Open Source News + Security Updates
This week, read about:
Apache Spark 3.3.4
Notable changes:
[SPARK-43327]: Trigger committer.setupJob before plan execute in FileFormatWriter#write
[SPARK-43393]: Address sequence expression overflow bug
[SPARK-44547]: Ignore fallback storage for cached RDD migration
[SPARK-44581]: Fix the bug that ShutdownHookManager gets wrong UGI from SecurityManager of ApplicationMaster
[SPARK-44725]: Document spark.network.timeoutInterval
[SPARK-44805]: getBytes/getShorts/getInts/etc. should work in a column vector that has a dictionary
[SPARK-44857]: Fix getBaseURI error in Spark Worker LogPage UI buttons
[SPARK-44871]: Fix percentile_disc behaviour
[SPARK-44920]: Use await() instead of awaitUninterruptibly() in TransportClientFactory.createClient()
[SPARK-44925]: K8s default service token file should not be materialized into token
[SPARK-44935]: Fix RELEASE file to have the correct information in Docker images if exists
[SPARK-44937]: Mark connection as timedOut in TransportClient.close
[SPARK-44973]: Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-44990]: Reduce the frequency of get spark.sql.legacy.nullValueWrittenAsQuotedEmptyStringCsv
[SPARK-45057]: Avoid acquire read lock when keepReadLock is false
[SPARK-45079]: Fix an internal error from percentile_approx() on NULL accuracy
[SPARK-45100]: Fix an internal error from reflect()on NULL class and method
[SPARK-45187]: Fix WorkerPage to use the same pattern for logPage urls
[SPARK-45227]: Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend
[SPARK-45389]: Correct MetaException matching rule on getting partition metadata
[SPARK-45430]: Fix for FramelessOffsetWindowFunction when IGNORE NULLS and offset > rowCount
[SPARK-45508]: Add “–add-opens=java.base/jdk.internal.ref=ALL-UNNAMED” so Platform can access Cleaner on Java 9+
[SPARK-45580]: Handle case where a nested subquery becomes an existence join
[SPARK-45670]: SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45749]: Fix Spark History Server to sort Duration column properly
[SPARK-45920]: group by ordinal should be idempotent
[SPARK-46006]: YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46012]: EventLogFileReader should not read rolling logs if app status file is missing
[SPARK-46029]: Escape the single quote, _ and % for DS V2 pushdown
[SPARK-46092]: Don’t push down Parquet row group filters that overflow
[SPARK-46095]: Document REST API for Spark Standalone Cluster
[SPARK-46239]: Hide Jetty infhttps://spark.apache.org/releases/spark-release-3-3-4.html
[SPARK-46286]: Document spark.io.compression.zstd.bufferPool.enabled
Dependency Changes:
[SPARK-45885]: Upgrade ORC to 1.7.10
Grafana
10.2.3
Features and enhancements:
Bug fixes:
10.1.6
Features and enhancements:
Bug fixes:
10.0.10
Features and enhancements:
Bug fixes:
9.5.15
Features and enhancements:
Bug fixes:
Keycloak 23.0.3 & 23.0.2 & 22.0.7
Kubernetes
1.28.5
Feature:
Bug or Regression:
Other (Cleanup or Flake):
1.27.9
Feature:
Bug or Regression:
Other (Cleanup or Flake):
Nodejs 21.5.0
Notable Changes:
[0dd53da722] - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) #50322
[9f54987fbc] - module: merge config with package_json_reader (Yagiz Nizipli) #50322
[45e4f82912] - src: move package resolver to c++ (Yagiz Nizipli) #50322
Deprecations:
[26ed4ad01f] - doc: deprecate hash constructor (Marco Ippolito) #51077
[58ca66a1a7] - doc: deprecate dirent.path (Antoine du Hamel) #51020
Commits:
[1bbdbdfbeb] - benchmark: update iterations in benchmark/perf_hooks (Lei Shi) #50869
[087fb0908e] - benchmark: update iterations in benchmark/crypto/aes-gcm-throughput.js (Lei Shi) #50929
[53b16c71fb] - benchmark: update iteration and size in benchmark/crypto/randomBytes.js (Lei Shi) #50868
[38fd0ca753] - benchmark: add undici websocket benchmark (Chenyu Yang) #50586
[b148c43244] - benchmark: add create-hash benchmark (Joyee Cheung) #51026
[fdd8c18f96] - benchmark: update interations and len in benchmark/util/text-decoder.js (Lei Shi) #50938
[a9972057ac] - benchmark: update iterations of benchmark/util/type-check.js (Lei Shi) #50937
[b80bb1329b] - benchmark: update iterations in benchmark/util/normalize-encoding.js (Lei Shi) #50934
[dbee03d646] - benchmark: update iterations in benchmark/util/inspect-array.js (Lei Shi) #50933
[f2d83a3a84] - benchmark: update iterations in benchmark/util/format.js (Lei Shi) #50932
[2581fce553] - bootstrap: improve snapshot unsupported builtin warnings (Joyee Cheung) #50944
[735bad3694] - build: fix warnings from uv for gn build (Cheng Zhao) #51069
[8da9d969f9] - deps: V8: cherry-pick 0fd478bcdabd (Joyee Cheung) #50572
[429fbb37c1] - deps: update simdjson to v3.6.2 (Yagiz Nizipli) #50986
[9950103253] - deps: update zlib to 1.3-22124f5 (Node.js GitHub Bot) #50910
[0b61823e8b] - deps: update undici to 5.28.2 (Node.js GitHub Bot) #51024
[95d8a273cc] - deps: cherry-pick bfbe4e38d7 from libuv upstream (Abdirahim Musse) #50650
[06038a489e] - deps: update libuv to 1.47.0 (Node.js GitHub Bot) #50650
[0dd53da722] - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) #50322
[04eaa5cdd7] - doc: run license-builder (github-actions[bot]) #51111
[26ed4ad01f] - doc: deprecate hash constructor (Marco Ippolito) #51077
[637ffce4c4] - doc: add note regarding --experimental-detect-module (Shubherthi Mitra) #51089
[838179b096] - doc: correct tracingChannel.traceCallback() (Gerhard Stöbich) #51068
[539bee4f0a] - doc: use length argument in pbkdf2Key (Tobias Nießen) #51066
[c45a9a3187] - doc: add deprecation notice to dirent.path (Antoine du Hamel) #51059
[58ca66a1a7] - doc: deprecate dirent.path (Antoine du Hamel) #51020
[c2b6edf9ab] - esm: fix hook name in error message (Bruce MacNaughton) #50466
[35e8f26f07] - fs: throw fchownSync error from c++ (Yagiz Nizipli) #51075
[c3c8237089] - fs: update params in jsdoc for createReadStream and createWriteStream (Jungku Lee) #51063
[3f7f3ce8c9] - fs: improve error performance of readvSync (IlyasShabi) #50100
[7f95926f17] - http: handle multi-value content-disposition header (Arsalan Ahmad) #50977
[7a8a2d5632] - lib: don't parse windows drive letters as schemes (华) #50580
[aa2be4bb76] - module: load source maps in commonjs translator (Hiroki Osame) #51033
[c0e5e74876] - module: document parentURL in register options (Hiroki Osame) #51039
[4eedf5e694] - module: fix recently introduced coverity warning (Michael Dawson) #50843
[9f54987fbc] - module: merge config with package_json_reader (Yagiz Nizipli) #50322
[5f95dca638] - node-api: introduce experimental feature flags (Gabriel Schulhof) #50991
[3fb7fc909e] - quic: further implementation details (James M Snell) #48244
[fa25e069fc] - src: implement countObjectsWithPrototype (Joyee Cheung) #50572
[abe90527e4] - src: register udp_wrap external references (Joyee Cheung) #50943
[84e2f51d14] - src: register spawn_sync external references (Joyee Cheung) #50943
[2cfee53d7b] - src: register process_wrap external references (Joyee Cheung) #50943
[9b7f79a8bd] - src: fix double free reported by coverity (Michael Dawson) #51046
[fc5503246e] - src: remove unused headers in node_file.cc (Jungku Lee) #50927
[c3abdc58af] - src: implement --trace-promises (Joyee Cheung) #50899
[f90fc83e97] - src: fix dynamically linked zlib version (Richard Lau) #51007
[9bf144379f] - src: omit bool values of package.json main field (Yagiz Nizipli) #50965
[45e4f82912] - src: move package resolver to c++ (Yagiz Nizipli) #50322
[71acd36778] - stream: implement TransformStream cleanup using "transformer.cancel" (Debadree Chatterjee) #50126
[5112306064] - stream: fix fd is null when calling clearBuffer (kylo5aby) #50994
[ed070755ec] - test: deflake test-diagnostics-channel-memory-leak (Joyee Cheung) #50572
[aee01ff1b4] - test: test syncrhnous methods of child_process in snapshot (Joyee Cheung) #50943
[cc949869a3] - test: handle relative https redirect (Richard Lau) #51121
[048349ed4c] - test: fix test runner colored output test (Moshe Atlow) #51064
[7f5291d783] - test: resolve path of embedtest binary correctly (Cheng Zhao) #50276
[4ddd0daf5f] - test: escape cwd in regexp (Jérémy Lal) #50980
[3ccd5faabb] - test_runner: format coverage report for tap reporter (Pulkit Gupta) #51119
[d5c9adf3df] - test_runner: fix infinite loop when files are undefined in test runner (Pulkit Gupta) #51047
[328a41701c] - tools: update lint-md-dependencies to rollup@4.7.0 (Node.js GitHub Bot) #51106
