SUSE-CU-2024:5741-1: Security update of bci/openjdk-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Nov 19 08:31:45 UTC 2024
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5741-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-30.15 , bci/openjdk-devel:latest
Container Release : 30.15
Severity : moderate
Type : security
References : 1177488 CVE-2020-13956
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4036-1
Released: Mon Nov 18 16:23:56 2024
Summary: Security update for httpcomponents-client, httpcomponents-core
Type: security
Severity: moderate
References: 1177488,CVE-2020-13956
This update for httpcomponents-client, httpcomponents-core fixes the following issues:
httpcomponents-client:
- Update to version 4.5.14
* HTTPCLIENT-2206: Corrected resource de-allocation by fluent
response objects.
* HTTPCLIENT-2174: URIBuilder to return a new empty list instead
of unmodifiable Collections#emptyList.
* Don't retry requests in case of NoRouteToHostException.
* HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
of requests with form url-encoded body.
* PR #269: 4.5.x use array fill and more.
+ Use Arrays.fill().
+ Remove redundant modifiers.
+ Use Collections.addAll() and Collection.addAll() APIs instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
+ Use a 'L' instead of 'l' to make long literals more readable.
* PublicSuffixListParser.parseByType(Reader) allocates but does
not use a 256 char StringBuilder.
* Incorrect handling of malformed authority component by
URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
* Avoid updating Content-Length header in a 304 response.
* Bug fix: BasicExpiresHandler is annotated as immutable but is
not (#239)
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
httpcomponents-core:
- Upgraded to version 4.4.14
* PR #231: 4.4.x Use better map apis and more.
+ Remove redundant modifiers.
+ Use Collections.addAll() API instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
* Bug fix: Non-blocking TLSv1.3 connections can end up in an
infinite event spin when closed concurrently by the local and
the remote endpoints.
* HTTPCORE-647: Non-blocking connection terminated due to
'java.io.IOException: Broken pipe' can enter an infinite loop
flushing buffered output data.
* PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
that can cause internal state corruption when persistent
connections are manually removed from the pool.
The following package changes have been done:
- httpcomponents-core-4.4.14-150200.3.9.1 updated
- httpcomponents-client-4.5.14-150200.3.9.1 updated
More information about the sle-container-updates
mailing list