The H Roundup - VP9, LibreOffice, Oracle, Red Hat and Java EE 7

Welcome to The H Roundup, your review of the week with the most read news on The H, the security alerts and open source releases, and the essential feature articles – all in one quick-to-scan news item. This week: VP9 matures, LibreOffice stabilises, SCO came back, Oracle slipped up, Red Hat grew, Songbird died, and open source got a knock back from the UK government. Also features looked at Java EE 7 and how to secure web applications with CSP.

Top News

Google's VP9 video codec is getting closer to being deployed as it begins to be enabled in Chrome and Chromium. Meanwhile, as a prelude to LibreOffice 4.1, 4.0.4 has been released with a wide range of fixes. And back from the archives, SCO has managed to breath life into its case against IBM over Linux.

• Google's VP9 web video codec enters home straight
• LibreOffice 4.0.4 arrives with 98 improvements
• SCO v IBM case resurrected
  

Accidents can happen as Oracle found out when a bug removed the GPLv2 licence from the MySQL manual pages, a result that was noted by the MariaDB developers. Meanwhile Red Hat is saying it hasn't picked databases for RHEL 7, despite an engineer stating they had done so at the Red Hat Summit. It made no difference to the company, which continues to deliver a good set of figures for the last quarter.

• Oracle bug accidentally removes GPL licence from MySQL man pages
• Red Hat says no MariaDB/MySQL decision made
• Red Hat continues to grow
  

It may have required physical access, but a bug in BlackBerry 10 OS meant an attacker could compromise the remote password reset facility in the mobile operating system. The UK government rolled back their previously stated preference for open source software to a much more inoffensive, at least for particular lobbyists, level playing field declaration.

• Critical vulnerability in BlackBerry 10 OS
• Open source preference blunted in UK Government guide

It is deceased – it has shuffled off its mortal coil; so it ended for the development of the Songbird media player. Still at least new things are being made out there as The H covered in the latest instalment of Hardware Hacks.

• Songbird media player to cease development
• Hardware Hacks: Onion Pi, DesignSpark and Arduino control boards
  

Features

As Java EE 7 arrived, The H asked Markus Eisele to round up what actually arrived in the somewhat feature-muted release and what is going to make a difference to Java developers as the standard settles in.

• Java EE 7 at a glance

XSS – cross-site scripting – plagues the modern web site and, despite trying to convince developers to be extremely careful when processing input from users in web apps, it still happens. Now CSP, Content Security Policy, offers a way to lock down what and where input comes from to block malicious content being ingested. The H Security takes a look at what's needed to make use of CSP.

• Content Security Policy halts XSS in its tracks
  

Open Source Releases

Updates for Debian 7, MediaGoblin, LLVM, Subversion, TypeScript, and the arrival of TokuMX's storage-enhanced variant of MongoDB, PHP 5.5 and more make up a busy week of releases. More releases can be found in The H's regular items, Open Recall and Developer Break.

• Debian 7.1 coughs up first Wheezy fixes
• Open Recall: MIMO, openSUSE milestone, Minecraft Assemble, Cube Slam
• MediaGoblin 0.4.0 adds document support
• LLVM 3.3 introduces full C++11 support
• Subversion 1.8 learns new moves and brings automatic reintegration
• TypeScript 0.9 introduces support for generics
• TokuMX brings "Fractal Tree indexing" to MongoDB
• PHP 5.5.0 adds optimizer and drops Windows XP support
• Open Recall: OSI Elections, xda:devcon and Wikimedia on PRISM
• Developer Break: Lucene, Solr, Spring Roo, Node.js, PyQt 5 and more
  

There was also the appearance of the first OpenMandriva alpha, drawing heavily on ROSA. A Wayland-enabled Kwin arrived in the latest KDE 4.11 beta and Google's Dart drew closer as the JavaScript replacement reached beta.

• First alpha version of OpenMandriva released
• KDE 4.11 beta brings Wayland support to KWin
• Google's Dart hits beta

Security Alerts

As well as the previously mentions BlackBerry 10 OS critical hole, a more important, wide-ranging security update came when Oracle fixed 40 holes in Java – 37 of which could be exploited remotely without authentication.

• Critical vulnerability in BlackBerry 10 OS
• Oracle releases fixes for 40 Java holes
  

For everything The H has published in the last week, check out the last seven days of news. To keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.

(djwm)