Recommended update for apache-commons-logging

Announcement ID: SUSE-RU-2025:0848-1
Release Date: 2025-03-12T13:23:22Z
Rating: moderate
References:
Affected Products:
  • Basesystem Module 15-SP6
  • openSUSE Leap 15.6
  • SUSE Linux Enterprise Desktop 15 SP6
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that can now be installed.

Description:

This update for apache-commons-logging fixes the following issues:

  • Upgrade to 1.3.4
  • Bug fix:
    • Fix factory loading from context class loader
  • Upgrade to 1.3.3
  • Bug Fixes:
    • Update Log4j 2 OSGi imports
    • Fix PMD UnnecessaryFullyQualifiedName in SimpleLog.
    • Fix NullPointerException in SimpleLog#write(Object) on null input.
    • Fix NullPointerException in SimpleLog#write(StringBuffer) on null input.
  • Includes changes from 1.3.2
  • Fixed Bugs:
    • Add OSGi metadata to enable Service Loader Mediator
    • Apache commons logging shows 1.4 as latest release instead of 1.3.1.
    • Deprecate org.apache.commons.logging.LogSource.jdk14IsAvailable.
  • Includes changes from 1.3.1
  • New features:
    • Add Maven property project.build.outputTimestamp for build reproducibility.
  • Fixed Bugs:
    • Remove references to very old JDK and Commons Logging versions
    • Update from Logj 1 to the Log4j 2 API compatibility layer
    • Allow Servlet 4 in OSGi environment
    • Fix generics warnings
    • Fix Import-Package entry for org.slf4j
  • Includes changes from 1.3.0
  • New Features:
    • Add support for Log4j API and SLF4J
    • Deprecate org.apache.commons.logging.impl.WeakHashtable without replacement.
    • Deprecate and disable Jdk13LumberjackLogger and Log4JLogger
    • Deprecate and disable AvalonLogger and LogKitLogger
    • Add Automatic-Module-Name Manifest Header for Java 9 compatibility
  • Fixed Bugs:
    • BufferedReader is not closed properly
    • Remove redundant initializer
    • Use a weak reference for the cached class loader
    • Add more entries to .gitignore file
    • Minor Improvements
    • [StepSecurity] ci: Harden GitHub Actions
    • Replace custom code with ServiceLoader call
    • Fix possible NPEs in LogFactoryImpl
    • Fix failing tests
    • Deprecate LogConfigurationException.cause in favor of getCause()
    • Fix SpotBugs [ERROR] High: Found reliance on default encoding in org.apache.commons.logging.LogFactory.initDiagnostics(): new java.io.PrintStream(OutputStream) [org.apache.commons.logging.LogFactory] At LogFactory.java:[line 1205] DM_DEFAULT_ENCODING.
    • Fix SpotBugs [ERROR] Medium: Class org.apache.commons.logging.impl.WeakHashtable defines non-transient non-serializable instance field queue [org.apache.commons.logging.impl.WeakHashtable] In WeakHashtable.java SE_BAD_FIELD.
    • Set java.logging as optional module
    • Fix SpotBugs [ERROR] Medium: Switch statement found in org.apache.commons.logging.impl.SimpleLog.log(int, Object, Throwable) where default case is missing [org.apache.commons.logging.impl.SimpleLog] At SimpleLog.java:[lines 505-522] SF_SWITCH_NO_DEFAULT.
    • Deprecate org.apache.commons.logging.impl.Jdk13LumberjackLogger.dummyLevel without replacement.
  • Reinstate ant build (removed upstream)
  • add build.xml
  • add build.properties
  • Add upstream dev's public key to apache-commons-logging.keyring
  • Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.6
    zypper in -t patch openSUSE-SLE-15.6-2025-848=1
  • Basesystem Module 15-SP6
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-848=1

Package List:

  • openSUSE Leap 15.6 (noarch)
    • apache-commons-logging-1.3.4-150200.11.9.1
  • Basesystem Module 15-SP6 (noarch)
    • apache-commons-logging-1.3.4-150200.11.9.1