[297cb6f5c2] - tools: update doc to highlight.js@11.9.0 unified@11.0.4 (Node.js GitHub Bot) #50459
[4705023343] - tools: fix simdjson updater (Yagiz Nizipli) #50986
[c9841583db] - tools: update eslint to 8.55.0 (Node.js GitHub Bot) #51025
[2b4671125e] - tools: update lint-md-dependencies to rollup@4.6.1 (Node.js GitHub Bot) #51022
[cd891b37f6] - util: improve performance of function areSimilarFloatArrays (Liu Jia) #51040
[e178a43509] - vm: use v8::DeserializeInternalFieldsCallback explicitly (Joyee Cheung) #50984
[fd028e146f] - win,tools: upgrade Windows signing to smctl (Stefan Stojanovic) #50956
Prometheus 2.45.2
This release contains security fixes in dependencies and has been built with go1.21.5. #13307
Ceph 18.2.1
NOTABLE CHANGES:
This week, read about:
Updates to the OpenLogic CentOS Repository
OpenLogic’s Enterprise Linux Team has recently published the following update:
We recommend that you update your CentOS 6 systems to protect against this vulnerability. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Apache Camel 4.3.0 & 3.21.3 & 3.20.9
BUG (6)
[CAMEL-20152] camel-jetty - OutOfMemoryError with big file upload via multipart
[CAMEL-20139] aggregate EIP: wrong correlation key set for the first aggregate exchange
[CAMEL-20079] EndpointDslMojo generates wrong header names
[CAMEL-20054] camel-kubernetes - Configuration of Kubernetes secrets with Camel K not working as expected
[CAMEL-20053] camel-jira: watchUpdates consumer does not see issues created after route startup
[CAMEL-20035] Program terminates with OutOfMemoryError
DEPENDENCY UPGRADE (2)
[CAMEL-20146] camel-spring-boot - Upgrade to 2.7.18
[CAMEL-20049] camel-activemq - Upgrade to latest releases
TASK (1)
[CAMEL-20094] camel-catalog: camel-spring.xsd keeps being regenerated
Apache Kafka 3.6.1
IMPROVEMENT:
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3
BUG:
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration
TASK:
[KAFKA-15093] - Add 3.5.0 to broker/client and streams upgrade/compatibility tests
[KAFKA-15378] - Rolling upgrade system tests are failing
[KAFKA-15479] - Remote log segments should be considered once for retention breach
[KAFKA-15664] - Add 3.4.0 streams upgrade/compatibility tests
TEST:
[KAFKA-15169] - Add tests for RemoteIndexCache
[KAFKA-15793] - Flaky test ZkMigrationIntegrationTest.testMigrateTopicDeletions
Apache Kafka 3.5.2
BUG:
[KAFKA-13197] - KStream-GlobalKTable join semantics don't match documentation
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-14938] - Flaky test org.apache.kafka.connect.integration.ExactlyOnceSourceIntegrationTest#testConnectorBoundary
[KAFKA-15091] - Javadocs for SourceTask::commit are incorrect
[KAFKA-15100] - Unsafe to call tryCompleteFetchResponse on request timeout
[KAFKA-15102] - Mirror Maker 2 - KIP690 backward compatibility
[KAFKA-15106] - AbstractStickyAssignor may stuck in 3.5
[KAFKA-15202] - MM2 OffsetSyncStore clears too many syncs when sync spacing is variable
[KAFKA-15216] - InternalSinkRecord::newRecord method ignores the headers argument
[KAFKA-15235] - No test coverage reports for Java due to settings for Jacoco being incompatible with Gradle 8.x
[KAFKA-15238] - Connect workers can be disabled by DLQ-related blocking admin client calls
[KAFKA-15243] - User creation mismatch
[KAFKA-15263] - KRaftMigrationDriver can run the migration twice
[KAFKA-15312] - FileRawSnapshotWriter must flush before atomic move
[KAFKA-15319] - Upgrade rocksdb to fix CVE-2022-37434
[KAFKA-15338] - The metric group documentation for metrics added in KAFKA-13945 is incorrect
[KAFKA-15353] - Empty ISR returned from controller after AlterPartition request
[KAFKA-15374] - ZK migration fails on configs for default broker resource
[KAFKA-15375] - When running in KRaft mode, LogManager may creates CleanShutdown file by mistake
[KAFKA-15377] - GET /connectors/{connector}/tasks-config endpoint exposes externalized secret values
[KAFKA-15391] - Delete topic may lead to directory offline
[KAFKA-15429] - Kafka Streams attempts to commit on a closed producer when shutting down after an exception when running with EOS
[KAFKA-15450] - Disable ZK migration when JBOD configured
[KAFKA-15487] - CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1
[KAFKA-15498] - Upgrade Snappy-Java to 1.1.10.4
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
TASK:
[KAFKA-15378] - Rolling upgrade system tests are failing
[KAFKA-15664] - Add 3.4.0 streams upgrade/compatibility tests
TEST:
[KAFKA-15211] - DistributedConfigTest#shouldFailWithInvalidKeySize fails when run after TestSslUtils#generate
[KAFKA-15393] - MirrorMaker2 integration tests are shutting down uncleanly
Apache Tomcat 11.0.0-M15
Catalina:
Coyote:
Jasper:
Web Applications:
Other:
Apache Tomcat 10.1.17
Catalina:
Jasper:
Web Applications:
Other:
Elasticsearch v8.11.3
Bug fixes
Application:
ES|QL:
ILM+SLM:
Mapping:
Transform:
Etcd v3.5.11
etcd server:
Dependencies:
HAProxy 2.9.0
DOC: config: add missing colon to "bytes_out" sample fetch keyword (2)
BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
DOC: config: add matrix entry for "max-session-srv-conns"
DOC: config: fix monitor-fail typo
DOC: config: add context hint for proxy keywords
DEBUG: stream: Report lra/fsb values for front end back SC in stream dump
REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter
BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
DOC: Clarify the differences between field() and word()
BUG/MINOR: server/event_hdl: properly handle AF_UNSPEC for INETADDR event
BUILD: http_htx: silence uninitialized warning on some gcc versions
MINOR: acme.sh: don't use '*' in the filename for wildcard domain
MINOR: global: Use a dedicated bitfield to customize zero-copy fast-forwarding
MINOR: mux-pt: Add global option to enable/disable zero-copy forwarding
MINOR: mux-h1: Add global option to enable/disable zero-copy forwarding
MINOR: mux-h2: Add global option to enable/disable zero-copy forwarding
MINOR: mux-quic: Add global option to enable/disable zero-copy forwarding
MINOR: mux-quic: Disable zero-copy forwarding for send by default
DOC: config: update the reminder on the HTTP model and add some terminology
DOC: config: add a few more differences between HTTP/1 and 2+
DOC: config: clarify session vs stream
DOC: config: fix typo abandonned -> abandoned
DOC: management: fix two latest typos (optionally, exception)
BUG/MEDIUM: peers: fix partial message decoding
DOC: management: update stream vs session
Wildfly 30.0.1.Final
Bug:
[WFLY-18295] - WildFly vs WildFly Preview document needs update
[WFLY-18384] - [CLUSTERING] File containing session data is never shrunk or deleted
[WFLY-18533] - Simplest JAXRS app is failing when deployed in server provisioned with jaxrs
[WFLY-18702] - In WildFly Preview jaxrs-server layer does not provision MP Rest Client
[WFLY-18727] - ATTRIBUTE granularity distributed sessions should always replicate on setAttribute(...)
[WFLY-18740] - On cache writes, Infinispan store=hotrod throws ISE: Only byte[] instances are supported currently
[WFLY-18783] - MBean: java.lang.ClassNotFoundException: org.glassfish.jaxb.runtime.v2.ContextFactory from [Module "org.jboss.as.sar" version 27.0.1.Final...
Component Upgrade:
[WFLY-18630] - Upgrade Infinispan to 14.0.20.Final
[WFLY-18679] - Upgrade jaxbintros from 2.0.0 to 2.0.1
[WFLY-18680] - [WildFly 30.x] Upgrade HAL to 3.6.16.Final
[WFLY-18685] - Upgrade santuario to 3.0.3 (addresses CVE-2023-44483)
[WFLY-18704] - Upgrade Artemis to 2.31.2 (resolves CVE-2023-46604)
[WFLY-18713] - Upgrade RESTEasy to 6.2.6.Final
[WFLY-18725] - Upgrade WildFly Http Client to 2.0.6.Final
Sub-task:
[WFLY-18642] - Reevalute test exclusions in the integration/microprofile module
Kibana v8.11.3
Bug Fixes
Fleet:
Machine Learning:
Operations:
Logstash 8.11.3
Documentation Enhancements:
Updates To Dependencies:
PHP Interpreter php-8.3.1RC3
New Features in PHP 8.3
Prometheus 2.48.1
[BUGFIX] TSDB: Make the wlog watcher read segments synchronously when not tailing. #13224
[BUGFIX] Agent: Participate in notify calls (fixes slow down in remote write handling introduced in 2.45). #13223
SELinux Project
"semodule-utils-3.6"
User-Visible Changes:
Development-Relevant Changes:
This week, read about:
Updates to the OpenLogic CentOS Repository
OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 8 systems to protect against this vulnerability.
