Stay Informed
This week, read about:
- YubiKeys Cryptographic Flaw Let Attackers Clone Devices by Extracting Private Key.
- HAProxy 2.9.5 Performance#2454.
- A New Path for Kyber on the Web.
- Cassandra Redesigns Indexing, Storage Management for 5.0 Release.
- Patch Now: Critical Nvidia Bug Allows Container Escape, Complete HostTakeover.
- CentOS Stream 8 End of Builds Was May 31, 2024 and CentOS Linux 7 End of Life Was June 30, 2024. Get the Definitive Guide For CentOS EOL.
- OpenJDK Spring 2024 Release Downloads Are Now Available on OpenLogic.
- We Have the Latest Versions of OpenJDK Versions 8, 11, and 17 Now Available.
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
- CVE-2023-4911
- CentOS 8
- glibc-2.28-164_ol002.el8
- CentOS 8
- CVE-2018-25032
- CentOS 8
- zlib-1.2.11-17_ol002.el8
- CentOS 8
- CVE-2022-2526
- CentOS 8
- systemd-239-51_ol001.el8_5.2
- CentOS 8
- CVE-2021-4157
- CentOS 8
- kernel-4.18.0-348.7.1_ol001.el8_5
- CentOS 8
- CentOS 6
- tzdata-2023c-1_ol001.el6
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
OpenLogic AngularJS
Small miscellaneous update of angular-translate@2.19.3:
- Removed bower-npm-resolver from dependencies
- This resolves unwanted downloads of minimist and tough-cookie with many others
Non-Security Based Updates
ActiveMQ Classic 5.18.6
Bug:
[AMQ-8122] - DataByteArrayInputStreamTest.testNonAscii() is faulty
[AMQ-8398] - 4-byte Unicode message from JMS to STOMP will be corrupted
[AMQ-9547] - KahaDB PageFile can call setLength() on the recovery file which always throws an exception
Improvement:
[AMQ-9437] - Add optional advanced destination statistics including networkEnqueueCount and networkDequeueCount
[AMQ-9545] - Setting Cache-Control policy on web console.
Task:
[AMQ-9538] - Backport jmock/byte buddy migration for JDK 17+
Dependency Upgrade:
[AMQ-9491] - Upgrade to ASM 9.7
[AMQ-9493] - Upgrade to maven-plugin-plugin 3.13.1
[AMQ-9494] - Upgrade to maven-source-plugin 3.3.1
[AMQ-9495] - Upgrade to maven-assembly-plugin 3.7.1
[AMQ-9496] - Upgrade to maven-compiler-plugin 3.13.0
[AMQ-9510] - Upgrade to jmock 2.13.1
[AMQ-9556] - Upgrade to Spring 5.3.39
[AMQ-9557] - Upgrade to commons-logging 1.3.4
[AMQ-9566] - Upgrade to Jetty 9.4.56.v20240826
[AMQ-9567] - Upgrade to jmdns 3.5.12
[AMQ-9568] - Upgrade to ant 1.10.15
[AMQ-9574] - Upgrade to commons-io 2.17.0
[AMQ-9576] - Upgrade to maven-clean-plugin 3.4.0
[AMQ-9577] - Upgrade to maven-enforcer-plugin 3.5.0
[AMQ-9578] - Upgrade to maven-jar-plugin 3.4.2
[AMQ-9579] - Upgrade to maven-javadoc-plugin 3.10.0
[AMQ-9580] - Upgrade to maven-project-info-reports-plugin 3.7.0
[AMQ-9581] - Upgrade to maven-release-plugin 3.1.1
[AMQ-9582] - Upgrade to maven-surefire-plugin 3.5.0
[AMQ-9583] - Upgrade to build-helper-maven-plugin 3.6.0
[AMQ-9584] - Upgrade to javacc-maven-plugin 3.1.0
[AMQ-9585] - Upgrade to taglist-maven-plugin 3.1.0
Gitlab FOSS 17.2.8
Security (3 changes):
- [Implement input sanitization for SummarizeComments](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4bed1f854c5c7014d7486cc404a5da5321c27070) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4412))
- [Hide system notes with invalid references](https://gitlab.com/gitlab-org/security/gitlab/-/commit/884df0d68bb3f3f2a2029b2851d202949780dd3b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4484))
- [Reset dependency proxy maven credentials when registry url is changed](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c43c6ab51a2005958414062c23d5d017a9cba57d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4459))
Gitlab FOSS 17.3.4
Security (3 changes):
- [Implement input sanitization for SummarizeComments](https://gitlab.com/gitlab-org/security/gitlab/-/commit/034f25d7a760c8027f3c7426ca57ee49459f866f) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4411))
- [Hide system notes with invalid references](https://gitlab.com/gitlab-org/security/gitlab/-/commit/484a80474d1f262b45923de365e288140605333e) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4483))
- [Reset dependency proxy maven credentials when registry url is changed](https://gitlab.com/gitlab-org/security/gitlab/-/commit/74a4ae92cbb1e74e9e1e6858d6d3b0cf9daa4d09) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4458))
Gitlab FOSS 17.4.1
Fixed (2 changes)
Security (3 changes):
- [Implement input sanitization for SummarizeComments](https://gitlab.com/gitlab-org/security/gitlab/-/commit/907bbbae5d84d2505bc9aeaaa2276a9d6662014b) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4474))
- [Hide system notes with invalid references](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f349ddc9dcff2e5a7d9c496a86ce8a5b8f2192f3) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4482))
- [Reset dependency proxy maven credentials when registry url is changed](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7770dcc609ec9fe6f51ba36cbc085c1ab97a6560) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4472))
Jenkins 2.478
Community reported issues: 1×JENKINS-1234