Recommended update for Java

Announcement ID: SUSE-RU-2024:0560-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2023-37460 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2023-37460 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Basesystem Module 15-SP5
  • Development Tools Module 15-SP5
  • openSUSE Leap 15.5
  • SUSE Enterprise Storage 7.1
  • SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  • SUSE Linux Enterprise Desktop 15 SP5
  • SUSE Linux Enterprise High Performance Computing 15 SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15 SP3
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
  • SUSE Linux Enterprise Server 15 SP3
  • SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3
  • SUSE Manager Server 4.3 Module 4.3

An update that solves one vulnerability can now be installed.

Description:

This update for Java fixes the following issues:

plexus-archiver was updated from version 4.2.1 to 4.8.0:

  • Changes of 4.8.0:

  • Security issues fixed:

    • CVE-2023-37460: Avoid override target symlink by standard file in AbstractUnArchiver (bsc#1215973)

  • New features and improvements:

    • Added tzst alias for tar.zst archiver/unarchived

  • Bugs fixed:

    • Detect permissions for addFile

  • Maintenance:

    • Removed public modifier from JUnit 5 tests
    • Use https in scm/url
    • Removed junit-jupiter-engine from project dependencies
    • Removed parent and reports menu from site
    • Cleanup after "veryLargeJar" test
    • Override project.url

  • Changes of 4.7.1:

  • Bugs fixed:

    • Don't apply umask on unknown perms (Win)

  • Changes of 4.7.0:

  • New features and improvements:

    • add umask support and use 022 in RB mode
    • Use NIO Files for creating temporary files
    • Deprecate the JAR Index feature (JDK-8302819)
    • Added Archiver aliases for tar.*

  • Maintenance:

    • Use JUnit TempDir to manage temporary files in tests
    • Override uId and gId for Tar in test
    • Bump maven-resources-plugin from 2.7 to 3.3.1

  • Changes of 4.6.3:

  • New features and improvements:

    • Fixed path traversal vulnerability The vulnerability affects only directories whose name begins with the same prefix as the destination directory. For example malicious archive may extract file in /opt/directory instead of /opt/dir.

  • Changes of 4.6.2:

  • Bugs fixed:

    • Fixed regression in handling symbolic links

  • Changes of 4.6.1:

  • Bugs fixed:

    • Normalize file separators before warning about equal archive entries

  • Changes of 4.6.0:

  • New features and improvements:

    • keep file/directory permissions in Reproducible Builds mode

  • Changes of 4.5.0:

  • New features and improvements:

    • Added zstd (un)archiver support

  • Bugs fixed:

    • Fixed UnArchiver#isOverwrite not working as expected

  • Changes of 4.4.0:

  • New features and improvements:

    • Drop legacy plexus API and use only JSR330 components

  • Changes of 4.3.0:

  • New features and improvements:

    • Require Java 8
    • Refactor to use FileTime API
    • Rename setTime method to setZipEntryTime
    • Convert InputStreamSupplier to lambdas

  • Bugs fixed:

    • Reproducible Builds not working when using modular jar

  • Changes of 4.2.7:

  • New features and improvements:

    • Respect order of META-INF/ and META-INF/MANIFEST.MF entries in a JAR file

  • Changes of 4.2.6:

  • New features and improvements:

    • FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used
    • Code cleanup

  • Changes of 4.2.5:

  • New features and improvements:

    • Speed improvements

  • Bugs fixed:

    • Fixed use of a mismatching Unicode path extra field in zip unarchiving

  • Changes of 4.2.4:

  • Bugs fixed:

    • Fixed unjustified warning about casing for directory entries

  • Changes of 4.2.2:

  • Bugs fixed:

    • DirectoryArchiver fails for symlinks if a parent directory doesn't exist

objectweb-asm was updated to version 9.6:

  • Changes of version 9.6:

  • New Opcodes.V22 constant for Java 22

  • Bugs fixed:

    • Analyzer produces frames that have different locals than those detected by JRE bytecode verifier
    • Invalid stackmap generated when the instruction stream has new instruction after invokespecial to <init>
    • Analyzer can fail to catch thrown exceptions
    • asm-analysis Frame allocates an array unnecessarily inside executeInvokeInsn
    • Fixed bug in CheckFrameAnalyzer with static methods

