OpenUpdate - January 18, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Redis 7.2.4 and 7.0.15
Security Fixes
- (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.
Bug Fixes
- Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
- Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
- Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
Non-Security Updates
OpenJ9 0.42
OpenJ9 Changes from 0.4
- 874af12 (0.42) Add a NULL check on threadObject in destroyThreadData Babneet Singh #18690
- 69b6ceb (0.42) Fix GetThreadStateTest Babneet Singh #18662
- 012884b (0.42) Initialize recycled continuations in createContinuation before usage Babneet Singh #18657
cfcd5ea (0.42) Fix PowerPC specific issues hulin #18651 - 4fb12e9 (0.42) Prevent requesting exclusive, if already acquired Aleksandar Micic #18629
- fe20d7a (0.42) Add OPENJCEPLUS_SUPPORT flag in JPP tags Tao Liu #18605
- f63b8a0 (0.42) Enable -XX:[+|-]CRIUSecProvider JVM option WilburZjh #18594
- bf7a9b9 (0.42) The java.compiler system property is obsolete in jdk21+ Peter Shipton #18586
- 73dd4df Remove java.lang.Compiler for Java 21+ Keith W. Campbell #18580
a3d5fc3 Fix 0.42 CRIU test compilation error Jason Feng #18553 - 7d0f105 (v0.42) Add an additional param to SH_CompositeCacheImpl::reset() Hang Shao #18549
- b59008a (0.42) Use correct GC flag in HCR dark matter cleanup Graham Chapman #18546
- 2e15576 (v0.42.0-release) elapsed time tests Jason Feng #18530
- 8e75976 [0.42] Virtual Thread Support Babneet Singh #18494
- 07c68b3 0.42.0: Append cp to method and field annotation data to fix redefinition inconsistencies Theresa Mammarella #18490
- 16ff7d7 (0.42) Add NULL check for continuation struct Graham Chapman #18492
- df46709 [FFI/Jreg_JDK21] Fix the issue with the nested struct in libffi ChengJin01 #18375
- f819b7e Conform to spec for BootstrapMethodError for OJDK MHs for JDK 8 Nathan Henderson #18445
5fde7f7 Fix continuation stacks when breakpointing Graham Chapman #18413 - bc535a4 Spin during VirtualThread MountBegin and UnmountBegin Babneet Singh #18439
- f9dffe6 Remove the space at the end of J9NLS_VM_STACK_TRACE_EXCEPTION_IN, update all NLS translations Peter Shipton #18446
- 8fa4dd4 [Verifier] Fix the field access issue with putfield/getfield ChengJin01 #18440
- 8081c37 Conform to pre JEP 274 for OpenJ9 MHs Nathan Henderson #18441
- f1d8ad7 Add explicit enum casts to prevent warnings Dylan Tuttle #18237
- bf1f4dc Fix comparison of non-pointer to NULL Dylan Tuttle #18266
- 881ab73 Disable idiomRecognition on x86 for warm opt levels Marius #18433
- e4b82f2 Compile jdk8, 11 alinux with gcc 10.3, p,zlinux with gcc 11.2 Peter Shipton #18408
- 2a351fb Remove fall through comments from case statements with no code Babneet Singh #18442
- f4501d1 Support the new VirtualThread states Babneet Singh #18421
- 5e618ab Clear vmthread from thread object at shutdown tajila #18343
- 333880b Virtual Thread Support Babneet Singh #18432
- 3126552 Tolerate null in getLoaderNameID() Keith W. Campbell #18435
- f7cf540 JDK22+ add Throwable.jfrTracing Jason Feng #18428
- 94eedff Fixing compilation problem Dmitri Pivkine #18434
- 084fe2a Z: Update vsnprintf test to match the omr atoe_util changes Ehsan Kiani Far #18362
- df7853e Update OpenSSL with the fix for CVE-2023-5678 Peter Shipton #18423
- 9b34f8b Use assertion with message for object allocation sanity checks Dmitri Pivkine #18419
- 001e9c5 Re-fetch objects after VM access is released and reacquired Babneet Singh #18420
- 2dc399e Fix SSL Test Failure due to client exiting too soon during remote compile SajinaKandy #18393
- 04f76db Adapt getCallerClass MH tests for ojdk8 MHs Nathan Henderson #18396
- 406c9da Correct the handling of hidden class field comparisions Nazim Bhuiyan #18374
- 0a0620e Removed duplicate System.gc() in test Florian Grabmeier #18339
- 70f5655 Update graph_tool_script.build in Windows specs to msvc2022 Peter Shipton #18414
- 3ba8567 Adapt cross package interface test to correctly handle Java 8 Nathan Henderson #18398
- bb39169 Update JIT UMA link step to include ucrt, vcruntime for VS2022 Peter Shipton #18404
- 648c16f Compile IBM Java 8 plinux LE with gcc 11.2 Peter Shipton #18407
- f55c20e Add support for -XX:Compatibility=elasticsearch Keith W. Campbell #18387
- 132d734 jdk8,11 Ignore "allow" and "disallow" set in java.security.manager Peter Shipton #18402
- 4acf608 Don't cache instances of TemporaryLoggerFinder Peter Shipton #18406
- 60b2e21 Update callsiteddrtests to require a successful core Peter Shipton #18347
- 09ab27b Fix some errors with nls messages Peter Shipton #18397
- 0d0f5ed Updated recognized methods for newer JDKs jimmyk #18383
- b614f6c Add option to enforce/disable IProfiler during startup phase Abdulrahman Alattas #18381
- 6378d21 [FFI/Test_JDK22] Add test suites intended for union ChengJin01 #18388
- 5c2e703 Pass NULL walkState to jvmti callback for JNI local reference on stack hulin #18394
- 9485b48 Ensure thread GC environment exists during restore Amarpreet Singh #18391
- a00333d Tracepoints for the memory usage of memory pools Lin Hu #17899
- 59eb37d Add addition testing for ThreadMXBean thread alloc Tobi Ajila #18365
- 1217913 Enable warnings as errors on Aarch64 in the JIT Dylan Tuttle #18382
- 42ff412 Replace NULL with 0 in call to generateSrc1Instruction Dylan Tuttle #18244
- 20cb61e Add 'const' to return type of Instruction::description Dylan Tuttle #18276
- 032fb02 Fix code cache allocation with large pages enabled SajinaKandy #18342
- ca9cc47 Fix JNI Local Reference reporting issue hulin #18379
- 0ee3f98 [FFI/JDK21] Enable the union support in JDK21 ChengJin01 #18291
- 3a5a8e6 Recognize JNI local refs in JNINativeMethodFrames Jack Lu #18378
- b4ecea9 Adapt getCallerClass MH tests for ojdk11 MHs Nathan Henderson #18372
- edd7fc3 Eliminate tautological comparisons Dylan Tuttle #18261
- 1a3b424 Improve MethodHandle direct dispatch J2I-prevention transformations Devin Papineau #17954
- 33bc781 Add ability to run Update ref repo job serially Adam Brousseau #18376
- a80c01f Part 3 of adding lw5 ValueTypeTests Theresa Mammarella #18348
- b1f9c82 CRIU adds time compensation for RuntimeMXBean.getUptime() Jason Feng #18235
- 4ba8f3d Reduce counts when class of method is not in SCC Marius #18356
- 7498dc0 Remove redundant assertion to avoid acquiring VMAccess Jack Lu #18363
- 3f1a6b2 Correct expected number of StackWalker options Keith W. Campbell #18366
- d62e757 Accelerate ArraysSupport.vectorizedMismatch in IL Spencer Comin #16662
- 4a6551c Use defining symrefs from defining map for call Henry Zongaro #18315
- bc054dc Add NULL restricted check Hang Shao #18331
- 13443f0 JDK22+ add latest APIs for Valhalla & enable JEP 454 tests Jason Feng #18360
- df535b9 Update Artifactory doc with new OSU Art URL Adam Brousseau #18361
- 869824b Fix Tree Simplifier convertCurrentTimeMillis() Kevin Langman #18312
- 601957a AArch64 macOS: Stop assigning x18 KONNO Kazuhiro #18351
- ae0b30a Fix interpreter transition in getThreadAllocBytes Tobi Ajila #18355
- 8f72ea7 Remove unused foreign function and memory tests Keith W. Campbell #18332
- 39fd615 Use -fno-omit-frame-pointer on x86_64-mac JIT builds Henry Zongaro #18346
- 350b747 Add support for thread local allocation stats Tobi Ajila #18202
- c6df01b JDK22+ disable JEP 454 tests Jason Feng #18350
- 0b2f053 Add debug option to force GPF on heap initialization error Dmitri Pivkine #18345
- 66e3fd1 Fix mismatched JITServer message type Christian Despres #18344
- afa97fa Add test classes for lw5 ValueTypeTests Theresa Mammarella #18341
- 06c3abc Split ValueTypeSystemArraycopyTests to src_lw5 and src_qtypes folders Theresa Mammarella #18330
- 77c530e Update to openssl 3.0.12 Keith W. Campbell #18338
- 900abdd Allow Last Responder thread pointer to be NULL Dmitri Pivkine #18333
- 5454302 Update z/TPF code cache strategy Jim Johnston #17555
- dad43a0 Support for java.lang.Class.asNullRestrictedType Theresa Mammarella #18323
- 50cad9e Split ValueTypeTests for lw5 and enable basic value type tests Theresa Mammarella #18317
- fadb895 Support ChangesCurrentThread annotation in the JIT Nazim Bhuiyan #18243
- 2eb0050 Disable latest JDK22 APIs for Valhalla Jason Feng #18327
- 3cad358 In PR testing redefine all to exclude UNB platforms Peter Shipton #18325
- dc6ce50 Don't check JNI absolute paths on z/OS, for loading datasets Peter Shipton #18286
- 8ad165f Do not skip InjectedInvoker class in getCallerClass and getStackClass Nathan Henderson #18285
- fcad0b8 JDK22 new API support Jason Feng #18296
- b1abbfd Change In Config Due To Moving Forced Flags to Extbase Frank Kang #18311
- 6663162 Set thread.started after running Tobi Ajila #18310
- 43d41d5 AArch64: Stop saving/restoring x29 in unnecessary cases KONNO Kazuhiro #18248
- 70705ba Make 0-length 0-stride array discontiguous Dmitri Pivkine #18300
- dc28d58 Update NullRestrictedTypeOptTests to build with Valhalla lw5 Theresa Mammarella #18275
- 7cf716a Improve the error message on SCC control file open/lock failure Hang Shao #18281
- c96ca12 Add default cases to PPC switch statements Dylan Tuttle #18178
- 3060a8d Insert Null value check if array component type is unknown during compilation time Annabelle Huo #18259
- 27d7433 Need to pass _trackVisibleStackFrameDepth for scanContinuationSlots() hulin #18282
- bad831c Renamed warm strategy opts Marius Pirvu #18289
- c651466 Update VMArgumentTests to provide more info on failure Peter Shipton #18294
- ebf9ebe Parse softmx on CRIU restore side Frank Kang #18242
- e8a76ff Remove the redundant check from the assertion Babneet Singh #18290
- b965447 Update genAconst_init to check NullRestricted attribute Annabelle Huo #18189
- f418680 Add tests to verify JITServer with SSL SajinaKandy #18262
- d5a2e02 Jenkins: Add option to prefix Artifactory build names Adam Brousseau #16103
- 720a42a Implement Thread.findScopedValueBindings() Gengchen Tuo #18255
- 72df862 Remove misleading comment Keith W. Campbell #18284
- 6df98f6 Revert "Add numberOfElements parameter to getArrayletLayout()" Aleksandar Micic #18283
- e0018c0 [JDK11] Fix AccessControlException in resolveInvokeDynamic Babneet Singh #18264
- 2645298 Add numberOfElements parameter to getArrayletLayout() Dmitri Pivkine #18268
- 3ad3c3b Retain Continuation.vthread until the J9VMContinuation is freed Babneet Singh #18251
- 91e0706 Ensure constgen is up-to-date before running it Keith W. Campbell #18278
- c28859b Change Artifactory buildInfo publish condition to be string compare Adam Brousseau #18203
- 676b9a4 Set default DISCARDER_NUM_BUILDS to 10 Adam Brousseau #18271
- 7463bc9 CRIU adds InternalCRIUSupport.getLastRestoreTime() Jason Feng #18184
- 8a817fe Replace #ifdef with #if define for flattenable value type tags Theresa Mammarella #18201
- 0d83d4d Remove support for jextract -interactive Kushagra Nigam #18230
- 5570f22 Introduce JVMPortableRestoreMode Tobi Ajila #18252
- 4e1d1c6 Add MN_HIDDEN_MEMBER and change MN_FLATTENED Jason Feng #18238
- 2d48e93 Add options for sizing the IProfiler hash tables Marius #18241
- bb64850 Fix Criu test failures for JITServer SSL Tests SajinaKandy #18225
- ff863a1 Fix crash in prepareToFixMemberNames Graham Chapman #18236
- 8134561 Remove redundant comparisons with FALSE Keith W. Campbell #18240
- 7e24d9a Use getLiveRangeInfo to find pending push symRefs that are dead Henry Zongaro #14074
- 9036526 Pass threadObject to walkContinuationStackFrames Babneet Singh #18180
- 9f497fc AArch64: Add space for outgoing JNI argument to J9CInterpreterStackFrame Akira Saitoh #18227
- 3970536 Enable write permission before writing into CodeCache segment Akira Saitoh #18233
- 8abe35a Add CT helper to check for ChangesCurrentThread annotation Nazim Bhuiyan #18222
- 6b03df7 Guard the RecreateClassFileOnload option on the patchMap being NULL Nathan Henderson #18220
- 0363e57 Add AIX sun.font.FontManagerNativeLibrary.load() test Jason Feng #18228
- acbce13 Support tracing reference on continuation java frames for jvmti Lin Hu #18214
- c9b2519 Fix code cache segment race condition Marius #18212
- 333d6c2 Remove clearNonZAAPEligibleBit Peter Shipton #18216
- da4cabf Z: Use new transactional execution facility flags Spencer Comin #18123
- ba0faa8 re-enable cmdLineTester_dumpromclasstests Kapil Anant Powar #18215
- 96d48c9 x86: Fix incorrect use of codegen API BradleyWood #18199
- c3cfbaa Update 0.41.0 release note Sreekala Gopakumar #18187
- e17dd09 Remove redundant import Keith W. Campbell #18208
- ca75b91 Update jdkcompliance for JAVA21 and JAVA22 Keith W. Campbell #18209
- 32a6198 Enable disabled tests Kapil Anant Powar #18206
- 20fb92b Check NullRestricted attribute Annabelle Huo #18179
- f24c6d5 Remove redundant register native call Tobi Ajila #18192
- 252a6dd Collect debuginfo files to help diagnose omr_ddrgen failures with gcc11 Keith W. Campbell #18194
- 6484680 Update JVM_IsUseContainerSupport Babneet Singh #18185
- 749f58c Adjust signature of JVM_MoreStackWalk() for jdk22 Keith W. Campbell #18186
- fb00610 Fix a missing allocationFence in process_java_lang_StringUTF16_toBytes() Kevin Langman #18154
- 48ce19d Make J9VMDllLoadInfo::fatalErrorStr 'const' Dylan Tuttle #18080
- 6a36833 Bump actions/checkout from 4.0.0 to 4.1.0 dependabot[bot] #18188
- 5756d90 Enable disabled tests Kapil Anant Powar #18181
- 51958b3 AArch64: Use lastITable cache for interface call dispatching Akira Saitoh #18099
- 1d693b1 Flatten non-static NullRestricted fields Theresa Mammarella #18173
- 71a6102 Add missing default cases to switch statements Dylan Tuttle #18174
- 8604165 Rename OPENJDK_CRAC_SUPPORT to CRAC_SUPPORT Jason Feng #18175
- 1859981 Fix reflect ConstantPool bootstrapping issues tajila #18169
- 27f0069 NullRestricted attribute field class checks Theresa Mammarella #18030
- da175cf Handle unmounted carrier thread in ThreadMXBeanImpl.getThreadInfo Babneet Singh #18167
- ec52808 Allow zlinux testing to run on rhel8 Peter Shipton #18176
- 2866612 Update getThreadState to handle unmounted carrier thread Babneet Singh #18166
- 80c929b Consume -XX:[+/-]UseZlibNX options in OpenJ9 builds Peter Shipton #18164
- cda91b3 Do not mark the current thread halted during heapification Graham Chapman #18172
- e76263e Implement StackWalker.Option.DROP_METHOD_INFO Keith W. Campbell #18160
- 05fe2be Add tests for Value Type System.arraycopy transformation Annabelle Huo #17903
- 5c37af1 Update to openssl 3.0.11 Keith W. Campbell #18161
- 6258782 Fix TestOperatingSystemMXBean HardwareModel test Peter Shipton #18165
- f4f131b CRIU adds opt_openjdkCracSupport and OPENJDK_CRAC_SUPPORT Jason Feng #18159
- 9c85d47 CRIU adds concurrent mode preCheckpoint and postRestore hooks Jason Feng #18107
- 81947a6 Cumulative thread allocaton stats Aleksandar Micic #18139
- 3c948e8 Prevent inlining of *.runWith methods Nazim Bhuiyan #18152
- 4eedaf2 Update to zlib 1.3 to remove warnings from Clang in latest Xcode Theresa Mammarella #18137
- 910fbb3 StackWalker updates for Java 22 Keith W. Campbell #18145
- 58cf232 Remove redundant *_criu platforms Keith W. Campbell #18138
- 92e0302 AIX Valhalla builds should extend ppc64_aix Hang Shao #18136
- c53da53 NullRestricted field throws NPE on null assignment in withfield Theresa Mammarella #18130
- 754717a Compile Windows jdk8+ with VS2022, move jdk17 x,p,zlinux to gcc 11.2 Peter Shipton #18135
- 3601bb4 Set the ITERATE_FRAMES flag to invoke the frameWalkFunction Babneet Singh #18132
- 869cc38 Add support for jdk.tracePinnedThreads system property Jack Lu #18000
- c0fab8f Update jdk8 build instructions, LOG=cmdlines should be LOG=debug Peter Shipton #18116
- 1f58a61 Fix sequence after frame pop query Tobi Ajila #18068
- 4310ddc Add DDR dummy header size_t strlen(const char *str) Jason Feng #18126
- 080b859 Move decReferenceCount out of else block Dylan Tuttle #18075
- 1dfb607 Add @hidden annotation to Continuation enter/yield methods Jack Lu #18096
- dce0276 CRIU resets j.l.VirtualThread.ForkJoinPool.parallelism after restore Jason Feng #17618
- 0990f59 Add NullCHK when storing value into NullRestricted field Annabelle Huo #18094
- 1ae04ef Create draft 0.41.0 release note Sreekala Gopakumar #18119
- 5bf1ff4 Set default VARIABLE_FILE parameter Jack Lu #18117
- 03d1dbd Fix set_build_extra_options() API for wrapper job Jack Lu #18062
- 50a4e94 Updates Continuation profiling to use j9time_hires_clock Jack Lu #18093
- 5c84d87 Ignore -Xgc:enableArrayletDoubleMapping silently Dmitri Pivkine #18109
- 12d5738 Add isFieldNullRestricted() and expose it to JIT Hang Shao #18084