CentOS - tzdata-2023c-1_ol001.el6
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Apache Spark 3.4.2
Notable changes
[SPARK-42784]: should still create subDir when the number of subDir in merge dir is less than conf
[SPARK-43203]: Fix DROP table behavior in session catalog
[SPARK-43393]: Address sequence expression overflow bug
[SPARK-44040]: Fix compute stats when AggregateExec node above QueryStageExec
[SPARK-44079]: Fix ArrayIndexOutOfBoundsException when parse array as struct using PERMISSIVE mode with corrupt record
[SPARK-44134]: Fix setting resources (GPU/FPGA) to 0 when they are set in spark-defaults.conf
[SPARK-44136]: Fixed an issue that StateManager may get materialized in executor instead of driver in FlatMapGroupsWithStateExec
[SPARK-44142]: Replace type with tpe in utility to convert python types to spark types
[SPARK-44180]: DistributionAndOrderingUtils should apply ResolveTimeZone
[SPARK-44206]: DataSet.selectExpr scope Session.active
[SPARK-44215]: If num chunks are 0, then server should throw a RuntimeException
[SPARK-44241]: Mistakenly set io.connectionTimeout/connectionCreationTimeout to zero or negative will cause incessant executor cons/destructions
[SPARK-44251]: Set nullable correctly on coalesced join key in full outer USING join
[SPARK-44313]: Fix generated column expression validation when there is a char/varchar column in the schema
[SPARK-44391]: Check the number of argument types in InvokeLike
[SPARK-44464]: Fix applyInPandasWithStatePythonRunner to output rows that have Null as first column value
[SPARK-44479]: Fix protobuf conversion from an empty struct type
[SPARK-44547]: Ignore fallback storage for cached RDD migration
[SPARK-44581]: Fix the bug that ShutdownHookManager gets wrong UGI from SecurityManager of ApplicationMaster
[SPARK-44588]: Fix double encryption issue for migrated shuffle blocks
[SPARK-44630]: Revert “[SPARK-43043] Improve the performance of MapOutputTracker.updateMapOutput”
[SPARK-44634]: Encoders.bean does no longer support nested beans with type arguments
[SPARK-44641]: Incorrect result in certain scenarios when SPJ is not triggered
[SPARK-44653]: Non-trivial DataFrame unions should not break caching
[SPARK-44657]: Fix incorrect limit handling in ArrowBatchWithSchemaIterator and config parsing of CONNECT_GRPC_ARROW_MAX_BATCH_SIZE
[SPARK-44805]: getBytes/getShorts/getInts/etc. should work in a column vector that has a dictionary
[SPARK-44840]: Make array_insert() 1-based for negative indexes
[SPARK-44846]: Convert the lower redundant Aggregate to Project in RemoveRedundantAggregates
[SPARK-44854]: Python timedelta to DayTimeIntervalType edge case bug
[SPARK-44857]: Fix getBaseURI error in Spark Worker LogPage UI buttons
[SPARK-44859]: Fix incorrect property name in structured streaming doc
[SPARK-44871]: Fix percentile_disc behaviour
[SPARK-44910]: Encoders.bean does not support superclasses with generic type arguments
[SPARK-44920]: Use await() instead of awaitUninterruptibly() in TransportClientFactory.createClient()
[SPARK-44925]: K8s default service token file should not be materialized into token
[SPARK-44935]: Fix RELEASE file to have the correct information in Docker images if exists
[SPARK-44937]: Mark connection as timedOut in TransportClient.close
[SPARK-44940]: Improve performance of JSON parsing when “spark.sql.json.enablePartialResults” is enabled
[SPARK-44973]: Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-44990]: Reduce the frequency of get spark.sql.legacy.nullValueWrittenAsQuotedEmptyStringCsv
[SPARK-45054]: HiveExternalCatalog.listPartitions should restore partition statistics
[SPARK-45057]: Avoid acquire read lock when keepReadLock is false
[SPARK-45071]: Optimize the processing speed of BinaryArithmetic#dataType when processing multi-column data
[SPARK-45075]: Fix alter table with invalid default value will not report error
[SPARK-45078]: Fix array_insert ImplicitCastInputTypes not work
[SPARK-45079]: Fix an internal error from percentile_approx()on NULL accuracy
[SPARK-45081]: Encoders.bean does no longer work with read-only properties
[SPARK-45100]: Fix an internal error from reflect()on NULL class and method
[SPARK-45109]: Fix log function in Connect
[SPARK-45187]: Fix WorkerPage to use the same pattern for logPage urls
[SPARK-45227]: Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend
[SPARK-45282]: Correctness issue in AQE with InMemoryTableScanExec
[SPARK-45389]: Correct MetaException matching rule on getting partition metadata
[SPARK-45430]: Fix for FramelessOffsetWindowFunction when IGNORE NULLS and offset > rowCount
[SPARK-45433]: Fix CSV/JSON schema inference when timestamps do not match specified timestampFormat
[SPARK-45473]: Fix incorrect error message for RoundBase
[SPARK-45508]: Add “–add-opens=java.base/jdk.internal.ref=ALL-UNNAMED” so Platform can access Cleaner on Java 9+
[SPARK-45592]: Correctness issue in AQE with InMemoryTableScanExec
[SPARK-45604]: Add LogicalType checking on INT64 -> DateTime conversion on Parquet Vectorized Reader
[SPARK-45652]: SPJ: Handle empty input partitions after dynamic filtering
[SPARK-45670]: SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45678]: Cover BufferReleasingInputStream.available/reset under tryOrFetchFailedException
[SPARK-45749]: Fix Spark History Server to sort Duration column properly
[SPARK-45786]: Fix inaccurate Decimal multiplication and division results
[SPARK-45814]: Make ArrowConverters.createEmptyArrowBatch call close() to avoid memory leak
[SPARK-45882]: BroadcastHashJoinExec propagate partitioning should respect CoalescedHashPartitioning
[SPARK-45896]: Construct ValidateExternalType with the correct expected type
[SPARK-45920]: group by ordinal should be idempotent
[SPARK-46006]: YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46012]: EventLogFileReader should not read rolling logs if app status file is missing
[SPARK-46062]: Sync the isStreaming flag between CTE definition and reference
[SPARK-46064]: Move out EliminateEventTimeWatermark to the analyzer and change to only take effect on resolved child
Dependency Changes
While being a maintenance release we did still upgrade some dependencies in this release they are:
[SPARK-44415]: Upgrade snappy-java to 1.1.10.2
[SPARK-44513]: Upgrade snappy-java to 1.1.10.3
[SPARK-45103]: Update ORC to 1.8.5
[SPARK-45884]: Update ORC to 1.8.6
Keycloack 23.0.1
#23841 Users page with LDAP User Storage Provider Cannot read properties of undefined admin/ui
#23872 Attempt to request storage access in Firefox oidc
#24261 „Unlink users“-Option greyed out in ldap federation admin/ui
#24958 Error handling in admin console when update of user fails due the 400 HTTP error code admin/ui
#24961 Keycloak not able to handle multiple validating X509 certificates when public key are the same saml
#24984 Operator is missing CRDs metadata in CSV operator
#25008 Group search when creating user admin/ui
#25022 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token idc
Node.js 21.4.0
Notable Changes
This release fixes a regression introduced in v21.3.0 that caused the fs.writeFileSync method to throw when called with 'utf8' encoding, no flag option, and if the target file didn't exist yet.
Commits
Janusgraph 1.0.0
Notable new features
This week, read about:
Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
The vulnerability affects the following versions:
Apache ActiveMQ 5.18.0 before 5.18.3
Apache ActiveMQ 5.17.0 before 5.17.6
Apache ActiveMQ 5.16.0 before 5.16.7
Apache ActiveMQ before 5.15.16
Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities.
Docker compose 2.23.3
bump buildx to v0.12.0 and adapt code to changes by @glours in #11217
etcd 3.4.28
etcd server
Package clientv3
Dependencies
Grafana 10.2.2
Bug fixes:
Keycloak 23.0
New features
#23155 [WebAuthn] origin validation not support for non-Web platforms core
Enhancements
#431 Remove Wildfly/EAP OIDC and SAML adapter downloads web
#505 Quickstarts - Wildfly upgrade and README cleanup quickstarts
#510 SAML quickstart - provisioning of SAML adapter via Galleon quickstarts
#9318 User profile configuration API is incorrectly typed docs
#10128 Improve failed test behaviour operator
#10620 Internationalized Domain Names in email address user-profile
#10713 Update the server to use RESTEasy Reactive
#10803 Persist session in JDBC store without using external infinispan cluster storage
#11668 Declarative User Profile: weird behaviour in Account Management Console user-profile
#12406 Remove "You are already logged-in" during authentication authentication
#14009 CreatedTimestamp on REST import not used
#14165 Cannot refresh RPT tokens authorization-services
#14400 Add proxy options to Keycloak CR operator
#15018 Enhancements around proxy and hostname configuration
#15072 Allow setting a help text to an attribute user-profile
#15109 Refactor patch-sources.sh used by the Operator operator
#17258 Data too long for column 'DETAILS_JSON' storage
#20343 message bundles are not included in the realm export import-export
#20584 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
#20695 Add support for single-tenant in Microsoft Identity Provider
#20794 Can we simplify TokenManager.getRefreshExpiration() and TokenManager.getOfflineExpiration()? oidc
#20884 [Admin Console v2] Policy creation at Permissions screen missing admin/ui
#21073 Identity providers: pagination in admin REST API
#21154 Allow existing mappers for Custom Identity Providers identity-brokering
#21181 Add FAPI 2.0 security profile as default profile of client policies
#21182 Enhancing Pluggable Features of Token Manager
#21183 More flexibility for Introspection endpoint oidc
#21200 DPoP support 1st phase
#21444 Set `client_id` when using `private_key_jwt` with OIDC IdP identity-brokering
#21945 Release notes for FAPI 2
#22034 Keycloak, javascript lib to not use the escape() function adapter/javascript
#22215 DPoP verification in UserInfo endpoint oidc
#22318 Allow overriding Account Console resources for full control and backwards compatibility
#22372 Expand Group providers to allow for paginated lookup of subgroups storage
#22725 Do not initialize barrier build items for deployment dist/quarkus
#22868 Clarification on the tooltip of option "Validate Password Policy" of LDAP provider admin/ui
#23194 Add regex support in 'Condition - User attribute' execution authentication
#23340 Implement load shedding for RESTEasy reactive
#23527 Better usability when disabling user profile and loosing the previous cofiguration user-profile
#23891 Add feature flag for OAuth 2.0 device authorization grant flow oidc
#24024 User profile tweaks in registration forms user-profile
#24072 Lots of parameters related to identity brokering uses `providerId` when they expect `providerAlias` identity-brokering
#24273 Add a property to the User Profile Email Validator for max length of the local part user-profile
#24278 Transient users: documentation core
#24387 Move some UserProfile and Validation classes into keycloak-server-spi user-profile
#24494 Transient users: Consents core
#24535 Moving UPConfig and related classes from keycloak-services user-profile
#24844 Add High Availability Guide to Keycloak's main repository
#24912 Add Galleon layer metadata to the SAML Galleon feature-pack adapter/jee-saml
Bugs
#468 Cant build it quickstarts
#503 Automate Keycloak version replacement quickstarts
#508 set-version script does not update package(-lock).json files in js and nodejs quickstarts quickstarts
#515 [Keycloak Quickstarts CI failure] loginToAdminConsole method fails in ArquillianSysoutEventListenerProviderTest.testEventListenerOutput due to Unable to locate element: {"method":"css selector","selector":"#username"} exception quickstarts
#8939 PAR fails to authenticate for public client oidc
#9004 Access Token claims not imported using OpenID Connect v1.0 Identity Provider Attribute Importer Mappers oidc
#10710 Rollup.js complains about the use of eval in one of keycloak.js's dependencies adapter/javascript
#11699 Under heavy load, DefaultBruteForceProtector blocks the whole system authentication
#12062 Declarative User Profile export user-profile
#12171 Inconsistent authorization behavior when exporting data from a realm authorization-services
#14134 [keycloak 18] cannot import users with correct ID in partial import admin/api
#16379 Inconsistent handling of parenthesis in auth flow name admin/api
#16526 Token introspection response does not follow RFC6479 "scope" parameter format oidc
#19093 The create new user page requires the admin user to be given the "Manage-Realm" role in order to see the user profile attributes in the create new user page admin/api
#19125 kcadm do not update defaultGroups docs
#19154 Non working API docs link docs
#19555 When update-email feature is enabled, changing emails two times in a row causes unintuitive behaviour authentication
#20135 Searching for multiple types in the Events section gives an error admin/client-js
#20218 Role mappers must return a single value when they are not multivalued oidc
#20316 Email pattern is not compliant account/api
#20453 Admin UI incredibly slow with 300 realms admin/api
#20537 [Declarative User Profile] OIDCAttributeMapperHelper throws NumberFormatException for optional user attributes user-profile
#20763 Flaky test: org.keycloak.testsuite.admin.authentication.FlowTest#testAddRemoveFlow ci
#20830 Token-exchange is not working for OpenID Connect v1.0 provider in KC 21.1.1 token-exchange
#20852 [Declarative User Profile] Attributes are created as required by default but switch is set to "not required" user-profile
#20885 Key length is limited to 4000 characters storage
#21010 Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients storage
#21123 NPE in getDefaultRequiredActionCaseInsensitively admin/api
#21236 Keycloak Event clientId is null when ever a logout event is fired. core
#21555 Listing realms due to realm drop-down admin/ui
#21660 Wrong convert timestamp to date account/ui
#21779 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#loginShouldWorkWithScriptAuthenticator authentication
#21780 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#loginShouldFailWithScriptAuthenticator authentication
#21797 DN with RDN that contains trailing backslash is imported incorrectly into Keycloak ldap
#21805 Missing labels account console account/ui
#21818 DN with RDN that contains trailing space is imported incorrectly into Keycloak ldap
#21830 Operator doesn't pass on system property 'jgroups.dns.query' to Keycloak but an env variable, leading to a warning in the log operator
#22143 WatchedSecretsTest.testSecretChangesArePropagated error in OCP ci
#22177 Missing client_id validation match when authenticating client with JWT
#22191 Verification of iss at refresh token request oidc
#22332 Selecting resource on resource based permission gives error admin/ui
#22337 kc.sh errors if using characters like semicolon inside the arguments docs
#22375 Possible NullPointerException core
#22395 Email sending fails when SPI truststore is configured and hostnameVerification set to 'ANY' core
#22432 inputOptionLabels is not used by Admin UI admin/ui
#22583 Fine grained permissions not rendering account/ui
#22638 SAML AdvancedAttributeToRoleMapper does not allow predicate evaluation on same Array Attribute saml
#22814 user search with "q" parameter ignores keys of length 1 and returns all users admin/api
#22818 inputOptionLabels is not used by Account UI v3 account/ui
#22890 Keycloak 22.0.1: NPE in Edit Identity Provider Mapper on second Save admin/api
#22937 ProviderConfigProperty.MULTIVALUED_LIST_TYPE not working in FormAction admin/ui
#22988 Cache stampede after realm cache invalidation infinispan
#23044 Docs: server_admin/topics/sessions/transient.adoc authentication
#23128 Regex defect in federation script federation-sssd-setup.sh dist/quarkus
#23173 crypto/elytron package has several bugs core
#23180 TypeError in user profile admin-ui admin/ui
#23253 CLI args not recognized when running Quarkus dev mode dist/quarkus
#23255 Several help text messages missing in saml identity provider admin/ui
#23404 Cannot assign client roles to a user when a realm contains more than ~4000 clients storage
#23444 After the recent switch to resteasy-reactive we are unable to use resteasy-classic or jersey jax-rs clients.
