SUSE-CU-2024:2837-1: Security update of bci/openjdk-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Jun 21 07:13:40 UTC 2024
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:2837-1
Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-20.18 , bci/openjdk-devel:latest
Container Release : 20.18
Severity : important
Type : security
References : 1188441 1225551 CVE-2024-4741
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:1664-1
Released: Thu May 16 07:56:10 2024
Summary: Feature update for Java
Type: feature
Severity: moderate
References:
This update for byte-buddy, javadoc-parser, jurand, modulemaker-maven-plugin, open-test-reporting, plexus-xml fixes the following issues:
byte-buddy:
- New RPM package implementation at version 1.14.13
javadoc-parser:
- New RPM package implementation at version 0.3.1
jurand:
- New RPM package implementation at version 1.3.2
modulemaker-maven-plugin:
- New RPM package implementation at version 1.11
open-test-reporting:
- New RPM package implementation at version 0.1.0-M2
plexus-xml:
- New RPM package implementation at version 3.0.0
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2000-1
Released: Wed Jun 12 05:43:59 2024
Summary: Recommended update for Java
Type: recommended
Severity: moderate
References:
This update for Java fixes the following issues:
javadoc-parser:
- Deliver javadoc-parser RPM package to meet new dependency requirements (no source changes)
maven-filtering was updated to version 3.3.2:
- Build against the plexus-build-api0 package containing sonatype
plexus build api
- Version 3.3.2:
* Changes:
+ pick correct hamcrest dependency
+ Prefer commons lang to plexus utils
+ MSHARED-1214: move tag back to HEAD
+ MSHARED-1216: Use caching output stream
+ Bump org.codehaus.plexus:plexus-utils from 3.0.16 to 3.0.24
in /src/test/resources
+ Fix typos and grammar
+ Fix 'licenced' typo in PR template
+ refactor IncrementalResourceFilteringTest
+ MSHARED-1340: Require Maven 3.6.3+
+ Bump commons-io:commons-io from 2.11.0 to 2.15.1
+ Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0
+ MSHARED-1339: Bump
org.apache.maven.shared:maven-shared-components from 39 to 41
+ MSHARED-1290: Fix PropertyUtils cycle detection results in
false positives
+ MSHARED-1285: use an up-to-date scanner instead the newscanner
+ Bump org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0
+ Bump org.codehaus.plexus:plexus-interpolation from 1.26
to 1.27
+ Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0
+ Bump release-drafter/release-drafter from 5 to 6
+ Bump org.junit.jupiter:junit-jupiter-api from 5.10.1
to 5.10.2
+ MSHARED-1351: Fix console message when origin is baseDir
+ MSHARED-1050: Fix ConcurrentModificationException for
maven-filtering
+ MSHARED-1330: Always overwrite files
- Version 3.3.1:
* Changes:
+ MSHARED-1175: Copying x resources from rel/path to rel/path
+ MSHARED-1213: Bug: filtering existing but 0 byte file
+ MSHARED-1199: Upgrade parent pom to 39
+ MSHARED-1112: Ignore setting permissions on non existing dest
files/symlinks
+ MSHARED-1144: remove rendundant error message
- Version 3.3.0:
* Changes:
+ Fixed cloning of MavenResourcesExecution's instances using
copyOf() method
+ MRESOURCES-258: Copying and filtering logic is delegated to
FileUtils
+ replace deprecated methods
+ replace deprecated code in favor of Java 7 core and apache
commons libraries
declare dependencies
+ MSHARED-1080: Parent POM 36, Java8, drop legacy.
maven-plugin-tools:
- Build against the plexus-build-api0 package containing sonatype
plexus build api
- Added dependency on plexus-xml where relevant
modello was updated to version 2.4.0:
- Build against the new codehaus plexus build api 1.2.0
- Build all modello plugins
- Version 2.4.0:
* New features and improvements:
+ Keep license structure
+ Support addition of license header to generated files
+ Make generated code - Java 8 based by default
+ threadsafety
* Bugs fixed:
+ Revert snakeyaml to 1.33 (as 2.x is not fully compatible with
1.x).
