaded from CSV datasource
[SPARK-46893] - Remove inline scripts from UI descriptions
[SPARK-46945] - Add `spark.kubernetes.legacy.useReadWriteOnceAccessMode` for old K8s clusters
[SPARK-47019] - AQE dynamic cache partitioning causes SortMergeJoin to result in data loss
[SPARK-47022] - Fix `connect/client/jvm` to have explicit `commons-lang3` test dependency
[SPARK-47053] - Docker image for release has to bump versions of some python libraries for 3.5.1

New Feature
[SPARK-45360] - Initialize spark session builder configuration from SPARK_REMOTE
[SPARK-45706] - Makes entire Binder build fails fast during setting up
[SPARK-45735] - Reenable CatalogTests without Spark Connect
[SPARK-46732] - Propagate JobArtifactSet to broadcast execution thread

Apache Kafka 3.7.0
New Feature:
[KAFKA-9800] - [KIP-580] Client Exponential Backoff Implementation
[KAFKA-15215] - The default.dsl.store config is not compatible with custom state stores
[KAFKA-15428] - Cluster-wide dynamic log adjustments for Connect
[KAFKA-15445] - KIP-975: Docker Image for Apache Kafka
[KAFKA-15448] - Streams StandbyTaskUpdateListener
[KAFKA-15470] - Allow creating connectors in a stopped state

Improvement:
[KAFKA-9693] - Kafka latency spikes caused by log segment flush on roll
[KAFKA-10199] - Separate state restoration into separate threads
[KAFKA-14127] - KIP-858: Handle JBOD broker disk failure in KRaft
[KAFKA-14780] - Make RefreshingHttpsJwksTest#testSecondaryRefreshAfterElapsedDelay deterministic
[KAFKA-14855] - Harden integration testing logic for asserting that a connector is deleted
[KAFKA-14912] - Introduce a configuration for remote index cache size, preferably a dynamic config.
[KAFKA-15022] - Support rack aware task assignment in Kafka streams
[KAFKA-15046] - Produce performance issue under high disk load
[KAFKA-15047] - Handle rolling segments when the active segment's retention is breached incase of tiered storage is enabled.
[KAFKA-15141] - High CPU usage with log4j2
[KAFKA-15147] - Measure pending and outstanding Remote Segment operations
[KAFKA-15208] - Upgrade Jackson dependencies to version 2.16.0
[KAFKA-15241] - Compute tiered offset by keeping the respective epochs in scope.
[KAFKA-15248] - Add BooleanConverter to Kafka Connect
[KAFKA-15273] - Log common name of expired client certificate
[KAFKA-15315] - Use getOrDefault rather than get
[KAFKA-15401] - Segment with corrupted index should not be uploaded to remote storage
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15418] - Update statement on decompression location
[KAFKA-15432] - RLM Stop partitions should not be invoked for non-tiered storage topics
[KAFKA-15464] - Allow dynamic reloading of certificates with different DN / SANs
[KAFKA-15471] - Allow independently stop KRaft controllers or brokers
[KAFKA-15476] - Improve checkstyle performance
[KAFKA-15485] - Support building with Java 21 (LTS release)
[KAFKA-15492] - Enable spotbugs when building with Java 21
[KAFKA-15493] - Ensure system tests work with Java 21
[KAFKA-15521] - Refactor build.gradle to align gradle swagger plugin with swagger dependencies
[KAFKA-15527] - Add reverseRange and reverseAll query over kv-store in IQv2
[KAFKA-15536] - dynamically resize remoteIndexCache
[KAFKA-15542] - Release member assignments on errors
[KAFKA-15563] - Provide informative error messages when Connect REST requests time out
[KAFKA-15566] - Flaky tests in FetchRequestTest.scala in KRaft mode
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3
[KAFKA-15629] - proposal to introduce IQv2 Query Types: TimestampedKeyQuery and TimestampedRangeQuery
[KAFKA-15685] - Add missing compatibility for MinGW and MSYS2 (windows)
[KAFKA-15769] - Fix wrong log with exception
[KAFKA-15774] - Respect default.dsl.store Configuration Without Passing it to StreamsBuilder
[KAFKA-15831] - List Client Metrics Configuration Resources
[KAFKA-15837] - Throw error on use of Consumer.poll(long timeout)
[KAFKA-15866] - Refactor OffsetFetchRequestState Error handling to be more consistent with OffsetCommitRequestState
[KAFKA-15868] - KIP-951 - Leader discovery optimisations for the client
[KAFKA-15906] - Emit offset syncs more often than offset.lag.max for low-throughput/finite partitions
[KAFKA-15922] - Add MetadataVersion for JBOD
[KAFKA-15971] - Re-enable consumer integration tests for new consumer
[KAFKA-15980] - Add KIP-1001 CurrentControllerId metric
[KAFKA-16007] - ZK migrations can be slow for large clusters
[KAFKA-16210] - Upgrade jose4j to 0.9.4

