SUSE-CU-2023:1427-1: Security update of bci/openjdk-devel
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri May 5 07:07:08 UTC 2023
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:1427-1
Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.83 , bci/openjdk-devel:latest
Container Release : 14.83
Severity : important
Type : security
References : 1193795 CVE-2021-42550
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2097-1
Released: Thu May 4 09:11:06 2023
Summary: Security update for maven and recommended update for antlr3, minlog, sbt, xmvn
Type: security
Severity: important
References: 1193795,CVE-2021-42550
This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues:
maven:
- Version update from 3.8.5 to 3.8.6 (jsc#SLE-23217):
* Security fixes:
+ CVE-2021-42550: Update Version of (optional) Logback (bsc#1193795)
* Bug fixes:
+ Fix resolver session containing non-MavenWorkspaceReader
+ Fix for multiple maven instances working on same source tree that can lock each other
+ Don't ignore bin/ otherwise bin/ in apache-maven module cannot be added back
+ Fix IllegalStateException in SessionScope during guice injection in multithreaded build
+ Revert MNG-7347 (SessionScoped beans should be singletons for a given session)
+ Fix compilation failure with relocated transitive dependency
+ Fix deadlock during forked lifecycle executions
+ Fix issue with resolving dependencies between submodules
* New features and improvements:
+ Create a multiline message helper for boxed log messages
+ Display a warning when an aggregator mojo is locking other mojo executions
+ Align Assembly Descriptor NS versions
* Dependency upgrades:
+ Upgrade SLF4J to 1.7.36
+ Upgrade JUnit to 4.13.2
+ Upgrade Plexus Utils to 3.3.1
- Move mvn.1 from bin to man directory
antlr3:
- Bug fixes in this version update from 3.5.2 to 3.5.3 (jsc#SLE-23217):
* Change source compatibility to 1.8 and enable github workflows
* Change Wiki URLs to theantlrguy.atlassian.net in README.txt
* Add Bazel support
- Remove enforcer plugin as it is not needed in a controlled environment
minlog:
- Bug fixes in this version update from 1.3.0 to 1.3.1 (jsc#SLE-23217):
* Use currentTimeMillis
* Use 3-Clause BSD
* Use Java 7 JDK.
sbt:
- Fix build issues with maven 3.8.6 (jsc#SLE-23217)
xmvn:
- Remove RPM package build dependency on easymock (jsc#SLE-23217)
The following package changes have been done:
- maven-lib-3.8.6-150200.4.9.8 updated
- maven-3.8.6-150200.4.9.8 updated
- container:bci-openjdk-17-15.4.17-13.44 updated
More information about the sle-security-updates
mailing list