{"id":"SUSE-RU-2025:1150-1","summary":"Recommended update for apache-commons-io","details":"This update for apache-commons-io fixes the following issues:\n\napache-commons-io was updated from version 2.15.1 to 2.18.0:\n    \n- Key changes across versions:\n  * Cleaner code and updated dependencies\n  * Improved security when handling serialized data with the new safe deserialization feature\n  * New features for advanced file and stream operations\n  * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors\n  * For the full list of changes please consult the packaged RELEASE-NOTES.txt\n    \n- Already fixed in previous version:\n  * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298)\n","modified":"2026-03-11T05:57:42.442045Z","published":"2025-04-07T07:47:08Z","related":["CVE-2024-47554"],"upstream":["CVE-2024-47554"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/-2025-1150/suse-ru-20251150-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1231298"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-47554"}],"affected":[{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP6","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Manager Proxy 4.3","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Manager Server 4.3","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"SUSE:Enterprise Storage 7.1","purl":"pkg:rpm/suse/apache-commons-io&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}},{"package":{"name":"apache-commons-io","ecosystem":"openSUSE:Leap 15.6","purl":"pkg:rpm/opensuse/apache-commons-io&distro=openSUSE%20Leap%2015.6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.18.0-150200.3.15.1"}]}],"ecosystem_specific":{"binaries":[{"apache-commons-io":"2.18.0-150200.3.15.1","apache-commons-io-javadoc":"2.18.0-150200.3.15.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-RU-2025:1150-1.json"}}],"schema_version":"1.7.5"}