- 8cdaec7 Update OpenSSL version to include fix for CVE-2023-4807 Peter Shipton #18108
- ba30b63 Added the usage of right front end queries and getExistingJittedBodyInfo on Power Bhavani SN #18056
- b939221 Add criu tests to verify JITServer with SSL SajinaKandy #17985
- b03d898 In CriticalRegionTest System.gc once, testAcquireAndGC timeout 10sec Peter Shipton #18097
- 74f39c7 Guard a call to VMwrtbarWithoutStoreEvaluator Dylan Tuttle #18027
- 47d4e20 Don't invoke shutdown signal handler until JVM init completes Babneet Singh #18085
- 53a5ec5 Use arraycmplen opcode Spencer Comin #17382
- 2c89c12 Fix z/OS build error in getMemberNameMethodInfo() Devin Papineau #18087
- 5e1ca2c Bump actions/upload-artifact from 3.1.2 to 3.1.3 dependabot[bot] #18086
- 7599bde x86: Enable AVX512-CD BradleyWood #18047
- a3120a1 Update jenkins pipeline Keith W. Campbell #18069
- 999dfbc Define unit tests involving arrays of empty value types Henry Zongaro #18041
- d3388e1 Bump actions/checkout from 3.6.0 to 4.0.0 dependabot[bot] #18072
- 71cc017 Fix some javadoc warnings Keith W. Campbell #18070
- 8675daf NullRestricted Valhalla attribute cfdump support Theresa Mammarella #18035
- bbe274b Do not create class unload PIC site assumption if not required Annabelle Huo #18063
- e57170e Implement JVM_LoadZipLibrary() Keith W. Campbell #18055
- 75701be Print NullRestricted flag for ddr classAndFlags Theresa Mammarella #18045
- c46b260 DDR support for Valhalla NullRestricted attribute Theresa Mammarella #18042
- 9707c07 Add comment to System.gc() changes Tobi Ajila #18066
- b212f19 Add DDR command continuationstack Gengchen Tuo #18014
- 2cbea41 Store J9VMThread->scopedValueCache in the Continuation object Babneet Singh #18060
- 2b34667 Store JITServer AOT methods if they are delayed Christian Despres #18059
- 022a2a4 Recognize @IntrinsicCandidate java.lang.Math.multiplyHigh James You #17861
- ecc612b Add stronger guarantees to System.gc() tajila #18044
- 3c5614a SIGFPE for flattened array of value type that has no fields Frank Kang #17994
- 080f0db resolve personal builds jenkins issue Mahdi Ardekanian #18050
- b1d2cc8 Document the variable length section of the J9JITExceptionTable Irwin D'Souza #17920
- dc71255 Expand default local storage of remote AOT methods Christian Despres #18032
- a967380 resolve hardcoded github.com in variable-functions Mahdi Ardekanian #18040
- 3907198 NullRestricted: putstatic and putfield throw NPE on null assignment Theresa Mammarella #18028
- 399a628 Update feature tag renfeiw #18033
- 80ef323 Remove JVM_IsThreadAlive() for Java 17 Keith W. Campbell #17940
- 6256ba4 Consume handled JVM command line options Dmitri Pivkine #18026
- f741a14 Replace the jdk20 build instructions with jdk21 Peter Shipton #18031
- 4003902 Add protobuf to the NOTICES.md Peter Shipton #18029
- fd45fe7 Add third party content used for testing to NOTICES.md Peter Shipton #18022
- 63f95d2 Skip methods with JvmtiMountTransition annotation Babneet Singh #18016
Angular 17.0.9
common
- fix
- c22b513b3f
- remove unused parameters from the ngClass constructor (#53831)
- fix
- bd9f89d1c8
- server-side rendering error when using in-memory scrolling (#53683)
compiler
- fix
- 92fd6cc42e
- generate less code for advance instructions (#53845)
- fix
- 6a41961fbd
- ignore empty switch blocks (#53776)
compiler-cli
- fix
- 7309463697
- interpolatedSignalNotInvoked diagnostic (#53585)
core
- fix
- 441db5123f
- afterRender hooks now only run on ApplicationRef.tick (#52455)
- fix
- f9120d79cb
- allow effect to be used inside an ErrorHandler (#53713)
migrations
- fix
- e92c86b77f
- Fix empty switch case offset bug in cf migration (#53839)
platform-server
- fix
- 91cb16fde9
- Do not delete global Event (#53659)
Jenkins 2.440
- Add an Appearance category to the setup wizard. (pull 8822)
- BootFailure subclasses can now override the Jenkins startup failure page. (pull 8442)
- Reduce the window of time during which a crash may lead to an inconsistent state on Linux. (pull 8815)
- Update the appearance of controls in header. (pull 8791)
- Allow icon size to be changed in the node overview table. (pull 8802)
- Remove code that may have caused an agent-side hang under a rare race condition. (Remoting PR 713)
- Reduce the likelihood of thread creation errors on agents. (Remoting PR 717)
Docker Compose 2.24.0
Breaking change
- service hash computation logic has been updated to fully ignore replicas/scale. Due to this change, after upgrade all services will be recreated.
Enhancements
- Implement docker compose attach by @g0t4 in #11181
- Introduce ps --orphans to include/exclude services not declared by project by @ndeloof in #11220
- Introduce compose logs --index to select a replica container by @ndeloof in #11231
- --with-dependencies let docker compose build build dependencies transitively by @ndeloof in #11290
- Introduce stats command by @ndeloof in #11299
- Add source policies for build by @cpuguy83 in #11325
Fixes
- Include disabled services for shell completion by @ndeloof in #11251
- Restore Project is ps json output by @ndeloof in #11223
- Log we don't expose service ports when --verbose by @ndeloof in #11227
- Fix configs are mounted under / by @ndeloof in #11232
- Fix combination of --pull always --no-build by @ndeloof in #11244
- Fix(publish): add OCI 1.0 fallback support for AWS ECR by @milas in #11239
- Fix race condition in log printer by @horus in #11286
- Send out a cancel event on SIGINT/SIGTERM signal for compose up by @vyneer in #11230
- Up: teardown when command context is cancelled by @laurazard in #11292
- Build do not require environment to be resolved by @ndeloof in #11274
Elasticsearch 8.11.4
Bug fixes
EQL:
- Fix NPE on missing event queries #103611 (issue: #103608)
ES|QL:
- Fix now in millis for ESQL search contexts #103474 (issue: #103455)
- Fix the transport version of
PlanStreamOutput
#103758 AsyncOperator#isFinished
must never return true on failure #104029
Infra/Scripting:
- Wrap painless explain error #103151 (issue: #103018)
Mapping:
Snapshot/Restore:
- Decref
SharedBytes.IO
after read is done not before #102848 - Restore
SharedBytes.IO
refcounting on reads & writes #102843
Watcher:
- Fix: Watcher REST API
GET /_watcher/settings
now includes product header #103003 (issue: #102928)
ETCD 3.4.29
etcd server:
- Disable following HTTP redirects in peer communication
- Add livez/readyz HTTP endpoints
- Fix Check if be is nil to avoid panic when be is overriden with nil
- Fix Add missing experimental-enable-lease-checkpoint-persist flag in etcd help
- Fix Don't flock snapshot files
Keycloack 23.0.4
Bugs:
- #9693 PubKeySignRegisterTest failures in WebAuthn tests testsuite
- #24508 Deadlock when pre-loading remote sessions from external Infinispan storage
- #24763 Remove sign out action for offline sessions admin/ui
- #25016 Make password visibility css classes configurable for themes login/ui
- #25096 Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups admin/api
- #25111 RealmAdminResource.getGroupByPathGroup does not work with space in path parameter admin/api
- #25120 CORS issue in 'openid-connect/certs' endpoint oidc
- #25475 User Profile: If required roles ("user") and reqired scopes are set, the required scopes have no effect user-profile
- #25633 Parsing of labels issue IDs doesn't work with colons and the "fixes" keyword ci
- #25753 Backchannel logout token is missing the "exp" claim oidc
- #25878 HTML emails in Catalan don't contain links translations
Kibana 8.11.4
Bug fixes:
- Fixed a bug where the Sharepoint Online connector was making unnecessary API requests when DLS was disabled.
Logstash 8.11.4
No user-facing changes in Logstash core.
Plugins:
Netflow Codec - 4.3.2
- Updates the milliseconds rounding for IPFIX start/end milliseconds fields.
- Fix the test to run on Logstash 8 with microseconds precision. #206
- Fixed unable to initialize the plugin with Logstash 8.10+ #205
Json Filter - 3.2.1
- Fix tag on failure test #52
File Input - 4.4.6
- Change read mode to immediately stop consuming buffered lines when shutdown is requested #322
Twitter Input - 4.1.1
- Bumped public_suffix gem version to > 4 < 6 #77
Csv Output - 3.0.10
- Extend spreadsheet_safe prefix guard to -, +, and @ #27
Nodejs 20.11.0 LTS
Notable Changes:
- [833190fe7c] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805
- [a541b78bdb] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666
- [d4be8fad83] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393
- [c1a196c897] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740
- [aa3209b880] - fs: add c++ fast path for writeFileSync utf8 (CanadaHonk) #49884
- [8e886a2fff] - (SEMVER-MINOR) module: remove useCustomLoadersIfPresent flag (Chengzhong Wu) #48655
- [21ab3c0f0b] - (SEMVER-MINOR) module: bootstrap module loaders in shadow realm (Chengzhong Wu) #48655
- [29d91b13e3] - (SEMVER-MINOR) src: add --disable-warning option (Ethan Arrowood) #50661
- [11b3e470db] - (SEMVER-MINOR) src: create per isolate proxy env template (Chengzhong Wu) #48655
- [621c4d66c2] - (SEMVER-MINOR) src: make process binding data weak (Chengzhong Wu) #48655
- [139d6c8d3b] - stream: use Array for Readable buffer (Robert Nagy) #50341
- [6206957e8d] - stream: optimize creation (Robert Nagy) #50337
- [e64378643d] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018
- [4a830c2d9d] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638
- [842dc01def] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
Commits:
- [e40a559ab1] - benchmark: update iterations in benchmark/util/splice-one.js (Liu Jia) #50698
- [00f7a5d26f] - benchmark: increase the iteration number to an appropriate value (Lei Shi) #50766
- [be6ad3f375] - benchmark: rewrite import.meta benchmark (Joyee Cheung) #50683
- [9857364129] - benchmark: add misc/startup-cli-version benchmark (Joyee Cheung) #50684
- [22d729e7f5] - benchmark: remove punycode from require-builtins fixture (Joyee Cheung) #50689
- [4cf10a149a] - benchmark: change iterations in benchmark/es/string-concatenations.js (Liu Jia) #50585
- [15c2ed93a8] - benchmark: add benchmarks for encodings (Aras Abbasi) #50348
- [8a896428ca] - benchmark: add more cases to Readable.from (Raz Luvaton) #50351
- [dbe6c5f354] - benchmark: skip test-benchmark-os on IBMi (Michael Dawson) #50286
- [179b4b6e62] - benchmark: move permission-fs-read to permission-processhas-fs-read (Aki Hasegawa-Johnson) #49770
- [32d65c001d] - buffer: improve Buffer.equals performance (kylo5aby) #50621
- [80ea83757e] - build: add GN configurations for simdjson (Cheng Zhao) #50831
- [904e645bcd] - build: add configuration flag to enable Maglev (Keyhan Vakil) #50692
- [019efa8a5a] - build: fix GN configuration for deps/base64 (Cheng Zhao) #50696
- [a645d5ac54] - build: disable flag v8_scriptormodule_legacy_lifetime (Chengzhong Wu) #50616
- [8705058b09] - build: add GN build files (Cheng Zhao) #47637
- [0a5e9c12cf] - build: fix build with Python 3.12 (Luigi Pinca) #50582
- [ff5713dd43] - build: support Python 3.12 (Shi Pujin) #50209
- [cfd50f229a] - build: fix building when there is only python3 (Cheng Zhao) #48462
- [833190fe7c] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805
- [54c46dae9e] - deps: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) #50803
- [0be84e5a28] - deps: update undici to 5.27.2 (Node.js GitHub Bot) #50813
- [ec67890824] - deps: V8: cherry-pick 0f9ebbc672c7 (Chengzhong Wu) #50867
- [bc2ebb972b] - deps: V8: cherry-pick 13192d6e10fa (Levi Zim) #50552
- [656135d70a] - deps: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) #50456
- [41ee4bcc5d] - deps: update ada to 2.7.4 (Node.js GitHub Bot) #50815
- [a40948b5c5] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #50806
- [7be1222c4a] - deps: update simdutf to 4.0.4 (Node.js GitHub Bot) #50772
- [68e7d49db6] - deps: upgrade npm to 10.2.4 (npm team) #50751
- [3d82d38336] - deps: escape Python strings correctly (Michaël Zasso) #50695
- [d3870ac957] - deps: update base64 to 0.5.1 (Node.js GitHub Bot) #50629
- [4b219b6ece] - deps: update corepack to 0.23.0 (Node.js GitHub Bot) #50563
- [6c41b50922] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #50441
- [3beee0ae8f] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #50460
- [220916fa93] - deps: update undici to 5.27.0 (Node.js GitHub Bot) #50463
- [f9960b3545] - deps: update googletest to 116b7e5 (Node.js GitHub Bot) #50324
- [d5c16f897a] - dns: call handle.setServers() with a valid array (Luigi Pinca) #50811
- [1bd6537c97] - doc: recommend supported Python versions (Luigi Pinca) #50407
- [402e257520] - doc: update notable changes in v21.1.0 (Joyee Cheung) #50388
- [032535e270] - doc: make theme consistent across api and other docs (Dima Demakov) #50877
- [d53842683f] - doc: add a section regarding instanceof in primordials.md (Antoine du Hamel) #50874
- [fe315055a7] - doc: update email to reflect affiliation (Yagiz Nizipli) #50856
- [e14f661950] - doc: shard not supported with watch mode (Pulkit Gupta) #50640
- [b3d015de71] - doc: get rid of unnecessary eslint-skip comments (Antoine du Hamel) #50829
- [168cbf9cb9] - doc: create deprecation code for isWebAssemblyCompiledModule (Marco Ippolito) #50486
- [30baacba41] - doc: add CanadaHonk to triagers (CanadaHonk) #50848
- [e6e7cbceac] - doc: fix typos in --allow-fs-* (Tobias Nießen) #50845
- [e22ce9586f] - doc: update Crypto API doc for x509.keyUsage (Daniel Meechan) #50603
- [549d4422b7] - doc: fix fs.writeFileSync return value documentation (Ryan Zimmerman) #50760
- [3c79e3cdba] - doc: update print results(detail) in PerformanceEntry (Jungku Lee) #50723
- [aeaf96d06e] - doc: fix Buffer.allocUnsafe documentation (Mert Can Altın) #50686
- [347e1dd06a] - doc: run license-builder (github-actions[bot]) #50691
- [a541b78bdb] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666
- [90f415dd61] - doc: fix typo in fs.md (fwio) #50570
- [e2388151ba] - doc: add missing description of argument in subtle.encrypt (Deokjin Kim) #50578
- [39cc013465] - doc: update pm documentation to include resource (Ranieri Innocenti Spada) #50601
- [ba6d427c23] - doc: correct attribution in v20.6.0 changelog (Jacob Smith) #50564
- [1b2dab8254] - doc: update to align console.table row to the left (Jungku Lee) #50553
- [5d48ef7778] - doc: underline links (Rich Trott) #50481
- [5e6057c9d2] - doc: remove duplicate word (Gerhard Stöbich) #50475
- [64bf2fd4ee] - doc: fix typo in webstreams.md (André Santos) #50426
- [cca55b8414] - doc: add information about Node-API versions >=9 (Michael Dawson) #50168
- [d4be8fad83] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393
- [0b311838f6] - doc: fix TOC in releases.md (Bryce Seefieldt) #50372
- [843d5f84ca] - esm: fallback to getSource when load returns nullish source (Antoine du Hamel) #50825
- [8d5469c84b] - esm: do not call getSource when format is commonjs (Francesco Trotta) #50465
- [b48cf314d3] - esm: bypass CJS loader in default load under --default-type=module (Antoine du Hamel) #50004
- [c1a196c897] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740
- [435f9c9276] - fs: use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) #50990
- [aa3209b880] - fs: add c++ fast path for writeFileSync utf8 (CanadaHonk) #49884
- [05e25e0230] - fs: improve error perf of sync lstat+fstat (CanadaHonk) #49868
- [f94a24cb4b] - fs: improve error performance for rmdirSync (CanadaHonk) #49846
- [cada22e2a4] - fs: fix to not return for void function (Jungku Lee) #50769
- [ba40b2e33e] - fs: replace deprecated path._makeLong in copyFile (CanadaHonk) #50844
- [d1b6bd660a] - fs: update param in jsdoc for readdir (Jungku Lee) #50448
- [11412e863a] - fs: do not throw error on cpSync internals (Yagiz Nizipli) #50185
- [868a464c15] - fs,url: move FromNamespacedPath to node_url (Yagiz Nizipli) #50090
- [de7fe08c7b] - fs,url: refactor FileURLToPath method (Yagiz Nizipli) #50090
- [186e6e0395] - fs,url: move FileURLToPath to node_url (Yagiz Nizipli) #50090
- [aea7fe54af] - inspector: use private fields instead of symbols (Yagiz Nizipli) #50776
- [48dbde71d8] - lib: use primordials for navigator.userAgent (Aras Abbasi) #50467
- [fa220cac87] - lib: remove deprecated string methods (Jithil P Ponnan) #50592
- [f1cf1c385f] - lib: fix assert shows diff messages in ESM and CJS (Jithil P Ponnan) #50634
- [3844af288f] - lib: make event static properties non writable and configurable (Muthukumar) #50425
- [0a0b416d6c] - lib: avoid memory allocation on nodeprecation flag (Vinicius Lourenço) #50231
- [e7551d5770] - lib: align console.table row to the left (Jithil P Ponnan) #50135