  • Changes of version 9.5:

  • New Opcodes.V21 constant for Java 21

  • New readBytecodeInstructionOffset hook in ClassReader
  • Added more detailed exception messages

  • Javadoc improvements and fixes

  • Bugs fixed:

    • Silent removal of zero-valued entries from the line-number table

  • Changes of version 9.4:

  • Changes:

    • New Opcodes.V20 constant for Java 20
    • Added more checks in CheckClassAdapter
    • Javadoc improvements and fixes
    • module-info classes can be built without Gradle and Bnd
    • Parent POM updated to org.ow2:ow2:1.5.1

  • Bugs fixed:

    +CheckClassAdapter is no longer transparent for MAXLOCALS + Added public getDelegate method to all visitor classes + Analyzer does not compute optimal maxLocals for static methods + Fixed SignatureWriter when a generic type has a depth over 30 + Skip remap inner class name if not changed in Remapper

maven-archiver was updated from version 3.5.0 to 3.6.1:

  • Changes of 3.6.1:

  • New Features:

    • Deprecated the JAR Index feature (JDK-8302819)

  • Task:

    • Refreshed download page
    • Prefer JDK features over plexus-utils, plexus-io

  • Changes of 3.6.0:

  • Task:

    • Require Java 8
    • Drop m-shared-utils from deps

maven-assembly-plugin was updated from version 3.3.0 to 3.6.0:

  • Changes of 3.6.0:

  • Bugs fixed:

    • finalName as readonly parameter makes common usecases very complicated
    • Symbolic links get copied with absolute path
    • Warning if using Maven 3.9.1
    • Minimal default Manifest configuration of jar archiver should be respected

  • New Features:

    • Support Zstandard compression format

  • Improvements:

    • In RB mode, apply 022 umask to ignore environment group write umask
    • Added system requirements history

  • Task:

    • Dropped deprecated repository element
    • Support running build on Java 20
    • Refresh download page
    • Cleanup declared dependencies
    • Avoid using deprecated methods of plexus-archiver

  • Changes of 3.5.0:

  • Bugs fixed:

    • File permissions removed during assembly:single since 3.2.0

  • Changes of 3.4.2:

  • Bugs fixed:

    • Fixed Excludes filtering

  • Task:

    • Fixed examples to refer to https instead of http

  • Changes of 3.4.1:

  • Bugs fixed:

    • Fixed error build with shared assemblies

  • Changes of 3.4.0:

  • Bugs fixed:

    • dependencySet includes filter with classifier breaks include of artifacts without classifier

  • Task:

    • Speed improvements
    • Update plugin (requires Maven 3.2.5+)
    • Assembly plugin resolves too much, even plugins used to build dependencies
    • Deprecated the repository element in assembly descriptor
    • Upgraded to Java 8, drop unused dependencies

maven-common-artifact-filters was updated from version 3.0.1 to 3.3.2:

  • Changes of 3.3.2:

  • Bugs fixed:

    • PatternIncludesArtifactFilters raising NPE for patterns w/ wildcards and artifactoid w/ null on any coordinate

  • Changes of 3.3.1:

  • Bugs fixed:

    • Pattern w/ 4 elements may be GATV or GATC

  • Changes of 3.3.0:

  • Bugs fixed:

    • null passed to DependencyFilter in EclipseAetherFilterTransformerTest
    • PatternIncludesArtifactFilter#include(Artifact)
    • Common Artifact Filters pattern parsing with classifier is broken

  • Task:

    • Sanitized dependencies
    • Upgraded to Maven Parent 36, to Maven 3.2.5, to Java 8 and clean up dependencies

  • Changes of 3.2.0:

  • Improvements:

    • Big speed improvements for patterns that do not contain any wildcard

  • Changes of 3.1.1:

  • Bugs fixed:

    • Updated JIRA URL for maven-common-artifact-filters

  • Improvements:

    • Made build Reproducible

  • Changes of 3.1.0:

  • Bugs fixed:

    • Several filters do not preserve order of artifacts filtered

maven-compiler-plugin was updated from version 3.10.1 to 3.11.0:

Changes of 3.11.0:

  • New features and improvements:

    • Added a useModulePath switch to the testCompile mojo
    • Allow dependency exclusions for 'annotationProcessorPaths'
    • Use maven-resolver to resolve 'annotationProcessorPaths' dependencies
    • Upgrade plexus-compiler to improve compiling message
    • compileSourceRoots parameter should be writable
    • Change showWarnings to true by default
    • Warn about warn-config conflicting values
    • Update default source/target from 1.7 to 1.8
    • Display recompilation causes
    • Added some parameter to pattern from stale source calculation
    • Added dedicated option for implicit javac flag

  • Bugs fixed:

    • Fixed incorrect detection of dependency change
    • Test with Maven 3.9.0 and fix the failing IT
    • Resolved all annotation processor dependencies together
    • Defining maven.compiler.release as empty string ends with NumberFormatException in testCompileMojo
    • Fixed missing dirs in createMissingPackageInfoClasses
    • Set Xcludes in config passed to actual compiler

maven-dependency-analyzer was updated from version 1.10 to 1.13.2:

  • Changes of 1.13.2:

  • Changes and bugs fixed:

    • Made mvn dependency:analyze work with OpenJDK 11
    • Fixed jdk8 incompatibility at runtime (NoSuchMethodError)
    • Upgraded asm to 8.0.1
    • Use try with resources to avoid leaks
    • dependency:analyze recommends test scope for test-only artifacts that have non-test scope
    • remove reference to deprecated public mutable field
    • Updated JIRA URL
    • dependency:analyze should recommend narrower scope where possible
    • Remove dependency on jmock
    • Inline deprecated field
    • Added more JavaDoc
    • Handle different classes from same artifact used by model and test code
    • Included class names in used undeclared dependencies
    • Check maximum allowed Maven version
    • Get rid of maven-plugin-testing-tools for IT test
    • Require Maven 3.2.5+
    • Analyze project classes only once
    • Fixed array parsing
    • CONSTANT_METHOD_TYPE should not add to classes
    • Inner classes are in same compilation unit as container class
    • Upgraded Parent to 36
    • Cleanup IT tests
    • Replace Codehaus Plexus utils with java.nio.file.Files and Apache Commons
    • Fixed bug with "non-test scoped test only dependencies found"
    • Bump asm from 9.4 to 9.5
    • Refresh download page
    • Upgrade Parent to 39
    • Build on JDK 19, 20
    • Prefer JDK classes to Plexus utils
    • Replaced System.out by logger
    • Fixed java.lang.RuntimeException: Unknown constant pool type
    • Switched to JUnit 5
    • Dependency improvements

maven-dependency-plugin was updated from version 3.1.2 to 3.6.0:

  • Changes in 3.6.0:

  • Bugs fixed:

    • Obsolete example of -Dverbose on web page
    • Unsupported verbose option still appears in docs
    • dependency:go-offline does not use repositories from parent pom in reactor build
    • Fixed possible NPE
    • dependency:analyze-only goal fails on OpenJDK 14
    • FileWriter and FileReader should be replaced
    • Dependency Plugin go-offline doesn't respect artifact classifier
    • analyze-only failed: Unsupported class file major version 60 (Java 16)
    • analyze-only failed: Unsupported class file major version 61 (Java 17)
    • copy-dependencies fails when using excludeScope=test
    • mvn dependency:analyze detected wrong transitive dependency
    • dependency plugin does not work with JDK 16
    • skip dependency analyze in ear packaging
    • Non-test dependency reported as Non-test scoped test only dependency
    • 'Dependency not found' with 3.2.0 and Java-17 while analyzing
    • Tree plugin does not terminate with 3.2.0
    • Minor improvement - continue
    • analyze-only failed: PermittedSubclasses requires ASM9
    • Broken Link to "Introduction to Dependency Mechanism Page"
    • Sealed classes not supported
    • Dependency tree in verbose mode for war is empty
    • Javadoc was not updated to reflect that :tree's verbose option is now ok
    • error dependency:list (caused by postgresql dependency)
    • :list-classes does not skip if skip is set
    • :list-classes does not use GAV parameters

  • New Features:

    • Reintroduce the verbose option for dependency:tree
    • List classes in a given artifact
    • dependency:analyze should recommend narrower scope where possible
    • Added analyze parameter "ignoreUnusedRuntime"
    • Allow ignoring non-test-scoped dependencies
    • Added a <stripType> option to unpack goals
    • Allow auto-ignore of all non-test scoped dependencies used only in test scope

  • Improvements:

    • Unused method o.a.m.p.d.t.TreeMojo.containsVersion
    • Minor improvements
    • GitHub Action build improvement
    • dependency:analyze should list the classes that cause a used undeclared dependency
    • Improve documentation of analyze - Non-test scoped
    • Turn warnings into errors instead of failOnWarning
    • maven-dependency-plugin should leverage plexus-build-api to support IDEs
    • TestListClassesMojo logs too much
    • Use outputDirectory from AbstractMavenReport
    • Removed not used dependencies / Replace parts
    • list-repositories - improvements
    • warns about depending on plexus-container-default
    • Replace AnalyzeReportView with a new AnalyzeReportRenderer

  • Task:

    • Removed no longer required exclusions
    • Java 1.8 as minimum
    • Explicitly start and end tables with Doxia Sinks in report renderers
    • Replace Maven shared StringUtils with Commons Lang3
    • Removed unused and ignored parameter - useJvmChmod
    • Removed custom plexus configuration
    • Code refactor - UnpackUtil
    • Refresh download page

maven-dependency-tree was updated from version 3.0.1 to 3.2.1:

  • Changes in 3.2.1:

  • Bugs fixed:

    • DependencyCollectorBuilder does not collect dependencies when artifact has 'war' packaging
    • Transitive provided dependencies are not removed from collected dependency graph

  • New Features:

    • DependencyCollectorBuilder more configurable

  • Improvements:

    • DependencyGraphBuilder does not provide verbose tree
    • DependencyGraphBuilders shouldn't need reactorProjects for resolving dependencies
    • Maven31DependencyGraphBuilder should not download dependencies other than the pom
    • Fixed plexus-component-annotation in line with plexus-component-metadata
    • Upgraded parent to 31
    • Added functionality to collect raw dependencies in Maven 3+
    • Annotate DependencyNodes with dependency management metadata
    • Require Java 8
    • Upgrade org.eclipse.aether:aether-util dependency in org.apache.maven.shared:maven-dependency-tree
    • Added Exclusions to DependencyNode
    • Made build Reproducible
    • Migrate plexus component to JSR-330
    • Drop maven 3.0 compatibility

  • Dependency upgrade:

    • Upgrade shared-component to version 33
    • Upgrade Parent to 36
    • Bump maven-shared-components from 36 to 37

  • Removed unnecessary dependency on xmvn tools and parent pom

maven-enforcer was updated to version 3.4.1:

  • Update to version 3.4.1:

  • Bugs fixed:

    • In a multi module project "bannedDependencies" rule tries to resolve project artifacts from external repository
    • Require Release Dependencies ignorant about aggregator build
    • banDuplicatePomDependencyVersions does not check managementDependencies
    • Beanshell rule is not thread-safe
    • RequireSnapshotVersion not compatible with CI Friendly Versions (${revision})
    • NPE when using new <?m2e execute ?> syntax with maven-enforcer-plugin
    • Broken links on Maven Enforcer Plugin site
    • RequirePluginVersions not recognizing versions-from-properties
    • [REGRESSION] RequirePluginVersions fails when versions are inherited
    • requireFilesExist rule should be case sensitive
    • Broken Links on Project Home Page
    • TestRequireOS uses hamcrest via transitive dependency
    • plexus-container-default in enforcer-api is very outdated
    • classifier not included in output of failes RequireUpperBoundDeps test
    • Exclusions are not considered when looking at parent for requireReleaseDeps
    • requireUpperBoundDeps does not fail when packaging is 'war'
    • DependencyConvergence in 3.0.0 fails on provided scoped dependencies
    • NPE on requireReleaseDeps with non-matching includes
    • RequireUpperBoundDeps now follow scope provided transitive dependencies
    • Use currently build artifacts in IT tests
    • requireReleaseDeps does not support optional dependencies or runtime scope
    • Enforcer 3.0.0 breaks with Maven 3.8.4
    • Version 3.1.0 is not enforcing bannedDependencies rules
    • DependencyConvergence treats provided dependencies are runtime dependencies
    • Plugin shouldn't use NullPointerException for non-exceptional code flow
    • NPE in RequirePluginVersions
    • ReactorModuleConvergence not cached in reactor
    • RequireUpperBoundDeps fails on provided dependencies since 3.2.1
    • Problematic dependency resolution by new 'banDynamicVersions' rule
    • banTransitiveDependencies: failing if a transitive dependencies has another version than the resolved one
    • Filtering dependency tree by scope
    • Upgrading to 3.0.0 causes 'Could not build dependency tree' with repositories some unknown protocol
    • DependencyConvergence in 3.1.0 fails when using version ranges
    • Semantics of 'ignores' parameter of 'banDynamicVersions' is inverted
    • Omission of 'excludedScopes' parameter of 'banDynamicVersions' causes NPE
    • ENFORCER: plugin-info and mojo pages not found

