Stay Informed

This week, read about:

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

OpenLogic AngularJS
Small miscellaneous update of angular-translate@2.19.3:

  • Removed bower-npm-resolver from dependencies
  • This resolves unwanted downloads of minimist and tough-cookie with many others

Non-Security Based Updates

Angular 18.2.3 

  • [fix - de68e049e4] | Dynamicaly call the global fetch implementation (#57531) |

Elasticsearch v8.15.1
Bug fixes:
Aggregations:

  • Revert "Avoid bucket copies in Aggs" {es-pull}111758[#111758] (issue: {es-issue}111679[#111679])

Authorization:

  • Fix DLS over Runtime Fields {es-pull}112260[#112260] (issue: {es-issue}111637[#111637])

ES|QL:

  • Avoid losing error message in failure collector {es-pull}111983[#111983] (issue: {es-issue}111894[#111894])
  • Avoid wrapping rejection exception in exchange {es-pull}112178[#112178] (issue: {es-issue}112106[#112106])
  • ESQL: Fix for overzealous validation in case of invalid mapped fields {es-pull}111475[#111475] (issue: {es-issue}111452[#111452])

Geo:

  • Add maximum nested depth check to WKT parser {es-pull}111843[#111843]
  • Always check `crsType` when folding spatial functions {es-pull}112090[#112090] (issue: {es-issue}112089[#112089])
  • Fix NPE when executing doc value queries over shape geometries with empty segments {es-pull}112139[#112139]

Indices APIs:

  • Fix template alias parsing livelock {es-pull}112217[#112217]

Infra/Core:

  • Fix windows memory locking {es-pull}111866[#111866] (issue: {es-issue}111847[#111847])

Ingest Node:

  • Fixing incorrect bulk request took time {es-pull}111863[#111863] (issue: {es-issue}111854[#111854])
  • Improve performance of grok pattern cycle detection {es-pull}111947[#111947]

Logs:

  • Merge multiple ignored source entires for the same field {es-pull}111994[#111994] (issue: {es-issue}111694[#111694])

Machine Learning:

  • [Inference API] Move Delete inference checks to threadpool worker {es-pull}111646[#111646]

Mapping:

  • Check for valid `parentDoc` before retrieving its previous {es-pull}112005[#112005] (issue: {es-issue}111990[#111990])
  • Fix calculation of parent offset for ignored source in some cases {es-pull}112046[#112046]
  • Fix synthetic source for empty nested objects {es-pull}111943[#111943] (issue: {es-issue}111811[#111811])
  • No error when `store_array_source` is used without synthetic source {es-pull}111966[#111966]
  • Prevent synthetic field loaders accessing stored fields from using stale data {es-pull}112173[#112173] (issue: {es-issue}112156[#112156])

Ranking:

  • Properly handle filters on `TextSimilarityRank` retriever {es-pull}111673[#111673]

Relevance:

  • Semantic reranking should fail whenever inference ID does not exist {es-pull}112038[#112038] (issue: {es-issue}111934[#111934])
  • [Bugfix] Add `accessDeclaredMembers` permission to allow search application templates to parse floats {es-pull}111285[#111285]

Search:

  • Explain Function Score Query {es-pull}111807[#111807]

Security:

  • Fix "unexpected field [remote_cluster]" for CCS (RCS 1.0) when using API key that references `remote_cluster` {es-pull}112226[#112226]
  • Fix connection timeout for `OpenIdConnectAuthenticator` get Userinfo {es-pull}112230[#112230]

Vector Search:

  • Fix `NullPointerException` when doing knn search on empty index without dims {es-pull}111756[#111756] (issue: {es-issue}111733[#111733])
  • Speed up dense/sparse vector stats {es-pull}111729[#111729] (issue: {es-issue}111715[#111715])

Jenkins 2.475 
Major Features and Improvements:
* [JENKINS-73278] - Migrate core from EE 8 to EE 9 (#9672) @basil

New Features and Improvements:
* [JENKINS-73422] - Add escape hatch for Authenticated user access to Resource URL (#9644) @Dohbedoh
* Friendlier handling of `DeploymentHandshakeException` from CLI in `-webSocket` mode (#9591) @jglick
* [JENKINS-73669] - don't change unrelated checkboxes in rowSelectionCont… (#9648) @mawinter69
* Add -webSocket option by default when creating an inbound agent (#9665) @Vlatombe

Bug fixes:
* [JENKINS-73695] - BUG: Dashboard shows white space on certain width space >900px (#9667) @scherler
* [JENKINS-73692] - Turn off logging from `BackgroundGlobalBuildDiscarder` (#9663) @jglick

Changes for Plugin Developers:
* Add doCheckDisplayNameOrNull to jenkins core (#9150) @krisstern

Elastic/Kibana v8.15.1
The 8.15.1 release includes the following bug fixes.
Enhancements
 Other:

  • Automatic Import now supports the 'multiline newline-delimited JSON' log sample format for the Filestream input ({kibana-pull}190588[#190588]).

