SUSE-CU-2025:97-1: Security update of suse/manager/5.0/x86_64/server
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jan 7 08:19:43 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:97-1
Container Tags : suse/manager/5.0/x86_64/server:5.0.2 , suse/manager/5.0/x86_64/server:5.0.2.7.10.2 , suse/manager/5.0/x86_64/server:latest
Container Release : 7.10.2
Severity : critical
Type : security
References : 1177488 1203617 1219340 1219724 1225451 1227261 1229010 1229072
1229128 1229238 1229449 1229684 1230423 1230798 1230951 1231048
1231347 1231373 1231414 1231428 1231463 1231463 1231604 1231771
1231795 1232030 1232573 1232579 1232844 1233014 1233085 1233151
1233282 1233307 1233323 1233325 1233326 1233327 1233420 1233434
1233699 1233774 1234068 1234749 15280 15590 15624 15696 15699
15700 CVE-2020-13956 CVE-2024-10976 CVE-2024-10977 CVE-2024-10978
CVE-2024-10979 CVE-2024-11053 CVE-2024-11168 CVE-2024-24806 CVE-2024-28168
CVE-2024-43374 CVE-2024-47072 CVE-2024-47814 CVE-2024-50602 CVE-2024-52316
CVE-2024-52533 CVE-2024-52616
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4036-1
Released: Mon Nov 18 16:23:56 2024
Summary: Security update for httpcomponents-client, httpcomponents-core
Type: security
Severity: moderate
References: 1177488,CVE-2020-13956
This update for httpcomponents-client, httpcomponents-core fixes the following issues:
httpcomponents-client:
- Update to version 4.5.14
* HTTPCLIENT-2206: Corrected resource de-allocation by fluent
response objects.
* HTTPCLIENT-2174: URIBuilder to return a new empty list instead
of unmodifiable Collections#emptyList.
* Don't retry requests in case of NoRouteToHostException.
* HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
of requests with form url-encoded body.
* PR #269: 4.5.x use array fill and more.
+ Use Arrays.fill().
+ Remove redundant modifiers.
+ Use Collections.addAll() and Collection.addAll() APIs instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
+ Use a 'L' instead of 'l' to make long literals more readable.
* PublicSuffixListParser.parseByType(Reader) allocates but does
not use a 256 char StringBuilder.
* Incorrect handling of malformed authority component by
URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
* Avoid updating Content-Length header in a 304 response.
* Bug fix: BasicExpiresHandler is annotated as immutable but is
not (#239)
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
httpcomponents-core:
- Upgraded to version 4.4.14
* PR #231: 4.4.x Use better map apis and more.
+ Remove redundant modifiers.
+ Use Collections.addAll() API instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
* Bug fix: Non-blocking TLSv1.3 connections can end up in an
infinite event spin when closed concurrently by the local and
the remote endpoints.
* HTTPCORE-647: Non-blocking connection terminated due to
'java.io.IOException: Broken pipe' can enter an infinite loop
flushing buffered output data.
* PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
that can cause internal state corruption when persistent
connections are manually removed from the pool.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4037-1
Released: Tue Nov 19 09:48:41 2024
Summary: Security update for bea-stax, xstream
Type: security
Severity: important
References: 1233085,CVE-2024-47072
This update for bea-stax, xstream fixes the following issues:
- CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released: Mon Nov 25 08:28:17 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update to v0.389:
* Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released: Mon Nov 25 08:33:05 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issue:
- Updated patterns-base, removing plymouth recommendation on s390x archs.
Our certification team run into an issue (jsc#PED-10532), when they
run bare metal installation with fully encrypted disk.
If the whole disk is crypted, the prompt for the password is sent to
plymouth, which is obviously showing nothing because for booting bare
metal (LPAR) is used terminal in HMC.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4054-1
Released: Tue Nov 26 06:05:40 2024
Summary: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop
Type: security
Severity: moderate
References: 1231347,1231428,CVE-2024-28168
This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues:
xmlgraphics-fop was updated from version 2.8 to 2.10:
- Security issues fixed:
* CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428)
- Upstream changes and bugs fixed:
* Version 2.10:
+ footnote-body ignores rl-tb writing mode
+ SVG tspan content is displayed out of place
+ Added new schema to handle pdf/a and pdfa/ua
+ Correct fop version at runtime
+ NoSuchElementException when using font with no family name
+ Resolve classpath for binary distribution
+ Switch to spotbugs
+ Set an automatic module name
+ Rename packages to avoid conflicts with modules
+ Resize table only for multicolumn page
+ Missing jars in servlet
+ Optimise performance of PNG with alpha using raw loader
+ basic-link not navigating to corresponding footnote
+ Added option to sign PDF
+ Added secure processing for XSL input
+ Allow sections which need security permissions to be run when AllPermission denied in caller code
+ Remove unused PDFStructElem
+ Remove space generated by fo:wrapper
+ Reset content length for table changing ipd
+ Added alt text to PDF signature
+ Allow change of resource level for SVG in AFP
+ Exclude shape not in clipping path for AFP
+ Only support 1 column for redo of layout without page pos only
+ Switch to Jakarta servlet API
+ NPE when list item is split alongside an ipd change
+ Added mandatory MODCA triplet to AFP
+ Redo layout for multipage columns
+ Added image mask option for AFP
+ Skip written block ipds inside float
+ Allow curly braces for src url
+ Missing content for last page with change ipd
+ Added warning when different pdf languages are used
+ Only restart line manager when there is a linebreak for blocklayout
* Version 2.9:
+ Values in PDF Number Trees must be indirect references
+ Do not delete files on syntax errors using command line
+ Surrogate pair edge-case causes Exception
+ Reset character spacing
+ SVG text containing certain glyphs isn't rendered
+ Remove duplicate classes from maven classpath
+ Allow use of page position only on redo of layout
+ Failure to render multi-block itemBody alongside float
+ Update to PDFBox 2.0.27
+ NPE if link destination is missing with accessibility
+ Make property cache thread safe
+ Font size was rounded to 0 for AFP TTF
+ Cannot process a SVG using mvn jars
+ Remove serializer jar
+ Allow creating a PDF 2.0 document
+ Text missing after page break inside table inline
+ IllegalArgumentException for list in a table
+ Table width may be too wide when layout width changes
+ NPE when using broken link and PDF 1.5
+ Allow XMP at PDF page level
+ Symbol font was not being mapped to unicode
+ Correct font differences table for Chrome
+ Link against Java 8 API
+ Added support for font-selection-strategy=character-by-character
+ Merge form fields in external PDFs
+ Fixed test for Java 11
xmlgraphics-batik was updated from version 1.17 to 1.18:
- PNG transcoder references nonexistent class
- Set offset to 0 if missing in stop tag
- Validate throws NPE
- Fixed missing arabic characters
- Animated rotate tranform ignores y-origin at exactly 270 degrees
- Set an automatic module name
- Ignore inkscape properties
- Switch to spotbugs
- Allow source and target resolution configuration
xmlgraphics-commons was updated from version 2.8 to 2.10:
- Fixed test for Java 11
- Allow XMP at PDF page level
