jackrabbit (2.20.11-1) unstable; urgency=medium * Team upload. * New upstream version 2.20.11. - Fix CVE-2023-37895: RCE over RMI. Debian is not affected because the standalone and webapp modules are currently not enabled. * Declare compliance with Debian Policy 4.6.2. -- Markus Koschany Sat, 29 Jul 2023 15:08:48 +0200 jackrabbit (2.20.3-1) unstable; urgency=medium * Team upload. * New upstream version 2.20.3. - Drop libcommons-httpclient-java. No longer needed. (Closes: #800993) * Drop servlet-api.patch. * Declare compliance with Debian Policy 4.6.0. * Build-depend on libservlet-api-java. * Use canonical VCS URI. * Switch to debhelper-compat = 13. -- Markus Koschany Fri, 24 Sep 2021 23:35:55 +0200 jackrabbit (2.18.0+r2.14.6-1) unstable; urgency=medium * Team upload. * Revert to version 2.14.6 to work around a davmail FTBFS. See also #917174. * Declare compliance with Debian Policy 4.3.0. -- Markus Koschany Tue, 08 Jan 2019 14:24:15 +0100 jackrabbit (2.18.0-1) unstable; urgency=medium * Team upload. * New upstream version 2.18.0. * Drop libcommons-httpclient-java. No longer needed. (Closes: #800993) * Rebase servlet-api.patch. -- Markus Koschany Sat, 22 Dec 2018 22:51:06 +0100 jackrabbit (2.14.6-1) unstable; urgency=medium * Team upload. * New upstream version 2.14.6. * Switch to compat level 11. * Declare compliance with Debian Policy 4.2.1. -- Markus Koschany Sun, 14 Oct 2018 13:08:53 +0200 jackrabbit (2.14.4-1) unstable; urgency=medium * Team upload. * New upstream version 2.14.4. * Declare compliance with Debian Policy 4.1.1. * Use https for Format field. * Remove --no-parent and --has-package-version flag. * Ignore jackrabbit-vfs-ext module. * Ignore jacoco-maven-plugin. * Refresh servlet-api.patch. -- Markus Koschany Sun, 05 Nov 2017 14:52:27 +0100 jackrabbit (2.12.6-1) unstable; urgency=medium * Team upload. * New upstream version 2.12.6. * Add org.codehaus.mojo:animal-sniffer-maven-plugin to maven.ignoreRules. * Refresh servlet-api.patch. -- Markus Koschany Thu, 15 Dec 2016 18:40:11 +0100 jackrabbit (2.12.4-1) unstable; urgency=medium * Team upload. * New upstream version 2.12.4. - Fixes CVE-2016-6801. (Closes: #838204) * Use compat level 10. * Rebase patches to servlet-api.patch. * d/rules: Remove obsolete export for ANT_ARGS. -- Markus Koschany Sun, 18 Sep 2016 00:14:03 +0200 jackrabbit (2.12.2-1) unstable; urgency=medium * Team upload. * Imported Upstream version 2.12.2. * Declare compliance with Debian Policy 3.9.8. * debian/watch: Use version=4. * Add a maven rule for the servlet API. * Add servlet-API-3.1.patch and implement missing methods. (Closes:#828203) Thanks to Daniel Schepler for the report. -- Markus Koschany Fri, 15 Jul 2016 08:18:14 +0200 jackrabbit (2.12.1-1) unstable; urgency=medium * Team upload. * Imported Upstream version 2.12.1. * d/rules: really export servlet-api-3.1.jar. * Declare compliance with Debian Policy 3.9.7. * Vcs-Git: Use https. -- Markus Koschany Fri, 01 Apr 2016 04:49:51 +0200 jackrabbit (2.10.1-2) unstable; urgency=medium * Team upload. * Switch to libservlet3.1-java. (Closes: #801023) * maven.rules: Do not depend on a specific version of maven-bundle-plugin anymore. * Vcs-Browser: Use https. -- Markus Koschany Thu, 19 Nov 2015 17:49:29 +0100 jackrabbit (2.10.1-1) unstable; urgency=high * Team upload. * Imported Upstream version 2.10.1. - Fix CVE-2015-1833 (Closes: #787316) When processing a WebDAV request body containing XML, the XML parser can be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this can not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others. * Update watch file and track upstream's stable releases. * Update get-orig-source-target. Download the current version. * Drop orig-tar.sh script. We use upstream's tarballs now. * Repack the orig tarball. Change compression from zip to tar.xz. * Remove maven.publishedRules. It is not needed. * Use compat level 9 and require debhelper >= 9. * Declare compliance with Debian Policy 3.9.6. * Use canonical Vcs fields. * wrap-and-sort -sa. * Drop modules.diff because we disable all modules except webdav in libjackrabbit.poms already. * Fix Format field. Add myself to debian/ copyright holders. * Use Files-Excluded mechanism to remove binary files. * Fix lintian warnings dep5-copyright-license-name-not-unique and comma-separated-files-in-dep5-copyright. * Drop build-classpath and fix Lintian warning about missing classpath for dependencies. * Use maven-debian-helper and Maven as build system. Drop all ant build-dependencies. * Add libmaven-bundle-plugin-java to Build-Depends. * Add maven.properties file and drop build.properties. * Drop maven.cleanIgnoreRules. It is unused. -- Markus Koschany Sun, 21 Jun 2015 18:35:47 +0200 jackrabbit (2.3.6-1) unstable; urgency=low * Initial release (Closes: #589450). -- Damien Raude-Morvan Sat, 21 Jan 2012 23:20:41 +0100