Your Free Source of Open Source News
This week, read about:
Cassandra 4.0.11
* Revert CASSANDRA-16718 (CASSANDRA-18560)
* Upgrade snappy to 1.1.10.1 (CASSANDRA-18608)
* Fix assertion error when describing mv as table (CASSANDRA-18596)
* Track the amount of read data per row (CASSANDRA-18513)
* Fix Down nodes counter in nodetool describecluster (CASSANDRA-18512)
* Remove unnecessary shuffling of GossipDigests in Gossiper#makeRandomGossipDigest (CASSANDRA-18546)
Merged from 3.11:
* Fix CAST function for float to decimal (CASSANDRA-18647)
* Suppress CVE-2022-45688 (CASSANDRA-18643)
* Remove unrepaired SSTables from garbage collection when only_purge_repaired_tombstones is true (CASSANDRA-14204)
* Wait for live endpoints in gossip waiting to settle (CASSANDRA-18543)
* Fix error message handling when trying to use CLUSTERING ORDER with non-clustering column (CASSANDRA-17818
* Add keyspace and table name to exception message during ColumnSubselection deserialization (CASSANDRA-18346)
Merged from 3.0:
* Suppress CVE-2023-34462 (CASSANDRA-18649)
* Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555)
* Suppress CVE-2023-35116 (CASSANDRA-18630)
* Pass taskId from CompactionTask to system.compaction_history (CASSANDRA-12183)
* Backport CASSANDRA-10508: Remove hard-coded SSL cipher suites (CASSANDRA-18575)
* Suppress CVE-2023-2976 (CASSANDRA-18562)
* Remove dh_python use in Debian packaging (CASSANDRA-18558)
Kafka 3.5.1
Improvement:
[KAFKA-15159] - Update minor dependencies in preparation for 3.5.1
Bug:
[KAFKA-15053] - Regression for security.protocol validation starting from 3.3.0
[KAFKA-15080] - Fetcher's lag never set when partition is idle
[KAFKA-15096] - CVE 2023-34455 - Vulnerability identified with Apache kafka
[KAFKA-15098] - KRaft migration does not proceed and broker dies if authorizer.class.name is set
[KAFKA-15114] - StorageTool help specifies user as parameter not name
[KAFKA-15137] - Don't log the entire request in KRaftControllerChannelManager
[KAFKA-15145] - AbstractWorkerSourceTask re-processes records filtered out by SMTs on retriable exceptions
[KAFKA-15149] - Fix not sending UMR and LISR RPCs in dual-write mode when there are new partitions
Artemis 2.30.0
ARTEMIS-4184 - Bridges with concurrency not checked/cleared properly on config reload.
ARTEMIS-4354 - Update the recovery XAResource underlying session.
ARTEMIS-4310 - Smaller Container / Dockerfile based on Alpine.
ARTEMIS-4366 - Addresses with multiple subscriptions are not working with Mirroring.
ARTEMIS-4368 - ensure predictable order of subjects for accurate logging.
ARTEMIS-4365 - MQTT retain flag not set correctly.
ARTEMIS-4364 - Upgrade johnzon version to 1.2.21.
ARTEMIS-4356 - address match with wildcards seems to be broken.
ARTEMIS-4354 - Update the recovery XAResource underlying session.
ARTEMIS-4351 - unnecessary web console logging on impatient jolokia client.
ARTEMIS-4338 - STOMP inoperable w/resource audit logging enabled.
ARTEMIS-4328 - Test can hang indefinitely.
ARTEMIS-4322 - BundleFactory should use PrivilegedAction.
ARTEMIS-4319 - Mitigate NPE in paging log statement.
ARTEMIS-4315 - Incorrect validation for page-limit settings.
ARTEMIS-4095 - OpenWire clients are unable to consume from mutlicast queue after 2nd paging
Zookeeper 3.9.0
ZOOKEEPER-4718 - Removing unnecessary heap memory allocation in serialization can help reduce GC pressure.
ZOOKEEPER-4719 - Use bouncycastle jdk18on instead of jdk15on.
ZOOKEEPER-4717 - Cache serialize data in the request to avoid repeat serialize.
ZOOKEEPER-4674 - C client tests don't pass on CI
ZOOKEEPER-4599 - Upgrade Jetty to avoid CVE-2022-2048.
ZOOKEEPER-4565 - Config watch path get truncated abnormally and fail chroot zookeeper client.
ZOOKEEPER-4549 - ProviderRegistry may be repeatedly initialized.
ZOOKEEPER-4537 - Race between SyncThread and CommitProcessor thread.
ZOOKEEPER-4514 - ClientCnxnSocketNetty throwing NPE.
ZOOKEEPER-4505 - CVE-2020-36518 - Upgrade jackson databind to 2.13.2.1
ZOOKEEPER-4504 - ZKUtil#deleteRecursive causing deadlock in HDFS HA functionality.
ZOOKEEPER-4494 - Fix error message format.
ZOOKEEPER-4492 - Merge readOnly field into ConnectRequest and Response.
ZOOKEEPER-4491 - Adding SSL support to Zktreeutil.
ZOOKEEPER-4477 - Single Kerberos ticket renewal failure can prevent all future renewals since Java 9.
ZOOKEEPER-4475 - Persistent recursive watcher got NodeChildrenChanged event.
ZOOKEEPER-4472 - Support persistent watchers removing individually.
ZOOKEEPER-4393 - Problem to connect to zookeeper in FIPS mode.
ZOOKEEPER-4296 - NullPointerException when ClientCnxnSocketNetty is closed without being opened.
ZOOKEEPER-4289 - Reduce the performance impact of Prometheus metrics.
ZOOKEEPER-4026 - CREATE2 requests embeded in a MULTI request only get a regular CREATE response.
ZOOKEEPER-3806 - TLS - dynamic loading for client trust/key store.
ZOOKEEPER-3860 - Avoid reverse DNS lookup for hostname verification when hostnames are provided in the connection url.
ZOOKEEPER-3652 - Improper synchronization in ClientCnxn.
ZOOKEEPER-2108 - Compilation error in ZkAdaptor.cc with GCC 4.7 or later.
Docker Compose 2.20.2
Bug Fixes and Enhancements:
*Added support for the depends_on.required attribute.
*Fixed an issue where build tries to push unnamed service images.
*Fixed a bug which meant the target secret path on Windows was not checked.
*Fixed a bug resolving build context path for services using extends.file.
Wildfly 29.0.0
New and Notable:
During the WildFly 29 development cycle the WildFly contributors were heavily focused on bug fixing, plus a lot internal housekeeping that needed doing after all the recent work toward Jakarta EE 10. But we do have some new goodies:
Bug Fixes:
[WFLY-8718] - JDBC driver's xa-datasource-class vs. driver-xa-datasource-class-name in the datasources subsystem
[WFLY-11173] - The JPADefinition.DEPLOY_INSTANCE ResourceDefinition is not correct
[WFLY-12019] - Cannot remove a undertow server resource at one time
[WFLY-12631] - Server doesn't start when DNS_PING is configured
[WFLY-14387] - Resource adapters subsystem does not accept expression for wm-security attribute
[WFLY-15358] - PolicyContextTestCase fails once Undertow extension no longer references PicketBox module
[WFLY-15487] - wfly-25 security config missing support for picketbox "auth-module" impl of javax.security.auth.message.module.ClientAuthModule
[WFLY-16013] - Discovery Group can't change from Socket binding to Jgroups cluster.
[WFLY-16042] - WildFly basic tests started to fail on IBM JDK11
[WFLY-16528] - JSFDeploymentProcessorTestCase fails with Faces 4
[WFLY-16722] - ContextServiceImpl.getTransactionSetupProvider returns null when use-transaction-setup-provider=true
[WFLY-17016] - todo-backend QS has outdated Readme instructions
[WFLY-17169] - NPE in JSF BeanValidator.validate
[WFLY-17349] - WebJPATestCase intermittently fails
[WFLY-17563] - Restore *module.xml necessary for manual installation of different jsf implementations
[WFLY-17699] - Elytron security tests fail since IBM JDK (IBM Semeru Runtime Certified Edition 11.0.15.0)
[WFLY-17704] - Broken formatting in the Getting Started Developing Applications Guide
[WFLY-17783] - Intermittent failures in ReactiveMessagingKafkaUserApiTestCase
[WFLY-17790] - Remove the org.jboss.as.test.integration.logging.syslogserver package from testsuite/shared
[WFLY-17899] - Asciidoc errors reported during build
[WFLY-17921] - Add missing org.jboss.vfs to RESTEasy Spring deployments
[WFLY-17939] - Update HostExcludesTestCase configuration to work with WF29
[WFLY-17947] - todo-backend Readme OpenShift instructions results in a non-functional QS app
[WFLY-17948] - todo-backend bootable jar Helm chart needs to be updated
[WFLY-17950] - 28.0.0.SP1 Quickstart READMEs refer to 28.0.0.Final tag
[WFLY-17953] - Do not use the JBoss Modules MavenResolver for resolving dependencies in tess
[WFLY-17957] - EJB timer schedule increment 0 should be considered as single value
[WFLY-17959] - OpenTelemetry is complaining about "java.lang.NoClassDefFoundError: sun/misc/Unsafe"
[WFLY-17960] - LRA causes a failure in the ContextPropagationTestCase
[WFLY-17961] - Spurious Micrometer error on shutdown
[WFLY-17962] - Remove the ResteasyBootstrap listener from being registered in the AbstractRTSService
[WFLY-17967] - MicroProfile LRA layer should depend on MicroProfile Config layer
[WFLY-18002] - ExpirationMetaData.isExpired() test does not conform to logic in LocalScheduler
[WFLY-18011] - Add java.base/java.net package to recommended client side JPMS settings
[WFLY-18012] - The JaxrsIntegrationProcessor should not attempt to get the RESTEasy configuration when not a REST deployment.
[WFLY-18014] - Missing EE API license entries from core; wrong Apache license URLs
[WFLY-18021] - ee-security quickstart produce WFLYCTL0212: Duplicate resource
[WFLY-18023] - @SessionScoped EJBs are replicating proxy placeholders unnecessarily
[WFLY-18024] - CacheIdentity and IdentityContainer instances are replicating unnecessarily
[WFLY-18026] - Configuration applied on ServerAdd shouldn't apply runtime changes on boot for the sub resources
[WFLY-18036] - Marshalling optimizations are not getting applied to @SessionScoped @Stateful EJBs
[WFLY-18038] - JGroups transport thread pool configuration is ignored
[WFLY-18040] - EJB: make deployments share client context if only static interceptors are used
[WFLY-18043] - WildFly BOMs don't build after WFLY-18018
[WFLY-18046] - Quickstart Readme minor inconsistencies
[WFLY-18050] - When provisioning additional feature packs together with wildfly's feature pack, the generated license.html is incorrect
[WFLY-18065] - Distributed @SessionScoped @Stateful EJBs require excessive cache transactions per invocation
[WFLY-18066] - ByteBufferMarshalledValue generates duplicate buffers during a single marshalling operation
[WFLY-18068] - Quickstart archive contains redundant files
[WFLY-18069] - Eliminate unnecessary buffer copy when writing an object with known size via ProtoStream
[WFLY-18077] - Dependencies in the http-custom-mechanism should be provided
[WFLY-18078] - Dependencies in the helloworld-ws quickstart should be provided
[WFLY-18080] - Regular failures of FaultToleranceMicrometerIntegrationTestCase
[WFLY-18081] - Custom appclient container yaml configuration with additional Messaging settings should be allowed
[WFLY-18083] - Upgrade to Hibernate ORM 6.2.4.final release
[WFLY-18084] - Galleon layers for micrometer and opentelemetry are not documented.
[WFLY-18089] - Error creating a remote connector using ssl-context
[WFLY-18090] - Update removed jboss.server.deploy.dir with jboss.server.content.dir
[WFLY-18095] - Using affinity=primary-owner with a local-cache throws a ClassCastException
[WFLY-18115] - Opentelemetry sampler-type cannot be configured correctly
[WFLY-18117] - Messaging deployment descriptor doesn't parse entries correctly
[WFLY-18128] - Incorrect licenses for some artifacts
[WFLY-18134] - Angus Activation and Angus Mail should be private modules
[WFLY-18137] - Concurrency TCK failure
[WFLY-18141] - Several clustering-related modules should be private
[WFLY-18150] - DistributableTimerService.getTimers() collection may omit timers during concurrent rescheduling process
[WFLY-18155] - Can't build BOMs after switching Jakarta Faces implementation in WildFly
[WFLY-18157] - Add Jakarta Faces API dep back to BOM
[WFLY-18158] - Oracle JDBC driver deployed as deployment needs dependency on jdk.security.jgss module
[WFLY-18170] - Fix Faces 4.0 TCK failures
[WFLY-18179] - Undertow configuration=handler/filter resource require redundant runtime steps
[WFLY-18191] - Fix Faces 4.0 TCK failures + errors
[WFLY-18196] - Various minor inconsistencies in QS Readme files
[WFLY-18200] - Upgrade to Hibernate ORM 6.2.6.Final release
[WFLY-18202] - WildFly 26-28 document logo url incorrect
[WFLY-18206] - Typo preventing galleon state from being generated
[WFLY-18208] - BouncyCastleModuleTestCase fails with Security Manager enabled
[WFLY-18213] - asciidoctor-maven-plugin attribute sourceHighlighter should be source-highlighter
[WFLY-18224] - ClassNotFoundException thrown when processing enums with annotations
[WFLY-18230] - Several security subsystem resource require redundant runtime steps
[WFLY-18246] - Upgrade jacoco from 0.8.7 to 0.8.10 and fix coverage reporting configuration
[WFLY-18252] - Fix the Hibernate ElasticSearch tests to work with ElasticSearch 8.8.x
[WFLY-18254] - NullPointerException during rebalance
[WFLY-18256] - Line endings in license file are not changed to unix
Jenkins 2.415
*Replace browser confirm with modal dialogs in many places.
