OpenUpdate - February 22, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
runC Vulnerabilities
- Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
- The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
Nginx 1.25.4
*) Security: when using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session (CVE-2024-24989, CVE-2024-24990).
*) Bugfix: connections with pending AIO operations might be closed prematurely during graceful shutdown of old worker processes.
*) Bugfix: socket leak alerts no longer logged when fast shutdown was requested after graceful shutdown of old worker processes.
*) Bugfix: a socket descriptor error, a socket leak, or a segmentation fault in a worker process (for SSL proxying) might occur if AIO was used in a subrequest.
*) Bugfix: a segmentation fault might occur in a worker process if SSL proxying was used along with the "image_filter" directive and errors with code 415 were redirected with the "error_page" directive.
*) Bugfixes and improvements in HTTP/3.
Cassandra 4.1.4
* Memoize Cassandra verion and add a backoff interval for failed schema pulls (CASSANDRA-18902)
* Fix StackOverflowError on ALTER after many previous schema changes (CASSANDRA-19166)
* Fixed the inconsistency between distributedKeyspaces and distributedAndLocalKeyspaces (CASSANDRA-18747)
* Internode legacy SSL storage port certificate is not hot reloaded on update (CASSANDRA-18681)
* Nodetool paxos-only repair is no longer incremental (CASSANDRA-18466)
* Waiting indefinitely on ReceivedMessage response in StreamSession#receive() can cause deadlock (CASSANDRA-18733)
* Allow empty keystore_password in encryption_options (CASSANDRA-18778)
* Skip ColumnFamilyStore#topPartitions initialization when client or tool mode (CASSANDRA-18697)
Merged from 4.0:
* Skip version check if an endpoint is dead state in Gossiper#upgradeFromVersionSupplier (CASSANDRA-19187)
* Fix Gossiper::hasMajorVersion3Nodes to return false during minor upgrade (CASSANDRA-18999)
* Revert unnecessary read lock acquisition when reading ring version in TokenMetadata introduced in CASSANDRA-16286 (CASSANDRA-19107)
* Support max SSTable size in sorted CQLSSTableWriter (CASSANDRA-18941)
* Fix nodetool repair_admin summarize-pending command to not throw exception (CASSANDRA-19014)
* Fix cassandra-stress in simplenative mode with prepared statements (CASSANDRA-18744)
* Fix filtering system ks sstables for relocation on startup (CASSANDRA-18963)
* Remove completed coordinator sessions (CASSANDRA-18903)
* Make StartupConnectivityChecker only run a connectivity check if there are no nodes which are running a version prior to Cassandra 4 (CASSANDRA-18968)
* Retrieve keyspaces metadata and schema version concistently in DescribeStatement (CASSANDRA-18921)
* Gossip NPE due to shutdown event corrupting empty statuses (CASSANDRA-18913)
* Fix closing iterator in SecondaryIndexBuilder (CASSANDRA-18361)
* Update hdrhistogram to 2.1.12 (CASSANDRA-18893)
* Improve performance of compactions when table does not have an index (CASSANDRA-18773)
* JMH improvements - faster build and async profiler (CASSANDRA-18871)
* Enable 3rd party JDK installations for Debian package (CASSANDRA-18844)
* Fix NTS log message when an unrecognized strategy option is passed (CASSANDRA-18679)
* Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582)
* Migrate Python optparse to argparse (CASSANDRA-17914)
Merged from 3.11:
* Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756)
* Revert CASSANDRA-18543 (CASSANDRA-18854)
* Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739)
Merged from 3.0:
* Suppress CVE-2023-6378 (CASSANDRA-19142)
* Do not set RPC_READY to false on transports shutdown in order to not fail counter updates for deployments with coordinator and storage nodes with transports turned off (CASSANDRA-18935)
* Suppress CVE-2023-44487 (CASSANDRA-18943)
* Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935)
* Implement the logic in bin/stop-server (CASSANDRA-18838)
* Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878)
* Add cqlshrc.sample and credentials.sample into Debian package (CASSANDRA-18818)
* Refactor validation logic in StorageService.rebuild (CASSANDRA-18803)
* Make alternation of a user type validate the same way as creation of a user type does (CASSANDRA-18585)
* CQLSH emits a warning when the server version doesn't match (CASSANDRA-18745)
* Fix missing speculative retries in tablestats (CASSANDRA-18767)
* Fix Requires for Java for RPM package (CASSANDRA-18751)
* Fix CQLSH online help topic link (CASSANDRA-17534)
* Remove unused suppressions (CASSANDRA-18724)
Node.js 21.6.2
This is a security release.
Notable changes:
- CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- undici version 5.28.3
- libuv version 1.48.0
- OpenSSL version 3.0.13+quic1
Non-Security Based Updates
Angular 17.2.1
-fix broken version detection condition
Camel 4.4.0
BUG (36):
CAMEL-20401 camel-kudu: Potential NullPointerException on endpoint stop
CAMEL-20399 String to short type conversion fails
CAMEL-20394 camel-jbang wrong transformation when rests and routes tags are used together
CAMEL-20392 camel-jq - Inclined jq in simple language should keep quotes
CAMEL-20380 Kafka Batch Consumer: doesn't honor the poll timeout set
CAMEL-20378 Languages that can take source from header or property is not thread safe
CAMEL-20375 Camel-ical: Camel-20370 brought a NPE in some cases
CAMEL-20373 camel-kafka - KafkaIdempotentRepository may allow some duplicates after application restart
CAMEL-20370 dataformat configurer is not generated for camel-beanio
CAMEL-20362 Camel-Netty-HTTP: Headers validation should be enabled by default
CAMEL-20356 camel-core - LoggerHelper returns wrong name for source code line precise
CAMEL-20354 camel-jbang - Using camel run --source-dir component should be able to load from classpath
CAMEL-20352 camel.springboot.includeNonSingletons is not respected anymore: prototype Route Builders are always initialized.
CAMEL-20351 Camel Jbang execution from remote file doesn't work anymore
CAMEL-20350 camel-observation - Null values should be null instead of a string null literal value
CAMEL-20349 camel-salesforce: ClassCastException when a request is retried after a 401
CAMEL-20342 camel-openapi-java - NPE in OpenApiHelper
CAMEL-20340 camel-jbang - camel dependency list throws Exception for dataformats
CAMEL-20339 camel-yaml-dsl - Saga EIP with options causes NPE
CAMEL-20334 AWS S3 cloudevents data type does not set proper data Content-Type
CAMEL-20307 camel-quickfix -Queue Full
CAMEL-20301 Camel retains objects when restarting route via policy
CAMEL-20292 Probable bug in DependencyDownloaderConsole - inverted flags in output
CAMEL-20280 camel-jcache - JCachePolicy does not init bypassExpression
CAMEL-20262 camel-spring-boot - TomcatEmbeddedWebappClassLoader return nested instead file in jar file path
CAMEL-20254 camel-http - pre-emptive authentication breaks basic auth
CAMEL-20250 camel-kinesis: resume API fails to resume properly
CAMEL-20248 camel-salesforce: Most integration tests failing
CAMEL-20239 Camel-Azure-Files: The component doesn't set account parameter on the URI
CAMEL-20232 camel-core - Kamelets with Enrich and PollEnrich dynamic endpoints with template parameters
CAMEL-20218 KafkaIdempotentRepository cache incorrectly flagged as ready
CAMEL-20121 camel-smpp SMPPSession should be closed after receiving Unbind from peer
CAMEL-19849 camel-zipfile: fails to release exchange due to Exceptions
CAMEL-19262 camel-azure-eventbus - Apache Camel wrapper for Service Bus stops receiving message.
CAMEL-17722 MDC - custom properties in MDC Unit Of Work are not cleared at the end of route
CAMEL-17721 MDC - custom MDC property value is fixed to first assigned value by MDCUnitOfWork
DEPENDENCY UPGRADE (6):
CAMEL-20344 camel-spring-boot - Upgrade to 3.2.2
CAMEL-20278 Upgrade Wildfly Elytron to 2.x version
CAMEL-20116 Upgrade to Jackson BOM 2.16.0
CAMEL-19971 Camel-Consul: Consul-client repository is now read only
CAMEL-19722 camel-etcd3 - Upgrade jedtc to 0.7.6
CAMEL-19620 camel-coap - Upgrade to Californium Scandium 3.x
IMPROVEMENT (51):
CAMEL-20409 camel-core - ModelReifierFactory should detect custom on classpath
CAMEL-20403 Support Knative broker as source/sink in Pipe
CAMEL-20400 Support for Knative SinkBinding
CAMEL-20398 camel-kubernetes - Add option on component to create kubernetes client
CAMEL-20396 camel-kudu: Allow KuduClient to be autowired
CAMEL-20391 camel-core - All languages should support expression loaded from external resource
CAMEL-20387 camel-tracing - Use case insensitive headers
CAMEL-20386 camel-jq - Add @JQ for bean annotation
CAMEL-20382 camel-kafka - RecordMetadata header should be named like the other headers
CAMEL-20376 camel-xpath - XPath language add support for variables
CAMEL-20369 camel-beanio - Bring back beanio as v3
CAMEL-20365 camel-ftp - Add option to configure yes/no answer to create known host file
CAMEL-20364 camel-jms - Remove JMSCorrelationIDAsBytes header as its not needed
CAMEL-20363 camel-jms - Make getting JMSCorrelationID more robust for brokers that has bugs
CAMEL-20359 camel-groovy - Consistent name to refer to exchangeProperties
CAMEL-20358 camel-microprofile-config: CamelMicroProfilePropertiesSource should consider active profiles when loading properties
CAMEL-20355 Throttle EIP: milliseconds not available anymore
CAMEL-20346 camel-core - Simple language contains function can be improved
CAMEL-20345 camel-core - Simple binary operator in predicates better detected by predicate parser
CAMEL-20308 Change order of camel-spring-boot-bom and spring-boot-dependencies in dependencyManamgent
CAMEL-20306 Camel-CassandraQL: Add ObjectInputFilter String pattern parameter in CassandraAggregationRepository to be used in unmarshall operations
CAMEL-20303 Camel-Sql: Add ObjectInputFilter String pattern parameter in JdbcAggregationRepository to be used in unmarshall operations
CAMEL-20298 Enhancing JSONata Compatibility for Full Reference Port
CAMEL-20281 Camel-AWS Components: Make it possible to use AwsSessionCredentials to support temporary credentials
CAMEL-20275 components - Mark options that can are used for text inputs such as a SQL query
CAMEL-20274 camel-management - Add option to allow updating routes
CAMEL-20273 camel-jbang - Stub dataformat and language during export
CAMEL-20271 Camel-AWS-Cloudtrail: Improve consumers by adding more information as exchange headers
CAMEL-20258 [JBang] Use quartz out of the box for camel-cron
CAMEL-20253 camel-jbang - Add support for jolokia 2.x
CAMEL-20249 camel-jbang - Reload routes with micrometer should clean up old routes
CAMEL-20247 Rework Dynamic Router EIP Component
CAMEL-20246 camel-core - WireTap should not create correlated exchange copy
CAMEL-20245 camel-jbang - Startup should log http summary if already started such as when using supervised route controller
CAMEL-20243 camel-main - Move route controller options into its own group
CAMEL-20242 camel-routes health check reports UP right before routes were attempted to be setup when using supervising route controller
CAMEL-20241 camel-jbang - Pretty print xml body should not have noisy empty lines
CAMEL-20238 Add spring-boot-starter-jdbc dependency to camel-spring-jdbc-starter
CAMEL-20236 camel-salesforce: add missing properties to bulk 2.0 Job class
CAMEL-20233 camel-jbang - camel catalog other does not list kotlin-dsl
CAMEL-20231 camel-jasypt - make generators configurable
CAMEL-20230 camel-core - PollEnrich and Enrich EIP should eager start component if possible
CAMEL-20228 camel-jbang - camel export doesn't recognize component in pollenrich
CAMEL-20219 Add Protobuf data type transformer
CAMEL-20202 camel-azure - Consumers should avoid loading entire payload into memory
CAMEL-19956 camel-jbang - Run with custom log4j2.properties file
CAMEL-19413 camel-parquet-avro: add some defaulted values as options on dataformat to make it more configurable
CAMEL-19411 camel-kamelet - Should be using noErrorHandler
CAMEL-18969 Support mongodb connection string/uri to configure camel-mongodb component
CAMEL-18590 Camel-Azure components: Define a unique configuration for authentication
CAMEL-14028 Allow DataFormats to unmarshal known data formats without first converting to bytes
NEW FEATURE (25):
CAMEL-20408 camel-core - Tracer should include exchange variables
CAMEL-20406 camel-core - Route scoped variables
CAMEL-20379 [camel-test-infra-cli] Improve container configuration, adding external maven repositories
CAMEL-20338 Camel JMS producer should add headers
CAMEL-20336 Add a WebAssembly component and language
CAMEL-20333 Kotlin API
CAMEL-20289 camel-core - FluentProducerTemplate - Add withVariable and withProperty
CAMEL-20288 camel-core - Convert header and variable To another name
CAMEL-20286 camel-netty: add support for native transport over KQueue
CAMEL-20285 camel-json-validator: Add ability to configure ObjectMapper using endpoint properties
CAMEL-20277 camel-grpc: gRPC proxy with streaming
CAMEL-20270 Introduce plugins for Camel JBang
CAMEL-20251 Add Camel K commands to Camel JBang
CAMEL-20229 Camel-Azure-Storage-Queue: Add CloudEvents Data Type Transformer
CAMEL-20223 Camel-Spring-Boot: Camel Azure Key Vault should Support Azure Identity in the component and secrets function
CAMEL-20220 Camel Azure Key Vault: Support Azure Identity in the component and secrets function
CAMEL-19749 camel-core - Allow users to use variables in route to store data instead of headers
CAMEL-19241 Adding a Kafka Batch Consumer
CAMEL-18559 Components which do remote communication should be marked as such
CAMEL-18082 camel-jbang - Prompt mode for required values
CAMEL-17825 Hash generator in the Simple language
CAMEL-17719 camel-salesforce: allow to retrieve CDC json schema from meta service
CAMEL-16064 camel-kafka - Add batching consumer
CAMEL-15570 camel-jte - Template Engine component
CAMEL-15252 Google Pubsub Component manual acknowledgement mode
Tomcat 10.1.19
Catalina:
- Correct JPMS and OSGi meta-data for
tomcat-enbed-core.jar
by removing reference to org.apache.catalina.ssi
package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt) - Fix ServiceBindingPropertySource so that trailing
\r\n
sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt) - Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz)
- Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm)
- 68089: Further improve the performance of request attribute access for
ApplicationHttpRequest
and ApplicationRequest
. (markt) - 68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt)
- Setting a
null
value for a cookie attribute should remove the attribute. (markt) - Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt)
- Make asynchronous error handling more robust. Ensure that once the call to
AsyncListener.onError()
has returned to the container, only container threads can access the AsyncContext
. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext
. - Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm)
- Add support for user provided
SSLContext
instances configured on SSLHostConfigCertificate
instances. Based on pull request #673 provided by Hakan Altındağ. (markt) - Partial fix for 68558: Cache the result of converting to
String
for request URI, HTTP header names and the request Content-Type
value to improve performance by reducing repeated byte[]
to String
conversions. (markt) - Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt)
- Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt)
- 68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm)
- Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm)
- Correct a regression in the fix for 66508 that could cause an
UpgradeProcessor
leak in some circumstances. (markt) - Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm)
- Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt)
- Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz)
- Correct the remaining OSGi contract references in the manifest files to refer to the Jakarta EE contract names rather than the Java EE contract names. Based on pull request #685 provided by Paul A. Nicolucci. (markt)
- Update Checkstyle to 10.13.0. (markt)
- Update JSign to 6.0. (markt)
- Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.7. (markt)
- Update Tomcat Native to 2.0.7. (markt)
- Add strings for debug level messages. (remm)
- Improvements to French translations. (remm)
- Improvements to Japanese translations by tak7iji. (markt)
Docker compose 2.24.6
Fixes:
- Fix load .env from project directory when project file is set by COMPOSE_FILE by @ndeloof in #11405
- Pass All option to backend api.Service when length statuses is not equal to zero by @1arp in #11475
- Fix deadlock collecting large logs by @ndeloof in #11496
Internal:
- [CI] docker engine version matrix by @ndeloof in #11459
- Include all networks in ContainerCreate call if API >= 1.44 by @laurazard in #11429
- Chore(load): ensure context passed to load by @milas in #11466
- Feat(tracing): add project hash attribute by @milas in #11465
- Add OTEL build,depends and capabilities to attributes by @jhrotko in #11485
- Use listener for file metadata by @jhrotko in #11492
- Docs: unify no trailing dots in docstrings and help by @PiotrDabrowskey in #11301
- Chore(watch): remove old docker cp implementation by @milas in #11497
- Docs: update cli reference link by @dvdksn in #11487
- Use listeners to collect include metrics by @ndeloof in #11503
Grafana 10.3.3
Bug fixes:
- Elasticsearch: Fix creating of legend so it is backward compatible with frontend produced frames.
- ShareModal: Fixes url sync issue that caused issue with save drawer.
Jenkins 2.446
- Modernize progress bar UI in various locations. (issue 69113)
- Add ability for custom update centers to override the suggested plugin list. (pull 8951)
- Enable readonly mode for dropdown menus when using the Extended Read Permission plugin. (pull 8955)
- Restore progress animation in build history and build time trend views (regression in 2.434). (issue 72711)
- Admin monitor does not animate on page load (regression in 2.445). (pull 8954)
- Make the Agent/Provision permission available in the global Security configuration when using matrixbased authorization strategies. (issue 72637)
- Remove the extra margin when viewing in read only mode. (pull 8938)
- Create an index page for heap dump creation. (pull 8929)
- Allow button clicks after closing an administrative monitor popup. (issue 72679)
- Developer: Grant access to more FilePath APIs. (pull 8924)
Kubernetes 1.29.2
Feature:
- Add process_start_time_seconds to /metrics/slis endpoint of all components (#122750, @richabanker) [SIG Architecture, Instrumentation and Testing]
- Kubernetes is now built with go 1.21.7
- update setcap/debian-base to bookworm-v1.0.1
- update distroless-iptables to v0.4.5 (#123218, @cpanato) [SIG API Machinery, Architecture, Cloud Provider, Release, Storage and Testing]
Bug or Regression:
- Fix deprecated version for pod_scheduling_duration_seconds that caused the metric to be hidden by default in 1.29. (#123042, @alculquicondor) [SIG Instrumentation and Scheduling]
- Fixed a bug in ValidatingAdmissionPolicy that caused policies which were using CRD parameters to fail to synchronize (#123080, @alexzielenski) [SIG API Machinery and Testing]
- Fixes a 1.29 regression in "kubeadm init" that caused a user-specified --kubeconfig file to be ignored. (#122792, @avorima) [SIG Cluster Lifecycle]
- Fixes a race condition in the iptables mode of kube-proxy in 1.27 and later that could result in some updates getting lost (e.g., when a service gets a new endpoint, the rules for the new endpoint might not be added until much later). (#122756, @hakman) [SIG Network]
- If a pvc has an empty storageClassName, persistentvolume controller won't try to assign a default StorageClass (#122704, @carlory) [SIG Apps and Storage]
- Kubeadm: do not upload kubelet patch configuration into kube-system/kubelet-config ConfigMap (#123108, @SataQiu) [SIG Cluster Lifecycle]
- Kubeadm: fix a bug where the --rootfs global flag does not work with "kubeadm upgrade node" for control plane nodes. (#123096, @neolit123) [SIG Cluster Lifecycle]
PHP Interpreter 8.3.3
Core:
Fixed timer leak in zend-max-execution-timers builds.
Fixed bug GH-12349 (linking failure on ARM with mold).
Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception).
Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed when used in trait).
Fixed bug GH-13215 (GCC 14 build failure).
Curl:
Fix missing error check in curl_multi_init().
FPM:
Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path).
GD:
Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90).
LibXML:
Fix crashes with entity references and predefined entities.
MySQLnd:
Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes).
Opcache:
Fixed bug GH-13145 (strtok() is not comptime).
Fixed type inference of range().
Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on).
OpenSSL:
Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier).
PDO_Firebird:
Fix GH-13119 (Changed to convert float and double values into strings using `H` format).
Phar:
Fixed bug #71465 (PHAR doesn't know about litespeed).
Fixed bug GH-13037 (PharData incorrectly extracts zip file).
Random:
Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines).
Session:
Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader).
Standard:
Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault).
Streams:
Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail).
RabbitMQ 3.12.13
Core Broker
Bug Fixes:
- When a channel is closed, its consumer metric samples will now be cleared differently
depending on the number of them. In #9356, it was over optimized for the uncommon case with
a very large number of consumers per channel, hurting the baseline case with one or a few consumers
per channel.
CLI Tools
Enhancement:
- CLI tool startup time was reduced.
GitHub issue: #10461
Bug Fixes:
- JSON output formatter now avoids ANSI escape sequences.
- ANSI escape sequences are no longer used on Windows.
Stream Plugin
Bug Fixes:
- If a stream publisher cannot be set up, a clearer message will be logged.
Management Plugin
Bug Fixes:
- GET /api/nodes/{name} failed with a 500 when called with a non-existed node name.
Shovel Plugin
Bug Fixes:
- AMQP 1.0 Shovels will no longer set a delivery mode header that is not meaningful in AMQP 1.0.
Federation Plugin
Bug Fixes:
- Upstream node shutdown could produce a scary looking exception in the log.
- Exchange federation links could run into an exception.
Solr 9.5.0
New Features (3):
- SOLR-17006: Collection creation & adding replicas: User-defined properties are persisted to state.json and applied to new replicas, available for use as property substitution in configuration files.
