Related Resources
Learn more about open source including technologies, industry trends, and available services.
OpenUpdate Weekly | News and Security Updates
Your Free Source of Open Source News
- March 17, 2022
- March 10, 2022
- March 3, 2022
- February 24, 2022
- February 17, 2022
- February 10, 2022
- February 3, 2022
- January 27, 2022
OpenUpdate - March 17, 2022
Stay Informed
This week, read about:
- 'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices.
- How Open-Source Intelligence (OSINT) is Exposing the Ukraine War in Real-Time.
- Open Source Can Power Innovation, If You Manage the Risk.
Key Security, Maintenance, and Features Releases
Security Updates
Apache HTTPD 2.4.53
SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC)
SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative
SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle <james.kettle portswigger.net>
SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva
Non-Security Updates
Apache ActiveMQ 5.17.0
[AMQ-2396] - Fix OSGi metadata so that bundles do not import their own exports as it's usually a bad idea for activemq bundles
[AMQ-5388] - User Role Granted Full Privileges in jetty.xml
[AMQ-6660] - Deadlock closing a connection due to an exception
[AMQ-6781] - The ActiveMQ Web Console doesn’t support a plus (+) sign in the ClientID
Apache Maven 3.8.5
[MNG-5180] - Versioning's snapshot version list is not included in metadata merge
[MNG-5561] - Plugin relocation loses configuration
[MNG-5982] - The POM for ... is invalid, transitive dependencies ... while property was overriden
[MNG-6326] - Build continues when core extensions aren't found
Apache Tomcat 10.0.18 and 9.0.60
10.0.18
Fix: #477: Update the default list of JARs to skip to include the Apache Log4j JAR for Jakarta EE platforms. Pull request by Michael Seele. (markt)
Fix: 65921: The type substitution flag for the rewrite valve should set the content type for the response, not the request. (markt)
Fix: #479: Enable the rewrite valve to redirect requests when the original request cannot be mapped to a context. This typically happens when no ROOT context is defined. Pull request by elkman. (markt)
Fix: 65940: Fix NullPointerException if an exception occurs during the destruction of a Servlet. (markt)
9.0.60
Fix: 65921: The type substitution flag for the rewrite valve should set the content type for the response, not the request. (markt)
Fix: #479: Enable the rewrite valve to redirect requests when the original request cannot be mapped to a context. This typically happens when no ROOT context is defined. Pull request by elkman. (markt)
Fix: 65940: Fix NullPointerException if an exception occurs during the destruction of a Servlet. (markt)
Jeknkins 2.339
Winstone 5.24 - Add an option to write the listening port to a file. Remove automatic self signed certificate if TLS is specified but no keystore (pull 5928, issue 66379, Winstone 5.23 changelog, Winstone 5.24 changelog)
Make "Unavailable" label in plugin manager theme-able (issue 67953)
Support Java 17 without --add-opens command-line options. (pull 6356)
Remove unnecessary log spam when starting Jenkins under systemd on Debian 11 (regression in 2.333 and 2.332.1). (issue 67995)
OpenUpdate - March 10, 2022
Stay Informed
This week, read about:
- New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices.
- Google’s Jigsaw Launches an Open Source Anti-Harassment Tool for Women.
- The Eclipse Foundation Launches New Working Group for Software-Defined Vehicles.
Key Security, Maintenance, and Features Releases
Security Updates
Firefox 98
Now, you can set a default app to open a file type. Choose the application you want to use to open files of a specific type in your Firefox settings.
After updating to Firefox version 98, "Always ask" download actions will now be reset.
Various security fixes.
