Stay Informed

This week, read about:

• Release Notes for MongoDB 8.0 (Release Candidate).
• China Wants Red Flags on All AI-Generated Content Posted Online.
• Private Equity Commits MariaDB Takeover Transaction.
• Cassandra Redesigns Indexing, Storage Management for 5.0 Release.
• Evasion Tactics Used by Cybercriminals To Fly Under the Radar.
• New ‘Hadooken’ Linux Malware Targets WebLogic Servers.
• CentOS Stream 8 End of Builds Was May 31, 2024 and CentOS Linux 7 End of Life Was June 30, 2024. Get the Definitive Guide For CentOS EOL.
• OpenJDK Spring 2024 Release Downloads Are Now Available on OpenLogic.
• We Have the Latest Versions of OpenJDK Versions 8, 11, and 17 Now Available.

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

• CVE-2023-4911
  • CentOS 8 
    • glibc-2.28-164_ol002.el8
• CVE-2018-25032 
  • CentOS 8 
    • zlib-1.2.11-17_ol002.el8
• CVE-2022-2526
  • CentOS 8
    •  systemd-239-51_ol001.el8_5.2 
• CVE-2021-4157 
  • CentOS 8
    • kernel-4.18.0-348.7.1_ol001.el8_5
• CentOS 6 
  •  tzdata-2023c-1_ol001.el6

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

OpenLogic AngularJS
Small miscellaneous update of angular-translate@2.19.3:

• Removed bower-npm-resolver from dependencies
• This resolves unwanted downloads of minimist and tough-cookie with many others

Non-Security Based Updates

Angular 18.2.4
Compiler:

• [fix - b619d6987e] | produce less noisy errors when parsing control flow (#57711)

Migrations:

• [fix - 9895e4492f] | replace leftover modules with their exports during pruning (#57684)

Ansible v2.17.4
Bugfixes:

• Fix ``SemanticVersion.parse()`` to store the version string so that ``__repr__`` reports it instead of ``None`` (https://github.com/ansible/ansible/pull/83831).
• Fix an issue where registered variable was not available for templating in ``loop_control.label`` on skipped looped tasks (https://github.com/ansible/ansible/issues/83619)
• Fix for ``meta`` tasks breaking host/fork affinity with ``host_pinned`` strategy (https://github.com/ansible/ansible/issues/83294)
• Fix using the current task's directory for looking up relative paths within roles (https://github.com/ansible/ansible/issues/82695).
• atomic_move - fix using the setgid bit on the parent directory when creating files (https://github.com/ansible/ansible/issues/46742, https://github.com/ansible/ansible/issues/67177).
• connection plugins using the 'extras' option feature would need variables to match the plugin's loaded name, sometimes requiring fqcn, which is not the same as the documented/declared/expected variables. Now we fall back to the 'basename' of the fqcn, but plugin authors can still set the expected value directly.
• csvfile lookup - give an error when no search term is provided using modern config syntax (https://github.com/ansible/ansible/issues/83689).
• include_tasks - Display location when attempting to load a task list where ``include_*`` did not specify any value - https://github.com/ansible/ansible/issues/83874
• powershell - Improve CLIXML decoding to decode all control characters and unicode characters that are encoded as surrogate pairs.
• psrp - Fix bug when attempting to fetch a file path that contains special glob characters like ``[]``
• runtime-metadata sanity test - do not crash on deprecations if ``galaxy.yml`` contains an empty ``version`` field (https://github.com/ansible/ansible/pull/83831).
• ssh - Fix bug when attempting to fetch a file path with characters that should be quoted when using the ``piped`` transfer method

Docker/Compose v2.29.3
What's Changed
Improvements:

• Allow combination of bind mounts and 'rebuild' watches by @remcokranenburg [(12089)]

Fixes:

• Fix(wait): Wait only until first container exit by @idsulik  [(12064)]
• Prefer mount API over bind by @ndeloof [(12078)]
• Service hash must exclude depends_on by @ndeloof [(12072)]
• Attach: close streams when done by @laurazard [(12112)]
• Restore compose v1 behavior to recreate containers when ran with `-V` by @ndeloof [(12116)]

Internal:

• Allow to add empty line in the logs when nav menu activated by @glours  [(12062)]
• Docs: duplicate documentation for root cmd by @dvdksn [(12076)]
• Fix typo in pull.go by @jonathan-dev [(12108)]
• Use logrus instead of direct output to stderr by @felixfontein [(11996)]
• Fix minor typos by @NathanBaulch [(12104)]
• Chore(watch): Add changed file paths/count to log by @idsulik [(12118)]

Etcd v3.4.34
etcd server:

• Fix [performance regression issue caused by the `ensureLeadership` in lease renew](18440).
• [Keep the tombstone during compaction if it happens to be the compaction revision](18475)

Package clientv3:

• [Print gRPC metadata in guaranteed order using the official go fmt pkg](18311).