- Allow source resolution configuration
- Added new schema to handle pdf/a and pdfa/ua
- Set an automatic module name
- Switch to spotbugs
- Do not use a singleton for ImageImplRegistry
javapackages-tools was updated from version 6.3.0 to 6.3.4:
- Version 6.3.4:
* A corner case when which is not present
* Remove dependency on which
* Simplify after the which -> type -p change
* jpackage_script: Remove pointless assignment when %java_home is unset
* Don't export JAVA_HOME (bsc#1231347)
- Version 6.3.2:
* Search for JAVACMD under JAVA_HOME only if it's set
* Obsolete set_jvm and set_jvm_dirs functions
* Drop unneeded _set_java_home function
* Remove JAVA_HOME check from check_java_env function
* Bump codecov/codecov-action from 2.0.2 to 4.6.0
* Bump actions/setup-python from 4 to 5
* Bump actions/checkout from 2 to 4
* Added custom dependabot config
* Remove the test for JAVA_HOME and error if it is not set
* java-functions: Remove unneeded local variables
* Fixed build status shield
- Version 6.3.1:
* Allow missing components with abs2rel
* Fixed tests with python 3.4
* Sync spec file from Fedora
* Drop default JRE/JDK
* Fixed the use of java-functions in scripts
* Test that we don't bomb on <relativePath/>
* Test variable expansion in artifactId
* Interpolate properties also in the current artifact
* Rewrite abs2rel in shell
* Use asciidoctor instead of asciidoc
* Fixed incompatibility with RPM 4.20
* Reproducible exclusions order in maven metadata
* Do not bomb on <relativePath/> construct
* Make maven_depmap order of aliases reproducible
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4055-1
Released: Tue Nov 26 06:25:26 2024
Summary: Recommended update for Jackson
Type: recommended
Severity: moderate
References:
This update for Jackson fixes the following issues:
jackson-annotations was updated from version 2.16.1 to 2.17.3:
- Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for use on constructor parameters)
- Build the module-info.java source too (with release=9)
jackson-bom was updated from version 2.16.1 to 2.17.3:
- Added `jackson-jr-extension-javatime`
- Added managed dependency to JUnit5
- Removed unused JUnit5 dependency
jackson-core, jackson-databind, jackson-dataformats-binary were updated from version 2.16.1 to 2.17.3:
- Various minor bugs have been fixed
jackson-modules-base was updated from version 2.16.1 to 2.17.3:
- Version update with no changes
jackson-parent was updated from version 2.16 to 2.17:
- Update to oss-parent 58 (plugin version updates)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4056-1
Released: Tue Nov 26 06:38:34 2024
Summary: Recommended update for apache2
Type: recommended
Severity: moderate
References: 1227261
This update for apache2 fixes the following issues:
- Fixed the installation location (bsc#1227261)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4059-1
Released: Tue Nov 26 08:19:49 2024
Summary: Recommended update for httpcomponents-asyncclient
Type: recommended
Severity: moderate
References:
This update for httpcomponents-asyncclient fixes the following issues:
- Fixed build issues with javapackages-tools
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4063-1
Released: Tue Nov 26 10:16:06 2024
Summary: Security update for postgresql, postgresql16, postgresql17
Type: security
Severity: important
References: 1219340,1230423,1233323,1233325,1233326,1233327,CVE-2024-10976,CVE-2024-10977,CVE-2024-10978,CVE-2024-10979
This update for postgresql, postgresql16, postgresql17 fixes the following issues:
This update ships postgresql17 , and fixes security issues with postgresql16:
- bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.
- bsc#1219340: The last fix was not correct. Improve it by removing
the dependency again and call fillup only if it is installed.
postgresql16 was updated to 16.6:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* https://www.postgresql.org/docs/release/16.6/
postgresql16 was updated to 16.5:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/16.5/
- Don't build the libs and mini flavor anymore to hand over to
PostgreSQL 17.
* https://www.postgresql.org/about/news/p-2910/
postgresql17 is shipped in version 17.2:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/17.1/
* https://www.postgresql.org/docs/release/17.2/
Upgrade to 17.2:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
Upgrade to 17.0:
* New memory management system for VACUUM, which reduces memory
consumption and can improve overall vacuuming performance.
* New SQL/JSON capabilities, including constructors, identity
functions, and the JSON_TABLE() function, which converts JSON
data into a table representation.
* Various query performance improvements, including for
sequential reads using streaming I/O, write throughput under
high concurrency, and searches over multiple values in a btree
index.
* Logical replication enhancements, including:
+ Failover control
+ pg_createsubscriber, a utility that creates logical replicas
from physical standbys
+ pg_upgrade now preserves replication slots on both publishers
and subscribers
* New client-side connection option, sslnegotiation=direct, that
performs a direct TLS handshake to avoid a round-trip
negotiation.
* pg_basebackup now supports incremental backup.
* COPY adds a new option, ON_ERROR ignore, that allows a copy
operation to continue in the event of an error.
* https://www.postgresql.org/about/news/p-2936/
* https://www.postgresql.org/docs/17/release-17.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4067-1
Released: Tue Nov 26 11:33:47 2024
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1229010,1229072,1229449
This update for openssh fixes the following issues:
- Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449)
- Fixed RFC4256 implementation so that keyboard-interactive authentication method can send
instructions and sshd shows them to users even before a prompt
is requested. This fixes MFA push notifications (bsc#1229010).
- Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call.
- Fixed a small memory leak when parsing the subsystem configuration option.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4106-1
Released: Thu Nov 28 16:10:20 2024
Summary: Security update for tomcat
Type: security
Severity: critical
References: 1233434,CVE-2024-52316
This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.97
* Fixed CVEs:
+ CVE-2024-52316: If the Jakarta Authentication fails with an exception,
set a 500 status (bsc#1233434)
* Catalina
+ Add: Add support for the new Servlet API method
HttpServletResponse.sendEarlyHints(). (markt)
+ Add: 55470: Add debug logging that reports the class path when a
ClassNotFoundException occurs in the digester or the web application
class loader. Based on a patch by Ralf Hauser. (markt)
+ Update: 69374: Properly separate between table header and body in
DefaultServlet's listing. (michaelo)
+ Update: 69373: Make DefaultServlet's HTML listing file last modified
rendering better (flexible). (michaelo)
+ Update: Improve HTML output of DefaultServlet. (michaelo)
+ Code: Refactor RateLimitFilter to use FilterBase as the base class. The
primary advantage for doing this is less code to process init-param
values. (markt)
+ Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
(michaelo)
+ Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped
requests. (remm)
+ Fix: Add missing WebDAV Lock-Token header in the response when locking
a folder. (remm)
+ Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
+ Fix: Fix regression in WebDAV when attempting to unlock a collection.
(remm)
+ Fix: Verify that destination is not locked for a WebDAV copy operation.