- SOLR-16974: Circuit Breakers can now be configured globally
- SOLR-16743: When using TLS, Solr can now auto-reload the keystore and truststore without the need to restart the process. This is enabled by default when running with TLS and can be disabled or configured in solr.in.sh
Improvements (24):
- SOLR-17053: Distributed search with shards.tolerant: if all shards fail, fail the request
- SOLR-16924: RESTORECORE now sets the UpdateLog to ACTIVE state instead of requiring a separate REQUESTAPPLYUPDATES call in Collection restore.
- SOLR-16907: Fail when parsing an invalid custom permission definition from security.json
- SOLR-13748: Add support for mm (min should match) parameter to bool query parser
- SOLR-17046: SchemaCodecFactory is now the implicit default codec factory.
- SOLR-16943: Extend Solr client tracing coverage to both Jetty Client and Apache HttpClient
- SOLR-16397: Swap core v2 endpoints have been updated to be more REST-ful. SWAP is now available at `POST /api/cores/coreName/swap`
- SOLR-17011: Add tracing spans to internal collection commands
- SOLR-17041: Make CommitTracker currentTlogSize lazy
- SOLR-16397: The rename-core v2 endpoint has been updated to be more REST-ful. RENAME is now available at `POST /api/cores/coreName/rename`
- SOLR-17035: Add trace id to jetty thread names to improve debuggability via stack traces
- SOLR-17079: Allow to declare replica placement plugins in solr.xml
- SOLR-16959: Make the internal CoreSorter implementation configurable in solr.xml
- SOLR-17050: Use compact JSON for Learning to Rank (LTR) feature and model storage.
- SOLR-17094: Close objects contained inside an ObjectCache.
- SOLR-16577: Ensure core load failures are always logged.
- SOLR-17063: Do not retain log param references in LogWatcher
- SOLR-17066: SolrClient builders now allow users to specify a "default" collection or core using the `withDefaultCollection` method. Use of the Builder methods is preferable to including the collection in the base URL accepted by certain client implementations.
- SOLR-15960: Unified use of system properties and environment variables
- SOLR-16397: The MERGEINDEXES v2 endpoint has been updated to be more REST-ful. MERGEINDEXES is now available at `POST /api/cores/coreName/merge-indices`
- PR#2186: Include the external file name in the log instead of the hard-coded value in FileFloatSource.java.
- SOLR-17096: solr.xml now supports declaring clusterSingleton plugins
- SOLR-16397: The v2 endpoint to request the status of asynchronous CoreAdmin commands has been updated to be more REST-ful. Now available at `GET /api/node/commands/someRequestId`
- SOLR-17068: bin/solr post CLI use of options is now aligned closely with bin/post CLI tool, and is consistently referenced throughout the Ref Guide and source code, and is used through out our tests. The bin/post tool remains and has been tested to work.
Optimizations (2):
- SOLR-17084: LBSolrClient (used by CloudSolrClient) now returns the count of core tracked as not live AKA zombies instead of the full list of cores. This list is potentially as long as the number of cores. When there are many cores, this leads to high CPU and memory usage.
- SOLR-17036: UpdateLog lazy creates VersionBucket large array, and VersionBucket do not keep the highest version anymore. This optimization reduces the memory usage, specially when the SolrCore is not used for indexing
Bug Fixes (11):
- SOLR-17045: DenseVectorField w/ vectorDimension > 1024 now work automatically with _default configset, due to implicit use of SchemaCodecFactory.
- SOLR-10653: When there's a UUIDField in the schema and atomic update touches another field the error occurs when leader updates replica
- SOLR-17093: Collection restore API command now returns "requestid" when executed asynchronously like other APIs
- SOLR-16952: In distributed i.e. multi-shard cloud mode returned dense vector 'fl' fields are now a list of numbers instead of strings.
- SOLR-17090: The v2 "delete alias" API no longer errantly returns a 405 status code
- SOLR-17121: Fix SchemaCodecFactory to get PostingsFormat and DocValues from field.
- SOLR-17116: The INSTALLSHARDDATA "collection-admin" API now reports errors correctly when run asynchronously.
- SOLR-17074: Fixed not correctly escaped quote in bin/solr script
- SOLR-17120: Fix NullPointerException in UpdateLog.applyOlderUpdates that can occur if there are multiple partial updates of the same document in separate requests using commitWithin.
- SOLR-17112: bin/solr script doesn't do ps properly on some systems.
- SOLR-17149: Backups on collections with too many shards fail due to restrictive Executor queue size
AWX 23.8.1
What's Changed:
- Fixed the pip-compile command when multiple files are passed in so that the command line would no longer parse it as one long file path (@jbradberry #14875)
- Removed the LDAP volume when cleaning all volumes (@thedoubl3j #14874)
- Increased lock down of websocket path (@chrismeyersfsu #14871)
- Silenced unnecessary setuptools-scm related error messages (@chrismeyersfsu #14827)
- Added multi-arch operator release changes (@rooftopcellist #14772)
- Fixed email with custom notifications to work properly (@dmzoneill #14839)
- Added dockerx make target for building AWX for ARM64 (@rooftopcellist #14774)
- Added iputils to the Dockerfile (@wolfsoldier47 #14338)
- Added support for websocket per-endpoint authentication (@chrismeyersfsu #14879)
- Added Python 3.12 dependencies (@dangoncalves #14869)
- Updated the command for the sos-report websocket relay status (@TheRealHaoLiu #14878)
- Updated the downtime setting to respect old downtime setting name if the user has already set it (@AlanCoding #14361)
- Added mesh ingress content to the Instances chapter of the AWX Administration Guide (@tvo318 #14854)
- Reverted the change to drop the cython dependencies (@AlanCoding #14884)
- Fixed the persistent breakage when cleaning up Github branches (@jbradberry #14887)
AWX Operator:
- Released with AWX Operator v2.12.1
OpenUpdate - February 15, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
runC Vulnerabilities
- Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
- The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
Apache Kafka 3.6.1
Improvement:
[KAFKA-15415] - In Java-client, backoff should be skipped for retried producer-batch to a new leader
[KAFKA-15596] - Upgrade ZooKeeper to 3.8.3
Bug:
[KAFKA-13973] - block-cache-capacity metrics worth twice as much as normal
[KAFKA-14767] - Gradle build fails with missing commitId after git gc
[KAFKA-15481] - Concurrency bug in RemoteIndexCache leads to IOException
[KAFKA-15491] - RackId doesn't exist error while running WordCountDemo
[KAFKA-15502] - Handle large keystores in SslEngineValidator
[KAFKA-15552] - Duplicate Producer ID blocks during ZK migration
[KAFKA-15571] - StateRestoreListener#onRestoreSuspended is never called because wrapper DelegatingStateRestoreListener doesn't implement onRestoreSuspended
[KAFKA-15602] - Breaking change in 3.4.0 ByteBufferSerializer
[KAFKA-15605] - Topics marked for deletion in ZK are incorrectly migrated to KRaft
[KAFKA-15607] - Possible NPE is thrown in MirrorCheckpointTask
[KAFKA-15644] - Fix CVE-2023-4586 in netty:handler
[KAFKA-15653] - NPE in ChunkedByteStream
[KAFKA-15658] - Zookeeper.jar | CVE-2023-44981
[KAFKA-15680] - Partition-Count is not getting updated Correctly in the Incremental Co-operative Rebalancing(ICR) Mode of Rebalancing
[KAFKA-15693] - Disabling scheduled rebalance delay in Connect can lead to indefinitely unassigned connectors and tasks
[KAFKA-15755] - LeaveGroupResponse v0-v2 should handle no members
[KAFKA-15771] - ProduceRequest#partitionSizes() is not an atomic operation
[KAFKA-15799] - ZK brokers incorrectly handle KRaft metadata snapshots
[KAFKA-15800] - Malformed connect source offsets corrupt other partitions with DataException
[KAFKA-15802] - Trying to access uncopied segments metadata on listOffsets
[KAFKA-15825] - KRaft controller writes empty state to ZK after migration
GitLab Security Release: 16.8.2, 16.7.5, 16.6.7
Table of fixes:
Title | Severity |
---|
Restrict group access token creation for custom roles | Medium |
Project maintainers can bypass group's scan result policy block_branch_modification setting | Medium |
ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax | Medium |
Resource exhaustion using GraphQL vulnerabilitiesCountByDay | Medium |
Non-Security Based Updates
Elasticsearch 8.12.1
Bug fixes:
Allocation
- Improve CANNOT_REBALANCE_CAN_ALLOCATE explanation #104904
Application
- [Connector API] Fix bug in configuration validation parser #104198
- [Connector API] Fix bug when triggering a sync job via API #104802
- [Profiling] Query in parallel on content nodes #104600
Data streams
- Data streams fix failure store delete #104281
- Fix _alias/<alias> returning non-matching data streams #104145 (issue: #96589)
Downsampling
- Downsampling supports date_histogram with tz #103511 (issue: #101309)
ES|QL
- Avoid execute ESQL planning on refresh thread #104591
- ESQL: Allow grouping by null blocks #104523
- ESQL: Fix SearchStats#count(String) to count values not rows #104891 (issue: #104795)
- Limit concurrent shards per node for ESQL #104832 (issue: #103666)
- Reduce the number of Evals ReplaceMissingFieldWithNull creates #104586 (issue: #104583)
Infra/Resiliency
- Limit nesting depth in Exception XContent #103741
Ingest Node
- Better handling of async processor failures #104289 (issue: #101921)
- Ingest correctly handle upsert operations and drop processors together #104585 (issue: #36746)
Machine Learning
- Add retry logic for 500 and 503 errors for OpenAI #103819
- Avoid possible datafeed infinite loop with filtering aggregations #104722 (issue: #104699)
- [LTR] FieldValueExtrator - Checking if fetched values is empty #104314
Network
- Fix lost headers with chunked responses #104808
Search
- Don’t throw error for remote shards that open PIT filtered out #104288 (issue: #102596)
Snapshot/Restore
- Fix deleting index during snapshot finalization #103817 (issue: #101029)
TSDB
- Fix routing_path when template has multiple path_match and multi-fields #104418 (issue: #104400)
Transform
- Fix bug when latest transform is used together with from parameter #104606 (issue: #104543)
Jenkins 2.444
- Prevent authenticated access to Resource Root URL. (issue 72636)
- Improve locale parsing for loading of localised help files. (issue 72627)
- Support noCertificateCheck with webSocket on the CLI. (issue 72532)
- Show error message in progressive logs on 4xx status codes. (issue 72509)
- Avoid stacktrace from artifactarchiver when no artifacts are found. (issue 71700)
- Upgrade Winstone to 6.18 in order to update Jetty from 10.0.18 to 10.0.20. (Winstone 6.15 changelog, Winstone 6.16 changelog, Winstone 6.17 changelog, Winstone 6.18 changelog, Jetty 10.0.18 changelog, Jetty 10.0.19 changelog, Jetty 10.0.20 changelog)
- Developer: Unrestricted FilePath.isDescendant (pull 8913)
- Introduce an API to be used by the Folders plugin to fix some corner cases involving branch project reloading. (issue 72613)
Kibana 8.12.1
Enhancements:
Elastic Security
- For the Elastic Security 8.12.1 release information, refer to Elastic Security Solution Release Notes.
Observability
- Adds defer_validation: true to transforms on creation to stop errors when the destination index doesn’t exist yet (#174463).
Bug Fixes:
Alerting
- Fixes context variables not being passed in to the action parameters when an alert- as-data document is available (#175682).
- Fixes the Rules page loosing user selections when navigating back (#174954).
- Fixes the custom threshold rendering in the create rule flyout (#174982).
APM
- Fixes a transactions error link for mobile (#174655).
- Increases the number of maximum function calls from 3 to 5 (#175588).
Dashboard
- Fixes a caching issue that caused problems updating dashboard information (#175635).
Elastic Security
- For the Elastic Security 8.12.1 release information, refer to Elastic Security Solution Release Notes.
Fleet
- Fixes the display of category label on the Integration overview page (#176141).
- Fixes conflicting dynamic template mappings for intermediate objects (#175970).
- Fixes reserved keys for Elasticsearch output YAML box (#175901).
- Prevent deletion of agent policies with inactive agents from UI (#175815).
- Fixes incorrect count of agents in bulk actions (#175318).
- Fixes a custom integrations not displaying on the Installed integrations page (#174804).
Lens & Visualizations
- Fixes a validation error for invalid formula and math columns in Lens (#175644).
Machine Learning
- Fixes Allocation rendering for failed deployments (#174882).
- Fixes an issue where a user could create an anomaly rule but couldn’t see it or interact with the rule via stack management (#174791).
Security
- Fixes API Key table sorting (#175813).
- Ensures all API Keys have a defined name (#175721).
- Fixes an issue with @kbn-handlebars, where nested inputs were not being escaped properly (#175490).
Logstash 8.12.1
- Updates bundled JDK #15840
Plugins:
Http Filter - 1.5.1
- Don’t process response when the body is empty. #50
Syslog_pri Filter - 3.2.1:
- Remove spurious leftover text from "use_labels" docs #15
Logstash Integration - 1.0.2
- Fix: input plugin now correctly applies common event decorators type, tags, and add_field to events after receiving them #21
PostgreSQL 16.2
E.1.2. Changes:
- Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (Heikki Linnakangas)
- One step of a concurrent refresh command was run under weak security restrictions. If a materialized view's owner could persuade a superuser or other high-privileged user to perform a concurrent refresh on that view, the view's owner could control code executed with the privileges of the user running REFRESH. Fix things so that all user-determined code is run as the view's owner, as expected.
- The only known exploit for this error does not work in PostgreSQL 16.0 and later, so it may be that v16 is not vulnerable in practice.
- The PostgreSQL Project thanks Pedro Gallegos for reporting this problem. (CVE-2024-0985)
- Fix memory leak when performing JIT inlining (Andres Freund, Daniel Gustafsson)
- There have been multiple reports of backend processes suffering out-of-memory conditions after sufficiently many JIT compilations. This fix should resolve that.
- Avoid generating incorrect partitioned-join plans (Richard Guo)
- Some uncommon situations involving lateral references could create incorrect plans. Affected queries could produce wrong answers, or odd failures such as “variable not found in subplan target list”, or executor crashes.
- Fix incorrect wrapping of subquery output expressions in PlaceHolderVars (Tom Lane)
- This fixes incorrect results when a subquery is underneath an outer join and has an output column that laterally references something outside the outer join's scope. The output column might not appear as NULL when it should do so due to the action of the outer join.
- Fix misprocessing of window function run conditions (Richard Guo)
- This oversight could lead to “WindowFunc not found in subplan target lists” errors.
- Fix detection of inner-side uniqueness for Memoize plans (Richard Guo)
- This mistake could lead to “cache entry already complete” errors.
- Fix computation of nullingrels when constant-folding field selection (Richard Guo)
- Failure to do this led to errors like “wrong varnullingrels (b) (expected (b 3)) for Var 2/2”.
- Skip inappropriate actions when MERGE causes a cross-partition update (Dean Rasheed)
- When executing a MERGE UPDATE action on a partitioned table, if the UPDATE is turned into a DELETE and INSERT due to changing a partition key column, skip firing AFTER UPDATE ROW triggers, as well as other post-update actions such as RLS checks. These actions would typically fail, which is why a regular UPDATE doesn't do them in such cases; MERGE shouldn't either.
- Cope with BEFORE ROW DELETE triggers in cross-partition MERGE updates (Dean Rasheed)
- If such a trigger attempted to prevent the update by returning NULL, MERGE would suffer an error or assertion failure.
- Prevent access to a no-longer-pinned buffer in BEFORE ROW UPDATE triggers (Alexander Lakhin, Tom Lane)
- If the tuple being updated had just been updated and moved to another page by another session, there was a narrow window where we would attempt to fetch data from the new tuple version without any pin on its buffer. In principle this could result in garbage data appearing in non-updated columns of the proposed new tuple. The odds of problems in practice seem rather low, however.
- Avoid requesting an oversize shared-memory area in parallel hash join (Thomas Munro, Andrei Lepikhov, Alexander Korotkov)
- The limiting value was too large, allowing “invalid DSA memory alloc request size” errors to occur with sufficiently large expected hash table sizes.
- Fix corruption of local buffer state when an error occurs while trying to extend a temporary table (Tender Wang)
- Fix use of wrong tuple slot while evaluating DISTINCT aggregates that have multiple arguments (David Rowley)
- This mistake could lead to errors such as “attribute 1 of type record has wrong type”.
- Avoid assertion failures in heap_update() and heap_delete() when a tuple to be updated by a foreign-key enforcement trigger fails the extra visibility crosscheck (Alexander Lakhin)
- This error had no impact in non-assert builds.
- Fix possible failure during ALTER TABLE ADD COLUMN on a complex inheritance tree (Tender Wang)
- If a grandchild table would inherit the new column via multiple intermediate parents, the command failed with “tuple already updated by self”.
- Fix problems with duplicate token names in ALTER TEXT SEARCH CONFIGURATION ... MAPPING commands (Tender Wang, Michael Paquier)
- Fix DROP ROLE with duplicate role names (Michael Paquier)
- Previously this led to a “tuple already updated by self” failure. Instead, ignore the duplicate.
- Properly lock the associated table during DROP STATISTICS (Tomas Vondra)
- Failure to acquire the lock could result in “tuple concurrently deleted” errors if the DROP executes concurrently with ANALYZE.
- Fix function volatility checking for GENERATED and DEFAULT expressions (Tom Lane)
- These places could fail to detect insertion of a volatile function default-argument expression, or decide that a polymorphic function is volatile although it is actually immutable on the datatype of interest. This could lead to improperly rejecting or accepting a GENERATED clause, or to mistakenly applying the constant-default-value optimization in ALTER TABLE ADD COLUMN.
- Detect that a new catalog cache entry became stale while detoasting its fields (Tom Lane)
- We expand any out-of-line fields in a catalog tuple before inserting it into the catalog caches. That involves database access which might cause invalidation of catalog cache entries — but the new entry isn't in the cache yet, so we would miss noticing that it should get invalidated. The result is a race condition in which an already-stale cache entry could get made, and then persist indefinitely. This would lead to hard-to-predict misbehavior. Fix by rechecking the tuple's visibility after detoasting.
- Fix edge-case integer overflow detection bug on some platforms (Dean Rasheed)
- Computing 0 - INT64_MIN should result in an overflow error, and did on most platforms. However, platforms with neither integer overflow builtins nor 128-bit integers would fail to spot the overflow, instead returning INT64_MIN.
- Detect Julian-date overflow when adding or subtracting an interval to/from a timestamp (Tom Lane)
- Some cases that should cause an out-of-range error produced an incorrect result instead.
- Add more checks for overflow in interval_mul() and interval_div() (Dean Rasheed)
- Some cases that should cause an out-of-range error produced an incorrect result instead.
- Allow scram_SaltedPassword() to be interrupted (Bowen Shi)
- With large scram_iterations values, this function could take a long time to run. Allow it to be interrupted by query cancel requests.
- Ensure cached statistics are discarded after a change to stats_fetch_consistency (Shinya Kato)
- In some code paths, it was possible for stale statistics to be returned.
- Make the pg_file_settings view check validity of unapplied values for settings with backend or superuser-backend context (Tom Lane)
- Invalid values were not noted in the view as intended. This escaped detection because there are very few settings in these groups.
- Match collation too when matching an existing index to a new partitioned index (Peter Eisentraut)
- Previously we could accept an index that has a different collation from the corresponding element of the partition key, possibly leading to misbehavior.
- Avoid failure if a child index is dropped concurrently with REINDEX INDEX on a partitioned index (Fei Changhong)
- Fix insufficient locking when cleaning up an incomplete split of a GIN index's internal page (Fei Changhong, Heikki Linnakangas)
- The code tried to do this with shared rather than exclusive lock on the buffer. This could lead to index corruption if two processes attempted the cleanup concurrently.
- Avoid premature release of buffer pin in GIN index insertion (Tom Lane)
- If an index root page split occurs concurrently with our own insertion, the code could fail with “buffer NNNN is not owned by resource owner”.
- Avoid failure with partitioned SP-GiST indexes (Tom Lane)
- Trying to use an index of this kind could lead to “No such file or directory” errors.
- Fix ownership tests for large objects (Tom Lane)
- Operations on large objects that require ownership privilege failed with “unrecognized class ID: 2613”, unless run by a superuser.
- Fix ownership change reporting for large objects (Tom Lane)
- A no-op ALTER LARGE OBJECT OWNER command (that is, one selecting the existing owner) passed the wrong class ID to the PostAlterHook, probably confusing any extension using that hook.
- Fix reporting of I/O timing data in EXPLAIN (BUFFERS) (Michael Paquier)
- The numbers labeled as “shared/local” actually refer only to shared buffers, so change that label to “shared”.
- Ensure durability of CREATE DATABASE (Noah Misch)
- If an operating system crash occurred during or shortly after CREATE DATABASE, recovery could fail, or subsequent connections to the new database could fail. If a base backup was taken in that window, similar problems could be observed when trying to use the backup. The symptom would be that the database directory, PG_VERSION file, or pg_filenode.map file was missing or empty.
- Add more LOG messages when starting and ending recovery from a backup (Andres Freund)
- This change provides additional information in the postmaster log that may be useful for diagnosing recovery problems.
- Prevent standby servers from incorrectly processing dead index tuples during subtransactions (Fei Changhong)
- The startedInRecovery flag was not correctly set for a subtransaction. This affects only processing of dead index tuples. It could allow a query in a subtransaction to ignore index entries that it should return (if they are already dead on the primary server, but not dead to the standby transaction), or to prematurely mark index entries as dead that are not yet dead on the primary. It is not clear that the latter case has any serious consequences, but it's not the intended behavior.