Etcd v3.5.1
etcd server:

• Fix [performance regression issue caused by the `ensureLeadership` in lease renew](18439).
• [Keep the tombstone during compaction if it happens to be the compaction revision](18474)
• Add [`etcd --experimental-compaction-sleep-interval`](18514) flag to control the sleep interval between each compaction batch.

Gitlab-foss v17.1.7
Fixed (2 changes):

• [Fix Sidekiq crashing when GITLAB_LOG_LEVEL set to debug](https://gitlab.com/gitlab-org/security/gitlab/-/commit/1647a587baa81d368cbc3d566598707cb590f430)
• [Backport Fixes Geo Replication Details view](https://gitlab.com/gitlab-org/security/gitlab/-/commit/08ed4596fbd90d9a75f1223d864eaf4e137bfaba) **GitLab Enterprise Edition**

Changed (1 change)
Security (18 changes):

• [Revert 'security-psk-fix-external-wiki-integration-dos-17-1' into '17-1"](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ade7fc8bea4032ca5bb532672efcd5a4dec3d6e8) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4455))
• [Fix the vulnerability in the glm_source parameter](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b4e1ecff528c075bb8fe89c83700673f52cc1eb4) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4434))
• [Improve GraphQL log security](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8234ed61fa7f5bd4da874b9c390d86dd36de7ad1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4350))
• [Add permissions check to project creations from a project template](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d0c8dcecec6c0b1fad95755c2ea5b781680ceb66) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4445))
• [Fix credentials disclosure in mirroring failure](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e616eef4f91e39d3d98ec1535d7f9bef3a9a0e10) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4448))
• [Redirect url in the link validated for being external](https://gitlab.com/gitlab-org/security/gitlab/-/commit/e358f0c4fadb53715fbe2d5dc031e071193c971c) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4442))
• [[17.1] Update edit permissions for DAST profiles](https://gitlab.com/gitlab-org/security/gitlab/-/commit/428ec2f74d1bea5bdcdcac1c8f636a6d800f1441) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4357))
• [Commit information visible through release atom endpoint for guest users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/6745cd87ea94fb0f0da8693c1ca1908f13593c89) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4439))
• [Execute environment stop actions as the owner of the action](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8ff8085ff4f2fd49cf8c6ae205ee0c31349e970c) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4406))
• [Prevent code injection in Product Analytics funnels YAML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/225aa66cd4086800aac24a31dfdcc067f7fc978a) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4429))
• [Prevent users with admin_group_member custom ab. to manage custom roles](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9c6ad85f4a22c95d86352da8e15e6bd85de33bf2) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4427))
• [Fixed frontend regex to parse URI](https://gitlab.com/gitlab-org/security/gitlab/-/commit/0ee3b0c7e86cd1f2d11decd28e970e9588cb4c2c) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4421))
• [Use session instead of params for identity linking](https://gitlab.com/gitlab-org/security/gitlab/-/commit/850650bb443ff41b49c8ec6e0aa732c0d12f4562) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4371))
• [Fix external wiki integration DoS by changing request to HEAD](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8ae880e3a6bef6e520ebf5f41e2b0965791dd199) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4383))
• [Restrict IPs for packages dependency proxy](https://gitlab.com/gitlab-org/security/gitlab/-/commit/8ea51fb0d0c37d54fd5c3aa797327d1149084d01) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4389))
• [Strip out Set-Cookie header from dependencyproxy auth response](https://gitlab.com/gitlab-org/security/gitlab/-/commit/1a1859fb40667b0414fe2456885765f57066a073) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4397))
• [Fix open redirect due to additional slash added](https://gitlab.com/gitlab-org/security/gitlab/-/commit/ced539e3fd51cf1bdf136cdceb520af90229e1fa) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4353))
• [Group Developers can view group runners](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3e22e9791084827757da7c990c40992a330f8adf) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4380))

Gitlab-foss v17.2.5
Fixed (2 changes):

• [Fix Sidekiq crashing when GITLAB_LOG_LEVEL set to debug](https://gitlab.com/gitlab-org/security/gitlab/-/commit/b61220ce14c6b2d199f6a6de6d0b79729c15676e)
• [Backport Fixes Geo Replication Details view](https://gitlab.com/gitlab-org/security/gitlab/-/commit/88f24858dc28d1c1ebec07a45cc5e9ef587679cf) **GitLab Enterprise Edition**

Changed (2 changes)
Security (19 changes):

