Stay Informed

This week, read about:

• While HashiCorp Plays License Roulette, Virter Rolls Out To Rescue FossVM Testing.
• Open Source Orgs Strengthen Alliance Against Patent Trolls.
• Cassandra Redesigns Indexing, Storage Management for 5.0 Release.
• Redmonk: No Clear Link Between Moving From Open Source to aProprietary License, and Increasing Company Value.
• CentOS Stream 8 End of Builds Was May 31, 2024 and CentOS Linux 7 End of Life Was June 30, 2024. Get the Definitive Guide For CentOS EOL.
• OpenJDK Spring 2024 Release Downloads Are Now Available on OpenLogic.
• We Have the Latest Versions of OpenJDK Versions 8, 11, and 17 Now Available.

Security Based Updates

Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:

• CVE-2023-4911
  • CentOS 8 
    • glibc-2.28-164_ol002.el8
• CVE-2018-25032 
  • CentOS 8 
    • zlib-1.2.11-17_ol002.el8
• CVE-2022-2526
  • CentOS 8
    •  systemd-239-51_ol001.el8_5.2 
• CVE-2021-4157 
  • CentOS 8
    • kernel-4.18.0-348.7.1_ol001.el8_5
• CentOS 6 
  •  tzdata-2023c-1_ol001.el6

We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!

OpenLogic AngularJS
Small miscellaneous update of angular-translate@2.19.3:

• Removed bower-npm-resolver from dependencies
• This resolves unwanted downloads of minimist and tough-cookie with many others

Non-Security Based Updates

Angular 18.2.5
compiler-cli:

• [fix - e685ed883a] | extended diagnostics not validating ICUs (#57845) |

Core:

• [fix - 76709d5d6e] | Handle `@let` declaration with array when `preparingForHydration` (#57816) |

Migrations:

• [fix - 5c866942a1] | account for explicit standalone: false in migration (#57803) |

Docker/Compose v2.29.7
What's Changed
Fixes:
* fix regressions using mount API for bind mounts by @glours in

Docker/Compose v2.29.6
What's Changed
Fixes:
* Don't set propagation if target engine isn't linux by @ndeloof [(12138)]

Dependencies:
* build(deps): bump docker, docker/cli to v27.3.0-rc.2 by @thaJeztah [(12136)]

Docker/Compose v2.29.5
What's Changed:
This release fix an issue with bind mounts on WSL2 when using Docker Desktop

Fixes:
* Set propagation default by @ndeloof [(12133)]

Internal:
* Remove custom codeql workflow in favor of default setup by @temenuzhka-thede [(12131)]

Docker/Compose v2.29.4
What's Changed
Fixes:
* Fixed possible `nil` pointer dereference by @disc [(12127)]
* Stop dependent containers before recreating diverged service by @ndeloof [(12122)]

Internal:
* GHA: test against docker engine v27.3.0 by @thaJeztah [(12126)]
* Chore(watch): Add debug log when skipping service without build context by @idsulik [(12067)]

Dependencies:
* Build(deps): bump docker, docker/cli to v27.3.0-rc.1, buildx v0.17.1 by @thaJeztah [(12125)]

New Contributors:
* @disc made their first contribution in

Gitlab-foss v17.4.0
Added (202 changes)
Fixed (187 changes)
Changed (249 changes)
Deprecated (3 changes)
Removed (43 changes)
Security (23 changes):