Non-Security Updates
Apache Camel 3.14.2
CAMEL-17712
Memory leak in DefaultCamelContext reported by Tomcat 10
CAMEL-17702
[camel-google-storage] Payload type File causes NPE on consumer
CAMEL-17658
camel-core - Configuring endpoint Map options with keys with dots have trimmed keys
CAMEL-17655
OpenTracing throw NPE using onCompletion definition
Apache Tomcat
8.5.76
Add: 61171: Add the portOffset attribute to the Server element which is added to the configured shutdown and Connector ports. Based on a patch by Marek Czernek. (markt)
Add: 64080: Enhance the graceful shutdown feature. Includes a new option for StandardService, gracefulStopAwaitMillis, that allows a time to be specified to wait for client connections to complete and close before the Container hierarchy is stopped. (markt/remm)
Add: Add ha-api-*.jar and jaxws-rt-*.jar to the list of JARs to skip when scanning for TLDs, web fragments and annotations. (michaelo)
Add: Expand the default mappings used by ServletResponse.setLocale() to include a mapping from the ja locale to the Shift_JIS encoding. (markt)
9.0.59
Add: Add ha-api-*.jar and jaxws-rt-*.jar to the list of JARs to skip when scanning for TLDs, web fragments and annotations. (michaelo)
Add: Expand the default mappings used by ServletResponse.setLocale() to include a mapping from the ja locale to the Shift_JIS encoding. (markt)
Fix: 65806: Improve the handling of session ID generation when the default algorithm for SecureRandom (SHA1PRNG) is not supported by the configured providers as will be the case for a FIPS compliant configuration. (markt)
Fix: #464: Fall back to the class loader used to load JULI when the thread context class loader is not set. In a normal Tomcat configuration, this will be the system class loader. Based on a pull request by jackshirazi. (markt)
10.0.17
Add: Add ha-api-*.jar and jaxws-rt-*.jar to the list of JARs to skip when scanning for TLDs, web fragments and annotations. (michaelo)
Add: Expand the default mappings used by ServletResponse.setLocale() to include a mapping from the ja locale to the Shift_JIS encoding. (markt)
Fix: 65806: Improve the handling of session ID generation when the default algorithm for SecureRandom (SHA1PRNG) is not supported by the configured providers as will be the case for a FIPS compliant configuration. (markt)
Fix: #464: Fall back to the class loader used to load JULI when the thread context class loader is not set. In a normal Tomcat configuration, this will be the system class loader. Based on a pull request by jackshirazi. (markt)
Docker 2.3.2
Fix json format for version command by @victor-timofei in #9242
filter containers after project has been rebuilt from resources by @ndeloof in #9244
publish a draft release with auto generate release notes by @glours in #9245
map --interactive to StdinOpen by @ndeloof in #9246
JBoss Drools 7.66.0.Final
[DROOLS-6112] - executable-model test failure in test-compiler-integration DrlSpecificFeaturesTest
[DROOLS-6114] - executable-model test failure in test-compiler-integration MemberOfTest
[DROOLS-6119] - executable-model test failure in test-compiler-integration DrlParserTest
[DROOLS-6123] - executable-model test failure in test-compiler-integration NodeHashingTest
OpenUpdate - March 3, 2022
Stay Informed
This week, read about:
- CISA Adds Recently Disclosed Zimbra Bug to its Exploited Vulnerabilities Catalog.
- The Open Source Security Foundation Gains Support From Huawei, Spotify, and 23 New Organizations.
- VMware : A Beginner's Guide for Contributing to an Open Source Project…Code and Non-Code Contributors Alike!
Key Security, Maintenance, and Features Releases
Security Updates
OpenSSH 8.9
A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side.
This creates one area of potential incompatibility: scp(1) when using the SFTP protocol no longer requires this finicky and brittle quoting, and attempts to use it may cause transfers to fail. We consider the removal of the need for double-quoting shell characters in file names to be a benefit and do not intend to introduce bug-compatibility for legacy scp/rcp in scp(1) when using the SFTP protocol.
Another area of potential incompatibility relates to the use of remote paths relative to other user's home directories, for example - "scp host:~user/file /tmp". The SFTP protocol has no native way to expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later support a protocol extension "expand-path@openssh.com" to support this.
Non-Security Updates
Firefox 97.0.1
Fixed an issue where TikTok videos would fail to load when selected from a user's profile page (bug 1750973)
Fixed an issue which led to Picture-in-Picture mode being unable to be toggled on Hulu (bug 1753401)
Works around problems with WebRoot SecureAnywhere antivirus rendering Firefox unusable in some situations (bug 1752466)
Fixed an issue causing users to see the Restore Session screen unexpectedly when starting Firefox (bug 1749996)
Jenkins 2.337
Remove the 'cloud configuration has moved to a separate configuration page' notice. (pull 6298)
Update the appearance of the button bar at the bottom of forms. (pull 6295)
Persist changes made to boolean radio controls (regression in 2.336). (pull 6311)
Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations. (issue 67885)
OpenUpdate - February 24, 2022
Stay Informed
This week, read about:
- Hackers Stole $1.7 Million Worth of NFTs from Users of OpenSea Marketplace.
