<div class="container">
<h1>Recommended update for Java</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2024:0560-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215973">bsc#1215973</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-37460.html">CVE-2023-37460</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-37460</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-37460</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Basesystem Module 15-SP5</li>
<li class="list-group-item">Development Tools Module 15-SP5</li>
<li class="list-group-item">openSUSE Leap 15.5</li>
<li class="list-group-item">SUSE Enterprise Storage 7.1</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Manager Proxy 4.3</li>
<li class="list-group-item">SUSE Manager Retail Branch Server 4.3</li>
<li class="list-group-item">SUSE Manager Server 4.3</li>
<li class="list-group-item">SUSE Manager Server 4.3 Module 4.3</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability can now be installed.</p>
<h2>Description:</h2>
<p>This update for Java fixes the following issues:</p>
<p>plexus-archiver was updated from version 4.2.1 to 4.8.0:</p>
<ul>
<li>
<p>Changes of 4.8.0:</p>
</li>
<li>
<p>Security issues fixed:</p>
<ul>
<li>CVE-2023-37460: Avoid override target symlink by standard file in AbstractUnArchiver (bsc#1215973)</li>
</ul>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Added tzst alias for tar.zst archiver/unarchived</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Detect permissions for addFile</li>
</ul>
</li>
<li>
<p>Maintenance:</p>
<ul>
<li>Removed public modifier from JUnit 5 tests</li>
<li>Use https in scm/url</li>
<li>Removed junit-jupiter-engine from project dependencies</li>
<li>Removed parent and reports menu from site</li>
<li>Cleanup after "veryLargeJar" test</li>
<li>Override project.url</li>
</ul>
</li>
<li>
<p>Changes of 4.7.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Don't apply umask on unknown perms (Win)</li>
</ul>
</li>
<li>
<p>Changes of 4.7.0:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>add umask support and use 022 in RB mode</li>
<li>Use NIO Files for creating temporary files</li>
<li>Deprecate the JAR Index feature (JDK-8302819)</li>
<li>Added Archiver aliases for tar.*</li>
</ul>
</li>
<li>
<p>Maintenance:</p>
<ul>
<li>Use JUnit TempDir to manage temporary files in tests</li>
<li>Override uId and gId for Tar in test</li>
<li>Bump maven-resources-plugin from 2.7 to 3.3.1</li>
</ul>
</li>
<li>
<p>Changes of 4.6.3:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Fixed path traversal vulnerability
The vulnerability affects only directories whose name begins
with the same prefix as the destination directory. For example
malicious archive may extract file in /opt/directory instead
of /opt/dir.</li>
</ul>
</li>
<li>
<p>Changes of 4.6.2:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed regression in handling symbolic links</li>
</ul>
</li>
<li>
<p>Changes of 4.6.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Normalize file separators before warning about equal archive entries</li>
</ul>
</li>
<li>
<p>Changes of 4.6.0:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>keep file/directory permissions in Reproducible Builds mode</li>
</ul>
</li>
<li>
<p>Changes of 4.5.0:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Added zstd (un)archiver support</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed UnArchiver#isOverwrite not working as expected</li>
</ul>
</li>
<li>
<p>Changes of 4.4.0:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Drop legacy plexus API and use only JSR330 components</li>
</ul>
</li>
<li>
<p>Changes of 4.3.0:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Require Java 8</li>
<li>Refactor to use FileTime API</li>
<li>Rename setTime method to setZipEntryTime</li>
<li>Convert InputStreamSupplier to lambdas</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Reproducible Builds not working when using modular jar</li>
</ul>
</li>
<li>
<p>Changes of 4.2.7:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Respect order of META-INF/ and META-INF/MANIFEST.MF entries in a JAR file</li>
</ul>
</li>
<li>
<p>Changes of 4.2.6:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used</li>
<li>Code cleanup</li>
</ul>
</li>
<li>
<p>Changes of 4.2.5:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Speed improvements</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed use of a mismatching Unicode path extra field in zip unarchiving</li>
</ul>
</li>
<li>
<p>Changes of 4.2.4:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed unjustified warning about casing for directory entries</li>
</ul>
</li>
<li>
<p>Changes of 4.2.2:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>DirectoryArchiver fails for symlinks if a parent directory doesn't exist</li>
</ul>
