SUSE-CU-2025:1786-1: Recommended update of containers/apache-tomcat
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Mar 13 08:13:38 UTC 2025
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1786-1
Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.41
Container Release : 62.41
Severity : moderate
Type : recommended
References :
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:848-1
Released: Wed Mar 12 14:23:16 2025
Summary: Recommended update for apache-commons-logging
Type: recommended
Severity: moderate
References:
This update for apache-commons-logging fixes the following issues:
- Upgrade to 1.3.4
* Bug fix:
+ Fix factory loading from context class loader
- Upgrade to 1.3.3
* Bug Fixes:
+ Update Log4j 2 OSGi imports
+ Fix PMD UnnecessaryFullyQualifiedName in SimpleLog.
+ Fix NullPointerException in SimpleLog#write(Object) on null
input.
+ Fix NullPointerException in SimpleLog#write(StringBuffer) on
null input.
- Includes changes from 1.3.2
* Fixed Bugs:
+ Add OSGi metadata to enable Service Loader Mediator
+ Apache commons logging shows 1.4 as latest
release instead of 1.3.1.
+ Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable.
- Includes changes from 1.3.1
* New features:
+ Add Maven property project.build.outputTimestamp for build
reproducibility.
* Fixed Bugs:
+ Remove references to very old JDK and Commons Logging
versions
+ Update from Logj 1 to the Log4j 2 API compatibility layer
+ Allow Servlet 4 in OSGi environment
+ Fix generics warnings
+ Fix Import-Package entry for org.slf4j
- Includes changes from 1.3.0
* New Features:
+ Add support for Log4j API and SLF4J
+ Deprecate org.apache.commons.logging.impl.WeakHashtable
without replacement.
+ Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger`
+ Deprecate and disable `AvalonLogger` and `LogKitLogger`
+ Add Automatic-Module-Name Manifest Header for
Java 9 compatibility
* Fixed Bugs:
+ BufferedReader is not closed properly
+ Remove redundant initializer
+ Use a weak reference for the cached class loader
+ Add more entries to .gitignore file
+ Minor Improvements
+ [StepSecurity] ci: Harden GitHub Actions
+ Replace custom code with `ServiceLoader` call
+ Fix possible NPEs in LogFactoryImpl
+ Fix failing tests
+ Deprecate LogConfigurationException.cause in favor of
getCause()
+ Fix SpotBugs [ERROR] High: Found reliance on default encoding
in org.apache.commons.logging.LogFactory.initDiagnostics():
new java.io.PrintStream(OutputStream)
[org.apache.commons.logging.LogFactory] At
LogFactory.java:[line 1205] DM_DEFAULT_ENCODING.
+ Fix SpotBugs [ERROR] Medium: Class
org.apache.commons.logging.impl.WeakHashtable defines
non-transient non-serializable instance field queue
[org.apache.commons.logging.impl.WeakHashtable] In
WeakHashtable.java SE_BAD_FIELD.
+ Set java.logging as optional module
+ Fix SpotBugs [ERROR] Medium: Switch statement found in
org.apache.commons.logging.impl.SimpleLog.log(int, Object,
Throwable) where default case is missing
[org.apache.commons.logging.impl.SimpleLog] At
SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT.
+ Deprecate
org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel
without replacement.
- Reinstate ant build (removed upstream)
* add build.xml
* add build.properties
- Add upstream dev's public key to apache-commons-logging.keyring
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
The following package changes have been done:
- apache-commons-logging-1.3.4-150200.11.9.1 updated
More information about the sle-container-updates
mailing list