Dependencies
#23582 Join group screen does not show child groups without filters admin/ui
#23616 invalid tag in .ftl file user-profile
#23692 Genetated access token exception then $ sign in client name core
#23733 OpenAPI spec doesn't match the admin API admin/api
#23753 Insufficient guard against path traversal GzipResourceEncodingProvider core
#23789 Can not create attribute group before setting/removing an annotation user-profile
#23795 Spelling errors in TokenManager.java oidc
#23970 Keycloak does not export/import userprofile data when exporting the realm user-profile
#24032 Group attributes are not saved if there are two attributes with the same key admin/ui
#24035 Admin UI: Group details page is not updated by group list dropdown actions admin/ui
#24067 Duplicate attribute groups show in list in UserProfile in admin ui admin/ui
#24077 Internal server error when no firstName and lastName added on the user with User Profile Disabled and Verify Profile Enabled user-profile
#24096 Document or avoid breaking change in UserSessionModel core
#24160 HTTP/2 - Last parameter of POST form data contains 0x00 byte in some configurations. core
#24183 Username now shown when creating a user and edit username is not allowed user-profile
#24187 Admin UI group view shows attributes of previously viewed group admin/ui
#24293 b.map is not a function error when LDAP server is offline core
#24420 User profile behaves different in keycloak 22.0.5 user-profile
#24453 Email-verified checkbox not visible anymore when user profile is enabled admin/ui
#24455 NPE when logging in with TransientUser storage
#24458 Unfriendly error message when user-storage provider not available admin/ui
#24487 show/hide password in clear text button visible for hiden field in "forgot password" flow login/ui
#24547 DPoP advertised on OIDC Well Known Endpoint even though DPoP feature is not enabled (preview feature) oidc
#24551 the `./kc.sh tools completion` command cannot be recognized correctly admin/cli
#24672 Basic auth is not RFC 2617 compliant authentication
#24697 User cannot update profile when some invalid attribute invisible to him is present on his profile user-profile
#24766 non-functioning session persistence when using JDBC over Infinispan infinispan
#24792 Invalid redirect_uri if it contains uppercase letters authentication
#24970 `jwt-decode` is being bundled into Keycloak JS admin/client-js
Node.js 20.10
Notable Changes
--experimental-default-type flag to flip module defaults
The new flag --experimental-default-type can be used to flip the default module system used by Node.js. Input that is already explicitly defined as ES modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs file extension or the --input-type flag, is unaffected. What is currently implicitly CommonJS would instead be interpreted as ES modules under --experimental-default-type=module:
In addition, extensionless files are interpreted as Wasm if --experimental-wasm-modules is passed and the file contains the "magic bytes" Wasm header.
-Detect ESM syntax in ambiguous JavaScript
The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. For “ambiguous” files, which are .js or extensionless files with no package.json with a type field, Node.js will parse the file to detect ES module syntax; if found, it will run the file as an ES module, otherwise it will run the file as a CommonJS module. The same applies to string input via --eval or STDIN.
We hope to make detection enabled by default in a future version of Node.js. Detection increases startup time, so we encourage everyone—especially package authors—to add a type field to package.json, even for the default "type": "commonjs". The presence of a type field, or explicit extensions such as .mjs or .cjs, will opt out of detection.
-New flush option in file system functions
When writing to files, it is possible that data is not immediately flushed to permanent storage. This allows subsequent read operations to see stale data. This PR adds a 'flush' option to the fs.writeFile family of functions which forces the data to be flushed at the end of a successful write operation.
-Experimental WebSocket client
Adds a --experimental-websocket flag that adds a WebSocket global, as standardized by WHATWG.
-vm: fix V8 compilation cache support for vm.Script
Previously repeated compilation of the same source code using vm.Script stopped hitting the V8 compilation cache after v16.x when support for importModuleDynamically was added to vm.Script, resulting in a performance regression that blocked users (in particular Jest users) from upgrading from v16.x.
The recent fixes allow the compilation cache to be hit again for vm.Script when --experimental-vm-modules is not used even in the presence of the importModuleDynamically option, so that users affected by the performance regression can now upgrade. Ongoing work is also being done to enable compilation cache support for vm.CompileFunction.
PHP 8.3.0
Bcmath:
CLI:
Core:
Curl:
Date:
DOM:
Exif:
FFI:
Fileinfo:
FPM:
GD:
Intl:
JSON:
LDAP:
LibXML:
MBString:
mysqli:
Opcache:
OpenSSL:
This week, read about:
Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
The vulnerability affects the following versions:
Apache ActiveMQ 5.18.0 before 5.18.3
Apache ActiveMQ 5.17.0 before 5.17.6
Apache ActiveMQ 5.16.0 before 5.16.7
Apache ActiveMQ before 5.15.16
Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
Docker compose 2.23.1
Features
Fixes
Fluentd 1.16.3
-4327 in_tail: Fix a stall bug on !follow_inode case
-4339 in_tail: add warning for silent stop on !follow_inodes case
-4303 Buffer: Fix NoMethodError with empty unstaged chunk arrays
-4311 Fix for rotate_age where Fluentd passes as Symbol
Node.js 21.2.0
Notable Changes
Prometheus 2.48.0
[CHANGE] Remote-write: respect Retry-After header on 5xx errors. #12677
[FEATURE] Alerting: Add AWS SigV4 authentication support for Alertmanager endpoints. #12774
[FEATURE] Promtool: Add support for histograms in the TSDB dump command. #12775
[FEATURE] PromQL: Add warnings (and annotations) to PromQL query results. #12152 #12982 #12988 #13012
[FEATURE] Remote-write: Add Azure AD OAuth authentication support for remote write requests. #12572
[ENHANCEMENT] Remote-write: Add a header to count retried remote write requests. #12729
[ENHANCEMENT] TSDB: Improve query performance by re-using iterator when moving between series. #12757
[ENHANCEMENT] UI: Move /targets page discovered labels to expandable section #12824
[ENHANCEMENT] TSDB: Optimize WBL loading by not sending empty buffers over channel. #12808
[ENHANCEMENT] TSDB: Reply WBL mmap markers concurrently. #12801
[ENHANCEMENT] Promtool: Add support for specifying series matchers in the TSDB analyze command. #12842
[ENHANCEMENT] PromQL: Prevent Prometheus from overallocating memory on subquery with large amount of steps. #12734
[ENHANCEMENT] PromQL: Add warning when monotonicity is forced in the input to histogram_quantile. #12931
[ENHANCEMENT] Scraping: Optimize sample appending by reducing garbage. #12939
[ENHANCEMENT] Storage: Reduce memory allocations in queries that merge series sets. #12938
[ENHANCEMENT] UI: Show group interval in rules display. #12943
[ENHANCEMENT] Scraping: Save memory when scraping by delaying creation of buffer. #12953
[ENHANCEMENT] Agent: Allow ingestion of out-of-order samples. #12897
[ENHANCEMENT] Promtool: Improve support for native histograms in TSDB analyze command. #12869
[ENHANCEMENT] Scraping: Add configuration option for tracking staleness of scraped timestamps. #13060
[BUGFIX] SD: Ensure that discovery managers are properly canceled. #10569
[BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series. #12558
[BUGFIX] TSDB: Fix handling of explicit counter reset header in histograms. #12772
[BUGFIX] SD: Validate HTTP client configuration in HTTP, EC2, Azure, Uyuni, PuppetDB, and Lightsail SDs. #12762 #12811 #12812 #12815 #12814 #12816
[BUGFIX] TSDB: Fix counter reset edgecases causing native histogram panics. #12838
[BUGFIX] TSDB: Fix duplicate sample detection at chunk size limit. #12874
[BUGFIX] Promtool: Fix errors not being reported in check rules command. #12715
[BUGFIX] TSDB: Avoid panics reported in logs when head initialization takes a long time. #12876
[BUGFIX] TSDB: Ensure that WBL is repaired when possible. #12406
[BUGFIX] Storage: Fix crash caused by incorrect mixed samples handling. #13055
[BUGFIX] TSDB: Fix compactor failures by adding min time to histogram chunks. #13062
This week, read about:
Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
The vulnerability affects the following versions:
Apache ActiveMQ 5.18.0 before 5.18.3
Apache ActiveMQ 5.17.0 before 5.17.6
Apache ActiveMQ 5.16.0 before 5.16.7
Apache ActiveMQ before 5.15.16
Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
ActiveMQ 6.0
AMQ-9388 - camel-activemq transitively pulls in activemq-client-jakarta
AMQ-9384 - No authentication to access webconsole
AMQ-9383 - Websocket transport options do not get applied
AMQ-9376 - Fix concurrent modification in ActiveMQServiceFactory
AMQ-9370 - Openwire marshaller should validate Throwable class type
AMQ-9369 - ActiveMQ 6.0.0 features don't install on Karaf 4.4.x
AMQ-9327 - ActiveMQ Web Console doesn't work with Jetty 11.0.16+
AMQ-9310 - Drop solaris support
AMQ-9309 - Drop 32-bit support
AMQ-9283 - Memory leak on stomp transport when a client unsubscribe
AMQ-9262 - Composite consumers do not work properly with a network of brokers
AMQ-9255 - Messages submitted via http(s) transport don't dead letter after TTL is exceeded
AMQ-9254 - KahaDB minor fix when db files may be larger than max length
AMQ-9242 - activemq-partition module should not have a compile time dependency on log4j-slf4j2-impl
AMQ-9233 - NPE in SubQueueSelectorCacheBroker.removeConsumer
AMQ-9187 - Queue Advisory message not sent when new queue created via Message which has AMQ_SCHEDULED_DELAY Header
AMQ-8049 - Failed to start Apache ActiveMQ (mKahaDB / JMX)
Camel 4.2.0
BUG (27)
CAMEL-20099 Camel-http is creating invalid Content-Encoding header based on charset from Content-Type header
CAMEL-20092 camel-core - ScheduledPollConsumer should reset error count when greedy
CAMEL-20086 Camel JBang loosing kamelets-version setting when using camel-version
CAMEL-20079 EndpointDslMojo generates wrong header names
CAMEL-20076 camel-jbang - Should skip jkube.yaml files
CAMEL-20054 camel-kubernetes - Configuration of Kubernetes secrets with Camel K not working as expected
CAMEL-20053 camel-jira: watchUpdates consumer does not see issues created after route startup
CAMEL-20037 camel-http builds StringEntity with wrong contentEncoding
CAMEL-20035 Program terminates with OutOfMemoryError
CAMEL-20033 Camel JBang dependency is not supporting Windows path with Camel files written in Java
CAMEL-20032 camel-yaml-dsl - Choice should not have steps in schema
CAMEL-20031 camel-yaml-dsl: Description property have incorrect title and description
CAMEL-20028 camel-mail - Missing attachments if disposition not set
CAMEL-20023 camel-file - File readLock changed minAge issue
CAMEL-20017 camel-yaml-dsl - ExchangeProperty language is duplicated in yaml schema
CAMEL-20010 camel-sql - Can't change table name in JdbcMessageIdRepository by adding suffix/prefix
CAMEL-20001 Overriden properties ignored with SpringPropertiesParser
CAMEL-20000 camel-flatpack DataSetList iterator iterates only once
CAMEL-19996 camel-lra NullPointerException when creating a saga with invalid lra-url
CAMEL-19982 camel-jbang - Run with --jvm-debug as last parameter does not work
CAMEL-19975 NIOConverter File to ByteBuffer conversion behavior is potentially non-deterministic
CAMEL-19970 camel-jbang - IllegalArgumentException: Unable to determine file extension for resource when a file has no extension
CAMEL-19968 camel-opentelemetry - The Tracing Strategy is failing when using pollEnrich with seda endpoint
CAMEL-19967 camel-core - Default RouteConfigurationBuilder written in Java not enabled on XML routes
CAMEL-19828 camel-twilio: conversion to PhoneNumber, .. fails after recent general converter change
CAMEL-19827 Kafka Component generates huge logs infinitely when invalid configuration is provided.
CAMEL-19068 SagaPropagationTest#testPropagationSupports fails with "Cannot begin: status is COMPLETED"
DEPENDENCY UPGRADE (20)
CAMEL-20075 camel-kubernetes - upgrade to 6.9.2
CAMEL-20074 Bump google-cloud-secretmanager-bom to version 2.29.0
CAMEL-20073 Bump google-cloud-functions-bom to version 2.31.0
CAMEL-20072 Upgrade Google Cloud BOM to version 26.26.0
CAMEL-20069 Upgrade Azure SDK BOM to version 1.2.18
CAMEL-20063 camel-jbang - Upgrade to kamelets 4.1.0
CAMEL-20052 Upgrade Quarkus to 3.5.0 in Camel JBang to align with Camel Quarkus compatible with Camel 4.1+
CAMEL-20049 camel-activemq - Upgrade to latest releases
CAMEL-20006 Upgrade Google Cloud Functions BOM to version 2.30.0
CAMEL-20005 Upgrade Google Secrets Manager BOM to version 2.28.0
CAMEL-20003 Upgrade Google Cloud BOM to version 26.25.0
CAMEL-19992 Upgrade bytebuddy that can support Java 21
CAMEL-19990 camel-spring-boot - Upgrade to 3.1.5
CAMEL-19980 Upgrade Infinispan to version 14.0.18.Final
CAMEL-19979 Upgrade Vertx to version 4.4.6
CAMEL-19978 Upgrade Netty to 4.1.100.Final
CAMEL-19966 Upgrade Testcontainer to version 1.19.1
CAMEL-19965 Camel-Plc4x: Upgrade to 0.11.0
CAMEL-19963 camel-tooling-maven - Upgrade to resolver 1.9.16
CAMEL-19638 Upgrade mockito to v5
IMPROVEMENT (36)
CAMEL-20087 Backport data types from Kamelet utils to Camel
CAMEL-20085 camel-aws - Sqs consumer throws unhandled exception during deleteMessage, should be caught by exception handler in consumer
CAMEL-20081 camel-dynamic-router eip compnent: use existing multicast processor instead of custom impl
CAMEL-20080 Removal of getExtentions() is not mentioned in migration guide to Camel 4
CAMEL-20077 camel-core - Message history should be captured after debugger
CAMEL-20071 camel-core - Backlog debugger must have node ids auto assigned eager to allow setting breakpoints on startup
CAMEL-20070 camel-core: avoid unnecessary matching lookup
CAMEL-20065 camel-core - BacklogDebugger as SPI
CAMEL-20064 camel-main - Configure debugger options
CAMEL-20061 SMPP interface version cannot be set from 3.4 to latest version 5.0, even though underlying library jSMPP supports versions 3.3, 3.4, and 5.0
CAMEL-20060 Add Azure SAS support for azure blob storage
CAMEL-20048 camel-core - Find single bean by type should use consistent method
CAMEL-20042 camel-sql, use primary spring data source by default
CAMEL-20039 camel-core - SimpleLRUCache add support for soft cache
CAMEL-20038 camel-core - Deprecate LRUWeakCache
CAMEL-20026 camel-jbang - Export allow to configure jib-maven-plugin version
CAMEL-20025 camel-aws - Should we make region an enum
CAMEL-20024 camel-core-model - Add description for new registry bean model
CAMEL-20016 camel-lra - Allow accessing Exchange in LRAClient
CAMEL-20013 AdviceWith requires camel-xml-io
CAMEL-20011 camel-vertx: Avoid usage of deprecated Vertx.executeBlocking(Handler<Promise<T>>)
CAMEL-20004 camel-core - DataTypeTransformer should be JdkService
CAMEL-20002 camel-core: Make it easier to extend DefaultInjector
CAMEL-19999 camel-bean - Allow to configure bean introspection cache on component
CAMEL-19998 camel-core: cleanup cyclic dependencies in the AbstractCamelContext
CAMEL-19997 camel-cifs: new component for the Common Internet File System
CAMEL-19988 camel-core - PropertyBindingSupport - Should not hide IllegalArgumentException with real cause if failing to set property
CAMEL-19987 camel-core - Optimize EndpointHelper.matchEndpoint to avoid regexp
CAMEL-19977 camel-core - Java DSL to support text blocks for URI endpoints
CAMEL-19905 camel-platform-http-vertx - Streaming mode for message body
CAMEL-19830 camel-seda: investigate improvements and cleanups
CAMEL-19707 camel-aws2-s3 multipart uploads crash with zero-byte files
CAMEL-19437 Provide a profile to activate Camel Route debugger when generating Camel Quarkus project with Camel JBang export
CAMEL-17040 rest-dsl - Add option to return http 204 when no data in response
CAMEL-15211 camel-main - Allow to configure SSL context parameters
CAMEL-8306 rest-dsl - Add support for wildcards to match on prefix
NEW FEATURE (12)
CAMEL-20088 Camel-Azure-Schema-Registry component: Moving the bits from camel-kamelets and have a non-classic component
CAMEL-20083 camel-opentelemtry - Make it easier to configure for camel-main
CAMEL-20082 camel-jbang - Export to support javaagents
CAMEL-20078 camel-jbang - Debug command
CAMEL-20057 camel-azure - Allow to send binary files to azure service bus
CAMEL-20050 camel-spring - Add support for @Primary spring bean autowiring
CAMEL-20036 Provide endpoint producer builder for https endpoints
CAMEL-19995 camel-jbang - Run and reload from clipboard
CAMEL-19994 camel-platform-http-vertx - Allow access to vertx request object
CAMEL-19945 camel-core - Add bean as property placeholder function
CAMEL-19907 Introduce the ability to use the old Micrometer meter names or follow the new Micrometer naming conventions
CAMEL-18637 camel-http - support OAuth 2.0
SUB-TASK (1)
CAMEL-20008 Java 21 - Test failures related to xml attribute order
Apache Tomcat 10.1.16
Catalina
Coyote
Jasper
WebSocket
Web applications
Other
Elasticsearch 8.11.0
New Features:
Since 8.10.0, self-managed connector clients do not require the Enterprise Search service. If you’re upgrading from 8.9.x or earlier to 8.10.0+, refer to these migration instructions.