Bug fixes
Data Discovery:

  • Fixes time range filter ({kibana-pull}187010[#187010]).

Elastic Security:

  • For the Elastic Security 8.15.1 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].

Fleet:

  • Remove duplicative retries from client-side requests to APIs that depend on EPR ({kibana-pull}190722[#190722]).

Lens & Visualizations:

  • Visualization blows up when invalid color is passed in *TSVB* ({kibana-pull}190658[#190658]).

Observability:

  • Enables wildcard search for the Synthetics waterfall chart ({kibana-pull}191132[#191132]).
  • Fixes accordion disclosure keyboard focus border ({kibana-pull}190436[#190436]).
  • Always pass allowLeadingWildcards as true to the KQL validation in the custom threshold rule API param validation ({kibana-pull}190031[#190031]).
  • Prevent excess calls to get agent namespace ({kibana-pull}189995[#189995]).
  • Fixes blank storage explorer summary when filter string is active ({kibana-pull}189760[#189760]).
  • Observability AI Assistant: Use internal user when fetching connectors ({kibana-pull}190462[#190462]).
  • Observability AI Assistant: Fixes bug “Cannot set initialMessages if initialConversationId is set" ({kibana-pull}189885[#189885]).

Platform:

  • Fixes handling of splittable subkeys when processing values ({kibana-pull}190590[#190590]). Fixes a bug when processing YAML configuration keys that contain dotted notation in objects in arrays. This can manifest as a validation error causing Kibana to not start.

Presentation:

  • Fixes by-value map embeddables have broken layers ({kibana-pull}190996[#190996]).
  • Fixes text readability on map scale, attribution, and coordinate controls ({kibana-pull}189639[#189639]).

Search:

  • Fixes index error incorrectly showing up ({kibana-pull}189283[#189283]). Fixes a bug where an index error about the `semantic_text` field would be incorrectly displayed when the inference endpoint was configured and available.

Uptime:

  • Fixes broken pagination in Uptime when a filter is applied ({kibana-pull}189831[#189831]).

Security:

  • Resolve a bug in ECS missing fields detection ({kibana-pull}191502[#191502]).
  • Improve sample merge functionality ({kibana-pull}190656[#190656]).
  • Try parsing samples as both NDJSON and JSON ({kibana-pull}190046[#190046]).

Sonatype/Nexus 3.72.0-04 

Nodejs/Node v22.8.0

  • New JS API for compile cache. This release adds a new API `module.enableCompileCache()` that can be used to enable on-disk code caching of all modules loaded after this API is called. Previously this could only be enabled by the `NODE_COMPILE_CACHE` environment variable, so it could only set by end-users. This API allows tooling and library authors to enable caching of their own code. This is a built-in alternative to the [v8-compile-cache] ] packages, but have [better performance]#issuecomment-1970331362) and supports ESM. Thanks to Joyee Cheung for working on this.
  • New option for vm.createContext() to create a context with a freezable global. This Node.js implements a flavor of `vm.createContext()` and friends that creates a context without contextifying its global object when vm.constants.DONT\_CONTEXTIFY is used. This is suitable when users want to freeze the context (impossible when the global is contextified i.e. has interceptors installed) or speed up the global access if they don't need the interceptor behavior. Thanks to Joyee Cheung for working on this.
  • Support for coverage thresholds Node.js now supports requiring code coverage to meet a specific threshold before the process exits successfully. To use this feature, you need to enable the `--experimental-test-coverage` flag. You can set thresholds for the following types of coverage:
  • Branch coverage**: Use `--test-coverage-branches=<threshold>`
  • Function coverage**: Use `--test-coverage-functions=<threshold>`
  • Line coverage**: Use `--test-coverage-lines=<threshold>` `<threshold>` should be an integer between 0 and 100. If an invalid value is provided, a `TypeError` will be thrown. If the code coverage fails to meet the specified thresholds for any category, the process will exit with code `1`. For instance, to enforce a minimum of 80% line coverage and 60% branch coverage, you can run:
```console
$ node --experimental-test-coverage --test-coverage-lines=80 --test-coverage-branches=60 example.js
```

Eclipse-openj9 0.46.1 
WHAT'S NEW IN VERSION 0.46.0

  • The following new features and notable changes since version 0.45.0 are included in this release:
    • New binaries and changes to supported environments
    • MD5 message digest algorithm support for OpenSSL
    • Support added for the com.sun.management.ThreadMXBean.getTotalThreadAllocatedBytes() API
  • The JITServer AOT caching feature enabled by default at the JITServer server
  • The extended Hot Code Replace (HCR) capability disabled and -XX:[+|-]EnableExtendedHCR option added
  • New system property added to improve jcmd attaching in case of the SocketException error on Windows™ platform
    • Xtgc:allocation report includes core allocation cache statistics per thread
  • New -XX:[+|-]ShareOrphans option added
  • New -XX:[+|-]JITServerAOTCacheIgnoreLocalSCC option added
  • New -XdynamicHeapAdjustment option added