Bug:
[KAFKA-12679] - Rebalancing a restoring or running task may cause directory livelocking with newly created task
[KAFKA-13327] - Preflight validations of connectors leads to 500 responses
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-13988] - Mirrormaker 2 auto.offset.reset=latest not working
[KAFKA-14067] - Sink connector override.consumer.group.id can conflict with worker group.id
[KAFKA-14616] - Topic recreation with offline broker causes permanent URPs
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-14927] - Prevent kafka-configs.sh from setting non-alphanumeric config key names
[KAFKA-15000] - High vulnerability PRISMA-2023-0067 reported in jackson-core
[KAFKA-15117] - SslTransportLayerTest.testValidEndpointIdentificationCN fails with Java 20 & 21
[KAFKA-15152] - Fix incorrect format specifiers when formatting string
[KAFKA-15221] - Potential race condition between requests from rebooted followers
[KAFKA-15230] - ApiVersions data between controllers is not reliable
[KAFKA-15311] - Fix docs about reverting to ZooKeeper mode during KRaft migration
[KAFKA-15372] - MM2 rolling restart can drop configuration changes silently
[KAFKA-15392] - RestServer starts but does not stop ServletContextHandler
[KAFKA-15412] - Reading an unknown version of quorum-state-file should trigger an error
[KAFKA-15465] - MM2 not working when its internal topics are pre-created on a cluster that disallows topic creation
[KAFKA-15473] - Connect connector-plugins endpoint shows duplicate plugins
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15489] - split brain in KRaft cluster
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15500] - Code bug in SslPrincipalMapper.java
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15507] - adminClient should not throw retriable exception when closing instance
[KAFKA-15510] - Follower's lastFetchedEpoch wrongly set when fetch response has no record
[KAFKA-15511] - Exception not handled correctly if indexFile is corrupted.
[KAFKA-15537] - Unsafe metadata.version downgrade is not supported
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15689] - KRaftMigrationDriver not logging the skipped event when expected state is wrong
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15695] - Local log start offset is not updated on the follower after rebuilding remote log auxiliary state
[KAFKA-15704] - ControllerRegistrationRequest must set ZkMigrationReady field if appropriate
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15817] - Avoid reconnecting to the same IP address if multiple addresses are available
[KAFKA-15819] - KafkaServer leaks KafkaRaftManager when ZK migration enabled
[KAFKA-15824] - SubscriptionState's maybeValidatePositionForCurrentLeader should handle partition which isn't subscribed yet
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration
[KAFKA-15836] - KafkaConsumer subscribes to multiple topics does not respect max.poll.records
[KAFKA-15860] - ControllerRegistration must be written out to the metadata image
[KAFKA-15888] - DistributedHerder log context should not use the same client ID for each Connect worker by default
[KAFKA-15890] - Consumer.poll with long timeout unaware of assigned partitions
[KAFKA-15904] - Downgrade tests are failing with directory.id 
[KAFKA-15932] - Flaky test - PlaintextConsumerTest.testSeek("kraft+kip-848","consumer")
[KAFKA-15946] - AsyncKafkaConsumer should retry commits on the application thread instead of auto-retry
[KAFKA-15965] - Test failure: org.apache.kafka.common.requests.BrokerRegistrationRequestTest
[KAFKA-15967] - Fix revocation in reconcilation logic
[KAFKA-15978] - New consumer sends OffsetCommit with empty member ID
[KAFKA-15986] - New consumer group protocol integration test failures
[KAFKA-16005] - ZooKeeper to KRaft migration rollback missing disabling controller and migration configuration on brokers
[KAFKA-16012] - Incomplete range assignment in consumer
[KAFKA-16015] - kafka-leader-election timeout values always overwritten by default values
[KAFKA-16017] - Checkpointed offset is incorrect when task is revived and restoring
[KAFKA-16029] - Investigate cause of "Unable to find FetchSessionHandler for node X" in logs
[KAFKA-16046] - Stream Stream Joins fail after restoration with deserialization exceptions
[KAFKA-16078] - Be more consistent about getting the latest MetadataVersion
[KAFKA-16085] - remote copy lag bytes/segments metrics don't update all topic value
[KAFKA-16094] - BrokerRegistrationRequest.logDirs field must be ignorable
[KAFKA-16101] - KRaft migration rollback documentation is incorrect
[KAFKA-16120] - Fix partition reassignment during ZK migration
[KAFKA-16131] - Repeated UnsupportedVersionException logged when running Kafka 3.7.0-RC2 KRaft cluster with metadata version 3.6
[KAFKA-16133] - Commits during reconciliation always time out
[KAFKA-16141] - StreamsStandbyTask##test_standby_tasks_rebalanceArguments:{ “metadata_quorum”: “ISOLATED_KRAFT”, “use_new_coordinator”: false} fails consistently in 3.7
[KAFKA-16144] - Controller leader checkQuorum timer should skip only 1 controller case
[KAFKA-16157] - Topic recreation with offline disk doesn't update leadership/shrink ISR correctly
[KAFKA-16162] - New created topics are unavailable after upgrading to 3.7
[KAFKA-16216] - Reduce batch size for initial metadata load during ZK migration
[KAFKA-16221] - IllegalStateException from Producer