*Add last build status to job page.
*Remove the rebuild plugin from the setup wizard plugin selection.
*Estimate project duration accurately in more cases (regression in 2.407).
*Developer: API for alert, confirm, prompt, modal and form dialogs
*Remove long deprecated hudson.util.IOUtils#DIR_SEPARATOR, hudson.util.IOUtils#DIR_SEPARATOR_WINDOWS, hudson.util.IOUtils#DIR_SEPARATOR_UNIX, hudson.util.IOUtils#LINE_SEPARATOR, hudson.util.IOUtils#LINE_SEPARATOR_WINDOWS, and hudson.util.IOUtils#LINE_SEPARATOR_UNIX which are available from org.apache.commons.io.IOUtils.
Keycloak 22.0.1
Enhancements:
#10503 Revisit Pod-Template in Keycloak CR keycloak operator
#15344 Support configurable custom Identity Providers keycloak
#21626 [REG 21->22] Error messages on kc build keycloak dist/quarkus
Bugs:
#17711 Accessibility/Clients List: Minor Issues keycloak admin/ui
#21607 `keycloakCRName` and `realm` are no longer marked as required in KeycloakRealmImport CRD keycloak operator
#21625 Version 22.0.0 not started in dev mode and build mode keycloak dist/quarkus
#21629 Migration for 22.0.0 is missing from the documentation keycloak docs
#21637 Broken links to quickstarts in documentation keycloak docs
#21657 Account V3 Missing translate Refresh keycloak account/ui
#21698 Keycloak is storing error events even if storing events is disabled keycloak storage
#21733 Fixing broken JSON translation files keycloak admin/ui
Kubernetes 1.27.4
Changes by Kind
Feature:
Bug or Regression:
Node.js 20.5.0
Notable Changes:
[45be29d89f] - doc: add atlowChemi to collaborators
[a316808136] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal
[986b46a567] - fs: add a fast-path for readFileSync utf-8
[0ef73ff6f0] - (SEMVER-MINOR) test_runner: add shards support
Commits:
[eb0aba59b8] - bootstrap: use correct descriptor for Symbol.{dispose,asyncDispose}
[e2d0195dcf] - bootstrap: hide experimental web globals with flag kNoBrowserGlobals
[67a1018389] - build: do not pass target toolchain flags to host toolchain
[7d843bb942] - child_process: use addAbortListener
[4e08160f8c] - child_process: support Symbol.dispose
[ef7728bf36] - deps: update nghttp2 to 1.55.1
[1454f02499] - deps: update nghttp2 to 1.55.0
[fa94debf46] - deps: update minimatch to 9.0.3
[c73cfcc144] - deps: update acorn to 8.10.0
[b7a076a052] - deps: V8: cherry-pick cb00db4dba6c
[150e15536b] - deps: upgrade npm to 9.8.0
[c47b2cbd35] - dgram: socket add asyncDispose
[002ce31cca] - dgram: use addAbortListener
[45be29d89f] - doc: add atlowChemi to collaborators
[69b55d2261] - doc: fix ambiguity in http.md and https.md
[caccb051c7] - doc: clarify transform._transform() callback argument logic
[999ae0c8c3] - doc: fix copy node executable in Windows
[7daefaeb44] - doc: drop <b> of v20 changelog
[dd7ea3e1df] - doc: mention git node release prepare
[cc7809df21] - esm: fix emit deprecation on legacy main resolve
[67b13d1dba] - events: fix bug listenerCount don't compare wrapped listener
[a316808136] - (SEMVER-MINOR) events: allow safely adding listener to abortSignal
[986b46a567] - fs: add a fast-path for readFileSync utf-8
[e4333ac41f] - http2: use addAbortListener
[4a0b66e4f9] - http2: send RST code 8 on AbortController signal
[1295c76fce] - lib: use addAbortListener
[dff6c25a36] - meta: bump actions/checkout from 3.5.2 to 3.5.3
[b5cb69ceaa] - meta: bump step-security/harden-runner from 2.4.0 to 2.4.1
[332e480b46] - meta: bump ossf/scorecard-action from 2.1.3 to 2.2.0
[25c5a0aaee] - meta: bump github/codeql-action from 2.3.6 to 2.20.1
[6406f50ab1] - module: add SourceMap.lineLengths
[cfa69bd48c] - net: server add asyncDispose
[ac11264cc5] - net: use addAbortListener
[82d6b13bf6] - permission: add debug log when inserting fs nodes
[f4333b1cdd] - permission: v8.writeHeapSnapshot and process.report
[f691dca6c9] - readline: use addAbortListener
[227e6bd898] - src: pass syscall on fs.readFileSync fail operation
[a9a4b73653] - src: make BaseObject iteration order deterministic
[d99ea4845a] - src: remove kEagerCompile for CompileFunction
[df363d0010] - src: deduplicate X509 getter implementations
[9cf2e1f55b] - src,lib: reducing C++ calls of esm legacy main resolve
[daeb21dde9] - stream: fix deadlock when pipeing to full sink
[5a382d02d6] - stream: use addAbortListener
[6e82077dd4] - test: deflake test-net-throttle
[d378b2c822] - test: move test-net-throttle to parallel
[dfa0aee5bf] - Revert "test: remove test-crypto-keygen flaky designation"
[0ef73ff6f0] - (SEMVER-MINOR) test_runner: add shards support
[e2442bb7ef] - timers: support Symbol.dispose
[4398ade426] - tools: run fetch_deps.py with Python 3
RabbitMQ 3.11.20
Core Server
Bug Fixes:
*Fixed a potential resource leak in at-least-once dead lettering from quorum queues.
CLI Tools
Enhancements:
*A new command, rabbitmqctl deactivate_free_disk_space_monitoring, can be used to (temporarily or permanently) disable
free disk space monitoring on a node.
To re-activate it, use rabbitmqctl activate_free_disk_space_monitoring.
AMQP 1.0 Plugin
Bug Fixes:
*AMQP 1.0 clients that try to publish in a way that results in the message not being routed
anywhere are now notified with a more sensible settlement status.
Prometheus Plugin
Enhancements:
*Prometheus scraping API endpoints now support optional authentication.
*The plugin now filters out values that are undefined or NaN, simply excludingthem from the API endpoint response.Previously, if a metric was not computed for any reason (e.g. free disk space monitor
was disabled on the node), its value could end up being rendered as undefined or NaN,
two values that Prometheus scrapers cannot handle (for numerical types such as gauges).
Management Plugin
Bug Fixes:
*It was not possible to close a table column selection pane on
screens that had little vertical space.
Sonatype Nexus Repository 3.58.1
Bug Fixes:
NEXUS-39766: Docker Subdomain connectors work with nGrok again as expected.
NEXUS-39415: Added logging for and made Rubygems - Generate SHA256 Checksums and Repair - Update attributes for RubyGems tasks configurable via the user interface.
Spring boot 3.1.2
Bug Fixes:
*Native reflection hints missing for nested properties declared in a superclass
*Connecting to Mongo fails with an UnknownHostException when spring.data.mongodb.additional-hosts is configured
*Auto-configured ExemplarSampler bean only backs off when a DefaultExemplarSampler is defined
*OTel Span is missing required attributes #36423
*Auto-configured JacksonJsonpMapper is conditional on an ObjectMapper bean but does not use such a bean
*Application fails to start when @Importing a @ConfigurationProperties class that is eligible for constructor binding
*Only one health group can be exposed using management.endpoint.health.group.xxx.additional-path=server:/newpath when using Jersey
*Mongo auto-configuration fails when username or password properties contains a colon (:) or at-sign (@)
*MockitoPostProcessor doesn't check FactoryBean.OBJECT_TYPE_ATTRIBUTE correctly
*Saml2RelyingPartyRegistrationConfiguration can choose the wrong RelyingPartyRegistration.Builder when using a metadata file with multiple providers
*ConfigurationPropertiesReportEndpoint does not display primitive wrapper types
*ConfigurationPropertyName#equals is not symmetric when element has trailing dashes
*ScheduledTasksEndpoint throws NPE if PeriodicTrigger is used with custom SchedulingConfigurer
*Java system properties can not be applied to RestTemplate HttpClient connection in some cases
*Excluding auto-configuration class that relates to a TemplateAvailabilityProvider causes property binding to fail for native images
*When using Flyway 9.20.0, auto-configuration fails with a NoSuchMethodError due to the removal of Oracle-related methods from FluentConfiguration
*Dependency management for Selenium 4.8.x is incorrect
*Slice test annotations do not include SslAutoConfiguration
*Methods in KafkaConnectionDetails are named inconsistently
Apache Solr 9.3.0
Solr 9.3.0 Release Highlights:
Strimzi 0.36
Main changes since 0.35
This release contains the following new features and improvements:
It also has several notable changes, deprecations, and removals:
This week, read about:
Redis 7.0.12
Upgrade urgency SECURITY: See security fixes below.
Security Fixes:
Bug Fixes:
<count>
Docker compose 2.20.0
Update:
Dependencies upgrade: bump docker/cli-docs-tools to v0.6.0
Dependencies upgrade: bump docker to v24.0.4
Dependencies upgrade: bump buildx to v0.11.1
Bug Fixes and Enhancements:
Introduced the wait command.
Added support of --builder and BUILDX_BUILDER to the build command.
Added support for the attach attribute from the Compose Specification.
Fixed a DryRun mode issue when initializing CLI client.
Fixed a bug with random missing network when a service has more than one.
Fixed the Secrets file permission value to comply with the Compose Specification.
Fixed an issue about no-deps flag not being applied.
Fixed some source code comments.
Fixed a bug when --index is not set select.
Fixed a process leak in the wait e2e test.
Improved some test speeds.
Etcd 3.4.27
etcd server:
Fix corruption check may get a ErrCompacted error when server has just been compacted
Improve Lease put performance for the case that auth is disabled or the user is admin
Fix embed: nil pointer dereference when stopServer
etcdctl v3:
Add optional --bump-revision and --mark-compacted flag to etcdctl snapshot restore operation.
Dependencies:
Compile binaries using go 1.19.10.