- Fix signal handling in walreceiver processes (Heikki Linnakangas)
- Revert a change that made walreceivers non-responsive to SIGTERM while waiting for the replication connection to be established.
- Fix integer overflow hazard in checking whether a record will fit into the WAL decoding buffer (Thomas Munro)
- This bug appears to be only latent except when running a 32-bit PostgreSQL build on a 64-bit platform.
- Fix deadlock between a logical replication apply worker, its tablesync worker, and a session process trying to alter the subscription (Shlok Kyal)
- One edge of the deadlock loop did not involve a lock wait, so the deadlock went undetected and would persist until manual intervention.
- Ensure that column default values are correctly transmitted by the pgoutput logical replication plugin (Nikhil Benesch)
- ALTER TABLE ADD COLUMN with a constant default value for the new column avoids rewriting existing tuples, instead expecting that reading code will insert the correct default into a tuple that lacks that column. If replication was subsequently initiated on the table, pgoutput would transmit NULL instead of the correct default for such a column, causing incorrect replication on the subscriber.
- Fix failure of logical replication's initial sync for a table with no columns (Vignesh C)
- This case generated an improperly-formatted COPY command.
- Re-validate a subscription's connection string before use (Vignesh C)
- This is meant to detect cases where a subscription was created without a password (which is allowed to superusers) but then the subscription owner is changed to a non-superuser.
- Return the correct status code when a new client disconnects without responding to the server's password challenge (Liu Lang, Tom Lane)
- In some cases we'd treat this as a loggable error, which was not the intention and tends to create log spam, since common clients like psql frequently do this. It may also confuse extensions that use ClientAuthentication_hook.
- Fix incompatibility with OpenSSL 3.2 (Tristan Partin, Bo Andreson)
- Use the BIO “app_data” field for our private storage, instead of assuming it's okay to use the “data” field. This mistake didn't cause problems before, but with 3.2 it leads to crashes and complaints about double frees.
- Be more wary about OpenSSL not setting errno on error (Tom Lane)
- If errno isn't set, assume the cause of the reported failure is read EOF. This fixes rare cases of strange error reports like “could not accept SSL connection: Success”.
- Fix file descriptor leakage when a foreign data wrapper's ForeignAsyncRequest function fails (Heikki Linnakangas)
- Fix minor memory leak in connection string validation for CREATE SUBSCRIPTION (Jeff Davis)
- Report ENOMEM errors from file-related system calls as ERRCODE_OUT_OF_MEMORY, not ERRCODE_INTERNAL_ERROR (Alexander Kuzmenkov)
- In PL/pgSQL, support SQL commands that are CREATE FUNCTION/CREATE PROCEDURE with SQL-standard bodies (Tom Lane)
- Previously, such cases failed with parsing errors due to the semicolon(s) appearing in the function body.
- Fix libpq's handling of errors in pipelines (Álvaro Herrera)
- The pipeline state could get out of sync if an error is returned for reasons other than a query problem (for example, if the connection is lost). Potentially this would lead to a busy-loop in the calling application.
- Make libpq's PQsendFlushRequest() function flush the client output buffer under the same rules as other PQsend functions (Jelte Fennema-Nio)
- In pipeline mode, it may still be necessary to call PQflush() as well; but this change removes some inconsistency.
- Avoid race condition when libpq initializes OpenSSL support concurrently in two different threads (Willi Mann, Michael Paquier)
- Fix timing-dependent failure in GSSAPI data transmission (Tom Lane)
- When using GSSAPI encryption in non-blocking mode, libpq sometimes failed with “GSSAPI caller failed to retransmit all data needing to be retried”.
- Change initdb to always un-comment the postgresql.conf entries for the lc_xxx parameters (Kyotaro Horiguchi)
- initdb used to work this way before v16, and now it does again. The change caused initdb's --no-locale option to not have the intended effect on lc_messages.
- In pg_dump, don't dump RLS policies or security labels for extension member objects (Tom Lane, Jacob Champion)
- Previously, commands would be included in the dump to set these properties, which is really incorrect since they should be considered as internal affairs of the extension. Moreover, the restoring user might not have adequate privilege to set them, and indeed the dumping user might not have enough privilege to dump them (since dumping RLS policies requires acquiring lock on their table).
- In pg_dump, don't dump an extended statistics object if its underlying table isn't being dumped (Rian McGuire, Tom Lane)
- This conforms to the behavior for other dependent objects such as indexes.
- Properly detect out-of-memory in one code path in pg_dump (Daniel Gustafsson)
- Make it an error for a pgbench script to end with an open pipeline (Anthonin Bonnefoy)
- Previously, pgbench would behave oddly if a \startpipeline command lacked a matching \endpipeline. This seems like a scripting mistake rather than a case that pgbench needs to handle nicely, so throw an error.
- In contrib/bloom, fix overly tight assertion about false_positive_rate (Alexander Lakhin)
- Fix crash in contrib/intarray if an array with an element equal to INT_MAX is inserted into a gist__int_ops index (Alexander Lakhin, Tom Lane)
- Report a better error when contrib/pageinspect's hash_bitmap_info() function is applied to a partitioned hash index (Alexander Lakhin, Michael Paquier)
- Report a better error when contrib/pgstattuple's pgstathashindex() function is applied to a partitioned hash index (Alexander Lakhin)
- On Windows, suppress autorun options when launching subprocesses in pg_ctl and pg_regress (Kyotaro Horiguchi)
- When launching a child process via cmd.exe, pass the /D flag to prevent executing any autorun commands specified in the registry. This avoids possibly-surprising side effects.
- Move is_valid_ascii() from mb/pg_wchar.h to utils/ascii.h (Jubilee Young)
- This change avoids the need to include <simd.h> in pg_wchar.h, which was causing problems for some third-party code.
- Fix compilation failures with libxml2 version 2.12.0 and later (Tom Lane)
- Fix compilation failure of WAL_DEBUG code on Windows (Bharath Rupireddy)
- Suppress compiler warnings from Python's header files (Peter Eisentraut, Tom Lane)
- Our preferred compiler options provoke warnings about constructs appearing in recent versions of Python's header files. When using gcc, we can suppress these warnings with a pragma.
- Avoid deprecation warning when compiling with LLVM 18 (Thomas Munro)
- Update time zone data files to tzdata release 2024a for DST law changes in Greenland, Kazakhstan, and Palestine, plus corrections for the Antarctic stations Casey and Vostok. Also historical corrections for Vietnam, Toronto, and Miquelon.
Sonatype Nexus Repository 3.65.0
NEXUS-34334:
- If the rebuild index task triggers an ElasticSearchException, one repository failing will no longer prevent task completion or affect the other repositories. Added an error message to alert the user if a repository does fail.
NEXUS-34968:
- Attempting to download an asset with a missing blob from a proxy repository in a PostgreSQL or H2 deployment no longer results in an immediate 500 error. Sonatype Nexus Repository automatically attempts to re-fetch the asset from remote as expected.
NEXUS-36807:
- Made changes to improve cleanup policy preview performance.
NEXUS-39665:
- Resolved an issue that was preventing some installations of a package from a group repository with a certain private proxy repository member.
NEXUS-39881:
- The package-specific index page for a Python package requested from a proxy repository now displays the non-truncated package name as expected.
NEXUS-40111:
- Resolved an issue that was causing some Yum assets to be shown as "components" in the Sonatype Nexus Repository UI.
NEXUS-40213:
- Addressed an issue impacting HA deployments where tokens after a wildcards in component searches were being dropped (e.g. for searches like “nexus*core”).
NEXUS-40378:
- Searching components by exact tag in an HA environment now returns an exact match as expected.
NEXUS-40680:
- Associating a tag with a component used to operate on a loose match; it now uses an exact match as expected. For example, associating a tag with a .jar with the version “1.0.0” used to associate that tag with all components that had “1.0.0” in the version number. Now, it will associate with the exact version match only unless you use a wildcard.
NEXUS-40987:
- Resolved an issue that was causing some PostgreSQL HA deployments to have excessive errors written to logs despite requests working as expected.
NEXUS-40994:
- In HA environments, performing an exact-match search for components where the group ID or artifact ID contain an underscore now returns exact-match results as expected.
NEXUS-41211:
- Added clarifying documentation regarding changes in NuGet client compatibility with Sonatype Nexus Repository:
- In Sonatype Nexus Repository release 3.43.0, we added compatibility with official NuGet v2 clients. The supported subset of the legacy NuGet v2 protocol is the same as that supported by Microsoft's NuGet Gallery, http://nuget.org. Use cases that rely on the deprecated parts of the v2 API are not supported, including many common Chocolatey use cases and some custom OData queries.
OpenUpdate - February 8, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
runC vulnerabilities
- Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
- The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
CVE-2023-6246
- Heap-based buffer overflow in the glibc's syslog
Non-Security Based Updates
Docker Compose 2.24.5
Fixes
- Fix for failed to solve: changes out of order errors while building images on Windows (#11426)
Full Changelog
- Fix canonical container name in --dry-run by @jhrotko in #11425
- ci(deps): replace buildkit to fix fsutil issues on Windows by @crazy-max in #11426
- chore(e2e): fix flaky test & standalone behavior by @milas in #11382
EtcD 3.5.12
etcd server
- Add livez/readyz HTTP endpoints
- Fix not validating database consistent index, and panicking on nil backend
- Document experimental-enable-lease-checkpoint-persist flag in etcd help
- Fix needlessly flocking snapshot files when deleting
- Add digest for etcd base image
- Fix delete inconsistencies in read buffer
Dependencies
- Compile binaries using go 1.20.13
- Upgrade golang.org/x/crypto to v0.17+ to address CVE-2023-48795
Jenkins 2.443
Community reported issues: 2×JENKINS-72592
- Find selected radio option when validating instead of the last one. (issue 72505)
- Fix missing folder icons. (issue 72407)
- A security fix in 2.394 caused a substantial slowdown in displaying build artifacts when using remote artifact managers such as in S3. (pull 8874)
- Adjust heap dump file name for compatibility with OpenJDK file suffix requirements. (issue 72579)
- Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42. (issue 72603)
Keycloak 23.0.6
Bugs
- #26427 Operator CSV uses wrong format for `createdAt` field operator
- #26597 Keycloak UI meets "Internal Sever Error" after save "Refresh Token Max Reuse" number core
- #26665 Unable to modify access token lifespan at realm level. Keycloak stops working. core
AWX 23.7.0
What's Changed
- Added the "address" property to the AWX CyberArk Central Credential Provider plugin (@Nenodema #14742)
- Fixed port conflicts when running other Ansible dev environments (@slemrmartin #14701)
- Updated date to 2024 in the conf.py file for documentation (@tvo318 #14743)
- Added support for Bitbucket Data Center webhooks (@puiterwijk #14674)
- Updated execution environment documentation link (@auatr #14741)
- Updated the django-ansible-base dependency (@TheRealHaoLiu #14752)
- Built the awxkit source distribution bundle to also upload to PyPI (@jbradberry #14757)
- Added django-ansible-base settings (@jessicamack #14768)
- Fixed linting error in SubscriptionUsageChart (@mabashian #14765)
- Added secure flag option for userLoggedIn cookie if SESSION_COOKIE_SECURE is set to True (@CastawayEGR #14762)
- Added a new setting for pg_notify listener DB settings and added a keepalive (@AlanCoding #14755)
- Updated imports for the django-ansible-base split (@jessicamack #14783)
- Fixed/updated URL for “Passing Variables on the Command Line" link in the Job Templates chapter of the User Guide (@tvo318 #14763)
- Updated pointer to the ansible repo for the django-ansible-base requirement (@jessicamack #14793)
- Joined the awx node(s) on a service-mesh docker network so they can be proxied to (@chrismeyersfsu #14795)
- Bumped Jinja2 from 3.1.2 to 3.1.3 in /docs/docsite (@dependabot #14764)
- Added retries to requests sessions in HashiCorp Vault (@kwevers #14740)
- Added username/password and LDAP support for HashiCorp Vault credential plugin (@djyasin #14654)
- Specified Docker network with multiple networks (@chrismeyersfsu #14806)
- Obtained and installed JWT updates from DAB (@chrismeyersfsu #14805)
- Replaced old Tower documentation link with new AWX docs link (@samccann #14801)
- Adopted new rules from black upgrade (@AlanCoding #14809)
- Added hop node documentation and improved information about execution nodes in the Managing Capacity With Instances chapter of the Administration Guide (@tvo318 #14787)
- Fixed nginx append slash to respect proxy (@kdelee #14814)
- Added a section that references how to setup a private image for default execution environments in the Managing Capacity With Instances chapter of the Administration Guide (@tvo318 #14815)
- Updated the notebook feature in the development environment to prevent EDA port conflicts (@chrismeyersfsu #14821)
OpenJ9 0.43.0
- jdk11 - Don't cache instances of TemporaryLoggerFinder
- Make java.lang.Thread.container a known field
- Convert jvmtiThread.c to jvmtiThread.cpp
- Add JVMTI synchronization in JVM_VirtualThreadHideFrames
- Use correct GC flag in HCR dark matter cleanup
- Increase the wait time for checkpoint safety
- The java.compiler system property is obsolete in jdk21+
OpenUpdate - February 1, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Jenkins 2.442
Arbitrary file read vulnerability through the CLI can lead to RCE
SECURITY-3314 / CVE-2024-23897
Severity (CVSS): Critical
Description:
- Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment.
- Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it.
- This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process.
- Attackers with Overall/Read permission can read entire files.
- Attackers without Overall/Read permission can read the first few lines of files. The number of lines that can be read depends on available CLI commands. As of publication of this advisory, the Jenkins security team has found ways to read the first three lines of files in recent releases of Jenkins without having any plugins installed, and has not identified any plugins that would increase this line count.
- Binary files containing cryptographic keys used for various Jenkins features can also be read, with some limitations (see note on binary files below). As of publication, the Jenkins security team has confirmed the following possible attacks in addition to reading contents of all files with a known file path. All of them leverage attackers' ability to obtain cryptographic keys from binary files, and are therefore only applicable to instances where that is feasible.
Apache Cassandra 4.0.12
* Skip version check if an endpoint is dead state in Gossiper#upgradeFromVersionSupplier (CASSANDRA-19187)
* Fix Gossiper::hasMajorVersion3Nodes to return false during minor upgrade (CASSANDRA-18999)
* Revert unnecessary read lock acquisition when reading ring version in TokenMetadata introduced in CASSANDRA-16286 (CASSANDRA-19107)
* Support max SSTable size in sorted CQLSSTableWriter (CASSANDRA-18941)
* Fix nodetool repair_admin summarize-pending command to not throw exception (CASSANDRA-19014)
* Fix cassandra-stress in simplenative mode with prepared statements (CASSANDRA-18744)
* Fix filtering system ks sstables for relocation on startup (CASSANDRA-18963)
* Remove completed coordinator sessions (CASSANDRA-18903)
* Make StartupConnectivityChecker only run a connectivity check if there are no nodes which are running a version prior to Cassandra 4 (CASSANDRA-18968)
* Retrieve keyspaces metadata and schema version concistently in DescribeStatement (CASSANDRA-18921)
* Gossip NPE due to shutdown event corrupting empty statuses (CASSANDRA-18913)
* Synchronize CQLSSTableWriter#build on the Schema.instance object (CASSANDRA-18317)
* Fix closing iterator in SecondaryIndexBuilder (CASSANDRA-18361)
* Update hdrhistogram to 2.1.12 (CASSANDRA-18893)
* Improve performance of compactions when table does not have an index (CASSANDRA-18773)
* JMH improvements - faster build and async profiler (CASSANDRA-18871)
* Enable 3rd party JDK installations for Debian package (CASSANDRA-18844)
* Fix NTS log message when an unrecognized strategy option is passed (CASSANDRA-18679)
* Fix BulkLoader ignoring cipher suites options (CASSANDRA-18582)
* Migrate Python optparse to argparse (CASSANDRA-17914)
Merged from 3.11:
* Fix delayed SSTable release with unsafe_aggressive_sstable_expiration (CASSANDRA-18756)
* Revert CASSANDRA-18543 (CASSANDRA-18854)
* Fix NPE when using udfContext in UDF after a restart of a node (CASSANDRA-18739)
* Moved jflex from runtime to build dependencies (CASSANDRA-18664)
Merged from 3.0:
* Suppress CVE-2023-6378 (CASSANDRA-19142)
* Do not set RPC_READY to false on transports shutdown in order to not fail counter updates for deployments with coordinator and storage nodes with transports turned off (CASSANDRA-18935)
* Suppress CVE-2023-44487 (CASSANDRA-18943)
* Fix nodetool enable/disablebinary to correctly set rpc readiness in gossip (CASSANDRA-18935)
* Implement the logic in bin/stop-server (CASSANDRA-18838)
* Upgrade snappy-java to 1.1.10.4 (CASSANDRA-18878)
* Add cqlshrc.sample and credentials.sample into Debian package (CASSANDRA-18818)
* Refactor validation logic in StorageService.rebuild (CASSANDRA-18803)
* Make alternation of a user type validate the same way as creation of a user type does (CASSANDRA-18585)
* Backport of CASSANDRA-16905 Further restrict schema column drop/recreate conversions (CASSANDRA-18760)
* CQLSH emits a warning when the server version doesn't match (CASSANDRA-18745)
* Fix missing speculative retries in tablestats (CASSANDRA-18767)
* Fix Requires for Java for RPM package (CASSANDRA-18751)
* Fix CQLSH online help topic link (CASSANDRA-17534)
* Remove unused suppressions (CASSANDRA-18724)
Non-Security Based Updates
ActiveMQ Artemis 2.32.0
Bug:
* [ARTEMIS-4415] - org.apache.activemq.artemis.tests.integration.server.LVQTest#testMultipleMessages fails intermittently
* [ARTEMIS-4585] - Mirror may fail with previously created SNF queues if metrics plugin is in use
Improvement:
* [ARTEMIS-4579] - Add the *FirstMessage* API for scheduled messages
Docker Compose 2.24.3
Internal:
introduce stopAndRemoveContainer to share logic scaling down
Grafana 10.3.1
-Navigation updates*
-Table data in PDF reports
-Dashboards and visualizations
-Canvas visualization supports pan and zoom
-Data visualization quality of life improvements
-New Transformations UI experience and documentation upgrades
-Profiles
-Alerting
Wildfly 31.0.0
Application Server Features
- MicroProfile updates — We’ve updated our MicroProfile subsystems to the versions in MicroProfile 6.1. (We don’t support MicroProfile Metrics, so we are not a compatible MicroProfile 6.1 Platform implementation, but otherwise we do aim to keep up with the platform).
- Hibernate — I always hear a lot of community demand for updates to our Hibernate integration, so I’m pleased that in WildFly 31 we were able to move from Hibernate ORM 6.2 up to the 6.4.2 release, the latest available ORM version. Along with that we were able to move to Hibernate Search 7.0.
- Jakarta MVC 2.1 — In WildFly Preview we added support for Jakarta MVC, using the implementation provided by the Eclipse Krazo project. WildFly Preview provides a new mvc-krazo subsystem, along with a new mvc-krazo Galleon layer that you can add to your provisioning configuration. Please try it out and give us feedback. We hope to bring this subsystem to standard WildFly later this year.
- AMQP and Reactive Messaging — The MicroProfile Reactive Messaging subsystem now allows exchanging of messages with an AMQP broker via version 1.0 of the AMQP protocol.
- Subsystem authoring — WildFly Core 23 now includes two new Maven modules, subsystem and service. Both of these aim to make developing and maintaining WildFly extensions easier and more productive. The subsystem module library assists you in writing a proper subsystem configuration model and management API, while the service module helps you properly integrate your subsystem with WildFly’s service container.
- Stability levels — WildFly 31 introduces the notion of server functionality having four different stability levels (experimental, preview, community, default), with users having the ability when starting WildFly to opt into making less stable features available, or to restrict WildFly to only providing the most stable features. This is part of the overall feature development strategy I outlined last November. In WildFly 31 we’re just getting started with this — introducing the core capability to the server and adding one new feature at the community stability level….
- Configuration export — That community level feature allows you to use the CLI to export a WildFly server’s configuration to a file that can then be used for another server. WildFly has long allowed you to read the server configuration in the CLI, but the presentation format was not well suited to taking the information and using it elsewhere. This has been enhanced. A particular use case for this would be exporting a domain-mode server’s configuration, where the resulting file can be used to run an equivalent standalone server.
Keycloak 23.0.5
Fix compilation error with ServerInfoAdminResource
Fix logic error in AbstractOAuth2IdentityProvider
fixed possible undefined enabled flag
Fix search in group picker dialog
Fix missing CRD metadata in Operator CSV
Fix typo in the balloon help of SAML Username Template Importer
Revert "Fix lowerCaseHostname to lower-case scheme and host properly"
Node.js 21.6.1
This release fixes a bug in undici using WebStreams
Commits:
[662ac95729] - Revert "stream: fix cloned webstreams not being unref'd" (Matteo Collina) #51491
Prometheus 2.45.3
This release contains security fixes in dependencies and has been built with go1.21.6. #13450.
[BUGFIX] TSDB: Remove double memory snapshot on shutdown. #13110
OpenUpdate - January 24, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Solr 9.4.1
Bug Fixes:
- SOLR-17039: Entropy calculation in bin/solr script fails in Docker due to missing 'bc' cmd
- SOLR-17057: JSON Query regression: If "query" is specified with a String (not JSON structure), "defType" should parse it. Since 9.4 defType was ignored.