- [0c85cebdf2] - meta: clarify nomination process according to Node.js charter (Matteo Collina) #50834
- [f4070dd8d4] - meta: clarify recommendation for bug reproductions (Antoine du Hamel) #50882
- [2ddeead436] - meta: move cjihrig to TSC regular member (Colin Ihrig) #50816
- [34a789d9be] - meta: add web-standards as WPTs owner (Filip Skokan) #50636
- [40bbffa266] - meta: bump github/codeql-action from 2.21.9 to 2.22.5 (dependabot[bot]) #50513
- [c49553631d] - meta: bump step-security/harden-runner from 2.5.1 to 2.6.0 (dependabot[bot]) #50512
- [99df0138b0] - meta: bump ossf/scorecard-action from 2.2.0 to 2.3.1 (dependabot[bot]) #50509
- [9db6227ac6] - meta: fix spacing in collaborator list (Antoine du Hamel) #50641
- [2589a5a566] - meta: bump actions/setup-python from 4.7.0 to 4.7.1 (dependabot[bot]) #50510
- [5a86661a95] - meta: add crypto as crypto and webcrypto docs owner (Filip Skokan) #50579
- [ac8d2b9cc2] - meta: bump actions/setup-node from 3.8.1 to 4.0.0 (dependabot[bot]) #50514
- [bee2c0cf11] - meta: bump actions/checkout from 4.1.0 to 4.1.1 (dependabot[bot]) #50511
- [91a0944e5f] - meta: add ethan.arrowood@vercel.com to mailmap (Ethan Arrowood) #50491
- [8d3cf8c4ee] - meta: add web-standards as web api visibility owner (Chengzhong Wu) #50418
- [807c12de36] - meta: mention other notable changes section (Rafael Gonzaga) #50309
- [21ab3c0f0b] - (SEMVER-MINOR) module: bootstrap module loaders in shadow realm (Chengzhong Wu) #48655
- [8e886a2fff] - (SEMVER-MINOR) module: remove useCustomLoadersIfPresent flag (Chengzhong Wu) #48655
- [77e8361213] - module: execute --import sequentially (Antoine du Hamel) #50474
- [fffc4951ac] - module: add application/json in accept header when fetching json module (Marco Ippolito) #50119
- [f808e7a650] - net: check pipe mode and path (theanarkh) #50770
- [cf3a4c5b84] - node-api: factor out common code into macros (Gabriel Schulhof) #50664
- [a7d8f6b529] - perf_hooks: implement performance.now() with fast API calls (Joyee Cheung) #50492
- [076dc7540b] - permission: do not create symlinks if target is relative (Tobias Nießen) #49156
- [43160dcd2d] - permission: mark const functions as such (Tobias Nießen) #50705
- [7a661d7ad9] - permission: address coverity warning (Michael Dawson) #50215
- [b2b4132c3e] - src: iterate on import attributes array correctly (Michaël Zasso) #50703
- [11b3e470db] - (SEMVER-MINOR) src: create per isolate proxy env template (Chengzhong Wu) #48655
- [d00412a083] - (SEMVER-MINOR) src: create fs_dir per isolate properties (Chengzhong Wu) #48655
- [14cc3b9b90] - (SEMVER-MINOR) src: create worker per isolate properties (Chengzhong Wu) #48655
- [621c4d66c2] - (SEMVER-MINOR) src: make process binding data weak (Chengzhong Wu) #48655
- [07a4e94e84] - src: assert return value of BN_bn2binpad (Tobias Nießen) #50860
- [158db2d61e] - src: fix coverity warning (Michael Dawson) #50846
- [94363bb3fd] - src: fix compatility with upcoming V8 12.1 APIs (Cheng Zhao) #50709
- [29d91b13e3] - (SEMVER-MINOR) src: add --disable-warning option (Ethan Arrowood) #50661
- [f054c337f8] - src: add IsolateScopes before using isolates (Keyhan Vakil) #50680
- [d08eb382cd] - src: avoid copying strings in FSPermission::Apply (Tobias Nießen) #50662
- [6620df1c05] - src: remove erroneous default argument in RadixTree (Tobias Nießen) #50736
- [436c3aef15] - src: fix JSONParser leaking internal V8 scopes (Keyhan Vakil) #50688
- [6f46d31018] - src: return error --env-file if file is not found (Ardi Nugraha) #50588
- [3d43fd359c] - src: avoid silent coercion to signed/unsigned int (Tobias Nießen) #50663
- [c253e39b56] - src: handle errors from uv_pipe_connect2() (Deokjin Kim) #50657
- [3a9713bb5a] - src: use v8::Isolate::TryGetCurrent() in DumpJavaScriptBacktrace() (Joyee Cheung) #50518
- [94f8a925a8] - src: print more information in C++ assertions (Joyee Cheung) #50242
- [23f830616b] - src: hide node::credentials::HasOnly outside unit (Tobias Nießen) #50450
- [b7ecb0a390] - src: readiterable entries may be empty (Matthew Aitken) #50398
- [4ef1d68715] - src: implement structuredClone in native (Joyee Cheung) #50330
- [9346f15138] - src: use find instead of char-by-char in FromFilePath() (Daniel Lemire) #50288
- [8414fb4d2a] - src: add commit hash shorthand in zlib version (Jithil P Ponnan) #50158
- [a878e3abb0] - stream: fix enumerability of ReadableStream.from (Mattias Buelens) #50779
- [95ed4ffc1e] - stream: fix enumerability of ReadableStream.prototype.values (Mattias Buelens) #50779
- [4cf155ca0c] - stream: add Symbol.toStringTag to Compression Streams (Filip Skokan) #50712
- [6012e3e781] - stream: fix Writable.destroy performance regression (Robert Nagy) #50478
- [dd5206820c] - stream: pre-allocate _events (Robert Nagy) #50428
- [829b82ed0f] - stream: remove no longer relevant comment (Robert Nagy) #50446
- [98ae1b4132] - stream: use bit fields for construct/destroy (Robert Nagy) #50408
- [08a0c6c56c] - stream: improve from perf (Raz Luvaton) #50359
- [59f7316b8f] - stream: avoid calls to listenerCount (Robert Nagy) #50357
- [9d52430eb9] - stream: readable use bitmap accessors (Robert Nagy) #50350
- [139d6c8d3b] - stream: use Array for Readable buffer (Robert Nagy) #50341
- [6206957e8d] - stream: optimize creation (Robert Nagy) #50337
- [f87921de3b] - stream: refactor writable _write (Robert Nagy) #50198
- [b338f3d3c2] - stream: avoid getter for defaultEncoding (Robert Nagy) #50203
- [1862235a26] - test: fix message v8 not normalising alphanumeric paths (Jithil P Ponnan) #50730
- [7c28a4ca8f] - test: fix dns test case failures after c-ares update to 1.21.0+ (Brad House) #50743
- [4544593d31] - test: replace forEach with for of (Conor Watson) #50594
- [96143a3293] - test: replace forEach to for at test-webcrypto-sign-verify-ecdsa.js (Alessandro Di Nisio) #50795
- [107b5e63c5] - test: replace foreach with for in test-https-simple.js (Shikha Mehta) #49793
- [9b2e5e9db4] - test: add note about unresolved spec issue (Mattias Buelens) #50779
- [edce637c1a] - test: add note about readable streams with type owning (Mattias Buelens) #50779
- [641044670b] - test: replace forEach with for-of in test-url-relative (vitosorriso) #50788
- [75ee78438c] - test: replace forEach() with for ... of in test-tls-getprotocol.js (Steve Goode) #50600
- [24f9d3fbeb] - test: enable idlharness tests for encoding (Mattias Buelens) #50778
- [a9d290956e] - test: replace forEach in whatwg-encoding-custom-interop (Honza Machala) #50607
- [6584dd80f7] - test: replace forEach() with for-loop (Jan) #50596
- [be54a22869] - test: improve test-bootstrap-modules.js (Joyee Cheung) #50708
- [660e70e73b] - test: skip parallel/test-macos-app-sandbox if disk space < 120MB (Joyee Cheung) #50764
- [5712c41122] - test: replace foreach with for (Markus Muschol) #50599
- [49e5f47b1c] - test: test streambase has already has a consumer (Jithil P Ponnan) #48059
- [bb7d764c8e] - test: change forEach to for...of in path extname (Kyriakos Markakis) #50667
- [4d28ced079] - test: replace forEach with for...of (Ryan Williams) #50611
- [92a153ecde] - test: migrate message v8 tests from Python to JS (Joshua LeMay) #50421
- [a376284d8a] - test: use destructuring for accessing setting values (Honza Jedlička) #50609
- [7b9b1fba27] - test: replace forEach() with for .. of (Evgenia Blajer) #50605
- [9397b2da7e] - test: replace forEach() with for ... of in test-readline-keys.js (William Liang) #50604
- [9043ba4cfb] - test: replace forEach() with for ... of in test-http2-single-headers.js (spiritualized) #50606
- [9f911d31f6] - test: replace forEach with for of (john-mcinall) #50602
- [8a5f36fe74] - test: remove unused file (James Sumners) #50528
- [9950203340] - test: replace forEach with for of (Kevin Kühnemund) #50597
- [03ba28f102] - test: replace forEach with for of (CorrWu) #49785
- [ea61261b54] - test: replace forEach with for [...] of (Gabriel Bota) #50615
- [4349790913] - test: add WPT report test duration (Filip Skokan) #50574
- [7cacddfcc1] - test: replace forEach() with for ... of loop in test-global.js (Kajol) #49772
- [889f58d07f] - test: skip test-diagnostics-channel-memory-leak.js (Joyee Cheung) #50327
- [41644ee071] - test: improve UV_THREADPOOL_SIZE tests on .env (Yagiz Nizipli) #49213
- [1db44b9a53] - test: recognize wpt completion error (Chengzhong Wu) #50429
- [ecfc951ddc] - test: report error wpt test results (Chengzhong Wu) #50429
- [deb0351d95] - test: replace forEach() with for...of (Ram) #49794
- [f885dfe5e3] - test: replace forEach() with for...of in test-trace-events-http (Chand) #49795
- [9dc63c56db] - test: replace forEach with for...of in test-fs-realpath-buffer-encoding (Niya Shiyas) #49804
- [600d1260da] - test: fix timeout of test-cpu-prof-dir-worker.js in LoongArch devices (Shi Pujin) #50363
- [099f5cfa0a] - test: fix vm assertion actual and expected order (Chengzhong Wu) #50371
- [a31f9bfe01] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #50352
- [6c59114947] - test: ensure never settling promises are detected (Antoine du Hamel) #50318
- [9830ae4bf7] - test_runner: add tests for various mock timer issues (Mika Fischer) #50384
- [2c72ed85fb] - test_runner: pass abortSignal to test files (Moshe Atlow) #50630
- [c33a84af11] - test_runner: replace forEach with for of (Tom Haddad) #50595
- [29c68a22bb] - test_runner: output errors of suites (Moshe Atlow) #50361
- [e64378643d] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018
- [4aaaff413b] - test_runner: test return value of mocked promisified timers (Mika Fischer) #50331
- [4a830c2d9d] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638
- [842dc01def] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
- [613a9072b7] - tls: fix order of setting cipher before setting cert and key (Kumar Rishav) #50186
- [d905c61e16] - tls: use validateFunction for options.SNICallback (Deokjin Kim) #50530
- [c8d6dd58e7] - tools: add macOS notarization verification step (Ulises Gascón) #50833
- [c9bd0b0c0f] - tools: use macOS keychain to notarize the releases (Ulises Gascón) #50715
- [932a5d7b2c] - tools: update eslint to 8.54.0 (Node.js GitHub Bot) #50809
- [d7114d97be] - tools: update lint-md-dependencies to rollup@4.5.0 (Node.js GitHub Bot) #50807
- [93085cf844] - tools: add workflow to update release links (Michaël Zasso) #50710
- [66764c5d04] - tools: recognize GN files in dep_updaters (Cheng Zhao) #50693
- [2a451e176a] - tools: remove unused file (Ulises Gascon) #50622
- [8ce6403230] - tools: change minimatch install strategy (Marco Ippolito) #50476
- [97778e2e77] - tools: update lint-md-dependencies to rollup@4.3.1 (Node.js GitHub Bot) #50675
- [797f6a9ba8] - tools: add macOS notarization stapler (Ulises Gascón) #50625
- [8fa1319352] - tools: update eslint to 8.53.0 (Node.js GitHub Bot) #50559
- [592f57970f] - tools: update lint-md-dependencies to rollup@4.3.0 (Node.js GitHub Bot) #50556
- [2fd78fc39e] - tools: compare ICU checksums before file changes (Michaël Zasso) #50522
- [631d710fc4] - tools: improve update acorn-walk script (Marco Ippolito) #50473
- [33fd2af2ab] - tools: update lint-md-dependencies to rollup@4.2.0 (Node.js GitHub Bot) #50496
- [22b7a74838] - tools: update gyp-next to v0.16.1 (Michaël Zasso) #50380
- [f5ccab5005] - tools: skip ruff on tools/gyp (Michaël Zasso) #50380
- [408fd90508] - tools: update lint-md-dependencies to rollup@4.1.5 unified@11.0.4 (Node.js GitHub Bot) #50461
- [685f936ccd] - tools: avoid npm install in deps installation (Marco Ippolito) #50413
- [7d43c5a094] - Revert "tools: update doc dependencies" (Richard Lau) #50414
- [8fd67c2e3e] - tools: update doc dependencies (Node.js GitHub Bot) #49988
- [586becb507] - tools: run coverage CI only on relevant files (Antoine du Hamel) #50349
- [2d06eea6c5] - tools: update eslint to 8.52.0 (Node.js GitHub Bot) #50326
- [6a897baf16] - tools: update lint-md-dependencies (Node.js GitHub Bot) #50190
- [e6e7f39b9e] - util: improve performance of normalizeEncoding (kylo5aby) #50721
- [3b6b1afa47] - v8,tools: expose necessary V8 defines (Cheng Zhao) #50820
- [2664012617] - vm: allow dynamic import with a referrer realm (Chengzhong Wu) #50360
- [c6c0a74b54] - wasi: document security sandboxing status (Guy Bedford) #50396
- [989814093e] - win,tools: upgrade Windows signing to smctl (Stefan Stojanovic) #50956
Sonatype Nexus Repository 3.64.0
- NEXUS-31215: Fixed an issue that was causing some PyPi assets to be missing from the Browse screen after migrating from OrientDB to PostgreSQL.
- NEXUS-32028: Changed the logging level from WARN to DEBUG in the blobstore class that tracks attributes of an asset being accessed in an unexpected soft-deleted state. This will prevent spamming the main nexus.log with messages at a WARN level for operations considered normal when running the compact blob store task.
- NEXUS-35207: Fixed an issue that was preventing the GA last-modified date from being updated in the maven-metadata.xml when deploying a new GAV in some instances after migrating from Sonatype Nexus Repository 2 to 3. As part of this fix, the Last Modified date is no longer visible in the Browse UI view; you can still tell when the maven-metadata.xml was last updated by looking at the Blob Updated date in the UI or using the REST API.
- NEXUS-35741: Added validation to prevent users from updating an existing task with an invalid cron_expression.
- NEXUS-35956: Resolved an issue that was breaking pagination when a given Docker repository is inside of a group.
- NEXUS-38856: The NotFoundCache is not populated with paths when a repository is in an auto-blocked or manually blocked state.
- NEXUS-39935: There is no longer an error when installing pods ('OpenSSL-Universal', '1.1.1100') via a Sonatype Nexus Repository 3 Cocoapods proxy repository.
- NEXUS-40140, NEXUS-40712: The import and export tasks work as expected on npm assets without unexpectedly skipping any and while correctly preserving attributes.
- NEXUS-40345:Resolved an issue that was preventing certain npm packages from being proxied from the official registry. This fix included the following dependency version changes:
- upgraded jackson version from 2.15.0 to 2.15.3
- upgraded snakeyaml version from 2.0 to 2.2
- upgraded swagger version from 1.6.2 to 1.6.11
- NEXUS-40495: Increased the browse node sequence limit for H2 and PostgreSQL implementations so that the database schema will not run out of sequence values.
- NEXUS-40514: Any attempt to change the blob store of an existing repository via the REST API will be rejected with an HTTP 400 response.
- NEXUS-40610: Resolved an issue that was preventing some users from uploading Jruby gems with "-java" in their version names to hosted ruby repositories.
- NEXUS-40639: FluentAssets and FluentComponents are now able to retrieve assets in group repository storage.
- NEXUS-40771: Using "%3A" or a colon for URL encoded strings in raw repositories now works as expected.
- NEXUS-40775: Database Migrator: Made filtering change to reduce load on the database migrator, improving database migrator performance.
- NEXUS-40808: Database Migrator: The database migrator now gracefully handles characters that PostgreSQL does not support.
OpenUpdate - January 11, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Apache Tomcat 10.1.18
- Fix BZ 68378 - add mime type for mjs and others - aligning with httpd
- Align embedded MIME type mappings with BZ 68378 updates to web.xml
- Fix BZ 68348 - add support for the cookie attribute partitioned
- Improve French and Japanese translations.
RabbitMQ 3.12.12
Minimum Supported Erlang Version
- As of 3.12.0, RabbitMQ requires Erlang 25. Nodes will fail to start on older Erlang releases.
- Users upgrading from 3.11.x (or older releases) on Erlang 25 to 3.12.x on Erlang 26 (both RabbitMQ and Erlang are upgraded at the same time) must consult
the v3.12.0 release notes first.
Changes Worth Mentioning
- Release notes can be found on GitHub at rabbitmq-server/release-notes.
Core Broker
Bug Fixes:
- Environments with a lot of quorum queues could experience a large Erlang process
build-up. The build-up was temporary but with a sufficiently large number of
quorum queues it could last until the next round of periodic operations,
making it permanent and depriving the node of CPU resources. - RabbitMQ core failed to propagate more authentication and authorization context, for example,
MQTT client ID in case of MQTT connections, to authN and authZ backends. This was not intentional. - Nodes now takes more precaution about persisting feature flag state
(specifically the effects of in-flight changes) during node shutdown.