Bug fixes
Known issues
Jenkins 2.432
What's new in 2.432 (2023-11-14)
The Windows container images of this release switch from a windowsservercore-1809 Temurin base image to a windowsservercore-ltsc2019 Microsoft base image. Note also that a proper set of tags is now published and they include "ltsc2019" instead of only "2019".
What's new in 2.431 (2023-11-07)
The Windows container image of this release is using Java 17 by default like the Linux images.
Logstash 8.11.1
Downgrade jackson to avoid serialization issues when log.format is set to "json"
PostgreSQL 16.1
This release contains a variety of fixes from 16.0. For information about new features in major release 16. A dump/restore is not required for those running 16.X. However, several mistakes have been discovered that could lead to certain types of indexes yielding wrong search results or being unnecessarily inefficient. It is advisable to REINDEX potentially-affected indexes after installing this update. See the fourth through seventh changelog entries below.
This error led to a text-type value being interpreted as an unknown-type value (that is, a zero-terminated string) at runtime. This could result in disclosure of server memory following the text value. The PostgreSQL Project thanks Jingzhou Fu for reporting this problem. (CVE-2023-5868)
When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2023-5869)
The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes (we'll just start another one), but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. The PostgreSQL Project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem. (CVE-2023-5870)
Fix a case where the location of a page downlink was incorrectly tracked, and introduce some logic to allow recovering from such situations rather than silently doing the wrong thing. This error could result in incorrect answers from subsequent index searches. It may be advisable to reindex all GiST indexes after installing this update.
There are interval values that are distinguishable but compare equal, for example 24:00:00 and 1 day. This breaks assumptions made by btree de-duplication, so interval columns need to be excluded from de-duplication. This oversight can cause incorrect results from index-only scans. Moreover, after updating amcheck will report an error for almost all such indexes. Users should reindex any btree indexes on interval columns.
The distance calculation for dates was backward, causing poor decisions about which entries to merge. The index still produces correct results, but is much less efficient than it should be. Reindexing BRIN minmax_multi indexes on date columns is advisable.
Infinities were mistakenly treated as having distance zero rather than a large distance from other values, causing poor decisions about which entries to merge. Also, finite-but-very-large values (near the endpoints of the representable timestamp range) could result in internal overflows, again causing poor decisions. The index still produces correct results, but is much less efficient than it should be. Reindexing BRIN minmax_multi indexes on timestamp and timestamptz columns is advisable if the column contains, or has contained, infinities or large finite values.
This bug might have caused unexpected failures while trying to insert large interval values into such an index.
Some cases involving an IS NULL condition on one of the partition keys could result in a crash.
In READ COMMITTED mode, an update that finds that its target row was just updated by a concurrent transaction will recheck the query's WHERE conditions on the updated row. MERGE failed to ensure that the proper rows of other joined tables were used during this recheck, possibly resulting in incorrect decisions about whether the newly-updated row should be updated again by MERGE.
If the initially-named table is excluded by constraints, but not all its inheritance descendants are, the first non-excluded descendant was identified as the primary target table. This would lead to firing statement-level triggers associated with that table, rather than the initially-named table as should happen. In v16, the same oversight could also lead to “invalid perminfoindex 0 in RTE with relid NNNN” errors.
When restoring an indexscan to a previously marked position, the code could miss required setup steps if the scan had advanced exactly to the end of the matches for a ScalarArrayOpExpr (that is, an indexcol = ANY(ARRAY[])) clause. This could result in missing some rows that should have been fetched.
The origin condition set by one call of this function would be re-used by later calls that did not specify the origin argument. This was not intended.
Previously, a not-on-point complaint “only heap AM is supported” would be raised.
Report an error if pgstatindex(), pgstatginindex(), pgstathashindex(), or pgstattuple() is applied to an invalid index. If brin_desummarize_range(), brin_summarize_new_values(), brin_summarize_range(), or gin_clean_pending_list() is applied to an invalid index, do nothing except to report a debug-level message. Formerly these functions attempted to process the index, and might fail in strange ways depending on what the failed CREATE INDEX had left behind.
If the incoming vector includes position data, the binary receive function left wasted space (roughly equal to the size of the position data) in the finished tsvector. In extreme cases this could lead to “maximum total lexeme length exceeded” failures for vectors that were under the length limit when emitted. In any case it could lead to wasted space on-disk.
Improper sharing of insertion state across partitions could result in failures during COPY FROM, typically manifesting as “could not read block NNNN in file XXXX: read only 0 of 8192 bytes” errors.
This avoids a possible error if the default value isn't actually valid for the column, or if the default's expression would fail in the current execution context. Such edge cases sometimes arise while restoring dumps, for example. Previous releases did not fail in this situation, so prevent v16 from doing so.
Recent refactoring accidentally removed the intended error check for this, such that it ended in “cache lookup failed for function 0” instead of a useful error message.
No built-in parameter fits this description, but an extension could define such a parameter.
This prevents possible misbehavior if any catalog entries for the temp tables have fields wide enough to require toasting (such as a very complex CHECK condition).
This fix avoids a race condition in which a child process that has been forked off by system(), but hasn't yet exec'd the intended child program, might receive and act on a signal intended for the parent server process. That would lead to duplicate cleanup actions being performed, which will not end well.
On some file systems, reading pg_control may not be an atomic action when the server concurrently writes that file. This is detectable via a bad CRC. Retry a few times to see if the file becomes valid before we report error.
Acquire the appropriate lock before reading pg_control, to ensure we get a consistent view of that file.
On 64-bit machines we will allow values of track_activity_query_size large enough to cause 32-bit overflow when multiplied by the allowed number of connections. The code actually allocating the per-backend local array was careless about this though, and allocated the array incorrectly.
The block-level counters should be reset to zero at the same time we update the current-relation field.
This could result in some statistics about WAL I/O being forgotten in a shutdown.
These were counted as normal-table writes when they should be counted as temp-table writes.
DDL commands, such as replacement of a function that has been inlined into a CALL argument, can create the need to re-plan a CALL that has been cached by PL/pgSQL. That was not happening, leading to misbehavior or strange errors such as “cache lookup failed”.
This oversight could lead to assertion failures, core dumps, or “bogus varno” errors.
In most cases this oversight was harmless, since these functions would be unlikely to disappear while the node's original operator remains present.
An out-of-memory error occurring at just the wrong point could leave behind inconsistent state that would lead to an infinite loop.
Previously this would be treated as a bogus-data condition, leading to the conclusion that we'd reached the end of WAL, which is incorrect and could lead to inconsistent WAL replay.
This code violated the conditions required for crash safety by writing WAL before marking changed buffers dirty. No core code uses this function, but extensions do (contrib/bloom does, for example).
Due to this oversight, subscriptions would always be restored with run_as_owner set to false, which is not equivalent to their behavior in pre-v16 releases.
Formerly, only the table-level ACL would get restored if both types were present.
These obsolete data types were removed in PostgreSQL version 12, so check to make sure they aren't present in an older database before claiming it can be upgraded.
Multiple -N switches should exclude tables in multiple schemas, but in fact excluded nothing due to faulty construction of a generated query.
This fix prevents false-positive reports of “the first child of leftmost target page is not leftmost of its level”, “block NNNN is not leftmost” or “left link/right link pair in index XXXX not in agreement”. They appeared if amcheck ran after an unfinished btree index page deletion and before VACUUM had cleaned things up.
Such an indexscan failed to return all the entries it should.
Xcode 15 (released with macOS Sonoma) changed the linker's behavior in a way that causes many duplicate-library warnings while building PostgreSQL. These were harmless, but they're annoying so avoid citing the same libraries twice. Also remove use of the -multiply_defined suppress linker switch, which apparently has been a no-op for a long time, and is now actively complained of.
Presence of this abbreviation in the default list can cause failures on recent Debian and Ubuntu releases, as they no longer install the underlying tzdb entry by default. Since this is a made-up abbreviation for a zone with a total human population of about two dozen, it seems unlikely that anyone will miss it. If someone does, they can put it back via a custom abbreviations file.
Sonatype Nexus Repository 3.62.0
NEXUS-40526: Fixed a display issue that was causing tag associations to be missing from on raw components after migration to PostgreSQL. Note: this was a display issue only and did not result in any missing data.
NEXUS-40425: Fixed an issue that existed in version 3.61.0 that was preventing startup when .bak files existed under restore-from-backup.
NEXUS-40423: Resolved an issue in 3.61.0 where duplicate user tokens were breaking upgrades. Upgrades now succeed and will detect duplicate rows and produce a log warning.
NEXUS-40313: User tokens work as expected with Conan repositories.
NEXUS-40196: Created an advanced option for Sonatype Nexus Repository Pro customers to clean up identical Docker image layers across repositories. See our Support knowledgebase article for full details.
NEXUS-40120: Made changes to reduce the number of queries performed when running Nuget V2 FindPackagesById in PostgreSQL environments.
NEXUS-39411: Resolved a database migrator issue that was causing some NuGet downloads to fail after migrating to PostgreSQL.
NEXUS-39150: The database migrator --healthcheck option now also checks the configuration database for corruptions in config classes.
NEXUS-38257: Repository configuration changes that occur while a search reindex task is running cause a lock exception after waiting for 60 seconds; however, the repository now stays in a stable state. A subsequent try to save the config change now works as expected once the long-running task is complete.
NEXUS-36836: Running the DeadBlobsFinder groovy script against a large database no longer causes out of memory errors.
NEXUS-32009: The last-modified date for hosted yum repositories now matches the metadata rebuild date after migrating from OrientDB to H2.
NEXUS-22262: Made changes to address multiple issues that were causing build failures due to failing to return maven-metadata.xml from a group repository.
This week, read about:
Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 8 systems to protect against this vulnerability. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
The vulnerability affects the following versions:
Angular 16.2.12
Animations:
fix - remove finish listener once player is destroyed (#51136)
common:
fix - apply fixed_srcset_width values only to fixed srcsets (#52486)
compiler-cli:
fix - properly emit literal types in input coercion function arguments (#52437)
fix - use originally used module specifier for transform functions (#52437)
RabbitMQ 3.12.8
Minimum Supported Erlang Version
As of 3.12.0, RabbitMQ requires Erlang 25. Nodes will fail to start on older Erlang releases. Users upgrading from 3.11.x (or older releases) on Erlang 25 to 3.12.x on Erlang 26 (both RabbitMQ and Erlang are upgraded at the same time) must consult the v3.12.0 release notes first.
