SUSE-CU-2025:1478-1: Security update of bci/openjdk-devel
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sun Mar 2 08:10:21 UTC 2025
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1478-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.15 , bci/openjdk-devel:latest
Container Release : 33.15
Severity : moderate
Type : security
References : 1237431 CVE-2025-26597
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:739-1
Released: Fri Feb 28 11:09:44 2025
Summary: Security update for libX11
Type: security
Severity: moderate
References: 1237431,CVE-2025-26597
This update for libX11 fixes the following issues:
- CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in
XkbChangeTypesOfKey() (bsc#1237431).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:745-1
Released: Fri Feb 28 15:54:49 2025
Summary: Recommended update for apache-commons-cli
Type: recommended
Severity: moderate
References:
This update for apache-commons-cli fixes the following issues:
- Update to 1.9.0:
* New features:
+ Add OptionGroup.isSelected().
+ You can now extend HelpFormatter.Builder.
+ Add 'since' attribute to Option to track when an Option was
introduced
* Fixed bugs:
+ Fix Javadoc pathing
+ Updated properties documentation #285.
+ Deprecation not always reported #284.
+ Replace internal StringBuffer with StringBuilder.
* Updates:
+ Bump org.apache.commons:commons-parent from 70 to 72
- Update to 1.8.0:
* Fix Javadoc pathing
- Updated apache-commons-cli-build.xml to new version.
- Update to 1.7:
* New features:
- Add and use a Converter interface and implementations without
using BeanUtils
- Add Maven property project.build.outputTimestamp for build
reproducibility.
- Add '-' as an option char and implemented extensive tests
- Make adding OptionGroups and Options to existing Options
easier
- Added Supplier; defaults for getParsedOptionValue
- Make Option.getKey() public
- Add builder factory CommandLine#builder().
* Fixes:
- Inconsistent behavior in key/value pairs (Java property
style). Util.stripLeadingAndTrailingQuotes(String).
- Awkward behavior of Option.builder() for multiple optional args.
- Properties from multiple arguments with value separator.
- Fix for expected textual date values.
- Option.Builder.option('') should throw IllegalArgumentException instead of
ArrayIndexOutOfBoundsException.
- Avoid NullPointerException in CommandLine.getOptionValues(Option|String).
* Updates:
- Bump commons-parent from 64 to 69
- Update the tests to JUnit 5
- Bump tests commons-io:commons-io from 2.16.0 to 2.16.1
- Includes changes from version 1.6:
* Fixes:
- [StepSecurity] ci: Harden GitHub Actions
- Inconsistent date format in changes report.
- Fix NPE in CommandLine.resolveOption(String).
- CommandLine.addOption(Option) should not allow a null Option.
- CommandLine.addArgs(String) should not allow a null String.
- Site docs: 'Usage Scenarios' refers to deprecated methods.
- NullPointerException thrown by CommandLineParser.parse().
- StringIndexOutOfBoundsException thrown by CommandLineParser.parse().
* Updates:
- Fix SpotBugs Error: Medium: Method intentionally throws
RuntimeException. [org.apache.commons.cli.Option] At
Option.java:[lines 417-423]
THROWS_METHOD_THROWS_RUNTIMEEXCEPTION
- Fix SpotBugs Error: Medium: Method intentionally throws
RuntimeException. [org.apache.commons.cli.Option] At
Option.java:[lines 446-450] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION
- Fix SpotBugs Error: Medium: Method intentionally throws
RuntimeException. [org.apache.commons.cli.Option] At
Option.java:[lines 474-478] THROWS_METHOD_THROWS_RUNTIMEEXCEPTION
- Use EMPTY_STRING_ARRAY constant.
- Fix site links that are broken
- Add github/codeql-action.
- Use %patch -P N instead of deprecated %patchN.
- Build with java source/target levels 8
The following package changes have been done:
- libX11-data-1.8.7-150600.3.3.1 updated
- libX11-6-1.8.7-150600.3.3.1 updated
- apache-commons-cli-1.9.0-150200.3.9.1 updated
- container:bci-openjdk-21-1cf3769b8140397370c85970dd91618401e9ff7aae4ed119707b610a1488a6a0-0 updated
More information about the sle-container-updates
mailing list