SUSE-RU-2025:0848-1: moderate: Recommended update for apache-commons-logging

Wed Mar 12 16:30:08 UTC 2025

# Recommended update for apache-commons-logging

Announcement ID: SUSE-RU-2025:0848-1  
Release Date: 2025-03-12T13:23:22Z  
Rating: moderate  
References:

Affected Products:

  * Basesystem Module 15-SP6
  * openSUSE Leap 15.6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that can now be installed.

## Description:

This update for apache-commons-logging fixes the following issues:

  * Upgrade to 1.3.4
  * Bug fix:
    * Fix factory loading from context class loader
  * Upgrade to 1.3.3
  * Bug Fixes:
    * Update Log4j 2 OSGi imports
    * Fix PMD UnnecessaryFullyQualifiedName in SimpleLog.
    * Fix NullPointerException in SimpleLog#write(Object) on null input.
    * Fix NullPointerException in SimpleLog#write(StringBuffer) on null input.
  * Includes changes from 1.3.2
  * Fixed Bugs:
    * Add OSGi metadata to enable Service Loader Mediator
    * Apache commons logging shows 1.4 as latest release instead of 1.3.1.
    * Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable.
  * Includes changes from 1.3.1
  * New features:
    * Add Maven property project.build.outputTimestamp for build reproducibility.
  * Fixed Bugs:
    * Remove references to very old JDK and Commons Logging versions
    * Update from Logj 1 to the Log4j 2 API compatibility layer
    * Allow Servlet 4 in OSGi environment
    * Fix generics warnings
    * Fix Import-Package entry for org.slf4j
  * Includes changes from 1.3.0
  * New Features:
    * Add support for Log4j API and SLF4J
    * Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement.
    * Deprecate and disable `Jdk13LumberjackLogger` and `Log4JLogger`
    * Deprecate and disable `AvalonLogger` and `LogKitLogger`
    * Add Automatic-Module-Name Manifest Header for Java 9 compatibility
  * Fixed Bugs:
    * BufferedReader is not closed properly
    * Remove redundant initializer
    * Use a weak reference for the cached class loader
    * Add more entries to .gitignore file
    * Minor Improvements
    * [StepSecurity] ci: Harden GitHub Actions
    * Replace custom code with `ServiceLoader` call
    * Fix possible NPEs in LogFactoryImpl
    * Fix failing tests
    * Deprecate LogConfigurationException.cause in favor of getCause()
    * Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING.
    * Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD.
    * Set java.logging as optional module
    * Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT.
    * Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement.
  * Reinstate ant build (removed upstream)
  * add build.xml
  * add build.properties
  * Add upstream dev's public key to apache-commons-logging.keyring
  * Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch openSUSE-SLE-15.6-2025-848=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-848=1

## Package List:

  * openSUSE Leap 15.6 (noarch)
    * apache-commons-logging-1.3.4-150200.11.9.1
  * Basesystem Module 15-SP6 (noarch)
    * apache-commons-logging-1.3.4-150200.11.9.1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250312/764c7419/attachment.htm>