Enhancements:
- Simplified some type specs.
Stream Plugin
- One returned error value did not match the RabbitMQ Stream Protocol specification.
MQTT Plugin
Bug Fixes:
- Recovering connections from QoS 0 consumers (subscribers) could fail if they were previously connected to a failed node.
CLI Tools
Bug Fixes:
- Since #10131 (shipped in 3.12.11, some CLI commands in certain scenarios could fail to accept input via standard output.
AWS Peer Discovery Plugin
Enhancements:
ActiveMQ 6.0.1
Bug Fixes:
[AMQ-9398] - Fix Jakarta EE 10 support via xml wiring for activmeq-ra
[AMQ-9399] - Clean-up OSGi headers for a couple modules
[AMQ-9405] - Supplied jetty.xml fails to load if ssl is enabled
[AMQ-9408] - Jolokia throws exception during Windows service startup
Improvement:
[AMQ-8133] - Consider adding IBM Z (s390x) into Apache ActiveMQ Jenkins CI
[AMQ-9328] - Update website cleaning/mentioning ActiveMQ 6.0.0 and update activemq component
Task:
[AMQ-9389] - Add JDK 22, arm and windows nodes to Jenkins builds
[AMQ-9401] - Minor doc update referencing javax instead of jakarta
Dependency Upgrade:
[AMQ-9402] - Upgrade to Shiro 1.13.0
[AMQ-9403] - Upgrade Jackson 2.16.0
[AMQ-9404] - Upgrade to Spring 6.0.14
[AMQ-9406] - Upgrade to Camel 4.2.0
[AMQ-9407] - Upgrade to log4j 2.22.0
OpenUpdate - January 4, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Jenkins 2.438
- Update the appearance of the stop button. (pull 8780)
- Use a notification and Jenkins modal for 'Apply' button failures. (pull 8394)
- Display correct time zone in build history. (issue 71965)
- The
tunnel
property on an inbound
agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). (pull 8793)
Jenkins 2.439
- Avoid repeated tool downloads from misconfigured HTTP servers. (issue 72469)
- Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled. (issue 72370)
RabbitMQ 3.12.11
Core Broker
Bug Fixes:
- Quorum queue declared when one of cluster nodes was down could trigger
connection exceptions. - Avoids a rare exception that could stop TCP socket writes on a client connection.
- queue_deleted and queue_created internal events now include queue type as a module name,
and not an inconsistent (with the other queue and stream types) value classic.
Enhancements:
- Definition files that are virtual host-specific cannot be imported on boot. Such files will now be
detected early and the import process will terminate after logging a more informative message. - Previously the import process would run into an obscure exception.
AMQP 1.0 Plugin
Bug Fixes:
- Several AMQP 1.0 application properties are now more correctly converted
to AMQP 0-9-1 headers by cross-protocol Shovels. - The priority property now populates an AMQP 1.0 header with the same name,
per AMQP 1.0 spec. - This is a potentially breaking change.
Prometheus Plugin
Enhancements:
- Metric label values now escape certain non-ASCII characters.
MQTT Plugin
Bug Fixes:
- Avoids an exception when an MQTT client that used a QoS 0 subscription reconnects
and its original connection node is down. - Avoids an exception when an MQTT client connection was force-closed via the HTTP API.
CLI Tools
Bug Fixes:
- Certain CLI commands could not be run in a shell script loop, unless the script explicitly
redirected standard input.
Enhancements:
- rabbitmq-diagnostics cluster_status now responds much quicker when a cluster node
has gone down, were shut down, or otherwise has become unreachable by the rest of the cluster.
Management Plugin
Bug Fixes:
- Reverted a change to DELETE /api/queues/{vhost}/{name} that allowed removal of
exclusive queues and introduced unexpected side effects. - DELETE /api/policies/{vhost}/{policy} returned a 500 response instead of a 404 one
when target virtual host did not exist. - Avoid log noise when an HTTP API request is issued against a booting
or very freshly booted node.
Enhancements:
- HTTP API endpoints that involves contacting multiple nodes now respond much quicker when a cluster node
has gone down, were shut down, or otherwise has become unreachable by the rest of the cluster - Definition exported for just one virtual host cannot be imported at node boot time.
Now such files are detected early with a clear log message and immediate node boot process termination.
AWS Peer Discovery Plugin
Enhancements:
- Type spec and test corrections.
Spring Boot 3.2.1
Bug Fixes:
- HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration #38880
- META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error #38862
- logging.include-application-name has no effect when using log4j2 #38847
- Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 #38839
- Child context created with SpringApplicationBuilder runs parents runners #38837
- getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack #38833
- TestContainers parallel initialization doesn't work properly #38831
- Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections #38770
- Multi-byte filenames in zip files can cause an endless loop in ZipString.hash #38751
- Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 #38741
- Custom binding converters are ignored when working with collection types #38734
- WebFlux and resource server auto-configuration may fail due to null authentication manager #38713
- It is unclear that Docker Compose services have not been started as one or more is already running #38661
- Spring Boot jar launcher does not work in folders containing certain chars #38660
- FileNotFoundException is thrown eagerly from unused SSL bundles #38659
- NoUniqueBeanDefinitionFailureAnalyzer does not account for the fact that missing '-parameters' may be the cause #38652
- Traces are propagated if tracing is disabled #38641
- Missing registry auto-configuration for JMS listener observation support #38613
- Class loading fails on an interrupted thread causing com.mongodb.event.ServerClosedEvent to fail to load when Mongo detects a cluster change #38611
- Failures due to code not being compiled with '-parameters' are hard to identify #38603
- System SSL certificates are not used by the Apache HTTP Client in a RestTemplate built with RestTemplateBuilder #38600
- ZipFileSystem throws "java.util.zip.ZipException: read CEN tables failed" with certain nested jars #38595
- Nested jar URLs cannot be split and reassembled resulting in errors with projects that use this technique (such as JobRunr) #38592
- NoSuchMethodError can be thrown from Session.getCookie() due to binary incompatibilty #38589
- management.metrics.tags has been deprecated without a replacement working for all metrics #38583
- NegativeArraySizeException can be thrown from org.springframework.boot.loader.zip.ZipContent$Loader #38572
- Migration form 3.1.5 to 3.2.0 : "Default" Tracer is not provided in test anymore #38568
- TomcatWebServer stop doesn't close sockets for additional connectors #38564
- Port is already in use when using
@SpringBootTest
with a separate management port and a mock web environment #38554 - Keep-alive property causes processAot step to never finish #38531
- Setting 'spring.task.scheduling.shutdown.await-termination-period' does not result in a call to SimpleAsyncTaskScheduler#taskTerminationTimeout #38530
- Setting 'spring.task.execution.shutdown.await-termination-period' does not result in a call to SimpleAsyncTaskExecutor#taskTerminationTimeout #38528
- Nested URLs return null from classLoader.getResource("") causing ClassPathResource failures #38524
- Spring Boot 3.2 is not compatible with older versions of Liquibase #38522
- Controller level exceptions not getting populated in HTTP server requests metrics #33731
Strimzi 0.39
Important: Strimzi 0.39 is the last minor release with support for Kubernetes 1.21 and 1.22. From Strimzi 0.40 on, only Kubernetes 1.23 and newer will be supported. Main changes since 0.38.0. This release contains the following new features and improvements:
- Add support for Apache Kafka 3.5.2 and 3.6.1
- The StableConnectIdentities feature gate moves to GA stage and is now permanently enabled without the possibility to disable it.
All Connect and Mirror Maker 2 operands will now use StrimziPodSets. - The KafkaNodePools feature gate moves to the beta stage and is enabled by default.
If needed, KafkaNodePools can be disabled in the feature gates configuration in the Cluster Operator. - The UnidirectionalTopicOperator feature gate moves to the beta stage and is enabled by default.
If needed, UnidirectionalTopicOperator can be disabled in the feature gates configuration in the Cluster Operator. - Improved Kafka Connect metrics and dashboard example files
- Allow specifying and managing KRaft metadata version
- Add support for KRaft to KRaft upgrades (Apache Kafka upgrades for the KRaft-based clusters)
- Improved Kafka Mirror Maker 2 dashboard example file
- Support for rolling updates of KRaft controller nodes
AWX 23.6.0
- Fixed the integration tests AWX awx collection (@jainnikhil30 #14702)
- Reduced the timeout default of 6 hours on various GitHub actions tasks (@relrod #14704)
- Separated TOX calls in the Read The Docs configuration into two clearly distinct steps to prevent logs related to installing dependencies do not get mingled with logs for the docs build (@oraNod #14673)
- Added support for AWX to authenticate with HashiCorp Vault using TLS client certificates and updated the documentation for the HashiCorp Vault Secret Management plugins to include both the new TLS options and the missing Kubernetes auth method options (@marbindrakon #14534)
- Removed the required=True flags from all of the SAML backend fields to prevent the web service to fail to start correctly if a conflict occurs due to one of these settings is set in the settings.py file (@tylergmuir #14666)
- Added a dependabot configuration to keep the docsite requirements updated (@oraNod #14670)
- Added django-ansible-base to AWX (@jessicamack #14705)
- Removed incorrectly formatted line from requirements.txt (@jessicamack #14714)
- Fixed updater bug due to missing newline at end of file (@AlanCoding #14713)
- Fixed undefined error in the Settings Logging Edit form from the automation controller user interface (@marshmalien #14715)
- Updated setuptools-scm dependencies (@jessicamack #14716)
- Added new capability to the API, deleting hosts from inventory in bulk with one API call instead of deleting them one by one (@Avilir #14462)
- Removed superwatcher from docker-compose dev container (@TheRealHaoLiu #14708)
- Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (@TheRealHaoLiu #14719)
- Simplified RBAC get_roles_on_resource method (@AlanCoding #14710)
- Reduced the actor types accepted for RBAC evaluations (@AlanCoding #14709)
- Replaced the AWX filtering component with the filtering from django-ansible-base (@john-westcott-iv #14726)
- Added AWX collection export tests (@chrismeyersfsu #14728)
- Fixed twilio_backend.py to send SMS to multiple destinations (@mahoutukaisali #14656)
- Updated schedule Prompt on launch fields to persist when editing (@keithjgrant #14736)
OpenUpdate - December 21, 2023
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Non-Security Based Updates
Apache Camel 3.22.0
Apache Spark 3.3.4
Notable changes:
[SPARK-43327]: Trigger committer.setupJob before plan execute in FileFormatWriter#write
[SPARK-43393]: Address sequence expression overflow bug
[SPARK-44547]: Ignore fallback storage for cached RDD migration
[SPARK-44581]: Fix the bug that ShutdownHookManager gets wrong UGI from SecurityManager of ApplicationMaster
[SPARK-44725]: Document spark.network.timeoutInterval
[SPARK-44805]: getBytes/getShorts/getInts/etc. should work in a column vector that has a dictionary
[SPARK-44857]: Fix getBaseURI error in Spark Worker LogPage UI buttons
[SPARK-44871]: Fix percentile_disc behaviour
[SPARK-44920]: Use await() instead of awaitUninterruptibly() in TransportClientFactory.createClient()
[SPARK-44925]: K8s default service token file should not be materialized into token
[SPARK-44935]: Fix RELEASE file to have the correct information in Docker images if exists
[SPARK-44937]: Mark connection as timedOut in TransportClient.close
[SPARK-44973]: Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-44990]: Reduce the frequency of get spark.sql.legacy.nullValueWrittenAsQuotedEmptyStringCsv
[SPARK-45057]: Avoid acquire read lock when keepReadLock is false
[SPARK-45079]: Fix an internal error from percentile_approx() on NULL accuracy
[SPARK-45100]: Fix an internal error from reflect()on NULL class and method
[SPARK-45187]: Fix WorkerPage to use the same pattern for logPage urls
[SPARK-45227]: Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend
[SPARK-45389]: Correct MetaException matching rule on getting partition metadata
[SPARK-45430]: Fix for FramelessOffsetWindowFunction when IGNORE NULLS and offset > rowCount
[SPARK-45508]: Add “–add-opens=java.base/jdk.internal.ref=ALL-UNNAMED” so Platform can access Cleaner on Java 9+
[SPARK-45580]: Handle case where a nested subquery becomes an existence join
[SPARK-45670]: SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45749]: Fix Spark History Server to sort Duration column properly
[SPARK-45920]: group by ordinal should be idempotent
[SPARK-46006]: YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46012]: EventLogFileReader should not read rolling logs if app status file is missing
[SPARK-46029]: Escape the single quote, _ and % for DS V2 pushdown
[SPARK-46092]: Don’t push down Parquet row group filters that overflow
[SPARK-46095]: Document REST API for Spark Standalone Cluster
[SPARK-46239]: Hide Jetty infhttps://spark.apache.org/releases/spark-release-3-3-4.html
[SPARK-46286]: Document spark.io.compression.zstd.bufferPool.enabled
Dependency Changes:
[SPARK-45885]: Upgrade ORC to 1.7.10
Grafana
10.2.3
Features and enhancements:
- Auth: Improve groups claim setup docs for AzureAD. #79227, @mgyongyosi
- Alerting: Attempt to retry retryable errors. #79175, @gotjosh
- Unified Alerting: Set max_attempts to 1 by default. #79103, @gotjosh
- Auth: Add anonymous users view and stats. #78965, @Jguer
Bug fixes:
- Alerting: Fix deleting rules in a folder with matching UID in another organization. #79011, @papagian
- CloudWatch: Correctly quote metric names with special characters. #78975, @iwysiu
- DeleteDashboard: Redirect to home after deleting a dashboard. #78936, @ivanortegaalba
- Alerting: Fixes combination of multiple predicates for rule search. #78912, @gillesdemey
- CloudWatch: Fetch Dimension keys correctly from Dimension Picker. #78831, @iwysiu
- Tempo: Fix read-only access error. #78801, @fabrizio-grafana
- Bug: Fix broken ui components when angular is disabled. #78670, @jackw
- InfluxDB: Parse data for table view to have parity with frontend parser. #78551, @itsmylife
- Elasticsearch: Fix processing of raw_data with not-recognized time format. #78380, @ivanahuckova
- Recorded Queries: Add org isolation (remote write target per org), and fix cross org Delete/List. (Enterprise)
- Auditing: Fix missing action in alert manager routes. (Enterprise)
10.1.6
Features and enhancements:
- Alerting: Attempt to retry retryable errors. #79211, @gotjosh
- Unified Alerting: Set max_attempts to 1 by default. #79102, @gotjosh
Bug fixes:
- Alerting: Fix deleting rules in a folder with matching UID in another organization. #79007, @papagian
- Chore: Fix timeout issues when gathering prometheus datasource stats. #78858, @DanCech
- Provisioning: Ensure that enterprise provisioning runs [10.1.x]. #76686, @IevaVasiljeva
- Alerting: Make shareable alert rule link work if rule name contains forward slashes. #75950, @domasx2
- Loki: Cache extracted labels. #75905, @gtk-grafana
- DataSourcePicker: Disable autocomplete for the search input . #75900, @ivanortegaalba
- Plugins: Refresh plugin info after installation. #75225, @oshirohugo
- LDAP: FIX Enable users on successfull login . #75176, @gamab
- Loki: Fix filters not being added with multiple expressions and parsers. #75172, @svennergr
- Recorded Queries: Add org isolation (remote write target per org), and fix cross org Delete/List. (Enterprise)
- Auditing and UsageInsights: FIX Loki configuration to use proxy env variables. (Enterprise)
10.0.10
Features and enhancements:
- Alerting: Attempt to retry retryable errors. #79210, @gotjosh
- Unified Alerting: Set max_attempts to 1 by default. #79101, @gotjosh
Bug fixes:
- Recorded Queries: Add org isolation (remote write target per org), and fix cross org Delete/List. (Enterprise)
9.5.15
Features and enhancements:
- Alerting: Attempt to retry retryable errors. #79209, @gotjosh
- Unified Alerting: Set to 1 by default. #79109, @gotjosh
Bug fixes:
- Recorded Queries: Add org isolation (remote write target per org), and fix cross org Delete/List. (Enterprise)
Jenkins 2.437
- Add telemetry for basic Java system properties describing the environment. (pull 8787)
- Restyle widget panes. (pull 8761)
- Rework node monitor configuration. (issue 72371)
- Ensure uptime is independent of system clock. (issue 72157)
- Show monitoring data on agent page. (pull 8725)
- Deprecate all configurable options in **Launch agent by connecting it to the controller** (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode. (pull 8762)
- The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed. (pull 8773)
- Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale. (issue 72449)
- Fix nested job link in mobile view. (issue 72288)
- Do not show option to copy items when there are no items visible. (issue 72443)
- Developer: Allow replacing onclick attributes containing inline JS on l:task with datacallback. (issue 60866)
- Allow users to make side panel sticky. (issue 71578)
Keycloak 23.0.3 & 23.0.2 & 22.0.7
Kubernetes
1.28.5
Feature:
- Kubernetes is now built with Go 1.20.12 (#122216, @xmudrii) [SIG Release and Testing]
Bug or Regression:
- Fix panic if there are more terminating pods than active pods (#122267, @kannon92) [SIG Apps]
- Fix: statle smb mount issue when smb file share is deleted and then unmount (#121851, @andyzhangx) [SIG Storage]
- Fixed a regression since 1.27.0 in scheduler framework when running score plugins. The skippedScorePlugins number might be greater than enabledScorePlugins, so when initializing a slice the cap(len(skippedScorePlugins) - len(enabledScorePlugins)) is negative, which is not allowed. (#121667, @kerthcet) [SIG Scheduling]
- Fixes a kube-apiserver log volume regression bug in default 1.27 configurations (introduced in 1.26, activated by the AggregatedDiscoveryEndpoint feature enablement in 1.27) (#122096, @ritazh) [SIG API Machinery]
- Fixes a regression in kube-scheduler memory use in default 1.28 configurations by moving the SchedulerQueueingHints feature gate back to disabled by default. (#122291, @sanposhiho) [SIG Scheduling]
- Fixes an issue where StatefulSet might not restart a pod after eviction or node failure. (#121389, @aleksandra-malinowska) [SIG Apps and Testing]
- The scheduling queue didn't notice any extenders' failures, it could miss some cluster events, and it could end up Pods rejected by Extenders stuck in unschedulable pod pool in 5min in the worst-case scenario. Now, the scheduling queue notices extenders' failures and requeue Pods rejected by Extenders appropriately. (#122045, @sanposhiho) [SIG Scheduling]
Other (Cleanup or Flake):
- Bump distroless-iptables to 0.2.8 based on Go 1.20.11 (#121976, @cpanato) [SIG Testing]
- Makefile and scripts now respect GOTOOLCHAIN and otherwise ensure ./.go-version is used (#122075, @BenTheElder) [SIG Release and Testing]
1.27.9
Feature:
- Kubernetes is now built with Go 1.20.12 (#122217, @xmudrii) [SIG Release and Testing]
Bug or Regression:
- Fixed a regression since 1.27.0 in scheduler framework when running score plugins. The skippedScorePlugins number might be greater than enabledScorePlugins, so when initializing a slice the cap(len(skippedScorePlugins) - len(enabledScorePlugins)) is negative, which is not allowed. (#121666, @kerthcet) [SIG Scheduling]
- Fixes a kube-apiserver log volume regression bug in default 1.27 configurations (introduced in 1.26, activated by the AggregatedDiscoveryEndpoint feature enablement in 1.27) (#122074, @ritazh) [SIG API Machinery]
- Fixes an issue where StatefulSet might not restart a pod after eviction or node failure. (#121389, @aleksandra-malinowska) [SIG Apps and Testing]
- The scheduling queue didn't notice any extenders' failures, it could miss some cluster events, and it could end up Pods rejected by Extenders stuck in unschedulable pod pool in 5min in the worst-case scenario. Now, the scheduling queue notices extenders' failures and requeue Pods rejected by Extenders appropriately. (#122044, @sanposhiho) [SIG Scheduling]
Other (Cleanup or Flake):
- Bump distroless-iptables to 0.2.8 based on Go 1.20.11 (#121975, @cpanato) [SIG Testing]
- Makefile and scripts now respect GOTOOLCHAIN and otherwise ensure ./.go-version is used (#122076, @BenTheElder) [SIG Release and Testing]
MongoDB 7.2.0
Nodejs 21.5.0
Notable Changes:
[0dd53da722] - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) #50322
[9f54987fbc] - module: merge config with package_json_reader (Yagiz Nizipli) #50322
[45e4f82912] - src: move package resolver to c++ (Yagiz Nizipli) #50322
Deprecations:
[26ed4ad01f] - doc: deprecate hash constructor (Marco Ippolito) #51077
[58ca66a1a7] - doc: deprecate dirent.path (Antoine du Hamel) #51020
Commits:
[1bbdbdfbeb] - benchmark: update iterations in benchmark/perf_hooks (Lei Shi) #50869
[087fb0908e] - benchmark: update iterations in benchmark/crypto/aes-gcm-throughput.js (Lei Shi) #50929
[53b16c71fb] - benchmark: update iteration and size in benchmark/crypto/randomBytes.js (Lei Shi) #50868
[38fd0ca753] - benchmark: add undici websocket benchmark (Chenyu Yang) #50586
[b148c43244] - benchmark: add create-hash benchmark (Joyee Cheung) #51026
[fdd8c18f96] - benchmark: update interations and len in benchmark/util/text-decoder.js (Lei Shi) #50938
[a9972057ac] - benchmark: update iterations of benchmark/util/type-check.js (Lei Shi) #50937
[b80bb1329b] - benchmark: update iterations in benchmark/util/normalize-encoding.js (Lei Shi) #50934
[dbee03d646] - benchmark: update iterations in benchmark/util/inspect-array.js (Lei Shi) #50933
[f2d83a3a84] - benchmark: update iterations in benchmark/util/format.js (Lei Shi) #50932
[2581fce553] - bootstrap: improve snapshot unsupported builtin warnings (Joyee Cheung) #50944
[735bad3694] - build: fix warnings from uv for gn build (Cheng Zhao) #51069
[8da9d969f9] - deps: V8: cherry-pick 0fd478bcdabd (Joyee Cheung) #50572
[429fbb37c1] - deps: update simdjson to v3.6.2 (Yagiz Nizipli) #50986
[9950103253] - deps: update zlib to 1.3-22124f5 (Node.js GitHub Bot) #50910
[0b61823e8b] - deps: update undici to 5.28.2 (Node.js GitHub Bot) #51024
[95d8a273cc] - deps: cherry-pick bfbe4e38d7 from libuv upstream (Abdirahim Musse) #50650
[06038a489e] - deps: update libuv to 1.47.0 (Node.js GitHub Bot) #50650
[0dd53da722] - (SEMVER-MINOR) deps: add simdjson (Yagiz Nizipli) #50322
[04eaa5cdd7] - doc: run license-builder (github-actions[bot]) #51111
[26ed4ad01f] - doc: deprecate hash constructor (Marco Ippolito) #51077
[637ffce4c4] - doc: add note regarding --experimental-detect-module (Shubherthi Mitra) #51089
[838179b096] - doc: correct tracingChannel.traceCallback() (Gerhard Stöbich) #51068
[539bee4f0a] - doc: use length argument in pbkdf2Key (Tobias Nießen) #51066
[c45a9a3187] - doc: add deprecation notice to dirent.path (Antoine du Hamel) #51059
[58ca66a1a7] - doc: deprecate dirent.path (Antoine du Hamel) #51020
[c2b6edf9ab] - esm: fix hook name in error message (Bruce MacNaughton) #50466
[35e8f26f07] - fs: throw fchownSync error from c++ (Yagiz Nizipli) #51075
[c3c8237089] - fs: update params in jsdoc for createReadStream and createWriteStream (Jungku Lee) #51063
[3f7f3ce8c9] - fs: improve error performance of readvSync (IlyasShabi) #50100
[7f95926f17] - http: handle multi-value content-disposition header (Arsalan Ahmad) #50977
[7a8a2d5632] - lib: don't parse windows drive letters as schemes (华) #50580
[aa2be4bb76] - module: load source maps in commonjs translator (Hiroki Osame) #51033
[c0e5e74876] - module: document parentURL in register options (Hiroki Osame) #51039
[4eedf5e694] - module: fix recently introduced coverity warning (Michael Dawson) #50843
[9f54987fbc] - module: merge config with package_json_reader (Yagiz Nizipli) #50322
[5f95dca638] - node-api: introduce experimental feature flags (Gabriel Schulhof) #50991
[3fb7fc909e] - quic: further implementation details (James M Snell) #48244
[fa25e069fc] - src: implement countObjectsWithPrototype (Joyee Cheung) #50572
[abe90527e4] - src: register udp_wrap external references (Joyee Cheung) #50943
[84e2f51d14] - src: register spawn_sync external references (Joyee Cheung) #50943
[2cfee53d7b] - src: register process_wrap external references (Joyee Cheung) #50943
[9b7f79a8bd] - src: fix double free reported by coverity (Michael Dawson) #51046
[fc5503246e] - src: remove unused headers in node_file.cc (Jungku Lee) #50927
[c3abdc58af] - src: implement --trace-promises (Joyee Cheung) #50899
[f90fc83e97] - src: fix dynamically linked zlib version (Richard Lau) #51007
[9bf144379f] - src: omit bool values of package.json main field (Yagiz Nizipli) #50965
[45e4f82912] - src: move package resolver to c++ (Yagiz Nizipli) #50322
[71acd36778] - stream: implement TransformStream cleanup using "transformer.cancel" (Debadree Chatterjee) #50126
[5112306064] - stream: fix fd is null when calling clearBuffer (kylo5aby) #50994
[ed070755ec] - test: deflake test-diagnostics-channel-memory-leak (Joyee Cheung) #50572
[aee01ff1b4] - test: test syncrhnous methods of child_process in snapshot (Joyee Cheung) #50943
[cc949869a3] - test: handle relative https redirect (Richard Lau) #51121
[048349ed4c] - test: fix test runner colored output test (Moshe Atlow) #51064
[7f5291d783] - test: resolve path of embedtest binary correctly (Cheng Zhao) #50276
[4ddd0daf5f] - test: escape cwd in regexp (Jérémy Lal) #50980
[3ccd5faabb] - test_runner: format coverage report for tap reporter (Pulkit Gupta) #51119
[d5c9adf3df] - test_runner: fix infinite loop when files are undefined in test runner (Pulkit Gupta) #51047
[328a41701c] - tools: update lint-md-dependencies to rollup@4.7.0 (Node.js GitHub Bot) #51106
[297cb6f5c2] - tools: update doc to highlight.js@11.9.0 unified@11.0.4 (Node.js GitHub Bot) #50459
[4705023343] - tools: fix simdjson updater (Yagiz Nizipli) #50986
[c9841583db] - tools: update eslint to 8.55.0 (Node.js GitHub Bot) #51025
[2b4671125e] - tools: update lint-md-dependencies to rollup@4.6.1 (Node.js GitHub Bot) #51022
[cd891b37f6] - util: improve performance of function areSimilarFloatArrays (Liu Jia) #51040
[e178a43509] - vm: use v8::DeserializeInternalFieldsCallback explicitly (Joyee Cheung) #50984
[fd028e146f] - win,tools: upgrade Windows signing to smctl (Stefan Stojanovic) #50956
Prometheus 2.45.2
This release contains security fixes in dependencies and has been built with go1.21.5. #13307
- [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series. #12558
Ceph 18.2.1
NOTABLE CHANGES:
- RGW: S3 multipart uploads using Server-Side Encryption now replicate correctly in a multi-site deployment. Previously, the replicas of such objects were corrupted on decryption. A new command, radosgw-admin bucket resync encrypted multipart, can be used to identify these original multipart uploads. The LastModified timestamp of any identified object is incremented by 1ns to cause peer zones to replicate it again. For multi-site deployments that make any use of Server-Side Encryption, we recommended running this command against every bucket in every zone after all zones have upgraded.
- CEPHFS: MDS now evicts clients which are not advancing their request tids (transaction IDs), which causes a large buildup of session metadata, resulting in the MDS going read-only due to the RADOS operation exceeding the size threshold. mds_session_metadata_threshold config controls the maximum size that an (encoded) session metadata can grow.
- RGW: New tools have been added to radosgw-admin for identifying and correcting issues with versioned bucket indexes. Historical bugs with the versioned bucket index transaction workflow made it possible for the index to accumulate extraneous “book-keeping” olh (object logical head) entries and plain placeholder entries. In some specific scenarios where clients made concurrent requests referencing the same object key, it was likely that a lot of extra index entries would accumulate. When a significant number of these entries are present in a single bucket index shard, they can cause high bucket listing latencies and lifecycle processing failures. To check whether a versioned bucket has unnecessary olh entries, users can now run radosgw-admin bucket check olh. If the --fix flag is used, the extra entries will be safely removed. A distinct issue from the one described thus far, it is also possible that some versioned buckets are maintaining extra unlinked objects that are not listable from the S3/ Swift APIs. These extra objects are typically a result of PUT requests that exited abnormally, in the middle of a bucket index transaction - so the client would not have received a successful response. Bugs in prior releases made these unlinked objects easy to reproduce with any PUT request that was made on a bucket that was actively resharding. Besides the extra space that these hidden, unlinked objects consume, there can be another side effect in certain scenarios, caused by the nature of the failure mode that produced them, where a client of a bucket that was a victim of this bug may find the object associated with the key to be in an inconsistent state. To check whether a versioned bucket has unlinked entries, users can now run radosgw-admin bucket check unlinked. If the --fix flag is used, the unlinked objects will be safely removed. Finally, a third issue made it possible for versioned bucket index stats to be accounted inaccurately. The tooling for recalculating versioned bucket stats also had a bug, and was not previously capable of fixing these inaccuracies. This release resolves those issues and users can now expect that the existing radosgw-admin bucket check command will produce correct results. We recommend that users with versioned buckets, especially those that existed on prior releases, use these new tools to check whether their buckets are affected and to clean them up accordingly.
- mgr/snap-schedule: For clusters with multiple CephFS file systems, all the snap-schedule commands now expect the ‘--fs’ argument.
- RADOS: A POOL_APP_NOT_ENABLED health warning will now be reported if the application is not enabled for the pool irrespective of whether the pool is in use or not. Always tag a pool with an application using ceph osd pool application enable command to avoid reporting of POOL_APP_NOT_ENABLED health warning for that pool. The user might temporarily mute this warning using ceph health mute POOL_APP_NOT_ENABLED.
- Dashboard: An overview page for RGW to show the overall status of RGW components.
- Dashboard: Added management support for RGW Multi-site and CephFS Subvolumes and groups.
- Dashboard: Fixed few bugs and issues around the new dashboard page including the broken layout, some metrics giving wrong values and introduced a popover to display details when there are HEALTH_WARN or HEALTH_ERR.
- Dashboard: Fixed several issues in Ceph dashboard on Rook-backed clusters, and improved the user experience on the Rook environment.
OpenUpdate - December 15, 2023
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
OpenLogic’s Enterprise Linux Team has recently published the following update:
We recommend that you update your CentOS 6 systems to protect against this vulnerability. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Apache Camel 4.3.0 & 3.21.3 & 3.20.9
BUG (6)
[CAMEL-20152] camel-jetty - OutOfMemoryError with big file upload via multipart
[CAMEL-20139] aggregate EIP: wrong correlation key set for the first aggregate exchange
[CAMEL-20079] EndpointDslMojo generates wrong header names
[CAMEL-20054] camel-kubernetes - Configuration of Kubernetes secrets with Camel K not working as expected
[CAMEL-20053] camel-jira: watchUpdates consumer does not see issues created after route startup
[CAMEL-20035] Program terminates with OutOfMemoryError
DEPENDENCY UPGRADE (2)
[CAMEL-20146] camel-spring-boot - Upgrade to 2.7.18
[CAMEL-20049] camel-activemq - Upgrade to latest releases
TASK (1)
[CAMEL-20094] camel-catalog: camel-spring.xsd keeps being regenerated
Apache Kafka 3.6.1
IMPROVEMENT:
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3
BUG:
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration
TASK:
[KAFKA-15093] - Add 3.5.0 to broker/client and streams upgrade/compatibility tests
[KAFKA-15378] - Rolling upgrade system tests are failing
[KAFKA-15479] - Remote log segments should be considered once for retention breach
[KAFKA-15664] - Add 3.4.0 streams upgrade/compatibility tests
TEST:
[KAFKA-15169] - Add tests for RemoteIndexCache
[KAFKA-15793] - Flaky test ZkMigrationIntegrationTest.testMigrateTopicDeletions
Apache Kafka 3.5.2
BUG:
[KAFKA-13197] - KStream-GlobalKTable join semantics don't match documentation
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-14938] - Flaky test org.apache.kafka.connect.integration.ExactlyOnceSourceIntegrationTest#testConnectorBoundary
[KAFKA-15091] - Javadocs for SourceTask::commit are incorrect
[KAFKA-15100] - Unsafe to call tryCompleteFetchResponse on request timeout
[KAFKA-15102] - Mirror Maker 2 - KIP690 backward compatibility
[KAFKA-15106] - AbstractStickyAssignor may stuck in 3.5
[KAFKA-15202] - MM2 OffsetSyncStore clears too many syncs when sync spacing is variable
[KAFKA-15216] - InternalSinkRecord::newRecord method ignores the headers argument
[KAFKA-15235] - No test coverage reports for Java due to settings for Jacoco being incompatible with Gradle 8.x
[KAFKA-15238] - Connect workers can be disabled by DLQ-related blocking admin client calls
[KAFKA-15243] - User creation mismatch
[KAFKA-15263] - KRaftMigrationDriver can run the migration twice
[KAFKA-15312] - FileRawSnapshotWriter must flush before atomic move
[KAFKA-15319] - Upgrade rocksdb to fix CVE-2022-37434
[KAFKA-15338] - The metric group documentation for metrics added in KAFKA-13945 is incorrect
[KAFKA-15353] - Empty ISR returned from controller after AlterPartition request
[KAFKA-15374] - ZK migration fails on configs for default broker resource
[KAFKA-15375] - When running in KRaft mode, LogManager may creates CleanShutdown file by mistake
[KAFKA-15377] - GET /connectors/{connector}/tasks-config endpoint exposes externalized secret values
[KAFKA-15391] - Delete topic may lead to directory offline
[KAFKA-15429] - Kafka Streams attempts to commit on a closed producer when shutting down after an exception when running with EOS
[KAFKA-15450] - Disable ZK migration when JBOD configured
[KAFKA-15487] - CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1
[KAFKA-15498] - Upgrade Snappy-Java to 1.1.10.4
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
TASK:
[KAFKA-15378] - Rolling upgrade system tests are failing
[KAFKA-15664] - Add 3.4.0 streams upgrade/compatibility tests
TEST:
[KAFKA-15211] - DistributedConfigTest#shouldFailWithInvalidKeySize fails when run after TestSslUtils#generate
[KAFKA-15393] - MirrorMaker2 integration tests are shutting down uncleanly
Apache Tomcat 11.0.0-M15
Catalina:
- Fix: Background processes should not be run concurrently with lifecycle oprations of a container. (remm)
- Add: Add support for the jakarta.servlet.request.secure_protocol request attribute that has been added in Jakarta Servlet 6.1. This replaces the now deprecated Tomcat specific request attribute org.apache.tomcat.util.net.secure_protocol_version. (markt)
- Add: Align behaviour with the latest addition to the Servlet 6.1 specification that requires that all HTTP error dispatches use the GET method. (markt)
- Fix: Correct unintended escaping of XML in some WebDAV responses. The XML list of support locks when provided in response to a PROPFIND request was incorrectly XML escaped. (markt)
- Fix: 68227: Ensure that AsyncListener.onComplete() is called if AsyncListener.onError() calls AsyncContext.dispatch(). (markt)
- Fix: 68228: Use a 408 status code if a read timeout occurs during HTTP request processing. Includes a test case based on code provided by adwsingh. (markt)
Coyote:
- Fix: Use Java code to load certificate chain when using OpenSSL through the FFM API. (remm)
Jasper:
- Code: 68119: Refactor the CompositeELResolver to improve performance during type conversion operations. (markt)
Web Applications:
- Fix: Examples. Improve the error handling so snakes associated with a user that drops from the network are removed from the game. (markt)
Other:
- Update: Update the OWB module to Apache OpenWebBeans 4.0.1. (remm)
- Fix: 68124: Migrate sample.war from javax to jakarta. (lihan)
- Update: Update UnboundID to 6.0.11. (markt)
- Update: Update Checkstyle to 10.12.5. (markt)
- Update: Update SpotBugs to 4.8.2. (markt)
- Update: Update Derby to 10.17.1. (markt)
- Add: Improvements to French translations. (remm)
- Add: Improvements to Japanese translations by tak7iji. (markt)
- Add: Improvements to Brazilian Portuguese translations by John William Vicente. (markt)
- Add: Improvements to Russian translations by usmazat and remm. (markt)
Apache Tomcat 10.1.17
Catalina:
- Fix: Background processes should not be run concurrently with lifecycle oprations of a container. (remm)
- Fix: Correct unintended escaping of XML in some WebDAV responses. The XML list of support locks when provided in response to a PROPFIND request was incorrectly XML escaped. (markt)
- Fix: 68227: Ensure that AsyncListener.onComplete() is called if AsyncListener.onError() calls AsyncContext.dispatch(). (markt)
- Fix: 68228: Use a 408 status code if a read timeout occurs during HTTP request processing. Includes a test case based on code provided by adwsingh. (markt)
Jasper:
- Code: 68119: Refactor the CompositeELResolver to improve performance during type conversion operations. (markt)
Web Applications:
- Fix: Examples. Improve the error handling so snakes associated with a user that drops from the network are removed from the game. (markt)
Other:
- Fix: 68124: Migrate sample.war from javax to jakarta. (lihan)
- Update: Update UnboundID to 6.0.11. (markt)
- Update: Update Checkstyle to 10.12.5. (markt)
- Update: Update SpotBugs to 4.8.2. (markt)
- Update: Update Derby to 10.17.1. (markt)
- Add: Improvements to French translations. (remm)
- Add: Improvements to Japanese translations by tak7iji. (markt)
- Add: Improvements to Brazilian Portuguese translations by John William Vicente. (markt)
- Add: Improvements to Russian translations by usmazat and remm. (markt)
Elasticsearch v8.11.3
Bug fixes
Application:
- Use latest version of entsearch ingestion pipeline #103087
ES|QL:
- Allow match field in enrich fields #102734
- Collect warnings in compute service #103031 (issues: #100163, #103028, #102871, #102982)
ILM+SLM:
- [ILM] More resilient when a policy is added to searchable snapshot #102741 (issue: #101958)
Mapping:
- Ensure dynamicMapping updates are handled in insertion order #103047
Transform:
- Ensure transform _schedule_now API only triggers the expected transform task #102958 (issue: #102956)
Etcd v3.5.11
etcd server:
- Fix distributed tracing by ensuring --experimental-distributed-tracing-sampling-rate configuration option is available to set tracing sample rate.