</li>
</ul>
<p>objectweb-asm was updated to version 9.6:</p>
<ul>
<li>
<p>Changes of version 9.6:</p>
</li>
<li>
<p>New Opcodes.V22 constant for Java 22</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Analyzer produces frames that have different locals than those detected by JRE bytecode verifier</li>
<li>Invalid stackmap generated when the instruction stream has new instruction after invokespecial to <init></li>
<li>Analyzer can fail to catch thrown exceptions</li>
<li><code>asm-analysis</code> Frame allocates an array unnecessarily inside <code>executeInvokeInsn</code></li>
<li>Fixed bug in <code>CheckFrameAnalyzer</code> with static methods</li>
</ul>
</li>
<li>
<p>Changes of version 9.5:</p>
</li>
<li>
<p>New Opcodes.V21 constant for Java 21</p>
</li>
<li>New readBytecodeInstructionOffset hook in ClassReader</li>
<li>Added more detailed exception messages</li>
<li>
<p>Javadoc improvements and fixes</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Silent removal of zero-valued entries from the line-number table</li>
</ul>
</li>
<li>
<p>Changes of version 9.4:</p>
</li>
<li>
<p>Changes:</p>
<ul>
<li>New Opcodes.V20 constant for Java 20</li>
<li>Added more checks in CheckClassAdapter</li>
<li>Javadoc improvements and fixes</li>
<li><code>module-info</code> classes can be built without Gradle and Bnd</li>
<li>Parent POM updated to <code>org.ow2:ow2:1.5.1</code></li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<p>+<code>CheckClassAdapter</code> is no longer transparent for MAXLOCALS
+ Added public <code>getDelegate</code> method to all visitor classes
+ Analyzer does not compute optimal maxLocals for static methods
+ Fixed <code>SignatureWriter</code> when a generic type has a depth over 30
+ Skip remap inner class name if not changed in Remapper</p>
</li>
</ul>
<p>maven-archiver was updated from version 3.5.0 to 3.6.1:</p>
<ul>
<li>
<p>Changes of 3.6.1:</p>
</li>
<li>
<p>New Features:</p>
<ul>
<li>Deprecated the JAR Index feature (JDK-8302819)</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Refreshed download page</li>
<li>Prefer JDK features over plexus-utils, plexus-io</li>
</ul>
</li>
<li>
<p>Changes of 3.6.0:</p>
</li>
<li>
<p>Task:</p>
<ul>
<li>Require Java 8</li>
<li>Drop m-shared-utils from deps</li>
</ul>
</li>
</ul>
<p>maven-assembly-plugin was updated from version 3.3.0 to 3.6.0:</p>
<ul>
<li>
<p>Changes of 3.6.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>finalName as readonly parameter makes common usecases very complicated</li>
<li>Symbolic links get copied with absolute path</li>
<li>Warning if using Maven 3.9.1</li>
<li>Minimal default Manifest configuration of jar archiver should be respected</li>
</ul>
</li>
<li>
<p>New Features:</p>
<ul>
<li>Support Zstandard compression format</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>In RB mode, apply 022 umask to ignore environment group write umask</li>
<li>Added system requirements history</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Dropped deprecated repository element</li>
<li>Support running build on Java 20</li>
<li>Refresh download page</li>
<li>Cleanup declared dependencies</li>
<li>Avoid using deprecated methods of <code>plexus-archiver</code></li>
</ul>
</li>
<li>
<p>Changes of 3.5.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>File permissions removed during assembly:single since 3.2.0</li>
</ul>
</li>
<li>
<p>Changes of 3.4.2:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed Excludes filtering</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Fixed examples to refer to https instead of http</li>
</ul>
</li>
<li>
<p>Changes of 3.4.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed error build with shared assemblies</li>
</ul>
</li>
<li>
<p>Changes of 3.4.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>dependencySet includes filter with classifier breaks include of artifacts without classifier</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Speed improvements</li>
<li>Update plugin (requires Maven 3.2.5+)</li>
<li>Assembly plugin resolves too much, even plugins used to build dependencies</li>
<li>Deprecated the repository element in assembly descriptor</li>
<li>Upgraded to Java 8, drop unused dependencies</li>
</ul>
</li>
</ul>
<p>maven-common-artifact-filters was updated from version 3.0.1 to 3.3.2:</p>
<ul>
<li>
<p>Changes of 3.3.2:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>PatternIncludesArtifactFilters raising NPE for patterns w/ wildcards and artifactoid w/ null on any coordinate</li>
</ul>
</li>
<li>
<p>Changes of 3.3.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Pattern w/ 4 elements may be GATV or GATC</li>
</ul>
</li>
<li>
<p>Changes of 3.3.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>null passed to DependencyFilter in EclipseAetherFilterTransformerTest</li>
