Stay Informed

This week, read about:

• GitLab Ships Update for Critical Pipeline Execution Vulnerability.
• ‘CrystalRay’ Expands Arsenal, Hits 1,500 Targets With SSH-Snake and Open Source Tools.
• Linux Kernel 6.10 Officially Released, This Is What’s New.
• CentOS Stream 8 Builds Ended May 31, 2024.
• OpenJDK Spring 2024 Release Downloads Are Now Available on OpenLogic. 
• We Have the Latest Versions of OpenJDK Versions 8, 11, and 17 Now Available.

Non-Security Based Updates

Angular 18.1.0
COMMON:
(fix - f25653e231) | typo in NgOptimizedImage warning (#56756)
(fix - 9b35726e42) | typo in warning for NgOptimizedDirective (#56817)

COMPILER:
(feat - fd6cd0422d) | Add extended diagnostic to warn when there are uncalled functions in event bindings (#56295)(fix - 341a116d61) | allow more characters in let declaration name (#56764)
(fix - 2a1291e942) | give precedence to local let declarations over parent ones (#56752)

COMPILER-CLI:
(fix - 66e582551e) | avoid duplicate diagnostics for let declarations read before definition (#56843)
(fix - 4d18c5bfd5) | flag all conflicts between let declarations and local symbols (#56752)
(fix - 9e21582456) | Show template syntax errors in local compilation modified (#55855)
(fix - 5996502921) | type check let declarations nested inside nodes (#56752)
(fix - cdebf751e4) | used before declared diagnostic not firing for control flow blocks (#56843)

CORE:
(feat - ea3c802056) | Add a schematic to migrate afterRender phase flag (#55648)
(feat - 5df3e78c99) | add equality function to rxjs-interoptoSignal(#56447)
(feat - 0a48d584f2) | add support for let syntax (#56715)
(feat - 352e0782ec) | expose signal input metadata inComponentMirror(#56402)
(feat - a655e46447) | Redesign theafterRender&afterNextRenderphases API (#55648)
(feat - e5a6f91722) | support TypeScript 5.5 (#56096)
(fix - 38effcc63e) | Add back phase flag option as a deprecated API (#55648)
(fix - 86bcfd3e49) | improve docs on afterRender hooks (#56522)
(fix - b2445a0953) | link errors to ADEV (#55554) (#56038)
(fix - 03a2acd2a3) | properly remove imports in the afterRender phase migration (#56524)
(fix - 4d87b9e899) | rename the equality function option in toSignal (#56769) (#56922)
(fix - 8bd4c074af) | toSignal equal option should be passed to inner computed (#56903)

Apache Camel 4.7.0
BUG FIXES (58):