- Fix url redirects while checking peer urls during new member addition
Dependencies:
- Compile binaries using go 1.20.12
- Fix CVE-2023-47108 by bumping go.opentelemetry.io/otel to 1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to 0.46.0.
HAProxy 2.9.0
DOC: config: add missing colon to "bytes_out" sample fetch keyword (2)
BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
DOC: config: add matrix entry for "max-session-srv-conns"
DOC: config: fix monitor-fail typo
DOC: config: add context hint for proxy keywords
DEBUG: stream: Report lra/fsb values for front end back SC in stream dump
REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter
BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
DOC: Clarify the differences between field() and word()
BUG/MINOR: server/event_hdl: properly handle AF_UNSPEC for INETADDR event
BUILD: http_htx: silence uninitialized warning on some gcc versions
MINOR: acme.sh: don't use '*' in the filename for wildcard domain
MINOR: global: Use a dedicated bitfield to customize zero-copy fast-forwarding
MINOR: mux-pt: Add global option to enable/disable zero-copy forwarding
MINOR: mux-h1: Add global option to enable/disable zero-copy forwarding
MINOR: mux-h2: Add global option to enable/disable zero-copy forwarding
MINOR: mux-quic: Add global option to enable/disable zero-copy forwarding
MINOR: mux-quic: Disable zero-copy forwarding for send by default
DOC: config: update the reminder on the HTTP model and add some terminology
DOC: config: add a few more differences between HTTP/1 and 2+
DOC: config: clarify session vs stream
DOC: config: fix typo abandonned -> abandoned
DOC: management: fix two latest typos (optionally, exception)
BUG/MEDIUM: peers: fix partial message decoding
DOC: management: update stream vs session
Wildfly 30.0.1.Final
Bug:
[WFLY-18295] - WildFly vs WildFly Preview document needs update
[WFLY-18384] - [CLUSTERING] File containing session data is never shrunk or deleted
[WFLY-18533] - Simplest JAXRS app is failing when deployed in server provisioned with jaxrs
[WFLY-18702] - In WildFly Preview jaxrs-server layer does not provision MP Rest Client
[WFLY-18727] - ATTRIBUTE granularity distributed sessions should always replicate on setAttribute(...)
[WFLY-18740] - On cache writes, Infinispan store=hotrod throws ISE: Only byte[] instances are supported currently
[WFLY-18783] - MBean: java.lang.ClassNotFoundException: org.glassfish.jaxb.runtime.v2.ContextFactory from [Module "org.jboss.as.sar" version 27.0.1.Final...
Component Upgrade:
[WFLY-18630] - Upgrade Infinispan to 14.0.20.Final
[WFLY-18679] - Upgrade jaxbintros from 2.0.0 to 2.0.1
[WFLY-18680] - [WildFly 30.x] Upgrade HAL to 3.6.16.Final
[WFLY-18685] - Upgrade santuario to 3.0.3 (addresses CVE-2023-44483)
[WFLY-18704] - Upgrade Artemis to 2.31.2 (resolves CVE-2023-46604)
[WFLY-18713] - Upgrade RESTEasy to 6.2.6.Final
[WFLY-18725] - Upgrade WildFly Http Client to 2.0.6.Final
Sub-task:
[WFLY-18642] - Reevalute test exclusions in the integration/microprofile module
Jenkins 2.436 & 2.435
- Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink. (pull 8736)
- Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration (issue 72343)
- Tweak font styling to remove anti-aliasing. (pull 8689)
- Make display name of HistoryWidget configurable for alternate text. (pull 8740)
- Move the proxy configuration form to its own screen. (pull 8693)
- Fix redirect when renaming a cloud. (issue 71737)
- Avoid incorrect styling when deleting the first of two shell steps in a job definition. (issue 72196)
- Developer: A new convenience method ExtensionList.lookupFirst allows retrieval of the first implementation of an extension point. (pull 8735)
Kibana v8.11.3
Bug Fixes
Fleet:
- Fixes a 500 error in the Fleet API when a request for the product versions endpoint throws ECONNREFUSED (#172850).
- Fixes agent policy timeout to accept only integers (#172222).
Machine Learning:
- Fixes data drift numeric fields not displaying correctly (#172504).
- Fixes Data visualizer, ML field stats, and Data Frame Analytics so the _tier field can be excluded (#172223).
Operations:
- Fixes an issue where running kibana-keystore commands required kibana.yml to exist (#172943).
Kubernetes 1.29.0
Logstash 8.11.3
Documentation Enhancements:
- Document how to further transform events processed by the filter-elastic_integration plugin #15675
Updates To Dependencies:
- Update JRuby to 9.4.5.0 #15670
PHP Interpreter php-8.3.1RC3
New Features in PHP 8.3
- Typed Class Constants
- Added json_validate function
- Dynamic class constant and Enum member fetch support
- class_alias() supports aliasing built-in PHP classes
- New #[\Override] attribute
- New stream_context_set_options function
- PHP CLI Lint (php -l) supports linting multiple files at once
- Fallback value support for PHP INI Environment Variable syntax
- Random extension: New \Random\Randomizer::getFloat() and nextFloat() methods
- Random extension: New \Random\Randomizer::getBytesFromString method
- gc_status() returns additional GC information
- Syntax/Functionality Changes in PHP 8.3
- SQLite3: New \SQLite3Exception, deprecations, and changes
- Built-in CLI Server $_SERVER['SERVER_SOFTWARE'] value changed for RFC3875 compliance
- Class constant type declarations in some PHP extension classes
- Granular DateTime Exceptions
- highlight_file and highlight_string output HTML changes
- unserialize(): Upgrade E_NOTICE errors to E_WARNING
- Deprecations in PHP 8.3
- Assert: assert_options(), ASSERT_* constants, and assert.* INI settings deprecated
- get_class() and get_parent_class() function calls without arguments deprecated
Prometheus 2.48.1
[BUGFIX] TSDB: Make the wlog watcher read segments synchronously when not tailing. #13224
[BUGFIX] Agent: Participate in notify calls (fixes slow down in remote write handling introduced in 2.45). #13223
Nexus release-3.63.0-01
AWX 23.5.1
- Fixed AWX collection publishing on Galaxy (@TheRealHaoLiu #14642)
- Fixed wsrelay connection loop that was being interrupted causing nodes to remain disconnected from their web sockets and added log messages for the previous return state to improve the logging from this state (@lucas-benedito #14692)
SELinux Project
"semodule-utils-3.6"
User-Visible Changes:
- checkpolicy/dispol: add option to display users, drop duplicate option to display booleans, show number of entries before listing them
- libsepol: struct cond_expr_t `bool` renamed to `boolean` The change is indicated by COND_EXPR_T_RENAME_BOOL_BOOLEAN macro
- cil: Allow IP address and mask values to be directly written
- cil: Allow paths in filecon rules to be passed as arguments
- Add not self support for neverallow rules
- dispol: Add the ability to show booleans, classes, roles, types and type attributes of policies
- Improve man pages
- libselinux: performance optimization for duplicate detection
- dismod: add options: --actions ACTIONS, --help
- dispol: add options: --actions ACTIONS, --help
- checkpolicy: Add the command line argument -N, --disable-neverallow
- Introduce getpolicyload - a helper binary to print the number of policy reloads on the running system
- man pages: Remove the Russian translations
- Add notself and other support to CIL
- Add support for deny rules
- Translations updated from https://translate.fedoraproject.org/projects/selinux/
- Bug fixes
Development-Relevant Changes:
- ci: bump Fedora to version 39
- Drop LGTM.com and Travis CI configuration
OpenUpdate - December 7, 2023
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 8 systems to protect against this vulnerability.
CentOS - tzdata-2023c-1_ol001.el6
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Apache Spark 3.4.2
Notable changes
[SPARK-42784]: should still create subDir when the number of subDir in merge dir is less than conf
[SPARK-43203]: Fix DROP table behavior in session catalog
[SPARK-43393]: Address sequence expression overflow bug
[SPARK-44040]: Fix compute stats when AggregateExec node above QueryStageExec
[SPARK-44079]: Fix ArrayIndexOutOfBoundsException when parse array as struct using PERMISSIVE mode with corrupt record
[SPARK-44134]: Fix setting resources (GPU/FPGA) to 0 when they are set in spark-defaults.conf
[SPARK-44136]: Fixed an issue that StateManager may get materialized in executor instead of driver in FlatMapGroupsWithStateExec
[SPARK-44142]: Replace type with tpe in utility to convert python types to spark types
[SPARK-44180]: DistributionAndOrderingUtils should apply ResolveTimeZone
[SPARK-44206]: DataSet.selectExpr scope Session.active
[SPARK-44215]: If num chunks are 0, then server should throw a RuntimeException
[SPARK-44241]: Mistakenly set io.connectionTimeout/connectionCreationTimeout to zero or negative will cause incessant executor cons/destructions
[SPARK-44251]: Set nullable correctly on coalesced join key in full outer USING join
[SPARK-44313]: Fix generated column expression validation when there is a char/varchar column in the schema
[SPARK-44391]: Check the number of argument types in InvokeLike
[SPARK-44464]: Fix applyInPandasWithStatePythonRunner to output rows that have Null as first column value
[SPARK-44479]: Fix protobuf conversion from an empty struct type
[SPARK-44547]: Ignore fallback storage for cached RDD migration
[SPARK-44581]: Fix the bug that ShutdownHookManager gets wrong UGI from SecurityManager of ApplicationMaster
[SPARK-44588]: Fix double encryption issue for migrated shuffle blocks
[SPARK-44630]: Revert “[SPARK-43043] Improve the performance of MapOutputTracker.updateMapOutput”
[SPARK-44634]: Encoders.bean does no longer support nested beans with type arguments
[SPARK-44641]: Incorrect result in certain scenarios when SPJ is not triggered
[SPARK-44653]: Non-trivial DataFrame unions should not break caching
[SPARK-44657]: Fix incorrect limit handling in ArrowBatchWithSchemaIterator and config parsing of CONNECT_GRPC_ARROW_MAX_BATCH_SIZE
[SPARK-44805]: getBytes/getShorts/getInts/etc. should work in a column vector that has a dictionary
[SPARK-44840]: Make array_insert() 1-based for negative indexes
[SPARK-44846]: Convert the lower redundant Aggregate to Project in RemoveRedundantAggregates
[SPARK-44854]: Python timedelta to DayTimeIntervalType edge case bug
[SPARK-44857]: Fix getBaseURI error in Spark Worker LogPage UI buttons
[SPARK-44859]: Fix incorrect property name in structured streaming doc
[SPARK-44871]: Fix percentile_disc behaviour
[SPARK-44910]: Encoders.bean does not support superclasses with generic type arguments
[SPARK-44920]: Use await() instead of awaitUninterruptibly() in TransportClientFactory.createClient()
[SPARK-44925]: K8s default service token file should not be materialized into token
[SPARK-44935]: Fix RELEASE file to have the correct information in Docker images if exists
[SPARK-44937]: Mark connection as timedOut in TransportClient.close
[SPARK-44940]: Improve performance of JSON parsing when “spark.sql.json.enablePartialResults” is enabled
[SPARK-44973]: Fix ArrayIndexOutOfBoundsException in conv()
[SPARK-44990]: Reduce the frequency of get spark.sql.legacy.nullValueWrittenAsQuotedEmptyStringCsv
[SPARK-45054]: HiveExternalCatalog.listPartitions should restore partition statistics
[SPARK-45057]: Avoid acquire read lock when keepReadLock is false
[SPARK-45071]: Optimize the processing speed of BinaryArithmetic#dataType when processing multi-column data
[SPARK-45075]: Fix alter table with invalid default value will not report error
[SPARK-45078]: Fix array_insert ImplicitCastInputTypes not work
[SPARK-45079]: Fix an internal error from percentile_approx()on NULL accuracy
[SPARK-45081]: Encoders.bean does no longer work with read-only properties
[SPARK-45100]: Fix an internal error from reflect()on NULL class and method
[SPARK-45109]: Fix log function in Connect
[SPARK-45187]: Fix WorkerPage to use the same pattern for logPage urls
[SPARK-45227]: Fix a subtle thread-safety issue with CoarseGrainedExecutorBackend
[SPARK-45282]: Correctness issue in AQE with InMemoryTableScanExec
[SPARK-45389]: Correct MetaException matching rule on getting partition metadata
[SPARK-45430]: Fix for FramelessOffsetWindowFunction when IGNORE NULLS and offset > rowCount
[SPARK-45433]: Fix CSV/JSON schema inference when timestamps do not match specified timestampFormat
[SPARK-45473]: Fix incorrect error message for RoundBase
[SPARK-45508]: Add “–add-opens=java.base/jdk.internal.ref=ALL-UNNAMED” so Platform can access Cleaner on Java 9+
[SPARK-45592]: Correctness issue in AQE with InMemoryTableScanExec
[SPARK-45604]: Add LogicalType checking on INT64 -> DateTime conversion on Parquet Vectorized Reader
[SPARK-45652]: SPJ: Handle empty input partitions after dynamic filtering
[SPARK-45670]: SparkSubmit does not support --total-executor-cores when deploying on K8s
[SPARK-45678]: Cover BufferReleasingInputStream.available/reset under tryOrFetchFailedException
[SPARK-45749]: Fix Spark History Server to sort Duration column properly
[SPARK-45786]: Fix inaccurate Decimal multiplication and division results
[SPARK-45814]: Make ArrowConverters.createEmptyArrowBatch call close() to avoid memory leak
[SPARK-45882]: BroadcastHashJoinExec propagate partitioning should respect CoalescedHashPartitioning
[SPARK-45896]: Construct ValidateExternalType with the correct expected type
[SPARK-45920]: group by ordinal should be idempotent
[SPARK-46006]: YarnAllocator miss clean targetNumExecutorsPerResourceProfileId after YarnSchedulerBackend call stop
[SPARK-46012]: EventLogFileReader should not read rolling logs if app status file is missing
[SPARK-46062]: Sync the isStreaming flag between CTE definition and reference
[SPARK-46064]: Move out EliminateEventTimeWatermark to the analyzer and change to only take effect on resolved child
Dependency Changes
While being a maintenance release we did still upgrade some dependencies in this release they are:
[SPARK-44415]: Upgrade snappy-java to 1.1.10.2
[SPARK-44513]: Upgrade snappy-java to 1.1.10.3
[SPARK-45103]: Update ORC to 1.8.5
[SPARK-45884]: Update ORC to 1.8.6
Jenkins 2.434
- Refine build status icons. (pull 8705)
- FIPS mode now requires a minimum of 14 characters for a password. (pull 8694)
- Allow configuration of disk thresholds globally and for each agent. Improve warning when disk space is too low. Ensure agents are taken offline when disk space is low. (issue 72009)
- Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production. (pull 8714)
- Add support for Unix domain sockets. (pull 442 (packaging))
Keycloack 23.0.1
#23841 Users page with LDAP User Storage Provider Cannot read properties of undefined admin/ui
#23872 Attempt to request storage access in Firefox oidc
#24261 „Unlink users“-Option greyed out in ldap federation admin/ui
#24958 Error handling in admin console when update of user fails due the 400 HTTP error code admin/ui
#24961 Keycloak not able to handle multiple validating X509 certificates when public key are the same saml
#24984 Operator is missing CRDs metadata in CSV operator
#25008 Group search when creating user admin/ui
#25022 NPE in checkAndBindMtlsHoKToken on Token Refresh when using SuppressRefreshTokenRotationExecutor and Certificate Bound Token idc
Node.js 21.4.0
Notable Changes
This release fixes a regression introduced in v21.3.0 that caused the fs.writeFileSync method to throw when called with 'utf8' encoding, no flag option, and if the target file didn't exist yet.
