The version of PHP 7.2 in the current Software Collection (version 3.2) is 7.2.10, which has a number of security vulnerabilities. From the release notes for upcoming version 3.3, it appears that SCL 3.3 will keep 7.2.10 unchanged. I don't understand this. PHP 7.2.11 was released in October 2018, and the latest release on PHP's 7.2 branch is 7.2.18. What is the recommendation for addressing these vulnerabilities if SCL is choosing not to keep up?
Related
Newest available version of Tesseract is 5.x. but the latest tika is still using 4.x.
Is it possible to upgrade version of tesseractOCR in Tika?
We kept the 1.x branch alive for a year after cutting over to 2.x to
allow people time to migrate. Most of the changes in 1.x in the last
6 months or so have been security related. We will no longer support
1.x after September 30, 2022.
I've opened a ticket and PR to upgrade tesseract to 5.x in our next 2.x release -- 2.5.0.
https://issues.apache.org/jira/browse/TIKA-3860
Currently I am using Rundeck 3.0.23-20190619.
Whether Rundeck 3.0.23-20190619 is stable version?
From the https://bintray.com/rundeck/rundeck-rpm/rundeck able to see the Rundeck 3.0.23-20190619 is not yet published as GA.
2.11.14-1.70.GA is the latest GA version with build date 2019-09-13T03:37:04.000Z.
Will the application developed with 3.0.23-20190619 compatible with 2.11.14-1.70.GA?
Right now the latest stable release is 3.1.2, you can check the latest version in the changelog here. The "GA" notation is not used anymore. In some cases, you can see some updates of 2.11 / 3.0 branches focused on backports, not for new features, etc.
Your projects and jobs are compatible using 2.11, 3.0 and 3.1 branches.
Suppose I have version 1.1.0 on a NuGet server.
I then continue development and push version 1.2.0.
Then I find a bug in version 1.1.0 and want to fix this.
At this point, can I still push version 1.1.1?
There's nothing in the NuGet spec or protocol that prevents it, so it might depend on which NuGet server you're using, but I would be extremely surprised if any server forbids it because it would be so short sighted, in my opinion.
Using NuGet.Protocol on nuget.org as an example, version 4.9.3 was release in January 2019, but versions 4.8.2, 4.7.2, 4.6.3, 4.5.2, 4.4.2 and 4.3.1 were released in March, two months later.
We are planning to use Drools in our organisation with Scala/Spark. We have selected Drools Version 5.3.0 and 7.15.0 for our use but we have some stability doubts between them because Version 7.15.0 has recently launched & we are not sure whether it is stable or not.
We have practiced with Version 5.3.0 but we want to know the life cycle of it. What if after some time, Version 5.3.0 will not available for use or some update is brought for this?
So please help us to chose between them which version should we chose for longer use.
Drools 5.3 is outdated version and its not under development. Its better you go with latest release.Drools 7.15 is also stable, but if you are planning to use it for business critical application then I will recommend you to go with enterprise release of Drools 7.x , i.e Red Hat Decision Manager. With enterprise release will get patches for known issue on regular basis and one-off patch for critical issues.
RHEL 6.6 has openJDK java version "1.7.0_65" and RHEL 6.9 has openJDK java version "1.7.0_131".
What is the difference between openJDK java version "1.7.0_65" and openJDK java version "1.7.0_131".
Does it has any impact on the product? Which was working fine previously with openJDK java version "1.7.0_65".
How it makes difference keeping only openJDK java version "1.7.0_65" in linux server RHEL 6.9 than keeping openJDK java version "1.7.0_131" in linux server RHEL 6.9
Kindly someone clarify my query.
Thanks in advance.
1.7.0_65 is very old jdk. That means it is full of known, security bugs - see https://www.oracle.com/technetwork/topics/security/alerts-086861.html.
Every 1/4year, oracle releases bunch of fixes for openjdk. Red Hat engineers backport them for you to openjdk7. So jdk gets updated aprox 4x per year in rhel 6.
Big deal is given in RedHat to keep rhel X compatible during its lifecycle, and java is no exception. So the update from 1.7.0_65 to 1.7.0_131 (guessing with 6.6->6.9 update) should be perfectly smooth. In unlike case of accident, it is case to red hat bugzilla xor custommer portal and rh's OpenJDK team will do its best to fix it.
Long story short, is is very bad idea to have such old jdk on your system.
RHEL 6.6, as initially released, has java-1.7.0-openjdk-1.7.0.65-2.5.1.2.el6_5. This version is based on OpenJDK 7u65 and IcedTea 2.5.1, released 2014-07-16. As such, it is over two and a half years old.
RHEL 6.9 has java-1.7.0-openjdk-1.7.0.131-2.6.9.0.el6_8 which was released on 2017-02-14. Between those two versions, there have been numerous bug fixes and several security updates.
Oracle release Java security updates on a quarterly basis and we at Red Hat apply those to our packages. Since taking over leadership of OpenJDK 7 after 7u80, we also create the backports for that version, using the patches from OpenJDK 8.
Upgrading to the newer version should be low risk, as each new build is testing against the Java 7 compatibility kit provided by Oracle. There is more of a risk in continuing to use a version which is prone to several known security exploits.
Moreover, if you raise a bug, one of the first things we're likely to ask you to do is try the latest version, and any fix for such a bug would go to the new version, not the unsupported 1.7.0_65.
There should also be a new release based on OpenJDK 7u141 coming in the next few weeks. That will contain a further collection of security updates and bug fixes.
Full details of each version are available on my release blog.