• CAMEL-20965 - InputStreamCache is not thread-safe
• CAMEL-20949 - camel-bean - Method parameters with both type and property placeholder does not work
• CAMEL-20946 - Generated Quarkus project from JBang is not working with Camel Debug
• CAMEL-20939 - camel-jbang - unable to load profile
• CAMEL-20938 - camel-http - Using disableStreamCache=true cannot read body later due to stream closed
• CAMEL-20932 - camel-core - Error handler redelivery options should support template parameters for route templates
• CAMEL-20929 - camel-core - Properties component with ignore missing property should also ignore from functions
• CAMEL-20921 - Route configuration is not loaded on a Camel application XML file
• CAMEL-20920 - RouteLoader: Can't load a valid route with the same location after a previous load error
• CAMEL-20911 - Maven build failure for Camel JBang exported Quarkus app
• CAMEL-20906 - NPE in RouteWatcherReloadStrategy.onRouteReload(RouteWatcherReloadStrategy.java:300)
• CAMEL-20890 - Use Step ID's in routeTemplate
• CAMEL-20889 - camel-core: Stream is not reset when Message.getBody(class) is invoked ans stream caching is enabled
• CAMEL-20887 - generated PojoBeanModel is missing the artifact
• CAMEL-20877 - camel-jbang ignores jib-maven-plugin-version
• CAMEL-20873 - camel-platform-http-vertx: Responses may not complete if exceptions are thrown in VertxPlatformHttpSupport.writeResponse
• CAMEL-20866 - SEDA with exchangepattern InOnly gives sometimes multiple responses
• CAMEL-20864 - camel-kafka - With confluent schema registry does not work properly.
• CAMEL-20863 - camel-langchain4j-chat: NPE if only producer is used
• CAMEL-20859 - camel-jbang - Transforming a yaml route to xml specifying a folder is generating a yaml file
• CAMEL-20853 - Rest DSL - Rest routes can not be grouped anymore
• CAMEL-20850 - LRUCache evicts entries unexpectedly
• CAMEL-20847 - camel-jbang - Run with jolokia enabled does not work
• CAMEL-20841 - DataSonnet expressions are removed under memory load
• CAMEL-20840 - Cannot cast ResumeActionAwareAdapter to KinesisResumeAdapter
• CAMEL-20839 - camel-jbang - Run with openapi in sub folder does not work
• CAMEL-20835 - OOM using RecipientList
• CAMEL-20834 - camel-salesforce - A NullPointException in SubscriptionHelper.subscribe() interrupts platform-event subscription
• CAMEL-20823 - camel-smb component polling doesn't account for directories
• CAMEL-20820 - camel-core - Duplicate JMX MBean operation for resource endpoints
• CAMEL-20819 - camel-jbang - Reload mode with supervising route controller does not reload routes
• CAMEL-20818 - camel-yaml-dsl - errorHandler does not have id field as all other YAML elements
• CAMEL-20816 - Camel-JBang: Export to quarkus does not honor quarkusGroupId setting
• CAMEL-20815 - exchange.getVariable does not get Global variables in custom processor
• CAMEL-20812 - camel-netty-http: hostnameVerification option not used
• CAMEL-20799 - camel-catalog - Model schema for setHeaders and setVariables does not include array of element
• CAMEL-20790 - kafka batching consumer polls randomly failing with NPE under load
• CAMEL-20783 - camel export --runtime=quarkus does not work with custom camel.jbang.quarkusVersion
• CAMEL-20778 - Intercept created using AdviceWithRouteBuilder causes issues with error handling (regression)
• CAMEL-20771 - camel-jbang - Does not hot-reload java source changes
• CAMEL-20769 - camel-jms: TemporaryReplyQueueExceptionListener may be causing an endless lock
• CAMEL-20768 - camel-spring-redis - SpringRedisIdempotentRepository flushes DB on start
• CAMEL-20767 - camel-spring-redis - Creating SpringRedisIdempotentRepository via SB should be possible
• CAMEL-20763 - Rest template with underscore fails after Camel 4.2.0
• CAMEL-20761 - camel-debug - Message history must be enabled
• CAMEL-20758 - camel-spring-boot - Debugger is created twice
• CAMEL-20752 - camel-saga - NPE in compesating
• CAMEL-20750 - camel-yaml-dsl - Rest DSL with enableCORS does not work
• CAMEL-20746 - Bean deserialisation from YAML displays message displays wrong nodeType
• CAMEL-20738 - camel-jasypt-starter - PropertiesParser cannot be redefined
• CAMEL-20660 - camel-azure-servicebus: Consumer fails to acknowledge messages
• CAMEL-20493 - camel-core: concurrency issue copying headers
• CAMEL-18821 - camel-core - Thread hangs on transacted routes after aggregation and multiplex (possibly more)
• CAMEL-18384 - Split/Aggregation parallelProcessing+parallelAggregate is sequential
• CAMEL-17829 - camel-as2 - issue in MDN response condition
• CAMEL-17110 - Camel-Kamelets: While using AWS S3 source noticed files were deleted before being consumed at all
• CAMEL-16829 - camel-core - Stuck processing with nested parallel splits and custom thread pool
• CAMEL-15903 - Master component do not retry endpoint startup on failure

Gitlab v16.11.6
Fixed (1 change):
Security (6 changes):

• [Disallow serving Pages over disabled custom domains with deployments](gitlab-org/security/gitlab@ff23e03cab7495107b1342b4fa175db63a4acd61) ([merge request](gitlab-org/security/gitlab!4247))
• [Check if user has ban_group_member access before banning in namespace](gitlab-org/security/gitlab@cadb2dba7f5fe825fab7fe761259e7c1721bebfe) ([merge request](gitlab-org/security/gitlab!4090))
• [Prevent using quick actions for some bot users](gitlab-org/security/gitlab@951a656e6d530ba7692b03506b7c340bc5ac2788) ([merge request](gitlab-org/security/gitlab!4233))
• [Disable raw HTML for quick action pipeline](gitlab-org/security/gitlab@1a7f336059af3223b4886e79060b8dc8a17f5482) ([merge request](gitlab-org/security/gitlab!4237))
• [Disable quick actions unless description changed](gitlab-org/security/gitlab@267f4cf51303f70d5a834a3358fe62b6e981a873) ([merge request](gitlab-org/security/gitlab!4240))
• [Remove comment support from shrug and tableflip](gitlab-org/security/gitlab@579a180538609ccad2d3930218a5410cb33d3920) ([merge request](gitlab-org/security/gitlab!4230))

Gitlab v17.0.4 
Fixed (1 change):
Security (9 changes):

