SUSE-RU-2026:20979-1: moderate: Recommended update for plexus-pom, plexus-io, plexus-interactivity, plexus-compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven-resources-plugin
SLE-UPDATES
null at suse.de
Thu Apr 9 16:31:26 UTC 2026
# Recommended update for plexus-pom, plexus-io, plexus-interactivity, plexus-
compiler, plexus-archiver, modello, maven-surefire, maven-resolver, junit5,
byte-buddy, sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io,
plexus-testing, maven-shade-plugin, jdependency, maven-filtering, maven-
resources-plugin
Announcement ID: SUSE-RU-2026:20979-1
Release Date: 2026-03-27T15:56:31Z
Rating: moderate
References:
Affected Products:
* SUSE Linux Enterprise Server - BCI 16.0
An update that can now be installed.
## Description:
This update for plexus-pom, plexus-io, plexus-interactivity, plexus-compiler,
plexus-archiver, modello, maven-surefire, maven-resolver, junit5, byte-buddy,
sisu, xmlgraphics-commons, xmlgraphics-fop, apache-commons-io, plexus-testing,
maven-shade-plugin, jdependency, maven-filtering, maven-resources-plugin fixes
the following issues:
Changes in plexus-pom:
Upgrade to version 25 and 24
* New features and improvements
* Configure njord publisher and releaseURL in pom
* add Reproducible Central report
Upgrade to version 23 and 22
* Breaking changes
* Prepare for publishing via the Central Portal
Upgrade to version 21
* New features and improvements
* Add maven-dependency-plugin to pluginManagement
* Align Spotless check/apply with Maven parent
Upgrade to version 20
* New features and improvements
* Enforce minimal Java version
* Accept all line endings in spotless
* Spotless plugin - format .md files
* Apply formatting with spotless-plugin by default
* Sync license header with ASF
Upgrade to version 19
* Breaking changes
* Remove org.apache.maven.plugin-tools:maven-plugin-annotations from dependencyManagement
* New features and improvements
* Use bestPractices for gpg plugin
* Drop using passphrase for maven-gpg-plugin
* Skip empty report for taglist-maven-plugin
Upgrade to version 18
* New features and improvements
* Skip empty surefire and pmd reports
* Disable site descriptor publishing by child projects
* Warning about usage of deprecated API by compiler
* Maven compiler - disable annotation processing by default
* Upgrade to version 17
* New features and improvements
* Add default Specification and Implementation entries in jar manifest
* Add maven-invoker-plugin to pluginManagement
* Upgrade to version 16
* New features and improvements
* Introduce minimalMavenBuildVersion property
* Use default executor for m-release-p
* Upgrade to version 15
* Bug Fixes
* Update spotless plugin palantir dependency to 2.35.0 to work with Java 21
* Maintenance
* Replace plexus-component-metadata plugin (deprecated) with Sisu
Changes in plexus-io:
Upgrade to version 3.6.0
* Maintenance
* JUnit Jupiter best practices
* Replace FileUtils.deleteDirectory(File) with JDK provided API
* Close DeferredFileOutputStream to prevent FileNotFoundException on temp files
* Handle IOException when retrieving file ownership on WSL2 network drives
Changes in plexus-interactivity:
Upgrade to version 1.5.1
* Maintenance
* JUnit Jupiter best practices
Changes in plexus-compiler:
Upgrade to upstream release 2.16.2
* Bug Fixes
* Fixed ConcurrentModificationException on compilerArguments
Upgrade to upstream release 2.16.1
* Bug Fixes
* Fix detecting java version for JDK 1.8
* # 420: fix detection of java version when JAVA_TOOL_OPTIONS
is set
Upgrade to upstream release 2.16.0
* New features and improvements
* Added 3 MSVC csharp compiler options
* Bump ErrorProne to 2.37.0 - requires Java 17
* Bug Fixes
* Fix Zip Slip vulnerability in JAR extraction
* Fixed wrong excludes management
* Maintenance
* Replace FileUtils.deleteDirectory(File) with JDK provided API
* chore: remove junit3 references
* Update Java version checks to include JDK 25
* Include JDK 24 in CI
* Apply spotless re-formatting
* Create codeql.yml
* Pass tests with Java 22 and 23