- [32acafeeb6] - (SEMVER-MINOR) fs: introduce dirent.parentPath (Antoine du Hamel) #50976
- [724548674d] - fs: use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) #50990
Commits
- [b24ee15fb2] - benchmark: update iterations in benchmark/crypto/hkdf.js (Lei Shi) #50866
- [f79b54e60e] - benchmark: update iterations in benchmark/crypto/get-ciphers.js (Lei Shi) #50863
- [dc049acbbb] - benchmark: update number of iterations for util.inspect (kylo5aby) #50651
- [d7c562ae38] - deps: update googletest to 76bb2af (Node.js GitHub Bot) #50555
- [59a45ddbef] - deps: update googletest to b10fad3 (Node.js GitHub Bot) #50555
- [099ebdb781] - deps: update undici to 5.28.1 (Node.js GitHub Bot) #50975
- [4b1bed04f7] - deps: update undici to 5.28.0 (Node.js GitHub Bot) #50915
- [b281e98b1e] - doc: add additional details about --input-type (Shubham Pandey) #50796
- [b7036f2028] - doc: add procedure when CVEs don't get published (Rafael Gonzaga) #50945
- [7adf239af0] - doc: fix some errors in esm resolution algorithms (Christopher Jeffrey (JJ)) #50898
- [759ebcaead] - doc: reserve 121 for Electron 29 (Shelley Vohr) #50957
- [cedc3427fa] - doc: run license-builder (github-actions[bot]) #50926
- [30a6f19769] - doc: document non-node_modules-only runtime deprecation (Joyee Cheung) #50748
- [eecab883f0] - doc: add doc for Unix abstract socket (theanarkh) #50904
- [ec74b93b38] - doc: remove flicker on page load on dark theme (Dima Demakov) #50942
- [724548674d] - fs: use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) #50990
- [32acafeeb6] - (SEMVER-MINOR) fs: introduce dirent.parentPath (Antoine du Hamel) #50976
- [c1ee506454] - fs: remove workaround for esm package (Yagiz Nizipli) #50907
- [1cf087dfb3] - lib: refactor to use validateFunction in diagnostics_channel (Deokjin Kim) #50955
- [c37d18d5e1] - lib: streamline process.binding() handling (Joyee Cheung) #50773
- [246cf73631] - lib,src: replace toUSVString with toWellFormed() (Yagiz Nizipli) #47342
- [9bc79173a0] - loader: speed up line length calc used by moduleProvider (Mudit) #50969
- [812ab9e4f8] - meta: bump step-security/harden-runner from 2.6.0 to 2.6.1 (dependabot[bot]) #50999
- [1dbe1af19a] - meta: bump github/codeql-action from 2.22.5 to 2.22.8 (dependabot[bot]) #50998
- [bed1b93f8a] - meta: move one or more collaborators to emeritus (Node.js GitHub Bot) #50931
- [1e7d101428] - src: make ModifyCodeGenerationFromStrings more robust (Joyee Cheung) #50763
- [709ac479eb] - src: disable uncaught exception abortion for ESM syntax detection (Yagiz Nizipli) #50987
- [f6ff11c9f9] - src: fix backtrace with tail [[noreturn]] abort (Chengzhong Wu) #50849
- [74f5a1cbc9] - src: print MKSNAPSHOT debug logs to stderr (Joyee Cheung) #50759
- [3a1c664a97] - test: replace forEach to for.. test-webcrypto-export-import-cfrg.js (Angelo Parziale) #50785
- [ac3a6eefe3] - test: log more information in SEA tests (Joyee Cheung) #50759
- [94462d42f5] - test: consolidate utf8 text fixtures in tests (Joyee Cheung) #50732
- [8e1a70a347] - tools: add triggers to update release links workflow (Moshe Atlow) #50974
- [ca10cbb774] - tools: update lint-md-dependencies to rollup@4.5.2 (Node.js GitHub Bot) #50913
- [1e40c4a366] - tools: fix current version check (Marco Ippolito) #50951
- [3faed331e1] - typings: fix JSDoc in internal/modules/esm/hooks (Alex Yang) #50887
- [6a087ceffa] - url: throw error if argument length of revokeObjectURL is 0 (DylanTet) #50433
Janusgraph 1.0.0
Notable new features
- Upgrade to TinkerPop 3.7.0
- Support for Cassandra 4
- (Official) support for Java 11
- Cache performance improvements
- Upgrade to Log4j2
- Use mixed indices for numeric aggregations (min(), max(), mean(), sum())
- Support TEXTSTRING mapping in Solr
- New graph API to evaluate Gremlin scripts if JanusGraph is used embedded
- ConfiguredGraphFactory can now create different indexes for different graphs in Elasticsearch
- Add management API to remove ghost vertices
- Add possibility to remove stale graph index entries
- Improved support for Geoshapes in GraphBinary
- Remove dependency on cassandra-all
- Support TTL for CQL backend on Amazon Managed KeySpace
- Improved index life-cycle. Better index management, possibility to remove indexes.
- Support for ElasticSearch 8
- Possibility to use dedicated ScyllaDB driver when JanusGraph is used embedded
- Possibility to explicitly remove configuration options
- Possibility to use ASCI String for vertex ids
- CQL storage layer transitioned to asynchronous calls instead of a thread pool
- Enhanced CQL storage parallelism for queries using multiple slices in the same step (multiple edge labels or multiple property keys)
- Retrieval of SINGLE properties is now grouped in CQL queries (by default up to 20 properties for a single vertex)
- Added possibility to group CQL queries for different vertices stored on the same token ranges or same replica sets
- Improved batch-query (multiQuery) capabilities. Enhanced parent steps usage. Added batch-query optimisation to almost all execution steps (exception: ‘match’ step).
- Added possibility to improve parallelism for storage layer implementations by supporting multi-slice and multi-key parallelism
OpenUpdate - November 30, 2023
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
The vulnerability affects the following versions:
Apache ActiveMQ 5.18.0 before 5.18.3
Apache ActiveMQ 5.17.0 before 5.17.6
Apache ActiveMQ 5.16.0 before 5.16.7
Apache ActiveMQ before 5.15.16
Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities.
Non-Security Based Updates
Docker compose 2.23.3
bump buildx to v0.12.0 and adapt code to changes by @glours in #11217
etcd 3.4.28
etcd server
- Improve Skip getting authInfo from incoming context when auth is disabled
- Use the default write scheduler since golang.org/x/net@v0.11.0 started using round-robin scheduler.
- Add cluster ID check during data corruption detection to prevent false alarm.
- Add Learner support Snapshot RPC.
Package clientv3
- Fix Reset auth token when failing to authenticate due to auth being disabled.
- Simplify grpc dialer usage.
- Replace balancer with upstream grpc solution.
- Fix race condition when accessing cfg.Endpoints in dial().
- Fix invalid authority header issue in single endpoint scenario.
Dependencies
- Compile binaries using go 1.20.11.
- Upgrade bbolt to 1.3.8.
- Upgrade gRPC to 1.58.3 in #16997 and #16999. Note that gRPC server will reject requests with connection header (refer to grpc/grpc-go#4803).
Grafana 10.2.2
Bug fixes:
- FeatureToggle: Disable dashgpt by default and mark it as preview. #78349, @ivanortegaalba
- SaveDashboardPrompt: Reduce time to open drawer when many changes applied. #78308, @ivanortegaalba
- Alerting: Fix export with modifications URL when mounted on subpath. #78217, @gillesdemey
- Explore: Fix queries (cached & non) count in usage insights. #78216, @Elfo404
- Plugins: Keep working when there is no internet access. #78092, @leventebalogh
Jenkins 2.433
- Deactivate the administrative monitor when all previously offline agents are again online. (issue 72159)
- Prepare node monitors to work with configuration as code. (issue 64816)
- Introduce an API for build visualization plugins to serve alternative build console views and an API for plugins to produce links to the build console. (issue 71715)
Keycloak 23.0
New features
#23155 [WebAuthn] origin validation not support for non-Web platforms core
Enhancements
#431 Remove Wildfly/EAP OIDC and SAML adapter downloads web
#505 Quickstarts - Wildfly upgrade and README cleanup quickstarts
#510 SAML quickstart - provisioning of SAML adapter via Galleon quickstarts
#9318 User profile configuration API is incorrectly typed docs
#10128 Improve failed test behaviour operator
#10620 Internationalized Domain Names in email address user-profile
#10713 Update the server to use RESTEasy Reactive
#10803 Persist session in JDBC store without using external infinispan cluster storage
#11668 Declarative User Profile: weird behaviour in Account Management Console user-profile
#12406 Remove "You are already logged-in" during authentication authentication
#14009 CreatedTimestamp on REST import not used
#14165 Cannot refresh RPT tokens authorization-services
#14400 Add proxy options to Keycloak CR operator
#15018 Enhancements around proxy and hostname configuration
#15072 Allow setting a help text to an attribute user-profile
#15109 Refactor patch-sources.sh used by the Operator operator
#17258 Data too long for column 'DETAILS_JSON' storage
#20343 message bundles are not included in the realm export import-export
#20584 FAPI 2.0 security profile - supporting RFC 9207 OAuth 2.0 Authorization Server Issuer Identification
#20695 Add support for single-tenant in Microsoft Identity Provider
#20794 Can we simplify TokenManager.getRefreshExpiration() and TokenManager.getOfflineExpiration()? oidc
#20884 [Admin Console v2] Policy creation at Permissions screen missing admin/ui
#21073 Identity providers: pagination in admin REST API
#21154 Allow existing mappers for Custom Identity Providers identity-brokering
#21181 Add FAPI 2.0 security profile as default profile of client policies
#21182 Enhancing Pluggable Features of Token Manager
#21183 More flexibility for Introspection endpoint oidc
#21200 DPoP support 1st phase
#21444 Set `client_id` when using `private_key_jwt` with OIDC IdP identity-brokering
#21945 Release notes for FAPI 2
#22034 Keycloak, javascript lib to not use the escape() function adapter/javascript
#22215 DPoP verification in UserInfo endpoint oidc
#22318 Allow overriding Account Console resources for full control and backwards compatibility
#22372 Expand Group providers to allow for paginated lookup of subgroups storage
#22725 Do not initialize barrier build items for deployment dist/quarkus
#22868 Clarification on the tooltip of option "Validate Password Policy" of LDAP provider admin/ui
#23194 Add regex support in 'Condition - User attribute' execution authentication
#23340 Implement load shedding for RESTEasy reactive
#23527 Better usability when disabling user profile and loosing the previous cofiguration user-profile
#23891 Add feature flag for OAuth 2.0 device authorization grant flow oidc
#24024 User profile tweaks in registration forms user-profile
#24072 Lots of parameters related to identity brokering uses `providerId` when they expect `providerAlias` identity-brokering
#24273 Add a property to the User Profile Email Validator for max length of the local part user-profile
#24278 Transient users: documentation core
#24387 Move some UserProfile and Validation classes into keycloak-server-spi user-profile
#24494 Transient users: Consents core
#24535 Moving UPConfig and related classes from keycloak-services user-profile
#24844 Add High Availability Guide to Keycloak's main repository
#24912 Add Galleon layer metadata to the SAML Galleon feature-pack adapter/jee-saml
Bugs
#468 Cant build it quickstarts
#503 Automate Keycloak version replacement quickstarts
#508 set-version script does not update package(-lock).json files in js and nodejs quickstarts quickstarts
#515 [Keycloak Quickstarts CI failure] loginToAdminConsole method fails in ArquillianSysoutEventListenerProviderTest.testEventListenerOutput due to Unable to locate element: {"method":"css selector","selector":"#username"} exception quickstarts
#8939 PAR fails to authenticate for public client oidc
#9004 Access Token claims not imported using OpenID Connect v1.0 Identity Provider Attribute Importer Mappers oidc
#10710 Rollup.js complains about the use of eval in one of keycloak.js's dependencies adapter/javascript
#11699 Under heavy load, DefaultBruteForceProtector blocks the whole system authentication
#12062 Declarative User Profile export user-profile
#12171 Inconsistent authorization behavior when exporting data from a realm authorization-services
#14134 [keycloak 18] cannot import users with correct ID in partial import admin/api
#16379 Inconsistent handling of parenthesis in auth flow name admin/api
#16526 Token introspection response does not follow RFC6479 "scope" parameter format oidc
#19093 The create new user page requires the admin user to be given the "Manage-Realm" role in order to see the user profile attributes in the create new user page admin/api
#19125 kcadm do not update defaultGroups docs
#19154 Non working API docs link docs
#19555 When update-email feature is enabled, changing emails two times in a row causes unintuitive behaviour authentication
#20135 Searching for multiple types in the Events section gives an error admin/client-js
#20218 Role mappers must return a single value when they are not multivalued oidc
#20316 Email pattern is not compliant account/api
#20453 Admin UI incredibly slow with 300 realms admin/api
#20537 [Declarative User Profile] OIDCAttributeMapperHelper throws NumberFormatException for optional user attributes user-profile
#20763 Flaky test: org.keycloak.testsuite.admin.authentication.FlowTest#testAddRemoveFlow ci
#20830 Token-exchange is not working for OpenID Connect v1.0 provider in KC 21.1.1 token-exchange
#20852 [Declarative User Profile] Attributes are created as required by default but switch is set to "not required" user-profile
#20885 Key length is limited to 4000 characters storage
#21010 Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients storage
#21123 NPE in getDefaultRequiredActionCaseInsensitively admin/api
#21236 Keycloak Event clientId is null when ever a logout event is fired. core
#21555 Listing realms due to realm drop-down admin/ui
#21660 Wrong convert timestamp to date account/ui
#21779 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#loginShouldWorkWithScriptAuthenticator authentication
#21780 Flaky test: org.keycloak.testsuite.script.DeployedScriptAuthenticatorTest#loginShouldFailWithScriptAuthenticator authentication
#21797 DN with RDN that contains trailing backslash is imported incorrectly into Keycloak ldap
#21805 Missing labels account console account/ui
#21818 DN with RDN that contains trailing space is imported incorrectly into Keycloak ldap
#21830 Operator doesn't pass on system property 'jgroups.dns.query' to Keycloak but an env variable, leading to a warning in the log operator
#22143 WatchedSecretsTest.testSecretChangesArePropagated error in OCP ci
#22177 Missing client_id validation match when authenticating client with JWT
#22191 Verification of iss at refresh token request oidc
#22332 Selecting resource on resource based permission gives error admin/ui
#22337 kc.sh errors if using characters like semicolon inside the arguments docs
#22375 Possible NullPointerException core
#22395 Email sending fails when SPI truststore is configured and hostnameVerification set to 'ANY' core
#22432 inputOptionLabels is not used by Admin UI admin/ui
#22583 Fine grained permissions not rendering account/ui
#22638 SAML AdvancedAttributeToRoleMapper does not allow predicate evaluation on same Array Attribute saml
#22814 user search with "q" parameter ignores keys of length 1 and returns all users admin/api
#22818 inputOptionLabels is not used by Account UI v3 account/ui
#22890 Keycloak 22.0.1: NPE in Edit Identity Provider Mapper on second Save admin/api
#22937 ProviderConfigProperty.MULTIVALUED_LIST_TYPE not working in FormAction admin/ui
#22988 Cache stampede after realm cache invalidation infinispan
#23044 Docs: server_admin/topics/sessions/transient.adoc authentication
#23128 Regex defect in federation script federation-sssd-setup.sh dist/quarkus
#23173 crypto/elytron package has several bugs core
#23180 TypeError in user profile admin-ui admin/ui
#23253 CLI args not recognized when running Quarkus dev mode dist/quarkus
#23255 Several help text messages missing in saml identity provider admin/ui
#23404 Cannot assign client roles to a user when a realm contains more than ~4000 clients storage
#23444 After the recent switch to resteasy-reactive we are unable to use resteasy-classic or jersey jax-rs clients.
Dependencies
#23582 Join group screen does not show child groups without filters admin/ui
#23616 invalid tag in .ftl file user-profile
#23692 Genetated access token exception then $ sign in client name core
#23733 OpenAPI spec doesn't match the admin API admin/api
#23753 Insufficient guard against path traversal GzipResourceEncodingProvider core
#23789 Can not create attribute group before setting/removing an annotation user-profile
#23795 Spelling errors in TokenManager.java oidc
#23970 Keycloak does not export/import userprofile data when exporting the realm user-profile
#24032 Group attributes are not saved if there are two attributes with the same key admin/ui
#24035 Admin UI: Group details page is not updated by group list dropdown actions admin/ui
#24067 Duplicate attribute groups show in list in UserProfile in admin ui admin/ui
#24077 Internal server error when no firstName and lastName added on the user with User Profile Disabled and Verify Profile Enabled user-profile
#24096 Document or avoid breaking change in UserSessionModel core
#24160 HTTP/2 - Last parameter of POST form data contains 0x00 byte in some configurations. core
#24183 Username now shown when creating a user and edit username is not allowed user-profile
#24187 Admin UI group view shows attributes of previously viewed group admin/ui
#24293 b.map is not a function error when LDAP server is offline core
#24420 User profile behaves different in keycloak 22.0.5 user-profile
#24453 Email-verified checkbox not visible anymore when user profile is enabled admin/ui
#24455 NPE when logging in with TransientUser storage
#24458 Unfriendly error message when user-storage provider not available admin/ui
#24487 show/hide password in clear text button visible for hiden field in "forgot password" flow login/ui
#24547 DPoP advertised on OIDC Well Known Endpoint even though DPoP feature is not enabled (preview feature) oidc
#24551 the `./kc.sh tools completion` command cannot be recognized correctly admin/cli
#24672 Basic auth is not RFC 2617 compliant authentication
#24697 User cannot update profile when some invalid attribute invisible to him is present on his profile user-profile
#24766 non-functioning session persistence when using JDBC over Infinispan infinispan
#24792 Invalid redirect_uri if it contains uppercase letters authentication
#24970 `jwt-decode` is being bundled into Keycloak JS admin/client-js
Node.js 20.10
Notable Changes
--experimental-default-type flag to flip module defaults
The new flag --experimental-default-type can be used to flip the default module system used by Node.js. Input that is already explicitly defined as ES modules or CommonJS, such as by a package.json "type" field or .mjs/.cjs file extension or the --input-type flag, is unaffected. What is currently implicitly CommonJS would instead be interpreted as ES modules under --experimental-default-type=module:
- String input provided via --eval or STDIN, if --input-type is unspecified.
- Files ending in .js or with no extension, if there is no package.json file present in the same folder or any parent folder.
- Files ending in .js or with no extension, if the nearest parent package.json field lacks a type field; unless the folder is inside a node_modules folder.