- SOLR-6853: Allow '/' characters in the text managed by Managed Resources API.
- SOLR-17060: CoreContainer#create may deadlock with concurrent requests for metrics
- SOLR-17098: ZK Credentials and ACLs are no longer sent to all ZK Servers when using Streaming Expressions. They will only be used when sent to the default ZK Host.
- SOLR-16203: Properly initialize schema plugins loaded by SPI name
- CVE-2023-50290: Apache Solr allows read access to host environment variables
Non-Security Based Updates
MySQL 8.3.6
Audit Log Notes:
Compilation Notes:
- Microsoft Windows: MySQL did not compile correctly using Visual Studio 2022. (Bug #35967676)
- Improved the
-DWITH_ZLIB=system
check. (Bug #35968195) - For compiling on Linux, changed the
no-error=deprecated-declarations
flag to no-deprecated-declarations
for the OpenSSL 3 library.
Our thanks to karry zhang for the contribution. (Bug #112209, Bug #35755328)
Optimizer Notes:
- The hashing algorithm employed yielded poor performance when using a
HASH
field to check for uniqueness. (Bug #109548, Bug #34959356)
Packaging Notes:
- Important Change: The GnuPG build key (
A8D3785C
) used to sign MySQL downloadable packages has been updated. The previous GnuPG build key (3A79BD29
) expired on 2023-12-14. For information about verifying the integrity and authenticity of MySQL downloadable packages using GnuPG signature checking, or to obtain a copy of our public GnuPG build key, see Signature Checking Using GnuPG.
Due to the GnuPG key update, systems configured to use repo.mysql.com
may report a signature verification error when upgrading to MySQL 8.0.36 and higher or to MySQL 8.3.0 and higher using apt
or yum
. Use one of the following methods to resolve this issue:
- Manually reinstall the MySQL APT or YUM repository setup package from https://dev.mysql.com/downloads/.
- Download the MySQL GnuPG public key and add it your system GPG keyring.
Performance Schema Notes:
- When executing a stored program, the Performance Schema instrumentation caused some unnecessary overhead.
As of this release, all stored procedure micro instructions (statement/sp/%
), except statement/sp/stmt
, are disabled by default. (Bug #27934653)
- The performance of the Performance Schema statement instrumentation has been improved. Specifically, collecting
MESSAGE_TEXT
data is now more efficient. (Bug #112621, Bug #35916912)
Pluggable Authentication:
- Beginning with this release, the behavior of the
AUTHENTICATION_PAM_LOG
environment variable used in debugging the PAM authentication plugin is changed as follows:- Setting
AUTHENTICATION_PAM_LOG
to an arbitrary value (except as noted in the next item) no longer includes passwords in its diagnostic messages. - To include passwords in the diagnostic messages, set
AUTHENTICATION_PAM_LOG=PAM_LOG_WITH_SECRET_INFO
.
For more information, see PAM Authentication Debugging. (Bug #74313, Bug #20042010)
Functionality Added or Changed:
- Important Change: For platforms on which OpenSSL libraries are bundled, the linked OpenSSL library for MySQL Server has been updated to version 3.0.12. Issues fixed in OpenSSL version 3.0.12 are described at https://www.openssl.org/news/cl30.txt. (Bug #36033684)
Bugs Fixed:
- InnoDB: The hash function used by the adaptive hash index (AHI) was improved to increase performance. (Bug #35449386)
- InnoDB: If change buffer entries are present during startup, a disabled
innodb_validate_tablespace_paths
option will no longer be enforced and instead the MySQL server will proceed to validate all tablespaces. Otherwise, secondary indexes could end up corrupted. (Bug #35208990) - InnoDB: During concurrent DDL and DML operations, DDL could fail if the online log grew too large. Buffer handling was improved to prevent this issue. (Bug #35115601)
- Replication: An issue with calculating the current number of bytes used for
Log_event
events in Performance Schema memory instrumentation made it appear as though the sql/replica_sql
thread on the replica grew endlessly and never decreased in size. (Bug #35546877) - Replication: Stopping replication while replicating
CREATE TABLE AS SELECT
caused the server to exit. (Bug #33934013) - Group Replication: A forced
START GROUP_REPLICATION
while a replication channel was in an error state could lead to an unplanned server exit. (Bug #34724344) - For building Enterprise Linux RPMs, the build scripts now point to a newer strip command (under
/opt/rh/gcc-toolset-12
), and they now check that the corresponding dwz tool is available. (Bug #36086236) - In some cases, calling a loadable function installed by an improperly initialized plugin caused an unplanned shutdown. (Bug #35889261)
- Found and fixed an assertion failure at
handler::ha_index_end()
in handler.cc
. (Bug #35877600) - When the
MYSQL_FIREWALL
plugin was configured to use a custom schema, but failed to initialize properly during the server startup, subsequent errors and failures could occur. (Bug #35853298) - Some nested queries with
GROUP BY
were not handled correctly. (Bug #35846402, Bug #35945822)
References: This issue is a regression of: Bug #32918400.
- In limited cases, passing data to the
MD5()
encryption function could halt the server. (Bug #35764496) - Some subselects from views were not always handled correctly. (Bug #35738548)
- While performing an operation such as the bulk renaming of many tables, simultaneously executing a data definition statement similar to
CREATE TABLE ... SELECT
could stop the server unexpectedly. (Bug #35735937) UPDATE HISTOGRAM
did not behave as expected in all cases.
UPDATE HISTOGRAM did not behave as expected in all cases. (Bug #35710404)
EXPLAIN ANALYZE
did not always produce the expected result. (Bug #35710383)- An error occurred during subquery resolution. (Bug #35710373)
References: This issue is a regression of: Bug #35184353.
- Refreshing of used table information is now postponed to the start of the next execution, just after tables have been opened, and we know that all table objects are in a proper state. (Bug #35710213)
- Some
HAVING
queries did not produce expected results. (Bug #35710183) - Some recursive CTEs did not function as expected. (Bug #35654240)
- Some queries using
OVER (PARTITION ...)
were not always executed successfully. (Bug #35627798) - Some subqueries with
ROLLUP
were not always handled correctly. (Bug #35621842, Bug #35804794) - (Bug #35529968)
- Removed the CPACK_COMPONENT_GROUP_INFO_DISPLAY_NAME configuration option from the Windows installation MSI interface. Now the
INFO_BIN
and INFO_SRC
files are always installed. (Bug #35529968) - Some queries using windowing functions were not always handled correctly. (Bug #35471471)
- In debug builds, a case-altered column name could cause the server to exit. (Bug #35449266)
- The MySQL Server and MySQL Cluster packages contained two copies of the
INFO_SRC
file. (Bug #35400142) - A
SELECT
statement within a prepared statement unexpectedly returned different results on successive executions. (Bug #35340987, Bug #35846585, Bug #35846873)
References: This issue is a regression of: Bug #35060385.
- Some
SELECT DISTINCT
queries were not always handled correctly. (Bug #33725447) - Removed an assertion failure in
sql/field.cc
. (Bug #112503, Bug #35846221) - Sme queries having the form
SELECT AVG(...) OVER (PARTITION BY ...)
were not always handled correctly. (Bug #112460, Bug #35710179, Bug #35845413) - Upgrading MySQL using an official MySQL Yum or SUSE repository always enables the MySQL service. Now it enables the service only after installing, and preserves (and does not edit) the existing value while upgrading. (Bug #112382, Bug #35823558)
- For a query with a derived condition pushdown where a column in the condition needs to be replaced, a matching item could not found, even when known to be present, when the replacement item was wrapped in a
ROLLUP
while the matching item was not. (Bug #111665, Bug #35498378, Bug #35570065, Bug #35826171)
References: This issue is a regression of: Bug #33349994.
- Performing an arithmetic operation on the result over a window function in a stored procedure gave the correct result the first time the procedure was executed, but returned an incorrect result on all subsequent invocations. (Bug #110983, Bug #35380604)
References: See also: Bug #110847, Bug #35340987.
- MySQL did not build correctly using the
musl
version of libc
.
Our thanks to Sam James for the contribution. (Bug #110808, Bug #35330950)
- In some cases, selecting from a view leaked a small amount of memory. (Bug #103133, Bug #32764586)
Docker Compose 2.24.1
Fixes:
- Stop the resource timer after last expected event by @ndeloof in #11357
- fix engine version require to use healthcheck.start_interval by @ndeloof in #11360
- fix(tracing): batch span exports to prevent blocking by @milas in #11364
Internal:
- remove watch subcommand from the alpha command by @glours in #11363
- signals/utils: always handle received signals by @laurazard in #11361
Dependencies:
- build(deps): bump github.com/containerd/containerd from 1.7.11 to 1.7.12 by @dependabot in #11347
- build(deps): bump github.com/docker/cli from 25.0.0-rc.1+incompatible to 25.0.0-rc.2+incompatible by @dependabot in #11348
- build(deps): bump github.com/docker/docker from 25.0.0-rc.1+incompatible to 25.0.0-rc.2+incompatible by @dependabot in #11349
- build(deps): bump github.com/docker/cli from 25.0.0-rc.2+incompatible to 25.0.0-rc.3+incompatible by @dependabot in #11365
- build(deps): bump github.com/docker/docker from 25.0.0-rc.2+incompatible to 25.0.0-rc.3+incompatible by @dependabot in #11367
- bump version of compose-go to v2.0.0-rc.1 by @glours in #11368
Jenkins 2.441
- Update operating system end of life data for Amazon Linux, Alpine Linux, and Fedora Linux. (pull 8864)
- Remove unused material icons. (pull 8831)
- Fix build button rendering for Dashboard View plugin. (pull 8854)
- Change focus in the
new item
page only if from
has a valid job name. (issue 66530)
Elasticsearch 8.12.0
Breaking changes:
- There are no breaking changes in 8.12
Notable changes:
There are notable changes in 8.12 that you need to be aware of but that we do not consider breaking, items that we may consider as notable changes are
- Changes to features that are in Technical Preview.
- Changes to log formats.
- Changes to non-public APIs.
- Behaviour changes that repair critical bugs.
Authorization:
- Fixed JWT principal from claims #101333
ES|QL:
- [ES|QL] pow function always returns double #102183 (issue: #99055)
Infra/Plugins:
- Remove Plugin.createComponents method in favour of overload with a PluginServices object #101457
Bug fixes
Aggregations:
- Adjust Histogram’s bucket accounting to be iteratively #102172
- Aggs error codes part 1 #99963
- Skip global ordinals loading if query does not match after rewrite #102844
- Trigger parent circuit breaker when building scorers in filters aggregation #102511
- Unwrap ExecutionException when loading from cache in AbstractIndexOrdinalsFieldData #102476
Application:
- [Connector API] Fix bug in configuration validation parser #104198
- [Connector API] Fix bug with nullable tooltip field in parser #103427
- [Connectors API] Fix ClassCastException when creating a new sync job #103508
- [Connectors API] Fix bug with missing TEXT DisplayType enum #103430
- [Connectors API] Handle nullable fields correctly in the ConnectorSyncJob parser #103183
- [Profiling] Query in parallel only if beneficial #103061
- [Search Applications] Return 400 response when template rendering produces invalid JSON #101474
Authentication:
- Fall through malformed JWTs to subsequent realms in the chain #101660 (issue: #101367)
Authorization:
- Fix cache invalidation on privilege modification #102193
Data streams:
- Use dataset size instead of on-disk size for data stream stats #103342
Distributed:
- Active shards message corrected for search shards #102808 (issue: #101896)
- Dispatch ClusterStateAction#buildResponse to executor #103435
- Fix listeners in SharedBlobCacheService.readMultiRegions #101727
Downsampling:
- Copy counter field properties to downsampled index #103580 (issue: #103569)
- Fix downsample api by returning a failure in case one or more downsample persistent tasks failed #103615
EQL:
- Cover head/tail commands edge cases and data types coverage #101859 (issue: #101724)
- Samples should check if the aggregations result is empty or null #103574
ES|QL:
- ESQL: Fix to_degrees() returning infinity #103209 (issue: #102987)
- ESQL: Fix planning of MV_EXPAND with foldable expressions #101385 (issue: #101118)
- ESQL: Fix rare bug with empty string #102350 (issue: #101969)
- ESQL: Fix resolution of MV_EXPAND after KEEP * #103339 (issue: #103331)
- ESQL: Fix single value query #102317 (issue: #102298)
- ESQL: Improve local folding of aggregates #103670
- ESQL: Improve pushdown of certain filters #103671
- ESQL: Narrow catch in convert functions #101788 (issue: #100820)
- ESQL: Update the use of some user-caused exceptions #104046
- ESQL: remove time_zone request parameter #102767 (issue: #102159)
- ES|QL: Fix NPE on single value detection #103150 (issue: #103141)
- ES|QL: Improve resolution error management in mv_expand #102967 (issue: #102964)
- Fix layout for MV_EXPAND #102916 (issue: #102912)
- Fix planning of duplicate aggs #102165 (issue: #102083)
- AsyncOperator#isFinished must never return true on failure #104029
Engine:
- Fix lastUnsafeSegmentGenerationForGets for realtime get #101700
Geo:
- Fix geo tile bounding boxes to be consistent with arithmetic method #100826 (issues: #92611, #95574)
ILM+SLM:
- Collect data tiers usage stats more efficiently #102140 (issue: #100230)
Indices APIs:
- Fix template simulate setting application ordering #103024 (issue: #103008)
Infra/Core:
- Cache component versions #103408 (issue: #102103)
- Fix metric gauge creation model #100609
Infra/Node Lifecycle:
- Wait for reroute before acking put-shutdown #103251
Infra/Plugins:
- Making classname optional in Transport protocol #99702 (issue: #98584)
Infra/Scripting:
- Make IPAddress writeable #101093 (issue: #101082)
Infra/Settings:
- Report full stack trace for non-state file settings transforms #101346
Ingest Node:
- Sending an index name to DocumentParsingObserver that is not ever null #100862
License:
- Error log when license verification fails locally #102919
Machine Learning:
- Catch exceptions during pytorch_inference startup #103873
- Ensure the estimated latitude is within the allowed range #2586
- Exclude quantiles when fetching model snapshots where possible #103530
- Fix frequent_item_sets aggregation on empty index #103116 (issue: #103067)
- If trained model download task is in progress, wait for it to finish before executing start trained model deployment #102944
- Persist data counts on job close before results index refresh #101147
- Preserve response headers in Datafeed preview #103923
- Prevent attempts to access non-existent node information during rebalancing #103361
- Prevent resource over-subscription in model allocation planner #100392
- Remove dependency on the IPEX library #2605 and #2606
- Start a new trace context before loading a trained model #103124
- Wait for the model results on graceful shutdown #103591 (issue: #103414)
Monitoring:
- [Monitoring] Dont get cluster state until recovery #100565
Network:
- Ensure the correct threadContext for RemoteClusterNodesAction #101050
Ranking:
- Add an additional tiebreaker to RRF #101847 (issue: #101232)
Reindex:
- Allow prefix index naming while reindexing from remote #96968 (issue: #89120)
Search:
- Add JIT compiler excludes for computeCommonPrefixLengthAndBuildHistogram #103112
- Check that scripts produce correct json in render template action #101518 (issue: #101477)
- Fix NPE & empty result handling in CountOnlyQueryPhaseResultConsumer #103203
- Fix format string in OldLuceneVersions #103185
- Handle timeout on standalone rewrite calls #103546
- Introduce Elasticsearch PostingFormat based on Lucene 90 positing format using PFOR #103601 (issue: #103002)
- Restore inter-segment search concurrency with synthetic source is enabled #103690
- Support complex datemath expressions in index and index alias names #100646
Snapshot/Restore:
- More consistent logging messages for snapshot deletion #101024
- Reroute on shard snapshot completion #101585 (issue: #101514)
TSDB:
- Throw when wrapping rate agg in DeferableBucketAggregator #101032
Transform:
- Add an assertion to the testTransformFeatureReset test case #100287
- Consider search context missing exceptions as recoverable #102602
- Consider task cancelled exceptions as recoverable #100828
- Fix NPE that is thrown by _update API #104051 (issue: #104048)
- Log stacktrace together with log message in order to help debugging #101607
- Split comma-separated source index strings into separate indices #102811 (issue: #99564)
Vector Search:
- Disallow vectors whose magnitudes will not fit in a float #100519
Watcher:
- Correctly logging watcher history write failures #101802
Enhancements
Aggregations:
- Check the real memory circuit breaker when building global ordinals #102462
- Disable concurrency for sampler and diversified sampler #102832
- Disable parallelism for composite agg against high cardinality fields #102644
- Enable concurrency for multi terms agg #102710
- Enable concurrency for scripted metric agg #102461
- Enable inter-segment concurrency for terms aggs #101390
- Export circuit breaker trip count as a counter metric #101423
- Introduce fielddata cache ttl #102682
- Status codes for Aggregation errors, part 2 #100368
- Support keyed histograms #101826 (issue: #100242)
Allocation:
- Add more desired balance stats #102065
- Add undesired shard count #101426
- Expose reconciliation metrics via APM #102244
Application:
- Calculate CO2 and emmission and costs #101979
- Consider duplicate stacktraces in custom index #102292
- Enable Universal Profiling as Enterprise feature #100333
- Include totals in flamegraph response #101126
- Retrieve stacktrace events from a custom index #102020
- [Profiling] Notify early about task cancellation #102740
- [Profiling] Report in status API if docs exist #102735
Authentication:
- Add ldap user metadata mappings for full name and email #102925
- Add manage_enrich cluster privilege to kibana_system role #101682
Authorization:
- Remove auto_configure privilege for profiling #101026
- Use BulkRequest to store Application Privileges #102056
- Use non-deprecated SAML callback URL in SAML smoketests #99983 (issue: #99986)
- Use non-deprecated SAML callback URL in tests #99983 (issue: #99985)
CAT APIs:
- Expose roles by default in cat allocation API #101753
CRUD:
- Cache resolved index for mgets #101311
Data streams:
- Introduce new endpoint to expose data stream lifecycle stats #101845
- Switch logs data streams to search all fields by default #102456 (issue: #99872)
Distributed:
- Add support for configuring proxy scheme in S3 client settings and EC2 discovery plugin #102495 (issue: #101873)
- Introduce a StreamOutput that counts how many bytes are written to the stream #102906
- Push s3 requests count via metrics API #100383
- Record operation purpose for s3 stats collection #100236
EQL:
- Add error logging for *QL #101057
- Use the eql query filter for the open-pit request #103212
ES|QL:
- ESQL: Add profile option #102713
- ESQL: Alias duplicated aggregations in a stats #100642 (issue: #100544)
- ESQL: Load more than one field at once #102192
- ESQL: Load stored fields sequentially #102727
- ESQL: Load text field from parent keyword field #102490 (issue: #102473)
- ESQL: Make blocks ref counted #100408
- ESQL: Make fieldcaps calls lighter #102510 (issues: #101763, #102393)
- ESQL: More tracking in BlockHash impls #101488
- ESQL: New telemetry commands #102937
- ESQL: Share constant null Blocks #102673
- ESQL: Short circuit loading empty doc values #102434
- ESQL: Support the _source metadata field #102391
- ESQL: Track blocks emitted from lucene #101396
- ESQL: Track memory from values loaded from lucene #101383
- Fast path for reading single doc with ordinals #102902
- Introduce local block factory #102901
- Load different way #101235
- Track ESQL enrich memory #102184
- Track blocks in AsyncOperator #102188
- Track blocks of intermediate state of aggs #102562
- Track blocks when hashing single multi-valued field #102612
- Track pages in ESQL enrich request/response #102190
Engine:
- Add static node settings to set default values for max merged segment sizes #102208
Geo:
- Add runtime field of type geo_shape #100492 (issue: #61299)
Health:
- Add message field to HealthPeriodicLogger and S3RequestRetryStats #101989
- Add non-green indicator names to HealthPeriodicLogger message #102245
ILM+SLM:
- Health Report API should not return RED for unassigned cold/frozen shards when data is available #100776
- Switch fleet’s built-in ILM policies to use .actions.rollover.max_primary_shard_size #99984 (issue: #99983)
Indices APIs:
- Add executed pipelines to bulk api response #100031
- Add support for marking component templates as deprecated #101148 (issue: #100992)
- Allowing non-dynamic index settings to be updated by automatically unassigning shards #101723
- Rename component templates and pipelines according to the new naming conventions #99975
- Run TransportGetAliasesAction on local node #101815
Infra/CLI:
- Set ActiveProcessorCount when node.processors is set #101846
Infra/Core:
- Add apm api for asynchronous counters (always increasing) #102598
- Log errors in RestResponse regardless of error_trace parameter #101066 (issue: #100884)
Infra/Logging:
- Add status code to rest.suppressed log output #100990
Ingest Node:
- Deprecate the unused elasticsearch_version field of enrich policy json #103013
- Optimize MurmurHash3 #101202
Machine Learning:
- Accept a single or multiple inputs to _inference #102075
- Add basic telelemetry for the inference feature #102877
- Add internal inference action for ml models an services #102731
- Add prefix strings option to trained models #102089
- Estimate the memory required to deploy trained models more accurately #98874
- Improve stability of spike and dip detection for the change point aggregation #102637
- Include ML processor limits in _ml/info response #101392
- Read scores from downloaded vocabulary for XLM Roberta tokenizers #101868
- Support for GET all models and by task type in the _inference API #102806
- Upgrade Boost libraries to version 1.83 #2560
Mapping:
- Improve analyzer reload log message #102273
Monitoring:
- Add memory utilization Kibana metric to the monitoring index templates #102810
- Added beat.stats.libbeat.pipeline.queue.max_events #102570
Network:
- Record more detailed HTTP stats #99852
Search:
- Add metrics to the shared blob cache #101577
- Add support for Serbian Language Analyzer #100921
- Add support for index_filter to open pit #102388 (issue: #99740)
- Added metric for cache eviction of entries with non zero frequency #100570
- Disable inter-segment concurrency when sorting by field #101535
- Enable query phase parallelism within a single shard #101230 (issue: #80693)
- Node stats as metrics #102248
- Optimize _count type API requests #102888
Security:
- Expose the invalidation field in Get/Query ApiKey APIs #102472
- Make api_key.delete.interval a dynamic setting #102680
Snapshot/Restore:
- Fail S3 repository analysis on partial reads #102840
- Parallelize stale index deletion #100316 (issue: #61513)
- Repo analysis of uncontended register behaviour #101185
- Repo analysis: allow configuration of register ops #102051
- Repo analysis: verify empty register #102048
Stats:
- Introduce includeShardsStats in the stats request to indicate that we only fetch a summary #100466 (issue: #99744)
- Set includeShardsStats = false in NodesStatsRequest where the caller does not use shards-level statistics #100938
Store:
- Add methods for adding generation listeners with primary term #100899
- Allow executing multiple periodic flushes while they are being made durable #102571
- Pass shard’s primary term to Engine#addSegmentGenerationListener #99752
Transform:
- Implement exponential backoff for transform state persistence retrying #102512 (issue: #102528)
- Make tasks that calculate checkpoints time out #101055
- Pass source query to _field_caps (as index_filter) when deducing destination index mappings for better performance #102379
- Pass transform source query as index_filter to open_point_in_time request #102447 (issue: #101049)
- Skip shards that don’t match the source query during checkpointing #102138
Vector Search:
- Add vector_operation_count in profile output for knn searches #102032
- Make cosine similarity faster by storing magnitude and normalizing vectors #99445
New features
Application:
- Enable Connectors API as technical preview #102994
- [Behavioral Analytics] Analytics collections use Data Stream Lifecycle (DSL) instead of Index Lifecycle Management (ILM) for data retention management. Behavioral analytics has traditionally used ILM to manage data retention. Starting with 8.12.0, this will change. Analytics collections created prior to 8.12.0 will continue to use their existing ILM policies, but new analytics collections will be managed using DSL. #100033
Authentication:
- Patterns support for allowed subjects by the JWT realm #102426
Cluster Coordination:
- Add a node feature join barrier. This prevents nodes from joining clusters that do not have all the features already present in the cluster. This ensures that once a features is supported by all the nodes in a cluster, that feature will never then not be supported in the future. This is the corresponding functionality for the version join barrier, but for features #101609
Data streams:
- Add ability to create a data stream failure store #99134
ES|QL:
- ESQL: emit warnings from single-value functions processing multi-values #102417 (issue: #98743)
- GEO_POINT and CARTESIAN_POINT type support #102177
Infra/Core:
- Create new cluster state API for querying features present on a cluster #100974
Ingest Node:
- Adding a simulate ingest api #101409
Security:
- Allow granting API keys with JWT as the access_token #101904
Vector Search:
- Add byte quantization for float vectors in HNSW #102093
- Make knn search a query #98916
Regressions
Infra/Core:
- Revert non-semantic NodeInfo #102636
Kibana 8.12.0
Breaking changes
- Breaking changes can prevent your application from optimal operation and performance. Before you upgrade to 8.12.0, review the breaking changes, then mitigate the impact to your application.