Changes in plexus-archiver:
Upgrade to upstream version 4.11.0
* New features and improvements
* Replace PlexusIoZipFileResourceCollection with PlexusArchiverZipFileResourceCollection for non-JAR formats
* Bug Fixes
* Revert "Utilize VT if possible
* Fix AbstractZipUnArchiver handling of zip entries with unspecified modification time
* Fix AbstractArchiver.getFiles() to return forward slashes for ZIP-based archivers
* Reduce heap usage in Zip archiver to prevent OutOfMemoryError in CI builds
* Maintenance
* Convert to Markdown and compare to Commons Compress
* JUnit Jupiter best practices
* Replace FileUtils.deleteDirectory(File) with JDK provided API
Changes in modello:
Upgrade to upstream version 2.6.0
* New features and improvements
* Fix XSD generator to respect required field attribute
* Give access to XmlModelMetadata from velocity helper
* Fix multiplicity=1 for simple type associations in Reader/Writer generators
* Bug Fixes
* Fix Root class name conflict in JDOM writer generator
Changes in maven-surefire:
Upgrade to 3.5.5
* New features and improvements
* Replace runing external process and parsing output with simple ProcessHandle if available (Java9+)
* Pass slf4j context to spawned thread
* SUREFIRE-3239: allow override of statistics file checksum
* Reduce log level for skipped tests result to info
* Bug Fixes
* Use PowerShell instead of WMIC for detecting zombie process on Windows. Please note if you are using Windows with Java 8 and not PowerShell you have options to: use Java 9+, install PowerShell or stay on Surefire 3.5.4
* Properly work with test failures caused during beforeAll phase
* Documentation updates
* Clarify how late placeholder replacement (@{...}) deals with
Changes in maven-resolver:
Update to upstream version 1.9.27
* Bug Fixes
* Sync TrackingFileManager with 2.x
Update to upstream version 1.9.26
* New features and improvements
* GH-1773: Treat 410 Gone as 404 Not Found
* GH-1737: Revert partially parallel upload change
* Bug Fixes
* GH-1768; Drastically simplify auth caching
* [1.9.x] Bug: GH-1703 Locally cached artifacts defy RRF
* Documentation updates
* Clarify that HTTP Transport uses Apache HTTP Client
Changes in junit5:
Update to upstream version 5.14.2
* Principal changes:
* Introduce @ClassTemplate and @ParameterizedClass support in JUnit Jupiter
* Access to ParameterInfo for JUnit Jupiter extensions
* New @SentenceFragment annotation for use with IndicativeSentences display name generator
* Add --redirect-stdout and --redirect-stderr options to ConsoleLauncher
* Introduce test discovery support in EngineTestKit
* Reporting of discovery issues for test engines
* Resource management for launcher sessions and execution requests
* GraalVM: removal of native-image.properties files from JARs
* Bug fixes and other minor improvements
* Deprecations along with new APIs to ease migration to JUnit 6
Changes in sisu:
Upgrade to upstream release 1.0.0
* Changes
* Get rid of ancient logback
* Source formatting and license headers
* Modernize codebase
* Build with Java 25
* Remove "Incubation" from bundle names
Changes in apache-commons-io:
Upgrade to 2.21.0
* New features
* FileUtils#byteCountToDisplaySize() supports Zettabyte, Yottabyte, Ronnabyte and Quettabyte
* Add org.apache.commons.io.FileUtils.ONE_RB
* Add org.apache.commons.io.FileUtils.ONE_QB
* Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], int, int, long)
* Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(byte[], long)
* Add org.apache.commons.io.output.ProxyOutputStream .writeRepeat(int, long)
* Add length unit support in FileSystem limits
* Add IOUtils.toByteArray(InputStream, int, int) for safer chunked reading with size validation
* Add org.apache.commons.io.file.PathUtils.getPath(String, String)
* Add org.apache.commons.io.channels .ByteArraySeekableByteChannel
* Add IOIterable.asIterable()
* Add NIO channel support to 'AbstractStreamBuilder'
* Add CloseShieldChannel to close-shielded NIO Channels