- Version 2.3.0:
* Changes:
+ Kill off dead Plexus
+ Fix for #366
- Version 2.2.0:
* Changes:
+ Parse javadoc tags in xdoc generator (only @since is supported
atm)
+ Use generic in Xpp3Reader for JDK 5+
+ Get rid of usage deprecated Reader/WriterFactory
+ Make spotless plugin work with Java 21
+ Support java source property being discovered as 1.x
+ Fix thread safety issues by not using singletons for
generators
+ Improve discovering javaSource based on maven.compiler
properties, default as 8
+ Switch Plexus Annotation to JSR-330
+ Make spotless plugin work with Java 21
- Add dependency on plexus-xml where relevant
plexus-build-api was updated to version 1.2.0:
- Version 1.2.0:
* Potentially breaking changes:
+ change package to org.codehaus.plexus.build
* New features and improvements:
+ Convert to JSR 330 component
+ Bump sisu-maven-plugin from 0.3.5 to 0.9.0.M2
+ Switch to parent 13 and reformat
+ Use a CachingOutputStream when using the build context
+ Reuse plexus-pom action for CI
+ Add README and LICENSE
+ Remove ThreadBuildContext
* Bugs fixed:
+ Store Objects in the DefaultContext in a map
+ Let the DefaultBuildContext delegate to the legacy build-api
plexus-build-api0 was implemented at version 0.0.8:
- New package
plexus-xml:
- Deliver plexus-xml RPM package to meet new dependency requirements (no source changes)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2051-1
Released: Tue Jun 18 09:16:01 2024
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1225551,CVE-2024-4741
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2079-1
Released: Wed Jun 19 05:41:08 2024
Summary: Recommended update for Java
Type: recommended
Severity: moderate
References:
This update for Gradle and Maven fixes the following issues:
gradle-bootstrap:
- Regenerate to account for the new plexus-xml dependency
gradle:
- Fixed build with the `plexus-xml` split from plexus-utils
maven-artifact-transfer:
- Added dependency on `plexus-xml` where relevant
- Removed unnecessary dependency on xmvn tools and parent pom
maven-assembly-plugin, maven-doxia, maven-doxia-sitetools, maven-install-plugin, maven-javadoc-plugin,
maven-plugin-testing, maven-resolver, maven:
- Added dependency on `plexus-xml` where relevant
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2086-1
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1188441
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
The following package changes have been done:
- libgcc_s1-13.3.0+git8781-150000.1.12.1 updated
- libstdc++6-13.3.0+git8781-150000.1.12.1 updated
- libopenssl1_1-1.1.1l-150500.17.31.1 updated
- libopenssl1_1-hmac-1.1.1l-150500.17.31.1 updated
- openssl-1_1-1.1.1l-150500.17.31.1 updated
- maven-resolver-api-1.9.18-150200.3.20.1 updated
- plexus-xml-3.0.0-150200.5.5.1 added
- maven-resolver-util-1.9.18-150200.3.20.1 updated
- maven-resolver-spi-1.9.18-150200.3.20.1 updated
- maven-resolver-named-locks-1.9.18-150200.3.20.1 updated
- maven-resolver-transport-file-1.9.18-150200.3.20.1 updated
- maven-resolver-connector-basic-1.9.18-150200.3.20.1 updated
- maven-resolver-transport-wagon-1.9.18-150200.3.20.1 updated
- maven-resolver-impl-1.9.18-150200.3.20.1 updated
- maven-resolver-transport-http-1.9.18-150200.3.20.1 updated
- maven-lib-3.9.6-150200.4.24.2 updated
- maven-3.9.6-150200.4.24.2 updated
- container:bci-openjdk-17-15.5.17-23.2 updated
More information about the sle-container-updates
mailing list