Elasticsearch 8.12.2
Bug fixes:
Application:

• Fix bug in rule_query where text_expansion errored because it was not rewritten #105365
• [Connectors API] Fix bug with crawler configuration parsing and sync_now flag #105024

Authentication:

• Validate settings before reloading JWT shared secret #105070

Downsampling:

• Downsampling better handle if source index isn’t allocated and fix bug in retrieving last processed tsid #105228

ES|QL:

• ESQL: Push CIDR_MATCH to Lucene if possible #105061 (issue: #105042)
• ES|QL: Fix exception handling on date_parse with wrong date pattern #105048 (issue: #104124)

Indices APIs:

• Always show composed_of field for composable index templates #105315 (issue: #104627)

Ingest Node:

• Backport stable ThreadPool constructor from LogstashInternalBridge #105165
• Harden index mapping parameter check in enrich runner #105096

Machine Learning:

• Fix handling of ml.config_version node attribute for nodes with machine learning disabled #105066
• Fix handling surrogate pairs in the XLM Roberta tokenizer #105183 (issues: #104626, #104981)
• Inference service should reject tasks during shutdown #105213

Network:

• Close currentChunkedWrite on client cancel #105258
• Fix leaked HTTP response sent after close #105293 (issue: #104651)
• Fix race in HTTP response shutdown handling #105306

Search:

• Field-caps should read fields from up-to-dated shards #105153 (issue: #104809)

Snapshot/Restore:

• Finalize all snapshots completed by shard snapshot updates #105245 (issue: #104939)

Transform:

• Do not log warning when triggering an ABORTING transform #105234 (issue: #105233)
• Make _reset action stop transforms without force first #104870 (issues: #100596, #104825)

Jenkins 2.446
Community reported issues: 2×JENKINS-72759

•  Modernize progress bar UI in various locations. (issue 69113)
•  Add ability for custom update centers to override the suggested plugin list. (pull 8951)
•  Enable readonly mode for dropdown menus when using the Extended Read Permission plugin. (pull 8955)
•  Restore progress animation in build history and build time trend views (regression in 2.434). (issue 72711)
•  Admin monitor does not animate on page load (regression in 2.445). (pull 8954)