- Every Software Developer Needs to be a Part of an Open Source Community.
- 2022 State of Open Source Report Details Challenges, Opportunities.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache ActiveMQ 5.16.4
[AMQ-5388] - User Role Granted Full Privileges in jetty.xml
[AMQ-7340] - Scheduled messages performance degrade
[AMQ-8093] - Illegal reflective access by IntrospectionSupport
[AMQ-8252] - Unnecessary stack trace in case of invalid credentials
Apache TomEE 8.0.10
TOMEE-3832 JAX-RS TomEEJsonbProvider not registered in tomee-embedded-maven-plugin when MicroProfile is present
TOMEE-3777 <openjpa-3.1.2-r66d2a72 fatal user error> org.apache.openjpa.persistence.ArgumentException: The persistence provider is attempting to use properties in the persistence.xml file to resolve the data source …
TOMEE-3823 TomEE and Java 17 compatibility issue with Windows Service Tooling
TOMEE-3825 TomEE Maven Plugin does not wait for container startup, if "checkStarted" is set to true
Kubernetes 1.23.4
Fix Azurefile volumeid collision issue in csi migration (#107575, @andyzhangx) [SIG Cloud Provider and Storage]
Fix e2e test "Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true)" (#107902, @xueqzhan) [SIG Network and Testing]
Fixes a regression in 1.23 where update requests to previously persisted Service objects that have not been modified since 1.19 can be rejected with an incorrect spec.clusterIPs: Required value error (#107875, @liggitt) [SIG Network and Testing]
Fixes static pod add and removes restarts in certain cases. (#107761, @rphillips) [SIG Node]
SQLite 3.38.0
Added the -> and ->> operators for easier processing of JSON. The new operators are compatible with MySQL and PostgreSQL.
The JSON functions are now built-ins. It is no longer necessary to use the -DSQLITE_ENABLE_JSON1 compile-time option to enable JSON support. JSON is on by default. Disable the JSON interface using the new -DSQLITE_OMIT_JSON compile-time option.
Enhancements to date and time functions:
Added the unixepoch() function.
Added the auto modifier and the julianday modifier.
OpenUpdate - February 17, 2022
Stay Informed
This week, read about:
- Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites.
- European Union Will Pay For Finding Bugs In Open Source Software.
- Node.js Trademarks Transferred to OpenJS Foundation.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Cassandra 4.0.2 and 3.11.12
4.0.2
* Full Java 11 support (CASSANDRA-16894)
* Remove unused 'geomet' package from cqlsh path (CASSANDRA-17271)
* Removed unused 'cql' dependency (CASSANDRA-17247)
* Don't block gossip when clearing repair snapshots (CASSANDRA-17168)
3.11.12
Apache did not publish any release notes for this version on their GitHub.
JBoss Drools 7.65.0.Final
[DROOLS-6739] - Inaccurate alert about duplicate rule name after copying rule
[DROOLS-6770] - Quote Escaped add when converting guided decision table to XLS
[DROOLS-6772] - Impact Analysis : fails to handle global
[DROOLS-6797] - UnsupportedOperationException when different package rules from DRL and RF
PostgreSQL 14.2, 13.6 and 12.10
14.2
Enforce standard locking protocol for TOAST table updates, to prevent problems with REINDEX CONCURRENTLY (Michael Paquier)
If applied to a TOAST table or TOAST table's index, REINDEX CONCURRENTLY tended to produce a corrupted index. This happened because sessions updating TOAST entries released their ROW EXCLUSIVE locks immediately, rather than holding them until transaction commit as all other updates do. The fix is to make TOAST updates hold the table lock according to the normal rule. Any existing corrupted indexes can be repaired by reindexing again.
Fix corruption of HOT chains when a RECENTLY_DEAD tuple changes state to fully DEAD during page pruning (Andres Freund)
It was possible for VACUUM to remove a recently-dead tuple while leaving behind a redirect item that pointed to it. When the tuple's item slot is later re-used by some new tuple, that tuple would be seen as part of the pre-existing HOT chain, creating a form of index corruption. If this has happened, reindexing the table should repair the damage. However, this is an extremely low-probability scenario, so we do not recommend reindexing just on the chance that it might have happened.
