October was full of popular product releases, including Node.js, MySQL, Firefox, Tor Browser, Joomla, and more. We've rounded up the latest so you don't miss out on the updates that will benefit you.
As always, we pay special attention to new fraud schemes that can easily compromise your privacy.
The Node.js developers have announced the release of version 21. Highlights include an upgrade of the V8 JavaScript engine to version 11.8, a new experimental flag for changing default module settings, a built-in WebSocket client, many updates to the test-runner, and other changes. Node.js 21 will replace Node.js 20 as our "current" release lineup when Node.js 20 moves to long-term support (LTS) later this month.
The @nodejs/performance team has also been hard at work over the past year improving URLs, fetch, streams, node:fs, and HTTP. The Node.js streams team continues to optimize Writable and Readable streams. In version 21, streams maintainer Robert Nagy led the effort to further optimize streams by removing redundant checks, using bitmaps, and scheduling callbacks more efficiently.
Also among the updates are:
Firefox 119 was announced on October 24 and marked a significant rollout of Firefox View.
Firefox View now includes more content. You can now see all open tabs from all windows, tabs open on other devices, and previously closed tabs.
Firefox 119 supports PDF editing, importing extensions from Chrome, and splitting Blob URLs into pieces (reducing potential tracking vectors) as part of Firefox's Total Cookie Protection.
The new release includes updates to the Storage Access API web standard to improve security, reduce website crashes, and ensure that third-party cookies are not used in Firefox.
Also, from a security perspective, the Encrypted Client Hello (ECH) feature is now available to Firefox users for a more private browsing experience. ECH extends the encryption used in TLS connections to better protect sensitive data.
Many fixes from the previous version of Firefox are included in Firefox 119.
Just ahead of Firefox, the Tor Browser was updated to version 13.0 on October 12. This is the first stable release based on Firefox ESR 115.
There have been major changes to the system and several visual changes:
The release of Joomla 5.0 came in mid-October and brought with it some pretty major updates:
Joomla 4.4 has no new features. However, it is required to upgrade from Joomla 4.x to Joomla 5.x. It contains updates to provide a smoother upgrade process but does not contain any new features.
However, the Russian localization of Joomla 4.4 is currently underway. You can download and manually install the Russian version from the official source on GitHub.
A new version of the MySQL database management system has been released. The MySQL Community Server 8.2.0 build for major Linux, FreeBSD, MacOS, and Windows distributions is now available to the public.
MySQL 8.2.0 has been released with two types of branches: Innovation and LTS. In a nutshell, we can say that Innovation is offered to those who want to take advantage of the latest software changes that are released every three months. LTS branches are for more stable and predictable updates.
Major changes in MySQL 8.2 are:
MySQL 8.4 LTS is expected to be released in the spring of 2024, after which the new Innovation branch 9.0 will be formed.
With many changes and improvements, the new Linux kernel version 6.6 has been released.
The new release significantly expands the ability to work with network protocols and devices. The KSMBD server for the SMB protocol is integrated, which will speed up file sharing. Added support for Intel's Shadow Stack technology to protect against ROP attacks and AMD's Dynamic Boost Control to tune Ryzen processors.
The EEVDF scheduler was also implemented to improve performance on AMD and Intel multi-core CPUs, the KVM hypervisor's interaction with RISC-V guest operating systems was improved, and the code was extensively cleaned of obsolete elements. Linux 6.6 introduced additional temperature and voltage sensors for desktop motherboards.
On the security side, more than 20 vulnerabilities have been fixed, including those related to Curl and OpenSSL, and a crash bug when disabling Logitech USB devices has been fixed.
Linux 6.6 is likely to be an LTS (long-term support) release. Overall, this release continues to improve the functionality of the kernel.
A vulnerability has been discovered in iOS and macOS that could allow the theft of passwords, email, and payment information from Safari.
The culprit is a bug in the WebKit browser engine that uses the JavaScript window.open function to group sites from different domains into a single process. As a result, when a user visits one site, another resource containing malicious code is opened in the background. Accordingly, it is possible to extract sensitive data from this process.
The vulnerability, named iLeakage, can be exploited on devices with A12, M1, and newer processors. The bug is only found in WebKit-based browsers, i.e., all available browsers on iOS and only Safari on MacOS. It is known that no one has exploited this vulnerability yet, and Apple is already preparing a patch.
Meanwhile, attackers have begun using a new fake browser update attack (ClearFake). Fraudsters hack into WordPress sites and insert scripts that display fake update notifications for a specific visitor's browser. The fake page is customizable for the user and most often reports that content cannot be viewed until the browser is updated to the "latest" version. If clicked, malware is downloaded.
The group previously stored malicious update files on Cloudflare, but after they were blocked, they posted them as cryptocurrency transactions on the Binance Smart Chain (BSC). Binance has blacklisted the addresses of the distributors and developed a model to detect similar attacks in the future.