In addition, extensionless files are interpreted as Wasm if --experimental-wasm-modules is passed and the file contains the "magic bytes" Wasm header.
-Detect ESM syntax in ambiguous JavaScript
The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected. For “ambiguous” files, which are .js or extensionless files with no package.json with a type field, Node.js will parse the file to detect ES module syntax; if found, it will run the file as an ES module, otherwise it will run the file as a CommonJS module. The same applies to string input via --eval or STDIN.
We hope to make detection enabled by default in a future version of Node.js. Detection increases startup time, so we encourage everyone—especially package authors—to add a type field to package.json, even for the default "type": "commonjs". The presence of a type field, or explicit extensions such as .mjs or .cjs, will opt out of detection.
-New flush option in file system functions
When writing to files, it is possible that data is not immediately flushed to permanent storage. This allows subsequent read operations to see stale data. This PR adds a 'flush' option to the fs.writeFile family of functions which forces the data to be flushed at the end of a successful write operation.
-Experimental WebSocket client
Adds a --experimental-websocket flag that adds a WebSocket global, as standardized by WHATWG.
-vm: fix V8 compilation cache support for vm.Script
Previously repeated compilation of the same source code using vm.Script stopped hitting the V8 compilation cache after v16.x when support for importModuleDynamically was added to vm.Script, resulting in a performance regression that blocked users (in particular Jest users) from upgrading from v16.x.
The recent fixes allow the compilation cache to be hit again for vm.Script when --experimental-vm-modules is not used even in the presence of the importModuleDynamically option, so that users affected by the performance regression can now upgrade. Ongoing work is also being done to enable compilation cache support for vm.CompileFunction.
PHP 8.3.0
Bcmath:
- Fixed GH-11761 (removing trailing zeros from numbers) (jorgsowa)
CLI:
- Added pdeathsig to builtin server to terminate workers when the master process is killed.
- Fixed bug GH-11104 (STDIN/STDOUT/STDERR is not available for CLI without a script).
- Implement GH-10024 (support linting multiple files at once using php -l).
Core:
- Fix GH-11388 (Allow "final" modifier when importing a method from a trait).
- Fixed bug GH-11406 (segfault with unpacking and magic method closure).
- Fixed bug GH-9388 (Improve unset property and __get type incompatibility error message).
- SA_ONSTACK is now set for signal handlers to be friendlier to other in-process code such as Go's cgo.
- SA_ONSTACK is now set when signals are disabled.
- Fix GH-9649: Signal handlers now do a no-op instead of crashing when executed on threads not managed by TSRM.
- Added shadow stack support for fibers.
- Fix bug GH-9965 (Fix accidental caching of default arguments with side effects).
- Implement GH-10217 (Use strlen() for determining the class_name length).
- Fix bug GH-8821 (Improve line numbers for errors in constant expressions).
- Fix bug GH-10083 (Allow comments between & and parameter).
- Zend Max Execution Timers is now enabled by default for ZTS builds on Linux.
- Fix bug GH-10469 (Disallow .. in open_basedir paths set at runtime).
- Fix bug GH-10168, GH-10582 (Various segfaults with destructors and VM return values).
- Fix bug GH-10935 (Use of trait doesn't redeclare static property if class has inherited it from its parent).
- Fix bug GH-11154 (Negative indices on empty array don't affect next chosen index).
- Fix bug GH-8846 (Implement delayed early binding for classes without parents).
- Fix bug #79836 (Segfault in concat_function).
- Fix bug #81705 (type confusion/UAF on set_error_handler with concat operation).
- Fix GH-11348 (Closure created from magic method does not accept named arguments).
- Fix GH-11388 (Allow "final" modifier when importing a method from a trait).
- Fixed bug GH-11406 (segfault with unpacking and magic method closure).
- Fixed bug GH-11507 (String concatenation performance regression in 8.3).
- Fixed GH-11488 (Missing "Optional parameter before required" deprecation on union null type).
- Implement the #[\Override] attribute RFC.
- Fixed bug GH-11601 (Incorrect handling of unwind and graceful exit exceptions).
- Added zend_call_stack_get implementation for OpenBSD.
- Add stack limit check in zend_eval_const_expr().
- Expose time spent collecting cycles in gc_status().
- Remove WeakMap entries whose key is only reachable through the entry value.
- Resolve open_basedir paths on INI update.
- Fixed oss-fuzz #60741 (Leak in open_basedir).
- Fixed segfault during freeing of some incompletely initialized objects due to OOM error (PDO, SPL, XSL).
- Introduced Zend guard recursion protection to fix __debugInfo issue.
- Fixed oss-fuzz #61712 (assertion failure with error handler during binary op).
- Fixed GH-11847 (DTrace enabled build is broken).
- Fixed OSS Fuzz #61865 (Undef variable in ++/-- for declared property that is unset in error handler).
- Fixed warning emitted when checking if a user stream is castable.
- Fixed bug GH-12123 (Compile error on MacOS with C++ extension when using ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX).
- Fixed bug GH-12189 (#[Override] attribute in trait does not check for parent class implementations).
- Fixed OSS Fuzz #62294 (Unsetting variable after ++/-- on string variable warning).
- Fixed buffer underflow when compiling memoized expression.
- Fixed oss-fuzz #63802 (OP1 leak in error path of post inc/dec).
Curl:
- Added Curl options and constants up to (including) version 7.87.
Date:
- Implement More Appropriate Date/Time Exceptions RFC.
DOM:
- Fix bug GH-8388 (DOMAttr unescapes character reference).
- Fix bug GH-11308 (getElementsByTagName() is O(N^2)).
- Fix #79700 (wrong use of libxml oldNs leads to performance problem).
- Fix #77894 (DOMNode::C14N() very slow on generated DOMDocuments even after normalisation).
- Revert changes to DOMAttr::$value and DOMAttr::$nodeValue expansion.
- Fixed bug GH-11500 (Namespace reuse in createElementNS() generates wrong output).
- Implemented DOMDocument::adoptNode(). Previously this always threw a "not yet implemented" exception.
- Fixed bug GH-9628 (Implicitly removing nodes from \DOMDocument breaks existing references).
- Added DOMNode::contains() and DOMNameSpaceNode::contains().
- Added DOMElement::getAttributeNames().
- Added DOMNode::getRootNode().
- Added DOMElement::className and DOMElement::id.
- Added DOMParentNode::replaceChildren().
- Added DOMNode::isConnected and DOMNameSpaceNode::isConnected.
- Added DOMNode::parentElement and DOMNameSpaceNode::parentElement.
- Added DOMNode::isEqualNode().
- Added DOMElement::insertAdjacentElement() and DOMElement::insertAdjacentText().
- Added DOMElement::toggleAttribute().
- Fixed bug GH-11792 (LIBXML_NOXMLDECL is not implemented or broken).
- adoptNode now respects the strict error checking property.
- Align DOMChildNode parent checks with spec.
- Fixed bug #80927 (Removing documentElement after creating attribute node: possible use-after-free).
- Fix various namespace prefix conflict resolution bugs.
- Fix calling createAttributeNS() without prefix causing the default namespace of the element to change.
- Fixed GH-11952 (Confusing warning when blocking entity loading via libxml_set_external_entity_loader).
- Fix broken cache invalidation with deallocated and reallocated document node.
- Fix compile error when php_libxml.h header is included in C++.
- Fixed bug #47531 (No way of removing redundant xmlns: declarations).
Exif:
- Removed unneeded codepaths in exif_process_TIFF_in_JPEG().
FFI:
- Implement GH-11934 (Allow to pass CData into struct and/or union fields).
Fileinfo:
- Upgrade bundled libmagic to 5.43.
- Fix GH-11408 (Unable to build PHP 8.3.0 alpha 1 / fileinfo extension).
FPM:
- The status.listen shared pool now uses the same php_values (including expose_php) and php_admin_value as the pool it is shared with.
- Added warning to log when fpm socket was not registered on the expected path.
- Fixed bug #76067 (system() function call leaks php-fpm listening sockets).
- Fixed GH-12077 (PHP 8.3.0RC1 borked socket-close-on-exec.phpt).
GD:
- Removed imagerotate "ignore_transparent" argument since it has no effect.
Intl:
- Added pattern format error infos for numfmt_set_pattern.
- Added MIXED_NUMBERS and HIDDEN_OVERLAY constants for the Spoofchecker's class.
- Updated datefmt_set_timezone/IntlDateformatter::setTimezone returns type. (David Carlier).
- Updated IntlBreakInterator::setText return type.
- Updated IntlChar::enumCharNames return type.
- Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale.
JSON:
LDAP:
- Deprecate calling ldap_connect() with separate hostname and port.
LibXML:
- Fix compile error with -Werror=incompatible-function-pointer-types and old libxml2.
MBString:
- mb_detect_encoding is better able to identify the correct encoding for Turkish text.
- mb_detect_encoding's "non-strict" mode now behaves as described in the documentation. Previously, it would return false if the same byte (for example, the first byte) of the input string was invalid in all candidate encodings. More generally, it would eliminate candidate encodings from consideration when an invalid byte was seen, and if the same input byte eliminated all remaining encodings still under consideration, it would return false. On the other hand, if all candidate encodings but one were eliminated from consideration, it would return the last remaining one without regard for how many encoding errors might be encountered later in the string. This is different from the behavior described in the documentation, which says: "If strict is set to false, the closest matching encoding will be returned." (Alex Dowad)
- mb_strtolower, mb_strtotitle, and mb_convert_case implement conditional casing rules for the Greek letter sigma. For mb_convert_case, conditional casing only applies to MB_CASE_LOWER and MB_CASE_TITLE modes, not to MB_CASE_LOWER_SIMPLE and MB_CASE_TITLE_SIMPLE.
- mb_detect_encoding is better able to identify UTF-8 and UTF-16 strings with a byte-order mark.
- mb_decode_mimeheader interprets underscores in QPrint-encoded MIME encoded words as required by RFC 2047; they are converted to spaces. Underscores must be encoded as "=5F" in such MIME encoded words.
- mb_encode_mimeheader no longer drops NUL (zero) bytes when QPrint-encoding the input string. This previously caused strings in certain text encodings, especially UTF-16 and UTF-32, to be corrupted by mb_encode_mimeheader.
- Implement mb_str_pad() RFC.
- Fixed bug GH-11514 (PHP 8.3 build fails with --enable-mbstring enabled).
- Fix use-after-free of mb_list_encodings() return value.
- Fixed bug GH-11992 (utf_encodings.phpt fails on Windows 32-bit).
mysqli:
- mysqli_fetch_object raises a ValueError instead of an Exception.
Opcache:
- Added start, restart and force restart time to opcache's phpinfo section.
- Fix GH-9139: Allow FFI in opcache.preload when opcache.preload_user=root.
- Made opcache.preload_user always optional in the cli and phpdbg SAPIs.
- Allows W/X bits on page creation on FreeBSD despite system settings.
- Added memfd api usage, on Linux, for zend_shared_alloc_create_lock() to create an abstract anonymous file for the opcache's lock.
- Avoid resetting JIT counter handlers from multiple processes/threads.
- Fixed COPY_TMP type inference for references.
OpenSSL:
- Added OPENSSL_CMS_OLDMIMETYPE and PKCS7_NOOLDMIMETYPE contants to switch between mime content types.
- Fixed GH-11054: Reset OpenSSL errors when using a PEM public key.
OpenUpdate - November 23, 2023
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository:
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
ActiveMQ CVE-2023-46604
It's worth noting that the vulnerability carries a CVSS score of 10.0, indicating maximum severity. It has been addressed in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month.
The vulnerability affects the following versions:
Apache ActiveMQ 5.18.0 before 5.18.3
Apache ActiveMQ 5.17.0 before 5.17.6
Apache ActiveMQ 5.16.0 before 5.16.7
Apache ActiveMQ before 5.15.16
Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
Non-Security Based Updates
Docker compose 2.23.1
Features
- align with OCI artifact best practices by @ndeloof in #11121
- introduce --resolve-image-digests for publish to seal service images by @ndeloof in #11136
- improve watch configuration logging by @glours in #11161
- reject compose file using secrets|configs.driver or template_driver by @ndeloof in #11185
Fixes
- fail start if depependency is missing by @ndeloof in #11110
- fix SIGTERM support to stop/kill stack by @ndeloof in #11127
- Fix --hash regression by @mattwalo32 in #11146
- Fix for "Application failed to start after update" when an external network is on a watched service by @kimdcottrell in #11092
- fix --pull documentation by @ndeloof in #11164
- fix #11170 add newline in cmd/compose/build.go fmt.Fprint by @szampardi in #11171
- render quiet after filtering applied by @ndeloof in #11177
- Strip project prefix from docker-compose up output by @ndeloof in #11190
Fluentd 1.16.3
-4327 in_tail: Fix a stall bug on !follow_inode case
-4339 in_tail: add warning for silent stop on !follow_inodes case
-4303 Buffer: Fix NoMethodError with empty unstaged chunk arrays
-4311 Fix for rotate_age where Fluentd passes as Symbol
Grafana 10.2.1
- Dashboards: Fix dashboard listing when user can't list any folders. #77988, @IevaVasiljeva
- Search: Modify query for better performance. #77713, @papagian
- Dashboards: Fix issue causing crashes when saving new dashboard. #77641, @kaydelaney
- RBAC: Allow scoping access to root level dashboards. #77608, @IevaVasiljeva
- CloudWatch Logs: Add labels to alert and expression queries. #77594, @iwysiu
- Bug Fix: Respect data source version when provisioning. #77542, @andresmgot
- Explore: Fix support for angular based datasource editors. #77505, @Elfo404
- Plugins: Fix status_source always being "plugin" in plugin request logs. #77436, @xnyo
- InfluxDB: Fix aliasing with $measurement or $m on backend mode. #77383, @itsmylife
- InfluxDB: Fix parsing multiple tags on backend mode. #77382, @itsmylife
- Explore: Fix panes vertical scrollbar not being draggable. #77344, @Elfo404
- Explore: Avoid reinitializing graph on every query run. #77290, @Elfo404
- Bug fix: Correctly set permissions on provisioned dashboards. #77230, @IevaVasiljeva
- InfluxDB: Fix adhoc filter calls by properly checking optional parameter in metricFindQuery. #77145, @itsmylife
- InfluxDB: Fix table parsing with backend mode. #76990, @itsmylife
- Alerting: Alert rule constraint violations return as 400s in provisioning API. #76978, @alexweav
- PresenceIndicators: Do not retry failed views/recent API calls. (Enterprise)
- Analytics: Use panel renderer rather than legacy flot graph. (Enterprise)
Node.js 21.2.0
Notable Changes
- [e25c65ee2f] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666
- [f2366573f9] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393
- [eac9cc5fcb] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740
- [7e151114b1] - fs: add stacktrace to fs/promises (翠 / green) #49849
- [6dbb280733] - (SEMVER-MINOR) lib: add --no-experimental-global-navigator CLI flag (Antoine du Hamel) #50562
- [03c730b931] - (SEMVER-MINOR) lib: add navigator.language & navigator.languages (Aras Abbasi) #50303
- [f932f4c518] - (SEMVER-MINOR) lib: add navigator.platform (Aras Abbasi) #50385
- [91f37d1dc3] - (SEMVER-MINOR) stream: add support for deflate-raw format to webstreams compression (Damian Krzeminski) #50097
- [65850a67c7] - stream: use Array for Readable buffer (Robert Nagy) #50341
- [e433fa54b7] - stream: optimize creation (Robert Nagy) #50337
- [c9b92bba58] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018
- [f6c496563e] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638
- [05e8b6ef20] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
Prometheus 2.48.0
[CHANGE] Remote-write: respect Retry-After header on 5xx errors. #12677
[FEATURE] Alerting: Add AWS SigV4 authentication support for Alertmanager endpoints. #12774
[FEATURE] Promtool: Add support for histograms in the TSDB dump command. #12775
[FEATURE] PromQL: Add warnings (and annotations) to PromQL query results. #12152 #12982 #12988 #13012
[FEATURE] Remote-write: Add Azure AD OAuth authentication support for remote write requests. #12572
[ENHANCEMENT] Remote-write: Add a header to count retried remote write requests. #12729
[ENHANCEMENT] TSDB: Improve query performance by re-using iterator when moving between series. #12757
[ENHANCEMENT] UI: Move /targets page discovered labels to expandable section #12824
[ENHANCEMENT] TSDB: Optimize WBL loading by not sending empty buffers over channel. #12808
[ENHANCEMENT] TSDB: Reply WBL mmap markers concurrently. #12801
[ENHANCEMENT] Promtool: Add support for specifying series matchers in the TSDB analyze command. #12842
[ENHANCEMENT] PromQL: Prevent Prometheus from overallocating memory on subquery with large amount of steps. #12734
[ENHANCEMENT] PromQL: Add warning when monotonicity is forced in the input to histogram_quantile. #12931
[ENHANCEMENT] Scraping: Optimize sample appending by reducing garbage. #12939
[ENHANCEMENT] Storage: Reduce memory allocations in queries that merge series sets. #12938
[ENHANCEMENT] UI: Show group interval in rules display. #12943
[ENHANCEMENT] Scraping: Save memory when scraping by delaying creation of buffer. #12953
[ENHANCEMENT] Agent: Allow ingestion of out-of-order samples. #12897
[ENHANCEMENT] Promtool: Improve support for native histograms in TSDB analyze command. #12869
[ENHANCEMENT] Scraping: Add configuration option for tracking staleness of scraped timestamps. #13060
[BUGFIX] SD: Ensure that discovery managers are properly canceled. #10569
[BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series. #12558
[BUGFIX] TSDB: Fix handling of explicit counter reset header in histograms. #12772
[BUGFIX] SD: Validate HTTP client configuration in HTTP, EC2, Azure, Uyuni, PuppetDB, and Lightsail SDs. #12762 #12811 #12812 #12815 #12814 #12816
[BUGFIX] TSDB: Fix counter reset edgecases causing native histogram panics. #12838
[BUGFIX] TSDB: Fix duplicate sample detection at chunk size limit. #12874
[BUGFIX] Promtool: Fix errors not being reported in check rules command. #12715
[BUGFIX] TSDB: Avoid panics reported in logs when head initialization takes a long time. #12876
[BUGFIX] TSDB: Ensure that WBL is repaired when possible. #12406
[BUGFIX] Storage: Fix crash caused by incorrect mixed samples handling. #13055
[BUGFIX] TSDB: Fix compactor failures by adding min time to histogram chunks. #13062