(remm)
+ Fix: Send 415 response to WebDAV MKCOL operations that include a
request body since this is optional and unsupported. (remm)
+ Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
+ Fix: Do not allow a new WebDAV lock on a child resource if a parent
collection is locked (RFC 4918 section 6.1). (remm)
+ Fix: WebDAV Delete should remove any existing lock on successfully
deleted resources. (remm)
+ Update: Remove WebDAV lock null support in accordance with RFC 4918
section 7.3 and annex D. Instead, a lock on a non-existing resource
will create an empty file locked with a regular lock. (remm)
+ Update: Rewrite implementation of WebDAV shared locks to comply with
RFC 4918. (remm)
+ Update: Implement WebDAV If header using code from the Apache Jackrabbit
project. (remm)
+ Add: Add PropertyStore interface in the WebDAV Servlet, to allow
implementation of dead properties storage. The store used can be
configured using the 'propertyStore' init parameter of the WebDAV
servlet. A simple non-persistent implementation is used if no custom
store is configured. (remm)
+ Update: Implement WebDAV PROPPATCH method using the newly added
PropertyStore. (remm)
+ Fix: Cache not found results when searching for web application class
loader resources. This addresses performance problems caused by
components such as java.sql.DriverManager which, in some circumstances,
will search for the same class repeatedly. In a large web application
this can cause performance problems. The size of the cache can be
controlled via the new notFoundClassResourceCacheSize on the
StandardContext. (markt)
+ Fix: Stop after INITIALIZED state should be a noop since it is possible
for subcomponents to be in FAILED after init. (remm)
+ Fix: Fix incorrect web resource cache size calculations when there are
concurrent PUT and DELETE requests for the same resource. (markt)
+ Add: Add debug logging for the web resource cache so the current size
can be tracked as resources are added and removed. (markt)
+ Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
with urn:uuid: as recommended by RFC 4918, and remove secret init
parameter. (remm)
+ Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
same path caused corruption of the FileResource where some of the
fields were set as if the file exists and some as set as if it does
not. This resulted in inconsistent metadata. (markt)
+ Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
GET and HEAD requests. Also skip requests where the application has set
Cache-Control: no-store. (markt)
+ Fix: 69419: Improve the performance of ServletRequest.getAttribute()
when there are multiple levels of nested includes. Based on a patch
provided by John Engebretson. (markt)
+ Add: All applications to send an early hints informational response by
calling HttpServletResponse.sendError() with a status code of 103.
(schultz)
+ Fix: Ensure that the Jakarta Authentication CallbackHandler only
creates one GenericPrincipal in the Subject. (markt)
+ Fix: If the Jakarta Authentication process fails with an Exception,
explicitly set the HTTP response status to 500 as the ServerAuthContext
may not have set it. (markt)
+ Fix: When persisting the Jakarta Authentication provider configuration,
create any necessary parent directories that don't already exist.
(markt)
+ Fix: Correct the logic used to detect errors when deleting temporary
files associated with persisting the Jakarta Authentication provider
configuration. (markt)
+ Fix: When processing Jakarta Authentication callbacks, don't overwrite
a Principal obtained from the PasswordValidationCallback with null if
the CallerPrincipalCallback does not provide a Principal. (markt)
+ Fix: Avoid store config backup loss when storing one configuration more
than once per second. (remm)
+ Fix: 69359: WebdavServlet duplicates getRelativePath() method from
super class with incorrect Javadoc. (michaelo)
+ Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
DefaultServlet. (michaelo)
+ Fix: Make WebdavServlet properly return the Allow header when deletion
of a resource is not allowed. (michaelo)
+ Fix: Add log warning if non wildcard mappings are used with the
WebdavServlet. (remm)
+ Fix: 69361: Ensure that the order of entries in a multi-status response
to a WebDAV is consistent with the order in which resources were
processed. (markt)
+ Fix: 69362: Provide a better multi-status response when deleting a
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
+ Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
ensure that the correct path is used when the WebDAV servlet is mounted
at a sub-path within the web application. (markt)
+ Fix: Improve performance of ApplicationHttpRequest.parseParameters().
Based on sample code and test cases provided by John Engebretson.
(markt)
+ Add: Add support for RFC 8297 (Early Hints). Applications can use
this feature by casting the HttpServletResponse to
org.apache.catalina.connector.Reponse and then calling the method
void sendEarlyHints(). This method will be added to the Servlet API
(removing the need for the cast) in Servlet 6.2 onwards. (markt)
+ Fix: 69214: Do not reject a CORS request that uses POST but does not
include a content-type header. Tomcat now correctly processes this as
a simple CORS request. Based on a patch suggested by thebluemountain.
(markt)
+ Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather
than Subject.doAs() when available. (markt)
* Coyote
+ Fix: Return null SSL session id on zero length byte array returned from
the SSL implementation. (remm)
+ Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ Fix: Create the HttpParser in Http11Processor if it is not present on
the AbstractHttp11Protocol to provide better lifecycle robustness for
regular HTTP/1.1. The new behavior was introduced on a previous
refactoring to improve HTTP/2 performance. (remm)
+ Fix: OpenSSLContext will now throw a KeyManagementException if something
is known to have gone wrong in the init method, which is the behavior
documented by javax.net.ssl.SSLContext.init. This makes error handling
more consistent. (remm)
+ Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
generate Date headers for HTTP responses) generates the correct string
for the given input. Prior to this change, the output may have been
wrong by one second in some cases. Pull request #751 provided by Chenjp.
(markt)
+ Add: Add server and serverRemoveAppProvidedValues to the list of
attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector
it is nested within. (markt)
+ Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
destroying SSLContext objects through GC after APR has been terminated.
(remm)
+ Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer
fields no longer need to be received before the headers of the
subsequent stream nor are trailer fields for an in-progress stream
swallowed if the Connector is paused before the trailer fields are
received. (markt)
+ Fix: Ensure the request and response are not recycled too soon for an
HTTP/2 stream when a stream level error is detected during the processing
of incoming HTTP/2 frames. This could lead to incorrect processing times
appearing in the access log. (markt)
+ Fix: Fix 69320, a regression in the fix for 69302 that meant the
HTTP/2 processing was likely to be broken for all clients once any
client sent an HTTP/2 reset frame. (markt)
+ Fix: Correct a regression in the fix for non-blocking reads of chunked
request bodies that caused InputStream.available() to return a non-zero
value when there was no data to read. In some circumstances this could
cause a blocking read to block waiting for more data rather than return
the data it had already received. (markt)
+ Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
The default behaviour is unchanged. (markt)
+ Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
one from the client when using the OpenSSLImplementation. (markt)
+ Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
response headers to the access log. Based on a patch and test case
provided by hypnoce. (markt)
+ Fix: 69302: If an HTTP/2 client resets a stream before the request body is
fully written, ensure that any ReadListener is notified via a call to
ReadListener.onErrror(). (markt)
+ Fix: Correct regressions in the refactoring that added recycling of the
coyote request and response to the HTTP/2 processing. (markt)
+ Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
OpenSSL support may be enabled by adding the
org.apache.catalina.core.OpenSSLLifecycleListener listener on the
Server element when using Java 22 or later. (remm)
+ Fix: Ensure that HTTP/2 stream input buffers are only created when there
is a request body to be read. (markt)
+ Code: Refactor creation of HttpParser instances from the Processor level
to the Protocol level since the parser configuration depends on the
protocol and the parser is, otherwise, stateless. (markt)
+ Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal
request and response processing objects by default. This behaviour can
be controlled via the new discardRequestsAndResponses attribute on the
HTTP/2 upgrade protocol. (markt)
* Jasper
+ Fix: Add back tag release method as deprecated in the runtime for
compatibility with old generated code. (remm)
+ Fix: 69399: Fix regression caused by the improvement 69333 which caused
the tag release to be called when using tag pooling, and to be skipped
when not using it. Patch submitted by Michal Sobkiewicz. (remm)
+ Fix: 69381: Improve method lookup performance in expression language.
When the required method has no arguments there is no need to consider
casting or coercion and the method lookup process can be simplified.
Based on pull request #770 by John Engebretson.