<li>PatternIncludesArtifactFilter#include(Artifact)</li>
<li>Common Artifact Filters pattern parsing with classifier is broken</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Sanitized dependencies</li>
<li>Upgraded to Maven Parent 36, to Maven 3.2.5, to Java 8 and clean up dependencies</li>
</ul>
</li>
<li>
<p>Changes of 3.2.0:</p>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>Big speed improvements for patterns that do not contain any wildcard</li>
</ul>
</li>
<li>
<p>Changes of 3.1.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Updated JIRA URL for maven-common-artifact-filters</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>Made build Reproducible</li>
</ul>
</li>
<li>
<p>Changes of 3.1.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Several filters do not preserve order of artifacts filtered</li>
</ul>
</li>
</ul>
<p>maven-compiler-plugin was updated from version 3.10.1 to 3.11.0:</p>
<p>Changes of 3.11.0:</p>
<ul>
<li>
<p>New features and improvements:</p>
<ul>
<li>Added a useModulePath switch to the testCompile mojo</li>
<li>Allow dependency exclusions for 'annotationProcessorPaths'</li>
<li>Use maven-resolver to resolve 'annotationProcessorPaths' dependencies</li>
<li>Upgrade plexus-compiler to improve compiling message</li>
<li>compileSourceRoots parameter should be writable</li>
<li>Change showWarnings to true by default</li>
<li>Warn about warn-config conflicting values</li>
<li>Update default source/target from 1.7 to 1.8</li>
<li>Display recompilation causes</li>
<li>Added some parameter to pattern from stale source calculation</li>
<li>Added dedicated option for implicit javac flag</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed incorrect detection of dependency change</li>
<li>Test with Maven 3.9.0 and fix the failing IT</li>
<li>Resolved all annotation processor dependencies together</li>
<li>Defining maven.compiler.release as empty string ends with NumberFormatException in testCompileMojo</li>
<li>Fixed missing dirs in createMissingPackageInfoClasses</li>
<li>Set Xcludes in config passed to actual compiler</li>
</ul>
</li>
</ul>
<p>maven-dependency-analyzer was updated from version 1.10 to 1.13.2:</p>
<ul>
<li>
<p>Changes of 1.13.2:</p>
</li>
<li>
<p>Changes and bugs fixed:</p>
<ul>
<li>Made mvn dependency:analyze work with OpenJDK 11</li>
<li>Fixed jdk8 incompatibility at runtime (NoSuchMethodError)</li>
<li>Upgraded asm to 8.0.1</li>
<li>Use try with resources to avoid leaks</li>
<li>dependency:analyze recommends test scope for test-only artifacts that have non-test scope</li>
<li>remove reference to deprecated public mutable field</li>
<li>Updated JIRA URL</li>
<li>dependency:analyze should recommend narrower scope where possible</li>
<li>Remove dependency on jmock</li>
<li>Inline deprecated field</li>
<li>Added more JavaDoc</li>
<li>Handle different classes from same artifact used by model and test code</li>
<li>Included class names in used undeclared dependencies</li>
<li>Check maximum allowed Maven version</li>
<li>Get rid of maven-plugin-testing-tools for IT test</li>
<li>Require Maven 3.2.5+</li>
<li>Analyze project classes only once</li>
<li>Fixed array parsing</li>
<li>CONSTANT_METHOD_TYPE should not add to classes</li>
<li>Inner classes are in same compilation unit as container class</li>
<li>Upgraded Parent to 36</li>
<li>Cleanup IT tests</li>
<li>Replace Codehaus Plexus utils with java.nio.file.Files and Apache Commons</li>
<li>Fixed bug with "non-test scoped test only dependencies found"</li>
<li>Bump asm from 9.4 to 9.5</li>
<li>Refresh download page</li>
<li>Upgrade Parent to 39</li>
<li>Build on JDK 19, 20</li>
<li>Prefer JDK classes to Plexus utils</li>
<li>Replaced System.out by logger</li>
<li>Fixed java.lang.RuntimeException: Unknown constant pool type</li>
<li>Switched to JUnit 5</li>
<li>Dependency improvements</li>
</ul>
</li>
</ul>
<p>maven-dependency-plugin was updated from version 3.1.2 to 3.6.0:</p>
<ul>
<li>
<p>Changes in 3.6.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Obsolete example of -Dverbose on web page</li>
<li>Unsupported verbose option still appears in docs</li>
<li>dependency:go-offline does not use repositories from parent pom in reactor build</li>
<li>Fixed possible NPE</li>
<li><code>dependency:analyze-only</code> goal fails on OpenJDK 14</li>
<li>FileWriter and FileReader should be replaced</li>
<li>Dependency Plugin go-offline doesn't respect artifact classifier</li>
<li>analyze-only failed: Unsupported class file major version 60 (Java 16)</li>
<li>analyze-only failed: Unsupported class file major version 61 (Java 17)</li>
<li>copy-dependencies fails when using excludeScope=test</li>
<li>mvn dependency:analyze detected wrong transitive dependency</li>
<li>dependency plugin does not work with JDK 16</li>
<li>skip dependency analyze in ear packaging</li>
