Stay Informed

This week, read about:

• Hacker Stole Secrets From OpenAI.
• Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service.
• CentOS Stream 8 Builds Ended May 31, 2024.
• OpenJDK Spring 2024 Release Downloads Are Now Available on OpenLogic. 
• We Have the Latest Versions of OpenJDK Versions 8, 11, and 17 Now Available.

Non-Security Based Updates

Angular 18.0.6
COMMON:
(fix - a55719f55e) | Don't run preconnect assertion on the server. (#56213)

CORE:
(fix - 4909844805) | establish proper defer injector hierarchy for components attached to ApplicationRef (#56763)
(fix - fec5b80aaf) | support injection of object with null constructor. (#56553)

ROUTER:
(fix - b7d3ecc873) | routes should not get stale providers (#56798)

Ansible AWX 24.6.1
What's Changed:

• Fixed various RBAC issues related to managed RoleDefinitions (@AlanCoding #15287)
• Added troubleshooting and tips and tricks content to the *AWX Administration Guide* (@tvo318 #15212)
• Added a temporary workaround for CI failure related to test licenses (@TheRealHaoLiu #15305)
• Updated user models to adhere to new API assignments (@AlanCoding #15298)
• Added the ``TASK_MANAGER_LOCK_TIMEOUT`` DB connection setting for task manager connections and lock in database (@TheRealHaoLiu #15300)
• Updated ``LISTENER_DATABASES OPTIONS`` to overwrite ``DATABASES`` options in wsrelay (@jamesmarshall24 #15306)
• Fixed permissions that come from an external Auditor role (@AlanCoding #15291)
• Updated GitHub image build actions to not use cache (@AlanCoding #15308)
• Updated ``ExecutionEnvironment`` model so object-level roles work with the DAB RBAC system (@AlanCoding #15289)
• Fixed server error from DAB ``ValidationError`` with strings (@AlanCoding #15312)
• Added better error message for workflow job template create resulting in 403 errors (@TheRealHaoLiu #15309)
• Added new content for OpenShift Virtualization inventory source to the *AWX User Guide* (@tvo318 #15299)
• Added in missing read permissions for organization Audit role (@AlanCoding #15318)

AWX Operator:

• Released with AWX Operator [v2.19.1](https://github.com/ansible/awx-operator/releases/tag/2.19.1)

Elasticsearch v8.14.2
Known issues:

• When upgrading clusters from version 8.12.2 or earlier, if your cluster contains non-master-eligible nodes, information about the new functionality of these upgraded nodes may not be registered properly with the master node.
• This can lead to some new functionality added since 8.13.0 not being accessible on the upgraded cluster. If your cluster is running on ECK 2.12.1 and above, this may cause problems with finalizing the upgrade. To resolve this issue, perform a rolling restart on the non-master-eligible nodes once all Elasticsearch nodes are upgraded.

Bug fixes
Data streams:

• Ensure a lazy rollover request will rollover the target data stream once. {es-pull}109636[#109636]
• [Data streams] Fix the description of the lazy rollover task {es-pull}109629[#109629]

ES|QL:

• Fix ESQL cancellation for exchange requests {es-pull}109695[#109695]
• Fix equals and hashcode for `SingleValueQuery.LuceneQuery` {es-pull}110035[#110035]
• Force execute inactive sink reaper {es-pull}109632[#109632]

Infra/Scripting:

• Check array size before returning array item in script doc values {es-pull}109824[#109824] (issue: {es-issue}104998[#104998])

Infra/Settings:

• Guard file settings readiness on file settings support {es-pull}109500[#109500]

Machine Learning:

• Fix IndexOutOfBoundsException during inference {es-pull}109533[#109533]

Mapping:

• Re-define `index.mapper.dynamic` setting in 8.x for a better 7.x to 8.x upgrade if this setting is used. {es-pull}109341[#109341]

Ranking:

• Fix for from parameter when using `sub_searches` and rank {es-pull}106253[#106253] (issue: {es-issue}99011[#99011])

Search:

• Add hexstring support byte painless scorers {es-pull}109492[#109492]
• Fix automatic tracking of collapse with `docvalue_fields` {es-pull}110103[#110103]

Jenkins 2.466
1. Fix download of .tar.gz artifacts in Firefox (issue 73381))
2. Fix the release build that failed due to breaking changes in the Maven Release plugin. Downgrade Maven Release plugin from 3.1.0 to 3.0.1. (Maven Release Plugin MRELEASE-1151, parent pom PR 576, pull 9430))

Kibana v8.14.2
Bug Fixes
Alerting:

• Rule runs recovered actions without ever running active actions ({kibana-pull}183646[#183646]).

Fleet:

• Updates health_check endpoint to accept hosts ids ({kibana-pull}185014[#185014]).

Machine Learning:

• AIOps Log Rate Analysis: Fixes text field selection ({kibana-pull}186176[#186176]).

Presentation:

• Fixes PresentationPanelError component throwing when error.message is empty string ({kibana-pull}186098[#186098]).

Node.js 22.4.0
Experimental Web Storage API:

• [9e30724b53] - **(SEMVER-MINOR)** **deps,lib,src**: add experimental web storage (Colin Ihrig) [#52435](https://github.com/nodejs/node/pull/52435)

API Stability Updates:

• [201266706b] - **doc**: move `node --run` stability to rc (Yagiz Nizipli) [#53433](https://github.com/nodejs/node/pull/53433)
• [16c0884d48] - **doc**: mark WebSocket as stable (Matthew Aitken) [#53352](https://github.com/nodejs/node/pull/53352)
• [cf375e73c1] - **doc**: mark --heap-prof and related flags stable (Joyee Cheung) [#53343](https://github.com/nodejs/node/pull/53343)
• [0160745057] - **doc**: mark --cpu-prof and related flags stable (Joyee Cheung) [#53343](https://github.com/nodejs/node/pull/53343)

Other Notable Changes:

• [df4762722c] - **doc**: doc-only deprecate OpenSSL engine-based APIs (Richard Lau) [#53329](https://github.com/nodejs/node/pull/53329)
• [ad5282e196] - **inspector**: fix disable async hooks on `Debugger.setAsyncCallStackDepth` (Joyee Cheung) [#53473](https://github.com/nodejs/node/pull/53473)
• [e95af740fc] - **(SEMVER-MINOR)** **lib**: add diagnostics_channel events to module loading (RafaelGSS) [#44340](https://github.com/nodejs/node/pull/44340)
• [50733a1abe] - **(SEMVER-MINOR)** **util**: support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) [#53107](https://github.com/nodejs/node/pull/53107)

RabbitMQ v3.13.4
Core Broker Bug Fixes:

• A rolling upgrade from 3.12.14 to 3.13.x could run into an exception.
• When an existing virtual host was re-imported from a definitions file, its default queue type (DQT) was cleared (reset) if that field was missing in the imported definitions. Now the existing DQT is preserved.
• When a queue was declared without an explicitly provided x-queue-type but a default queue type (DQT) set (for its virtual host), its redeclaration did not consider the DQT during the property equivalence check stage.
• Feature flag controller could run into a deadlock in some upgrade scenarios.
• In mixed 3.13.x and 3.12.x clusters, when a Direct Reply-to client (the app that initiates requests) was connected to the 3.13 node and the server (the app that responds) was connected to the 3.12 node, the response was lost due to a message format conversion exception.