+ Fix: 69382: Improve the performance of the JSP include action by
re-using results of relatively expensive method calls in the generated
code rather than repeating them. Patch provided by John Engebretson.
(markt)
+ Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
Based on a suggestion by John Engebretson. (markt)
+ Fix: 69406: When using StringInterpreterEnum, do not throw an
IllegalArgumentException when an invalid Enum is encountered. Instead,
resolve the value at runtime. Patch provided by John Engebretson.
(markt)
+ Fix: 69429: Optimise EL evaluation of method parameters for methods
that do not accept any parameters. Patch provided by John Engebretson.
(markt)
+ Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
+ Fix: 69338: Improve the performance of processing expressions that
include AND or OR operations with more than two operands and expressions
that use not empty. (markt)
+ Fix: 69348: Reduce memory consumption in ELContext by using lazy
initialization for the data structure used to track lambda arguments.
(markt)
+ Fix: Switch the TldScanner back to logging detailed scan results at debug
level rather than trace level. (markt)
* Web applications
+ Fix: The manager webapp will now be able to access certificates again
when OpenSSL is used. (remm)
+ Fix: Documentation. Align the logging configuration documentation with
the current defaults. (markt)
* WebSocket
+ Fix: If a blocking message write exceeds the timeout, don't attempt the
write again before throwing the exception. (markt)
+ Fix: An EncodeException being thrown during a message write should not
automatically cause the connection to close. The application should
handle the exception and make the decision whether or not to close the
connection. (markt)
* jdbc-pool
+ Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
rather than the application seeing the original SQLException. Fixed by
pull request #744 provided by Michael Clarke. (markt)
+ Fix: 69279: Correct a regression in the fix for 69206 that meant that
methods that previously returned a null ResultSet were returning a proxy
with a null delegate. Fixed by pull request #745 provided by Huub de Beer.
(markt)
+ Fix: 69206: Ensure statements returned from Statement methods
executeQuery(), getResultSet() and getGeneratedKeys() are correctly
wrapped before being returned to the caller. Based on pull request
#742 provided by Michael Clarke.
* Other
+ Update: Switch from DigiCert ONE to ssl.com eSigner for code signing.
(markt)
+ Update: Update Byte Buddy to 1.15.10. (markt)
+ Update: Update CheckStyle to 10.20.0. (markt)
+ Add: Improvements to German translations. (remm)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by Ch_jp. (markt)
+ Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default.
(markt)
+ Fix: Change the default log handler level to ALL so log messages are
not dropped by default if a logger is configured to use trace (FINEST)
level logging. (markt)
+ Update: Update Hamcrest to 3.0. (markt)
+ Update: Update EasyMock to 5.4.0. (markt)
+ Update: Update Byte Buddy to 1.15.0. (markt)
+ Update: Update CheckStyle to 10.18.0. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.10.0.
(markt)
+ Add: Improvements to Spanish translations by Fernando. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Fix packaging regression with missing osgi information following
addition of the test-only build target. (remm)
+ Update: Update Tomcat Native to 1.3.1. (markt)
+ Update: Update Byte Buddy to 1.14.18. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4109-1
Released: Thu Nov 28 17:15:36 2024
Summary: Security update for libuv
Type: security
Severity: moderate
References: 1219724,CVE-2024-24806
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4112-1
Released: Fri Nov 29 09:49:59 2024
Summary: Recommended update for sssd
Type: recommended
Severity: moderate
References: 1229128,1230798
This update for sssd fixes the following issues:
- Fix sss_analyze python shebang (bsc#1230798)
- Reschedule periodic tasks if clock shift is detected (bsc#1229128)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4171-1
Released: Wed Dec 4 15:25:41 2024
Summary: Recommended update for ldb, samba
Type: recommended
Severity: moderate
References: 1229684,1231414,15280,15590,15624,15696,15699,15700
This update for ldb, samba fixes the following issues:
ldb:
- Update to 2.8.2
* libldb: fix performance issue with indexes (bso#15590)
samba:
- Update to 4.19.9
* DH reconnect error handling can lead to stale sharemode entries (bso#15624)
* Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated (bso#15699, bsc#1229684)
* irpc_destructor may crash during shutdown (bso#15280)
* Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for
all requests, confuses MacOSX clients (bso#15696)
* Crash when readlinkat fails (bso#15700)
- Adjust spec to split out rpcd_* binaries into a separate sub package
(bsc#1231414, jsc#PED-11015)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4196-1
Released: Thu Dec 5 13:56:06 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released: Thu Dec 5 14:48:33 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1225451
This update for libsolv, libzypp, zypper fixes the following issues:
- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released: Fri Dec 6 10:24:50 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1233699
This update for glibc fixes the following issue:
- Remove nss-systemd from default nsswitch.conf (bsc#1233699).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4244-1
Released: Fri Dec 6 14:04:39 2024
Summary: Recommended update for shared-mime-info
Type: recommended
Severity: moderate
References: 1231463
This update for shared-mime-info fixes the following issue:
- Uninstall silently if update-mime-database is not present (bsc#1231463).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released: Fri Dec 6 18:03:05 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
Security issues fixed:
- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).
Non-security issue fixed:
- Fix error when uninstalling packages (bsc#1231463).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4270-1
Released: Mon Dec 9 17:39:55 2024
Summary: Recommended update for net-snmp
Type: recommended
Severity: moderate
References: 1232030
This update for net-snmp fixes the following issue:
- logrotate should use reload instead of restart (bsc#1232030).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4280-1
Released: Tue Dec 10 16:59:46 2024
Summary: Recommended update for guava
Type: recommended
Severity: moderate
References:
This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues:
guava was updated from version 33.1.0 to 33.2.1:
- Added some artifact aliases
- Changed how internet addresses are handled to preserve more information. This might require code updates if you were
relying on the old behavior (consult the package changelog for more details).
- Fixed a compilation issue under Gradle.
- Fixed a potential crash when building ImmutableMap.
- Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC).
