Stay Informed

This week, read about:

• Oracle Java Police Start Knocking on Fortune 200's Doors For First Time.
• Leap 15.6 Unveils Choices for Users.
• OpenSSH Enhances Security with New Feature.
• Why Hackers Love Logs.
• CentOS End of Life Guide for Enterprise.
• OpenJDK Spring 2024 Release Downloads Are Now Available on OpenLogic. 
• We Have the Latest Versions of OpenJDK Versions 8, 11, and 17 Now Available.

Security Based Updates

PHP security releases 8.3.8, 8.2.20, and 8.1.29

OpenLogic AngularJS LTS
OpenLogic AngularJS Translate 2.19.2 released:

• CVE-2024-33665 and more.

OpenLogic AngularJS 1.6.14 and 1.8.7 released:

• CVE-2024-21490 and more.

Non-Security Based Updates

Angular 18.0.3
BENCHPRESS:

• (fix - ebf00aa0659) | adjust supported browser names for headless chrome (#56360)

CORE:

• (fix - dbd0fa00f8c) | async EventEmitter should contribute to app stability (#56308)
• (fix - 625ca3e2b3f) | signals should be tracked when embeddedViewRef.detectChanges is called (#55719)

LOCALIZE:

• (fix - d6dd3dbdb09) | add@angular/localize/initas polyfill inangular.json(#56300)

MIGRATIONS:

• (fix - c07e1b33569) | resolve error in standalone migration (#56302)

Apache Camel 3.21.5
- CAMEL-20864 camel-kafka - With confluent schema registry does not work properly.
- CAMEL-20677 camel-hazelcast: Seda nested transactions are not allowed
- CAMEL-20630 CVE-2024-25710, CVE-2024-26308 - Vulnerabilities with Camel-zip-deflater-starter maven dependency
- CAMEL-20563 camel-kafka - breakOnFirstError causes thread and memory leaks
- CAMEL-20558 Ability to use the old Micrometer meter names does not work on MicrometerExchangeEventNotifier
- CAMEL-20549 camel-kafka - Using sslKeystoreType should work with PEM
- CAMEL-20521 camel-amqp - AMQP publisher application is losing messages with local JMS transaction enabled
- CAMEL-20457 camel-core - NullPointerException for Split parallel and timeout without AggregationStrategy
- CAMEL-20435 camel-core - Resequencer EIP cannot be started again after being stopped
- CAMEL-20388 Salesforce component does not handshake on the connection failure
- CAMEL-20372 kafka Consumer - fix for config maxPollIntervalMs configuration in 3.21.x and 3.22.x
- CAMEL-20356 camel-core - LoggerHelper returns wrong name for source code line precise
- CAMEL-20350 camel-observation - Null values should be null instead of a string null literal value

ActiveMQ Artemis 2.35
Bugs Fixed:
- ARTEMIS-4165 - Page transactions not getting deleted on queue deletion
- ARTEMIS-4760 - Creating MQTT consumer should work if auto-create-queues is false
- ARTEMIS-4786 - ConcurrentModificationException on Page.destroy
- ARTEMIS-4788 - AMQP Federation Broker connection can deadlock broker shutdown
- ARTEMIS-4789 - Page.destroy race with cleanup
- ARTEMIS-4795 - Enforce queue filter when sending to FQQN
- ARTEMIS-4798 - Address Size differs between Mirror and Source queue, leading to OME scenarios
- ARTEMIS-4799 - Broker Connection Receiver attach handled incorrectly
- ARTEMIS-4801 - AMQP Session address query cache can have invalid state for long lived sessions
- ARTEMIS-4812 - PageCursorInfo should be cleared on its Maps when page is marked as complete
- ARTEMIS-4813 - LargeMessages could lose a body while in sync if backup becomes activated

New Features:
- ARTEMIS-4792 - Add support for setting consumer priority on AMQP Receiver Source addresses

Improvements:
- ARTEMIS-4796 - Simplify SimpleString API
- ARTEMIS-4800 - Simplify QueueConfiguration API
- ARTEMIS-4815 - Add –json option to ./artemis queue stat

Tasks:
- ARTEMIS-4790 - Use JUnit 5 for the test suite
- ARTEMIS-4802 - Update deprecated tags in examples/features/ha/replicated-failback sample

Dependency Upgrades:
- ARTEMIS-4791 - Update to JUnit 5.10.2
- ARTEMIS-4811 - Upgrade Netty to 4.1.111.Final

