The latest version of the cloud native application proxy, Traefik, has been released. Version v2.10.5 brings several bug fixes and documentation updates to improve the functionality and user experience of the proxy.

Bug fixes in this release include:

• Move origin fields capture to service level
• Fix preflight response status in access logs
• Update go-acme/lego to v4.14.0
• Update go-acme/lego to v4.13.3
• Update quic-go to v0.37.5
• Update quic-go to v0.39.0
• Update quic-go to v0.37.6
• Update quic-go to v0.38.0
• Update quic-go to v0.38.1
• Ignore ErrKeyNotFound error for the KV provider
• Adjust forward auth to avoid connection leak
• Improve CNAME flattening to avoid unnecessary error logging
• Allow X-Forwarded-For delete operation
• Update x/net and grpc/grpc-go
• Add missing accessControlAllowOriginListRegex to middleware view
• Fix false positive in URL anonymization

Documentation updates in this release include:

• Change Arvancloud URL
• Correct minor typo in crd-acme docs
• Remove healthcheck interval configuration warning
• Docs describe the missing db parameter in Redis provider
• Doc fix accessControlAllowHeaders examples
• Updates business callout in the documentation

These bug fixes and documentation updates contribute to a smoother and more efficient experience for users of Traefik. The latest version can be downloaded from the official Traefik GitHub repository.

This year, Raspberry Pi has released a new version of their operating system called Bookworm. While the overall Debian release, on which Raspberry Pi OS is based, doesn’t bring many changes, Bookworm introduces some major architectural updates to the Raspberry Pi Desktop.

One of the significant changes in Bookworm is the transition from using X11 to Wayland as the display system. Wayland offers improved performance by combining the functions of the display server and window manager into a single application. This consolidation also enhances security by isolating applications from each other at the compositor level.

To support Wayland, Raspberry Pi OS now uses a compositor called Wayfire, which works better as a Wayland compositor on Raspberry Pi than the previous Mutter window manager. However, Wayland is currently only the default mode on Raspberry Pi 4 and 5, with older platforms still using the X11 display server and Openbox window manager. The performance of Wayfire on these older platforms is being optimized for a future switch to Wayland.

Another significant update in Bookworm is the replacement of PulseAudio with PipeWire as the audio system. PipeWire builds upon the features of PulseAudio and provides better support for audio accompanying video, reduced latency, improved management of Bluetooth audio devices, and enhanced operation in the secure Wayland environment.

Networking in Raspberry Pi OS has also been updated with the adoption of NetworkManager as the default network controller. NetworkManager offers additional functionality, such as connecting to hidden wireless networks, virtual private networks (VPNs), and using a Raspberry Pi as a wireless hotspot. The networking plugin on the taskbar retains a familiar appearance but now includes an “Advanced Options” item to access the new features provided by NetworkManager.

The extensive changes introduced in Bookworm have necessitated updates to the Raspberry Pi OS documentation. The documentation team has been working diligently to ensure that the documentation reflects the new state of the operating system. If users come across any outdated documentation, they are encouraged to raise an issue on the documentation repository.

While Bookworm brings many improvements, there are a few features and programs that are currently missing or incompatible with the new version. Overscan compensation for displays, the system tray for application icons, and traditional remote desktop access have either been temporarily removed or replaced with alternative mechanisms. Additionally, certain programs like the SenseHAT Emulator, BlueJ and Greenfoot Java IDEs, and Sonic Pi are incompatible with Bookworm and have been removed until they are updated.

The changes in Bookworm align Raspberry Pi OS with the practices of other Linux distributions, as many have already adopted Wayland, PipeWire, and NetworkManager. These updates provide a solid foundation for future development and ensure compatibility with the broader Linux ecosystem.

While Wayland and PipeWire have been extensively tested, there may still be specific usage scenarios where issues can arise. To address this, the Advanced Settings menu in raspi-config allows users to revert to the old X11/Openbox display system and PulseAudio if necessary.

To install Bookworm, it is recommended to re-image the SD card with a clean image rather than attempting to upgrade from a previous version. Raspberry Pi Imager can be used to create an SD card with Bookworm, or users can download a Bookworm image from the Raspberry Pi website and flash it onto their SD card using their preferred tool.

Overall, Bookworm brings significant updates to the Raspberry Pi OS, including the transition to Wayland, the adoption of PipeWire for audio, and the use of NetworkManager for networking. These changes improve performance, security, and functionality, aligning Raspberry Pi OS with industry standards and providing a solid platform for future development.

Source: News - Raspberry Pi.

Curl 8.4 has been released with a focus on addressing a major security vulnerability. Following the recent announcement that Curl was preparing for one of its worst security flaws in a long time, the latest version of Curl aims to fix this issue and provide additional security improvements.