Features:
- Kibana 8.12.0 adds the following new and notable features.
Alerting:
- The case list filter bar is now customizable, filters are removable and custom fields can be used as filters (#172276).
APM:
- Adds viewInApp URL to the custom threshold rule type (#171985).
- Adds back the mobile crashes & errors tab (#165892).
Elastic Security:
For the Elastic Security 8.12.0 release information, refer to Elastic Security Solution Release Notes.
Elastic Search:
- Display E5 multilingual callout (#171887).
- Replace model selection dropdown with list (#171436).
Fleet:
- Adds support for preconfigured output secrets (Scrypt edition) (#172041).
- Adds UI components to create and edit output secrets (#169429).
- Adds support for remote ES output (#169252).
- Adds the ability to specify secrets in outputs (#169221).
- Adds an integrations configs tab to display input templates (#168827).
- Adds a Kibana task to publish Agent metrics (#168435).
Lens & Visualizations:
- Adds the ability to edit charts made by ES|QL queries in Dashboard (#169911).
Machine Learning:
- Adds E5 model configurations (#172053).
- Adds the ability to create a categorization anomaly detection job from pattern analysis (#170567).
- Adds and displays alerts data in the Anomaly Explorer (#167998).
Observability:
- Adds logic to update flyout highlights (#172193).
- Adds logic to display highlights in the flyout (#170650).
- Changes the Custom threshold title to Beta (#172360).
Security:
- Disables the connector parameters field (#173610).
- Adds a risk engine missing privileges callout (#171250).
- Asset criticality privileges API (#172441).
Uptime:
- Global params Public APIs (#169669).
- Private location public API’s (#169376).
- Settings public API (#163400).
Logstash 8.12
New features and enhancements:
- Add support for adding and removing multiple keystore keys in a single operation #15739
- Docker: Update Iron Bank base image to ubi9.2 #15490
- Internal: extract GeoIP database manager to stand-alone feature #15348
Notable issues fixed:
- Add missing method of logger wrapper for puma #15640
- Fix logstash-keystore multiple keys operations with command flags #15737
- Separate scheduling of segments flushes from time #15697
- Add system properties to configure Jackson’s stream read constraints #15763
- Fix issue with Jackson 2.15: Can not write a field name, expecting a value #15564
Updates to dependencies:
- Add bigdecimal > 3.1 dependency. #15384
- Update Guava dependency to 32.1.2 #15394
- Swap dataformat-yaml with snakeyaml #15606
- Bump Puma to 6.4.2+ #15776
- Update jackson to 2.15.3 #15477
Documentation enhancements:
- Add info and link to Logstash running on a Kubernetes cluster through Elastic Cloud on Kubernetes (ECK) #15565
- Add info for sending Logstash monitoring data to Elastic serverless #15636
- Add docs for extending integrations with filter-elastic_integration #15674
- Update Logstash intro and security overview for serverless #15663
- Update the Logstash-to-Logstash communication docs to reflect the multiple hosts usage #15512
Plugins
Elasticsearch Input - 4.19.1:
- Plugin version bump to pick up docs fix in #199 required to clear build error in docgen. #200
- Add search_api option to support search_after and scroll #198
- The default value auto uses search_after for Elasticsearch >= 8, otherwise, fall back to scroll
Http Input - 3.8.0:
- Fixed SSL Java KeyStore support #171
- Added ssl_keystore_type configuration
- Added SSL Java TrustStore configurations (ssl_truststore_type, ssl_truststore_path and ssl_truststore_password)
Elastic_enterprise_search Integration - 3.0.0:
- [BREAKING] Swiftype endpoints are no longer supported for both plugins App Search and Workplace Search
- Bumped Enterprise Search clients to version >= 7.16, < 9 #18
- Added support to SSL configurations (ssl_certificate_authorities, ssl_truststore_path, ssl_truststore_password, ssl_truststore_type, ssl_verification_mode, ssl_supported_protocols and ssl_cipher_suites)
- The App Search deprecated options host and path were removed
Kafka Integration - 11.3.3:
- Fixed: "Can’t modify frozen string" error when record value is nil (tombstones) #155
Logstash Integration - 1.0.1:
- Fixed: improves throughput by allowing pipeline workers to share a plugin instance concurrently instead of sequentially #19
- Introduced load balancing mechanism to distribute the requests among the hosts #16
Elasticsearch Output - 11.22.2:
- Fixed: avoid to populate version and version_type attributes when processing integration metadata and datastream is enabled. #1161
- Added support for propagating event processing metadata when this output is downstream of an Elastic Integration Filter and configured without explicit version, version_type, or routing directives #1158
- Added support for propagating event processing metadata when this output is downstream of an Elastic Integration Filter and configured without explicit index, document_id, or pipeline directives #1155
- Changed the register to initiate pipeline shutdown upon bootstrap failure instead of simply logging the error #1151
- Doc: Replace document_already_exist_exception with version_conflict_engine_exception in the silence_errors_in_log setting example #1159
- Doc: Add content for sending data to Elasticsearch on serverless #1164
Kubernetes 1.29.1
API Change:
- Fixes accidental enablement of the new alpha optionalOldSelf API field in CustomResourceDefinition validation rules, which should only be allowed to be set when the CRDValidationRatcheting feature gate is enabled. Existing CustomResourceDefinition objects which have the field set will retain it on update, but new CustomResourceDefinition objects will not be permitted to set the field while the CRDValidationRatcheting feature gate is disabled. (#122343, @jpbetz) [SIG API Machinery]
Feature:
- Kubernetes is now built with Go 1.21.6 (#122711, @cpanato) [SIG Release and Testing]
Bug or Regression:
- Allow deletion of pods that use raw block volumes on node reboot (#122211, @gnufied) [SIG Node and Storage]
- Fix an issue where kubectl apply could panic when imported as a library (#122559, @Jefftree) [SIG CLI]
- Fix: Mount point may become local without calling NodePublishVolume after node rebooting. (#119923, @cvvz) [SIG Node and Storage]
- Fixed a regression since 1.24 in the scheduling framework when overriding MultiPoint plugins (e.g. default plugins). The incorrect loop logic might lead to a plugin being loaded multiple times, consequently preventing any Pod from being scheduled, which is unexpected. (#122366, @caohe) [SIG Scheduling]
- Fixed migration of in-tree vSphere volumes to the CSI driver. (#122341, @jsafrane) [SIG Storage]
- QueueingHint implementation for NodeAffinity is reverted because we found potential scenarios where events that make Pods schedulable could be missed. (#122327, @sanposhiho) [SIG Scheduling]
- QueueingHint implementation for NodeUnschedulable is reverted because we found potential scenarios where events that make Pods schedulable could be missed. (#122326, @sanposhiho) [SIG Scheduling]
Other (Cleanup or Flake):
- Reverts the EventedPLEG feature (beta, but disabled by default) back to alpha for a known issue (#122718, @pacoxu) [SIG Node]
Node.js 21.6.0
New connection attempt events
Three new events were added in the net.createConnection flow:
- connectionAttempt: Emitted when a new connection attempt is established. In case of Happy Eyeballs, this might emitted multiple times.
- connectionAttemptFailed: Emitted when a connection attempt failed. In case of Happy Eyeballs, this might emitted multiple times.
- connectionAttemptTimeout: Emitted when a connection attempt timed out. In case of Happy Eyeballs, this will not be emitted for the last attempt. This is not emitted at all if Happy Eyeballs is not used.
- Additionally, a previous bug has been fixed where a new connection attempt could have been started after a previous one failed and after the connection was destroyed by the user. This led to a failed assertion.
- Contributed by Paolo Insogna in #51045.
Changes to the Permission Model:
- Node.js 21.6.0 comes with several fixes for the experimental permission model and two new semver-minor commits. We're adding a new flag --allow-addons to enable addon usage when using the Permission Model.
- $ node --experimental-permission --allow-addons
- Contributed by Rafael Gonzaga in #51183
- And relative paths are now supported through the --allow-fs-* flags. Therefore, with this release one can use:
- $ node --experimental-permission --allow-fs-read=./index.js
- To give only read access to the entrypoint of the application.
- Contributed by Rafael Gonzaga and Carlos Espa in #50758
- Support configurable snapshot through --build-snapshot-config flag
- We are adding a new flag --build-snapshot-config to configure snapshots through a custom JSON configuration file.
- $ node --build-snapshot-config=/path/to/myconfig.json
- When using this flag, additional script files provided on the command line will not be executed and instead be interpreted as regular command line arguments.
- These changes were contributed by Joyee Cheung and Anna Henningsen in #50453
Other Notable Changes:
- [c31ed51373] - (SEMVER-MINOR) timers: export timers.promises (Marco Ippolito) #51246
PHP 8.3.2
Core:
- Fixed bug GH-12953 (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements).
- Fixed bug GH-12999 (zend_strnlen build when strnlen is unsupported).
- Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings).
- Fixed bug GH-12854 (8.3 - as final trait-used method does not correctly report visibility in Reflection).
Cli:
- Fix incorrect timeout in built-in web server when using router script and max_input_time.
DOM:
- Fixed bug GH-12870 (Creating an xmlns attribute results in a DOMException).
- Fix crash when toggleAttribute() is used without a document.
- Fix crash in adoptNode with attribute references.
- Fixed bug GH-13012 (DOMNode::isEqualNode() is incorrect when attribute order is different).
FFI:
- Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData).
- Fixed bug GH-12905 (FFI::new interacts badly with observers).
Intl:
- Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
Hash:
- Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on strings >= 4GiB).
ODBC:
- Fix crash on Apache shutdown with persistent connections.
Opcache:
- Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result).
- Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258.
OpenSSL:
- Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
PDO:
- Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
PDO_ODBC:
- Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
PGSQL:
- Fixed auto_reset_persistent handling and allow_persistent type.
- Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
Phar:
- Fixed bug #77432 (Segmentation fault on including phar file).
PHPDBG:
- Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c).
SimpleXML:
- Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash.
- Fixed bug GH-12929 (SimpleXMLElement with stream_wrapper_register can segfault).
Tidy:
- Fixed bug GH-12980 (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes).
Prometheus 2.49.0 and 2.49.1
[FEATURE] Promtool: Add --run flag promtool test rules command. #12206
[FEATURE] SD: Add support for NS records to DNS SD. #13219
[FEATURE] UI: Add heatmap visualization setting in the Graph tab, useful histograms. #13096 #13371
[FEATURE] Scraping: Add scrape_config.enable_compression (default true) to disable gzip compression when scraping the target. #13166
[FEATURE] PromQL: Add a promql-experimental-functions feature flag containing some new experimental PromQL functions. #13103 NOTE: More experimental functions might be added behind the same feature flag in the future. Added functions:
Experimental mad_over_time (median absolute deviation around the median) function. #13059
Experimental sort_by_label and sort_by_label_desc functions allowing sorting returned series by labels. #11299
[FEATURE] SD: Add __meta_linode_gpus label to Linode SD. #13097
[FEATURE] API: Add exclude_alerts query parameter to /api/v1/rules to only return recording rules. #12999
[FEATURE] TSDB: --storage.tsdb.retention.time flag value is now exposed as a prometheus_tsdb_retention_limit_seconds metric. #12986
[FEATURE] Scraping: Add ability to specify priority of scrape protocols to accept during scrape (e.g. to scrape Prometheus proto format for certain jobs). This can be changed by setting global.scrape_protocols and scrape_config.scrape_protocols. #12738
[ENHANCEMENT] Scraping: Automated handling of scraping histograms that violate scrape_config.native_histogram_bucket_limit setting. #13129
[ENHANCEMENT] Scraping: Optimized memory allocations when scraping. #12992
[ENHANCEMENT] SD: Added cache for Azure SD to avoid rate-limits. #12622
[ENHANCEMENT] TSDB: Various improvements to OOO exemplar scraping. E.g. allowing ingestion of exemplars with the same timestamp, but with different labels. #13021
[ENHANCEMENT] API: Optimize /api/v1/labels and /api/v1/label/<label_name>/values when 1 set of matchers are used. #12888
[ENHANCEMENT] TSDB: Various optimizations for TSDB block index, head mmap chunks and WAL, reducing latency and memory allocations (improving API calls, compaction queries etc). #12997 #13058 #13056 #13040
[ENHANCEMENT] PromQL: Optimize memory allocations and latency when querying float histograms. #12954
[ENHANCEMENT] Rules: Instrument TraceID in log lines for rule evaluations. #13034
[ENHANCEMENT] PromQL: Optimize memory allocations in query_range calls. #13043
[ENHANCEMENT] Promtool: unittest interval now defaults to evaluation_intervals when not set. #12729
[BUGFIX] SD: Fixed Azure SD public IP reporting #13241
[BUGFIX] API: Fix inaccuracies in posting cardinality statistics. #12653
[BUGFIX] PromQL: Fix inaccuracies of histogram_quantile with classic histograms. #13153
[BUGFIX] TSDB: Fix rare fails or inaccurate queries with OOO samples. #13115
[BUGFIX] TSDB: Fix rare panics on append commit when exemplars are used. #13092
[BUGFIX] TSDB: Fix exemplar WAL storage, so remote write can send/receive samples before exemplars. #13113
[BUGFIX] Mixins: Fix url filter on remote write dashboards. #10721
[BUGFIX] PromQL/TSDB: Various fixes to float histogram operations. #12891 #12977 #12609 #13190 #13189 #13191 #13201 #13212 #13208
[BUGFIX] Promtool: Fix int32 overflow issues for 32-bit architectures. #12978
[BUGFIX] SD: Fix Azure VM Scale Set NIC issue. #13283
[BUGFIX] TSDB: Fixed a wrong q= value in scrape accept header #13313
Spring boot 3.2.2
- SslBundle implementations do not provide useful toString() results #39167
- JarEntry.getComment() returns incorrect result from NestedJarFile instances #39166
- Mixing PEM and JKS certificate material in server.ssl properties does not work #39158
- Having AspectJ and Micrometer on the classpath is not a strong enough signal to enable support for Micrometer observation annotations #39128
- Actuator endpoints with no operations that use selectors are not accessible when mapped to / #39122
- Spring Boot 3.2 app that uses WebFlux, Security, and Actuator may fail to start due to a missing authentication manager #39096
- management.observations.http.server.requests.name no longer has any effect #39083
- spring.rabbitmq.listener.stream.auto-startup property has no effect #39078
- Error mark in the log message for PatternParseException is in the wrong place #39075
- Configuring server.jetty.max-connections has no effect #39052
- @ConfigurationPropertiesBinding converters that rely on initial CharSequence to String conversion no longer work #39051
- Manifest attributes cannot be resolved with the new loader implementation #38996
- Throwable from logging system initialization may result in the application silently failing to start #38963
- When using Jetty, idle timeout for IO operations and delayed dispatch cannot be set to less than 30000ms #38960
- spring-boot-maven-plugin repackage uber jar execution fails when jar is put on WSL network drive #38956
- Oracle OJDBC BOM version is flagged not for production use #38943
- Connection leak when using jOOQ and spring.jooq.sql-dialect has not been set #38924
- AutoConfigurationSorter does not always respect @AutoConfigureOrder(Ordered.LOWEST_PRECEDENCE) #38916
- Containers are not started when using @ImportTestcontainers #38913
- Even when spring.security.user.name or spring.security.user.password has been configured, user details auto-configuration still backs off when resource server is on the classpath #38864
- MockRestServiceServerAutoConfiguration with RestTemplate and RestClient together throws incorrect exception #38820
OpenUpdate - January 18, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Redis 7.2.4 and 7.0.15
Security Fixes
- (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory
buffers which can result in incorrect accounting of buffer sizes and lead to
heap overflow and potential remote code execution.