Elasticsearch v8.14.1
Also see <<breaking-changes-8.14,Breaking changes in 8.14>>.
Bug fixes
Authorization:

• Fix task cancellation authz on fulfilling cluster {es-pull}109357[#109357]

Infra/Core:

• Guard systemd library lookup from unreadable directories {es-pull}108931[#108931]

Machine Learning:

• Reset retryable index requests after failures {es-pull}109320[#109320]

Network:

• Fix task cancellation on remote cluster when original request fails {es-pull}109440[#109440]

Transform:

• Reset max page size to settings value {es-pull}109532[#109532] (issue: {es-issue}109308[#109308])

Vector Search:

• Correct how hex strings are handled when dynamically updating vector dims {es-pull}109423[#109423]

Enhancements
Infra/Settings:

• Add remove index setting command {es-pull}109276[#109276]

etcd-io/etcd v3.4.33
etcd grpc-proxy:

• Fix [Memberlist results not updated when proxy node down](https://github.com/etcd-io/etcd/pull/17896).

Dependencies:

• Compile binaries using go [1.21.11](https://github.com/etcd-io/etcd/pull/18130).
• Upgrade [bbolt to 1.3.10](https://github.com/etcd-io/etcd/pull/17945).

GitLab FOSS v16.10.7
Security (4 changes):

• [XSS and content injection raw XHTML files on IOS devices](gitlab-org/security/gitlab@bd477c1d019b3f758a38a4b7182b86f2d4668df4) ([merge request](gitlab-org/security/gitlab!4095))
• [Improve go_package_regex to prevent ReDoS attacks](gitlab-org/security/gitlab@56f50979b62a982e572d5695a87d19a36e0a9ef6) ([merge request](gitlab-org/security/gitlab!4098))
• [Fix ReDoS in CI Interpolation](gitlab-org/security/gitlab@045cf00aa56d545bdfb828c6131af89c37164946) ([merge request](gitlab-org/security/gitlab!4083))
• [Verify Asana access token when testing Asana integration](gitlab-org/security/gitlab@233b152dfea572b19b1803174c4604f4c0e04851) ([merge request](gitlab-org/security/gitlab!4061))

Other (1 change):

• [Quarantine a flaky test](gitlab-org/security/gitlab@45242cdf1d36c89aff59e3ce7ee3d2e2f5b16471)

Gitlab v16.11.4
Security (4 changes):

• [XSS and content injection raw XHTML files on IOS devices](gitlab-org/security/gitlab@5df472ac0deefe1e59ecfc0ffae7fa489cb6c9ab) ([merge request](gitlab-org/security/gitlab!4094))
• [Improve go_package_regex to prevent ReDoS attacks](gitlab-org/security/gitlab@d0b04b06f59e81bc57f6b33e26a0399b4b86ee80) ([merge request](gitlab-org/security/gitlab!4097))
• [Fix ReDoS in CI Interpolation](gitlab-org/security/gitlab@b013996a0612c9cc1e43bcd0be4b47d98eaf92f4) ([merge request](gitlab-org/security/gitlab!4082))
• [Verify Asana access token when testing Asana integration](gitlab-org/security/gitlab@6db47bd6ace0904869f56f035ff408855f3f4c9b) ([merge request](gitlab-org/security/gitlab!4060))

Gitlab v17.0.2
Fixed (1 change):

• [Fix instance templates pagination](gitlab-org/security/gitlab@d53fb868885472d0b7645afabee590f416eda0d5) **GitLab Enterprise Edition**

Changed (1 change):

• [Only query the fields needed](gitlab-org/security/gitlab@74794d45373cf605d7c036cc0ab13a3d5018c616)

Security (4 changes):

• [XSS and content injection raw XHTML files on IOS devices](gitlab-org/security/gitlab@7459916b867b01581b3422fd065419feb6352180) ([merge request](gitlab-org/security/gitlab!4093))
• [Improve go_package_regex to prevent ReDoS attacks](gitlab-org/security/gitlab@45ccd851058bf319f7795e88afcb27c1440c24e9) ([merge request](gitlab-org/security/gitlab!4096))
• [Fix ReDoS in CI Interpolation](gitlab-org/security/gitlab@11be5651e849441813c022bc492e6549e9ed297d) ([merge request](gitlab-org/security/gitlab!4081))
• [Verify Asana access token when testing Asana integration](gitlab-org/security/gitlab@c35fb1ce0e58b8e90bc61b7d48949572fca6705c) ([merge request](gitlab-org/security/gitlab!4059))