Fluentd 1.16.2
Bug Fix:
#4208 in_tail: Fix new watcher is wrongly detached on rotation when follow_inodes, which causes stopping tailing the file
#4237 in_tail: Prevent wrongly unwatching when follow_inodes, which causes log duplication
#4214 in_tail: Fix warning log about overwriting entry when follow_inodes
#4239 in_tail: Ensure to discard TailWatcher with missing target when follow_inodes
#4178 MessagePackFactory: Make sure to reset local unpacker to prevent received broken data from affecting other receiving data
#4188 Fix failure to launch Fluentd on Windows when the log path isn't specified in the command line
#4229 logger: Prevent growing cache size of ignore_same_log_interval unlimitedly
#4225 Update sigdump to 0.2.5 to fix wrong value of object counts
Misc:
#4191 in_tail: Check detaching inode when follow_inodes
#4228 in_tail: Add debug log for pos file compaction
#4201 #4210 Code improvements detected by RuboCop Performance
#4159 Add notice for unused argument unpacker of ChunkMessagePackEventStreamer.each
Grafana 10.0.2
Features and Enhancements:
Bug Fixes:
Plugin Development Fixes & Changes:
Keycloak 22.0.0
New Features:
#8750 Require user to agree to 'terms and conditions' during registration keycloak
#11089 Securing credentials/passwords not possible with Quarkus distribution keycloak dist/quarkus
#11632 Enable Horizontal Pod Autoscaling for Keycloak deployed with the new Operator keycloak
#15101 Support OpenJDK 19 keycloak
#15910 Hostname debug tool keycloak dist/quarkus
#17252 Add Keycloak Keystore Vault implementation keycloak dist/quarkus
#17659 Claim to User Session Note Idp Mapper keycloak oidc
#19650 Supporting reference access/refresh tokens keycloak
#19968 Allow changing admin console logo and favicon from theme.properties keycloak
#20016 Group attribute query is missing QueryParams in java admin client keycloak admin/client-java
#20262 SSSD integration in Quarkus distribution keycloak
#20625 Add support to the Operator for setting default labels on Keycloak pods keycloak operator
#21254 Support for JWE IDToken and UserInfo tokens in OIDC brokers keycloak identity-brokering
Enhancements:
#356 Update QuickStarts documentation to Quarkus distribution keycloak-quickstarts
#357 Re-enable test that where disabled when updating test for the Quarkus dist keycloak-quickstarts
#407 Nashorn dependency no longer needed in quickstarts keycloak-quickstarts
#412 Doublecheck "provider" quickstarts with quarkus3 based Keycloak distribution keycloak-quickstarts
#416 user-storage-* provider quickstarts keycloak-quickstarts
#417 Event listener sysout quickstart keycloak-quickstarts
#421 Event store mem quickstart keycloak-quickstarts
#428 Extend-account-console quickstart keycloak-quickstarts
#436 Remove keycloak-remote profile keycloak-quickstarts
#1791 Clarification on user registration and identity brokering keycloak-documentation
#8753 Reset Credentials Flow does not delete existing OTP keycloak authentication
#9075 Remove any unnecessary dependency from distribution keycloak dist/quarkus
#9434 OTP base32 decode improvements keycloak
#10285 Expose deployment errors in the status field of Keycloak CR keycloak operator
#10562 Support multiple KC instances in a single namespace keycloak operator
#10736 Use SchemaSwap instead of shell script for Realm CRD generatio keycloak operator
#10911 Use Quarkus JOSDK to generate CSV for OLM in the operator keycloak operator
#11561 Non ASCII characters in TOTP secret not supported in 2FA configurations keycloak authentication
#11759 Add support to indicate desired locale on init func with onLoad: 'login-required' options keycloak adapter/javascript
#12593 Add a name to the keycloak port in the service keycloak
#13074 Operator CRD status incompatible with kstatus keycloak operator
#14747 Addition of Custom User Attribute Filter to Users API Count Endpoint keycloak
#15003 Enable IPv6 dualstack support by default keycloak dist/quarkus
#15044 Clean `RealmProvider` from methods from other areas keycloak storage
#15046 Remove methods for old default roles approach keycloak storage
#15136 Back to Application link should be client specific with the UPDATE_EMAIL feature keycloak
#15344 Support configurable custom Identity Providers keycloak
#15434 Customize log messages for user storage LDAP configuration in KC shown in admin UI keycloak
#15454 Update migration guide with the changes that need to be done for developers using JAX-RS in their extensions keycloak
#15490 Update Datastore provider to contain full data model keycloak storage
#15789 "Failed to add user 'admin' ..." should not be an ERROR keycloak dist/quarkus
#15947 support parameters like "uri" and "matchingUri" in the UMA grant token endpoint keycloak
#16535 Group Attribute Search Erroneously returns when searching for nested group keycloak storage
#16800 Operator Support for missing leading slash and present trailing slash in `http-relative-path` keycloak operator
#16849 Add "Enable new user after creation" option for Active Directory keycloak
#16902 Refine the set of RPMs included in the keycloak container image keycloak dist/quarkus
#16967 Minimize the RPM content of the Operator container keycloak operator
#16977 CRDB optimization: Optimize selects targeting the primary key or unique keys keycloak storage
#17470 security enhancement : representation of admin events & credentials keycloak
#17484 Migrate realms if configured to use RH-SSO themes keycloak
#19792 Javascript example not printing errors keycloak docs
#19924 Allow pre-filled GitHub issue forms via links from docs keycloak docs
#19959 Add missing Spanish translations for login keycloak translations
#19965 Add `lang` attribute to HTML tag of UIs keycloak account/ui
#19990 Only add Access properties on groups, if the fine grain feature is on keycloak
#20067 Upgrading to Infinispan 14.0.8 keycloak
#20191 Conditional login through identity provider keycloak
#20200 account console v3 theme.properties customizations keycloak
#20216 Correct formatting in Server Developer guide keycloak
#20250 Adhere to HTML standard when using `ul`-element keycloak
#20263 SSSD documentation updated for quarkus distribution keycloak
#20265 SSSD testing with GH actions keycloak
#20303 UserPropertyMapper generated exceptions on mapping keycloak
#20305 Upgrade JNA library keycloak
#20386 Client executor for reject implicit grant when enabled for clients keycloak oidc
#20388 Upgrade owasp html sanitizer to newest version keycloak
#20469 Look ahead window setting in OTP policy is not accurate keycloak admin/ui
#20486 Enable `simple-cache` for `local-cache` keycloak
#20496 Move openshift client integration to separate extension keycloak core
#20497 Move http-challenge authentication flow and the related authenticators to the extension keycloak authentication
#20548 Also run Cypress tests on Firefox keycloak testsuite
#20576 Allow custom annotation in Ingress keycloak
#20582 Show warning message when overriding build options during starts keycloak
#20623 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in PAR request keycloak
#20674 Increase the length of password hash iterations password-policy input in admin ui keycloak admin/ui
#20689 Removing unnecessary message from main command help text keycloak
#20710 FAPI 2.0 security profile - not allow an authorization request whose parameters were not included in Request Object pushed to PAR request keycloak
#20773 Add Hardcoded Group mapper to Identify Provider configuration keycloak
#20783 Ability for users to view credentials without manage user permissions keycloak admin/api
#20791 Update docs (and maybe tooltips) for timeout changes keycloak docs
#20817 Improve start page on the account ui keycloak account/ui
#20994 Update securing_applications guide for latest adapter changes (community) keycloak docs
#21064 Allow any JGroups stack with --cache-stack keycloak
#21163 Support for the `locale` user attribute keycloak
#21167 Add missing Polish translations keycloak translations
#21176 Remove adapters from product documentation keycloak docs
#21272 Upgrade to Quarkus 3.2.0.Final keycloak
#21283 Add `iat` claim to JWT that is passed to CIBA HttpAuthenticationChannel keycloak
#21476 When essential claim check fails the error message should provide detailed information keycloak
#21493 Enable publishNotReadyAddresses for discovery service keycloak
Bugs:
#369 Quickstarts for action-token-authenticator / action-token-required-action not working keycloak-quickstarts
#409 Legacy quickstart tests are failing since quarkus3 upgrade keycloak-quickstarts
#437 Tests does not work on OpenJDK 17 for quickstarts keycloak-quickstarts
#9299 Refresh token with offline_access scope affected by session idle/session max keycloak oidc
#9313 LDAPS Bind test fails with SSLHandshakeException while LDAP connection test works keycloak ldap
#10110 Unable to add more than 6 acceptable AAGUIDs for WebAuthn keycloak authentication/webauthn
#10195 User search with LDAP federation not consistent keycloak ldap
#11079 SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata keycloak saml
#11728 SSSD Federation fails with NPE after upgrade keycloak authentication
#11990 Negative refresh token expiration (exp timestamp in the past) keycloak oidc
#12012 KEYCLOAK-17116 Copy of Browser Flow overrides an original one keycloak authentication
#12018 Trust Store hostname-verification-policy=ANY seems to be ignored keycloak docs
#12720 Clearify the use of `db-url-properties` keycloak docs
#12745 [keycloak-js] multiple init call with onload option as check-sso cause redirects keycloak adapter/javascript
#12939 importing bin/kc.[sh|bat] import --file doesn't work when using external database keycloak dist/quarkus
#13542 MigrationTest for KC 17 failures in the pipeline keycloak testsuite
#13543 RecoveryAuthnCodesAuthenticatorTest failures in the pipeline keycloak testsuite
#13922 Switching Locale after Completing an admin triggered required action yields an error keycloak authentication
#14441 Client-secret with special character (+) for authorization is failing in 19.0.2 keycloak oidc
#14617 ID token is not including roles keycloak oidc
#14851 Realm update fails when realm has many Identity Providers configured and saves rep. with Admin Events keycloak admin/api
#14854 Client session lifespan doesn't consider user session lifespan keycloak authentication
#15337 User Session Note Mapper no longer adds IMPERSONATOR_USERNAME as SAML attribute keycloak saml
#15536 Able to modify built-in flow keycloak admin/api
#15782 Unable to perform export when server was started with new storage keycloak dist/quarkus
#15845 Realm localization: Inconsistent message resolving regarding language fallbacks for different themes keycloak core
#15853 Incorrect Signature algorithms presented by Client Authenticator keycloak oidc
#15898 Keycloak Export only accept H2 datase-URL (Datasource: URL format error; must be jdbc:h2 ... but is jdbc:mariadb: ...) keycloak dist/quarkus
#16165 SSSD User Federation dissapeared in 20.0.1/20.0.2 keycloak authentication
#16166 Set OpenShift as a "Social Identity Provider" cannot work keycloak identity-brokering
#16321 Single client export bug keycloak docs
#16507 Hibernate 6 upgrade: Warning SqmDynamicInstantiation about dynamic Map instantiation keycloak storage
#16551 Quarkus 3: RealmModelTest.testRealmLocalizationTexts fails keycloak testsuite
#16577 Setting user password and entering "password confirmation" first leads to blocking of "save" keycloak admin/ui
#16613 Impossible to update a federated user credential label keycloak admin/api
#16833 Update documentation around `View all users` behavior in the new admin console keycloak docs
#16992 upgrading from v18.0.2 to 19.0.3 or 20.0.3 fails with ERROR duplicate key value violates unique constraint "constraint_3c" keycloak core
#17130 Theme & Provider folder empty in KeyCloak 20.0.3 keycloak docs
#17288 New Referrer-policy breaks cross-origin SP<->IdP (KC) keycloak saml
#17294 Make LDAP `searchForUsersStream` consistent with other storages keycloak storage
#17304 javax.net.ssl.SSLException exceptions because org.keycloak.adapters.HttpClientBuilder ignores connectionTTL setting keycloak oidc
#17312 Error updating old version (Keycloak 8) to Keycloak 20. NPE thrown due the realm.getDefaultRole() keycloak core
#17377 Error: realms.removeSession wrong generic type keycloak admin/client-js
#17388 Incorrect Url on Keycloak Health - Liveness and Readiness, no Startup Probes keycloak operator
#17581 `JpaUserProvider` count methods are inconsistent with `searchForUser`'s param filter handling keycloak storage
#19096 Memory issue with PathCache when running the traffic keycloak authorization-services
#19136 Report an issue link points to Jira instead of GHI keycloak docs
#19155 Priority not sent to server when adding new RSA key provider keycloak admin/ui
#19156 Server Deployment documentation is not updated to Quarkus keycloak docs
#19193 Slow Query Caused By Composite Indexes Order On Broker Link Table keycloak storage
#19257 User ID is ignored in partial import keycloak import-export
#19323 Hibernate 6: Entity in Key not returned when querying keycloak storage
#19368 Facebook identity provider not working keycloak identity-brokering
#19485 SignatureProvider not showing up in the Default Signature Algorithm list keycloak admin/ui
#19530 Custom ResetCredentialEmail does not work after upgrade to Keycloak 21 keycloak core
#19575 Account Console II doesn't remove TOTP from UserStorage keycloak account/api
#19596 A way to override internal SPI after KC 21 keycloak core
#19638 Custom User Storage Provider doesn't look up users after saving changes keycloak admin/ui
#19675 Gzip cache is only invalidated upon Keycloak version changes keycloak core
#19677 AlreadyLoggedIn when impersonating a user in a SAML client keycloak core
#19725 Operator restarts occasionally result in recreation of managed keycloak Statefulset Pods keycloak operator
#19746 Email settings erased after any change on realm settings keycloak admin/ui
#19763 Documentation for User Storage Spi is incorrect keycloak storage
#19777 Custom providers are not loaded properly in KC21 keycloak core
#19805 Custom SignatureProviderFactory is not working as expected after Keycloak 21 upgrade keycloak core
#19814 Testsuite must rely on IDs from Keycloak keycloak testsuite
#19818 Support for realm-less entities in login failures keycloak storage
#19844 NPE when updating a subflow in an authentication flow keycloak admin/api
#19849 Incorrect HTTP status reported when DNS resolver is not available (and DB connection unavailable due to that) keycloak core
#19852 Admin UI does not respect default values for custom authenticator configurations keycloak admin/ui
#19897 Create a Client Policy on realm with client-roles or client-scopes condition raises an expection on the Client details keycloak admin/ui
#19932 Test app is not functioning - https://www.keycloak.org/app/ keycloak docs
#19933 Account v3 - account console link redirect to master realm keycloak account/ui
#19942 New Flow created for Post Login Flow IDP not mark "Used by" at Flows keycloak admin/ui
#19950 Logout redirect URL truncated since v20 keycloak oidc
#19957 User search with more than two keywords returns empty list keycloak storage
#19982 Default Roles show all roles if "Hide inherited roles" is not checked keycloak admin/ui
#20007 Conditional user attribute authenticator does not match the joined groups keycloak oidc
#20009 authenticator javaScript Provider always failed the login, user context is lost and break the login keycloak core
#20013 Flaky test: org.keycloak.testsuite.adapter.servlet.OfflineServletsAdapterTest#testServlet keycloak ci
#20020 Cannot find @Generated annotation for ServicesLogger keycloak dependencies
#20070 Update passthrough behavior and docs keycloak dist/quarkus
#20077 Conditionally build WildFly adapters for our testsuite keycloak testsuite
#20085 Custom theme - url.resourcesCommonPath references wrong theme keycloak admin/api
#20097 FederatedUserLink always points to LDAP keycloak admin/ui
#20101 Duplicated serverPrincipal property in LDAPStorageProviderFactory keycloak storage
#20105 Unable to template emails in EventListenerProvider (No realm in provided KeycloakSession) keycloak authentication
#20119 Support for non-XA databases keycloak storage
#20182 User defined message bundles do not apply correctly to Admin Console keycloak admin/ui
#20194 Valid redirect URI & web origin input fields display when "Standard flow" is disabled keycloak admin/ui
#20202 Flaky test: org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testLazyClientSessionStatsFetching keycloak ci
