Stay Informed

This week, read about:

Key Security, Maintenance, and Features Releases

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

runC vulnerabilities

  • Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
  • The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.


  • Heap-based buffer overflow in the glibc's syslog

Non-Security Based Updates

Docker Compose 2.24.5

  • Fix for failed to solve: changes out of order errors while building images on Windows (#11426)

Full Changelog

  • Fix canonical container name in --dry-run by @jhrotko in #11425
  • ci(deps): replace buildkit to fix fsutil issues on Windows by @crazy-max in #11426
  • chore(e2e): fix flaky test & standalone behavior by @milas in #11382

EtcD 3.5.12
etcd server

  • Add livez/readyz HTTP endpoints
  • Fix not validating database consistent index, and panicking on nil backend
  • Document experimental-enable-lease-checkpoint-persist flag in etcd help
  • Fix needlessly flocking snapshot files when deleting
  • Add digest for etcd base image
  • Fix delete inconsistencies in read buffer


  • Compile binaries using go 1.20.13
  • Upgrade to v0.17+ to address CVE-2023-48795

Jenkins 2.443
Community reported issues: 2×JENKINS-72592

  •  Find selected radio option when validating instead of the last one. (issue 72505)
  •  Fix missing folder icons. (issue 72407)
  •  A security fix in 2.394 caused a substantial slowdown in displaying build artifacts when using remote artifact managers such as in S3. (pull 8874)
  •  Adjust heap dump file name for compatibility with OpenJDK file suffix requirements. (issue 72579)
  •  Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42. (issue 72603)

Keycloak 23.0.6

  • #26427 Operator CSV uses wrong format for `createdAt` field operator
  • #26597 Keycloak UI meets "Internal Sever Error" after save "Refresh Token Max Reuse" number core
  • #26665 Unable to modify access token lifespan at realm level. Keycloak stops working. core

AWX 23.7.0
What's Changed

  • Added the "address" property to the AWX CyberArk Central Credential Provider plugin (@Nenodema #14742)
  • Fixed port conflicts when running other Ansible dev environments (@slemrmartin #14701)
  • Updated date to 2024 in the file for documentation (@tvo318 #14743)
  • Added support for Bitbucket Data Center webhooks (@puiterwijk #14674)
  • Updated execution environment documentation link (@auatr #14741)
  • Updated the django-ansible-base dependency (@TheRealHaoLiu #14752)
  • Built the awxkit source distribution bundle to also upload to PyPI (@jbradberry #14757)
  • Added django-ansible-base settings (@jessicamack #14768)
  • Fixed linting error in SubscriptionUsageChart (@mabashian #14765)
  • Added secure flag option for userLoggedIn cookie if SESSION_COOKIE_SECURE is set to True (@CastawayEGR #14762)
  • Added a new setting for pg_notify listener DB settings and added a keepalive (@AlanCoding #14755)
  • Updated imports for the django-ansible-base split (@jessicamack #14783)
  • Fixed/updated URL for “Passing Variables on the Command Line" link in the Job Templates chapter of the User Guide (@tvo318 #14763)
  • Updated pointer to the ansible repo for the django-ansible-base requirement (@jessicamack #14793)
  • Joined the awx node(s) on a service-mesh docker network so they can be proxied to (@chrismeyersfsu #14795)
  • Bumped Jinja2 from 3.1.2 to 3.1.3 in /docs/docsite (@dependabot #14764)
  • Added retries to requests sessions in HashiCorp Vault (@kwevers #14740)
  • Added username/password and LDAP support for HashiCorp Vault credential plugin (@djyasin #14654)
  • Specified Docker network with multiple networks (@chrismeyersfsu #14806)
  • Obtained and installed JWT updates from DAB (@chrismeyersfsu #14805)
  • Replaced old Tower documentation link with new AWX docs link (@samccann #14801)
  • Adopted new rules from black upgrade (@AlanCoding #14809)
  • Added hop node documentation and improved information about execution nodes in the Managing Capacity With Instances chapter of the Administration Guide (@tvo318 #14787)
  • Fixed nginx append slash to respect proxy (@kdelee #14814)
  • Added a section that references how to setup a private image for default execution environments in the Managing Capacity With Instances chapter of the Administration Guide (@tvo318 #14815)
  • Updated the notebook feature in the development environment to prevent EDA port conflicts (@chrismeyersfsu #14821)

OpenJ9 0.43.0

  • jdk11 - Don't cache instances of TemporaryLoggerFinder
  • Make java.lang.Thread.container a known field
  • Convert jvmtiThread.c to jvmtiThread.cpp
  • Add JVMTI synchronization in JVM_VirtualThreadHideFrames
  • Use correct GC flag in HCR dark matter cleanup
  • Increase the wait time for checkpoint safety
  • The java.compiler system property is obsolete in jdk21+

View all OpenUpdate editions >