<li>Non-test dependency reported as Non-test scoped test only dependency</li>
<li>'Dependency not found' with 3.2.0 and Java-17 while analyzing</li>
<li>Tree plugin does not terminate with 3.2.0</li>
<li>Minor improvement - continue</li>
<li>analyze-only failed: PermittedSubclasses requires ASM9</li>
<li>Broken Link to "Introduction to Dependency Mechanism Page"</li>
<li>Sealed classes not supported</li>
<li>Dependency tree in verbose mode for war is empty</li>
<li>Javadoc was not updated to reflect that :tree's verbose option is now ok</li>
<li>error dependency:list (caused by postgresql dependency)</li>
<li>:list-classes does not skip if skip is set</li>
<li>:list-classes does not use GAV parameters</li>
</ul>
</li>
<li>
<p>New Features:</p>
<ul>
<li>Reintroduce the verbose option for dependency:tree</li>
<li>List classes in a given artifact</li>
<li>dependency:analyze should recommend narrower scope where possible</li>
<li>Added analyze parameter "ignoreUnusedRuntime"</li>
<li>Allow ignoring non-test-scoped dependencies</li>
<li>Added a <stripType> option to unpack goals</li>
<li>Allow auto-ignore of all non-test scoped dependencies used only in test scope</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>Unused method o.a.m.p.d.t.TreeMojo.containsVersion</li>
<li>Minor improvements</li>
<li>GitHub Action build improvement</li>
<li>dependency:analyze should list the classes that cause a used undeclared dependency</li>
<li>Improve documentation of analyze - Non-test scoped</li>
<li>Turn warnings into errors instead of failOnWarning</li>
<li>maven-dependency-plugin should leverage plexus-build-api to support IDEs</li>
<li>TestListClassesMojo logs too much</li>
<li>Use outputDirectory from AbstractMavenReport</li>
<li>Removed not used dependencies / Replace parts</li>
<li>list-repositories - improvements</li>
<li>warns about depending on plexus-container-default</li>
<li>Replace AnalyzeReportView with a new AnalyzeReportRenderer</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Removed no longer required exclusions</li>
<li>Java 1.8 as minimum</li>
<li>Explicitly start and end tables with Doxia Sinks in report renderers</li>
<li>Replace Maven shared StringUtils with Commons Lang3</li>
<li>Removed unused and ignored parameter - useJvmChmod</li>
<li>Removed custom plexus configuration</li>
<li>Code refactor - UnpackUtil</li>
<li>Refresh download page</li>
</ul>
</li>
</ul>
<p>maven-dependency-tree was updated from version 3.0.1 to 3.2.1:</p>
<ul>
<li>
<p>Changes in 3.2.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>DependencyCollectorBuilder does not collect dependencies when artifact has 'war' packaging</li>
<li>Transitive provided dependencies are not removed from collected dependency graph</li>
</ul>
</li>
<li>
<p>New Features:</p>
<ul>
<li>DependencyCollectorBuilder more configurable</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>DependencyGraphBuilder does not provide verbose tree</li>
<li>DependencyGraphBuilders shouldn't need reactorProjects for resolving dependencies</li>
<li>Maven31DependencyGraphBuilder should not download dependencies other than the pom</li>
<li>Fixed <code>plexus-component-annotation</code> in line with <code>plexus-component-metadata</code></li>
<li>Upgraded parent to 31</li>
<li>Added functionality to collect raw dependencies in Maven 3+</li>
<li>Annotate DependencyNodes with dependency management metadata</li>
<li>Require Java 8</li>
<li>Upgrade <code>org.eclipse.aether:aether-util</code> dependency in org.apache.maven.shared:maven-dependency-tree</li>
<li>Added Exclusions to DependencyNode</li>
<li>Made build Reproducible</li>
<li>Migrate plexus component to JSR-330</li>
<li>Drop maven 3.0 compatibility</li>
</ul>
</li>
<li>
<p>Dependency upgrade:</p>
<ul>
<li>Upgrade shared-component to version 33</li>
<li>Upgrade Parent to 36</li>
<li>Bump maven-shared-components from 36 to 37</li>
</ul>
</li>
<li>
<p>Removed unnecessary dependency on xmvn tools and parent pom</p>
</li>
</ul>
<p>maven-enforcer was updated to version 3.4.1:</p>
<ul>
<li>
<p>Update to version 3.4.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>In a multi module project "bannedDependencies" rule tries to resolve project artifacts from external repository</li>
<li>Require Release Dependencies ignorant about aggregator build</li>
<li>banDuplicatePomDependencyVersions does not check managementDependencies</li>
<li>Beanshell rule is not thread-safe</li>
<li>RequireSnapshotVersion not compatible with CI Friendly Versions (${revision})</li>
<li>NPE when using new <?m2e execute ?> syntax with maven-enforcer-plugin</li>
<li>Broken links on Maven Enforcer Plugin site</li>
<li>RequirePluginVersions not recognizing versions-from-properties</li>
<li>[REGRESSION] RequirePluginVersions fails when versions are inherited</li>
<li>requireFilesExist rule should be case sensitive</li>