13.6
Enforce standard locking protocol for TOAST table updates, to prevent problems with REINDEX CONCURRENTLY (Michael Paquier)
If applied to a TOAST table or TOAST table's index, REINDEX CONCURRENTLY tended to produce a corrupted index. This happened because sessions updating TOAST entries released their ROW EXCLUSIVE locks immediately, rather than holding them until transaction commit as all other updates do. The fix is to make TOAST updates hold the table lock according to the normal rule. Any existing corrupted indexes can be repaired by reindexing again.
Avoid null-pointer crash in ALTER STATISTICS when the statistics object is dropped concurrently (Tomas Vondra)
Fix incorrect plan creation for parallel single-child Append nodes (David Rowley)
12.10
Enforce standard locking protocol for TOAST table updates, to prevent problems with REINDEX CONCURRENTLY (Michael Paquier)
If applied to a TOAST table or TOAST table's index, REINDEX CONCURRENTLY tended to produce a corrupted index. This happened because sessions updating TOAST entries released their ROW EXCLUSIVE locks immediately, rather than holding them until transaction commit as all other updates do. The fix is to make TOAST updates hold the table lock according to the normal rule. Any existing corrupted indexes can be repaired by reindexing again.
Fix incorrect plan creation for parallel single-child Append nodes (David Rowley)
In some cases the Append would be simplified away when it should not be, leading to wrong query results (duplicated rows).
Postfix 3.7
The stable Postfix release is called postfix-3.7.x where 3=major release number, 7=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called postfix-3.8-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release.
If you upgrade from Postfix 3.5 or earlier, read RELEASE_NOTES-3.6 before proceeding.
Security Updates
Firefox 97
Firefox now supports and displays the new style of scrollbars on Windows 11.
On macOS, we’ve made improvements to system font loading which makes opening and switching to new tabs faster in certain situations.
Various security fixes that can be found at https://www.mozilla.org/security/advisories/mfsa2022-04/
PostgreSQL JDBC Driver 42.3.2
CVE-2022-21724 pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This would allow a malicious class to be instantiated that could execute arbitrary code from the JVM. Fixed in commit
perf: read inhotstandby GUC on connection PR #2334
test: materialized view privileges PR #2209 fixes Issue #2060
docs: add info about convenience maven project PR #2407
OpenUpdate - February 10, 2022
Stay Informed
This week, read about:
- New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps.
- The White House Is Worried About Open Source Software Security.
- FINOS, the Fintech Open Source Foundation and Financial Sector Project of The Linux Foundation, Announces Name Change and 2022 Dates for Open Source in Finance Forum.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Camel 3.15.0
CAMEL-17548
camel-springdoc-starter: throwing NPE when apiProperties is not set
CAMEL-17545
camel elasticsearch rest on spring boot - class not found error
CAMEL-17536
ServicePool.doStop hangs during shutdown
CAMEL-17526
camel-fhir: the serverUrl configuration on camel-fhir endpoint shouldn't be ignored
Firefox 96.0.3
Fixed an issue that allowed unexpected data to be submitted in some of our search telemetry (bug 1752317)
Security Updates
The OpenLogic Enterprise Linux Development Team is pleased to announce a security update to the rpm (RPM Package Manager) package. This update addresses CVE-2021-3521 which describes a signature functionality flaw where RPM does not check the binding signature of subkeys before importing them. We recommend installing this update immediately.
WMI Windows Agent will no longer connect after Microsoft KB5004442 security update
The Jenkins team is currently working to patch this known issue after a Microsoft update has broken the package version 2.319.2. It's actively being patched at this time. To follow the progress, please keep track at https://issues.jenkins.io/browse/JENKINS-67604
OpenUpdate - February 3, 2022
Stay Informed
This week, read about:
- Reasons Why Every Business is a Target of DDoS Attacks.
- Open Source Developers, Who Work For Free, Are Discovering They Have Power.
