SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2837-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-20.18 , bci/openjdk-devel:latest Container Release : 20.18 Severity : important Type : security References : 1188441 1225551 CVE-2024-4741 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:1664-1 Released: Thu May 16 07:56:10 2024 Summary: Feature update for Java Type: feature Severity: moderate References: This update for byte-buddy, javadoc-parser, jurand, modulemaker-maven-plugin, open-test-reporting, plexus-xml fixes the following issues: byte-buddy: - New RPM package implementation at version 1.14.13 javadoc-parser: - New RPM package implementation at version 0.3.1 jurand: - New RPM package implementation at version 1.3.2 modulemaker-maven-plugin: - New RPM package implementation at version 1.11 open-test-reporting: - New RPM package implementation at version 0.1.0-M2 plexus-xml: - New RPM package implementation at version 3.0.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2000-1 Released: Wed Jun 12 05:43:59 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: javadoc-parser: - Deliver javadoc-parser RPM package to meet new dependency requirements (no source changes) maven-filtering was updated to version 3.3.2: - Build against the plexus-build-api0 package containing sonatype plexus build api - Version 3.3.2: * Changes: + pick correct hamcrest dependency + Prefer commons lang to plexus utils + MSHARED-1214: move tag back to HEAD + MSHARED-1216: Use caching output stream + Bump org.codehaus.plexus:plexus-utils from 3.0.16 to 3.0.24 in /src/test/resources + Fix typos and grammar + Fix 'licenced' typo in PR template + refactor IncrementalResourceFilteringTest + MSHARED-1340: Require Maven 3.6.3+ + Bump commons-io:commons-io from 2.11.0 to 2.15.1 + Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 + MSHARED-1339: Bump org.apache.maven.shared:maven-shared-components from 39 to 41 + MSHARED-1290: Fix PropertyUtils cycle detection results in false positives + MSHARED-1285: use an up-to-date scanner instead the newscanner + Bump org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 + Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 + Bump release-drafter/release-drafter from 5 to 6 + Bump org.junit.jupiter:junit-jupiter-api from 5.10.1 to 5.10.2 + MSHARED-1351: Fix console message when origin is baseDir + MSHARED-1050: Fix ConcurrentModificationException for maven-filtering + MSHARED-1330: Always overwrite files - Version 3.3.1: * Changes: + MSHARED-1175: Copying x resources from rel/path to rel/path + MSHARED-1213: Bug: filtering existing but 0 byte file + MSHARED-1199: Upgrade parent pom to 39 + MSHARED-1112: Ignore setting permissions on non existing dest files/symlinks + MSHARED-1144: remove rendundant error message - Version 3.3.0: * Changes: + Fixed cloning of MavenResourcesExecution's instances using copyOf() method + MRESOURCES-258: Copying and filtering logic is delegated to FileUtils + replace deprecated methods + replace deprecated code in favor of Java 7 core and apache commons libraries declare dependencies + MSHARED-1080: Parent POM 36, Java8, drop legacy. maven-plugin-tools: - Build against the plexus-build-api0 package containing sonatype plexus build api - Added dependency on plexus-xml where relevant modello was updated to version 2.4.0: - Build against the new codehaus plexus build api 1.2.0 - Build all modello plugins - Version 2.4.0: * New features and improvements: + Keep license structure + Support addition of license header to generated files + Make generated code - Java 8 based by default + threadsafety * Bugs fixed: + Revert snakeyaml to 1.33 (as 2.x is not fully compatible with 1.x). - Version 2.3.0: * Changes: + Kill off dead Plexus + Fix for #366 - Version 2.2.0: * Changes: + Parse javadoc tags in xdoc generator (only @since is supported atm) + Use generic in Xpp3Reader for JDK 5+ + Get rid of usage deprecated Reader/WriterFactory + Make spotless plugin work with Java 21 + Support java source property being discovered as 1.x + Fix thread safety issues by not using singletons for generators + Improve discovering javaSource based on maven.compiler properties, default as 8 + Switch Plexus Annotation to JSR-330 + Make spotless plugin work with Java 21 - Add dependency on plexus-xml where relevant plexus-build-api was updated to version 1.2.0: - Version 1.2.0: * Potentially breaking changes: + change package to org.codehaus.plexus.build * New features and improvements: + Convert to JSR 330 component + Bump sisu-maven-plugin from 0.3.5 to 0.9.0.M2 + Switch to parent 13 and reformat + Use a CachingOutputStream when using the build context + Reuse plexus-pom action for CI + Add README and LICENSE + Remove ThreadBuildContext * Bugs fixed: + Store Objects in the DefaultContext in a map + Let the DefaultBuildContext delegate to the legacy build-api plexus-build-api0 was implemented at version 0.0.8: - New package plexus-xml: - Deliver plexus-xml RPM package to meet new dependency requirements (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2079-1 Released: Wed Jun 19 05:41:08 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Gradle and Maven fixes the following issues: gradle-bootstrap: - Regenerate to account for the new plexus-xml dependency gradle: - Fixed build with the `plexus-xml` split from plexus-utils maven-artifact-transfer: - Added dependency on `plexus-xml` where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-assembly-plugin, maven-doxia, maven-doxia-sitetools, maven-install-plugin, maven-javadoc-plugin, maven-plugin-testing, maven-resolver, maven: - Added dependency on `plexus-xml` where relevant ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated - maven-resolver-api-1.9.18-150200.3.20.1 updated - plexus-xml-3.0.0-150200.5.5.1 added - maven-resolver-util-1.9.18-150200.3.20.1 updated - maven-resolver-spi-1.9.18-150200.3.20.1 updated - maven-resolver-named-locks-1.9.18-150200.3.20.1 updated - maven-resolver-transport-file-1.9.18-150200.3.20.1 updated - maven-resolver-connector-basic-1.9.18-150200.3.20.1 updated - maven-resolver-transport-wagon-1.9.18-150200.3.20.1 updated - maven-resolver-impl-1.9.18-150200.3.20.1 updated - maven-resolver-transport-http-1.9.18-150200.3.20.1 updated - maven-lib-3.9.6-150200.4.24.2 updated - maven-3.9.6-150200.4.24.2 updated - container:bci-openjdk-17-15.5.17-23.2 updated