<li>Broken Links on Project Home Page</li>
<li>TestRequireOS uses hamcrest via transitive dependency</li>
<li>plexus-container-default in enforcer-api is very outdated</li>
<li>classifier not included in output of failes RequireUpperBoundDeps test</li>
<li>Exclusions are not considered when looking at parent for requireReleaseDeps</li>
<li>requireUpperBoundDeps does not fail when packaging is 'war'</li>
<li>DependencyConvergence in 3.0.0 fails on provided scoped dependencies</li>
<li>NPE on requireReleaseDeps with non-matching includes</li>
<li>RequireUpperBoundDeps now follow scope provided transitive dependencies</li>
<li>Use currently build artifacts in IT tests</li>
<li>requireReleaseDeps does not support optional dependencies or runtime scope</li>
<li>Enforcer 3.0.0 breaks with Maven 3.8.4</li>
<li>Version 3.1.0 is not enforcing bannedDependencies rules</li>
<li>DependencyConvergence treats provided dependencies are runtime dependencies</li>
<li>Plugin shouldn't use NullPointerException for non-exceptional code flow</li>
<li>NPE in RequirePluginVersions</li>
<li>ReactorModuleConvergence not cached in reactor</li>
<li>RequireUpperBoundDeps fails on provided dependencies since 3.2.1</li>
<li>Problematic dependency resolution by new 'banDynamicVersions' rule</li>
<li>banTransitiveDependencies: failing if a transitive dependencies has another version than the resolved one</li>
<li>Filtering dependency tree by scope</li>
<li>Upgrading to 3.0.0 causes 'Could not build dependency tree' with repositories some unknown protocol</li>
<li>DependencyConvergence in 3.1.0 fails when using version ranges</li>
<li>Semantics of 'ignores' parameter of 'banDynamicVersions' is inverted</li>
<li>Omission of 'excludedScopes' parameter of 'banDynamicVersions' causes NPE</li>
<li>ENFORCER: plugin-info and mojo pages not found</li>
</ul>
</li>
<li>
<p>New Features:</p>
<ul>
<li>requireUpperBounds deps should have includes</li>
<li>Introduce RequireTextFileChecksum with line separator normalization</li>
<li>allow no rules</li>
<li>show rules processed</li>
<li>DependencyConvergence should support including/excluding certain dependencies</li>
<li>Support declaring external banned dependencies in an external file/URL</li>
<li>Maven enforcer rule which checks that all dependencies have an explicit scope set</li>
<li>Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set</li>
<li>Rule for no version ranges, version placeholders or SNAPSHOT versions</li>
<li>Allow one of many files in RequireFiles rules to pass</li>
<li>Skip specific rules</li>
<li>New Enforcer API</li>
<li>New Enforcer API - RuleConfigProvider</li>
<li>Move Built-In Rules to new API</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>wildcard ignore in requireReleaseDeps</li>
<li>Improve documentation about writing own Enforcer Rule</li>
<li>RequireActiveProfile should respect inherited activated profiles</li>
<li>Upgrade maven-dependency-tree to 3.x</li>
<li>Improve dependency resolving in multiple modules project</li>
<li>requireUpperBoundDeps: add [<scope>] and colors to the output</li>
<li>Example for writing a custom rule should be upgraded</li>
<li>Along with JavaVersion, allow enforcement of the JavaVendor</li>
<li>Included Java vendor in display-info output</li>
<li>requireMavenVersion x.y.z is processed as (,x.y.z] instead of [x.y.z,)</li>
<li>Consistently format artifacts same as dependency:tree</li>
<li>Made build Reproducible</li>
<li>Added support for excludes/includes in requireJavaVendor rule</li>
<li>Introduce Maven Enforcer Extension</li>
<li>Extends RequirePluginVersions with banMavenDefaults</li>
<li>Shared GitHub Actions</li>
<li>Log at ERROR level when <fail> is set</li>
<li>Reuse getDependenciesToCheck results across rules</li>
<li>Violation messages can be really hard to find in a multi module project</li>
<li>Clarify class loading for custom Enforcer rules</li>
<li>Using junit jupiter bom instead of single artifacts.</li>
<li>Get rid of maven-dependency-tree dependency</li>
<li>Allow 8 as JDK version for requireJavaVersion</li>
<li>Improve error message for rule "requireJavaVersion"</li>
<li>Include Java Home in Message for Java Rule Failures</li>
<li>Manage all Maven Core dependencies as provided</li>
<li>Mange rules configuration by plugin</li>
<li>Deprecate 'rules' property and introduce 'enforcer.rules' as a replacement</li>
<li>Change success message from executed to passed</li>
<li>EnforcerLogger: Provide isDebugEnabled(), isErrorEnabled(), isWarnEnabled() and isInfoEnabled()</li>
<li>Properly declare dependencies</li>
</ul>
</li>
<li>
<p>Test:</p>
<ul>
<li>Regression test for dependency convergence problem fixed in 3.0.0</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Removed reference to travis or switch to travis.com</li>
<li>Fixed maven assembly links</li>