• [Revert "Merge branch 'security-psk-fix-external-wiki-integration-dos-17-2' into '17-2-stable-ee'"](https://gitlab.com/gitlab-org/security/gitlab/-/commit/f81601ebba6655d25d1bfe2ff1568cc5fe96059d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4454))
• [Fix the vulnerability in the glm_source parameter](https://gitlab.com/gitlab-org/security/gitlab/-/commit/676a3faddc5e93e38671f41c4e48ce48875364a3) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4435))
• [Improve GraphQL log security](https://gitlab.com/gitlab-org/security/gitlab/-/commit/306589f342b7f9aa118c582c55278574291f22c7) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4349))
• [Add permissions check to project creations from a project template](https://gitlab.com/gitlab-org/security/gitlab/-/commit/c5e57b452df8ea55f9a7f3870a79c41819f237d1) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4444))
• [Fix credentials disclosure in mirroring failure](https://gitlab.com/gitlab-org/security/gitlab/-/commit/2973e7765866d37c1910352fba1c01644d56bf32) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4447))
• [Redirect url in the link validated for being external](https://gitlab.com/gitlab-org/security/gitlab/-/commit/7cdde56d9085dfa2bff8da57f4f9df3b21a2894d) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4441))
• [[17.2] Update edit permissions for DAST profiles](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d71e9da0d204366439cdcf0fc577458a1069f089) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4356))
• [Commit information visible through release atom endpoint for guest users](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3944f5b91d3d7ff7f30f616c8f5fadd77a6b6fe4) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4438))
• [Execute environment stop actions as the owner of the action](https://gitlab.com/gitlab-org/security/gitlab/-/commit/5a037af920b2e621a8dd1b2761dd9cbbc6731ecc) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4405))
• [Prevent code injection in Product Analytics funnels YAML](https://gitlab.com/gitlab-org/security/gitlab/-/commit/da77ff49ca023be82a3d1e0102c9d0caf8e7a498) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4430))
• [Prevent users with admin_group_member custom ab. to manage custom roles](https://gitlab.com/gitlab-org/security/gitlab/-/commit/d81400b571b46633603c6d6bfd2657806c9de506) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4426))
• [Fixed frontend regex to parse URI](https://gitlab.com/gitlab-org/security/gitlab/-/commit/99bb822df8102f4e71fa473f11c8767e65759575) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4420))
• [Use session instead of params for identity linking](https://gitlab.com/gitlab-org/security/gitlab/-/commit/114074f667aad583c557ea09350edb5226659d62) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4370))
• [Fix external wiki integration DoS by changing request to HEAD](https://gitlab.com/gitlab-org/security/gitlab/-/commit/4b787a02964a696421d72ae847590d40cf8d2438) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4382))
• [Restrict IPs for packages dependency proxy](https://gitlab.com/gitlab-org/security/gitlab/-/commit/fc752ed2f6aa9e3c46f5d7b4ee65f0d193f7ffc6) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4390))
• [Strip out Set-Cookie header from dependencyproxy auth response](https://gitlab.com/gitlab-org/security/gitlab/-/commit/25dbceaeb243aed695774b232e28cf106898dfbf) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4398))
• [Fix open redirect due to additional slash added](https://gitlab.com/gitlab-org/security/gitlab/-/commit/681c6c65912e20e08bbe942cb0b923cfc0db2345) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4352))
• [Group Developers can view group runners](https://gitlab.com/gitlab-org/security/gitlab/-/commit/9b96f9ad80262f2329f08328a2c6f6b10e5032dd) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4379))
• [Enforce Pipeline execution policy variables for template rules](https://gitlab.com/gitlab-org/security/gitlab/-/commit/44d70919eb689f73c7c65a2db3476e205b375528) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4394))

Jenkins 2.476
Bug fixes:

• Compatibility for `ChainedServletFilter` (#9696) @basil
• [JENKINS-72988] - validate displayname against items in the same ItemGroup (#9152) @mawinter69
• Disable dependents toggle in plugin manager with system read (#9463) @timja

Changes for plugin developers:

• Introduce `ComputerListener#onIdle` (#9673) @Vlatombe

Kubernetes v1.30.5
Changes by Kind
API Change:

• Fixes a regression in openapi descriptions of PodIP.IP  and HostIP.IP fields to mark the fields used as keys in those lists as required. (#126666, @thockin) [SIG API Machinery]

Feature:

• Kubernetes is now built with go 1.22.6 (#126970, @cpanato) [SIG Release and Testing]

Bug or Regression:

• Fix a scheduler preemption issue where the victim pod was not deleted due to incorrect status patching. This issue occurred when the preemptor and victim pods had different QoS classes in their status, causing the preemption to fail entirely. (#126693, @Huang-Wei) [SIG Scheduling]
• Fix race condition in kube-proxy initialization that could blackhole UDP traffic to service VIP. (#126688, @wedaly) [SIG Network]
• Fixed a bug that doesn't allow to install k8s.io/kube-openapi dependency on execute kube::codegen::gen_openapi. (#126923, @kannon92) [SIG API Machinery]
• Fixed a bug where init containers may fail to start due to a temporary container runtime failure. (#127213, @SergeyKanzhelev) [SIG Node]
• Fixed a regression in 1.29+ default configurations, where regular init containers may fail to start due to a temporary container runtime failure. (#127203, @SergeyKanzhelev) [SIG Node]
• Terminated Pods on a node will not be re-admitted on kubelet restart. This fixes the problem of Completed Pods awaiting for the finalizer marked as Failed after the kubelet restart. (#127208, @SergeyKanzhelev) [SIG Node and Testing]
• Upgrade coreDNS to v1.11.3 (#126797, @BenTheElder) [SIG API Machinery, Architecture, Auth, CLI, Cloud Provider, Cluster Lifecycle, Network and Node]

Kubernetes v1.31.1
Changes by Kind
Deprecation:

• Reverted the `DisableNodeKubeProxyVersion` feature gate to default-off to give a full year from deprecation announcement in 1.29 to clearing the field by default, per the Kubernetes deprecation policy. (#126721, @liggitt) [SIG Architecture and Node]

API Change:

• The resource/v1alpha3.ResourceSliceList filed which should have been named "metadata" but was instead named "listMeta" is now properly "metadata". (#126761, @thockin) [SIG API Machinery]

Feature:

• Kubernetes is now built with go 1.22.6 (#126974, @cpanato) [SIG Release and Testing]

Bug or Regression:

• Fix a scheduler preemption issue where the victim pod was not deleted due to incorrect status patching. This issue occurred when the preemptor and victim pods had different QoS classes in their status, causing the preemption to fail entirely. (#126691, @Huang-Wei) [SIG Scheduling]
• Fix race condition in kube-proxy initialization that could blackhole UDP traffic to service VIP. (#126687, @wedaly) [SIG Network]
• Fixed a bug where init containers may fail to start due to a temporary container runtime failure. (#127212, @SergeyKanzhelev) [SIG Node]
• Fixed a regression in 1.29+ default configurations, where regular init containers may fail to start due to a temporary container runtime failure. (#127202, @SergeyKanzhelev) [SIG Node]
• Kube-apiserver: Fixes a 1.31 regression that stopped honoring build ID overrides with the --version flag (#126670, @liggitt) [SIG API Machinery]
• Revert "fix: handle socket file detection on Windows" (#127100, @jsturtevant) [SIG Node]
• Terminated Pods on a node will not be re-admitted on kubelet restart. This fixes the problem of Completed Pods awaiting for the finalizer marked as Failed after the kubelet restart. (#127207, @SergeyKanzhelev) [SIG Node and Testing]
• Upgrade coreDNS to v1.11.3 (#126796, @BenTheElder) [SIG Cloud Provider and Cluster Lifecycle]

Other (Cleanup or Flake):

• Updated cni-plugins to v1.5.1. (#126988, @saschagrunert) [SIG Cloud Provider, Node and Testing]

Kubernetes v1.29.9
Changes by Kind
Feature:

• Kubernetes is now built with go 1.22.6 (#126971, @cpanato) [SIG Release and Testing]

Bug or Regression:

• Fix a scheduler preemption issue where the victim pod was not deleted due to incorrect status patching. This issue occurred when the preemptor and victim pods had different QoS classes in their status, causing the preemption to fail entirely. (#126694, @Huang-Wei) [SIG Scheduling]
• Fix race condition in kube-proxy initialization that could blackhole UDP traffic to service VIP. (#126689, @wedaly) [SIG Network]
• Fixed a bug where init containers may fail to start due to a temporary container runtime failure. (#127214, @SergeyKanzhelev) [SIG Node]
• Fixed a regression in 1.29+ default configurations, where regular init containers may fail to start due to a temporary container runtime failure. (#127204, @SergeyKanzhelev) [SIG Node]
• Terminated Pods on a node will not be re-admitted on kubelet restart. This fixes the problem of Completed Pods awaiting for the finalizer marked as Failed after the kubelet restart. (#127209, @SergeyKanzhelev) [SIG Node and Testing]

Kubernetes v1.28.14
Changes by Kind
Feature:

• Kubernetes is now built with go 1.22.6 (#126973, @cpanato) [SIG Release and Testing]

Bug or Regression:

• Fix a scheduler preemption issue where the victim pod was not deleted due to incorrect status patching. This issue occurred when the preemptor and victim pods had different QoS classes in their status, causing the preemption to fail entirely. (#126695, @Huang-Wei) [SIG Scheduling]
• Fix race condition in kube-proxy initialization that could blackhole UDP traffic to service VIP. (#126692, @wedaly) [SIG Network]
• Terminated Pods on a node will not be re-admitted on kubelet restart. This fixes the problem of Completed Pods awaiting for the finalizer marked as Failed after the kubelet restart. (#127210, @SergeyKanzhelev) [SIG Node and Testing]