* Added IOUtils.checkFromIndexSize as a Java 8 backport of Objects.checkFromIndexSize
* Fixed Bugs
* When testing on Java 21 and up, enable -XX:+EnableDynamicAgentLoading
* When testing on Java 24 and up, don't fail FileUtilsListFilesTest for a different behavior in the JRE
* ValidatingObjectInputStream does not validate dynamic proxy interfaces
* BoundedInputStream.getRemaining() now reports Long.MAX_VALUE instead of 0 when no limit is set
* BoundedInputStream.available() correctly accounts for the maximum read limit
* Deprecate IOUtils.readFully(InputStream, int) in favor of toByteArray(InputStream, int)
* IOUtils.toByteArray(InputStream) now throws IOException on byte array overflow
* Javadoc general improvements
* IOUtils.toByteArray() now throws EOFException when not enough data is available
* Fix IOUtils.skip() usage in concurrent scenarios
* [javadoc] Fix XmlStreamReader Javadoc to indicate the correct class that is built
* Removed
* Inline private constant field ProxyInputStream.exceptionHandler
Upgrade to 2.20.0
* New features
* Add org.apache.commons.io.file.CountingPathVisitor .accept(Path, BasicFileAttributes)
* Add org.apache.commons.io.Charsets.isAlias(Charset, String)
* Add org.apache.commons.io.Charsets.isUTF8(Charset)
* Add org.apache.commons.io.Charsets.toCharsetDefault(String, Charset)
* Add Tailer ignoreTouch option
* Fixed Bugs
* [javadoc] Rename parameter of ProxyOutputStream.write(int)
* CopyDirectoryVisitor ignores fileFilter
* org.apache.commons.io.build.AbstractOrigin.getReader(Charset) now maps a null Charset to the default Charset
* org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getReader(Charset) now maps a null Charset to the default Charset
* org.apache.commons.io.build.AbstractOrigin.ByeArrayOrigin .getReader(Charset) now maps a null Charset to the default Charset
* org.apache.commons.io.build.AbstractOrigin.InputStreamOrigin .getReader(Charset) now maps a null Charset to the default Charset
* org.apache.commons.io.build.AbstractOrigin.getWriter(Charset) now maps a null Charset to the default Charset
* org.apache.commons.io.build.AbstractOrigin .AbstractRandomAccessFileOrigin.getWriter(Charset) now maps a null Charset to the default Charset
* org.apache.commons.io.build.AbstractOrigin.OutputStreamOrigin .getWriter(Charset) now maps a null Charset to the default Charset
* FileUtils.readLines(File, Charset) now maps a null Charset to the default Charset
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream, org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 77] Another occurrence at WindowsLineEndingInputStream.java:[line 81] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 112] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.WindowsLineEndingInputStream] At WindowsLineEndingInputStream.java:[line 113] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 75] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atEos" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 120] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashCr" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 124] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "atSlashLf" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.UnixLineEndingInputStream] At UnixLineEndingInputStream.java:[line 125] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "closed" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.ProxyInputStream] At ProxyInputStream.java:[line 233] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* Fix SpotBugs [ERROR] Medium: Shared primitive variable "propagateClose" in one thread may not yield the value of the most recent write from another thread [org.apache.commons.io.input.BoundedInputStream] At BoundedInputStream.java:[line 555] AT_STALE_THREAD_WRITE_OF_PRIMITIVE
* QueueInputStream reads all but the first byte without waiting
* Javadoc fixes and improvements
* Avoid NPE in org.apache.commons.io.filefilter.WildcardFilter .accept(File)
* FileUtils.forceDelete can delete a broken symlink again
* Fix infinite loop in AbstractByteArrayOutputStream