Bug Fixes
- Fix crashes of cluster commands clusters with mixed versions of 7.0 and 7.2 (#12805, #12832)
- Fix slot ownership not being properly handled when deleting a slot from a node (#12564)
- Fix atomicity issues with the RedisModuleEvent_Key module API event (#12733)
Non-Security Updates
OpenJ9 0.42
OpenJ9 Changes from 0.4
- 874af12 (0.42) Add a NULL check on threadObject in destroyThreadData Babneet Singh #18690
- 69b6ceb (0.42) Fix GetThreadStateTest Babneet Singh #18662
- 012884b (0.42) Initialize recycled continuations in createContinuation before usage Babneet Singh #18657
cfcd5ea (0.42) Fix PowerPC specific issues hulin #18651 - 4fb12e9 (0.42) Prevent requesting exclusive, if already acquired Aleksandar Micic #18629
- fe20d7a (0.42) Add OPENJCEPLUS_SUPPORT flag in JPP tags Tao Liu #18605
- f63b8a0 (0.42) Enable -XX:[+|-]CRIUSecProvider JVM option WilburZjh #18594
- bf7a9b9 (0.42) The java.compiler system property is obsolete in jdk21+ Peter Shipton #18586
- 73dd4df Remove java.lang.Compiler for Java 21+ Keith W. Campbell #18580
a3d5fc3 Fix 0.42 CRIU test compilation error Jason Feng #18553 - 7d0f105 (v0.42) Add an additional param to SH_CompositeCacheImpl::reset() Hang Shao #18549
- b59008a (0.42) Use correct GC flag in HCR dark matter cleanup Graham Chapman #18546
- 2e15576 (v0.42.0-release) elapsed time tests Jason Feng #18530
- 8e75976 [0.42] Virtual Thread Support Babneet Singh #18494
- 07c68b3 0.42.0: Append cp to method and field annotation data to fix redefinition inconsistencies Theresa Mammarella #18490
- 16ff7d7 (0.42) Add NULL check for continuation struct Graham Chapman #18492
- df46709 [FFI/Jreg_JDK21] Fix the issue with the nested struct in libffi ChengJin01 #18375
- f819b7e Conform to spec for BootstrapMethodError for OJDK MHs for JDK 8 Nathan Henderson #18445
5fde7f7 Fix continuation stacks when breakpointing Graham Chapman #18413 - bc535a4 Spin during VirtualThread MountBegin and UnmountBegin Babneet Singh #18439
- f9dffe6 Remove the space at the end of J9NLS_VM_STACK_TRACE_EXCEPTION_IN, update all NLS translations Peter Shipton #18446
- 8fa4dd4 [Verifier] Fix the field access issue with putfield/getfield ChengJin01 #18440
- 8081c37 Conform to pre JEP 274 for OpenJ9 MHs Nathan Henderson #18441
- f1d8ad7 Add explicit enum casts to prevent warnings Dylan Tuttle #18237
- bf1f4dc Fix comparison of non-pointer to NULL Dylan Tuttle #18266
- 881ab73 Disable idiomRecognition on x86 for warm opt levels Marius #18433
- e4b82f2 Compile jdk8, 11 alinux with gcc 10.3, p,zlinux with gcc 11.2 Peter Shipton #18408
- 2a351fb Remove fall through comments from case statements with no code Babneet Singh #18442
- f4501d1 Support the new VirtualThread states Babneet Singh #18421
- 5e618ab Clear vmthread from thread object at shutdown tajila #18343
- 333880b Virtual Thread Support Babneet Singh #18432
- 3126552 Tolerate null in getLoaderNameID() Keith W. Campbell #18435
- f7cf540 JDK22+ add Throwable.jfrTracing Jason Feng #18428
- 94eedff Fixing compilation problem Dmitri Pivkine #18434
- 084fe2a Z: Update vsnprintf test to match the omr atoe_util changes Ehsan Kiani Far #18362
- df7853e Update OpenSSL with the fix for CVE-2023-5678 Peter Shipton #18423
- 9b34f8b Use assertion with message for object allocation sanity checks Dmitri Pivkine #18419
- 001e9c5 Re-fetch objects after VM access is released and reacquired Babneet Singh #18420
- 2dc399e Fix SSL Test Failure due to client exiting too soon during remote compile SajinaKandy #18393
- 04f76db Adapt getCallerClass MH tests for ojdk8 MHs Nathan Henderson #18396
- 406c9da Correct the handling of hidden class field comparisions Nazim Bhuiyan #18374
- 0a0620e Removed duplicate System.gc() in test Florian Grabmeier #18339
- 70f5655 Update graph_tool_script.build in Windows specs to msvc2022 Peter Shipton #18414
- 3ba8567 Adapt cross package interface test to correctly handle Java 8 Nathan Henderson #18398
- bb39169 Update JIT UMA link step to include ucrt, vcruntime for VS2022 Peter Shipton #18404
- 648c16f Compile IBM Java 8 plinux LE with gcc 11.2 Peter Shipton #18407
- f55c20e Add support for -XX:Compatibility=elasticsearch Keith W. Campbell #18387
- 132d734 jdk8,11 Ignore "allow" and "disallow" set in java.security.manager Peter Shipton #18402
- 4acf608 Don't cache instances of TemporaryLoggerFinder Peter Shipton #18406
- 60b2e21 Update callsiteddrtests to require a successful core Peter Shipton #18347
- 09ab27b Fix some errors with nls messages Peter Shipton #18397
- 0d0f5ed Updated recognized methods for newer JDKs jimmyk #18383
- b614f6c Add option to enforce/disable IProfiler during startup phase Abdulrahman Alattas #18381
- 6378d21 [FFI/Test_JDK22] Add test suites intended for union ChengJin01 #18388
- 5c2e703 Pass NULL walkState to jvmti callback for JNI local reference on stack hulin #18394
- 9485b48 Ensure thread GC environment exists during restore Amarpreet Singh #18391
- a00333d Tracepoints for the memory usage of memory pools Lin Hu #17899
- 59eb37d Add addition testing for ThreadMXBean thread alloc Tobi Ajila #18365
- 1217913 Enable warnings as errors on Aarch64 in the JIT Dylan Tuttle #18382
- 42ff412 Replace NULL with 0 in call to generateSrc1Instruction Dylan Tuttle #18244
- 20cb61e Add 'const' to return type of Instruction::description Dylan Tuttle #18276
- 032fb02 Fix code cache allocation with large pages enabled SajinaKandy #18342
- ca9cc47 Fix JNI Local Reference reporting issue hulin #18379
- 0ee3f98 [FFI/JDK21] Enable the union support in JDK21 ChengJin01 #18291
- 3a5a8e6 Recognize JNI local refs in JNINativeMethodFrames Jack Lu #18378
- b4ecea9 Adapt getCallerClass MH tests for ojdk11 MHs Nathan Henderson #18372
- edd7fc3 Eliminate tautological comparisons Dylan Tuttle #18261
- 1a3b424 Improve MethodHandle direct dispatch J2I-prevention transformations Devin Papineau #17954
- 33bc781 Add ability to run Update ref repo job serially Adam Brousseau #18376
- a80c01f Part 3 of adding lw5 ValueTypeTests Theresa Mammarella #18348
- b1f9c82 CRIU adds time compensation for RuntimeMXBean.getUptime() Jason Feng #18235
- 4ba8f3d Reduce counts when class of method is not in SCC Marius #18356
- 7498dc0 Remove redundant assertion to avoid acquiring VMAccess Jack Lu #18363
- 3f1a6b2 Correct expected number of StackWalker options Keith W. Campbell #18366
- d62e757 Accelerate ArraysSupport.vectorizedMismatch in IL Spencer Comin #16662
- 4a6551c Use defining symrefs from defining map for call Henry Zongaro #18315
- bc054dc Add NULL restricted check Hang Shao #18331
- 13443f0 JDK22+ add latest APIs for Valhalla & enable JEP 454 tests Jason Feng #18360
- df535b9 Update Artifactory doc with new OSU Art URL Adam Brousseau #18361
- 869824b Fix Tree Simplifier convertCurrentTimeMillis() Kevin Langman #18312
- 601957a AArch64 macOS: Stop assigning x18 KONNO Kazuhiro #18351
- ae0b30a Fix interpreter transition in getThreadAllocBytes Tobi Ajila #18355
- 8f72ea7 Remove unused foreign function and memory tests Keith W. Campbell #18332
- 39fd615 Use -fno-omit-frame-pointer on x86_64-mac JIT builds Henry Zongaro #18346
- 350b747 Add support for thread local allocation stats Tobi Ajila #18202
- c6df01b JDK22+ disable JEP 454 tests Jason Feng #18350
- 0b2f053 Add debug option to force GPF on heap initialization error Dmitri Pivkine #18345
- 66e3fd1 Fix mismatched JITServer message type Christian Despres #18344
- afa97fa Add test classes for lw5 ValueTypeTests Theresa Mammarella #18341
- 06c3abc Split ValueTypeSystemArraycopyTests to src_lw5 and src_qtypes folders Theresa Mammarella #18330
- 77c530e Update to openssl 3.0.12 Keith W. Campbell #18338
- 900abdd Allow Last Responder thread pointer to be NULL Dmitri Pivkine #18333
- 5454302 Update z/TPF code cache strategy Jim Johnston #17555
- dad43a0 Support for java.lang.Class.asNullRestrictedType Theresa Mammarella #18323
- 50cad9e Split ValueTypeTests for lw5 and enable basic value type tests Theresa Mammarella #18317
- fadb895 Support ChangesCurrentThread annotation in the JIT Nazim Bhuiyan #18243
- 2eb0050 Disable latest JDK22 APIs for Valhalla Jason Feng #18327
- 3cad358 In PR testing redefine all to exclude UNB platforms Peter Shipton #18325
- dc6ce50 Don't check JNI absolute paths on z/OS, for loading datasets Peter Shipton #18286
- 8ad165f Do not skip InjectedInvoker class in getCallerClass and getStackClass Nathan Henderson #18285
- fcad0b8 JDK22 new API support Jason Feng #18296
- b1abbfd Change In Config Due To Moving Forced Flags to Extbase Frank Kang #18311
- 6663162 Set thread.started after running Tobi Ajila #18310
- 43d41d5 AArch64: Stop saving/restoring x29 in unnecessary cases KONNO Kazuhiro #18248
- 70705ba Make 0-length 0-stride array discontiguous Dmitri Pivkine #18300
- dc28d58 Update NullRestrictedTypeOptTests to build with Valhalla lw5 Theresa Mammarella #18275
- 7cf716a Improve the error message on SCC control file open/lock failure Hang Shao #18281
- c96ca12 Add default cases to PPC switch statements Dylan Tuttle #18178
- 3060a8d Insert Null value check if array component type is unknown during compilation time Annabelle Huo #18259
- 27d7433 Need to pass _trackVisibleStackFrameDepth for scanContinuationSlots() hulin #18282
- bad831c Renamed warm strategy opts Marius Pirvu #18289
- c651466 Update VMArgumentTests to provide more info on failure Peter Shipton #18294
- ebf9ebe Parse softmx on CRIU restore side Frank Kang #18242
- e8a76ff Remove the redundant check from the assertion Babneet Singh #18290
- b965447 Update genAconst_init to check NullRestricted attribute Annabelle Huo #18189
- f418680 Add tests to verify JITServer with SSL SajinaKandy #18262
- d5a2e02 Jenkins: Add option to prefix Artifactory build names Adam Brousseau #16103
- 720a42a Implement Thread.findScopedValueBindings() Gengchen Tuo #18255
- 72df862 Remove misleading comment Keith W. Campbell #18284
- 6df98f6 Revert "Add numberOfElements parameter to getArrayletLayout()" Aleksandar Micic #18283
- e0018c0 [JDK11] Fix AccessControlException in resolveInvokeDynamic Babneet Singh #18264
- 2645298 Add numberOfElements parameter to getArrayletLayout() Dmitri Pivkine #18268
- 3ad3c3b Retain Continuation.vthread until the J9VMContinuation is freed Babneet Singh #18251
- 91e0706 Ensure constgen is up-to-date before running it Keith W. Campbell #18278
- c28859b Change Artifactory buildInfo publish condition to be string compare Adam Brousseau #18203
- 676b9a4 Set default DISCARDER_NUM_BUILDS to 10 Adam Brousseau #18271
- 7463bc9 CRIU adds InternalCRIUSupport.getLastRestoreTime() Jason Feng #18184
- 8a817fe Replace #ifdef with #if define for flattenable value type tags Theresa Mammarella #18201
- 0d83d4d Remove support for jextract -interactive Kushagra Nigam #18230
- 5570f22 Introduce JVMPortableRestoreMode Tobi Ajila #18252
- 4e1d1c6 Add MN_HIDDEN_MEMBER and change MN_FLATTENED Jason Feng #18238
- 2d48e93 Add options for sizing the IProfiler hash tables Marius #18241
- bb64850 Fix Criu test failures for JITServer SSL Tests SajinaKandy #18225
- ff863a1 Fix crash in prepareToFixMemberNames Graham Chapman #18236
- 8134561 Remove redundant comparisons with FALSE Keith W. Campbell #18240
- 7e24d9a Use getLiveRangeInfo to find pending push symRefs that are dead Henry Zongaro #14074
- 9036526 Pass threadObject to walkContinuationStackFrames Babneet Singh #18180
- 9f497fc AArch64: Add space for outgoing JNI argument to J9CInterpreterStackFrame Akira Saitoh #18227
- 3970536 Enable write permission before writing into CodeCache segment Akira Saitoh #18233
- 8abe35a Add CT helper to check for ChangesCurrentThread annotation Nazim Bhuiyan #18222
- 6b03df7 Guard the RecreateClassFileOnload option on the patchMap being NULL Nathan Henderson #18220
- 0363e57 Add AIX sun.font.FontManagerNativeLibrary.load() test Jason Feng #18228
- acbce13 Support tracing reference on continuation java frames for jvmti Lin Hu #18214
- c9b2519 Fix code cache segment race condition Marius #18212
- 333d6c2 Remove clearNonZAAPEligibleBit Peter Shipton #18216
- da4cabf Z: Use new transactional execution facility flags Spencer Comin #18123
- ba0faa8 re-enable cmdLineTester_dumpromclasstests Kapil Anant Powar #18215
- 96d48c9 x86: Fix incorrect use of codegen API BradleyWood #18199
- c3cfbaa Update 0.41.0 release note Sreekala Gopakumar #18187
- e17dd09 Remove redundant import Keith W. Campbell #18208
- ca75b91 Update jdkcompliance for JAVA21 and JAVA22 Keith W. Campbell #18209
- 32a6198 Enable disabled tests Kapil Anant Powar #18206
- 20fb92b Check NullRestricted attribute Annabelle Huo #18179
- f24c6d5 Remove redundant register native call Tobi Ajila #18192
- 252a6dd Collect debuginfo files to help diagnose omr_ddrgen failures with gcc11 Keith W. Campbell #18194
- 6484680 Update JVM_IsUseContainerSupport Babneet Singh #18185
- 749f58c Adjust signature of JVM_MoreStackWalk() for jdk22 Keith W. Campbell #18186
- fb00610 Fix a missing allocationFence in process_java_lang_StringUTF16_toBytes() Kevin Langman #18154
- 48ce19d Make J9VMDllLoadInfo::fatalErrorStr 'const' Dylan Tuttle #18080
- 6a36833 Bump actions/checkout from 4.0.0 to 4.1.0 dependabot[bot] #18188
- 5756d90 Enable disabled tests Kapil Anant Powar #18181
- 51958b3 AArch64: Use lastITable cache for interface call dispatching Akira Saitoh #18099
- 1d693b1 Flatten non-static NullRestricted fields Theresa Mammarella #18173
- 71a6102 Add missing default cases to switch statements Dylan Tuttle #18174
- 8604165 Rename OPENJDK_CRAC_SUPPORT to CRAC_SUPPORT Jason Feng #18175
- 1859981 Fix reflect ConstantPool bootstrapping issues tajila #18169
- 27f0069 NullRestricted attribute field class checks Theresa Mammarella #18030
- da175cf Handle unmounted carrier thread in ThreadMXBeanImpl.getThreadInfo Babneet Singh #18167
- ec52808 Allow zlinux testing to run on rhel8 Peter Shipton #18176
- 2866612 Update getThreadState to handle unmounted carrier thread Babneet Singh #18166
- 80c929b Consume -XX:[+/-]UseZlibNX options in OpenJ9 builds Peter Shipton #18164
- cda91b3 Do not mark the current thread halted during heapification Graham Chapman #18172
- e76263e Implement StackWalker.Option.DROP_METHOD_INFO Keith W. Campbell #18160
- 05fe2be Add tests for Value Type System.arraycopy transformation Annabelle Huo #17903
- 5c37af1 Update to openssl 3.0.11 Keith W. Campbell #18161
- 6258782 Fix TestOperatingSystemMXBean HardwareModel test Peter Shipton #18165
- f4f131b CRIU adds opt_openjdkCracSupport and OPENJDK_CRAC_SUPPORT Jason Feng #18159
- 9c85d47 CRIU adds concurrent mode preCheckpoint and postRestore hooks Jason Feng #18107
- 81947a6 Cumulative thread allocaton stats Aleksandar Micic #18139
- 3c948e8 Prevent inlining of *.runWith methods Nazim Bhuiyan #18152
- 4eedaf2 Update to zlib 1.3 to remove warnings from Clang in latest Xcode Theresa Mammarella #18137
- 910fbb3 StackWalker updates for Java 22 Keith W. Campbell #18145
- 58cf232 Remove redundant *_criu platforms Keith W. Campbell #18138
- 92e0302 AIX Valhalla builds should extend ppc64_aix Hang Shao #18136
- c53da53 NullRestricted field throws NPE on null assignment in withfield Theresa Mammarella #18130
- 754717a Compile Windows jdk8+ with VS2022, move jdk17 x,p,zlinux to gcc 11.2 Peter Shipton #18135
- 3601bb4 Set the ITERATE_FRAMES flag to invoke the frameWalkFunction Babneet Singh #18132
- 869cc38 Add support for jdk.tracePinnedThreads system property Jack Lu #18000
- c0fab8f Update jdk8 build instructions, LOG=cmdlines should be LOG=debug Peter Shipton #18116
- 1f58a61 Fix sequence after frame pop query Tobi Ajila #18068
- 4310ddc Add DDR dummy header size_t strlen(const char *str) Jason Feng #18126
- 080b859 Move decReferenceCount out of else block Dylan Tuttle #18075
- 1dfb607 Add @hidden annotation to Continuation enter/yield methods Jack Lu #18096
- dce0276 CRIU resets j.l.VirtualThread.ForkJoinPool.parallelism after restore Jason Feng #17618
- 0990f59 Add NullCHK when storing value into NullRestricted field Annabelle Huo #18094
- 1ae04ef Create draft 0.41.0 release note Sreekala Gopakumar #18119
- 5bf1ff4 Set default VARIABLE_FILE parameter Jack Lu #18117
- 03d1dbd Fix set_build_extra_options() API for wrapper job Jack Lu #18062
- 50a4e94 Updates Continuation profiling to use j9time_hires_clock Jack Lu #18093
- 5c84d87 Ignore -Xgc:enableArrayletDoubleMapping silently Dmitri Pivkine #18109
- 12d5738 Add isFieldNullRestricted() and expose it to JIT Hang Shao #18084
- 8cdaec7 Update OpenSSL version to include fix for CVE-2023-4807 Peter Shipton #18108
- ba30b63 Added the usage of right front end queries and getExistingJittedBodyInfo on Power Bhavani SN #18056
- b939221 Add criu tests to verify JITServer with SSL SajinaKandy #17985
- b03d898 In CriticalRegionTest System.gc once, testAcquireAndGC timeout 10sec Peter Shipton #18097
- 74f39c7 Guard a call to VMwrtbarWithoutStoreEvaluator Dylan Tuttle #18027
- 47d4e20 Don't invoke shutdown signal handler until JVM init completes Babneet Singh #18085
- 53a5ec5 Use arraycmplen opcode Spencer Comin #17382
- 2c89c12 Fix z/OS build error in getMemberNameMethodInfo() Devin Papineau #18087
- 5e1ca2c Bump actions/upload-artifact from 3.1.2 to 3.1.3 dependabot[bot] #18086
- 7599bde x86: Enable AVX512-CD BradleyWood #18047
- a3120a1 Update jenkins pipeline Keith W. Campbell #18069
- 999dfbc Define unit tests involving arrays of empty value types Henry Zongaro #18041
- d3388e1 Bump actions/checkout from 3.6.0 to 4.0.0 dependabot[bot] #18072
- 71cc017 Fix some javadoc warnings Keith W. Campbell #18070
- 8675daf NullRestricted Valhalla attribute cfdump support Theresa Mammarella #18035
- bbe274b Do not create class unload PIC site assumption if not required Annabelle Huo #18063
- e57170e Implement JVM_LoadZipLibrary() Keith W. Campbell #18055
- 75701be Print NullRestricted flag for ddr classAndFlags Theresa Mammarella #18045
- c46b260 DDR support for Valhalla NullRestricted attribute Theresa Mammarella #18042
- 9707c07 Add comment to System.gc() changes Tobi Ajila #18066
- b212f19 Add DDR command continuationstack Gengchen Tuo #18014
- 2cbea41 Store J9VMThread->scopedValueCache in the Continuation object Babneet Singh #18060
- 2b34667 Store JITServer AOT methods if they are delayed Christian Despres #18059
- 022a2a4 Recognize @IntrinsicCandidate java.lang.Math.multiplyHigh James You #17861
- ecc612b Add stronger guarantees to System.gc() tajila #18044
- 3c5614a SIGFPE for flattened array of value type that has no fields Frank Kang #17994
- 080f0db resolve personal builds jenkins issue Mahdi Ardekanian #18050
- b1d2cc8 Document the variable length section of the J9JITExceptionTable Irwin D'Souza #17920
- dc71255 Expand default local storage of remote AOT methods Christian Despres #18032
- a967380 resolve hardcoded github.com in variable-functions Mahdi Ardekanian #18040
- 3907198 NullRestricted: putstatic and putfield throw NPE on null assignment Theresa Mammarella #18028
- 399a628 Update feature tag renfeiw #18033
- 80ef323 Remove JVM_IsThreadAlive() for Java 17 Keith W. Campbell #17940
- 6256ba4 Consume handled JVM command line options Dmitri Pivkine #18026
- f741a14 Replace the jdk20 build instructions with jdk21 Peter Shipton #18031
- 4003902 Add protobuf to the NOTICES.md Peter Shipton #18029
- fd45fe7 Add third party content used for testing to NOTICES.md Peter Shipton #18022
- 63f95d2 Skip methods with JvmtiMountTransition annotation Babneet Singh #18016
Angular 17.0.9
common
- fix
- c22b513b3f
- remove unused parameters from the ngClass constructor (#53831)
- fix
- bd9f89d1c8
- server-side rendering error when using in-memory scrolling (#53683)
compiler
- fix
- 92fd6cc42e
- generate less code for advance instructions (#53845)
- fix
- 6a41961fbd
- ignore empty switch blocks (#53776)
compiler-cli
- fix
- 7309463697
- interpolatedSignalNotInvoked diagnostic (#53585)
core
- fix
- 441db5123f
- afterRender hooks now only run on ApplicationRef.tick (#52455)
- fix
- f9120d79cb
- allow effect to be used inside an ErrorHandler (#53713)
migrations
- fix
- e92c86b77f
- Fix empty switch case offset bug in cf migration (#53839)
platform-server
- fix
- 91cb16fde9
- Do not delete global Event (#53659)
Jenkins 2.440
- Add an Appearance category to the setup wizard. (pull 8822)
- BootFailure subclasses can now override the Jenkins startup failure page. (pull 8442)
- Reduce the window of time during which a crash may lead to an inconsistent state on Linux. (pull 8815)
- Update the appearance of controls in header. (pull 8791)
- Allow icon size to be changed in the node overview table. (pull 8802)
- Remove code that may have caused an agent-side hang under a rare race condition. (Remoting PR 713)
- Reduce the likelihood of thread creation errors on agents. (Remoting PR 717)
Docker Compose 2.24.0
Breaking change
- service hash computation logic has been updated to fully ignore replicas/scale. Due to this change, after upgrade all services will be recreated.
