MariaDB 10.1.20 contains several enhancements and bug fixes. Notable changes:
- Innodb updated to 5.6.35
- A file format compatibility bug that was introduced in MariaDB 10.1.0 was fixed. Using page_compression or non-default innodb_page_size created files that were incompatible with MariaDB 10.0 or MySQL 5.6. MariaDB 10.1.21 will convert affected files from earlier MariaDB 10.1 releases to compatible format. This prevents a downgrade to earlier MariaDB 10.1 versions. See the commit for details.
- Performance Schema updated to 5.6.35
- Fixes for the following security vulnerabilities:
- CVE-2016-6664
- CVE-2017-3238
- CVE-2017-3243
- CVE-2017-3244
- CVE-2017-3257
- CVE-2017-3258
- CVE-2017-3265
- CVE-2017-3291
- CVE-2017-3312
- CVE-2017-3317
- CVE-2017-3318
Parse 2.3.2 contains notable changes since 2.2.24:
- New features
- Add parseFrameURL for masking user-facing pages (#3267), thanks to Lenart Rudel
- Bug fixes
- Fix Parse-Server to work with winston-daily-rotate-1.4.2 (#3335), thanks to Arthur Cinader
- Improvements
- Add support for regex string for password policy validatorPattern setting (#3331), thanks to Bhaskar Reddy Yasa
- LiveQuery should match subobjects with dot notation (#3322), thanks to David Starke
- Reduce time to process high number of installations for push (#3264), thanks to jeacott1
- Fix trivial typo in error message (#3238), thanks to Arthur Cinader
Apache Tomcat 9.0.0.M17 contains several enhancements and bug fixes. Notable changes from 9.0.0.M15-0 include:
- Catalina:
- Extend the JreMemoryLeakPreventionListener to provide protection against ForkJoinPool.commonPool() related memory leaks.
- Add HTTP status code 451 (RFC 7725) to the list of HTTP status codes recognised by the ErrorReportValve.
- Update: Update the warnings that reference required options for running on Java 9 to use the latest syntax for those options.
- Fix: Handle the case where the stored user credential uses a different key length than the length currently configured for the CredentialHandler. Based on a patch by Niklas Holm.
- Fix: Fix thread safety issue with RMI cleanup code
- Coyote:
- Fix: Ensure UpgradeProcessor instances associated with closed connections are removed from the map of current connections to Processors.
- Fix: Remove a workaround for a problem previously reported with WebSocket, TLS and APR that treated some error conditions as not errors.
- Fix: Expand the search process for a server certificate when OpenSSL is used with a JSSE connector and an explicit alias has not been configured.
- Extract the common Acceptor code from each Endpoint into a new Acceptor class that is used by all Endpoints.
- Fix: Improve the selection algorithm for the default trust store type for a TLS Virtual Host. In particular, don't use PKCS12 as a default trust store type. Better document how the default trust store type is selected for a TLS virtual host.
- Fix: Correctly handle HTTP/2 header values that contain characters with unicode code points in the range 128 to 255. Reject with a clear error message HTTP/2 header values that contain characters with unicode code points above 255.
- Fix: Improve the logic that selects an address to use to unlock the Acceptor to take account of platforms what do not listen on all local addresses when configured with an address of 0.0.0.0 or ::.
- Fix: Correct a regression in the refactoring to make wider use of ByteBuffer that caused an intermittent failure in the unit tests.
- Fix: HTTP/2 shouldn't do URL decoding on the query string.
- Fix: Fix an HTTP/2 compression error. Once a new size has been agreed for the dynamic HPACK table, the next header block must begin with a dynamic table update.
- Fix: Set request start time for HTTP/2.
- Fix: The default output buffer size for AJP connectors is now based on the configured AJP packet size rather than the minimum permitted AJP packet size.
- Jasper:
- Fix: 60497: Follow up fix using a better variable name for the tag reuse flag.
- Fix: Revert use of try/finally for simple tags.
- Update: Implement a simpler JSP file encoding detector that delegates XML prolog encoding detection to the JRE rather than using a custom XML parser.
- Fix: Restore previous tag reuse behavior following the use of try/finally.
- Fix: Improve the error handling for simple tags to ensure that the tag is released and destroyed once used.
- WebSocket:
- Fix: Correctly handle blocking WebSocket writes when the write times out just before the write is attempted.
- Fix: Prevent potential processing loop on unexpected WebSocket connection closure
- Web applications:
- Fix: Prevent potential processing loop on unexpected WebSocket connection closure.
- Fix: Improve the error handling for simple tags to ensure that the tag is released and destroyed once used.
- Fix: Restore previous tag reuse behavior following the use of try/finally.
- Implement a simpler JSP file encoding detector that delegates XML prolog encoding detection to the JRE rather than using a custom XML parser.
- Tribes:
- Fix: Reduce the warning logs for a message received from a different domain in order to avoid excessive log outputs.
- Other:
- Update: Update the NSIS Installer used to build the Windows installer to version 3.01.
- Fix: Spelling corrections provided by Josh Soref.
- Update: Update the ASF logos used in the Apache Tomcat installer for Windows to use the new versions.
Memcached 1.4.34 contains several enhancements and bug fixes. Notable fixes are:
- Fix: Add -o modern switches to -h
- Fix: metadump: Fix preventing dumping of class 63
- Fix: cache_memlimit bug for > 4G values
- Fix: metadump: ensure buffer is flushed to client before finishing
- Fix: Number of small fixes/additions to new logging
- Fix: add logging endpoint for LRU crawler
- Fix: evicted_active counter for LRU maintainer
- Fix: stop pushing NULL byte into watcher stream
- Fix: Scale item hash locks more with more worker threads (minor performance)
- Fix: Further increase systemd service hardening
- Fix: Missing necessary header for atomic_inc_64_nv() used in logger.c (solaris)
- Fix: Fix print format for idle timeout thread
- Fix: Improve binary sasl security fixes
- Fix: ix clang compile error
- Fix: Widen systemd caps to allow maxconns to increase
- Fix: Add -X option to disable cachedump/metadump
- Fix: Don't double free in lru_crawler on closed clients
- Fix: Fix segfault if metadump client goes away
Moodle 3.2.1 contains several changes. Notable changes from 3.1.3 include:
- Address the vulnerabilities in recent PHPMailer 5.2.x
- New "Boost" Bootstrap 4 theme, usability improvements of the navigation
- Messaging UI improvements
- User tours - walkthoughs/instructional overlays for first time user on page
- Pluggable media players in Moodle; Video.JS player
- Easier embedding videos in audios in Atto editor with poster, subtitles and other attributes
- New chart API and library
Sameer Naik
Bitnami Bot
Juan Ariza Toledano
Juan Ariza Toledano
Andrés Bono
Adnan Abdulhussein