Grafana v10.4.4
Bug fixes:
- **BrowseDashboards:** Prepend subpath to New Browse Dashboard actions. [#89129], [@joshhunt]
- **Alerting:** Fix rule storage to filter by group names using case-sensitive comparison. [#89061], [@yuri-tceretian]
- **Alerting:** Fix editing Grafana folder via alert rule editor. [#88907], [@gillesdemey]
- **AzureMonitor:** Fix bug detecting app insights queries. [#88786], [@aangelisc]
- **AuthN:** Fix signout redirect url. [#88749], [@kalleep]
- **SSE:** Fix threshold unmarshal to avoid panic. [#88650], [@yuri-tceretian]
- **Alerting:** Fix typo in JSON response for rule export. [#88094], [@yuri-tceretian]
- **CloudMonitoring:** Fix query type selection issue. [#88023], [@aangelisc]
- **Provisioning:** Add override option to role provisioning.

Jenkins 2.452.2
1. Security fix. (2024-04-17 security advisory))
2. Remove People view. Administrators can install the new People View plugin to restore this functionality. (issue 18884, pull 9060, People View plugin))
3. Update Apache Mina in the CLI from 2.11.0 to 2.12.1. (pull 9089))
4. Developer: Provide current administrative monitor as a context object when loading its description. (pull 9071))

Jenkins-2.462
1. Refine button appearances in sidebars, menus, pages and breadcrumbs. (pull 9367))
2. Adjust heading weights and sizes. (pull 9366))
3. Show help text in the correct locale even if user has an alternate language option defined in their browser (issue 73246))
4. Quote replacement string in symbol tooltips. (issue 73243))
5. Honor readonly mode when displaying enumerations on pages. (issue 72854))

Kibana v8.14.1
Bug Fixes
Data Discovery:

• Notify the user about issues with access to the default data view ({kibana-pull}184740[#184740]).

Discover:

• Fixes resetting of breakdown field in a saved search ({kibana-pull}184668[#184668]).

Elastic Security:

• For the Elastic Security 8.14.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].

Fleet:

• Fixes restart upgrade disabled condition ({kibana-pull}184586[#184586]).

Observability:

• Fixes editing enabled state for project monitor ({kibana-pull}184775[#184775]).

Kubernetes v1.30.2
Changes by Kind
API Change:

• Added the feature gates `StrictCostEnforcementForVAP` and `StrictCostEnforcementForWebhooks` to enforce the strct cost calculation for CEL extended libraries. It is strongly recommended to turn on the feature gates as early as possible. (#124676, @cici37) [SIG API Machinery, Auth, Node and Testing]
• Improved scheduling performance when many nodes, and prefilter returns 1-2 nodes (e.g. daemonset)
• For developers of out-of-tree PostFilter plugins, note that the semantics of NodeToStatusMap are changing: A node with an absent value in the NodeToStatusMap should be interpreted as having an UnschedulableAndUnresolvable status (#125306, @gabesaba) [SIG Scheduling]

Feature:

• Kubernetes is now built with go 1.22.3 (#124829, @cpanato) [SIG Release and Testing]
• Kubernetes is now built with go 1.22.4 (#125366, @cpanato) [SIG Architecture, Cloud Provider, Release, Storage and Testing]

Bug or Regression:

• Drop additional rule requirement (cronjobs/finalizers) in the roles who use kubectl create cronjobs to be backwards compatible (#124883, @ardaguclu) [SIG CLI]
• Emition of RecreatingFailedPod and RecreatingTerminatedPod events has been removed from stateful set lifecycle. (#123809, @atiratree) [SIG Apps and Testing]
• Improved scheduling latency when many gated pods (#124848, @gabesaba) [SIG Scheduling and Testing]
• Kube-apiserver: fixes a 1.28 regression printing pods with invalid initContainer status (#124908, @liggitt) [SIG Node]
• Kube-scheduler: fixes a 1.30 regression that can lead to a scheduler crash when processing pods with affinity that doesn't match a real/valid node (#125039, @AxeZhan) [SIG Scheduling and Testing]
• Kubeadm: during kubelet health checks, respect the healthz address:port configured in the KubeletConfiguration instead of hardcoding localhost:10248. (#125286, @neolit123) [SIG Cluster Lifecycle]

Kubernetes v1.29.6
Changes by Kind
API Change:

• Improved scheduling performance when many nodes, and prefilter returns 1-2 nodes (e.g. daemonset)
• For developers of out-of-tree PostFilter plugins, note that the semantics of NodeToStatusMap are changing: A node with an absent value in the NodeToStatusMap should be interpreted as having an UnschedulableAndUnresolvable status (#125307, @gabesaba) [SIG Scheduling]