<li>Require Java 8</li>
<li>Verify working with Maven 4</li>
<li>Code cleanup</li>
<li>Refresh download page</li>
<li>Deprecate display-info mojo</li>
<li>Refresh site descriptors</li>
<li>Superfluous blanks in BanDuplicatePomDependencyVersions</li>
<li>Rename ResolveUtil to ResolverUtil</li>
</ul>
</li>
</ul>
<p>maven-plugin-tools was updated from version 3.6.0 to version 3.9.0:</p>
<ul>
<li>
<p>Changes of version 3.9.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed *-mojo.xml (in PluginXdocGenerator) is overwritten when multiple locales are defined</li>
<li>Generated table by PluginXdocGenerator does not contain default attributes</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>Omit empty line in generated help goal output if plugin description is empty</li>
<li>Use Plexus I18N rather than fiddling with</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Removed reporting from maven-plugin-plugin: create maven-plugin-report-plugin</li>
</ul>
</li>
<li>
<p>Dependency upgrade:</p>
<ul>
<li>Upgrade plugins and components (in ITs)</li>
</ul>
</li>
<li>
<p>Changes of version 3.8.2:</p>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>Used Resolver API, get rid of localRepository</li>
</ul>
</li>
<li>
<p>Dependency upgrade:</p>
<ul>
<li>Bump httpcore from 4.4.15 to 4.4.16</li>
<li>Bump httpclient from 4.5.13 to 4.5.14</li>
<li>Bump antVersion from 1.10.12 to 1.10.13</li>
<li>Bump slf4jVersion from 1.7.5 to 1.7.36</li>
<li>Bump plexus-java from 1.1.1 to 1.1.2</li>
<li>Bump plexus-archiver from 4.6.1 to 4.6.3</li>
<li>Bump jsoup from 1.15.3 to 1.15.4</li>
<li>Bump asmVersion from 9.4 to 9.5</li>
<li>Bump assertj-core from 3.23.1 to 3.24.2</li>
</ul>
</li>
<li>
<p>Changes of version 3.8.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Javadoc reference containing a link label with spaces are not detected</li>
<li>JavadocLinkGenerator.createLink: Support nested binary class names</li>
<li>ERROR during build of m-plugin-report-p and m-plugin-p: Dependencies in wrong scope</li>
<li>"Executes as an aggregator plugin" documentation: s/plugin/goal/</li>
<li>Maven scope warning should be logged at WARN level</li>
<li>Fixed Temporary File Information Disclosure Vulnerability</li>
</ul>
</li>
<li>
<p>New features:</p>
<ul>
<li>Support mojos using the new maven v4 api</li>
</ul>
</li>
<li>
<p>Improvements:</p>
<ul>
<li>Plugin descriptor should contain the requiredJavaVersion/requiredMavenVersion</li>
<li>Execute annotation only supports standard lifecycle phases due to use of enum</li>
<li>Clarify deprecation of all extractors but the maven-plugin-tools-annotations</li>
</ul>
</li>
<li>
<p>Dependency upgrade:</p>
<ul>
<li>Update to Maven Parent POM 39</li>
<li>Bump junit-bom from 5.9.1 to 5.9.2</li>
<li>Bump plexus-archiver from 4.5.0 to 4.6.1</li>
</ul>
</li>
<li>
<p>Changes of version 3.7.1:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Maven scope warning should be logged at WARN level</li>
</ul>
</li>
<li>
<p>Changes of version 3.7.0:</p>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets</li>
<li>Report-Mojo doesn't respect input encoding</li>
<li>Generating site reports for plugin results in
NoSuchMethodError</li>
<li>JDK Requirements in plugin-info.html: Consider property "maven.compiler.release"</li>
<li>Parameters documentation inheriting @ since from Mojo can be confusing</li>
<li>Don't emit warning for missing javadoc URL of primitives</li>
<li>Don't emit warning for missing javadoc URI if no javadoc sources are configured</li>
<li>Parameter description should be taken from annotated item</li>
</ul>
</li>
<li>
<p>New Features:</p>
<ul>
<li>Added link to javadoc in configuration description page for user defined types of Mojos.</li>
<li>Allow only @ Deprecated annotation without @ deprecated javadoc tag</li>
<li>add system requirements history section</li>
<li>report: allow to generate usage section in plugin-info.html with true</li>
<li>Allow @ Parameter on setters methods</li>
<li>Extract plugin report into its own plugin</li>
<li>report: Expose generics information of Collection and Map types</li>
</ul>
</li>
<li>
<p>Improvement:</p>
<ul>
<li>plugin-info.html should contain a better Usage section</li>
<li>Do not overwrite generate files with no content change</li>
<li>Upgrade to JUnit 5 and @ Inject annotations</li>
<li>Support for java 20 - ASM 9.4</li>
<li>Don't print empty Memory, Disk Space in System Requirements</li>
<li>simplification in helpmojo build</li>
<li>Get rid of plexus-compiler-manager from tests</li>
<li>Use Maven core artifacts in provided scope</li>
<li>report and descriptor goal need to evaluate Javadoc comments differently</li>
<li>Allow to reference aggregator javadoc from plugin report</li>
</ul>
</li>
<li>
<p>Task:</p>
<ul>
<li>Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations</li>