google-errorprone, checker-qual, j2objc-annotations:
- google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they
are required by this guava update
- google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS
products, as it's required by this guava update:
* Added new checks for common Java coding errors
* Improvement of existing checks
* Performance and infrastructure improvements
* Various bugs were fixed
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4289-1
Released: Wed Dec 11 10:47:31 2024
Summary: Recommended update for python-rpm-macros
Type: recommended
Severity: moderate
References: 1233151,1233774
This update for python-rpm-macros fixes the following issue:
- Update to version 20241120 (bsc#1233151)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4312-1
Released: Fri Dec 13 15:31:20 2024
Summary: Recommended update for fence-agents
Type: recommended
Severity: moderate
References:
This update for fence-agents fixes the following issue:
- eaton SSH Fence Agent (jsc#PED-11661)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4321-1
Released: Mon Dec 16 09:36:18 2024
Summary: Recommended update for firewalld
Type: recommended
Severity: important
References: 1231771
This update for firewalld fixes the following issues:
- Fix firewalld incorrectly applying oifname and daddr, resulting in incorrect rule generation and filtering (bsc#1231771)
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4323
Released: Mon Dec 16 12:13:41 2024
Summary: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy
Type: recommended
Severity: moderate
References: 1230951
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
release-notes-susemanager:
- Update to SUSE Manager 5.0.2.1
* The installation images for SUSE Manager have been updated
* Bugs mentioned:
bsc#1230951
release-notes-susemanager-proxy:
- Update to SUSE Manager 5.0.2.1
* The installation images for SUSE Manager have been updated
* Bugs mentioned:
bsc#1230951
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4375-1
Released: Wed Dec 18 15:11:45 2024
Summary: Recommended update for publicsuffix
Type: recommended
Severity: moderate
References:
This update for publicsuffix fixes the following issues:
- Update to version 20241202:
* remove `upli.io` (#2302)
* added o365 sub domain (#2291)
* tools/internal/parser: enforce suffix ordering in the ICANN section (#2295)
* chore: Fix Alphabetizing for the ICANN section (#2287)
* remove `mcpe.me` (#2294)
* util: gTLD data autopull updates for 2024-11-27T15:18:00 UTC (#2293)
* Update `.EG` Section (#2290)
* Adding RUB domain (#2292)
* Update `.TW` Section (#2289)
* Update `.CV` Section (#2286)
* Update company name and email address (#2285)
* Update `.GE` Section (#2283)
* Update `.BO` (#2276)
* Update `.DM` Block (#2277)
* Update `.MG` Section (#2274)
* chore: Update `.AF` Section link and sorting (#2279)
* chore: Update `.CW` Section comments (#2281)
* update `.tt` section (#2272)
* remove `betainabox.com` (#2259)
* Update `.AZ` comments and fix sorting (#2275)
* alphabetise `.tm` section + add confirmation comment (#2268)
* Update `.RE` Section (#2271)
* Update `.CO` Section (#2269)
* Update `.PL` comments and fix alphabetical sorting (#2270)
* Update `.SG` Section (#2273)
* Update 2nd levels for .JO (Jordan) section (#2264)
* remove `nom.ad` (#2263)
* Update .IS (#2266)
* Update .AU Section (#2267)
* Heyflow GmbHs domains heyflow.page and heyflow.site
* Adding LODMAN regional domains
* Master to main for the remote action in the website remote
* chore(pr_template): remove syntax check (#2252)
* Add pages-research.it.hs-heilbronn.de (#2253)
* Update deploy-site.yml
* remove `corpnet.work`, update contact info (#2247)
* add `co.bz` (#2249)
* move `wdh.app` to new section (#2246)
* remove `bci.dnstrace.pro` (#2245)
* remove `onred.one` (#2244)
* util: gTLD data autopull updates for 2024-10-31T15:17:41 UTC (#2242)
* Add home.arpa (#2220)
* Add `taveusercontent.com` (#2239)
* Add ip-ddns.com and ddns-ip.net (#2234)
* Add grafana-dev.net to public suffix list (#2188)
* chore: remove 2nd level comment for `.sk` (#2238)
* Remove `presse.ci` and `md.ci`, other ccTLD stubs not associated w respective registry (#2198)
* update `.io` section (#2236)
* Remove `gov.cu` (#2233)
* Remove Handshake suffixes (#2222)
* internal/parser: add PublicSuffix and RegisteredDomain methods to List (#2228)
* Add cloud-ip.biz and ip-dynamic.org for ClouDNS (#2202)
* Add co.ss (#2144)
* Add `org.ao`, `edu.ao`, `gov.ao` ccTLD (ICANN section) (#2145)
* util: gTLD data autopull updates for 2024-10-17T15:16:22 UTC (#2226)
* chore: update is-a.dev contact info (#2225)
* Remove bloxcms.com in public suffix list - no longer needed (#2224)
* Remove ddns5.com (#2221)
* Make TXT validation use local git history (#2217)
* Improve psltool PR check (#2218)
* Remove beta.tailscale.net (#2216)
* util: gTLD data autopull updates for 2024-10-15T15:17:29 UTC (#2219)
* Remove `museum.mw` (#2203)
* Update `.NA` entries (#2204)
* Remove `ne.pw` (#2200)
* Remove inactive or expired yombo domains (#2173)
* Remove old Python PR checker
* Add medusajs.app domain to public list (#2211)
* Remove Banzai Cloud (#2215)
* tools/internal/github: correctly handle github's mergeability updates (#2214)
* tools/internal/parser: check TXT records (#2213)
* remove `preview.wdh.app`, `t.hrsn.dev`, `t.hrsn.net` (#2208)
* Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors (#2201)
* remove `paris.eu.org` (#2147)
* remove `blogspot.mr` (#2100)
* Adding ArvanCloud arvanedge.ir Compute Domain to public suffix list (#2205)
* remove `q-a.eu.org` (#2146)
* AWS Submissions to the Public Suffix List - Q3 2024 (#2032)
* Remove `bounty-full.com` to rollback #104 (#2163)
* Add back `cnpy.gdn` to restore #633 (#2194)
* Remove `cnpy.gdn` to rollback #633 (#2174)
* Br 20240930 update (#2192)
* add mittwald product domains (#2171)
* util: gTLD data autopull updates for 2024-09-26T15:17:07 UTC (#2191)
* Remove `certmgr.org` to roll back #225 (#2164)
* Remove dyn53.io to rollback #820 (#2161)
* Remove `forte.id` to rollback #1081 (#2166)
* Remove `daplie.me` to rollback commit a4d8335 (#2162)
* remove exception in CI for duplicate sections (#2180)
* combine duplicate sections (#2168)
* tools/internal/domain: add functions to render a domain as punycode (#2179)
* tools/psltool: allow checking the PSL for an arbitrary commit on github (#2177)
* tools/internal/github: support loading PR diffs for merged PRs (#2176)
