File: changelog

package info (click to toggle)
apache-jena 4.9.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 157,688 kB
  • sloc: java: 628,913; xml: 20,913; sh: 7,877; javascript: 1,753; ruby: 1,097; perl: 863; python: 24; makefile: 4
file content (60 lines) | stat: -rw-r--r-- 2,379 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
apache-jena (4.9.0-1) unstable; urgency=medium

  * New upstream version 4.9.0.
    - Fix CVE-2023-22665: (Closes: #1041108)
      There is insufficient checking of user queries in Apache Jena versions
      4.7.0 and earlier, when invoking custom scripts. It allows a remote user
      to execute arbitrary javascript via a SPARQL query.
    - Fix CVE-2023-32200: (Closes: #1035952)
      There is insufficient restrictions of called script functions in Apache
      Jena versions 4.8.0 and earlier. It allows a remote user to execute
      javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
      through 4.8.0.
  * B-D on libcaffeine-java and libcommons-collections4-java.
  * Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
  * Rebase and update the patches for the new release.

 -- Markus Koschany <apo@debian.org>  Thu, 14 Sep 2023 19:21:03 +0200

apache-jena (4.5.0-2) unstable; urgency=medium

  * Add RDFReader.patch for backwards compatibility to fix a FTBFS in
    librdfa-java.
  * Declare compliance with Debian Policy 4.6.2.

 -- Markus Koschany <apo@debian.org>  Mon, 09 Jan 2023 23:32:16 +0100

apache-jena (4.5.0-1) unstable; urgency=high

  * New upstream version 4.5.0.
    - Fix CVE-2021-33192, CVE-2021-39239 and CVE-2022-28890. Thanks to Moritz
      Mühlenhoff for the report. (Closes: #1014982)
  * Refresh the patches.
  * Add libprotobuf-java, libtitanium-json-ld-java and libjsonp2-java to
    Build-Depends.
  * Tighten dependency on libthrift-java.
  * Declare compliance with Debian Policy 4.6.1.

 -- Markus Koschany <apo@debian.org>  Sat, 24 Sep 2022 13:59:54 +0200

apache-jena (3.17.0-3) unstable; urgency=medium

  * Remove B-D on libapache-jena-java
  * Fix debian poms file and add missing sub modules of jena-db.

 -- Markus Koschany <apo@debian.org>  Sun, 13 Feb 2022 13:31:52 +0100

apache-jena (3.17.0-2) unstable; urgency=medium

  * Remove workaround for jena-tdb2 and B-D on libapache-jena-java.
  * Add jena-tdb2-javadoc.patch.
  * Update debian/copyright and document that DAWG and DAWG-Final directories
    are also licensed under the W3C Software license.

 -- Markus Koschany <apo@debian.org>  Mon, 07 Feb 2022 22:44:42 +0100

apache-jena (3.17.0-1) unstable; urgency=medium

  * Initial release. (Closes: #986605)

 -- Markus Koschany <apo@debian.org>  Fri, 09 Apr 2021 19:35:26 +0200