Feature:

• Kubernetes is now built with go 1.21.10 (#124830, @cpanato) [SIG Release and Testing]
• Kubernetes is now built with go 1.21.11 (#125367, @cpanato) [SIG Architecture, Cloud Provider, Release, Storage and Testing]

Bug or Regression:

• Emition of RecreatingFailedPod and RecreatingTerminatedPod events has been removed from stateful set lifecycle. (#123809, @atiratree) [SIG Apps and Testing]
• Fixed PersistentolumeLabel providing wrong topology labels to Azure Disk PersistentVolumes when the external Azure cloud provider is used. (#124528, @jsafrane) [SIG Cloud Provider]
• Improved scheduling latency when many gated pods (#124849, @gabesaba) [SIG Scheduling and Testing]
• Kube-apiserver: fixes a 1.28 regression printing pods with invalid initContainer status (#124909, @liggitt) [SIG Node]
• Kube-scheduler: fixes a 1.29.5 regression that can lead to a scheduler crash when processing pods with affinity that doesn't match a real/valid node (#125041, @AxeZhan) [SIG Scheduling and Testing]
• Reduce critical section in watchcache to fix kube-apiserver scalability under heavy load of list requests (#122027, @wojtek-t) [SIG API Machinery]

Kubernetes v1.28.11
Changes by Kind
API Change:

• Improved scheduling performance when many nodes, and prefilter returns 1-2 nodes (e.g. daemonset)
•  For developers of out-of-tree PostFilter plugins, note that the semantics of NodeToStatusMap are changing: A node with an absent value in the NodeToStatusMap should be interpreted as having an UnschedulableAndUnresolvable status (#125308, @gabesaba) [SIG Scheduling]

Feature:

• Kubernetes is now built with go 1.21.10 (#124831, @cpanato) [SIG Release and Testing]
• Kubernetes is now built with go 1.21.11 (#125368, @cpanato) [SIG API Machinery, Architecture, Release and Testing]

Bug or Regression:

• Emition of RecreatingFailedPod and RecreatingTerminatedPod events has been removed from stateful set lifecycle. (#123809, @atiratree) [SIG Apps and Testing]
• Improved scheduling latency when many gated pods (#124851, @gabesaba) [SIG Scheduling and Testing]
• Kube-apiserver: fixes a 1.28 regression printing pods with invalid initContainer status (#124910, @liggitt) [SIG Node]
• Kube-scheduler: fixes a 1.28.10 regression that can lead to a scheduler crash when processing pods with affinity that doesn't match a real/valid node (#125042, @AxeZhan) [SIG Scheduling and Testing]
• Reduce critical section in watchcache to fix kube-apiserver scalability under heavy load of list requests (#122027, @wojtek-t) [SIG API Machinery]

Kubernetes v1.27.15
Changes by Kind
API Change:

• Improved scheduling performance when many nodes, and prefilter returns 1-2 nodes (e.g. daemonset)
• For developers of out-of-tree PostFilter plugins, note that the semantics of NodeToStatusMap are changing: A node with an absent value in the NodeToStatusMap should be interpreted as having an UnschedulableAndUnresolvable status (#125309, @gabesaba) [SIG Scheduling]

Feature:

• Kubernetes is now built with go 1.21.10 (#124832, @cpanato) [SIG Release and Testing]
• Kubernetes is now built with go 1.21.11 (#125369, @cpanato) [SIG Release and Testing]

Bug or Regression:

• Improved scheduling latency when many gated pods (#124866, @gabesaba) [SIG Scheduling and Testing]
• Kube-scheduler: fixes a 1.27.14 regression that can lead to a scheduler crash when processing pods with affinity that doesn't match a real/valid node (#125043, @AxeZhan) [SIG Scheduling and Testing]

Logstash v8.14.1
Logstash 8.14.1 Release Notes:

• Fixes JSON serialization of payloads that are not UTF-8, eliminating an issue where the Elasticsearch Output could get stuck in a retry loop (#16072) [#16168]
• Fixes Persistent Queue bug in which a PQ configured with `queue.max_bytes` equal to its `queue.page_capacity` could become permanently blocked when _precisely_ full [#16178]
• Fixes a regression in multi-local pipeline loader that caused variable-references in a configured `pipelines.yml` to not be replaced by their values in the environment and/or keystore [#16201]

Plugins:

