This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues:
Changes in ongres-scram:
- Version 3.2
* Fix Timing Attack Vulnerability in SCRAM Authentication
(bsc#1250399, CVE-2025-59432)
* Updated dependencies and maven plugins
* Use central-publishing-maven-plugin to deploy to Maven Central.
- Do not create multirelease jar if the only Java 9+ class file is
module-info.class
Changes in ongres-stringprep:
- Do not create multirelease jar if the only Java 9+ class file is
module-info.class
Changes in plexus-testing:
- The build without tests does not need the full junit5; the
junit5-minimal (built with ant) is enough
Changes in maven:
- Upgrade to upstream version 3.9.14
* Bug Fixes
+ plexus-testing dependencies should be used in test scope
- Upgrade to upstream version 3.9.13
* Bug Fixes
+ Bug: SecDispatcher is managed by legacy Plexus DI
+ [3.9.x]...
Read the Full Advisory- openSUSE Leap 16.0:
maven-3.9.14-160000.1.1
maven-doxia-core-2.1.0-160000.1.1
maven-doxia-javadoc-2.1.0-160000.1.1
maven-doxia-module-apt-2.1.0-160000.1.1
maven-doxia-module-fml-2.1.0-160000.1.1
maven-doxia-module-xdoc-2.1.0-160000.1.1
maven-doxia-module-xhtml5-2.1.0-160000.1.1
maven-doxia-sink-api-2.1.0-160000.1.1
maven-doxia-test-docs-2.1.0-160000.1.1
maven-javadoc-3.9.14-160000.1.1
maven-lib-3.9.14-160000.1.1
mojo-parent-82-160000.3.1
ongres-scram-3.2-160000.4.1
ongres-scram-client-3.2-160000.4.1
ongres-scram-javadoc-3.2-160000.4.1
ongres-stringprep-2.2-160000.3.1
ongres-stringprep-javadoc-2.2-160000.3.1
plexus-testing-2.1.0-160000.2.1
plexus-testing-javadoc-2.1.0-160000.2.1
sisu-inject-1.0.0-160000.2.1
sisu-inject-extender-1.0.0-160000.2.1
sisu-javadoc-1.0.0-160000.2.1
sisu-mojos-1.0.0-160000.2.1
sisu-mojos-javadoc-1.0.0-160000.2.1
sisu-plexus-1.0.0-160000.2.1
sisu-plexus-extender-1.0.0-160000.2.1
xmvn-4.3.0-160000.3.3
xmvn-api-4.3.0-160000.3.1
xmvn-connector-4.3.0-160000.3.1
xmvn-connector-javadoc-4.3.0-1600...
Read the Full Advisory* bsc#1250399
References:
* https://www.suse.com/security/cve/CVE-2025-59432.html
Get the latest Linux and open source security news straight to your inbox.