  • New Features:

    • requireUpperBounds deps should have includes
    • Introduce RequireTextFileChecksum with line separator normalization
    • allow no rules
    • show rules processed
    • DependencyConvergence should support including/excluding certain dependencies
    • Support declaring external banned dependencies in an external file/URL
    • Maven enforcer rule which checks that all dependencies have an explicit scope set
    • Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set
    • Rule for no version ranges, version placeholders or SNAPSHOT versions
    • Allow one of many files in RequireFiles rules to pass
    • Skip specific rules
    • New Enforcer API
    • New Enforcer API - RuleConfigProvider
    • Move Built-In Rules to new API

  • Improvements:

    • wildcard ignore in requireReleaseDeps
    • Improve documentation about writing own Enforcer Rule
    • RequireActiveProfile should respect inherited activated profiles
    • Upgrade maven-dependency-tree to 3.x
    • Improve dependency resolving in multiple modules project
    • requireUpperBoundDeps: add [<scope>] and colors to the output
    • Example for writing a custom rule should be upgraded
    • Along with JavaVersion, allow enforcement of the JavaVendor
    • Included Java vendor in display-info output
    • requireMavenVersion x.y.z is processed as (,x.y.z] instead of [x.y.z,)
    • Consistently format artifacts same as dependency:tree
    • Made build Reproducible
    • Added support for excludes/includes in requireJavaVendor rule
    • Introduce Maven Enforcer Extension
    • Extends RequirePluginVersions with banMavenDefaults
    • Shared GitHub Actions
    • Log at ERROR level when <fail> is set
    • Reuse getDependenciesToCheck results across rules
    • Violation messages can be really hard to find in a multi module project
    • Clarify class loading for custom Enforcer rules
    • Using junit jupiter bom instead of single artifacts.
    • Get rid of maven-dependency-tree dependency
    • Allow 8 as JDK version for requireJavaVersion
    • Improve error message for rule "requireJavaVersion"
    • Include Java Home in Message for Java Rule Failures
    • Manage all Maven Core dependencies as provided
    • Mange rules configuration by plugin
    • Deprecate 'rules' property and introduce 'enforcer.rules' as a replacement
    • Change success message from executed to passed
    • EnforcerLogger: Provide isDebugEnabled(), isErrorEnabled(), isWarnEnabled() and isInfoEnabled()
    • Properly declare dependencies

  • Test:

    • Regression test for dependency convergence problem fixed in 3.0.0

  • Task:

    • Removed reference to travis or switch to travis.com
    • Fixed maven assembly links
    • Require Java 8
    • Verify working with Maven 4
    • Code cleanup
    • Refresh download page
    • Deprecate display-info mojo
    • Refresh site descriptors
    • Superfluous blanks in BanDuplicatePomDependencyVersions
    • Rename ResolveUtil to ResolverUtil

maven-plugin-tools was updated from version 3.6.0 to version 3.9.0:

  • Changes of version 3.9.0:

  • Bugs fixed:

    • Fixed *-mojo.xml (in PluginXdocGenerator) is overwritten when multiple locales are defined
    • Generated table by PluginXdocGenerator does not contain default attributes

  • Improvements:

    • Omit empty line in generated help goal output if plugin description is empty
    • Use Plexus I18N rather than fiddling with

  • Task:

    • Removed reporting from maven-plugin-plugin: create maven-plugin-report-plugin

  • Dependency upgrade:

    • Upgrade plugins and components (in ITs)

  • Changes of version 3.8.2:

  • Improvements:

    • Used Resolver API, get rid of localRepository

  • Dependency upgrade:

    • Bump httpcore from 4.4.15 to 4.4.16
    • Bump httpclient from 4.5.13 to 4.5.14
    • Bump antVersion from 1.10.12 to 1.10.13
    • Bump slf4jVersion from 1.7.5 to 1.7.36
    • Bump plexus-java from 1.1.1 to 1.1.2
    • Bump plexus-archiver from 4.6.1 to 4.6.3
    • Bump jsoup from 1.15.3 to 1.15.4
    • Bump asmVersion from 9.4 to 9.5
    • Bump assertj-core from 3.23.1 to 3.24.2

  • Changes of version 3.8.1:

  • Bugs fixed:

    • Javadoc reference containing a link label with spaces are not detected
    • JavadocLinkGenerator.createLink: Support nested binary class names
    • ERROR during build of m-plugin-report-p and m-plugin-p: Dependencies in wrong scope
    • "Executes as an aggregator plugin" documentation: s/plugin/goal/
    • Maven scope warning should be logged at WARN level
    • Fixed Temporary File Information Disclosure Vulnerability

  • New features:

    • Support mojos using the new maven v4 api

  • Improvements:

    • Plugin descriptor should contain the requiredJavaVersion/requiredMavenVersion
    • Execute annotation only supports standard lifecycle phases due to use of enum
    • Clarify deprecation of all extractors but the maven-plugin-tools-annotations

  • Dependency upgrade:

    • Update to Maven Parent POM 39
    • Bump junit-bom from 5.9.1 to 5.9.2
    • Bump plexus-archiver from 4.5.0 to 4.6.1

  • Changes of version 3.7.1:

  • Bugs fixed:

    • Maven scope warning should be logged at WARN level

  • Changes of version 3.7.0:

  • Bugs fixed:

    • The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets
    • Report-Mojo doesn't respect input encoding
    • Generating site reports for plugin results in NoSuchMethodError
    • JDK Requirements in plugin-info.html: Consider property "maven.compiler.release"
    • Parameters documentation inheriting @ since from Mojo can be confusing
    • Don't emit warning for missing javadoc URL of primitives
    • Don't emit warning for missing javadoc URI if no javadoc sources are configured
    • Parameter description should be taken from annotated item

  • New Features:

    • Added link to javadoc in configuration description page for user defined types of Mojos.
    • Allow only @ Deprecated annotation without @ deprecated javadoc tag
    • add system requirements history section
    • report: allow to generate usage section in plugin-info.html with true
    • Allow @ Parameter on setters methods
    • Extract plugin report into its own plugin
    • report: Expose generics information of Collection and Map types

  • Improvement:

    • plugin-info.html should contain a better Usage section
    • Do not overwrite generate files with no content change
    • Upgrade to JUnit 5 and @ Inject annotations
    • Support for java 20 - ASM 9.4
    • Don't print empty Memory, Disk Space in System Requirements
    • simplification in helpmojo build
    • Get rid of plexus-compiler-manager from tests
    • Use Maven core artifacts in provided scope
    • report and descriptor goal need to evaluate Javadoc comments differently
    • Allow to reference aggregator javadoc from plugin report

  • Task:

    • Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations
    • Update level to Java 8
    • Deprecate scripting support for mojos
    • Deprecate requirements parameter in report Mojo
    • Removed duplicate code from PluginReport
    • Prepare for Doxia (Sitetools) 2.0.0
    • Fixed documentation for maven-plugin-report-plugin
    • Removed deprecated items from new maven-plugin-report-plugin
    • Improve site build
    • Improve dependency management
    • Plugin generator generation fails when the parent class comes from a different project

  • Dependency upgrade:

    • Upgrade Maven Reporting API/Impl to 3.1.0
    • Upgrade Parent to 36
    • Upgrade project dependencies after JDK 1.8
    • Bump maven-parent from 36 to 37
    • Upgrade Maven Reporting API to 3.1.1/Maven Reporting Impl to 3.2.0
    • Upgrade plexus-utils to 3.5.0

  • Changes of version 3.6.4:

  • Restored compatibility with Maven 3 ecosystem

  • Upgraded dependencies

  • Changes of version 3.6.3:

  • Added prerequisites to plugin pom

  • Exclude dependency in provided scope from plugin descriptor
  • Get rid of String.format use
  • Fixed this logging as well
  • Simplify documentation

  • Exclude maven-archiver and maven-jxr from warning

  • Changes of version 3.6.2:

  • Deprecated unused requiresReports flag

  • Check that Maven dependencies are provided scope
  • Update ITs
  • Use shared gh action
  • Deprecate unsupported Mojo descriptor items
  • Weed out ITs
  • Upgrade to maven 3.x and avoid using deprecated API
  • Drop legacy dependencies
  • Use shared gh action - v1

  • Fixed wording in javadoc

  • Changes of version 3.6.1:

  • What's Changed:

  • Added missing @OverRide and make methods static
  • Upgraded to JUnit 4.12
  • Upgraded parent POM and other dependencies
  • Updated plugins
  • Upgraded Doxia Sitetools to 1.9.2 to remove dependency on Struts
  • removed Maven 2 info
  • Removed unneeded dependency
  • Tighten the dependency tree
  • Ignore .checkstyle
  • Strict dependencies for maven-plugin-tools-annotations
  • Improved @execute(goal...) docs
  • Improve @execute(lifecycle...) docs

plexus-compiler was updated from version 2.11.1 to 2.14.2:

  • Changes of 2.14.2:

  • Removed:

    • Drop J2ObjC compiler

  • New features and improvements:

    • Update AspectJ Compiler to 1.9.21 to support Java 21
    • Require JDK 17 for build
    • Improve locking on JavacCompiler
    • Include 'parameter' and 'preview' describe log
    • Switch to SISU annotations and plugin, fixes #217
    • Support jdk 21
    • Require Maven 3.5.4+
    • Require Java 11 for plexus-compiler-eclipse an javac-errorprone and aspectj compilers
    • Added support to run its with Java 20

  • Bugs fixed:

    • Fixed javac memory leak
    • Validate zip file names before extracting (Zip Slip)
    • Restore AbstractCompiler#getLogger() method
    • Return empty list for not existing source root location
    • Improve javac error output parsing

  • Changes of 2.13.0:

  • New features and improvements:

    • Fully ignore any possible jdk bug
    • MCOMPILER-402: Added implicitOption to CompilerConfiguration
    • Added a custom compile argument replaceProcessorPathWithProcessorModulePath to force the plugin replace processorPath with processormodulepath
    • describe compiler configuration on run
    • simplify "Compiling" info message: display relative path

  • Bugs fixed:

    • Respect CompilerConfiguration.sourceFiles in EclipseJavaCompiler
    • Avoid NPE in AspectJCompilerTest on AspectJ 1.9.8+

  • Dependency updates:

    • Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6
    • Bump error_prone_core from 2.11.0 to 2.13.1
    • Bump github/codeql-action from 1 to 2
    • Bump ecj from 3.28.0 to 3.29.0
    • Bump release-drafter/release-drafter from 5.18.1 to 5.19.0
    • Bump ecj from 3.29.0 to 3.30.0
    • Bump maven-invoker-plugin from 3.2.2 to 3.3.0
    • Bump maven-enforcer-plugin from 3.0.0 to 3.1.0
    • Bump error_prone_core from 2.13.1 to 2.14.0
    • Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7
    • Bump ecj from 3.31.0 to 3.32.0
    • Bump junit-bom from 5.9.0 to 5.9.1
    • Bump ecj from 3.30.0 to 3.31.0
    • Bump groovy from 3.0.12 to 3.0.13
    • Bump groovy-json from 3.0.12 to 3.0.13
    • Bump groovy-xml from 3.0.12 to 3.0.13
    • Bump animal-sniffer-maven-plugin from 1.21 to 1.22
    • Bump error_prone_core from 2.14.0 to 2.15.0
    • Bump junit-bom from 5.8.2 to 5.9.0
    • Bump groovy-xml from 3.0.11 to 3.0.12
    • Bump groovy-json from 3.0.11 to 3.0.12
    • Bump groovy from 3.0.11 to 3.0.12

  • Maintenance:

    • Require Maven 3.2.5

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-560=1
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-560=1
  • SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
    zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-560=1
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-560=1
  • SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-560=1
  • SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
    zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-560=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-560=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-560=1
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-560=1
  • SUSE Manager Proxy 4.3
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-560=1
  • SUSE Manager Retail Branch Server 4.3
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-560=1
  • SUSE Manager Server 4.3
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-560=1
  • SUSE Enterprise Storage 7.1
    zypper in -t patch SUSE-Storage-7.1-2024-560=1
  • openSUSE Leap 15.5
    zypper in -t patch openSUSE-SLE-15.5-2024-560=1
  • Basesystem Module 15-SP5
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-560=1
  • Development Tools Module 15-SP5
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-560=1
  • SUSE Manager Server 4.3 Module 4.3
    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2024-560=1
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-560=1
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
    zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-560=1

Package List:

  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Manager Proxy 4.3 (noarch)
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Manager Retail Branch Server 4.3 (noarch)
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Manager Server 4.3 (noarch)
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Enterprise Storage 7.1 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • openSUSE Leap 15.5 (noarch)
    • maven-enforcer-plugin-3.4.1-150200.3.7.2
    • maven-plugin-tools-beanshell-3.9.0-150200.3.7.3
    • maven-assembly-plugin-3.6.0-150200.3.7.2
    • maven-dependency-analyzer-1.13.2-150200.3.7.2
    • maven-enforcer-rules-3.4.1-150200.3.7.2
    • maven-plugin-plugin-bootstrap-3.9.0-150200.3.7.1
    • maven-compiler-plugin-javadoc-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-dependency-plugin-3.6.0-150200.3.7.2
    • maven-plugin-tools-javadoc-3.9.0-150200.3.7.3
    • maven-compiler-plugin-bootstrap-3.11.0-150200.3.7.1
    • maven-plugin-tools-api-3.9.0-150200.3.7.3
    • maven-dependency-analyzer-javadoc-1.13.2-150200.3.7.2
    • maven-dependency-tree-javadoc-3.2.1-150200.3.7.2
    • maven-plugin-tools-annotations-3.9.0-150200.3.7.3
    • maven-plugin-tools-generators-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
    • maven-dependency-tree-3.2.1-150200.3.7.2
    • maven-enforcer-3.4.1-150200.3.7.2
    • maven-script-ant-3.9.0-150200.3.7.3
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • plexus-compiler-extras-2.14.2-150200.3.9.2
    • maven-enforcer-api-3.4.1-150200.3.7.2
    • maven-plugin-tools-ant-3.9.0-150200.3.7.3
    • maven-dependency-plugin-javadoc-3.6.0-150200.3.7.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • plexus-compiler-javadoc-2.14.2-150200.3.9.2
    • maven-archiver-javadoc-3.6.1-150200.3.7.3
    • maven-plugin-plugin-3.9.0-150200.3.7.5
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-script-beanshell-3.9.0-150200.3.7.3
    • maven-assembly-plugin-javadoc-3.6.0-150200.3.7.2
    • objectweb-asm-javadoc-9.6-150200.3.11.3
    • maven-common-artifact-filters-javadoc-3.3.2-150200.3.7.3
    • plexus-archiver-javadoc-4.8.0-150200.3.7.2
    • maven-enforcer-javadoc-3.4.1-150200.3.7.2
    • maven-plugin-plugin-javadoc-3.9.0-150200.3.7.5
    • maven-plugin-tools-model-3.9.0-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • maven-plugin-tools-java-3.9.0-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
  • Basesystem Module 15-SP5 (noarch)
    • objectweb-asm-9.6-150200.3.11.3
  • Development Tools Module 15-SP5 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
  • SUSE Manager Server 4.3 Module 4.3 (noarch)
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2
    • maven-plugin-annotations-3.9.0-150200.3.7.3
    • objectweb-asm-9.6-150200.3.11.3
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
    • plexus-archiver-4.8.0-150200.3.7.2
    • maven-compiler-plugin-3.11.0-150200.3.7.1
    • maven-common-artifact-filters-3.3.2-150200.3.7.3
    • maven-archiver-3.6.1-150200.3.7.3
    • plexus-compiler-2.14.2-150200.3.9.2