* Changes
* Bump commons.bytebuddy.version from 1.17.5 to 1.17.6
* Bump org.apache.commons:commons-parent from 81 to 85
* Bump org.apache.commons:commons-lang3 from 3.17.0 to 3.18.0
Upgrade to 2.19.0
* New features
* Add ThrottledInputStream.Builder.setMaxBytes(long, ChronoUnit)
* Add IOIterable
* ReversedLinesFileReader implements IOIterable<String>
* Add AbstractByteArrayOutputStream.write(CharSequence, Charset)
* Add AbstractByteArrayOutputStream.write(byte[])
* Add RandomAccessFileOutputStream.getRandomAccessFile()
* Add ProxyInputStream.setReference(InputStream), was package-private setIn(InputStream)
* Add ProxyOutputStream.setReference(OutputStream)
* Add RandomAccessFileInputStream.copy(long, long, OutputStream)
* Add ProxyOutputStream.Builder
* Add ByteOrderMark.matches(int[])
* Add BrokenOutputStream.BrokenOutputStream(Function<String>, Throwable>) and deprecate Supplier<String> constructor
* Add IOBooleanSupplier
* Add Uncheck.getAsBoolean(IOBooleanSupplier)
* Add FileChannels.contentEquals(SeekableByteChannel, SeekableByteChannel, int)
* Add FileChannels.contentEquals(ReadableByteChannel, ReadableByteChannel, int)
* Add SimplePathVisitor.AbstractBuilder
* Add CountingPathVisitor.AbstractBuilder and CountingPathVisitor.Builder
* Add AccumulatorPathVisitor.Builder and builder()
* Add PathUtils.contentEquals(FileSystem, FileSystem)
* Fixed Bugs
* Deprecate constructor Counters.Counters() to be private in 4.0
* Deprecate constructor Charsets.Charsets() to be private in 4.0
* Pick up maven-antrun-plugin version from parent POM org.apache:apache
* Javadoc is missing its Overview page
* Remove -nouses directive from maven-bundle-plugin. OSGi package imports now state 'uses' definitions for package imports, this doesn't affect JPMS (from org.apache.commons:commons-parent:80)
* Deprecate DeferredFileOutputStream.getStream() in favor of getOutputStream()
* Improve Javadoc for a BoundedInputStream builder() throwing IOException
* Improve Javadoc for all implementations of AbstractOriginSupplier#get()
* The Consumer to IOUtils.closeQuietly(Closeable, Consumer) now accepts Exception, not just IOException
* The Consumer to IOUtils.close(Closeable, IOConsumer) now accepts wrapped Exception, not just IOException
* Use Uncheck.getAsBoolean(IOBooleanSupplier) to avoid boxing and unboxing of boolean values
* Avoid unnecessary boxing and unboxing of long values in FileUtils.sizeOf(File)
* Avoid unnecessary boxing and unboxing of int values in UncheckedBufferedReader.read()
* Avoid unnecessary boxing and unboxing of int values in UncheckedFilterInputStream.available() and read()
* Avoid unnecessary boxing and unboxing of int values in UncheckedFilterReader.read()
* FileChannels.contentEquals(FileChannel, FileChannel, int) can return false when comparing a non-blocking channel
* Deprecate FileChannels.contentEquals(FileChannel, FileChannel, int) in favor of FileChannels .contentEquals(SeekableByteChannel, SeekableByteChannel, int)
* Improve performance of IOUtils.contentEquals(InputStream, InputStream) by about 13%
* PathUtils.copyFileToDirectory() across file systems
* IOUtils.contentEquals is incorrect when InputStream.available under-reports
* java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToFileTime(FileTimes.java:164). See also https://issues.apache.org/jira/browse/MDEP-978
* java.lang.ArithmeticException: long overflow java.lang.Math .addExact(Math.java:932) at org.apache.commons.io.file .attribute.FileTimes.ntfsTimeToDate(long)
* FileTimes.toNtfsTime(*) methods can overflow result values
* Fix Javadoc for ChunkedOutputStream.Builder
* General Javadoc improvements
* Calling QueueInputStream.QueueInputStream(null) maps to the same kind of default blocking queue as QueueInputStream.Builder.setBlockingQueue(null)
* CopyDirectoryVisitor creates incorrect file names when copying between different file systems that use different file system separators ("/" versus "\"); fixes PathUtils.copyDirectory(Path, Path, CopyOption...)
