These are all security issues fixed in the xalan-j2-2.7.3-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "xalan-j2-manual": "2.7.3-1.1", "xalan-j2-xsltc": "2.7.3-1.1", "xalan-j2": "2.7.3-1.1", "xalan-j2-demo": "2.7.3-1.1" } ] }