• [Disallow serving Pages over disabled custom domains with deployments](gitlab-org/security/gitlab@760d6115e963e744ee55230be45e9fc3c138a73d) ([merge request](gitlab-org/security/gitlab!4248))
• [Check npm package name, version and scripts coherence](gitlab-org/security/gitlab@f3b322c5e20036e380ac15b3b2614d9bcc800e75) ([merge request](gitlab-org/security/gitlab!4158))
• [Check for create_deploy_token policy before creating deploy token](gitlab-org/security/gitlab@87ab0448c48a0ac45540986f4f7429cbc0db3e04) ([merge request](gitlab-org/security/gitlab!4168))
• [Check if user has ban_group_member access before banning in namespace](gitlab-org/security/gitlab@1b69ccb4a7e7e16372a926d7e2954aec76cdc0fd) ([merge request](gitlab-org/security/gitlab!4087))
• [Prevent privilege escalation via custom role](gitlab-org/security/gitlab@288e1493a3c16689993d7cbbd7f60cd9bdeffcc0) ([merge request](gitlab-org/security/gitlab!4198))
• [Prevent using quick actions for some bot users](gitlab-org/security/gitlab@5b8aef69fc74e5aba42d65591902a151a1654316) ([merge request](gitlab-org/security/gitlab!4232))
• Disable raw HTML for quick action pipeline](gitlab-org/security/gitlab@0ca2b123f1f627e68b73a1699fbefbb4a70c28d1) ([merge request](gitlab-org/security/gitlab!4236))
• [Disable quick actions unless description changed](gitlab-org/security/gitlab@9e5397fbd82497083cd69f526a13caea1b5efd21) ([merge request](gitlab-org/security/gitlab!4239))
• [Remove comment support from shrug and tableflip](gitlab-org/security/gitlab@e378c24c4a1a8dd323bd157bce29b21cca1e0701) ([merge request](gitlab-org/security/gitlab!4228))

Gitlab v17.1.2
Fixed (2 changes)
Security (9 changes)

• [Disallow serving Pages over disabled custom domains with deployments](gitlab-org/security/gitlab@176442d616a111667481f22186560925d1175c67) ([merge request](gitlab-org/security/gitlab!4245))
• [Check npm package name, version and scripts coherence](gitlab-org/security/gitlab@917d805ce57e5d0439b4a4c757967d494014a97d) ([merge request](gitlab-org/security/gitlab!4212))
• [Check for create_deploy_token policy before creating deploy token](gitlab-org/security/gitlab@8ae4e9b0b25bec92561698da3c7d0495d6ba61bc) ([merge request](gitlab-org/security/gitlab!4209))
• [Check if user has ban_group_member access before banning in namespace](gitlab-org/security/gitlab@eefb608987d64b9cf58411b8520f260d1fb9b1c3) ([merge request](gitlab-org/security/gitlab!4091))
• [Prevent privilege escalation via custom role](gitlab-org/security/gitlab@a618e86dc4585b0fef049f75f13acf0eec00656d) ([merge request](gitlab-org/security/gitlab!4199))
• [Prevent using quick actions for some bot users](gitlab-org/security/gitlab@5789cc333d04d76ffb4c79239e71be1910f12229) ([merge request](gitlab-org/security/gitlab!4231))
• [Disable raw HTML for quick action pipeline](gitlab-org/security/gitlab@7db9b002b803cb6b53a3e6ce3f8d9b15107e7464) ([merge request](gitlab-org/security/gitlab!4235))
• [Disable quick actions unless description changed](gitlab-org/security/gitlab@a1800c591b38df0e2d143df3ee56f76b4f3a914f) ([merge request](gitlab-org/security/gitlab!4234))
• [Remove comment support from shrug and tableflip](gitlab-org/security/gitlab@fb6bcef1935dc3a7dd60def448a652769c86ee62) ([merge request](gitlab-org/security/gitlab!4229))

Jenkins-2.467
1. Increase the minimum required Remoting version to 3107.v665000b_51092 (pull 9440))

Prometheus v2.53.1
[BUGFIX] Remote-write: stop dropping samples in catch-up#14446

strimzi/strimzi-kafka-operator  0.42.0
* Add support for Kafka 3.7.1
* The `UseKRaft` feature gate moves to GA stage and is permanently enabled without the possibility to disable it. To use KRaft (ZooKeeper-less Apache Kafka), you still need to use the `strimzi.io/kraft: enabled` annotation on the `Kafka` custom resources or migrate from an existing ZooKeeper-based cluster.
* Update the base image used by Strimzi containers from UBI8 to UBI9
* Add support for filename patterns when configuring trusted certificates
* Enhance `KafkaBridge` resource with consumer inactivity timeout and HTTP consumer/producer enablement.
* Add support for feature gates to User and Topic Operators
* Add support for setting `publishNotReadyAddresses` on services for listener types other than internal.
* Update HTTP bridge to latest 0.29.0 release
* Uncommented and enabled (by default) KRaft-related metrics in the `kafka-metrics.yaml` example file.
* Added support for configuring the quotas plugin with type `strimzi` or `kafka` in the `Kafka` custom resource. The Strimzi Quotas plugin version was updated to 0.3.1.