• [Revert "Merge branch 'security-psk-fix-external-wiki-integration-dos' into 'master'"](https://gitlab.com/gitlab-org/gitlab/-/commit/ee5a8b7af26859f16777c014a5be057d99b6d177)
• [Fix external wiki integration DoS by changing request to HEAD](https://gitlab.com/gitlab-org/gitlab/-/commit/03fd80cf91bbc3e3f7a3a8c9e6ffa9daae5ea8b4)
• [Redirect url in the link validated for being external](https://gitlab.com/gitlab-org/gitlab/-/commit/53a745fd8e203ca8f21e0630bc7529da8adec9db)
• [Strip out Set-Cookie header from dependencyproxy auth response](https://gitlab.com/gitlab-org/gitlab/-/commit/8d01129bb26a96e6ed56522bf4504759f0f56301)
• [Fix open redirect due to additional slash added](https://gitlab.com/gitlab-org/gitlab/-/commit/4ece8de829be74e915c61ac0ec8ab2714fcd83f5)
• [Prevent code injection in Product Analytics funnels YAML](https://gitlab.com/gitlab-org/gitlab/-/commit/4453364640da5b3a422af92bb0fbc9356b26f195)
• [Add permissions check to project creations from a project template](https://gitlab.com/gitlab-org/gitlab/-/commit/296bb8bf037fd1e468223943d8c3fc5d3cd480e5)
• [Fix the vulnerability in the glm_source parameter](https://gitlab.com/gitlab-org/gitlab/-/commit/9ab1ddbdb4d3d0a026e42d5972a00962c1e900ae)
• [Fix credentials disclosure in mirroring failure](https://gitlab.com/gitlab-org/gitlab/-/commit/2df401b90febce44425fc03bbb1ba9eceef84a88)
• [Improve GraphQL log security](https://gitlab.com/gitlab-org/gitlab/-/commit/f52d37ba60af4a6411a2a896bd3232a3001368b5)
• [Update edit permissions for DAST profiles](https://gitlab.com/gitlab-org/gitlab/-/commit/e663019be4168b0f42cf895be213d9d9fef06cfc)
• [Prevent users with admin_group_member custom ab. to manage custom roles](https://gitlab.com/gitlab-org/gitlab/-/commit/b5f12f834b6e84251274e855c961f97f21f29b0e)
• [Execute environment stop actions as the owner of the action](https://gitlab.com/gitlab-org/gitlab/-/commit/12d8d2f67ce8e8d256ba36faf09536cd3d7ce10c)
• [Commit information visible through release atom endpoint for guest users](https://gitlab.com/gitlab-org/gitlab/-/commit/39dc0863d8fe989069ecc94e538352c5bc57a41b)
• [Group Developers can view group runners](https://gitlab.com/gitlab-org/gitlab/-/commit/924c311d3f9727e118b60b7a1973ab60009d0efa)
• [Fixed frontend regex to parse URI](https://gitlab.com/gitlab-org/gitlab/-/commit/97211a42ba751d3b7e24d763dd18ad99abaae989)
• [Use session instead of params for identity linking](https://gitlab.com/gitlab-org/gitlab/-/commit/e2d183895fdfb4c846c0b8d7b51482f6ef1d19dc)
• [Enforce Pipeline execution policy variables for template rules](https://gitlab.com/gitlab-org/gitlab/-/commit/4f50f93aa73c69bf3076bbb1ea840a130d344b50)
• [Restrict IPs for packages dependency proxy](https://gitlab.com/gitlab-org/gitlab/-/commit/6847e3a69e700ba2ca0dfa5a04d2448a2bf53d27)
• [IP restriction to prevent all group permissions](https://gitlab.com/gitlab-org/gitlab/-/commit/d486737cc363455d6d71d4bc2bcc55f7858de87a)
• [Do not run pipelines when resolving vulnerability](https://gitlab.com/gitlab-org/gitlab/-/commit/80cb299c28296646c4c8b7dfa1cbee8f2fe9a68b)
• [Destroy associated releases when removing a tag via Git CLI](https://gitlab.com/gitlab-org/gitlab/-/commit/8212ba9bb6cde25f784e1fb9742dfa7a575a390d)
• [Add Octokit::ResponseValidation middleware](https://gitlab.com/gitlab-org/gitlab/-/commit/5a9474ddfcd29ae71df06bb36f7ed3c995252da0)

Performance (3 changes)
Other (117 changes)

Jenkins 2.477
This is an automatically generated changelog draft for Jenkins weekly releases. See for the official changelog for this release.

New features and improvements:

• Refine content and appearance of the user account screen (#9521) @janfaracik
• Use Notice component for views lacking jobs (#9724) @janfaracik
• Update appearance of 'Jenkins is starting' pages (#9707) @janfaracik

Bug fixes:

• [JENKINS-73785] - Restore `ContextMenu#from` with `StaplerRequest`/`Response` args (#9737) @daniel-beck
• [JENKINS-73695] - Prevent unnecessary horizontal scrollbar in Firefox (#9695) @scherler
• [JENKINS-73687] - Make deserialization of `Map` fields in XML files more robust (#9653) @dwnusbaum