#20259 Failing ExternalLinks tests for old Keycloak JIRA Links keycloak docs
#20261 Quarkus 3 build properties break product build keycloak dist/quarkus
#20269 Flaky test: org.keycloak.testsuite.model.infinispan.CacheExpirationTest#testCacheExpiration keycloak ci
#20304 When choosing resources in scope-based permission, multiple resource can be selected but only one will be visable keycloak admin/ui
#20329 Additional Provider Info only shows at end of list not below provider keycloak admin/ui
#20331 Keycloak-js crasher: Missing null checks. Websites that have inline scripts without a src attribute as src attributes are not required. keycloak adapter/javascript
#20332 Error 500 after signin to admin console: NullPointerException keycloak core
#20349 WebAuthn test fails in the GHA keycloak testsuite
#20372 keycloak-js-admin-client and keycloak-js-adapter do not build when a maven proxy is configured keycloak
#20384 Fix User Federation tests after Q3 upgrade keycloak testsuite
#20385 Servlet tests for JBoss-based adapters with TLS are broken keycloak testsuite
#20387 Productization issue related to JNA upgrade keycloak dependencies
#20401 SAML error not shown to user keycloak admin/ui
#20426 ClientScope changes don't invalidate the realm cache keycloak storage
#20433 Administration / Keycloak Admin REST API documentation can no longer be generated keycloak docs
#20443 Avoid NPE while fetching offline sessions keycloak storage
#20459 Changing the email address has no impact at username regardless "Email as username" toggle keycloak user-profile
#20481 Fix tests related to file storage keycloak testsuite
#20489 Admin UI - unable to load user's groups when large number of groups defined for the realm keycloak admin/ui
#20498 When user federation is enabled, admin console user search doesn't show search field keycloak admin/ui
#20503 Enabled User Event Types not visible when "Save events" disabled. keycloak admin/ui
#20506 User events settings - "Save events" toggle doesn't always activate Save button. keycloak admin/ui
#20510 Ensure proper escaping for LDAP keycloak storage
#20534 For versions > 18.x.x client mapper is not able to override "name" for OpenID tokens keycloak oidc
#20536 [Declarative User Profile] Optional attributes become required keycloak admin/ui
#20540 `register-node-at-startup` in EAP Client Adapter eventually causes "java.lang.OutOfMemoryError: unable to create native thread keycloak adapter/jee
#20541 Identity providers initialization has to use models keycloak storage
#20550 Update example custom cache configuration for v>21 keycloak docs
#20564 keycloak-admin-client does not url-encode client id and secret for basic auth as defined in RFC6749 keycloak admin/client-js
#20599 Introduced additional dependencies in the testsuite keycloak testsuite
#20615 Moving a group to root loses all its members keycloak admin/ui
#20622 FAPI 2.0 security profile - Reject Implicit Grant executor does not return an appropriate error keycloak oidc
#20635 Add back examples for Kubernetes and Openshift to the quickstarts keycloak core
#20656 Reset password does not show option to sign out from other devices keycloak authentication
#20670 Could not process response from SAML identity provider because "this.text" is null keycloak identity-brokering
#20671 Userinfo endpoint doesn't accept charset keycloak oidc
#20673 Missing SAML Allow ECP Flow option keycloak admin/ui
#20694 Selecting one mapper and switch page select them all keycloak admin/ui
#20700 REST API Documentation ref wrong keycloak docs
#20703 Realm export performance heavily depends on the amount of users per file keycloak import-export
#20723 Keycloak deployed via new keycloak-operator triggers OpenShift alert `IngressWithoutClassName` keycloak operator
#20725 Denial of Service/100% CPU usage: CRLUtils in infinite loop if more than one CRL list is used from different CAs keycloak core
#20732 Keycloak erases form data on validation when `login_hint` is present keycloak account/ui
#20757 SEND_RESET_PASSWORD event is not stored keycloak admin/api
#20782 Mappers tab is not reachable on identity provider settings keycloak admin/ui
#20831 Webauthn signature algorithms are improperly encoded as strings keycloak authentication/webauthn
#20835 There is no server side pagination for sessions keycloak admin/ui
#20847 Private key JWT authentication no longer works on Keycloak 21 keycloak authentication
#20851 Empty shortVerificationUri not the same with default (null) value keycloak authentication
#20855 Session cross-reference / transaction mismatch keycloak core
#20878 Emails with non-ascii characters are not allowed since v21.0.0 keycloak user-profile
#20888 Flaky test: org.keycloak.operator.testsuite.integration.ClusteringTest#testKeycloakScaleAsExpected keycloak operator
#20895 Keycloak's default http client doesn't check HTTP response code keycloak core
#20920 keycloak-server from testsuite won't start keycloak testsuite
#20947 Partial Import is not working for resource Type in keycloak 21.1.1 keycloak import-export
#20951 Jump links render wrong on small screens keycloak admin/ui
#20954 Performance degradation when upgrading from RHSSO 7.6 to KC22 caused by TLSv1.3 processing keycloak dist/quarkus
#20974 Avoid loading classes and resources from new store if legacy is enabled keycloak storage
#20977 NPE when shutting down JPA after a failed initialization keycloak storage
#20978 processGrantRequest in TokenEndPoint uses new TokenManager instead of this.tokenMananager keycloak oidc
#21045 Custom User Storage Provider gets disabled when saved keycloak admin/ui
#21047 Role details not visible unless the user has "View Realm" enabled keycloak admin/ui
#21095 Group list isn't filtered based on permission like user lists keycloak
#21106 Service Account Impersonation fails and results in weird browser state keycloak core
#21120 Client scopes mapping not available for users with "view-clients" and "query-clients" keycloak admin/ui
#21234 custom user storage provider update in admin-ui disables it, and stores value “t” as enabled keycloak admin/ui
#21242 GroupResource POST /children cannot update existing subgroups keycloak admin/api
#21263 Broken Links / Redirects Issues in Docs - 2023-06-27 keycloak docs
#21290 UserSessionConcurrencyTest#testConcurrentNotesChange fails intermittently keycloak testsuite
#21295 UserSessionProviderModelTest#testRemoteCachesParallel sessions are not removed after the test keycloak testsuite
#21300 Keycloak Docs for Native App Redirect URI Should Recommend the IP literal keycloak docs
#21307 3rd party check in iframe not working anymore in safari and keycloak 21.1.2 keycloak oidc
#21317 [docs] External Links Errors - saml.xml.org http -> https redirect keycloak docs
#21349 List of tested database in docs doesn't match pom.xml keycloak docs
#21358 NPE in Edit Identity Provider Mapper on second Save keycloak admin/ui
#21394 SSSD users with capitals in the email cannot login to keycloak keycloak core
#21412 JavascriptAdapterTest is broken due to the multiple initialization of JS adapter keycloak testsuite
#21427 Nexus staging plugin failing after Java 11 deprecation keycloak ci
#21451 Cookie error on second browser tab keycloak core
#21456 Quarkus 3.2 changed the property for quarkus.transaction-manager.object-store-directory keycloak dist/quarkus
#21491 Wrong message for sync actions on LDAP role mapper keycloak admin/ui
AMQP 1.0 Plugin
Bug Fixes:
Prometheus Plugin
Enhancements:
Management Plugin:
Bug Fixes:
STOMP Plugin
Bug Fixes:
stomp.max_frame_size = 10485760
# 2 MiB
stomp.max_frame_size = 2097152
Shovel Plugin
Bug Fixes:
Web MQTT Plugin
Enhacements:
web_mqtt.use_file_handle_cache = false
Web STOMP Plugin
Enhacements:
web_stomp.use_file_handle_cache = false
Ansible AWX 22.5.0
What's Changed:
This week, read about:
CVEs for monitoring and pending vendor updates:
FIX: Update Jetty for fixing CVE-2023-26048 and CVE-2023-26049.
Angular 16.1.4
Fix: use setTimeout when coalescing tasks in Node.js
Fix: allow for downgraded components to work with component-router
Apache Tomcat 10.1.11
Catalina:
Add: Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information environment entries.
Add: Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping from a properties file.
Fix: Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately crafted to allow it even when allowLinking was set to false.
Update: Add utlity config file resource lookup on Context to allow looking up resources from the webapp (prefixed with webapp:) and make the resource lookup API more visible.
Fix: Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan.
Fix: Make parsing of ExtendedAccessLogValve patterns more robust.
Coyote:
Fix: 66627: Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather than reflecting the most recent conversion.
Fix: 66635: Correct certificate logging on start-up so it differentiates between keystore based keys/certificates and PEM file based keys/certificates and logs the relevant information for each.
Fix: Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from the Poller to be missed resuting in a timeout rather than the expected read or write.
Fix: Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait.
WebSocket:
Fix: Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown.
Fix: Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before the onClose() event had been completed.
Web Applications:
Add: Documentation. Expand the security guidance to cover the embedded use case and add notes on the uses made of the java.io.tmpdir system property.
Fix: 66662: Documentation. Fix a typo in the name of the algorithms attribute in the configuration section for the Digest authentication valve. Pull request #629 provided by gohilmca.
Jenkins 2.413
Fix: Update appearance of buttons for password and secretTextarea matching 'jenkinsbutton's.
Fix: Display a notice in the log manager page when no logs are available.
Fix: Restore missing build history for external jobs (regression in 2.409).
Node.js 20.4.0
Notable Changes:
Mock Timers:
Support to the explicit resource management proposal:
Other Notable Changes:
PHP Interpeter 8.2.8
CLI:
Core:
Curl:
Date:
DOM:
Opcache:
OpenSSL:
PCRE:
PGSQL:
Phar:
SPL:
Standard:
SQLite3:
Sonatype Nexus Repository 3.57.0
Bug Fixes:
NEXUS-24088:You can now properly remove an S3 blob store from a group even when it references an S3 bucket that is no longer accessible; such blob stores no longer cause UI errors.
NEXUS-24726: You can now search for components with an empty group or npm.scope.
NEXUS-27710: Fixed errors that were sporadically preventing startup in some cases due to a corrupted org.apache.karaf.features.cfg file.
NEXUS-29638: Downloading a pom.xml that uses unicode characters no longer fails due to calling getBytes
without using UTF8.
NEXUS-31461: Searching for Maven versions now returns versions in alpha-numeric order as expected.
NEXUS-31492: Raw proxy URL no longer encodes special characters for outbound requests.
NEXUS-35917: The Repair - Reconcile component database from blob store task with only Integrity Check option selected now removes stale objects from S3 blob stores as expected.
NEXUS-36599: Browse privileges are no longer required to execute a NuGet search; only Read is needed.
NEXUS-38662: Deleting large repositories is no longer impeded by errors where Sonatype Nexus Repository looks for repository_blobstore
in the component database.
NEXUS-38791: Running a search for Maven assets in an HA environment now returns the versions in descending order.
NEXUS-3885: npm exports no longer skip assets with an application/x-tgz
content type.
NEXUS-39169: The permissions required for the search API are now consistent between HA and non-HA environments. Searching a group repository from the API only requires the user to have read permissions for the group.
Gitlab 16.1.2
Fixed (4 changes):
Set a min-height for wiki list items <
Fix GitHub Importer
Fix Bitbucket Cloud Importer <
Fix CSP is set in Environment page incorrectly
Security (1 change):
Add authorization to the subscriptions group controller (merge request)
This week, read about:
Keycloak 21.1.2
Enhancements:
#20613 Avoid using user property mapper when resolving root user attributes keycloak
Bugs:
#17165 Issue with "User-Initiated Action Lifespan" keycloak admin/ui
#19080 Vulnerable packages and or dependencies found in keycloak 21.0.1 quarkus distribution keycloak dist/quarkus
#19286 CVE-2022-1471 keycloak dependencies
#19491 Cannot set initial password for new users when using a custom UserFederation keycloak
#19689 SAML Encryption: Missing Support for http://www.w3.org/2009/xmlenc11#rsa-oaep keycloak saml
#19835 Keycloak issues on edge and after chrome upgarde to 112 (with experimental features) keycloak oidc
#19865 Enabling Dynamic Scope missing in UI keycloak admin/ui
#19879 Incorrect function is used in 'keycloak-admin-client' library in getToken function keycloak adapter/javascript
#19883 Saving client admin-cli in master realm gives a javascript error keycloak admin/ui
#19966 Paginating on the group tree view doesn't work keycloak admin/ui
#19974 Dropdown options on Documentation pointing to 21.1 endpoint instead of latest and throwing 404 when clicking on it. keycloak docs
#19981 Keycloak 21.1.1: Paging and filtering not working in "Assign roles" popup for Groups keycloak admin/ui
#19999 Keycloak 21.1.1: filter on Sessions gets stuck keycloak admin/ui
#20032 Processing of env variable references in config file broken keycloak dist/quarkus
#20068 LDAP Mapper Action Menu Error keycloak admin/ui
#20087 Event-Type: "User info request error" does not work keycloak admin/ui
#20096 Create new user UI: username is not marked with an asterisk keycloak admin/ui
#20140 role filter has no effect on roles list keycloak admin/ui
#20143 required fields don't show errors when user profile is enabled keycloak account/ui
#20258 OTP devices are not shown in the admin UI keycloak admin/ui
#20307 Test `InternationalizationTest` fails in CI keycloak testsuite
#20370 Deleting a client scope in the Admin UI should redirect to the list of ClientScopes keycloak admin/ui
#20379 SAML Protocol Mapper's NameIDFormat is null keycloak admin/ui
#20515 Headers is not defined keycloak admin/client-js
#20663 Fix for certificate revalidation keycloak
Gitlab 16.1.1
Security (12 changes):
Angular 16.1.3
Fix - expose input transform function on ComponentFactory and ComponentMirror
Fix - support input transform functions
Fix – wait until animation completion before destroying renderer
ActiveMQ 5.18.2
Bugs:
[AMQ-9233] - NPE in SubQueueSelectorCacheBroker.removeConsumer
[AMQ-9242] - activemq-partition module should not have a compile time dependency on log4j-slf4j2-impl
[AMQ-9254] - KahaDB minor fix when db files may be larger than max length
[AMQ-9262] - Composite consumers do not work properly with a network of brokers
[AMQ-9283] - Memory leak on stomp transport when a client unsubscribe
[AMQ-9285] - User is informed to inspect missing log4j.properties file during start-up
New Feature
[AMQ-8149] - Create Docker Image
Improvements:
[AMQ-9243] - Remove deprecated jetty-continuation module from activemq-web
[AMQ-9257] - Disabled expire message checking when pauseDispatch=true
Tasks:
[AMQ-8150] - Support multiple OS and JDK docker image combinations
[AMQ-9260] - Upgrade to maven-assembly-plugin 3.6.0
[AMQ-9261] - Upgrade to maven-enforcer-plugin 3.3.0
[AMQ-9263] - Upgrade to maven-compiler-plugin 3.11.0
[AMQ-9264] - Upgrade to maven-javadoc-plugin 3.5.0
[AMQ-9265] - Upgrade to maven-plugin-plugin 3.9.0
[AMQ-9266] - Upgrade to maven-project-info-reports-plugin 3.4.5
[AMQ-9267] - Upgrade to maven-release-plugin 3.0.1
[AMQ-9268] - Upgrade to maven-source-plugin 3.3.0
[AMQ-9269] - Upgrade to maven-surefire-plugin 3.1.2
[AMQ-9270] - Upgrade to build-helper-maven-plugin 3.4.0
[AMQ-9271] - Upgrade to dependency-check-maven 8.2.1
[AMQ-9273] - Upgrade to maven-shade-plugin 3.4.1
Dependency Upgrades:
[AMQ-9245] - Upgrade to Spring 5.3.27
[AMQ-9246] - Upgrade to jettison 1.5.4
[AMQ-9272] - Upgrade to xbean 4.23
[AMQ-9274] - Upgrade to jackson 2.15.2
[AMQ-9275] - Upgrade to rome 2.1.0
[AMQ-9276] - Upgrade to commons-daemon 1.3.4
[AMQ-9280] - Upgrade to commons-io 2.13.0
[AMQ-9284] - Update to Proton-J 0.34.1 and Qpid JMS 1.9.0
[AMQ-9286] - Upgrade to Apache POM 30
Docker Compose Engine 2.19.1
Update:
Bug Fixes and Enhancements:
compose up
.compose build
.watch
configuration.Elasticsearch 8.8.2
Bug Fixes
Aggregations:
Health:
Ingest Node:
Machine Learning:
SQL:
Search:
TSDB:
Enhancements:
TSDB:
Transform:
Jenkins 2.412
*Improve CSP compatibility.
*Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files.
*Improve CSP compatibility by removing inline JS event handlers.
*Use CSS variables for logger colours.
Kibana 8.8.2
Bug Fixes:
APM:
Dashboard:
Elastic Security:
Enterprise Search:
Fleet:
Logs:
Machine Learning:
Maps:
Monitoring:
Observability:
Platform:
Uptime:
Logstash 8.8.2
Plugins:
Translate Filter - 3.4.2:
Aws Integration - 7.1.4:
use_aws_bundled_ca
to use bundled ca certs per plugin level instead of global #33use_aws_bundled_ca
to use bundled ca certs that ships with AWS SDK to verify SSL peer certificates #32Jdbc Integration - 5.4.4:
Rabbitmq Integration - 7.3.3:
Csv Output - 3.0.9:
Elasticsearch Output - 11.15.8:
This week, read about:
Node.js
The following CVEs are fixed in this release:
CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
CVE-2023-30584: Path Traversal Bypass in Experimental Permission Model (High)
CVE-2023-30587: Bypass of Experimental Permission Model via Node.js Inspector (High)
CVE-2023-30582: Inadequate Permission Model Allows Unauthorized File Watching (Medium)
CVE-2023-30583: Bypass of Experimental Permission Model via fs.openAsBlob() (Medium)
CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
CVE-2023-30586: Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium)
CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
OpenSSL Security Releases:
OpenSSL security advisory 28th March.
OpenSSL security advisory 20th April.
OpenSSL security advisory 30th May.
Gitlab 16.0.1
Security (23 changes):
*Fixes typo on project error tracking spec
*Fixes typo on rake tasks documentation
*Fixes typo on Ci::JobArtifact model
*Use recently renamed PathTraversal instead of Utils.check_path_traversal (merge request)
*Fix XSS in Abuse Reports form action (merge request)
*Import source owners with maintainer access if importer is a maintainer (merge request)
*Set IP in ActionContoller filter before IP enforcement is evaluated (merge request)
*Improve ambiguous_ref? logic to include heads and tags (merge request)
*Check for register_project_runners permission at service level (merge request)
*Reject NPM metadata requests with invalid package_name (merge request)
*Filter inaccessible issuable notes when exporting project (merge request)
*Escape the source branch link correctly (merge request)
*Ignore user-defined diff paths in diff notes (merge request)
*Block tag names that are prepended with refs/tags/, due to conflicts (merge request)
*Resolve Overall Project Vulnerability Disclosure (merge request)
*Fix DoS (zip bomb) on test report artifacts (merge request)
*Use UntrustedRegexp to protect FrontMatter filter (merge request)
*Use UntrustedRegexp to protect InlineDiff filter (merge request)
*Use UntrustedRegexp to protect MathFilter regex (merge request)
*Validate description bytesize in labels (merge request)
*Prevent primary email returned as verified on unsaved change (merge request)
*Fix arbitary file read via filename param (merge request)
*Add temp flag to prevent inserting unapproved content (merge request) GitLab Enterprise Edition
Angular 16.1.2
Fix - Send query params on fetch request (#50740)
Fix - use serializeBody to support JSON payload in FetchBackend
Apache Camel 3.20.6
Bug Fixes (13):
CAMEL-19452 - camel-jbang - Run with --open-api does not show log in console
CAMEL-19443- camel-kamelet - Route templates should use route configured error handler
CAMEL-19432 - camel-azure-eventhubs: Providing a custom EventHubProducerAsyncClient has no effect
CAMEL-19426 - Spring-WS syntaxt and path properties inconsistency
CAMEL-19421- Camel-Jira: Use Files.createTempFile in FileConverter instead of creating File directly
CAMEL-19415 - camel-stax: using xtokenize might be NPE on xml default namespace
CAMEL-19401 - Typo in kafka image name in ContainerLocalKafkaService
CAMEL-19399 - camel-cxf - Prevent storing invalid entry in Converter cache on error
CAMEL-19393 - camel-kafka - Configuring kafka option should no longer all be string types
CAMEL-19387 - camel-kafka - Cannot set custom azure credential provider
CAMEL-19383 - camel-jslt: allowTemplateFromHeader ignores header on subsequent exchanges
CAMEL-19381 - Infinite loop creating processes with Camel JBang
CAMEL-18965 - Camel-CXF: OnCompletion not working anymore
Improvements (4):
CAMEL-19455 - camel-cxf - Ensure REQUEST_CONTEXT & RESPONSE_CONTEXT headers are Map when populating CXF Message from Camel Message
CAMEL-19454 - camel-jbang - Export should support --open-api
CAMEL-19453 - camel-jbang - Run with --open-api to support yaml spec files
CAMEL-19378 - File Changed ReadLock Strategy with minAge only looks for lastModified
Apache Spark 3.4.1
Notable Changes:
[SPARK-32559]: Fix the trim logic did’t handle ASCII control characters correctly
[SPARK-37829]: Dataframe.joinWith outer-join should return a null value for unmatched row
[SPARK-42078]: Add CapturedException to utils
[SPARK-42290]: Fix the OOM error can’t be reported when AQE on
[SPARK-42421]: Use the utils to get the switch for dynamic allocation used in local checkpoint
[SPARK-42475]: Fix PySpark connect Quickstart binder link
[SPARK-42826]: Update migration notes for pandas API on Spark
[SPARK-43043]: Improve the performance of MapOutputTracker.updateMapOutput
[SPARK-43050]: Fix construct aggregate expressions by replacing grouping functions
[SPARK-43067]: Correct the location of error class resource file in Kafka connector
[SPARK-43069]: Use sbt-eclipse instead of sbteclipse-plugin
[SPARK-43071]: Support SELECT DEFAULT with ORDER BY, LIMIT, OFFSET for INSERT source relation
[SPARK-43072]: Include TIMESTAMP_NTZ type in ANSI Compliance doc
[SPARK-43075]: Change gRPC to grpcio when it is not installed.
[SPARK-43083]: Mark *StateStoreSuite as ExtendedSQLTest
[SPARK-43085]: Support column DEFAULT assignment for multi-part table names
[SPARK-43098]: Fix correctness COUNT bug when scalar subquery has group by clause
[SPARK-43113]: Evaluate stream-side variables when generating code for a bound condition
[SPARK-43125]: Fix Connect Server Can’t Handle Exception With Null Message
[SPARK-43126]: Mark two Hive UDF expressions as stateful
[SPARK-43139]: Fix incorrect column names in sql-ref-syntax-dml-insert-table.md
[SPARK-43141]: Ignore generated Java files in checkstyle
[SPARK-43156]: Fix COUNT(*) is null bug in correlated scalar subquery
[SPARK-43157]: Clone InMemoryRelation cached plan to prevent cloned plan from referencing same objects
[SPARK-43158]: Set upperbound of pandas version for Binder integration
[SPARK-43249]: Fix missing stats for SQL Command
[SPARK-43281]: Fix concurrent writer does not update file metrics
[SPARK-43284]: Switch back to url-encoded strings
[SPARK-43293]: __qualified_access_only should be ignored in normal columns
[SPARK-43313]: Adding missing column DEFAULT values for MERGE INSERT actions
[SPARK-43336]: Casting between Timestamp and TimestampNTZ requires timezone
[SPARK-43337]: Asc/desc arrow icons for sorting column does not get displayed in the table column
[SPARK-43340]: Handle missing stack-trace field in eventlogs
[SPARK-43342]: Revert SPARK-39006 Show a directional error message for executor PVC dynamic allocation failure
[SPARK-43374]: Move protobuf-java to BSD 3-clause group and update the license copy
[SPARK-43378]: Properly close stream objects in deserializeFromChunkedBuffer
[SPARK-43395]: Exclude macOS tar extended metadata in make-distribution.sh
[SPARK-43398]: Executor timeout should be max of idle shuffle and rdd timeout
[SPARK-43404]: Skip reusing sst file for same version of RocksDB state store to avoid id mismatch error
[SPARK-43414]: Fix flakiness in Kafka RDD suites due to port binding configuration issue
[SPARK-43425]: Add TimestampNTZType to ColumnarBatchRow
[SPARK-43441]: makeDotNode should not fail when DeterministicLevel is absent
[SPARK-43450]: Add more _metadata filter test cases
[SPARK-43471]: Handle missing hadoopProperties and metricsProperties
[SPARK-43483]: Adds SQL references for OFFSET clause
[SPARK-43510]: Fix YarnAllocator internal state when adding running executor after processing completed containers
[SPARK-43517]: Add a migration guide for namedtuple monkey patch
[SPARK-43522]: Fix creating struct column name with index of array
[SPARK-43527]: Fix catalog.listCatalogs in PySpark
[SPARK-43541]: Propagate all Project tags in resolving of expressions and missing columns
[SPARK-43547]: Update “Supported Pandas API” page to point out the proper pandas docs
[SPARK-43587]: Run HealthTrackerIntegrationSuite in a dedicated JVM
[SPARK-43589]: Fix cannotBroadcastTableOverMaxTableBytesError to use bytesToString
[SPARK-43718]: Set nullable correctly for keys in USING joins
[SPARK-43719]: Handle missing row.excludedInStages field
[SPARK-43751]: Document unbase64 behavior change
[SPARK-43758]: Update Hadoop 2 dependency manifest
[SPARK-43759]: Expose TimestampNTZType in pyspark.sql.types
[SPARK-43760]: Nullability of scalar subquery results
[SPARK-43802]: Fix codegen for unhex and unbase64 with failOnError=true
[SPARK-43894]: Fix bug in df.cache()
[SPARK-43956]: Fix the bug doesn’t display column’s sql for Percentile[Cont Disc]
[SPARK-43973]: Structured Streaming UI should display failed queries correctly
[SPARK-43976]: Handle the case where modifiedConfigs doesn’t exist in event logs
[SPARK-44018]: Improve the hashCode and toString for some DS V2 Expression
[SPARK-44038]: Update YuniKorn docs with v1.3
[SPARK-44040]: Fix compute stats when AggregateExec node above QueryStageExec
Docker compose 2.19
Enhancements:
Fixes:
Grafana 10.0.1
Features and Enhancements:
Alerting: Update alerting module to 20230524181453-a8e75e4dfdda.
Caching: Update labels for cache insertions counter. (Enterprise)
Schema: Improve Dashboard kind docs and remove deprecated props.
Bug Fixes:
Alerting: Fix notification policies inheritance algorithm
Caching: Fix issue in which caching can cause HTTP resource response bodies to be written twice. (Enterprise)
CodeEditor: Ensure suggestions only apply to the instance of the edit….
Plugins: Wrap original check health error.
Usage Insights: Fix last viewed date. (Enterprise)
[v10.0.x] Alerting: Add heuristics back to datasource healthchecks.
[v10.0.x] Alerting: Fix "show all instances". #67837, @grafanabot
[v10.0.x] Alerting: Fix broken UI because of query being optional for some ExpressionQuer….
[v10.0.x] Alerting: Fix email template for text/plain emails.
[v10.0.x] Alerting: Fix provisioned templates being ignored by alertmanager.
[v10.0.x] Alerting: Support newer http_config struct.
[v10.0.x] Auth: Show invite button if disable login form is set to false.
[v10.0.x] Azure: Fix Kusto auto-completion for Azure datasources (#69685).
[v10.0.x] CloudMonitoring: Improve parsing of GCM labels.
[v10.0.x] Command Palette: Links opened in a new tab now route correctly when Grafana is served under a subpath.
[v10.0.x] Command palette: Include help links.
[v10.0.x] Dashboards: Remove Explore option from panel menu when panel's datasource uid is "-- Dashboard --".
[v10.0.x] Dashboards: Variables - Improve slow template variable loading due same variable loaded multiple times on time range change.
[v10.0.x] Explore: Fixed Starred query history tab to show all starred queries.
[v10.0.x] Explore: Improve logs volume panel empty state.
[v10.0.x] Explore: Run remaining queries when one is removed from a pane.
[v10.0.x] Heatmap: Sort fields by numeric names when single frame.
[v10.0.x] InfluxDB: Interpolate retention policies
[v10.0.x] Log Context: Fix split view button using the wrong query.
[v10.0.x] Loki: Fix error when empty template variables response.
[v10.0.x] Loki: Fix including of template variables in variable query editor.
[v10.0.x] NestedFolders: Fix select all in folder view selecting items out of folder.
[v10.0.x] Pyroscope: Fix wrong defaults when importing query from different datasource.