- The Linux Foundation Releases The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness Research.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Camel 3.14.1
CAMEL-17536
ServicePool.doStop hangs during shutdown
CAMEL-17524
Camel loading of resources using ClassResolver API doesn't work in OSGi enviroments
CAMEL-17521
camel-http - httpClient parameters are not filtered out
CAMEL-17520
Cannot use square brackets in HTTP parameters
Hibernate ORM 5.6.5
HHH-15044 Revert HHH-14826 fix because the provided test was wrong
HHH-15041 H2Dialect does not work properly with h2 2.0.202 due to new DDL type requirements
HHH-15014 H2Dialect does not work properly with h2 2.0.202 on sub selects with tuples
HHH-15009 H2Dialect does not work properly with h2 2.0.202 and updating schema
HHH-14985 H2Dialect does not work properly with h2 2.0.202 on inserts
Kubernetes 1.23.3
Kubernetes is now built with Golang 1.17.6 (#107613, @palnabarun) [SIG Cloud Provider, Instrumentation, Release and Testing]
Fix: delete non existing Azure disk issue (#107406, @andyzhangx) [SIG Cloud Provider]
Fixes a regression in 1.23 that incorrectly pruned data from array items of a custom resource that set x-kubernetes-preserve-unknown-fields: true (#107689, @liggitt) [SIG API Machinery]
ISC BIND 9.18.0
named now supports securing DNS traffic using Transport Layer Security (TLS). TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH).
named can use either a certificate provided by the user or an ephemeral certificate generated automatically upon startup. The tls statement allows fine-grained control over TLS parameters. [GL #1840] [GL #2795] [GL #2796]
For debugging purposes, named logs TLS pre-master secrets when the SSLKEYLOGFILE environment variable is set. This enables troubleshooting of issues with encrypted traffic. [GL #2723]
OpenLDAP 2.6.1
Fixed libldap to init client socket port (ITS#9743)
Fixed libldap with referrals (ITS#9781)
Added slapd config keyword for logfile format (ITS#9745)
Fixed slapd to allow objectClass edits with no net change (ITS#9772)
CentOS Support News
We are pleased to announce that our Enterprise Linux Development Team has backported a fix relating to CVE-2021-4034 and the affected package known as polkit. We highly advise updating your systems to patch this vulnerability. The vulnerability is a local privilege escalation on polkit's pkexec utility. To learn more, please visit https://nvd.nist.gov/vuln/detail/CVE-2021-4034 to read the full CVE on the issue. OpenLogic has provided patches for both CentOS 6 and CentOS 8 for our Extended Support customers. Because CentOS 7 is still actively maintained by Red Hat, patches for CVE-2021-4034 are available from the official CentOS repositories directly.
Joining our existing CentOS 6 Extended Support offering, OpenLogic is now supporting CentOS 8 for five additional years past EoL (End of Life). We have moved CentOS 8 into the Extended Support category due to it going EoL at the end of December 2021. This is due to a decision by Red Hat, announced in December 2020. CentOS 6 and CentOS 8 are now at the end of their community supported life cycle. Because of this, CentOS 6 and CentOS 8 will not receive updates from Red Hat any longer. If you have any questions, comments or concerns about the transition to long term support or would like to speak to a sales person about long term support, please reach out to us at; https://www.openlogic.com/solutions/enterprise-linux-support
OpenUpdate - January 27, 2022
Stay Informed
This week, read about:
- AiryxOS Wants to be an Open-Source MacOS, Complete with Support for Mac Apps.
- Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities.
- NZ's Catalyst IT Delivers Open-Source System for Uni library.