• Elastic_integration Filter - 0.1.9*
  • [DOC] Removes Tech Preview label and adds link to extending integrations topic in LSR [#142]
• Azure_event_hubs Input - 1.4.7*
• [DOCS] Clarify examples for single and multiple event hubs [#90]
• [DOCS] Add outbound port requirements for Event Hub [#88]
• Jdbc Integration - 5.4.11*
• Fixes an issue in which any one instance of a JDBC input plugin using `jdbc_default_timezone` changes the behaviour of plugin instances that do _not_ use `jdbc_default_timezone`, ensuring that timezone offsets remain consistent for each instance of the plugin _as configured_ [#151]
• Fixes an exception that could occur while reloading `jdbc_static` databases when the underlying connection to the remote has been broken [#165]
• Kafka Integration - 11.4.2*
• Add default client_id of logstash to kafka output [#169]
• Http Output - 5.6.1*
• Added body logging for non 2xx responses [#142]
• Tcp Output - 6.2.1*
• Document correct default plugin codec [#54]

Node.js v22.3.0
Notable Changes:

• [5a41bcf9ca] - **(SEMVER-MINOR)** **src**: traverse parent folders while running `--run` (Yagiz Nizipli) [#53154](https://github.com/nodejs/node/pull/53154)
• [1d5934524b] - **(SEMVER-MINOR)** **buffer**: add .bytes() method to Blob (Matthew Aitken) [#53221](https://github.com/nodejs/node/pull/53221)
• [75e5612fae] - **(SEMVER-MINOR)** **src,permission**: --allow-wasi & prevent WASI exec (Rafael Gonzaga) [#53124](https://github.com/nodejs/node/pull/53124)
• [b5c30e2f5e] - **(SEMVER-MINOR)** **module**: print amount of load time of a cjs module (Vinicius Lourenço) [#52213](https://github.com/nodejs/node/pull/52213)
• [8c6dffc269] - **(SEMVER-MINOR)** **test_runner**: add snapshot testing (Colin Ihrig) [#53169](https://github.com/nodejs/node/pull/53169)
• [048478d351] - **(SEMVER-MINOR)** **doc**: add context.assert docs (Colin Ihrig) [#53169](https://github.com/nodejs/node/pull/53169)
• [f6d2af8ee7] - **(SEMVER-MINOR)** **test_runner**: add context.fullName (Colin Ihrig) [#53169](https://github.com/nodejs/node/pull/53169)
• [a0766bdf0e] - **(SEMVER-MINOR)** **net**: add new net.server.listen tracing channel (Paolo Insogna) [#53136](https://github.com/nodejs/node/pull/53136)
• [374743cd4e] - **(SEMVER-MINOR)** **process**: add process.getBuiltinModule(id) (Joyee Cheung) [#52762](https://github.com/nodejs/node/pull/52762)
• [1eb55f3550] - **(SEMVER-MINOR)** **doc**: improve explanation about built-in modules (Joyee Cheung) [#52762](https://github.com/nodejs/node/pull/52762)
• [6165894774] - **fs**: mark recursive cp methods as stable (Théo LUDWIG) [#53127](https://github.com/nodejs/node/pull/53127)
• [db5dd0c6df] - **doc**: add StefanStojanovic to collaborators (StefanStojanovic) [#53118](https://github.com/nodejs/node/pull/53118)
• [cfcde78513] - **(SEMVER-MINOR)** **cli**: add `NODE_RUN_PACKAGE_JSON_PATH` env (Yagiz Nizipli) [#53058](https://github.com/nodejs/node/pull/53058)
• [7a67ecf161] - **(SEMVER-MINOR)** **test_runner**: support module mocking (Colin Ihrig) [#52848](https://github.com/nodejs/node/pull/52848)
• [ee56aecced] - **(SEMVER-MINOR)** **lib**: add EventSource Client (Aras Abbasi) [#51575](https://github.com/nodejs/node/pull/51575)
• [6413769bc7] - **(SEMVER-MINOR)** **lib**: replace MessageEvent with undici's (Matthew Aitken) [#52370](https://github.com/nodejs/node/pull/52370)
• [c70b2f7a76] - **(SEMVER-MINOR)** **cli**: add `NODE_RUN_SCRIPT_NAME` env to `node --run` (Yagiz Nizipli) [#53032](https://github.com/nodejs/node/pull/53032)
• [badec0c38b] - **doc**: add Marco Ippolito to TSC (Rafael Gonzaga) [#53008](https://github.com/nodejs/node/pull/53008)