Enhancements
- Implement docker compose attach by @g0t4 in #11181
- Introduce ps --orphans to include/exclude services not declared by project by @ndeloof in #11220
- Introduce compose logs --index to select a replica container by @ndeloof in #11231
- --with-dependencies let docker compose build build dependencies transitively by @ndeloof in #11290
- Introduce stats command by @ndeloof in #11299
- Add source policies for build by @cpuguy83 in #11325
Fixes
- Include disabled services for shell completion by @ndeloof in #11251
- Restore Project is ps json output by @ndeloof in #11223
- Log we don't expose service ports when --verbose by @ndeloof in #11227
- Fix configs are mounted under / by @ndeloof in #11232
- Fix combination of --pull always --no-build by @ndeloof in #11244
- Fix(publish): add OCI 1.0 fallback support for AWS ECR by @milas in #11239
- Fix race condition in log printer by @horus in #11286
- Send out a cancel event on SIGINT/SIGTERM signal for compose up by @vyneer in #11230
- Up: teardown when command context is cancelled by @laurazard in #11292
- Build do not require environment to be resolved by @ndeloof in #11274
Elasticsearch 8.11.4
Bug fixes
EQL:
- Fix NPE on missing event queries #103611 (issue: #103608)
ES|QL:
- Fix now in millis for ESQL search contexts #103474 (issue: #103455)
- Fix the transport version of
PlanStreamOutput
#103758 AsyncOperator#isFinished
must never return true on failure #104029
Infra/Scripting:
- Wrap painless explain error #103151 (issue: #103018)
Mapping:
Snapshot/Restore:
- Decref
SharedBytes.IO
after read is done not before #102848 - Restore
SharedBytes.IO
refcounting on reads & writes #102843
Watcher:
- Fix: Watcher REST API
GET /_watcher/settings
now includes product header #103003 (issue: #102928)
ETCD 3.4.29
etcd server:
- Disable following HTTP redirects in peer communication
- Add livez/readyz HTTP endpoints
- Fix Check if be is nil to avoid panic when be is overriden with nil
- Fix Add missing experimental-enable-lease-checkpoint-persist flag in etcd help
- Fix Don't flock snapshot files
Keycloack 23.0.4
Bugs:
- #9693 PubKeySignRegisterTest failures in WebAuthn tests testsuite
- #24508 Deadlock when pre-loading remote sessions from external Infinispan storage
- #24763 Remove sign out action for offline sessions admin/ui
- #25016 Make password visibility css classes configurable for themes login/ui
- #25096 Meaning of briefRepresentation query parameter is inverted in GroupResource.getSubGroups admin/api
- #25111 RealmAdminResource.getGroupByPathGroup does not work with space in path parameter admin/api
- #25120 CORS issue in 'openid-connect/certs' endpoint oidc
- #25475 User Profile: If required roles ("user") and reqired scopes are set, the required scopes have no effect user-profile
- #25633 Parsing of labels issue IDs doesn't work with colons and the "fixes" keyword ci
- #25753 Backchannel logout token is missing the "exp" claim oidc
- #25878 HTML emails in Catalan don't contain links translations
Kibana 8.11.4
Bug fixes:
- Fixed a bug where the Sharepoint Online connector was making unnecessary API requests when DLS was disabled.
Logstash 8.11.4
No user-facing changes in Logstash core.
Plugins:
Netflow Codec - 4.3.2
- Updates the milliseconds rounding for IPFIX start/end milliseconds fields.
- Fix the test to run on Logstash 8 with microseconds precision. #206
- Fixed unable to initialize the plugin with Logstash 8.10+ #205
Json Filter - 3.2.1
- Fix tag on failure test #52
File Input - 4.4.6
- Change read mode to immediately stop consuming buffered lines when shutdown is requested #322
Twitter Input - 4.1.1
- Bumped public_suffix gem version to > 4 < 6 #77
Csv Output - 3.0.10
- Extend spreadsheet_safe prefix guard to -, +, and @ #27
Nodejs 20.11.0 LTS
Notable Changes:
- [833190fe7c] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805
- [a541b78bdb] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666
- [d4be8fad83] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393
- [c1a196c897] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740
- [aa3209b880] - fs: add c++ fast path for writeFileSync utf8 (CanadaHonk) #49884
- [8e886a2fff] - (SEMVER-MINOR) module: remove useCustomLoadersIfPresent flag (Chengzhong Wu) #48655
- [21ab3c0f0b] - (SEMVER-MINOR) module: bootstrap module loaders in shadow realm (Chengzhong Wu) #48655
- [29d91b13e3] - (SEMVER-MINOR) src: add --disable-warning option (Ethan Arrowood) #50661
- [11b3e470db] - (SEMVER-MINOR) src: create per isolate proxy env template (Chengzhong Wu) #48655
- [621c4d66c2] - (SEMVER-MINOR) src: make process binding data weak (Chengzhong Wu) #48655
- [139d6c8d3b] - stream: use Array for Readable buffer (Robert Nagy) #50341
- [6206957e8d] - stream: optimize creation (Robert Nagy) #50337
- [e64378643d] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018
- [4a830c2d9d] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638
- [842dc01def] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
Commits:
- [e40a559ab1] - benchmark: update iterations in benchmark/util/splice-one.js (Liu Jia) #50698
- [00f7a5d26f] - benchmark: increase the iteration number to an appropriate value (Lei Shi) #50766
- [be6ad3f375] - benchmark: rewrite import.meta benchmark (Joyee Cheung) #50683
- [9857364129] - benchmark: add misc/startup-cli-version benchmark (Joyee Cheung) #50684
- [22d729e7f5] - benchmark: remove punycode from require-builtins fixture (Joyee Cheung) #50689
- [4cf10a149a] - benchmark: change iterations in benchmark/es/string-concatenations.js (Liu Jia) #50585
- [15c2ed93a8] - benchmark: add benchmarks for encodings (Aras Abbasi) #50348
- [8a896428ca] - benchmark: add more cases to Readable.from (Raz Luvaton) #50351
- [dbe6c5f354] - benchmark: skip test-benchmark-os on IBMi (Michael Dawson) #50286
- [179b4b6e62] - benchmark: move permission-fs-read to permission-processhas-fs-read (Aki Hasegawa-Johnson) #49770
- [32d65c001d] - buffer: improve Buffer.equals performance (kylo5aby) #50621
- [80ea83757e] - build: add GN configurations for simdjson (Cheng Zhao) #50831
- [904e645bcd] - build: add configuration flag to enable Maglev (Keyhan Vakil) #50692
- [019efa8a5a] - build: fix GN configuration for deps/base64 (Cheng Zhao) #50696
- [a645d5ac54] - build: disable flag v8_scriptormodule_legacy_lifetime (Chengzhong Wu) #50616
- [8705058b09] - build: add GN build files (Cheng Zhao) #47637
- [0a5e9c12cf] - build: fix build with Python 3.12 (Luigi Pinca) #50582
- [ff5713dd43] - build: support Python 3.12 (Shi Pujin) #50209
- [cfd50f229a] - build: fix building when there is only python3 (Cheng Zhao) #48462
- [833190fe7c] - crypto: update root certificates to NSS 3.95 (Node.js GitHub Bot) #50805
- [54c46dae9e] - deps: update zlib to 1.2.13.1-motley-5daffc7 (Node.js GitHub Bot) #50803
- [0be84e5a28] - deps: update undici to 5.27.2 (Node.js GitHub Bot) #50813
- [ec67890824] - deps: V8: cherry-pick 0f9ebbc672c7 (Chengzhong Wu) #50867
- [bc2ebb972b] - deps: V8: cherry-pick 13192d6e10fa (Levi Zim) #50552
- [656135d70a] - deps: update zlib to 1.2.13.1-motley-dfc48fc (Node.js GitHub Bot) #50456
- [41ee4bcc5d] - deps: update ada to 2.7.4 (Node.js GitHub Bot) #50815
- [a40948b5c5] - deps: update minimatch to 9.0.3 (Node.js GitHub Bot) #50806
- [7be1222c4a] - deps: update simdutf to 4.0.4 (Node.js GitHub Bot) #50772
- [68e7d49db6] - deps: upgrade npm to 10.2.4 (npm team) #50751
- [3d82d38336] - deps: escape Python strings correctly (Michaël Zasso) #50695
- [d3870ac957] - deps: update base64 to 0.5.1 (Node.js GitHub Bot) #50629
- [4b219b6ece] - deps: update corepack to 0.23.0 (Node.js GitHub Bot) #50563
- [6c41b50922] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #50441
- [3beee0ae8f] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #50460
- [220916fa93] - deps: update undici to 5.27.0 (Node.js GitHub Bot) #50463
- [f9960b3545] - deps: update googletest to 116b7e5 (Node.js GitHub Bot) #50324
- [d5c16f897a] - dns: call handle.setServers() with a valid array (Luigi Pinca) #50811
- [1bd6537c97] - doc: recommend supported Python versions (Luigi Pinca) #50407
- [402e257520] - doc: update notable changes in v21.1.0 (Joyee Cheung) #50388
- [032535e270] - doc: make theme consistent across api and other docs (Dima Demakov) #50877
- [d53842683f] - doc: add a section regarding instanceof in primordials.md (Antoine du Hamel) #50874
- [fe315055a7] - doc: update email to reflect affiliation (Yagiz Nizipli) #50856
- [e14f661950] - doc: shard not supported with watch mode (Pulkit Gupta) #50640
- [b3d015de71] - doc: get rid of unnecessary eslint-skip comments (Antoine du Hamel) #50829
- [168cbf9cb9] - doc: create deprecation code for isWebAssemblyCompiledModule (Marco Ippolito) #50486
- [30baacba41] - doc: add CanadaHonk to triagers (CanadaHonk) #50848
- [e6e7cbceac] - doc: fix typos in --allow-fs-* (Tobias Nießen) #50845
- [e22ce9586f] - doc: update Crypto API doc for x509.keyUsage (Daniel Meechan) #50603
- [549d4422b7] - doc: fix fs.writeFileSync return value documentation (Ryan Zimmerman) #50760
- [3c79e3cdba] - doc: update print results(detail) in PerformanceEntry (Jungku Lee) #50723
- [aeaf96d06e] - doc: fix Buffer.allocUnsafe documentation (Mert Can Altın) #50686
- [347e1dd06a] - doc: run license-builder (github-actions[bot]) #50691
- [a541b78bdb] - doc: add MrJithil to collaborators (Jithil P Ponnan) #50666
- [90f415dd61] - doc: fix typo in fs.md (fwio) #50570
- [e2388151ba] - doc: add missing description of argument in subtle.encrypt (Deokjin Kim) #50578
- [39cc013465] - doc: update pm documentation to include resource (Ranieri Innocenti Spada) #50601
- [ba6d427c23] - doc: correct attribution in v20.6.0 changelog (Jacob Smith) #50564
- [1b2dab8254] - doc: update to align console.table row to the left (Jungku Lee) #50553
- [5d48ef7778] - doc: underline links (Rich Trott) #50481
- [5e6057c9d2] - doc: remove duplicate word (Gerhard Stöbich) #50475
- [64bf2fd4ee] - doc: fix typo in webstreams.md (André Santos) #50426
- [cca55b8414] - doc: add information about Node-API versions >=9 (Michael Dawson) #50168
- [d4be8fad83] - doc: add Ethan-Arrowood as a collaborator (Ethan Arrowood) #50393
- [0b311838f6] - doc: fix TOC in releases.md (Bryce Seefieldt) #50372
- [843d5f84ca] - esm: fallback to getSource when load returns nullish source (Antoine du Hamel) #50825
- [8d5469c84b] - esm: do not call getSource when format is commonjs (Francesco Trotta) #50465
- [b48cf314d3] - esm: bypass CJS loader in default load under --default-type=module (Antoine du Hamel) #50004
- [c1a196c897] - (SEMVER-MINOR) esm: add import.meta.dirname and import.meta.filename (James Sumners) #48740
- [435f9c9276] - fs: use default w flag for writeFileSync with utf8 encoding (Murilo Kakazu) #50990
- [aa3209b880] - fs: add c++ fast path for writeFileSync utf8 (CanadaHonk) #49884
- [05e25e0230] - fs: improve error perf of sync lstat+fstat (CanadaHonk) #49868
- [f94a24cb4b] - fs: improve error performance for rmdirSync (CanadaHonk) #49846
- [cada22e2a4] - fs: fix to not return for void function (Jungku Lee) #50769
- [ba40b2e33e] - fs: replace deprecated path._makeLong in copyFile (CanadaHonk) #50844
- [d1b6bd660a] - fs: update param in jsdoc for readdir (Jungku Lee) #50448
- [11412e863a] - fs: do not throw error on cpSync internals (Yagiz Nizipli) #50185
- [868a464c15] - fs,url: move FromNamespacedPath to node_url (Yagiz Nizipli) #50090
- [de7fe08c7b] - fs,url: refactor FileURLToPath method (Yagiz Nizipli) #50090
- [186e6e0395] - fs,url: move FileURLToPath to node_url (Yagiz Nizipli) #50090
- [aea7fe54af] - inspector: use private fields instead of symbols (Yagiz Nizipli) #50776
- [48dbde71d8] - lib: use primordials for navigator.userAgent (Aras Abbasi) #50467
- [fa220cac87] - lib: remove deprecated string methods (Jithil P Ponnan) #50592
- [f1cf1c385f] - lib: fix assert shows diff messages in ESM and CJS (Jithil P Ponnan) #50634
- [3844af288f] - lib: make event static properties non writable and configurable (Muthukumar) #50425
- [0a0b416d6c] - lib: avoid memory allocation on nodeprecation flag (Vinicius Lourenço) #50231
- [e7551d5770] - lib: align console.table row to the left (Jithil P Ponnan) #50135
- [0c85cebdf2] - meta: clarify nomination process according to Node.js charter (Matteo Collina) #50834
- [f4070dd8d4] - meta: clarify recommendation for bug reproductions (Antoine du Hamel) #50882
- [2ddeead436] - meta: move cjihrig to TSC regular member (Colin Ihrig) #50816
- [34a789d9be] - meta: add web-standards as WPTs owner (Filip Skokan) #50636
- [40bbffa266] - meta: bump github/codeql-action from 2.21.9 to 2.22.5 (dependabot[bot]) #50513
- [c49553631d] - meta: bump step-security/harden-runner from 2.5.1 to 2.6.0 (dependabot[bot]) #50512
- [99df0138b0] - meta: bump ossf/scorecard-action from 2.2.0 to 2.3.1 (dependabot[bot]) #50509
- [9db6227ac6] - meta: fix spacing in collaborator list (Antoine du Hamel) #50641
- [2589a5a566] - meta: bump actions/setup-python from 4.7.0 to 4.7.1 (dependabot[bot]) #50510
- [5a86661a95] - meta: add crypto as crypto and webcrypto docs owner (Filip Skokan) #50579
- [ac8d2b9cc2] - meta: bump actions/setup-node from 3.8.1 to 4.0.0 (dependabot[bot]) #50514
- [bee2c0cf11] - meta: bump actions/checkout from 4.1.0 to 4.1.1 (dependabot[bot]) #50511
- [91a0944e5f] - meta: add ethan.arrowood@vercel.com to mailmap (Ethan Arrowood) #50491
- [8d3cf8c4ee] - meta: add web-standards as web api visibility owner (Chengzhong Wu) #50418
- [807c12de36] - meta: mention other notable changes section (Rafael Gonzaga) #50309
- [21ab3c0f0b] - (SEMVER-MINOR) module: bootstrap module loaders in shadow realm (Chengzhong Wu) #48655
- [8e886a2fff] - (SEMVER-MINOR) module: remove useCustomLoadersIfPresent flag (Chengzhong Wu) #48655
- [77e8361213] - module: execute --import sequentially (Antoine du Hamel) #50474
- [fffc4951ac] - module: add application/json in accept header when fetching json module (Marco Ippolito) #50119
- [f808e7a650] - net: check pipe mode and path (theanarkh) #50770
- [cf3a4c5b84] - node-api: factor out common code into macros (Gabriel Schulhof) #50664
- [a7d8f6b529] - perf_hooks: implement performance.now() with fast API calls (Joyee Cheung) #50492
- [076dc7540b] - permission: do not create symlinks if target is relative (Tobias Nießen) #49156
- [43160dcd2d] - permission: mark const functions as such (Tobias Nießen) #50705
- [7a661d7ad9] - permission: address coverity warning (Michael Dawson) #50215
- [b2b4132c3e] - src: iterate on import attributes array correctly (Michaël Zasso) #50703
- [11b3e470db] - (SEMVER-MINOR) src: create per isolate proxy env template (Chengzhong Wu) #48655
- [d00412a083] - (SEMVER-MINOR) src: create fs_dir per isolate properties (Chengzhong Wu) #48655
- [14cc3b9b90] - (SEMVER-MINOR) src: create worker per isolate properties (Chengzhong Wu) #48655
- [621c4d66c2] - (SEMVER-MINOR) src: make process binding data weak (Chengzhong Wu) #48655
- [07a4e94e84] - src: assert return value of BN_bn2binpad (Tobias Nießen) #50860
- [158db2d61e] - src: fix coverity warning (Michael Dawson) #50846
- [94363bb3fd] - src: fix compatility with upcoming V8 12.1 APIs (Cheng Zhao) #50709
- [29d91b13e3] - (SEMVER-MINOR) src: add --disable-warning option (Ethan Arrowood) #50661
- [f054c337f8] - src: add IsolateScopes before using isolates (Keyhan Vakil) #50680
- [d08eb382cd] - src: avoid copying strings in FSPermission::Apply (Tobias Nießen) #50662
- [6620df1c05] - src: remove erroneous default argument in RadixTree (Tobias Nießen) #50736
- [436c3aef15] - src: fix JSONParser leaking internal V8 scopes (Keyhan Vakil) #50688
- [6f46d31018] - src: return error --env-file if file is not found (Ardi Nugraha) #50588
- [3d43fd359c] - src: avoid silent coercion to signed/unsigned int (Tobias Nießen) #50663
- [c253e39b56] - src: handle errors from uv_pipe_connect2() (Deokjin Kim) #50657
- [3a9713bb5a] - src: use v8::Isolate::TryGetCurrent() in DumpJavaScriptBacktrace() (Joyee Cheung) #50518
- [94f8a925a8] - src: print more information in C++ assertions (Joyee Cheung) #50242
- [23f830616b] - src: hide node::credentials::HasOnly outside unit (Tobias Nießen) #50450
- [b7ecb0a390] - src: readiterable entries may be empty (Matthew Aitken) #50398
- [4ef1d68715] - src: implement structuredClone in native (Joyee Cheung) #50330
- [9346f15138] - src: use find instead of char-by-char in FromFilePath() (Daniel Lemire) #50288
- [8414fb4d2a] - src: add commit hash shorthand in zlib version (Jithil P Ponnan) #50158
- [a878e3abb0] - stream: fix enumerability of ReadableStream.from (Mattias Buelens) #50779
- [95ed4ffc1e] - stream: fix enumerability of ReadableStream.prototype.values (Mattias Buelens) #50779
- [4cf155ca0c] - stream: add Symbol.toStringTag to Compression Streams (Filip Skokan) #50712
- [6012e3e781] - stream: fix Writable.destroy performance regression (Robert Nagy) #50478
- [dd5206820c] - stream: pre-allocate _events (Robert Nagy) #50428
- [829b82ed0f] - stream: remove no longer relevant comment (Robert Nagy) #50446
- [98ae1b4132] - stream: use bit fields for construct/destroy (Robert Nagy) #50408
- [08a0c6c56c] - stream: improve from perf (Raz Luvaton) #50359
- [59f7316b8f] - stream: avoid calls to listenerCount (Robert Nagy) #50357
- [9d52430eb9] - stream: readable use bitmap accessors (Robert Nagy) #50350
- [139d6c8d3b] - stream: use Array for Readable buffer (Robert Nagy) #50341
- [6206957e8d] - stream: optimize creation (Robert Nagy) #50337
- [f87921de3b] - stream: refactor writable _write (Robert Nagy) #50198
- [b338f3d3c2] - stream: avoid getter for defaultEncoding (Robert Nagy) #50203
- [1862235a26] - test: fix message v8 not normalising alphanumeric paths (Jithil P Ponnan) #50730
- [7c28a4ca8f] - test: fix dns test case failures after c-ares update to 1.21.0+ (Brad House) #50743
- [4544593d31] - test: replace forEach with for of (Conor Watson) #50594
- [96143a3293] - test: replace forEach to for at test-webcrypto-sign-verify-ecdsa.js (Alessandro Di Nisio) #50795
- [107b5e63c5] - test: replace foreach with for in test-https-simple.js (Shikha Mehta) #49793
- [9b2e5e9db4] - test: add note about unresolved spec issue (Mattias Buelens) #50779
- [edce637c1a] - test: add note about readable streams with type owning (Mattias Buelens) #50779
- [641044670b] - test: replace forEach with for-of in test-url-relative (vitosorriso) #50788
- [75ee78438c] - test: replace forEach() with for ... of in test-tls-getprotocol.js (Steve Goode) #50600
- [24f9d3fbeb] - test: enable idlharness tests for encoding (Mattias Buelens) #50778
- [a9d290956e] - test: replace forEach in whatwg-encoding-custom-interop (Honza Machala) #50607
- [6584dd80f7] - test: replace forEach() with for-loop (Jan) #50596
- [be54a22869] - test: improve test-bootstrap-modules.js (Joyee Cheung) #50708
- [660e70e73b] - test: skip parallel/test-macos-app-sandbox if disk space < 120MB (Joyee Cheung) #50764
- [5712c41122] - test: replace foreach with for (Markus Muschol) #50599
- [49e5f47b1c] - test: test streambase has already has a consumer (Jithil P Ponnan) #48059
- [bb7d764c8e] - test: change forEach to for...of in path extname (Kyriakos Markakis) #50667
- [4d28ced079] - test: replace forEach with for...of (Ryan Williams) #50611
- [92a153ecde] - test: migrate message v8 tests from Python to JS (Joshua LeMay) #50421
- [a376284d8a] - test: use destructuring for accessing setting values (Honza Jedlička) #50609
- [7b9b1fba27] - test: replace forEach() with for .. of (Evgenia Blajer) #50605
- [9397b2da7e] - test: replace forEach() with for ... of in test-readline-keys.js (William Liang) #50604
- [9043ba4cfb] - test: replace forEach() with for ... of in test-http2-single-headers.js (spiritualized) #50606
- [9f911d31f6] - test: replace forEach with for of (john-mcinall) #50602
- [8a5f36fe74] - test: remove unused file (James Sumners) #50528
- [9950203340] - test: replace forEach with for of (Kevin Kühnemund) #50597
- [03ba28f102] - test: replace forEach with for of (CorrWu) #49785
- [ea61261b54] - test: replace forEach with for [...] of (Gabriel Bota) #50615
- [4349790913] - test: add WPT report test duration (Filip Skokan) #50574
- [7cacddfcc1] - test: replace forEach() with for ... of loop in test-global.js (Kajol) #49772
- [889f58d07f] - test: skip test-diagnostics-channel-memory-leak.js (Joyee Cheung) #50327
- [41644ee071] - test: improve UV_THREADPOOL_SIZE tests on .env (Yagiz Nizipli) #49213