Features and changes
Binaries and supported environments:

  • Eclipse OpenJ9™ release 0.46.0 supports OpenJDK 8, 11, 17, 21, and 22. CentOS 6, CentOS 7, Red Hat Enterprise Linux (RHEL) 6, and RHEL 7 are removed from the list of supported platforms. RHEL 8.6 and 9.0 are out of support. RHEL 8.8 and 9.2 are the new minimum operating system levels. To learn more about support for OpenJ9 releases, including OpenJDK levels and platform support, see Supported environments.

MD5 message digest algorithm support for OpenSSL:

  • OpenSSL native cryptographic support is added for the MD5 message digest algorithm, providing improved cryptographic performance. OpenSSL support is enabled by default. If you want to turn off support for the MD5 message digest algorithm, set the -Djdk.nativeDigest system property to false.

Support added for the com.sun.management.ThreadMXBean.getTotalThreadAllocatedBytes() API:

  • With this release, the OpenJ9 VM implementation supports measurement of the total memory allocation for all threads (com.sun.management.ThreadMXBean.getTotalThreadAllocatedBytes() API).
  • The getTotalThreadAllocatedBytes() method now returns the total thread allocated bytes instead of -1.

The JITServer AOT caching feature enabled by default at the JITServer server:

  • -XX:+JITServerUseAOTCache is the default setting at the JITServer server now. That means that you don't have to specify the -XX:+JITServerUseAOTCache option at the server to enable the JITServer AOT caching feature.
  • Although this option is by default enabled at the server, it is still disabled for the JITServer clients. The clients that want to use the JITServer AOT caching, must still specify the -XX:+JITServerUseAOTCache option on the command line. Also, now the clients don't have to enable the shared classes cache feature to use the -XX:+JITServerUseAOTCache option.
  • For more information, see  -XX:[+|-]JITServerUseAOTCache.

The extended Hot Code Replace (HCR) capability disabled and -XX:[+|-]EnableExtendedHCR option added:

  • By default, the extended HCR capability in the VM is disabled for all OpenJDK versions, which is a change from the previous releases. You can enable the HCR capability by using the new option, -XX:+EnableExtendedHCR option.
  • The extended HCR feature is deprecated in this release and will be removed in a future release. From OpenJDK 25 onwards, extended HCR will not be supported. Following that, the extended HCR support will be removed from other earlier OpenJDK versions also.

New system property added to improve jcmd attaching in case of the SocketException error on Windows platform:

  • When the jcmd tool sends a command to a running VM, the command might throw the Socket Exception error on Windows platform. Instead of failing the attaching request, you can specify the number of times the tool retries attaching to the target VM with the new system property, -Dcom.ibm.tools.attach.retry.

-Xtgc:allocation report includes core allocation cache statistics per thread:

  • The -Xtgc:allocation option prints thread-specific allocation cache (TLH) statistics in addition to the cumulative allocation statistics.

New -XX:[+|-]ShareOrphans option added:

  • When -Xshareclasses was specified, only those class loaders that implemented the OpenJ9's public shared classes cache APIs (and its child class loaders) could store classes to the shared classes cache. Custom class loaders that did not implement these cache APIs cannot pass the module or class path information to the VM. Classes of such class loaders were not stored to the cache.
  • You can enable class sharing from all class loaders, irrespective of whether the class loader implements the shared classes cache API, with the -XX:+ShareOrphans option.
  • For more information, see -XX:[+|-]ShareOrphans.

New -XX:[+|-]JITServerAOTCacheIgnoreLocalSCC option added:

  • From this release onwards, the default behavior of the client when it uses the JITServer AOT cache is to bypass its local shared classes cache (if one is set up) during JITServer AOT cache compilations. You can control how the JITServer AOT cache feature interacts with the local cache at JITServer client VMs with the -XX:[+|-]JITServerAOTCacheIgnoreLocalSCC option.

New -XdynamicHeapAdjustment option added:

  • By default, if a checkpoint is taken in a container with no memory limits and then restored in a container with memory limits, the restored VM instance does not detect the memory limits.
  • You can now create a single image file and restore it on various nodes with different memory limits. The new option -XdynamicHeapAdjustment automatically adjusts the maximum Java heap size (-Xmx) and minimum Java heap size (-Xms) values such that they are within the physical memory limitations on the system.

Known problems and full release information:

  • To see known problems and a complete list of changes between Eclipse OpenJ9 v0.45.0 and v0.46.0 releases, see the Release notes.

View all OpenUpdate editions >