Keycloak 23.0.7
Enhancements:

• #26810 Shorter lifespan for offline session cache entries in memory storage

Bugs:

• #22431 Localization: Admin UI doesn't pick up message bundles from realms other than master admin/ui
• #23786 Failure: FipsDistTest ci
• #25294 Kerberos principal attribute not found on LDAP user - even if kerberos authentication is off ldap
• #25883 ldap-group-mapper fails when empty member: attribute is present ldap
• #25912 LDAP federation reports "Creating new LDAP Store..." on every login ldap
• #25961 Native SQL Schema names broken on MySQL storage
• #26374 Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode ci
• #26529 Workflow failure: Quarkus IT - FipsDistTest#testUnsupportedHttpsPkcs12KeyStoreInStrictMode ci
• #26826 Freemarker erroneously escapes/sanitizes URL in template.ftl (&) login/ui
• #27120 Microsoft social login failure testsuite

Kibana 8.12.2
Bug Fixes:
Alerting:

• Fixes Discover results when an alert excludes matches from previous runs (#176690).
• Fixes bug where using select all on the rules list bypassed filters (#176962).

Elastic Security:

For the Elastic Security 8.12.2 release information, refer to Elastic Security Solution Release Notes.

Fleet:

• Fixes a popover about inactive agents not being dismissible (#176929).
• Fixes logstash output being RFC-952 compliant (#176298).
• Fixes assets being unintentionally moved to the default space during Fleet setup (#176173).
• Fixes categories labels in integration overview (#176141).
• Fixes the ability to delete agent policies with inactive agents from UI, the inactive agents need to be unenrolled first (#175815).

Machine Learning:

• Fixes Single Metric Viewer’s zoom range settings in URL not being restored if the URL specifies a forecastId (#176969).
• Fixes incorrect document count values in Top Values statistics (#176328).
• Fixes color of markers in Single Metric Viewer when there is sparse data for anomaly detection (#176303).

Management:

• Fixes package showing Needs authorization warning even after transform assets were authorized successfully (#176647).

Observability:

• Fixes and simplifies write access default behavior (#177088).
• Fixes recall speed when using CVS output (#176428).

Logstash 8.12.2

• Set Netty’s maxOrder options to previous default value of 11 #15928
• Add "openssl" to UBI docker images #15929

Plugins:

• Jdbc Integration - 5.4.8:
  •   Update Derby to 10.15.2.1 (built from source) #155
  •   Update sequel version to >= 5.74.0, that allows the generic jdbc adapter to better handle disconnect errors #153
• Kafka Integration - 11.3.4:
  •   Fix "retries" and "value_serializer" error handling in output plugin #160

Prometheus 2.50.0 and 2.50.1
[BUGFIX – 2.25.1] API: Fix metadata API using wrong field names. #13633
[CHANGE] Remote Write: Error storage.ErrTooOldSample is now generating HTTP error 400 instead of HTTP error 500. #13335
[FEATURE] Remote Write: Drop old inmemory samples. Activated using the config entry sample_age_limit. #13002
[FEATURE] Experimental: Add support for ingesting zeros as created timestamps. (enabled under the feature-flag created-timestamp-zero-ingestion). #12733 #13279
[FEATURE] Promtool: Add analyze histograms command. #12331
[FEATURE] TSDB/compaction: Add a way to enable overlapping compaction. #13282 #13393 #13398
[FEATURE] Add automatic memory limit handling. Activated using the feature flag. auto-gomemlimit #13395
[ENHANCEMENT] Promtool: allow specifying multiple matchers in promtool tsdb dump. #13296
[ENHANCEMENT] PromQL: Restore more efficient version of NewPossibleNonCounterInfo annotation. #13022
[ENHANCEMENT] Kuma SD: Extend configuration to allow users to specify client ID. #13278
[ENHANCEMENT] PromQL: Use natural sort in sort_by_label and sort_by_label_desc. This is experimental. #13411
[ENHANCEMENT] Native Histograms: support native_histogram_min_bucket_factor in scrape_config. #13222
[ENHANCEMENT] Native Histograms: Issue warning if histogramRate is applied to the wrong kind of histogram. #13392
[ENHANCEMENT] TSDB: Make transaction isolation data structures smaller. #13015
[ENHANCEMENT] TSDB/postings: Optimize merge using Loser Tree. #12878
[ENHANCEMENT] TSDB: Simplify internal series delete function. #13261
[ENHANCEMENT] Agent: Performance improvement by making the global hash lookup table smaller. #13262
[ENHANCEMENT] PromQL: faster execution of metric functions, e.g. abs(), rate() #13446
[ENHANCEMENT] TSDB: Optimize label values with matchers by taking shortcuts. #13426
[ENHANCEMENT] Kubernetes SD: Check preconditions earlier and avoid unnecessary checks or iterations in kube_sd. #13408
[ENHANCEMENT] Promtool: Improve visibility for promtool test rules with JSON colored formatting. #13342
[ENHANCEMENT] Consoles: Exclude iowait and steal from CPU Utilisation. #9593
[ENHANCEMENT] Various improvements and optimizations on Native Histograms. #13267, #13215, #13276 #13289, #13340
[BUGFIX] Scraping: Fix quality value in HTTP Accept header. #13313
[BUGFIX] UI: Fix usage of the function time() that was crashing. #13371
[BUGFIX] Azure SD: Fix SD crashing when it finds a VM scale set. #13578