<li>Update level to Java 8</li>
<li>Deprecate scripting support for mojos</li>
<li>Deprecate requirements parameter in report Mojo</li>
<li>Removed duplicate code from PluginReport</li>
<li>Prepare for Doxia (Sitetools) 2.0.0</li>
<li>Fixed documentation for maven-plugin-report-plugin</li>
<li>Removed deprecated items from new maven-plugin-report-plugin</li>
<li>Improve site build</li>
<li>Improve dependency management</li>
<li>Plugin generator generation fails when the parent class comes from a different project</li>
</ul>
</li>
<li>
<p>Dependency upgrade:</p>
<ul>
<li>Upgrade Maven Reporting API/Impl to 3.1.0</li>
<li>Upgrade Parent to 36</li>
<li>Upgrade project dependencies after JDK 1.8</li>
<li>Bump maven-parent from 36 to 37</li>
<li>Upgrade Maven Reporting API to 3.1.1/Maven Reporting Impl to 3.2.0</li>
<li>Upgrade plexus-utils to 3.5.0</li>
</ul>
</li>
<li>
<p>Changes of version 3.6.4:</p>
</li>
<li>
<p>Restored compatibility with Maven 3 ecosystem</p>
</li>
<li>
<p>Upgraded dependencies</p>
</li>
<li>
<p>Changes of version 3.6.3:</p>
</li>
<li>
<p>Added prerequisites to plugin pom</p>
</li>
<li>Exclude dependency in provided scope from plugin descriptor</li>
<li>Get rid of String.format use</li>
<li>Fixed this logging as well</li>
<li>Simplify documentation</li>
<li>
<p>Exclude maven-archiver and maven-jxr from warning</p>
</li>
<li>
<p>Changes of version 3.6.2:</p>
</li>
<li>
<p>Deprecated unused requiresReports flag</p>
</li>
<li>Check that Maven dependencies are provided scope</li>
<li>Update ITs</li>
<li>Use shared gh action</li>
<li>Deprecate unsupported Mojo descriptor items</li>
<li>Weed out ITs</li>
<li>Upgrade to maven 3.x and avoid using deprecated API</li>
<li>Drop legacy dependencies</li>
<li>Use shared gh action - v1</li>
<li>
<p>Fixed wording in javadoc</p>
</li>
<li>
<p>Changes of version 3.6.1:</p>
</li>
<li>
<p>What's Changed:</p>
</li>
<li>Added missing @OverRide and make methods static</li>
<li>Upgraded to JUnit 4.12</li>
<li>Upgraded parent POM and other dependencies</li>
<li>Updated plugins</li>
<li>Upgraded Doxia Sitetools to 1.9.2 to remove dependency on Struts</li>
<li>removed Maven 2 info</li>
<li>Removed unneeded dependency</li>
<li>Tighten the dependency tree</li>
<li>Ignore .checkstyle</li>
<li>Strict dependencies for maven-plugin-tools-annotations</li>
<li>Improved @execute(goal...) docs</li>
<li>Improve @execute(lifecycle...) docs</li>
</ul>
<p>plexus-compiler was updated from version 2.11.1 to 2.14.2:</p>
<ul>
<li>
<p>Changes of 2.14.2:</p>
</li>
<li>
<p>Removed:</p>
<ul>
<li>Drop J2ObjC compiler</li>
</ul>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Update AspectJ Compiler to 1.9.21 to support Java 21</li>
<li>Require JDK 17 for build</li>
<li>Improve locking on JavacCompiler</li>
<li>Include 'parameter' and 'preview' describe log</li>
<li>Switch to SISU annotations and plugin, fixes #217</li>
<li>Support jdk 21</li>
<li>Require Maven 3.5.4+</li>
<li>Require Java 11 for plexus-compiler-eclipse an
javac-errorprone and aspectj compilers</li>
<li>Added support to run its with Java 20</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Fixed javac memory leak</li>
<li>Validate zip file names before extracting (Zip Slip)</li>
<li>Restore AbstractCompiler#getLogger() method</li>
<li>Return empty list for not existing source root location</li>
<li>Improve javac error output parsing</li>
</ul>
</li>
<li>
<p>Changes of 2.13.0:</p>
</li>
<li>
<p>New features and improvements:</p>
<ul>
<li>Fully ignore any possible jdk bug</li>
<li>MCOMPILER-402: Added implicitOption to CompilerConfiguration</li>
<li>Added a custom compile argument
replaceProcessorPathWithProcessorModulePath to force the
plugin replace processorPath with processormodulepath</li>
<li>describe compiler configuration on run</li>
<li>simplify "Compiling" info message: display relative path</li>
</ul>
</li>
<li>
<p>Bugs fixed:</p>
<ul>
<li>Respect CompilerConfiguration.sourceFiles in
EclipseJavaCompiler</li>
<li>Avoid NPE in AspectJCompilerTest on AspectJ 1.9.8+</li>
</ul>
</li>
<li>
<p>Dependency updates:</p>
<ul>
<li>Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6</li>
<li>Bump error_prone_core from 2.11.0 to 2.13.1</li>
<li>Bump github/codeql-action from 1 to 2</li>
<li>Bump ecj from 3.28.0 to 3.29.0</li>
<li>Bump release-drafter/release-drafter from 5.18.1 to 5.19.0</li>
<li>Bump ecj from 3.29.0 to 3.30.0</li>
<li>Bump maven-invoker-plugin from 3.2.2 to 3.3.0</li>
<li>Bump maven-enforcer-plugin from 3.0.0 to 3.1.0</li>
<li>Bump error_prone_core from 2.13.1 to 2.14.0</li>
<li>Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7</li>
<li>Bump ecj from 3.31.0 to 3.32.0</li>
<li>Bump junit-bom from 5.9.0 to 5.9.1</li>
<li>Bump ecj from 3.30.0 to 3.31.0</li>
<li>Bump groovy from 3.0.12 to 3.0.13</li>
<li>Bump groovy-json from 3.0.12 to 3.0.13</li>