* tools/internal: wrap use of collators in mutexes (#2175)
* Add `hf.space` and `static.hf.space` to `public_suffix_list.dat` (#2157)
* Update `prvcy.page` contact email (#2182)
* Add shopware.shop to public suffix list (#2187)
* Remove domain:ktistory.com from PSL (#2181)
* rename `William Harrison` to `Harrison Network` (#2183)
* Remove *.sensiosite.cloud and *.s5y.io (#2167)
* Remove `mycd.eu` to rollback #233 (#2165)
* docs(pr_template): fix grammar error + small changes (#2169)
* add `hrsn.dev` (#2170)
* add `t.hrsn.dev` (#2155)
* docs(pr_template): various fixes and comment updates (#2156)
* util: gTLD data autopull updates for 2024-09-13T15:16:52 UTC (#2154)
* Apply formatting using `psltool fmt` (#2152)
* update contact for dweb.link and libp2p.direct (#2105)
* Automatically run psltool validate (#2151)
* Add v0.build and vusercontent.net (#2121)
* Cleanup (#2150)
* chore: remove 6 domains from Now-DNS section (#2113)
* Remove old Jelastic domains (from #1095) (#2148)
* Add `ctfcloud.net` domain (#2073)
* remove `mc.eu.org` (#2099)
* Add gob.cu nat.cu (#1695) (#2143)
* remove `dapps.earth` section (#2124)
* Remove `autocode.dev` (Rollback #1617) (#2141)
* remove `magnet.page` (#2142)
* Apply formatting using `psltool fmt` (#2140)
* Minor formatting fix (#2139)
* Add psltool fmt check for PRs (#2137)
* Replace Legacy Wikipedia URLs with IANA Page Links in ICANN Section Comments (#2135) (#2138)
* UPDATE HOSTBIP DOMAIN NAMES (2024) +biz.ng +plc.ng -edu.scot -sch.so (#2127)
* Adding oraclecloudapps.com from Oracle Autonomous Database (#2130)
* Remove flap.id (#2132)
* Remove discontinued CentralNic entries (#2136)
* Apply formatting using `psltool fmt` (#2134)
* Add new action to manually run formatter (#2133)
* add `nyat.app` (#2122)
* Remove `publishproxy.com` (#294) (#2131)
* Update public_suffix_list.dat (#2128)
* Remove `fireweb.app` (#2129)
* Update contact information for `nyc.mn` (#2125)
* Fix syntax inconsistency (#2126)
* add `preview.wdh.app` and `t.hrsn.net` (#2119)
* Move Domains Under OpenHost (#2115)
* util: gTLD data autopull updates for 2024-08-25T15:14:38 UTC (#2111)
* remove `bip.sh` (#2063)
* Add routingthecloud.com/.net/.org (#2107)
* remove Revitalised Limited section (#2101)
* chore: update contact info + revert wildcard change for `wdh.app` (#2108)
* remove `blogsite.xyz` (#2098)
* Add additional readthedocs domain: readthedocs-hosted.com (#2110)
* Add MathWorks domains (#1983)
* remove localzone.xyz (#2104)
* add `is-a-good.dev` (#2095)
* util: gTLD data autopull updates for 2024-08-12T15:17:08 UTC (#2103)
* merge `wdh.app` entries together using wildcard (#2094)
* add `is-a-fullstack.dev` under Open Domains (#2096)
* Fix newline handling of automatic ICANN updater (#2093)
* util: gTLD data autopull updates for 2024-08-10T15:15:39 UTC (#2097)
* Add IONOS product domains (#2083)
* add ggff.net and filegear-sg.me from l53.net (#2085)
* add `wdh.app` (#2067)
* add libp2p.direct (#2084)
* add sn.mynetname.net domain (#2090)
* Update public_suffix_list.dat (#2076)
* Run 'psltool fmt' to reformat PSL to canonical form (#2088)
* tools/psltool: support for analyzing a github PR (#2087)
* tools/internal/parser: add more offline, diff-aware validations (#2089)
* Add `mafelo.net` (#2082)
* remove `devcdnaccesso.com` (#2065)
* remove `t3l3p0rt.net` and `tele.amune.org` (#2066)
* remove `bitbridge.net` (#2064)
* remove static.land from public_suffix_list.dat (#2081)
* Remove wedeploy domains (#2077)
* update for .PK ccTLD (#2068)
* Remove `awsmppl.com` (expired domain) (#2070)
* update contact email for `is-a.dev` (#2074)
* remove old domains (#2058)
* Update README.md
* remove cloudcontrol.com (#2072)
* tools/internal/parser: add diff support (#2071)
* remove`graphox.us` (#2062)
* Remove `pagefrontapp.com` (expired domain) (#2059)
* tools/psltool: CLI for editing and validating PSL files (#2069)
* Remove `mozilla-iot.org` (#2050)
* Remove Shift Crypto AG (#2055)
* Remove `backplaneapp.io` to rollback #267 (expired domain) (#2060)
* remove `pcloud.host` (#2052)
* Remove `mintere.site` to rollback #993 (#2056)
* remove `cya.gg` (#2053)
* remove `nid.io` (#2054)
* remove Cyclic Software section (#2051)
* Remove `onflashdrive.app` (related to #1401) (#2048)
* Remove impertrix domains to rollback #1060 (#2047)
* Remove filegear regional domains (#2049)
* remove `c.la` (#2044)
- Update to version 20240722:
* PSL Private Section Domains WHOIS Checker (#2014)
* Add servebolt.cloud to PLS (#2026)
* Add `p.tawk.email` and `p.tawkto.email` domains (#2016)
* Remove domain no longer under Supabase control. (#2037)
* tools/internal/parser: implement automatic reformatting (#2036)
* util: gTLD data autopull updates for 2024-07-12T15:14:39 UTC (#2034)
* Add dhosting.pl Sp. z o.o. shared domains: dfirma.pl, dkonto.pl, you2.pl (#2024)
* tools/internal/parser: rework metadata extraction for more accurate reformatting (#2027)
* AWS Submissions to the Public Suffix List - Q2 2024 (#1954)
* aero: remove extra word between TLD name and URL (#2029)
* tools/internal/parser: rewrite parser to output a syntax tree (#2025)
* Add removal notice to PR template (#2023)
* remove Rakuten Games, Inc related entries (#2022)
* add `hatenablog.com` etc (#1948)
* Add cyber_Folks S.A. shared domain - cfolks.pl (#2017)
* tools/internal/parser: minor parser cleanups (#2021)
* Add Craft Docs Domain (#2006)
* util: gTLD data autopull updates for 2024-06-29T15:13:33 UTC (#2020)
* Merge WebPros domains in the same section (#2013)
* Add `durumis.com` (#1978)
* tools/internal/parser: validate the sort order of the private section (#2012)
* Update comments on aland.fi (#2019)
* Remove instantcloud.cn (#2015)
* tools/internal/parser: detect and report section markers within suffix blocks (#2011)
* tools/internal/parser: remove workarounds for fixed PSL blocks (#2010)
* Add Raidboxes GmbH to the list (#2004)
* Add missing URL schemes to URLs (#2008)
* Add closing chevron to contact email address. (#2007)
* tool/internal/parser: sanitize input to clean, valid UTF-8 (#2005)
* Add `obl.ong` (#1830)
* Salesforce crm dev (#1941)
* Add wpsquared.site and wp2.host to private section (#1957) (#1957)
* Add netfy.app (#1991)
* Remove expired domains: `ro.im`, `cn.vu` (#2003)
* tools/internal/parser: refactor to separate text processing from parser main logic (#1999)
* Replace unicode fullwidth colon with a regular ascii colon. (#2001)
* Add missing spaces after '//' on prequalifyme.today block (#2000)
* Add `as.sh.cn` (#1992)