Key Security, Maintenance, and Features Releases
Non-Security Updates
Apache Kafka 3.1.0
[KAFKA-4064] - Add support for infinite endpoints for range queries in Kafka Streams KV stores
[KAFKA-8522] - Tombstones can survive forever
[KAFKA-8613] - Make Grace Period Mandatory for Windowed Operations in Streams
[KAFKA-10712] - Update release scripts to Python3
Apache Struts 2.5.29
[WW-5117] - %{id} evaluates different for data-* and value attribute
[WW-5160] - Template not found for name "Empty{name='templateDir'}/simple/hidden.ftl"
[WW-5163] - Error executing FreeMarker template
Apache Tomcat 10.0.16, 9.0.58 and 8.5.75
10.0.16
Fix: Correct a regression in the fix for 65785 that broke HTTP/2 server push. (markt)
Code: Switch to building with Java 11 and using --release to target Java 8. Once back-ported to all currently supported branches this will reduce the number of Java versions developers need to juggle. (markt)
9.0.58
Fix: Correct a regression in the fix for 65785 that broke HTTP/2 server push. (markt)
8.5.75
Fix: Correct a regression in the fix for 65785 that broke HTTP/2 server push. (markt)
Drools 7.64.0.Final
[DROOLS-6729] - Exception happens randomly in specific rule after Constraint Jitting
[DROOLS-6484] - Create ConstraintParserTest
[DROOLS-6741] - Upgrade to mvel 2.4.14+
Firefox 96.0.2
Fixed an issue that caused tab height to display inconsistently on Linux when audio was played (bug 1714276)
Fixed an issue that caused Lastpass dropdowns to appear blank in Private Browsing mode (bug 1748158)
Fixed a crash encountered when resizing a Facebook app (bug 1746084)
Hibernate ORM 5.6.4
HHH-15032 Fix backwards incompatible SPI change that happened in 5.6.2 due to introducing SqlStringGenerationContext
HHH-15022 Bug After Upgrade Hibernate from 5.6.1.Final to 5.6.3.Final
HHH-15002 H2Dialect does not work properly with h2 2.0.202 and booleans types
Kubernetes 1.23.2
An inefficient lock in EndpointSlice controller metrics cache has been reworked. Network programming latency may be significantly reduced in certain scenarios, especially in clusters with a large number of Services. (#107167, @robscott) [SIG Apps and Network]
Client-go: fix that paged list calls with ResourceVersionMatch set would fail once paging kicked in. (#107334, @fasaxc) [SIG API Machinery]
Fix a panic when using invalid output format in kubectl create secret command (#107347, @rikatz) [SIG CLI]
Fix: azuredisk parameter lowercase translation issue (#107429, @andyzhangx) [SIG Cloud Provider and Storage]
MySQL 8.0.28
This release fixes the following two issues relating to date and time values:
Inserting a CHAR value such as '12:00:00' into a DATE, DATETIME, or TIMESTAMP column raised the wrong error. In the case of a DATE column, this error was similar to Data truncation: Incorrect date value: '2012-00-00' for column 'd' at row 1. This occurred for both the binary and text protocols.
Inserting a value with an offset into a DATE or TIME column using the binary protocol gave a wrong result. For example, when the connection time zone was set to GMT-5, inserting '2021-10-10 00:00:00.123+01:00' into a TIME column yielded '18:00:00'; that is, the value was converted to the connection time zone (this should be done only with respect to DATEIME columns).
Wildfly 26.0.1
[WFLY-15932] - RemoteLocalCallProfileTestCase fails when the security manager is enabled
[WFLY-15933] - Failures in OidcWithDeploymentConfigTest on 26.x branch
[WFLY-15873] - Remove Elytron OIDC client dependencies from WildFly
[WFLY-15890] - Add documentation on multi-tenancy to the Elytron OpenID Connect Client subsystem documentation
ISC Bind 9.16.25
Overall memory use by named has been optimized and reduced, especially on systems with many CPU cores. The default memory allocator has been switched from internal to external. A new command-line option -M internal allows named to be started with the old internal memory allocator. [GL #2398]
On FreeBSD, TCP connections leaked a small amount of heap memory, leading to an eventual out-of-memory problem. This has been fixed. [GL #3051]
If signatures created by the ZSK were expired and the ZSK private key was offline, the signatures were not replaced. This behavior has been amended to replace the expired signatures with new signatures created using the KSK. [GL #3049]
Under certain circumstances, the signed version of an inline-signed zone could be dumped to disk without the serial number of the unsigned version of the zone. This prevented resynchronization of the zone contents after named restarted, if the unsigned zone file was modified while named was not running. This has been fixed. [GL #3071]
PHP 8.1.2 and 8.0.15
8.1.2
Fixed bug #81216 (Nullsafe operator leaks dynamic property name).
Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error).
Fixed bug #81656 (GCC-11 silently ignores -R).
Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods).
8.0.15
Fixed bug #81656 (GCC-11 silently ignores -R).
Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
Fixed FILTER_FLAG_NO_RES_RANGE flag.
Fixed bug #7759 (Incorrect return types for hash() and hash_hmac()).