Changes Worth Mentioning:
Release notes can be found on GitHub at rabbitmq-server/release-notes.
Core Server
Bug Fixes:
Enhancements:
Shovel Plugin
Enhancements:
AMQP 1.0 Erlang Client
Enhancements:
Redis 7.2.3
Upgrade urgency: HIGH, Fixes critical bugs affecting most users.
Bug fixes:
This week, read about:
OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 8 systems to protect against these vulnerabilities. As usual, please ensure that you test these updates before deploying to production.
If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Nginx 1.25.3
* Change: improved detection of misbehaving clients when using HTTP/2.
* Feature: startup speedup when using a large number of locations. Thanks to Yusuke Nojima.
* Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 without SSL; the bug had appeared in 1.25.1.
* Bugfix: the "Status" backend response header line with an empty reason phrase was handled incorrectly.
* Bugfix: memory leak during reconfiguration when using the PCRE2 library.
* Bugfixes and improvements in HTTP/3.
TomEE 9.1.1
Dependency Upgrade:
TOMEE-4246 ActiveMQ 5.18.2
TOMEE-4230 Backport fix for CVE-2023-34981
TOMEE-4239 Backport fix for CVE-2023-41080
TOMEE-4235 Bouncy Castle 1.75
TOMEE-4243 Bouncy Castle 1.76
TOMEE-4139 CXF 4.0.3 (jakarta namespace)
TOMEE-4247 Hibernate 6.1.7
TOMEE-4227 Jackson 2.15.2
TOMEE-4228 Johnzon 1.2.21
TOMEE-4248 Mojarra 3.0.5
TOMEE-4254 Port fix for CVE-2023-42795
TOMEE-4255 Port fix for CVE-2023-44487
TOMEE-4256 Port fix for CVE-2023-45648
TOMEE-4249 SnakeYAML 2.2
TOMEE-4250 WSS4J 3.0.1
TOMEE-4232 bcprov-jdk15to18-1.74.jar
TOMEE-4251 xmlsec 3.0.2
Bug:
TOMEE-4222 @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException
TOMEE-4225 Remove commons-net from TomEE distribution
TOMEE-4226 DataSource definition fails when @DataSourceDefinition doesn’t define url property
Improvement:
TOMEE-4031 Improve TomEE Jmx Mbean Support for Parameter Names
Fixed Common Vulnerabilities and Exposures (CVEs):
TOMEE-4230 Backport fix for CVE-2023-34981
TOMEE-4254 Port fix for CVE-2023-42795
TOMEE-4227 Jackson 2.15.2
HAMCConfidentialKey
) when running in FIPS mode only. (pull 8612)println
and similar methods for the groovy
CLI command (regression in 2.427). (issue 72181)Angular v16.2.11
Core:
fix - emit provider configured event when a service is configured with providedIn (#52365)
fix - get root and platform injector providers in special cases (#52365)
fix - load global utils before creating platform injector in the standalone case (#52365)
Router:
fix - RouterTestingHarness should throw if a component is expected but navigation fails (#52357)
ActiveMQ 5.18.3
Bug:
[AMQ-9187] - Queue Advisory message not sent when new queue created via Message which has AMQ_SCHEDULED_DELAY Header
[AMQ-9255] - Messages submitted via http(s) transport don't dead letter after TTL is exceeded
[AMQ-9287] - activemq 5.18.1 with jdk 17
Improvement:
[AMQ-9301] - Add additional fields to o.a.activemq.broker.jmx.Connection
[AMQ-9315] - Add connectTimestamp to Connection and JMX view
[AMQ-9343] - Reduce inflight transaction memory footprint in KahaDB
[AMQ-9370] - Openwire marshaller should validate Throwable class type
Task:
[AMQ-8325] - Implement JMS 2.0 XA methods
[AMQ-9306] - Make the WebConsole accessible from outside the Docker container
[AMQ-9351] - Update Jenkinsfile to support specifying JDK version as a build option
Dependency Upgrade:
[AMQ-9293] - Upgrade to Spring 5.3.30
[AMQ-9313] - Upgrade to ASM 9.5
[AMQ-9317] - Upgrade to maven-enforcer-plugin 3.4.1
[AMQ-9318] - Upgrade to maven-javadoc-plugin 3.6.0
[AMQ-9319] - Upgrade to maven-war-plugin 3.4.0
[AMQ-9320] - Upgrade to dependency-check-maven 8.4.0
[AMQ-9321] - Upgrade to maven-shade-plugin 3.5.1
[AMQ-9322] - Upgrade to depends-maven-plugin 1.5.0
[AMQ-9329] - Upgrade to Jetty 9.4.53.v20231009
[AMQ-9331] - Upgrade to ASM 9.6
[AMQ-9332] - Upgrade to xbean 4.24
[AMQ-9352] - Upgrade to jackson 2.15.3
[AMQ-9355] - Upgrade to commons-io 2.14.0
[AMQ-9358] - Upgrade to shiro 1.12.0
[AMQ-9360] - Upgrade to ant 1.10.14
[AMQ-9361] - Upgrade to commons-dbcp2 2.10.0
[AMQ-9362] - Upgrade to commons-pool2 2.12.0
[AMQ-9364] - Upgrade to slf4j 2.0.9
ActiveMQ 5.15.16
Bug:
[AMQ-5388] - User Role Granted Full Privileges in jetty.xml
[AMQ-7344] - ActiveMQ WebConsole doesn't work on Karaf with Jackson 2.10.x
[AMQ-8117] - VirtualSelectorCacheBrokerPlugin throws false positive exception
[AMQ-8395] - NPE on Topic SlowConsumerAdvisory
[AMQ-8439] - Validate example camel.xml fails in the assembly
Improvement:
[AMQ-8468] - CVE-2022-23437: Infinite loop within Apache XercesJ xml parser
[AMQ-9370] - Openwire marshaller should validate Throwable class type
Dependency Upgrade:
[AMQ-8358] - Upgrade xstream to 1.4.18
[AMQ-8359] - Upgrade slf4j to 1.7.32
[AMQ-8396] - Upgrade to jaxb-basics 0.12.0
ActiveMQ Artemis 2.31.2
[ARTEMIS-4477] - artemis-commons does not transform the META-INF/services/javax.json.spi.JsonProvider to the shaded package
ActiveMQ Artemis 2.31.1
Bug
[ARTEMIS-4141] - Message flow gets stuck
[ARTEMIS-4270] - Messages get lost when using multiple consumers with topic hierarchies
[ARTEMIS-4432] - openwire connection failure handling is bypassing the actor and ignoring the operation context leading to contention in error
[ARTEMIS-4435] - Some Artemis artifacts misses MANIFEST.MF content
[ARTEMIS-4442] - Message Redistributor is leaking LinkedListImpl$Iterator
[ARTEMIS-4450] - Auto-deleted clustered destinations can cause message loss
[ARTEMIS-4451] - non-SASL AMQP connection fails if resource audit logging enabled
[ARTEMIS-4453] - Bridge blocked by flow control, seemingly forever
Improvement:
[ARTEMIS-4433] - improve Reproducible Builds
[ARTEMIS-4443] - properties config - support broker plugin - logging broker plugin
[ARTEMIS-4444] - Allow broker classpath extension using custom paths
[ARTEMIS-4447] - Add paging prefetch parameters into address settings
[ARTEMIS-4449] - [DOC] Fix url parameter separator in acceptor configuration
[ARTEMIS-4456] - Register metrics plugin
[ARTEMIS-4459] - Broker should log when ignoring a duplicate MQTT QoS 2 message
[ARTEMIS-4467] - Core client code visibility change required
Task:
[ARTEMIS-4434] - Add extra logging.debug on Redistributor when redistribution is happening
[ARTEMIS-4441] - Add Docker chapter to User Manual
[ARTEMIS-4446] - Improve readability of code/config blocks in user manual
[ARTEMIS-4461] - Declare implicit dependencies for artemis-features
[ARTEMIS-4464] - Cleanup on Soak and Smoke Tests
[ARTEMIS-4466] - Disable Artemis-features verification on non test profiles
[ARTEMIS-4471] - Mark Artemis Maven Plugins as threadSafe=true
Dependency Upgrade:
[ARTEMIS-4437] - Upgrade OWASP to 8.4.0
[ARTEMIS-4438] - Upgrade JGroups to 5.3.0.Final
[ARTEMIS-4439] - Upgrade Netty to 4.1.100.Final
[ARTEMIS-4457] - Upgrade jetty version to 10.0.16
[ARTEMIS-4474] - Update to Zookeeper 3.8.3
[ARTEMIS-4475] - Upgrade ActiveMQ “Classic” to 5.17.6
Etcd v3.5.10
etcd server:
etcdutl v3:
etcdctl v3:
etcd grpc-proxy:
Package clientv3:
Dependencies:
Grafana 10.2.0
Features and Enhancements:
None
role for 10.2. #76343, @eleijonmarcksort
query param for teams search endpoint. #75622, @gamabsort
query param for user and org user, search endpoints. #75229, @gamabWithContextualAttributes
to pass log params based on the given context. #74428, @svennergruseForm
to children. #73831, @javiruiz01keep
and drop
operations. #73636, @ivanahuckovaid
field to Elastic responses to allow permalinking. #73382, @svennergr$__auto
range variable for metric queries. #72690, @ivanahuckovaunstable
package to grafana-ui
. #72660, @eledobleefeBug Fixes:
Keycloak 22.05
Enhancements:
Bugs:
MongoDB 7.0.2 and 7.0.3
7.0.2 Changelog
Sharding:
SERVER-44422: Allow findAndModify and delete one to target by query instead of extracted shard key
SERVER-75634: The logic in attachCursorSourceToPipelineForLocalRead performs shard versioning by UUID
SERVER-78657: Get rid of getSplitCandidatesForSessionsCollection and minNumChunksForSessionsCollection
SERVER-79086: Deletion of ReshardingCoordinatorService state document is not idempotent
SERVER-796821: ShardsvrReshardCollection Can Hang If Stepdown Occurs Shortly After Stepping Up
SERVER-79771: Make Resharding Operation Resilient to NetworkInterfaceExceededTimeLimit
SERVER-80236: Race in migration source registration and capturing writes for xferMods for deletes
SERVER-80246: Fsync test is not correctly checking for concurrent ddl operations
SERVER-80463: MigrationChunkClonerSourceOpObserver::onInserts() written to look like it skips checking some documents for whether their chunk has moved
SERVER-80712: Avoid leaving the replica set shard partitioned at the end of linearizable_read_concern.js
Operations:
SERVER-58534: Collect FCV in FTDC
SERVER-77610: Log session id associated with the backup cursor
Build and Packaging:
WT-11302: failed: format-failure-configs-test on ubuntu2004-arm64 with OOM [wiredtiger @ e298381e]
Internals:
SERVER-50606: NetworkInterfaceTest needs to be more permissive with async op timeout
SERVER-52149: Create feature flag for Make taking self-managed backups in 4.4+ as safe as possible
SERVER-52452: Enable feature flag for Make taking self-managed backups in 4.4+ as safe as possible
SERVER-68132: Remove Feature Flag for PM-2076
SERVER-71520: Dump all thread stacks on RSTL acquisition timeout
SERVER-73253: Better path tracking when renaming nested/compound grouping fields
SERVER-73348: Aggregation bug in DocumentSourceSequentialDocumentCache
SERVER-74893: Change default enumeration strategy for planning $or queries
SERVER-74954: Incorrect result when contained $or rewrites $elemMatch extra condition
SERVER-75255: Remove all outdated entries from backports_required_for_multiversion_tests.yml
SERVER-75693: $vectorSearch Documentation Updates
SERVER-76780: Robustify sparse_index_internal_expr.js and compound_wildcard_index_hiding.js test
SERVER-76840: Filter oplog for query_oplogreplay collection
SERVER-76932: Add a way for a thread to know when the SignalHandler thread is done with printAllThreadStacks
SERVER-77134: Search queries hold storage tickets while waiting for response from network
SERVER-77232: Platform Support: Remove support for Debian 10
SERVER-77233: Platform Support: Remove support for Ubuntu 18.04
SERVER-77542: Internal operations should handle TemporarilyUnavailable and TransactionTooLargeForCache exceptions
SERVER-77638: Add logging on completion of resharding
SERVER-77677:Test or_to_in.js should run only in 7.0 and above.