* tools: add a validating parser for PSL files (#1987)
* Clarify request to list third-party limits in PR template
* util: gTLD data autopull updates for 2024-06-13T15:15:16 UTC (#1994)
* Reattach of.by to the Belarus ccTLD block (#1995)
* add madethis.site (#1979)
* mytuleap.com, tuleap-partners.com: update contact information (#1845)
* Add Strapi domains (#1982)
* Add relay.evervault.app and relay.evervault.dev (#1959)
* add .ind.mom (#1984)
* Add 6 new domains to Lukanet Ltd Private domains (#1977)
* Add heiyu.space (#1980)
- Update to version 20240603:
* Add Cloudflare CNAME setup domains (#1963)
* util: gTLD data autopull updates for 2024-05-31T15:16:08 UTC (#1988)
* Add `hypernode.io` domain (#1970)
* Add `wixstudio.com` (#1971)
* Fix set union (#1986)
* Bump dnspython from 2.5.0 to 2.6.1 in /tools/pr_checker (#1985)
* Add Github workflow to check _psl DNS entries on PRs (#1933)
* Clean up list to fix rule sorting within orgs (#1968)
- Update to version 20240513:
* Add Expo domains (#1975)
* Add `*.hosted.app` (#1947)
* Add Clever Cloud's domains for customers (#1974)
* Add web.val.run and express.val.run to PSL (#1964)
* add notion site to etld (#1958)
* Add `box.ca` (Whatbox) (#1950)
* Add observablehq.cloud (#1934)
* Add 'zeabur.app' (#1865)
* Add `sheezy.games` (#1945)
* util: gTLD data autopull updates for 2024-05-04T15:12:50 UTC (#1973)
* Create a Security Policy (#1856)
* Add examples of limitations to PR template (#1929)
* Update `prvcy.page` (#1859)
* Remove Lightmaker Property Manager, Inc. domain (#1820)
* Adding regional domain bielsko.pl (#1749)
* add xmit.dev (#1972)
* Remove `ghost.io` (#1969)
* Add aaa.vodka (#1795)
* Add ngo.us for the NGO.US Registry (#1821)
* AWS Submissions to the Public Suffix List - Q1 2024 (#1919)
* Add shop.brendly.hr (#1762)
- Update to version 20240419:
* add qnap entries to existing section (`myqnapcloud.cn` , `mycloudnas.com`, `mynascloud.com`) (#1837)
* Update public_suffix_list.dat (#1966)
* drop old domains (#1960)
* Jouwweb public suffixes (#1935)
* Add `us.kg` (#1755)
* Replacement for PR #1741 (#1962)
* Add `rt.ht` (#1860)
* Add cloudscale.ch domains (#1589)
- Update to version 20240410:
* Removing `ravendb.me` (#1841)
* Updating psl: Adding myfritz.link (follow up PR#77) (#1761)
* Add `framer.ai` (#1831)
* chore: add `is-a.dev` (#1949)
* Add StackBlitz (#1939)
* Add `unison-services.cloud` (#1839)
* Add `is-cool.dev`, `is-local.org`, `is-not-a.dev` and `localplayer.dev` (#1672)
* Add grayjayleagues.com (#1742)
* Add `runcontainers.dev` for Libre IT Ltd (#1783)
* Add `heliohost.us`, `helioho.st`(#1825)
* Remove `123sait.ru` (#1844)
* Add MyDNS.JP Dynamic DNS Service (#1937)
* add `scrypted.io` (#1826)
* Add `darklang.io` (#1880)
* Update `cloudns.net` dynamic dns domains listing (#1593)
* Add wildcard to `snowflake.app` and `privatelink.snowflake.app` (#1743)
* Add `preview.csb.app` and `csb.app` (#1648)
* Add `nimsite.uk` (#1797)
* add getlocalcert.net domains (#1798)
* Add wadl.top (#1924)
* ADD: `can.re` (#1651)
* Add cdn77-storage.com and rsc.contentproxy9.cz (#1882)
* add `srv.us`, `xmit.co`
* Add at.emf.camp (#1955)
* util: gTLD data autopull updates for 2024-03-28T15:13:37 UTC (#1952)
- Update to version 20240326:
* Add `*.ir.md` (#1625)
* Update name for info.cx (#1616)
* add `nftstorage.link` (#1548)
* GD - graphic.design (#1940)
* Removing wildcard for cloudapp.azure.com (#1944)
- Update to version 20240306:
* util: gTLD data autopull updates for 2024-03-06T15:14:58 UTC (#1943)
- Update to version 20240303:
* add `*.my.canvasite.cn` and `*.my.canva.site` (#1739)
* Add on.crisp.email (Crisp IM SAS) (#1904)
* add `ngrok.pro` (#1895)
* Add adaptable.app domain (#1824)
* Add STACKIT free customer subdomains (#1785)
* Add `modx.dev` (#1804)
* Add `ewp.live` (EasyWP) (#1773)
* Add convex.site (#1767)
* Add `involve.me` user domains (#1731)
* Add `replit.app` and `replit.dev` (#1679)
* Add f5.si (#1664)
* Add *.c.ts.net. (#1618)
* Add `webflow.io` and `webflowtest.io` (#1722)
* Add 3 Streak domains (#1720)
* add myradweb.net and servername.us to Rad Web Hosting (#1760)
- Update to version 20240212:
* Add cprapid.com suffix to private section (#1892)
* util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932)
* Added Cyclic Software (#1737)
* Update public_suffix_list.dat for scw.cloud subdomains (#1740)
* Update public_suffix_list.dat (#1926)
* Add ZAP-Hosting cloud domain (#1907)
* Add `flutterflow.app` (#1666)
* Update public_suffix_list.dat (#1614)
* Brave Submissions to the Public Suffix List - Q4 2023 (#1872)
* Add pley.games (#1881)
* Add panel.dev (#1916)
* add 12CHARS to private domains (#1915)
* Azure updates for Microsoft Corporate Domains (#1891)
* Remove blog.kg from private section (#1840)
* AWS Submissions to the Public Suffix List - Q4 2023 (#1876)
* Homebase requested the addition of id.pub kin.one kin.pub (#1768)
* Replace run.app and a.run.app with *.run.app (#1928)
* Add pages.gay (#1920)
* Update Platform.sh domains (#1792)
* fix(adobe): add aem.live and aem.page domains (#1874)
* Update code builder domains with the canary (#1802)
* Add atmeta.com to PSL and consolidate Meta entries (#1736)
* util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923)
- Update to version 20240123:
* util: gTLD data autopull updates for 2024-01-23T15:14:10 UTC (#1921)
- Update to version 20240107:
* Remove homeoffice.gov.uk (#1909)
* util: gTLD data autopull updates for 2024-01-06T15:12:04 UTC (#1918)
- Update to version 20231213:
* util: gTLD data autopull updates for 2023-12-12T15:13:54 UTC (#1910)
* util: gTLD data autopull updates for 2023-12-06T15:14:08 UTC (#1908)
* Place -v after -C in github actions workflows (#1906)
* Introduce Go Modules to tooling (#1901)
* util: gTLD data autopull updates for 2023-11-21T15:13:46 UTC (#1902)
* Handle EBEROs: Use DelegationDate alongside ContractTerminated (#1894)
* util: gTLD data autopull updates for 2023-11-18T15:11:52 UTC (#1898)
- Update to version 20231108:
* Update public_suffix_list.dat (#1848)
* util: gTLD data autopull updates for 2023-11-03T15:13:18 UTC (#1887)
* Add `torun.pl` (#1684)
- Update to version 20231028:
* util: gTLD data autopull updates for 2023-10-28
* AWS Submissions to the Public Suffix List - Q3 2023
* Add <4-8>.azurestaticapps.net DNS suffix
- Update to version 20230930:
* util: gTLD data autopull updates for 2023-09-30T15:11:25 UTC
* Update .fr list, move some subspaces to PRIVATE section listing of smallregistry.net
* Remove k12.de.us
