We using graphdb-free-9.11.1. To remediate CVE-2022-42889, Can we replace commons-text-1.9.jar with commons-text-1.10.0.jar?
For the free version of GraphDB, instead of 9.11.5, better consider upgrading to the latest 10.1.4. The commons.text is version 1.10.0. As I don't know your environment, you can request a free version from here https://www.ontotext.com/products/graphdb/download/.
Related
I need a newer version of binutils on Amazon Linux to compile a piece of needed software. This is due to a bug in version 2.29 which is the latest available in their repo. What would be the best way to add another repo, and will this mess up future uses of the yum command as I add and remove non-approved repos? Can I just add in a repo from a similar flavor like CentOS? Does Amazon have a less "Safe" version that has up to date software in it?
For me the safest way to get newer version on your VM is to compile it and install it in different place like /opt/binutils or /usr/local/binutils and use absolute paths for utils.
I am trying to upgrade from Typo3 6.2 to a later version (to be determined). When I run the Core Update in the install tool the 'Fetched list of released versions' works, however, it is then followed by a 'General error'. In the log, this is the error:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1380898792: No version matrix found in registry, call updateVersionMatrix() first. | TYPO3\CMS\Install\Service\Exception\CoreVersionServiceException thrown in file /home/usr/public_html/typo3/sysext/install/Classes/Service/CoreVersionService.php in line 271. Requested URL: https://domain.dev/typo3/sysext/install/Start/Install.php?install[action]=importantActions&install[context]=backend&install[controller]=tool&install%5Bcontroller%5D=ajax&install%5Baction%5D=coreUpdateIsUpdateAvailable&_=1608549770287
I have looked around for ages and can't find a fix that works. I will be very grateful for any help, please.
I don't think that you can update such an old Version by the install-tool update mechanism any more. since that version a lot has changed.
newer versions of 6.2 are only available as paid service (ELTS) from the TYPO3 GmbH.
And I think the server structure also changed meanwhile so that old ULRs might fail.
your way of update should be a manual update to (any outdated version of) 7 LTS, then the same for 8 LTS until you come to 9 LTS and 10 LTS
on each version do the upgrade wizards and fresh up the extensions if possible (including the upgrade wizards of the extensions).
individual extensions need their own updates.
use the deprecation log on each version to identify possible failures for the next TYPO3 version.
somewhere between you might change the installation to composer installation, which will result in a cleaner update way (if you are familiar with composer). for the future it will be very helpful to understand composer.
I try to install a server using Mono v.4.
The current version is 5.2.
I reached for the sources.list mono debian/snapshots/X.XX.X as recommanded
(where X.XX.X = 4.0.4, 4.8.0, 4.9.0 or 5.0.0) but it always installs the 3.2.8 or 5.0.0.100 anyway.
Has somebody the mirror to a mono 4.XX.X, please ?
Or other solution to access the mono v.4 ?
Thanks
I finally found the sources of all versions of Mono.
I let them here for those who can need.
List of Mono versions
Sources downloads.
Hope that will help.
What is the most reliable source to find the latest version number?
Is it github?
And if yes, which version should I take?
Right now, here is what I see:
Should I take the 1.0.2k?
But then 1.1.0d seems like it is more recent (if it follows semantic versioning). What do the letters actually mean?
Note: in my case this is to compile an openssl version with nginx.
Last time I picked (quite randomly) the version 1.0.2h which seemed the latest at the time.
So what is the process to follow to find the latest openssl version?
https://www.openssl.org/ shows which version are current and supported.
Currently there are two major versions in development: 1.1.0 and 1.0.2. 1.1.0 is newer and has more features. But due to the cleanups between 1.0.2 and 1.1.0 lots of undocumented API (i.e. things which never were an official API but got used anyway since no official API existed) got broken and not all software works or works stable with 1.1.0 yet. Also, 1.1.0 tends to introduce not only features but also bugs faster than 1.0.2 when looking at the release history. And with 1.1.0 the chance is higher that documented behavior changes even between patch releases.
Thus if you need the new features with 1.1.0 then go with it. If you prefer a more stable version with a smaller chance of bugs use 1.0.2. In all cases you should always use the latest patch release and keep using it if new patches get released or backport security patches.
Since MT 4 version still has some bugs for WCF services, I would downgrade it to 3.2.6.
I've recovered this old version but now it doesn't work because I have a more recent mono-framework version. What steps do I have to follow for disinstalling mono-framework 2.10.1_3 and recovering the old one?
Thank you. Regards.
Update: For those interested in, rembember to uninstall previous mono version. See this link: Uninstall Mono
Old mono-framework will recognize, that you are installing an older version over an newer one and prompt you to continue