- [1db44b9a53] - test: recognize wpt completion error (Chengzhong Wu) #50429
- [ecfc951ddc] - test: report error wpt test results (Chengzhong Wu) #50429
- [deb0351d95] - test: replace forEach() with for...of (Ram) #49794
- [f885dfe5e3] - test: replace forEach() with for...of in test-trace-events-http (Chand) #49795
- [9dc63c56db] - test: replace forEach with for...of in test-fs-realpath-buffer-encoding (Niya Shiyas) #49804
- [600d1260da] - test: fix timeout of test-cpu-prof-dir-worker.js in LoongArch devices (Shi Pujin) #50363
- [099f5cfa0a] - test: fix vm assertion actual and expected order (Chengzhong Wu) #50371
- [a31f9bfe01] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #50352
- [6c59114947] - test: ensure never settling promises are detected (Antoine du Hamel) #50318
- [9830ae4bf7] - test_runner: add tests for various mock timer issues (Mika Fischer) #50384
- [2c72ed85fb] - test_runner: pass abortSignal to test files (Moshe Atlow) #50630
- [c33a84af11] - test_runner: replace forEach with for of (Tom Haddad) #50595
- [29c68a22bb] - test_runner: output errors of suites (Moshe Atlow) #50361
- [e64378643d] - (SEMVER-MINOR) test_runner: adds built in lcov reporter (Phil Nash) #50018
- [4aaaff413b] - test_runner: test return value of mocked promisified timers (Mika Fischer) #50331
- [4a830c2d9d] - (SEMVER-MINOR) test_runner: add Date to the supported mock APIs (Lucas Santos) #48638
- [842dc01def] - (SEMVER-MINOR) test_runner, cli: add --test-timeout flag (Shubham Pandey) #50443
- [613a9072b7] - tls: fix order of setting cipher before setting cert and key (Kumar Rishav) #50186
- [d905c61e16] - tls: use validateFunction for options.SNICallback (Deokjin Kim) #50530
- [c8d6dd58e7] - tools: add macOS notarization verification step (Ulises Gascón) #50833
- [c9bd0b0c0f] - tools: use macOS keychain to notarize the releases (Ulises Gascón) #50715
- [932a5d7b2c] - tools: update eslint to 8.54.0 (Node.js GitHub Bot) #50809
- [d7114d97be] - tools: update lint-md-dependencies to rollup@4.5.0 (Node.js GitHub Bot) #50807
- [93085cf844] - tools: add workflow to update release links (Michaël Zasso) #50710
- [66764c5d04] - tools: recognize GN files in dep_updaters (Cheng Zhao) #50693
- [2a451e176a] - tools: remove unused file (Ulises Gascon) #50622
- [8ce6403230] - tools: change minimatch install strategy (Marco Ippolito) #50476
- [97778e2e77] - tools: update lint-md-dependencies to rollup@4.3.1 (Node.js GitHub Bot) #50675
- [797f6a9ba8] - tools: add macOS notarization stapler (Ulises Gascón) #50625
- [8fa1319352] - tools: update eslint to 8.53.0 (Node.js GitHub Bot) #50559
- [592f57970f] - tools: update lint-md-dependencies to rollup@4.3.0 (Node.js GitHub Bot) #50556
- [2fd78fc39e] - tools: compare ICU checksums before file changes (Michaël Zasso) #50522
- [631d710fc4] - tools: improve update acorn-walk script (Marco Ippolito) #50473
- [33fd2af2ab] - tools: update lint-md-dependencies to rollup@4.2.0 (Node.js GitHub Bot) #50496
- [22b7a74838] - tools: update gyp-next to v0.16.1 (Michaël Zasso) #50380
- [f5ccab5005] - tools: skip ruff on tools/gyp (Michaël Zasso) #50380
- [408fd90508] - tools: update lint-md-dependencies to rollup@4.1.5 unified@11.0.4 (Node.js GitHub Bot) #50461
- [685f936ccd] - tools: avoid npm install in deps installation (Marco Ippolito) #50413
- [7d43c5a094] - Revert "tools: update doc dependencies" (Richard Lau) #50414
- [8fd67c2e3e] - tools: update doc dependencies (Node.js GitHub Bot) #49988
- [586becb507] - tools: run coverage CI only on relevant files (Antoine du Hamel) #50349
- [2d06eea6c5] - tools: update eslint to 8.52.0 (Node.js GitHub Bot) #50326
- [6a897baf16] - tools: update lint-md-dependencies (Node.js GitHub Bot) #50190
- [e6e7f39b9e] - util: improve performance of normalizeEncoding (kylo5aby) #50721
- [3b6b1afa47] - v8,tools: expose necessary V8 defines (Cheng Zhao) #50820
- [2664012617] - vm: allow dynamic import with a referrer realm (Chengzhong Wu) #50360
- [c6c0a74b54] - wasi: document security sandboxing status (Guy Bedford) #50396
- [989814093e] - win,tools: upgrade Windows signing to smctl (Stefan Stojanovic) #50956
Sonatype Nexus Repository 3.64.0
- NEXUS-31215: Fixed an issue that was causing some PyPi assets to be missing from the Browse screen after migrating from OrientDB to PostgreSQL.
- NEXUS-32028: Changed the logging level from WARN to DEBUG in the blobstore class that tracks attributes of an asset being accessed in an unexpected soft-deleted state. This will prevent spamming the main nexus.log with messages at a WARN level for operations considered normal when running the compact blob store task.
- NEXUS-35207: Fixed an issue that was preventing the GA last-modified date from being updated in the maven-metadata.xml when deploying a new GAV in some instances after migrating from Sonatype Nexus Repository 2 to 3. As part of this fix, the Last Modified date is no longer visible in the Browse UI view; you can still tell when the maven-metadata.xml was last updated by looking at the Blob Updated date in the UI or using the REST API.
- NEXUS-35741: Added validation to prevent users from updating an existing task with an invalid cron_expression.
- NEXUS-35956: Resolved an issue that was breaking pagination when a given Docker repository is inside of a group.
- NEXUS-38856: The NotFoundCache is not populated with paths when a repository is in an auto-blocked or manually blocked state.
- NEXUS-39935: There is no longer an error when installing pods ('OpenSSL-Universal', '1.1.1100') via a Sonatype Nexus Repository 3 Cocoapods proxy repository.
- NEXUS-40140, NEXUS-40712: The import and export tasks work as expected on npm assets without unexpectedly skipping any and while correctly preserving attributes.
- NEXUS-40345:Resolved an issue that was preventing certain npm packages from being proxied from the official registry. This fix included the following dependency version changes:
- upgraded jackson version from 2.15.0 to 2.15.3
- upgraded snakeyaml version from 2.0 to 2.2
- upgraded swagger version from 1.6.2 to 1.6.11
- NEXUS-40495: Increased the browse node sequence limit for H2 and PostgreSQL implementations so that the database schema will not run out of sequence values.
- NEXUS-40514: Any attempt to change the blob store of an existing repository via the REST API will be rejected with an HTTP 400 response.
- NEXUS-40610: Resolved an issue that was preventing some users from uploading Jruby gems with "-java" in their version names to hosted ruby repositories.
- NEXUS-40639: FluentAssets and FluentComponents are now able to retrieve assets in group repository storage.
- NEXUS-40771: Using "%3A" or a colon for URL encoded strings in raw repositories now works as expected.
- NEXUS-40775: Database Migrator: Made filtering change to reduce load on the database migrator, improving database migrator performance.
- NEXUS-40808: Database Migrator: The database migrator now gracefully handles characters that PostgreSQL does not support.
OpenUpdate - January 11, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Apache Tomcat 10.1.18
- Fix BZ 68378 - add mime type for mjs and others - aligning with httpd
- Align embedded MIME type mappings with BZ 68378 updates to web.xml
- Fix BZ 68348 - add support for the cookie attribute partitioned
- Improve French and Japanese translations.
RabbitMQ 3.12.12
Minimum Supported Erlang Version
- As of 3.12.0, RabbitMQ requires Erlang 25. Nodes will fail to start on older Erlang releases.
- Users upgrading from 3.11.x (or older releases) on Erlang 25 to 3.12.x on Erlang 26 (both RabbitMQ and Erlang are upgraded at the same time) must consult
the v3.12.0 release notes first.
Changes Worth Mentioning
- Release notes can be found on GitHub at rabbitmq-server/release-notes.
Core Broker
Bug Fixes:
- Environments with a lot of quorum queues could experience a large Erlang process
build-up. The build-up was temporary but with a sufficiently large number of
quorum queues it could last until the next round of periodic operations,
making it permanent and depriving the node of CPU resources. - RabbitMQ core failed to propagate more authentication and authorization context, for example,
MQTT client ID in case of MQTT connections, to authN and authZ backends. This was not intentional. - Nodes now takes more precaution about persisting feature flag state
(specifically the effects of in-flight changes) during node shutdown.
Enhancements:
- Simplified some type specs.
Stream Plugin
- One returned error value did not match the RabbitMQ Stream Protocol specification.
MQTT Plugin
Bug Fixes:
- Recovering connections from QoS 0 consumers (subscribers) could fail if they were previously connected to a failed node.
CLI Tools
Bug Fixes:
- Since #10131 (shipped in 3.12.11, some CLI commands in certain scenarios could fail to accept input via standard output.
AWS Peer Discovery Plugin
Enhancements:
ActiveMQ 6.0.1
Bug Fixes:
[AMQ-9398] - Fix Jakarta EE 10 support via xml wiring for activmeq-ra
[AMQ-9399] - Clean-up OSGi headers for a couple modules
[AMQ-9405] - Supplied jetty.xml fails to load if ssl is enabled
[AMQ-9408] - Jolokia throws exception during Windows service startup
Improvement:
[AMQ-8133] - Consider adding IBM Z (s390x) into Apache ActiveMQ Jenkins CI
[AMQ-9328] - Update website cleaning/mentioning ActiveMQ 6.0.0 and update activemq component
Task:
[AMQ-9389] - Add JDK 22, arm and windows nodes to Jenkins builds
[AMQ-9401] - Minor doc update referencing javax instead of jakarta
Dependency Upgrade:
[AMQ-9402] - Upgrade to Shiro 1.13.0
[AMQ-9403] - Upgrade Jackson 2.16.0
[AMQ-9404] - Upgrade to Spring 6.0.14
[AMQ-9406] - Upgrade to Camel 4.2.0
[AMQ-9407] - Upgrade to log4j 2.22.0
OpenUpdate - January 4, 2024
Stay Informed
This week, read about:
Key Security, Maintenance, and Features Releases
Security Based Updates
Updates to the OpenLogic CentOS Repository
*) OpenLogic’s Enterprise Linux Team has recently published the following updates:
We recommend that you update your CentOS 6 systems to ensure proper timekeeping. As usual, please ensure that you test these updates before deploying to production. If you don't currently have CentOS repo access, please reach out to your Perforce/OpenLogic salesperson … you may already be entitled to access with your existing support contract!
Non-Security Based Updates
Jenkins 2.438
- Update the appearance of the stop button. (pull 8780)
- Use a notification and Jenkins modal for 'Apply' button failures. (pull 8394)
- Display correct time zone in build history. (issue 71965)
- The
tunnel
property on an inbound
agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). (pull 8793)
Jenkins 2.439
- Avoid repeated tool downloads from misconfigured HTTP servers. (issue 72469)
- Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled. (issue 72370)
RabbitMQ 3.12.11
Core Broker
Bug Fixes:
- Quorum queue declared when one of cluster nodes was down could trigger
connection exceptions. - Avoids a rare exception that could stop TCP socket writes on a client connection.
- queue_deleted and queue_created internal events now include queue type as a module name,
and not an inconsistent (with the other queue and stream types) value classic.
Enhancements:
- Definition files that are virtual host-specific cannot be imported on boot. Such files will now be
detected early and the import process will terminate after logging a more informative message. - Previously the import process would run into an obscure exception.
AMQP 1.0 Plugin
Bug Fixes:
- Several AMQP 1.0 application properties are now more correctly converted
to AMQP 0-9-1 headers by cross-protocol Shovels. - The priority property now populates an AMQP 1.0 header with the same name,
per AMQP 1.0 spec. - This is a potentially breaking change.
Prometheus Plugin
Enhancements:
- Metric label values now escape certain non-ASCII characters.
MQTT Plugin
Bug Fixes:
- Avoids an exception when an MQTT client that used a QoS 0 subscription reconnects
and its original connection node is down. - Avoids an exception when an MQTT client connection was force-closed via the HTTP API.
CLI Tools
Bug Fixes:
- Certain CLI commands could not be run in a shell script loop, unless the script explicitly
redirected standard input.
Enhancements:
- rabbitmq-diagnostics cluster_status now responds much quicker when a cluster node
has gone down, were shut down, or otherwise has become unreachable by the rest of the cluster.
Management Plugin
Bug Fixes:
- Reverted a change to DELETE /api/queues/{vhost}/{name} that allowed removal of
exclusive queues and introduced unexpected side effects. - DELETE /api/policies/{vhost}/{policy} returned a 500 response instead of a 404 one
when target virtual host did not exist. - Avoid log noise when an HTTP API request is issued against a booting
or very freshly booted node.
Enhancements:
- HTTP API endpoints that involves contacting multiple nodes now respond much quicker when a cluster node
has gone down, were shut down, or otherwise has become unreachable by the rest of the cluster - Definition exported for just one virtual host cannot be imported at node boot time.
Now such files are detected early with a clear log message and immediate node boot process termination.
AWS Peer Discovery Plugin
Enhancements:
- Type spec and test corrections.
Spring Boot 3.2.1
Bug Fixes:
- HibernateJpaAutoConfiguration should be applied before DataSourceTransactionManagerAutoConfiguration #38880
- META-INF entries are duplicated under BOOT-INF/classes causing "Conflicting persistence unit definitions" error #38862
- logging.include-application-name has no effect when using log4j2 #38847
- Pulsar authentication param properties cause IllegalStateException with Pulsar Client 3.1.0 #38839
- Child context created with SpringApplicationBuilder runs parents runners #38837
- getSigners() info is lost for signed jars when using the new loader implementation with requiresUnpack #38833
- TestContainers parallel initialization doesn't work properly #38831
- Zip file closed exceptions can be thrown due to StaticResourceJars closing jars from cached connections #38770
- Multi-byte filenames in zip files can cause an endless loop in ZipString.hash #38751
- Gradle task "bootJar" fails with "Failed to get permissions" when using Gradle 8.6-milestone-1 #38741
- Custom binding converters are ignored when working with collection types #38734
- WebFlux and resource server auto-configuration may fail due to null authentication manager #38713
- It is unclear that Docker Compose services have not been started as one or more is already running #38661
- Spring Boot jar launcher does not work in folders containing certain chars #38660
- FileNotFoundException is thrown eagerly from unused SSL bundles #38659
- NoUniqueBeanDefinitionFailureAnalyzer does not account for the fact that missing '-parameters' may be the cause #38652
- Traces are propagated if tracing is disabled #38641
- Missing registry auto-configuration for JMS listener observation support #38613
- Class loading fails on an interrupted thread causing com.mongodb.event.ServerClosedEvent to fail to load when Mongo detects a cluster change #38611
- Failures due to code not being compiled with '-parameters' are hard to identify #38603
- System SSL certificates are not used by the Apache HTTP Client in a RestTemplate built with RestTemplateBuilder #38600
- ZipFileSystem throws "java.util.zip.ZipException: read CEN tables failed" with certain nested jars #38595
- Nested jar URLs cannot be split and reassembled resulting in errors with projects that use this technique (such as JobRunr) #38592
- NoSuchMethodError can be thrown from Session.getCookie() due to binary incompatibilty #38589
- management.metrics.tags has been deprecated without a replacement working for all metrics #38583
- NegativeArraySizeException can be thrown from org.springframework.boot.loader.zip.ZipContent$Loader #38572
- Migration form 3.1.5 to 3.2.0 : "Default" Tracer is not provided in test anymore #38568
- TomcatWebServer stop doesn't close sockets for additional connectors #38564
- Port is already in use when using
@SpringBootTest
with a separate management port and a mock web environment #38554 - Keep-alive property causes processAot step to never finish #38531
- Setting 'spring.task.scheduling.shutdown.await-termination-period' does not result in a call to SimpleAsyncTaskScheduler#taskTerminationTimeout #38530
- Setting 'spring.task.execution.shutdown.await-termination-period' does not result in a call to SimpleAsyncTaskExecutor#taskTerminationTimeout #38528
- Nested URLs return null from classLoader.getResource("") causing ClassPathResource failures #38524
- Spring Boot 3.2 is not compatible with older versions of Liquibase #38522
- Controller level exceptions not getting populated in HTTP server requests metrics #33731
Strimzi 0.39
Important: Strimzi 0.39 is the last minor release with support for Kubernetes 1.21 and 1.22. From Strimzi 0.40 on, only Kubernetes 1.23 and newer will be supported. Main changes since 0.38.0. This release contains the following new features and improvements:
- Add support for Apache Kafka 3.5.2 and 3.6.1
- The StableConnectIdentities feature gate moves to GA stage and is now permanently enabled without the possibility to disable it.
All Connect and Mirror Maker 2 operands will now use StrimziPodSets. - The KafkaNodePools feature gate moves to the beta stage and is enabled by default.
If needed, KafkaNodePools can be disabled in the feature gates configuration in the Cluster Operator. - The UnidirectionalTopicOperator feature gate moves to the beta stage and is enabled by default.
If needed, UnidirectionalTopicOperator can be disabled in the feature gates configuration in the Cluster Operator. - Improved Kafka Connect metrics and dashboard example files
- Allow specifying and managing KRaft metadata version
- Add support for KRaft to KRaft upgrades (Apache Kafka upgrades for the KRaft-based clusters)
- Improved Kafka Mirror Maker 2 dashboard example file
- Support for rolling updates of KRaft controller nodes
AWX 23.6.0
- Fixed the integration tests AWX awx collection (@jainnikhil30 #14702)
- Reduced the timeout default of 6 hours on various GitHub actions tasks (@relrod #14704)
- Separated TOX calls in the Read The Docs configuration into two clearly distinct steps to prevent logs related to installing dependencies do not get mingled with logs for the docs build (@oraNod #14673)
- Added support for AWX to authenticate with HashiCorp Vault using TLS client certificates and updated the documentation for the HashiCorp Vault Secret Management plugins to include both the new TLS options and the missing Kubernetes auth method options (@marbindrakon #14534)
- Removed the required=True flags from all of the SAML backend fields to prevent the web service to fail to start correctly if a conflict occurs due to one of these settings is set in the settings.py file (@tylergmuir #14666)
- Added a dependabot configuration to keep the docsite requirements updated (@oraNod #14670)
- Added django-ansible-base to AWX (@jessicamack #14705)
- Removed incorrectly formatted line from requirements.txt (@jessicamack #14714)
- Fixed updater bug due to missing newline at end of file (@AlanCoding #14713)
- Fixed undefined error in the Settings Logging Edit form from the automation controller user interface (@marshmalien #14715)
- Updated setuptools-scm dependencies (@jessicamack #14716)
- Added new capability to the API, deleting hosts from inventory in bulk with one API call instead of deleting them one by one (@Avilir #14462)
- Removed superwatcher from docker-compose dev container (@TheRealHaoLiu #14708)
- Fixed rsyslogd from unexpectedly stop sending events to Splunk HTTP Collector and recover rsyslog from 4xx errors (@TheRealHaoLiu #14719)
- Simplified RBAC get_roles_on_resource method (@AlanCoding #14710)
- Reduced the actor types accepted for RBAC evaluations (@AlanCoding #14709)
- Replaced the AWX filtering component with the filtering from django-ansible-base (@john-westcott-iv #14726)
- Added AWX collection export tests (@chrismeyersfsu #14728)
- Fixed twilio_backend.py to send SMS to multiple destinations (@mahoutukaisali #14656)
- Updated schedule Prompt on launch fields to persist when editing (@keithjgrant #14736)