Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 40 FEDORA-2024-129d8ca6fc High: Velocity Type Confusion Fixes

fedora
Calendar Grey March 7, 2024
Dist Fedora Esm H88
Stay updated on Fedora security releases for Velocity Java templates and issues fixed. Get details here!
Change for system JDK from 17 to 21

Summary

Velocity is a Java-based template engine. It permits anyone to use the

simple yet powerful template language to reference objects defined in

Java code.

When Velocity is used for web development, Web designers can work in

parallel with Java programmers to develop web sites according to the

Model-View-Controller (MVC) model, meaning that web page designers can

focus solely on creating a site that looks good, and programmers can

focus solely on writing top-notch code. Velocity separates Java code

from the web pages, making the web site more maintainable over the long

run and providing a viable alternative to Java Server Pages (JSPs) or

PHP.

Velocity's capabilities reach well beyond the realm of web sites; for

example, it can generate SQL and PostScript and XML (see Anakia for more

information on XML transformations) from templates. It can be used

either as a standalone utility for generating source code and reports,

or as an integrated component of other systems. Velocity also provides

template services for the Turbine web application framework.

Velocity+Turbine provides a template service that will allow web

applications to be developed according to a true MVC model.

Update Information:

Change for system JDK from 17 to 21. upstream security release 122.0.6261.94 High CVE-2024-1938: Type Confusion in V8 High CVE-2024-1939: Type Confusion in V8 fixed bug with requires Automatic update for lucene-9.9.2-1.fc40. bump java source/target to 1.8, fixes 2266639

Topics%20covered

Topics Covered

security advisory high severity Fedora bug fix Java type confusion velocity

Change Log

* Sat Mar 2 2024 Jiri Vanek - 2.3-5 - Rebuilt for java-21-openjdk as system jdk * Fri Mar 1 2024 Jiri Vanek - 2.3-4 - bump of release for for java-21-openjdk as system jdk

References


[ 1 ] Bug #2123726 - consoleImageViewer crashes at start https://bugzilla.redhat.com/show_bug.cgi?id=2123726 [ 2 ] Bug #2261062 - directory-maven-plugin: FTBFS in Fedora rawhide/f40 https://bugzilla.redhat.com/show_bug.cgi?id=2261062 [ 3 ] Bug #2266639 - directory-maven-plugin fails to build with java-21-openjdk https://bugzilla.redhat.com/show_bug.cgi?id=2266639 [ 4 ] Bug #2266934 - CVE-2024-1938 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266934 [ 5 ] Bug #2266937 - CVE-2024-1939 chromium: type confusion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266937 [ 6 ] Bug #2267486 - Include Java 21 as system Java Change in Fedora 40 Beta https://bugzilla.redhat.com/show_bug.cgi?id=2267486

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-129d8ca6fc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: velocity
Product: Fedora 40
Version: 2.3
Release: 5.fc40
URL: https://velocity.apache.org/
Summary: Java-based template engine

Topics%20covered

Topics Covered

security advisory high severity Fedora bug fix Java type confusion velocity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here