[v10.0.x] SQLStore: Align SQLite IsUniqueConstraintViolation() with other backend implementations.
[v10.0.x] Templating: Fix updating of definition to empty string.
[v10.0.x] Tempo: Use pipe in TraceQL by default for multi-value variables.
[v10.0.x] TextPanel: Fix styling missing the disclosure triangle.
[v10.0.x] Util: Fix panic when generating UIDs concurrently.
[v10.0.x] XYChart/Trend: Fix min/max and units/decimals X field overrides.
[v10.0.x] XYChart: Fix formatting of axis ticks (units, decimals).
[v10.0.x] XYChart: Fix variable interpolation in datalinks/toggletip.
Jenkins 2.411
*Update the Log Recorders interface.
*Add Japanese translation of Apply.
*Switch the doublelaunch checker to a regular administrative monitor.
*Remove animations on login page causing high CPU usage in some cases.
Prometheus 2.45.0
[FEATURE] API: New limit parameter to limit the number of items returned by /api/v1/status/tsdb endpoint.
[FEATURE] Config: Add limits to global config.
[FEATURE] Consul SD: Added support for path_prefix.
[FEATURE] Native histograms: Add option to scrape both classic and native histograms.
[FEATURE] Native histograms: Added support for two more arithmetic operators avg_over_time and sum_over_time.
[FEATURE] Promtool: When providing the block id, only one block will be loaded and analyzed.
[FEATURE] Remote-write: New Azure ad configuration to support remote writing directly to Azure Monitor workspace.
[FEATURE] TSDB: Samples per chunk are now configurable with flag storage.tsdb.samples-per-chunk. By default set to its former value 120.
[ENHANCEMENT] Native histograms: bucket size can now be limited to avoid scrape fails.
[ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL sooner.
[BUGFIX] Native histograms: ChunkSeries iterator now checks if a new sample can be appended to the open chunk.
[BUGFIX] Native histograms: Fix Histogram Appender Appendable() segfault.
[BUGFIX] Native histograms: Fix setting reset header to gauge histograms in seriesToChunkEncoder.
[BUGFIX] TSDB: Tombstone intervals are not modified after Get() call.
[BUGFIX] TSDB: Use path/filepath to set the WAL directory.
RabbitMQ 3.12.1
Core Server
Bug Fixes:
Enhancements:
Management Plugin
Bug Fixes:
Enhancements:
POST /api/queues/quorum/{vhost}/{name}/replicas/add
DELETE /api/queues/quorum/{vhost}/{name}/replicas/remove
POST /api/queues/quorum/replicas/on/{node}/grow
DELETE /api/queues/quorum/replicas/on/{node}/shrink
Stream Plugin
Bug Fixes:
OAuth 2 Plugin
Bug Fixes:
Enhancements:
STOMP Plugin
Bug Fixes:
Sonatype Nexus Repository 3.56.0
Bug Fixes:
Spring boot 3.1.1
Bug Fixes:
This week, read about:
OpenLogic Cloud Image Releases:
Rocky Linux 9.2
AlmaLinux 9.2
Apache Kafka 3.5.0
Improvement:
[KAFKA-6586] - Refactor Connect executables
[KAFKA-7109] - KafkaConsumer should close its incremental fetch sessions on close
[KAFKA-7499] - Extend ProductionExceptionHandler to cover serialization exceptions
[KAFKA-10244] - An new java interface to replace 'kafka.common.MessageReader'
[KAFKA-10575] - StateRestoreListener#onRestoreEnd should always be triggered
[KAFKA-12446] - Define KGroupedTable#aggregate subtractor + adder order of execution
[KAFKA-12634] - Should checkpoint after restore finished
[KAFKA-13659] - MM2 should read all offset syncs at start up
[KAFKA-13771] - Support to explicitly delete delegationTokens that have expired but have not been automatically cleaned up
[KAFKA-13817] - Schedule nextTimeToEmit to system time every time instead of just once
[KAFKA-13999] - Add ProducerCount metrics (KIP-847)
[KAFKA-14021] - MirrorMaker 2 should implement KIP-618 APIs
[KAFKA-14084] - Support SCRAM when using KRaft mode
[KAFKA-14253] - StreamsPartitionAssignor should print the member count in assignment logs
[KAFKA-14285] - Delete quota node in zookeeper when configs are empty
KAFKA-14351] - Implement controller mutation quotas in KRaft
[KAFKA-14365] - Extract common logic from Fetcher
[KAFKA-14376] - Add ConfigProvider to make use of environment variables
[KAFKA-14395] - Add config to configure client supplier for KafkaStreams
[KAFKA-14491] - Introduce Versioned Key-Value Stores to Kafka Streams
[KAFKA-14565] - Interceptor Resource Leak
[KAFKA-14570] - Problem description missing closing parenthesis symbol
[KAFKA-14610] - Publish Mirror Maker 2 offset syncs in task commit method
[KAFKA-14617] - Replicas with stale broker epoch should not be allowed to join the ISR
[KAFKA-14638] - Documentation for transaction.timeout.ms should be more precise
[KAFKA-14666] - MM2 should translate consumer group offsets behind replication flow
[KAFKA-14680] - Gradle version upgrade 7 -->> 8
[KAFKA-14720] - KIP-906: Tools migration guidelines
[KAFKA-14722] - Make BooleanSerde public
[KAFKA-14732] - Use an exponential backoff retry mechanism while reconfiguring connector tasks
[KAFKA-14740] - Missing source tag on MirrorSource metrics
[KAFKA-14745] - MirrorSourceConnector keeps creating ReplicationPolicy instances
[KAFKA-14758] - Extract inner classes from Fetcher for reuse in refactoring
[KAFKA-14765] - Support SCRAM for brokers at bootstrap
[KAFKA-14770] - Allow dynamic keystore update for brokers if string representation of DN matches even if canonical DNs don't match
[KAFKA-14771] - Include current thread ids in ConcurrentModificationException message
[KAFKA-14775] - Support SCRAM for broker to controller authentication
[KAFKA-14776] - Update SCRAM integration tests to run with KRaft
[KAFKA-14795] - Provide message formatter for RemoteLogMetadata
[KAFKA-14814] - Skip restart of connectors when redundant resume request is made
[KAFKA-14827] - Support for StandardAuthorizer in Benchmark
[KAFKA-14829] - Consolidate reassignment logic in PartitionReassignmentReplicas
[KAFKA-14834] - Improved processor semantics for versioned stores
[KAFKA-14837] - The MirrorCheckPointConnector of MM2 will rebalance frequently, when the source cluster group is many more and changes frequently (but the list of configured synchronous group does not change)
[KAFKA-14838] - MM2 Worker/Connector/Task clients should specify client ID based on flow and role
[KAFKA-14842] - MirrorCheckpointTask can reduce the rpc calls of "listConsumerGroupOffsets(group)" of irrelevant groups at each poll
[KAFKA-14881] - Update UserScramCredentialRecord for SCRAM ZK to KRaft migration
[KAFKA-14883] - Broker state should be "observer" in KRaft quorum
[KAFKA-14887] - ZK session timeout can cause broker to shutdown
[KAFKA-14988] - Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
Bug:
[KAFKA-5756] - Synchronization issue on flush
[KAFKA-6793] - Unnecessary warning log message
[KAFKA-6891] - send.buffer.bytes should be allowed to set -1 in KafkaConnect
[KAFKA-8713] - [Connect] JsonConverter NULL Values are replaced by default values even in NULLABLE fields
[KAFKA-9087] - ReplicaAlterLogDirs stuck and restart fails with java.lang.IllegalStateException: Offset mismatch for the future replica
[KAFKA-9981] - Running a dedicated mm2 cluster with more than one nodes,When the configuration is updated the task is not aware and will lose the update operation.
[KAFKA-12468] - Initial offsets are copied from source to target cluster
[KAFKA-12558] - MM2 may not sync partition offsets correctly
[KAFKA-12639] - AbstractCoordinator ignores backoff timeout when joining the consumer group
[KAFKA-13891] - sync group failed with rebalanceInProgress error cause rebalance many rounds in coopeartive
[KAFKA-14016] - Revoke more partitions than expected in Cooperative rebalance
[KAFKA-14054] - Unexpected client shutdown as TimeoutException is thrown as IllegalStateException
[KAFKA-14072] - Crashed MirrorCheckpointConnector appears as running in REST API
[KAFKA-14128] - Kafka Streams terminates on topic check
[KAFKA-14139] - Replaced disk can lead to loss of committed data even with non-empty ISR
[KAFKA-14172] - bug: State stores lose state when tasks are reassigned under EOS wit…
[KAFKA-14295] - FetchMessageConversionsPerSec meter not recorded
[KAFKA-14311] - Connect Worker clean shutdown does not cleanly stop connectors/tasks
[KAFKA-14317] - ProduceRequest timeouts are logged as network exceptions
[KAFKA-14420] - MirrorMaker should not clear filtered configs on target topics
[KAFKA-14455] - Kafka Connect create and update REST APIs should surface failures while writing to the config topic
[KAFKA-14463] - ConnectorClientConfigOverridePolicy is not closed at worker shutdown
[KAFKA-14531] - KRaft controller time-based snapshots are too frequent
[KAFKA-14544] - The "is-future" should be removed from metrics tags after future log becomes current log
[KAFKA-14545] - MirrorCheckpointTask throws NullPointerException when group hasn't consumed from some partitions
[KAFKA-14564] - Upgrade Netty to 4.1.86.Final to fix CVEs
[KAFKA-14639] - Kafka CooperativeStickyAssignor revokes/assigns partition in one rebalance cycle
[KAFKA-14644] - Process should stop after failure in raft IO thread
[KAFKA-14645] - Plugin classloader not used when retrieving connector plugin config defs via REST API
[KAFKA-14649] - Failures instantiating Connect plugins hides other plugins from REST API, or crash worker
[KAFKA-14650] - IQv2 can throw ConcurrentModificationException when accessing Tasks
[KAFKA-14659] - source-record-write-[rate|total] metrics include filtered records
[KAFKA-14660] - Divide by zero security vulnerability (sonatype-2019-0422)
[KAFKA-14664] - Raft idle ratio is inaccurate
[KAFKA-14676] - Token endpoint URL used for OIDC cannot be set on the JAAS config
[KAFKA-14693] - KRaft Controller and ProcessExitingFaultHandler can deadlock shutdown
[KAFKA-14704] - Follower should truncate before incrementing high watermark
[KAFKA-14717] - KafkaStreams can' get running if the rebalance happens before StreamThread gets shutdown completely
[KAFKA-14727] - Connect EOS mode should periodically call task commit
[KAFKA-14729] - The kafakConsumer pollForFetches(timer) method takes up a lot of cpu due to the abnormal exit of the heartbeat thread
[KAFKA-14743] - MessageConversionsTimeMs for fetch request metric is not updated
[KAFKA-14744] - NPE while converting OffsetFetch from version < 8 to version >= 8
[KAFKA-14774] - the removed listeners should not be reconfigurable
[KAFKA-14781] - MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
[KAFKA-14792] - Race condition in LazyIndex.get()
[KAFKA-14794] - Unable to deserialize base64 JSON strings
[KAFKA-14797] - MM2 does not emit offset syncs when conservative translation logic exceeds positive max.offset.lag
[KAFKA-14799] - Source tasks fail if connector attempts to abort empty transaction
[KAFKA-14800] - Upgrade snappy-java Version to 1.1.9.1
[KAFKA-14801] - Encoded sensitive configs are not decoded before migration
[KAFKA-14804] - Connect docs fail to build with Gradle Swagger plugin 2.2.8
[KAFKA-14809] - Connect incorrectly logs that no records were produced by source tasks
[KAFKA-14812] - ProducerPerformance still counting successful sending in console when sending failed
[KAFKA-14816] - Connect loading SSL configs when contacting non-HTTPS URLs
[KAFKA-14836] - Fix UtilsTest#testToLogDateTimeFormat failure in some cases
[KAFKA-14839] - Exclude protected variable from JavaDocs
[KAFKA-14843] - Connector plugins config endpoint does not include Common configs
[KAFKA-14853] - the serializer/deserialize which extends ClusterResourceListener is not added to Metadata
[KAFKA-14862] - Outer stream-stream join does not output all results with multiple input partitions
[KAFKA-14864] - Memory leak in KStreamWindowAggregate with ON_WINDOW_CLOSE emit strategy
[KAFKA-14891] - Fix rack-aware range assignor to improve rack-awareness with co-partitioning
[KAFKA-14894] - MetadataLoader must call finishSnapshot after loading a snapshot
[KAFKA-14902] - KafkaBasedLog infinite retries can lead to StackOverflowError
[KAFKA-14943] - Fix ClientQuotaControlManager validation
[KAFKA-14946] - KRaft controller node shutting down while renouncing leadership
[KAFKA-14978] - ExactlyOnceWorkerSourceTask does not remove parent metrics
[KAFKA-14980] - MirrorMaker consumers don't get configs prefixed with source.cluster
[KAFKA-14994] - jose4j is vulnerable to CVE- Improper Cryptographic Algorithm
[KAFKA-14996] - The KRaft controller should properly handle overly large user operations
[KAFKA-15003] - TopicIdReplicaAssignment is not updated in migration (dual-write) when partitions are changed for topic
[KAFKA-15004] - Topic config changes are not synced during zk to kraft migration (dual-write)
[KAFKA-15007] - MV is not set correctly in the MetadataPropagator in migration.
[KAFKA-15009] - New ACLs are not written to ZK during migration
[KAFKA-15010] - KRaft Controller doesn't reconcile with Zookeeper metadata upon becoming new controller while in dual write mode.