* Add wix.run
- Update to version 20230826:
* util: gTLD data autopull updates for 2023-08-26T15:11:07 UTC (#1835)
* util: gTLD data autopull updates for 2023-08-23T15:12:41 UTC (#1832)
* Update tld-update.yml (#1827)
* util: gTLD data autopull updates for 2023-08-12T15:10:57 UTC (#1829)
* util: gTLD data autopull updates for 2023-08-09T15:14:39 UTC (#1828)
* tools: include IANA TLD URL in new gtld updates. (#1817)
* util: gTLD data autopull updates for 2023-08-05T15:11:19 UTC (#1822)
* Update tld-update.yml to automatically add labels when autopull catches deltas and generates PR (#1815)
* ci: update test workflow triggers to include PRs. (#1818)
* util: gTLD data autopull updates for 2023-08-02T15:11:59 UTC (#1816)
* unbroke URL assembly
* Add IANA DB URL instead of blanking out contract date
* tools: skip contract date rendering, small CI fixups. (#1812)
* util: gTLD data autopull updates for 2023-07-28T15:13:22 UTC (#1805)
- Update to version 20230717:
* Domains are removed `hidora.com`, `users.scale.virtualcloud.com.br`, `clicketcloud.com` (#1598)
* Add storipress.app (#1583)
- Update to version 20230709:
* util: gTLD data autopull updates for 2023-07-08T15:13:17 UTC (#1796)
* util: gTLD data autopull updates for 2023-07-01T15:13:05 UTC (#1791)
* AWS Submissions to the Public Suffix List - Q1 2023 (#1600)
- Update to version 20230616:
* Add 63 geographical domains for .vn ccTLD (#1776)
* util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778)
* util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777)
- Update to version 20230613:
* Add `{id,io,ai}.vn` for .vn ccTLD in ICANN Section (#1771)
* util: gTLD data autopull updates for 2023-06-10T15:11:56 UTC (#1774)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4384-1
Released: Thu Dec 19 09:05:33 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4394
Released: Fri Dec 20 11:34:44 2024
Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Type: recommended
Severity: moderate
References: 1233014
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
The following package changes have been done:
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- libzypp-17.35.16-150600.3.39.1 updated
- glibc-2.38-150600.14.17.2 updated
- libavahi-common3-0.8-150600.15.6.1 updated
- glibc-locale-base-2.38-150600.14.17.2 updated
- javapackages-filesystem-6.3.4-150200.3.15.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- zypper-1.14.78-150600.10.16.3 updated
- curl-8.6.0-150600.4.15.1 updated
- libudev1-254.20-150600.4.18.2 updated
- libsystemd0-254.20-150600.4.18.2 updated
- libcurl4-8.6.0-150600.4.15.1 updated
- systemd-254.20-150600.4.18.2 updated
- libgmodule-2_0-0-2.78.6-150600.4.8.1 updated
- libgobject-2_0-0-2.78.6-150600.4.8.1 updated
- libipa_hbac0-2.9.3-150600.3.12.1 updated
- libpq5-17.2-150600.13.5.1 updated
- libsolv-tools-0.7.31-150600.8.7.2 updated
- libsss_idmap0-2.9.3-150600.3.12.1 updated
- libsss_nss_idmap0-2.9.3-150600.3.12.1 updated
- libuv1-1.44.2-150500.3.5.1 updated
- openssh-common-9.6p1-150600.6.12.1 updated
- publicsuffix-20241202-150000.3.18.2 updated
- python-rpm-macros-20241120.6ae645f-150400.3.18.1 updated
- release-notes-susemanager-5.0.2.1-150600.11.21.1 updated
- shared-mime-info-2.4-150600.3.3.2 updated
- snmp-mibs-5.9.4-150600.24.5.2 updated
- vim-data-common-9.1.0836-150500.20.15.1 updated
- glibc-locale-2.38-150600.14.17.2 updated
- javapackages-tools-6.3.4-150200.3.15.1 updated
- libavahi-client3-0.8-150600.15.6.1 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- python3-3.6.15-150300.10.78.1 updated
- python3-curses-3.6.15-150300.10.78.1 updated
- postgresql-17-150600.17.6.1 updated
- postgresql16-16.6-150600.16.10.1 updated
- libsss_certmap0-2.9.3-150600.3.12.1 updated
- glibc-devel-2.38-150600.14.17.2 updated
- openssh-fips-9.6p1-150600.6.12.1 updated
- libgio-2_0-0-2.78.6-150600.4.8.1 updated
- glib2-tools-2.78.6-150600.4.8.1 updated
- spacewalk-java-lib-5.0.15-150600.3.11.3 updated
- vim-9.1.0836-150500.20.15.1 updated
- libsnmp40-5.9.4-150600.24.5.2 updated
- hwdata-0.390-150000.3.74.2 updated
- apache2-prefork-2.4.58-150600.5.29.1 updated
- openssh-server-9.6p1-150600.6.12.1 updated
- openssh-clients-9.6p1-150600.6.12.1 updated
- python3-solv-0.7.31-150600.8.7.2 updated
- postgresql-server-17-150600.17.6.1 updated
- postgresql16-server-16.6-150600.16.10.1 updated
- libldb2-2.8.2-150600.3.6.1 updated
- perl-SNMP-5.9.4-150600.24.5.2 updated
- net-snmp-5.9.4-150600.24.5.2 updated
- apache2-2.4.58-150600.5.29.1 updated
- openssh-9.6p1-150600.6.12.1 updated
- grub2-2.12-150600.8.12.1 updated
- grub2-i386-pc-2.12-150600.8.12.1 updated
- postgresql16-contrib-16.6-150600.16.10.1 updated
- postgresql-contrib-17-150600.17.6.1 updated
- sssd-ldap-2.9.3-150600.3.12.1 updated
- sssd-2.9.3-150600.3.12.1 updated
- sssd-krb5-common-2.9.3-150600.3.12.1 updated
- samba-client-libs-4.19.8+git.399.71536ca297e-150600.3.9.6 updated
- grub2-x86_64-efi-2.12-150600.8.12.1 updated
- sssd-krb5-2.9.3-150600.3.12.1 updated
- sssd-dbus-2.9.3-150600.3.12.1 updated
- python3-sssd-config-2.9.3-150600.3.12.1 updated
- sssd-ad-2.9.3-150600.3.12.1 updated
- tomcat-servlet-4_0-api-9.0.97-150200.71.1 updated
- tomcat-el-3_0-api-9.0.97-150200.71.1 updated
- jackson-core-2.17.3-150200.3.19.1 updated
- jackson-annotations-2.17.3-150200.3.19.1 updated
- j2objc-annotations-2.2-150200.5.5.2 updated
- httpcomponents-core-4.4.14-150200.3.9.1 updated
- google-errorprone-annotations-2.26.1-150200.5.8.1 updated
- checker-qual-3.22.0-150200.5.7.2 added
- sssd-tools-2.9.3-150600.3.12.1 updated
- sssd-ipa-2.9.3-150600.3.12.1 updated
- tomcat-jsp-2_3-api-9.0.97-150200.71.1 updated
- jackson-databind-2.17.3-150200.3.23.1 updated
- guava-33.2.1-150200.3.13.2 updated
- python3-firewall-2.0.1-150600.3.5.1 updated
- tomcat-lib-9.0.97-150200.71.1 updated
- jackson-module-jaxb-annotations-2.17.3-150200.5.16.1 updated
- firewalld-2.0.1-150600.3.5.1 updated
- xstream-1.4.21-150200.3.28.1 updated
- httpcomponents-client-4.5.14-150200.3.9.1 updated
- httpcomponents-asyncclient-4.1.4-150400.3.3.1 updated
- fence-agents-4.13.1+git.1704296072.32469f29-150600.3.12.2 updated
- tomcat-9.0.97-150200.71.1 updated
- spacewalk-java-postgresql-5.0.15-150600.3.11.3 updated
- spacewalk-java-config-5.0.15-150600.3.11.3 updated
- spacewalk-taskomatic-5.0.15-150600.3.11.3 updated
- spacewalk-java-5.0.15-150600.3.11.3 updated
- supportutils-plugin-susemanager-5.0.4-150600.3.3.2 updated
More information about the sle-container-updates
mailing list