RabbitMQ 3.13.0
This release includes several new features, optimizations, internal changes in preparation for RabbitMQ 4.x, and an updated documentation website. The user-facing areas that have seen the biggest improvements in this release are:

• Khepri now can be evaluated as an alternative schema data store in RabbitMQ, replacing Mnesia.
  • NB: Khepri is currently an experimental feature and should not yet be used for production.
• MQTTv5 support
• Support for server-side stream filtering
• A new common message container format used internally, based on the AMQP 1.0 message container format
• Improved classic non-mirrored queue performance with message sizes larger than
  4 KiB (or a different customized CQ index embedding threshold)
• Classic queues storage implementation version 2 (CQv2) is now highly recommended for all new deployments.
  CQv2 meaningfully improves performance of non-mirrored classic queues for most workloads

Spring boot 3.2.3

• This release upgrades to Hibernate 6.4.4.Final. While it contains a number of valuable bug fixes, it does not work correctly in a native image. If you are using GraalVM, Hibernate should be temporarily downgraded to 6.4.2.Final using the hibernate.version property.

Bug Fixes:

• Nested jar URLs can not be resolved if the path contains spaces #39675
• Image building runs for a long time when a long image name is used and the tag contains an illegal character #39638
• Banner printing doesn't respect set charset #39621
• "micrometer.observations.*" configuration properties should be "management.observations.*" #39600
• Metadata reading during configuration class parsing uses the default resource loader rather than the application's resource loader #39598
• Several gson properties, including spring.gson.disable-html-escaping, do not behave correctly when set to false #39524
• Property placeholders aren't resolved when configuration property binding creates a Map from a property value using a converter #39515
• Gradle plugin allows the use of Gradle 7.4 but the documented and tested minimum is 7.5 #39513
• WebFlux auto-configuration should only configure the blocking executor when virtual threads are enabled #39469
• TestcontainersPropertySource assertion has typo #39449
• Webflux actuator endpoints respond with 500 when a parameter is missing #39444
• NoSuchMethod error when using the non-shaded Pulsar client and configuring authentications parameters #39389
• Jetty GracefulShutdown writes to System.out #39360
• Building images fails with Docker 25.0 when custom buildpacks are configured #39347
• Creating a RestClient from a RestTemplateBuilder-created RestTemplate requires double configuration of the baseUrl/rootUri #39317
• Auto-configured ConcurrentPulsarListenerContainerFactory and PulsarConsumerFactory cannot be injected into injection points with specific generic type information #39308
• Startup failure when you have multiple @DynamicPropertySources in Spring Boot 3.2.2 #39297
• Mockito's MockedStatic isn't closed in all cases #39272
• TracingProperties exposes package-private PropagationType from public methods #39268