<li>Bump groovy-xml from 3.0.12 to 3.0.13</li>
<li>Bump animal-sniffer-maven-plugin from 1.21 to 1.22</li>
<li>Bump error_prone_core from 2.14.0 to 2.15.0</li>
<li>Bump junit-bom from 5.8.2 to 5.9.0</li>
<li>Bump groovy-xml from 3.0.11 to 3.0.12</li>
<li>Bump groovy-json from 3.0.11 to 3.0.12</li>
<li>Bump groovy from 3.0.11 to 3.0.12</li>
</ul>
</li>
<li>
<p>Maintenance:</p>
<ul>
<li>Require Maven 3.2.5</li>
</ul>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP2
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP4
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Manager Proxy 4.3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Manager Retail Branch Server 4.3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Manager Server 4.3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Enterprise Storage 7.1
<br/>
<code>zypper in -t patch SUSE-Storage-7.1-2024-560=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.5
<br/>
<code>zypper in -t patch openSUSE-SLE-15.5-2024-560=1</code>
</li>
<li class="list-group-item">
Basesystem Module 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-560=1</code>
</li>
<li class="list-group-item">
Development Tools Module 15-SP5
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Manager Server 4.3 Module 4.3
<br/>
<code>zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-560=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
<br/>
<code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-560=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Manager Proxy 4.3 (noarch)
<ul>
<li>objectweb-asm-9.6-150200.3.11.3</li>
</ul>
</li>
<li>
SUSE Manager Retail Branch Server 4.3 (noarch)
<ul>
<li>objectweb-asm-9.6-150200.3.11.3</li>
</ul>
</li>
<li>
SUSE Manager Server 4.3 (noarch)
<ul>
<li>objectweb-asm-9.6-150200.3.11.3</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
openSUSE Leap 15.5 (noarch)
<ul>
<li>maven-dependency-analyzer-1.13.2-150200.3.7.2</li>
<li>maven-enforcer-javadoc-3.4.1-150200.3.7.2</li>
<li>maven-common-artifact-filters-javadoc-3.3.2-150200.3.7.3</li>
<li>maven-dependency-analyzer-javadoc-1.13.2-150200.3.7.2</li>
<li>maven-plugin-tools-annotations-3.9.0-150200.3.7.3</li>
<li>maven-dependency-plugin-3.6.0-150200.3.7.2</li>
<li>maven-enforcer-api-3.4.1-150200.3.7.2</li>
<li>maven-plugin-tools-beanshell-3.9.0-150200.3.7.3</li>
<li>maven-enforcer-rules-3.4.1-150200.3.7.2</li>
<li>plexus-compiler-javadoc-2.14.2-150200.3.9.2</li>
<li>maven-archiver-javadoc-3.6.1-150200.3.7.3</li>
<li>objectweb-asm-javadoc-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-assembly-plugin-3.6.0-150200.3.7.2</li>
<li>maven-plugin-tools-ant-3.9.0-150200.3.7.3</li>
<li>maven-plugin-plugin-javadoc-3.9.0-150200.3.7.5</li>
<li>maven-enforcer-plugin-3.4.1-150200.3.7.2</li>
<li>maven-assembly-plugin-javadoc-3.6.0-150200.3.7.2</li>
<li>maven-plugin-tools-api-3.9.0-150200.3.7.3</li>
<li>maven-plugin-tools-javadoc-3.9.0-150200.3.7.3</li>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>maven-dependency-plugin-javadoc-3.6.0-150200.3.7.2</li>
<li>maven-plugin-plugin-3.9.0-150200.3.7.5</li>
<li>maven-plugin-plugin-bootstrap-3.9.0-150200.3.7.1</li>
<li>maven-plugin-tools-model-3.9.0-150200.3.7.3</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-script-ant-3.9.0-150200.3.7.3</li>
<li>plexus-archiver-javadoc-4.8.0-150200.3.7.2</li>
<li>maven-dependency-tree-javadoc-3.2.1-150200.3.7.2</li>
<li>maven-plugin-tools-generators-3.9.0-150200.3.7.3</li>
<li>maven-dependency-tree-3.2.1-150200.3.7.2</li>
<li>maven-plugin-tools-java-3.9.0-150200.3.7.3</li>
<li>plexus-compiler-extras-2.14.2-150200.3.9.2</li>
<li>maven-compiler-plugin-javadoc-3.11.0-150200.3.7.1</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>maven-compiler-plugin-bootstrap-3.11.0-150200.3.7.1</li>
<li>maven-enforcer-3.4.1-150200.3.7.2</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
<li>maven-script-beanshell-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
Basesystem Module 15-SP5 (noarch)
<ul>
<li>objectweb-asm-9.6-150200.3.11.3</li>
</ul>
</li>
<li>
Development Tools Module 15-SP5 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Manager Server 4.3 Module 4.3 (noarch)
<ul>
<li>objectweb-asm-9.6-150200.3.11.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
<ul>
<li>maven-compiler-plugin-3.11.0-150200.3.7.1</li>
<li>plexus-archiver-4.8.0-150200.3.7.2</li>
<li>maven-common-artifact-filters-3.3.2-150200.3.7.3</li>
<li>objectweb-asm-9.6-150200.3.11.3</li>
<li>maven-archiver-3.6.1-150200.3.7.3</li>
<li>plexus-compiler-2.14.2-150200.3.9.2</li>
<li>maven-plugin-annotations-3.9.0-150200.3.7.3</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-37460.html">https://www.suse.com/security/cve/CVE-2023-37460.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1215973">https://bugzilla.suse.com/show_bug.cgi?id=1215973</a>
</li>
</ul>
</div>