[KAFKA-15015] - Binaries contain 2 versions of reload4j
[KAFKA-15019] - Improve handling of broker heartbeat timeouts
[KAFKA-15044] - Snappy v.1.1.9.1 NoClassDefFound on ARM machines
Task:
[KAFKA-10586] - Full support for distributed mode in dedicated MirrorMaker 2.0 clusters
[KAFKA-14530] - Check state updater more than once in process loops
[KAFKA-14708] - Remove kafka.examples.Consumer dependancy on ShutdownableThread
[KAFKA-14731] - Upgrade ZooKeeper to 3.6.4
[KAFKA-14749] - Re-enable 'spotlessScalaCheck' task (in Jenkinsfile)
[KAFKA-14869] - txn and group coordinator downgrade foundation
[KAFKA-14974] - Restore backward compatibility in KafkaBasedLog
[KAFKA-14983] - Upgrade jetty-server to 9.4.51
Jenkins 2.401.1
*Important security fix. (2023-06-14 security advisory)
*Fix the writing of emojis to XML (regression in 2.403).
*Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398).
*Remove "undefined" trailing text from system dropdown menu.
*Fix the warning icon in the workspaces temporary directory message.
*Show full width filter field for builds on pages less than 970 pixels wide.
Kubernetes 1.27.3
Important Security Information:
Affected Versions:
Fixed Versions:
CVSS Rating: Medium (6.5) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Angular 16.1.1
Fix: libraries compiled with v16.1+ breaking with Angular framework v16.0.x
Fix: extend toSignal to accept any Subscribable
Fix: Prevent a component from importing itself.
Artemis 2.29.0
Fixes:
[ARTEMIS-2431] - [AMQP] Broker does not send security errors for unauthorized anonymous sasl with pipelined open
[ARTEMIS-4082] - AcknowledgementTest.testDupsOKAcknowledgeQueue test is flakey
[ARTEMIS-4153] - Support "offline" Maven
[ARTEMIS-4155] - Broker will dead lock if sending OpenWire Large Messages With Journal Retention configured.
[ARTEMIS-4157] - Error setting broker properties for AddressSettings
[ARTEMIS-4160] - jolokia-access.xml getting invalid XML from hostname during instance creation
[ARTEMIS-4161] - AMQP and OpenWire have a few Leaks during open and close connections
[ARTEMIS-4162] - Support deleting addresses and queues without usage check
[ARTEMIS-4163] - Fix concurrency on Large Message parsing in OpenWire
[ARTEMIS-4168] - Keycloak example is broken
[ARTEMIS-4170] - Remove redundant queue creation for OpenWire
[ARTEMIS-4171] - Potential large message file leak
[ARTEMIS-4172] - Sending large message via core skips plugins & audit logging
[ARTEMIS-4175] - JournalFileImpl Leaking
[ARTEMIS-4176] - Console custom root redirect ignored
[ARTEMIS-4177] - Misleading documentation for "Logging the clients remote address"
[ARTEMIS-4188] - creating dynamicQueues from an JavaEE MDB applies configured messageSelector as per-queue filters
[ARTEMIS-4191] - JournalImpl::needs compact should include more logging to enable eventual investigations
[ARTEMIS-4193] - Interrupting Large Message Streaming with a server kill may leave orphaned files
[ARTEMIS-4196] - MQTT cluster message distribution is broken with OFF and OFF_WITH_REDISTRIBUTION loadbalancing types
[ARTEMIS-4199] - PageCounter leaving record out of Transaction
[ARTEMIS-4201] - Not sending proper MQTT disconnect code on stolen link
[ARTEMIS-4206] - Unreferenced AMQP Large Messages are not removed
[ARTEMIS-4207] - Redistribution may leave large messages stranded
[ARTEMIS-4208] - OpenWire ChunkSend issuing CriticalAnalyzer
[ARTEMIS-4209] - "User ID" in web console prefixed with "ID:ID:" for AMQP messages
[ARTEMIS-4233] - QueueImpl::NPE on holder.iter == null
[ARTEMIS-4234] - EmbeddedActiveMQResource is able to receive only first message
[ARTEMIS-4235] - Losing bridge connection when sending empty Openwire map message.
[ARTEMIS-4241] - Paging + FQQN is broken
[ARTEMIS-4243] - ActiveMQ Artemis CLI fails to export bindings without routing types
[ARTEMIS-4247] - Inconsistencies between AMQP Mirror and Artemis Clustering
[ARTEMIS-4249] - Failure to create internal MQTT consumer can orphan subscription queue
[ARTEMIS-4258] - delayBeforeDispatch not working with OpenWire
[ARTEMIS-4266] - Mitigate NPE with bad SSL config
[ARTEMIS-4267] - Original exception lost for NoCacheLoginException
[ARTEMIS-4273] - Mask command not picking up codec properties
[ARTEMIS-4282] - Sending Large ApplicationProperties section in a transactional session may break the server.
[ARTEMIS-4286] - Sometimes federated consumer won't stop
[ARTEMIS-4298] - Journal Retention Duplicated files during replication
[ARTEMIS-4302] - NPE on JournalTransaction::forget
[ARTEMIS-4311] - Strange typo propagated throughout the codebase: "Mesasge"
[ARTEMIS-4316] - Example HTML does not render correctly
Nginx 1.25.1
*Feature: the "http2" directive, which enables HTTP/2 on a per-server basis; the "http2" parameter of the "listen" directive is now deprecated.
*Change: HTTP/2 server push support has been removed.
*Change: the deprecated "ssl" directive is not supported anymore.
*Bugfix: in HTTP/3 when using OpenSSL.
OpenJ9 0.39.0
New JDK 20 features:
The following features are supported by OpenJ9:
JEP 434: Foreign Function & Memory API (Second Preview)
JEP 436: Virtual Threads (Second Preview)
JEP 437: Structured Concurrency (Second Incubator)
JEP 438: Vector API (Fifth Incubator)
The following features are implemented in OpenJDK and available in any build of OpenJDK 20 with OpenJ9:
JEP 432: Record Patterns (Second Preview)
JEP 433: Pattern Matching for switch (Fourth Preview)
This week, read about:
OpenLogic Cloud Image Releases:
Rocky Linux 9.2
AlmaLinux 9.2
Apache Kafka 3.4.1
Improvements:
[KAFKA-13659] - MM2 should read all offset syncs at start up
[KAFKA-14285] - Delete quota node in zookeeper when configs are empty
[KAFKA-14565] - Interceptor Resource Leak
[KAFKA-14610] - Publish Mirror Maker 2 offset syncs in task commit method
[KAFKA-14666] - MM2 should translate consumer group offsets behind replication flow
[KAFKA-14837] - The MirrorCheckPointConnector of MM2 will rebalance frequently, when the source cluster group is many more and changes frequently (but the list of configured synchronous group does not change)
[KAFKA-14842] - MirrorCheckpointTask can reduce the rpc calls of "listConsumerGroupOffsets(group)" of irrelevant groups at each poll
[KAFKA-14887] - ZK session timeout can cause broker to shutdown
[KAFKA-14988] - Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
Bugs:
[KAFKA-5756] - Synchronization issue on flush
[KAFKA-12468] - Initial offsets are copied from source to target cluster
[KAFKA-12558] - MM2 may not sync partition offsets correctly
[KAFKA-13891] - sync group failed with rebalanceInProgress error cause rebalance many rounds in coopeartive
[KAFKA-13972] - Reassignment cancellation causes stray replicas
[KAFKA-14016] - Revoke more partitions than expected in Cooperative rebalance
[KAFKA-14054] - Unexpected client shutdown as TimeoutException is thrown as IllegalStateException
[KAFKA-14128] - Kafka Streams terminates on topic check
[KAFKA-14172] - bug: State stores lose state when tasks are reassigned under EOS wit…
[KAFKA-14295] - FetchMessageConversionsPerSec meter not recorded
[KAFKA-14455] - Kafka Connect create and update REST APIs should surface failures while writing to the config topic
[KAFKA-14545] - MirrorCheckpointTask throws NullPointerException when group hasn't consumed from some partitions
[KAFKA-14639] - Kafka CooperativeStickyAssignor revokes/assigns partition in one rebalance cycle
[KAFKA-14644] - Process should stop after failure in raft IO thread
[KAFKA-14645] - Plugin classloader not used when retrieving connector plugin config defs via REST API
[KAFKA-14649] - Failures instantiating Connect plugins hides other plugins from REST API, or crash worker
[KAFKA-14659] - source-record-write-[rate|total] metrics include filtered records
[KAFKA-14660] - Divide by zero security vulnerability (sonatype-2019-0422)
[KAFKA-14676] - Token endpoint URL used for OIDC cannot be set on the JAAS config
[KAFKA-14693] - KRaft Controller and ProcessExitingFaultHandler can deadlock shutdown
[KAFKA-14704] - Follower should truncate before incrementing high watermark
[KAFKA-14711] - kafaka-metadata-quorum.sh does not honor --command-config
[KAFKA-14727] - Connect EOS mode should periodically call task commit
[KAFKA-14743] - MessageConversionsTimeMs for fetch request metric is not updated
[KAFKA-14774] - the removed listeners should not be reconfigurable
[KAFKA-14781] - MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
[KAFKA-14797] - MM2 does not emit offset syncs when conservative translation logic exceeds positive max.offset.lag
[KAFKA-14809] - Connect incorrectly logs that no records were produced by source tasks
[KAFKA-14816] - Connect loading SSL configs when contacting non-HTTPS URLs
[KAFKA-14836] - Fix UtilsTest#testToLogDateTimeFormat failure in some cases [KAFKA-14843] - Connector plugins config endpoint does not include Common configs
[KAFKA-14862] - Outer stream-stream join does not output all results with multiple input partitions
[KAFKA-14864] - Memory leak in KStreamWindowAggregate with ON_WINDOW_CLOSE emit strategy
[KAFKA-14880] - TransactionMetadata with producer epoch -1 should be expirable
[KAFKA-14894] - MetadataLoader must call finishSnapshot after loading a snapshot
[KAFKA-14946] - KRaft controller node shutting down while renouncing leadership
[KAFKA-14963] - Incorrect partition count metrics for kraft controllers
[KAFKA-14978] - ExactlyOnceWorkerSourceTask does not remove parent metrics
[KAFKA-14994] - jose4j is vulnerable to CVE- Improper Cryptographic Algorithm
[KAFKA-15015] - Binaries contain 2 versions of reload4j
Apache Camel 3.19.0
CAMEL-18544-camel-http - ToD optimized context-path with spaces problem
CAMEL-18530-Camel box cannot authorize
CAMEL-18514-camel-health - health check for not automatically started routes should always be up
CAMEL-18510-camel-jbang - camel bind may not work with --local-kamelet-dir
CAMEL-18490-camel-jbang - Reset statistics can cause JMX inflight counter to be negative
CAMEL-18489-camel-file - Exclusive rename should handle windows locking the file
CAMEL-18483-camel-microprofile-health: Routes and consumers health checks are not registered if routes are supervised
CAMEL-18477-knative producer with ProducerTemplate is missing the fromRouteId
CAMEL-18476-when artemis streaming enabled then Camel-jms component is not closing inputstream for Bytes message, blocking deletion of file after its archived in windows
CAMEL-18473-Knative component : CloudEvents have wrong time format
CAMEL-18444-camel-caffeine - Caffeine-cache query parameter action does not work
CAMEL-18443-Problem using AdviceWith on routes with try-catch-finally
CAMEL-18442-camel-github - Github commit consumer does not work
CAMEL-18439-camel-github - Consumer that polls commits crashed when repository has more than 100 commits
CAMEL-18435-camel-core - RAW values should be kept as-s
CAMEL-18433-camel-yaml-dsl - Unsupported field: routeConfigurationId
CAMEL-18432-DockerConfiguration malformerd UriPath for variable operation
CAMEL-18427-Camel Debezium with Postgres on Spring Boot doesn't work
CAMEL-18424-camel-jbang - Dependency downloaded issue with camel-aws-s3
CAMEL-18421-camel-core - Adding route dynamic leak bootstraps
CAMEL-18418-aws-s3-sink Kamelet returns 403
CAMEL-18400-jbang does not use correct camel version
CAMEL-18399-camel-sql - NullPointer exception for DBMaker PreparedStatement
CAMEL-18396-NotifyBuilder.matches returns always true in conjunction with NotifyBuilderMatcher usage
CAMEL-18394-CXF-Consumer does not start
CAMEL-18393-Camel-bigquery: NPE if select * is requested
CAMEL-18391-camel-http - HttpSendDynamicAware not optimizing for url without slashes
CAMEL-18387-camel-tarfile: TarAggregationStrategy throws error when first message is empty
CAMEL-18379-camel-mail: attachments with empty fileName
CAMEL-18377-camel-jpa producer does not reuse existing EntityManager in transaction and create its own one
CAMEL-18375-Property description for FromDefinition is missing in camelYamlDsl.json
CAMEL-18371-camel-resume-api: file component is not loading the cache
CAMEL-18370-Bidning properties to route template local beans do not honor RAW()
CAMEL-18362-camel-resume-api: kafka resume strategy fails to fetch the first batch
CAMEL-18360-camel-jbang - Export --fresh with property placeholder using dash may fail
CAMEL-18357-camel-core - Splitter issue with tokenizer with hashNext/next
CAMEL-18355-HTTP component overwrites basic authentication credentials with proxy authentication
CAMEL-18351-ExchangePropertyKey.SPLIT_COMPLETE not set to true after zip splitting completed
CAMEL-18347-camel-test-infra: instances are not properly singleton
CAMEL-18338-IMAP MailConsumer NullPointerException due CAMEL-16180
CAMEL-18336-camel-jbang: YAML DSL cannot find classes for local beans
CAMEL-18331-camel-spring-xml - <endpoint> bean added via beans.xml are parsed twice
CAMEL-18330-RouteTemplate: templateParameter not recognized
CAMEL-18329-RouteTemplate: templateParameter doesn't get resolved