* ThreadUtils.sleep(Duration) should handle the underlying OS time changing
Changes in maven-filtering:
Upgrade to upstream version 3.5.0:
* New features and improvements
+ Introduce ChangeDetection
+ Use Release Drafter from shared and improvements
* Bug Fixes
+ Issue 289: filter file names one component at a time on 3.x
branch
Changes in maven-resource-plugins:
Upgrade to version 3.5.0:
* New features and improvements
+ Bug: use change detecton strategies
* Maintenance
+ Add IT for Issue 444
+ Migration to JUnit 5 - avoid using AbstractMojoTestCase
+ Cleanup deps
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server - BCI 16.0
zypper in -t patch SUSE-SLES-16.0-459=1
## Package List:
* SUSE Linux Enterprise Server - BCI 16.0 (noarch)
* maven-resolver-transport-classpath-1.9.27-160000.1.1
* plexus-pom-25-160000.1.1
* junit5-5.14.2-160000.1.1
* maven-surefire-plugin-3.5.5-160000.1.1
* maven-failsafe-plugin-3.5.5-160000.1.1
* apache-commons-io-javadoc-2.21.0-160000.1.1
* plexus-archiver-javadoc-4.11.0-160000.1.1
* maven-resolver-javadoc-1.9.27-160000.1.1
* apache-commons-io-2.21.0-160000.1.1
* maven-surefire-provider-testng-3.5.5-160000.1.1
* maven-filtering-3.5.0-160000.1.1
* maven-filtering-javadoc-3.5.0-160000.1.1
* junit5-bom-5.14.2-160000.1.1
* maven-resources-plugin-javadoc-3.5.0-160000.1.1
* modello-maven-plugin-javadoc-2.6.0-160000.1.1
* maven-resolver-transport-http-1.9.27-160000.1.1
* sisu-javadoc-1.0.0-160000.1.1
* xmlgraphics-commons-javadoc-2.10-160000.3.1
* maven-resolver-transport-wagon-1.9.27-160000.1.1
* maven-resolver-util-1.9.27-160000.1.1
* maven-resolver-transport-file-1.9.27-160000.1.1
* byte-buddy-javadoc-1.18.3-160000.2.1
* maven-surefire-provider-junit5-3.5.5-160000.1.1
* plexus-compiler-2.16.2-160000.1.1
* maven-surefire-plugins-javadoc-3.5.5-160000.1.1
* junit5-minimal-javadoc-5.14.2-160000.1.1
* maven-resolver-test-util-1.9.27-160000.1.1
* maven-surefire-provider-junit-3.5.5-160000.1.1
* modello-javadoc-2.6.0-160000.1.1
* maven-surefire-javadoc-3.5.5-160000.1.1
* maven-resolver-1.9.27-160000.1.1
* maven-resolver-impl-1.9.27-160000.1.1
* byte-buddy-maven-plugin-1.18.3-160000.2.1
* sisu-inject-1.0.0-160000.1.1
* modello-2.6.0-160000.1.1
* maven-surefire-report-plugin-3.5.5-160000.1.1
* plexus-io-3.6.0-160000.1.1
* junit5-minimal-5.14.2-160000.1.1
* byte-buddy-agent-1.18.3-160000.2.1
* sisu-mojos-1.0.0-160000.1.1
* plexus-interactivity-api-1.5.1-160000.1.1
* sisu-mojos-javadoc-1.0.0-160000.1.1
* maven-resolver-spi-1.9.27-160000.1.1
* plexus-archiver-4.11.0-160000.1.1
* plexus-interactivity-javadoc-1.5.1-160000.1.1
* byte-buddy-1.18.3-160000.2.1
* maven-surefire-report-parser-3.5.5-160000.1.1
* maven-resources-plugin-3.5.0-160000.1.1
* maven-resolver-named-locks-1.9.27-160000.1.1
* maven-resolver-connector-basic-1.9.27-160000.1.1
* plexus-compiler-javadoc-2.16.2-160000.1.1
* maven-surefire-provider-junit5-javadoc-3.5.5-160000.1.1
* junit5-javadoc-5.14.2-160000.1.1
* maven-resolver-api-1.9.27-160000.1.1
* xmlgraphics-fop-2.10-160000.3.1
* xmlgraphics-commons-2.10-160000.3.1
* maven-surefire-3.5.5-160000.1.1
* plexus-io-javadoc-3.6.0-160000.1.1
* plexus-compiler-extras-2.16.2-160000.1.1
* modello-maven-plugin-2.6.0-160000.1.1
* sisu-plexus-1.0.0-160000.1.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260409/b03c8a3a/attachment.htm>
More information about the sle-updates
mailing list