These are all security issues fixed in the apache-commons-vfs2-2.10.0-1.1 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "apache-commons-vfs2": "2.10.0-1.1", "apache-commons-vfs2-ant": "2.10.0-1.1", "apache-commons-vfs2-examples": "2.10.0-1.1", "apache-commons-vfs2-javadoc": "2.10.0-1.1" } ] }