CAMEL-18328-RouteConfiguration with RouteTemplate doesn't work
CAMEL-18324-camel-core - Exception during preparing exchange task can block thread
CAMEL-18322-Camel-Jbang export copy properties erroneously
CAMEL-18321-camel-mybatis - Should support using Map message body as-is for insert/update
CAMEL-18319-camel-core - Supervising route controller should not eager warmup routes
CAMEL-18310-Global SSL Context Params Force SSL for All HTTP Connections
CAMEL-18300-Google storage component does not set metadata appropriately
CAMEL-18289-camel-xslt-saxon: XsltAggregationStrategyTest fails with removing the log definition
CAMEL-18288-YAML DSL DoTry does not work
CAMEL-18286-[Camel Spring Boot] camel-lra-starter needs camel-servlet-starter to work
CAMEL-18279-When run 3.18.0 with Spring Boot, received java.io.FileNotFoundException: class path resource [.class] cannot be opened because it does not exist
CAMEL-18278-AdviceWith fails with Spring XML and several route cross cutting concerns
CAMEL-18275-onCompletion tasks don't get executed in a pipeline with several SEDA queues
CAMEL-18274-OSGi - camel-file: ClassNotFoundException because of Private-Package
CAMEL-18271-[Camel Spring Boot Examples] Infinispan example cannot be built
CAMEL-18270-IMAP skipFailedMessage=true, but route blocked if mail is moved while download
CAMEL-18266-Can not use bean uri in xslt component
CAMEL-18262-Templated route exception handling not working
CAMEL-18255-Memory Leak with MDCUnitOfWork
CAMEL-18182-Camel servlet file upload with multipart/form-data not success
CAMEL-18049-Camel Webhook - error to set Webhook URL
CAMEL-17859-camel-smpp: Consumer sometimes tries to reconnect only once
CAMEL-16287-camel-aws2-sqs should use pagination for deciding which aws sqs queues it should create
Apache Kafka 3.4.1
Improvement
[KAFKA-13659] - MM2 should read all offset syncs at start up
[KAFKA-14285] - Delete quota node in zookeeper when configs are empty
[KAFKA-14565] - Interceptor Resource Leak
[KAFKA-14610] - Publish Mirror Maker 2 offset syncs in task commit method
[KAFKA-14666] - MM2 should translate consumer group offsets behind replication flow
[KAFKA-14837] - The MirrorCheckPointConnector of MM2 will rebalance frequently, when the source cluster group is many more and changes frequently (but the list of configured synchronous group does not change)
[KAFKA-14842] - MirrorCheckpointTask can reduce the rpc calls of "listConsumerGroupOffsets(group)" of irrelevant groups at each poll
[KAFKA-14887] - ZK session timeout can cause broker to shutdown
[KAFKA-14988] - Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
Bugs:
[KAFKA-5756] - Synchronization issue on flush
[KAFKA-12468] - Initial offsets are copied from source to target cluster
[KAFKA-12558] - MM2 may not sync partition offsets correctly
[KAFKA-13891] - sync group failed with rebalanceInProgress error cause rebalance many rounds in coopeartive
[KAFKA-13972] - Reassignment cancellation causes stray replicas
[KAFKA-14016] - Revoke more partitions than expected in Cooperative rebalance
[KAFKA-14054] - Unexpected client shutdown as TimeoutException is thrown as IllegalStateException
[KAFKA-14128] - Kafka Streams terminates on topic check
[KAFKA-14172] - bug: State stores lose state when tasks are reassigned under EOS wit…
[KAFKA-14295] - FetchMessageConversionsPerSec meter not recorded
[KAFKA-14455] - Kafka Connect create and update REST APIs should surface failures while writing to the config topic
[KAFKA-14545] - MirrorCheckpointTask throws NullPointerException when group hasn't consumed from some partitions
[KAFKA-14639] - Kafka CooperativeStickyAssignor revokes/assigns partition in one rebalance cycle
[KAFKA-14644] - Process should stop after failure in raft IO thread
[KAFKA-14645] - Plugin classloader not used when retrieving connector plugin config defs via REST API
[KAFKA-14649] - Failures instantiating Connect plugins hides other plugins from REST API, or crash worker
[KAFKA-14659] - source-record-write-[rate|total] metrics include filtered records
[KAFKA-14660] - Divide by zero security vulnerability (sonatype-2019-0422)
[KAFKA-14676] - Token endpoint URL used for OIDC cannot be set on the JAAS config
[KAFKA-14693] - KRaft Controller and ProcessExitingFaultHandler can deadlock shutdown
[KAFKA-14704] - Follower should truncate before incrementing high watermark
[KAFKA-14711] - kafaka-metadata-quorum.sh does not honor --command-config
[KAFKA-14727] - Connect EOS mode should periodically call task commit
[KAFKA-14743] - MessageConversionsTimeMs for fetch request metric is not updated
[KAFKA-14774] - the removed listeners should not be reconfigurable
[KAFKA-14781] - MM2 logs misleading error during topic ACL sync when broker does not have authorizer configured
[KAFKA-14797] - MM2 does not emit offset syncs when conservative translation logic exceeds positive max.offset.lag
[KAFKA-14799] - Source tasks fail if connector attempts to abort empty transaction
[KAFKA-14809] - Connect incorrectly logs that no records were produced by source tasks
[KAFKA-14816] - Connect loading SSL configs when contacting non-HTTPS URLs
[KAFKA-14836] - Fix UtilsTest#testToLogDateTimeFormat failure in some cases
[KAFKA-14843] - Connector plugins config endpoint does not include Common configs
[KAFKA-14862] - Outer stream-stream join does not output all results with multiple input partitions
[KAFKA-14864] - Memory leak in KStreamWindowAggregate with ON_WINDOW_CLOSE emit strategy
[KAFKA-14880] - TransactionMetadata with producer epoch -1 should be expirable
[KAFKA-14894] - MetadataLoader must call finishSnapshot after loading a snapshot
[KAFKA-14946] - KRaft controller node shutting down while renouncing leadership
[KAFKA-14963] - Incorrect partition count metrics for kraft controllers
[KAFKA-14978] - ExactlyOnceWorkerSourceTask does not remove parent metrics
[KAFKA-14994] - jose4j is vulnerable to CVE- Improper Cryptographic Algorithm
[KAFKA-15015] - Binaries contain 2 versions of reload4j
Elasticsearch 8.8.1
Bug Fixes:
Data streams:
Geo:
Rollup:
*Do not copy index.default_pipeline and index.final_pipeline #96494 (issue: #96478)
TSDB:
Transform:
Grafana 9.5.3
Bug fixes:
Query:** Prevent crash while executing concurrent mixed queries
Alerting:** Require alert.notifications:write permissions to test receivers and templates
Jenkins 2.409
Use jenkinsbutton for repeatable buttons.
Do not show Fedora 38 as an end of life operating system before actual end of life in 2024.
Hide the arrow next to the restart checkbox if the environment doesn't support it.
Use correct update center proxy configuration hyperlink in error messages.
Add support for jakarta.inject annotations.
Kibana 8.8.1
Fixes:
Alerting:
APM:
Discover:
Fleet:
Logs:
Machine Learning:
Maps:
Operations:
Platform:
Plugins:
Anonymize Filter - 3.0.7:
Elasticsearch Filter - 3.15.:
Fingerprint Filter - 3.4.3:
Mutate Filter - 3.5.7:
Translate Filter - 3.4.1:
Truncate Filter - 1.0.6:
Beats Input - 6.6.1:
Elasticsearch Input - 4.17.2:
*Fixes scroll slice high memory consumption
Http Input - 3.7.1:
Tcp Input - 6.3.3:
Rabbitmq Integration - 7.3.2:
Elasticsearch Output - 11.15.7:
Email Output - 4.1.2:
Node.js 20.3
Notable Changes:
deps: upgrade to libuv 1.45.0, including significant performance improvements to file system operations on Linux
doc: add Ruy Adorno to list of TSC members
doc: mark Node.js 14 as End-of-Life
SEMVER-MINOR) lib: implement AbortSignal.any()
module: change default resolver to not throw on unknown scheme
(SEMVER-MINOR) node-api: define version 9 (
stream: deprecate asIndexedPairs
PHP Intepreter 8.2.7
Core:
Date:
Exif:
FPM:
Hash:
LibXML:
MBString:
Opcache:
PCNTL:
PGSQL:
Phar:
SPL:
Standard:
Streams:
Sonatype Nexus 3.55
Bug Fixes:
Apache TomEE 9.1.0
Fixes:
Gitlab 16.0.4 and 16.0.3
Fixed(1 change):
*Fix LDAP tls_options not working (merge request)
Fixed (3 changes):
*Fix memory leak in CI config includes entry (merge request)
*Fix MR approval rules sync when disabling scan result policy (merge request) GitLab Enterprise Edition
*Fix serialization of pull requests in BitbucketServer Import (merge request)
Performance (1 change):
LFS: Serve pre-signed URLs in /lfs/objects/batch (merge request)
This week, read about:
OpenLogic Cloud Image Releases:
Rocky Linux 8.8
AlmaLinux 8.8
Latest Firefox release fixes multiple CVE.
CUPS CVE-2023-32324
Cassandra 4.1.2
* Allow keystore and trustrore passwords to be nullable (CASSANDRA-18124)
* Return snapshots with dots in their name in nodetool listsnapshots (CASSANDRA-18371)
* Fix NPE when loading snapshots and data directory is one directory from root (CASSANDRA-18359)
* Do not submit hints when hinted_handoff_enabled=false (CASSANDRA-18304)
* Fix COPY ... TO STDOUT behavior in cqlsh (CASSANDRA-18353)
* Remove six and Py2SaferScanner merge cruft (CASSANDRA-18354)
Cassandra 4.0.10
* Improve nodetool enable{audit,fullquery}log (CASSANDRA-18550)
* Report network cache info in nodetool (CASSANDRa-18400)
* Partial compaction can resurrect deleted data (CASSANDRA-18507)
* Allow internal address to change with reconnecting snitches (CASSANDRA-16718)
* Fix quoting in toCqlString methods of UDTs and aggregates (CASSANDRA-17918)
* NPE when deserializing malformed collections from client (CASSANDRA-18505)
* Improve 'Not enough space for compaction' logging messages (CASSANDRA-18260)
* Incremental repairs fail on mixed IPv4/v6 addresses serializing SyncRequest (CASSANDRA-18474)
* Deadlock updating sstable metadata if disk boundaries need reloading (CASSANDRA-18443)
* Fix nested selection of reversed collections (CASSANDRA-17913)
HAProxy 2.8.0
MINOR: compression: Improve the way Vary header is added
BUILD: makefile: search for SSL_INC/wolfssl before SSL_INC
MINOR: init: pre-allocate kernel data structures on init
DOC: install: add details about WolfSSL
BUG/MINOR: ssl_sock: add check for ha_meth
BUG/MINOR: thread: add a check for pthread_create
BUILD: init: print rlim_cur as regular integer
DOC: install: specify the minimum openssl version recommended
CLEANUP: mux-quic: remove unneeded fields in qcc
MINOR: mux-quic: remove nb_streams from qcc
MINOR: quic: fix stats naming for flow control BLOCKED frames
BUG/MEDIUM: mux-quic: only set EOI on FIN
BUG/MEDIUM: threads: fix a tiny race in thread_isolate()
DOC: config: fix rfc7239 converter examples
DOC: quic: remove experimental status for QUIC
CLEANUP: mux-quic: rename functions for mux_ops
CLEANUP: mux-quic: rename internal functions
BUG/MINOR: mux-h2: refresh the idle_timer when the mux is empty
DOC: config: Fix bind/server/peer documentation in the peers section
BUILD: Makefile: use -pthread not -lpthread when threads are enabled
CLEANUP: doc: remove 21 totally obsolete docs
DOC: install: mention the common strict-aliasing warning on older compilers
DOC: install: clarify a few points on the wolfSSL build method
MINOR: quic: Add QUIC connection statistical counters values to "show quic"
EXAMPLES: update thttps://www.jenkins.io/changelog/he basic-config-edge file for 2.8
MINOR: quic/cli: clarify the "show quic" help message
MINOR: version: mention that it's LTS now.
Jenkins 2.407
*Warn administrators when their Linux operating system is approaching end of life.
*Announce early end of life for Red Hat Enterprise Linux 7 and its derivatives (like CentOS Linux 7, Scientific Linux 7, and Oracle Linux 7).
*Minor footer appearance tweaks.
*Reduce the circumstances under which recent old builds will be loaded when starting new builds.
*Developer: Make Cloud#reconfigure method public.
RabbitMQ 3.12.0
This release includes several new features, optimizations, and graduates (makes mandatory) a number of feature flags.
The user-facing areas that have seen the biggest improvements in this release are
*Optimizations for both quorum and classic queues: improved throughput, lower throughput variability, lower latency, lower memory footprint
*More mature and efficient implementation of (non-mirrored) classic queues v2 (CQv2)
*Classic queue lazy and non-lazy modes no longer apply: classic queues v2 always behave very similarly
to the lazy mode in earlier release series: moving data to disk aggressively and only keeping a subset of data in memory
*Significantly reduced MQTT and Web MQTT memory footprint per connection
*OAuth 2, OIDC, IDP support
*Even more configurability of the OAuth 2 plugin
As open source support experts, we monitor community projects to ensure our customers’ environments include the latest releases and are protected against emerging threats. We share what we learn about important open source news including software releases, trending topics, and other related information including upcoming OpenLogic events in our OpenUpdate Weekly newsletter.
Complete the form to receive an email message when we post a new OpenUpdate.
If you have any questions about the content in this week’s newsletter, or are interested in getting support for your open source software, please contact one of our experts.
Learn more about the content in this newsletter and how you can achieve your goals with your choice of open source software.