In addition to the “high” level security fix, Curl 8.4 also resolves a “low” security issue. Alongside these security updates, the release includes bug fixes and feature enhancements for the widely-used downloading library and curl command-line utility.

The main security issue addressed in Curl 8.4 is CVE-2023-38545. This vulnerability involves a heap-based buffer overflow in the SOCKS5 proxy handshake. When Curl is requested to pass the hostname to the SOCKS5 proxy for address resolution, a maximum length of 255 bytes is allowed. However, due to a bug, if the hostname exceeds this length, the buffer can be overwritten into the heap. This issue requires a slow SOCKS5 handshake and a client using a hostname longer than the download buffer to be triggered.

The other security issue resolved in this release pertains to cookie injection without a file.

On the feature side, Curl 8.4 introduces support for IPFS (InterPlanetary File System) protocols via HTTP gateways. Additionally, support for legacy MinGW.org toolchains has been dropped in this release.

For more information on all the changes in Curl 8.4, you can visit the official curl.se website.

Source: Phoronix.

k0s has released version v1.28.2+k0s.0. This all-inclusive Kubernetes distribution is designed for building Kubernetes clusters and comes packaged as a single binary for easy use. It can be used in various environments, including cloud, IoT gateways, Edge, and Bare metal deployments, thanks to its simple design, flexible deployment options, and modest system requirements.

The latest release, 1.28.2, includes several updates and improvements. Some of the highlights include:

• Kubernetes 1.28.2: The release builds with Kubernetes 1.28.2, and all the Kubernetes components are updated to the same version.
• Enhanced autopilot: The autopilot now allows the cluster to follow a specific update channel on an update server, making it easier to stay up-to-date with patch updates.
• SBOM generation: The release now generates a full signed SBOM (Software Bill of Materials) for each release, providing greater transparency and security.
• Extended OS testing matrix: The OS testing matrix now covers 22 OS and version combinations, including Alpine, CentOS, Debian, Fedora, Fedora CoreOS, Flatcar, Oracle, RHEL, Rocky, and Ubuntu.
• Updated component versions: Various components have been updated, including ContainerD, RunC, Etcd, Kine, Konnectivity, Kube-router, Calico, and CoreDNS.

For a detailed list of changes, you can refer to the release notes. This release also includes contributions from new contributors who made their first contribution to the project.

Overall, this release of k0s brings important updates and improvements, making it a reliable choice for building Kubernetes clusters in various environments.

Pi-Hole, the popular network-wide ad blocker, is rolling out its latest version, V6.0, and is inviting users to participate in beta testing and troubleshooting. The Pi-hole team is looking for brave users who are comfortable with digging into any issues that may arise. The beta version introduces several fundamental changes, and it is important to note that updating from Pi-hole 5.x to 6.0 is a one-way operation.

Some of the new features and improvements in Pi-hole V6.0 include:

• A new REST API and webserver directly embedded into the pihole-FTL binary, eliminating the need for lighttpd and php dependencies. This change reduces the installation size of Pi-hole.
• Subscribed allowlists, known as Antigravity, which allow users to whitelist specific domains while still blocking entries in subscribed blocklists.
• Consolidated settings files, with all settings now contained in a single file located at /etc/pihole/pihole.toml. The file is well-commented, making it easier for users to understand and modify settings.
• Server-side pagination of the query log, improving the performance of the query log page by loading results one page at a time.
• Redesigned settings menu in the web interface, categorized into Basic, Advanced, and Expert levels, with different settings available based on the selected mode.
• Built-in HTTPS support in FTL, allowing users to use their own certificates or generate a self-signed certificate.
• Docker image now based on Alpine, reducing the image size and potentially enabling support for more systems in the future.

The Pi-hole team emphasizes that the beta version is not yet stable for a full release. They are actively working on improving stability and addressing issues as they arise. Users who are interested in participating in the beta testing can visit the Pi-hole Discourse Forum to discuss the beta and report any findings. Contributions and suggestions for improvements are also welcome.

To try out the beta version, users can either install it as a fresh installation or switch to the v6 branches. Detailed instructions are provided for both bare metal and Docker installations.

Pi-hole V6.0 does not have a specific release date yet, but the team is working on it in their free time, aiming to release it when it’s stable and ready for production use.

Source: Pi-Hole.

AdGuard DNS Proxy has recently released version v0.56.1, which comes with some important fixes. One of the major fixes addresses the issue where queries of DS type were being incorrectly routed to the exactly matched domain-specific upstream. This behavior was in contrast to the recommendations outlined in RFC 4035 Section 2.4.

By releasing this new version, AdGuard DNS Proxy ensures that the routing of DS type queries is now in accordance with the RFC 4035 Section 2.4 recommendations. This fix enhances the overall performance and reliability of the DNS proxy. Users can now have confidence that their queries of DS type will be handled correctly and routed to the appropriate upstream destinations.