SERVER-77732: Create LTO variant
SERVER-77862: Exclude compact.js from running in macos variants
SERVER-77991: $$USER_ROLES not available within aggregation sub-pipeline
SERVER-78149: Implement the mongos fsync (lock : true) command
SERVER-78150: Implement the mongos fsyncUnlock command
SERVER-78151: Add fsyncLock status to the mongos currentOp command
SERVER-78153: Unlock the config server primary via the mongos fsyncUnlock command
SERVER-78154: Detect on-going DDL operations in fsync with lock command
SERVER-78156: Test the mongos fsync with lock command with distributed transactions
SERVER-78159: Merge DocumentSourceInternalSearchMongotRemote and DocumentSourceInternalIdLookup into DocumentSourceSearch
SERVER-78164: Make SBE eligible for DocumentSource with requiresInputDocSource = false
SERVER-78217: Renaming view return wrong error on sharded cluster (2nd attempt)
SERVER-78252: Block chunk migrations for hashed shard keys if you don’t have the shard key index
SERVER-78253: Allow folks with hashed shard keys to drop the hashed index
SERVER-78505: Database cache does not use the 'allowLocks' option correctly
SERVER-78529: Create feature flag
SERVER-78530: Enable feature flag
SERVER-78650: Change stream oplog rewrite of $nor hits empty-array validation if no children are eligible for rewrite
SERVER-78721: Remove multiversion compatibility for rename view test
SERVER-78746: Enable feature flag in 7.0
SERVER-78793: Add a timeout to the mongos FSync Lock Command
SERVER-78831: Make $listSearchIndexes throw an Exception when used outside of Atlas
SERVER-78848: $listSearchIndexes behavior should be consistent with other aggregations when the collection does not exist
SERVER-78917: Relax condition in a router loop in shard_version_retry
SERVER-78987: Remove the free monitoring code from mongodb/mongo repo
SERVER-79025: Mongos Fsync with lock command should use mongos fsyncUnlock command
SERVER-79045: Update yaml-cpp entry in README.third_party.md to 0.6.3
SERVER-79046 The PreWriteFilter should be disabled if the mongod process is started with --shardsvr and in queryable backup mode
SERVER-79054 Modify service_executor_bm to run an empty benchmark on ASAN
SERVER-79236 Server cannot start in standalone if there are cluster parameters
SERVER-79336 [Security] Audit v7.0 feature flag
SERVER-79360 Avoid accessing OpDebug from other threads
SERVER-79497 Backport $vectorSearch to 7.0
SERVER-79552 $group rewrite for timeseries returns incorrect result if referencing the metaField in an object
SERVER-79599 Geospatial Query Error on MongoDB Version 6.3.2
SERVER-79780 ScopedCollectionDescription shouldn't hold a RangePreserver
SERVER-79912 CheckReplDBHash reports failure with system.buckets collections due to invalid BSON
SERVER-79958 Schedule the high-value workloads to run more regularly
SERVER-79974 Time-series bucket change stream shardCollection events translate shardKey fields
SERVER-79982 Batched catalog writers can run concurrently with HistoricalCatalogIdTracker::cleanup() and lead to incorrect PIT find results.
SERVER-80100 Fix typo in excluding compound_wildcard_index_hiding.js and sparse_index_internal_expr.js
SERVER-80140 Use the $currentOp to verify that fsyncLockWorker threads are waiting for the lock
SERVER-80234 Catalog cache unit tests of allowLocks should block the refresh
SERVER-80302 capped_large_docs.js is not resilient to replication rollback
SERVER-80465 Make numCandidates optional on mongod for $vectorSearch
SERVER-80488 Avoid traversing routing table in balancer split chunk policy
SERVER-80491 Expose more granular metrics around balancing round
SERVER-80544 Fix incorrect wait in runSearchCommandWithRetries
SERVER-80655 Reduce logging in release tasks
SERVER-80678 Remove an outdated test case
SERVER-80696 Fix How limit is calculated in $_internalSearchMongotRemote
SERVER-80708 Increase the sys-perf 'Compile for Atlas-like' task size
SERVER-80740 [7.0,7.1] Remove stream testing
SERVER-80772 Stage builders generate invalid plan for simple project after sort query
SERVER-80786 [7.0] Sharded time-series buckets should allow deleteOne against _id
SERVER-80828 Disable configure_query_analyzer_persistence.js from the sharding_csrs_continuous_config_stepdown suite
SERVER-80912 Enterprise RHEL 7.1 ppc64le failures on 6.0 waterfall
SERVER-80975 shardCollection(timeseriesNss) may accessed unititialised request parameters when invoked on a multiversion suite
SERVER-81013 Fix resolveCollator to return 'kNo' when query has collator and collection does not
SERVER-81031 Remove unowned RecordStore reference in WT RandomCursor class
SERVER-81036 Fix the test entry in the backports_required_for_multiversion_tests.yml
SERVER-81372 Collection defragmentation phases sporadically jump backward
WT-10108 Add a data structure encapsulating user level truncate context
WT-10786 Block checksum mismatch in bench-tiered-push-pull-s3
WT-10873 failed: Unable to locate update associated with a prepared operation [wiredtiger @ 57bcfe46]
WT-10927 Re enable HS verification
WT-10987 Always log a truncate even if no work to do
WT-10992 Implement testutil functions for directory copy and remove
WT-11060 format failure: unable to locate update associated with a prepared operation
WT-11168 Remove the page image reuse logic
WT-11222 Fix run_format_configs to execute failed configs in parallel
WT-11223 Prepare resolution diagnostic check reads freed update
WT-11247 Reduce long-test format rows to limit disk usage
WT-11280 Generation tracking might not be properly synchronized
WT-11299 Fix run_format_configs.sh script to grep exact process id
WT-11423 Unable to locate update associated with a prepared operation
WT-11424 WT_CURSOR.search: timed out with prepare-conflict
WT-11636 Disable Google SDK tiered test
WT-11638 Fix prepared update resolution assertion
WT-11684 Revert "WT-10927 Re-enable HS verification in mongodb-v7.0
MySQL 8.2.0
Changes in MySQL 8.2.0 (2023-10-25, Innovation Release):
Node.js 21.1.0
Notable Changes
Automatically detect and run ESM syntax:
The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. For “ambiguous” files, which are .js or extensionless files with no package.json with a type field, Node.js will parse the file to detect ES module syntax; if found, it will run the file as an ES module, otherwise it will run the file as a CommonJS module. The same applies to string input via --eval or STDIN. We hope to make detection enabled by default in a future version of Node.js. Detection increases startup time, so we encourage everyone — especially package authors — to add a type field to package.json, even for the default "type": "commonjs". The presence of a type field, or explicit extensions such as .mjs or .cjs, will opt out of detection. Contributed by Geoffrey Booth in #50096.
Other Notable Changes:
[3729e33358] - doc: add H4ad to collaborators (Vinícius Lourenço) #50217
[18862e4d5d] - (SEMVER-MINOR) fs: add flush option to appendFile() functions (Colin Ihrig) #50095
[5a52c518ef] - (SEMVER-MINOR) lib: add navigator.userAgent (Yagiz Nizipli) #50200
[789372a072] - (SEMVER-MINOR) stream: allow pass stream class to stream.compose (Alex Yang) #50187
[f3a9ea0bc4] - stream: improve performance of readable stream reads (Raz Luvaton) #50173
[dda33c2bf1] - vm: reject in importModuleDynamically without --experimental-vm-modules (Joyee Cheung) #50137
[3999362c59] - vm: use internal versions of compileFunction and Script (Joyee Cheung) #50137
[a54179f0e0] - vm: unify host-defined option generation in vm.compileFunction (Joyee Cheung) #50137
PHP 8.2.12
Core:
CLI:
CType:
DOM:
Fileinfo:
Filter:
Hash:
Intl:
MySQLnd:
Opcache:
PCRE:
SimpleXML:
Streams:
XML:
XSL:
Ceph 17.2.7
Notable Changes:
Ansible AWX 23.3.1
Replaced the Execution Environment Setup Reference section of the Execution Environments chapter of the AWX User Guide with a link to the Builder's definition docs instead of duplicating its content (@Andersson007 #14562)
As open source support experts, we monitor community projects to ensure our customers’ environments include the latest releases and are protected against emerging threats. We share what we learn about important open source news including software releases, trending topics, and other related information including upcoming OpenLogic events in our OpenUpdate Weekly newsletter.
Complete the form to receive an email message when we post a new OpenUpdate.
If you have any questions about the content in this week’s newsletter, or are interested in getting support for your open source software, please contact one of our experts.
Learn more about the content in this newsletter and how you can achieve your goals with your choice of open source software.