1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
jackrabbit (2.20.11-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix CVE-2025-53689 via upstream patch. (Closes: #1109335)
-- Bastian Germann <bage@debian.org> Wed, 23 Jul 2025 10:05:30 +0200
jackrabbit (2.20.11-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.20.11.
- Fix CVE-2023-37895:
RCE over RMI. Debian is not affected because the standalone and webapp
modules are currently not enabled.
* Declare compliance with Debian Policy 4.6.2.
-- Markus Koschany <apo@debian.org> Sat, 29 Jul 2023 15:08:48 +0200
jackrabbit (2.20.3-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.20.3.
- Drop libcommons-httpclient-java. No longer needed. (Closes: #800993)
* Drop servlet-api.patch.
* Declare compliance with Debian Policy 4.6.0.
* Build-depend on libservlet-api-java.
* Use canonical VCS URI.
* Switch to debhelper-compat = 13.
-- Markus Koschany <apo@debian.org> Fri, 24 Sep 2021 23:35:55 +0200
jackrabbit (2.18.0+r2.14.6-1) unstable; urgency=medium
* Team upload.
* Revert to version 2.14.6 to work around a davmail FTBFS. See also #917174.
* Declare compliance with Debian Policy 4.3.0.
-- Markus Koschany <apo@debian.org> Tue, 08 Jan 2019 14:24:15 +0100
jackrabbit (2.18.0-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.18.0.
* Drop libcommons-httpclient-java. No longer needed. (Closes: #800993)
* Rebase servlet-api.patch.
-- Markus Koschany <apo@debian.org> Sat, 22 Dec 2018 22:51:06 +0100
jackrabbit (2.14.6-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.14.6.
* Switch to compat level 11.
* Declare compliance with Debian Policy 4.2.1.
-- Markus Koschany <apo@debian.org> Sun, 14 Oct 2018 13:08:53 +0200
jackrabbit (2.14.4-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.14.4.
* Declare compliance with Debian Policy 4.1.1.
* Use https for Format field.
* Remove --no-parent and --has-package-version flag.
* Ignore jackrabbit-vfs-ext module.
* Ignore jacoco-maven-plugin.
* Refresh servlet-api.patch.
-- Markus Koschany <apo@debian.org> Sun, 05 Nov 2017 14:52:27 +0100
jackrabbit (2.12.6-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.12.6.
* Add org.codehaus.mojo:animal-sniffer-maven-plugin to maven.ignoreRules.
* Refresh servlet-api.patch.
-- Markus Koschany <apo@debian.org> Thu, 15 Dec 2016 18:40:11 +0100
jackrabbit (2.12.4-1) unstable; urgency=medium
* Team upload.
* New upstream version 2.12.4.
- Fixes CVE-2016-6801. (Closes: #838204)
* Use compat level 10.
* Rebase patches to servlet-api.patch.
* d/rules: Remove obsolete export for ANT_ARGS.
-- Markus Koschany <apo@debian.org> Sun, 18 Sep 2016 00:14:03 +0200
jackrabbit (2.12.2-1) unstable; urgency=medium
* Team upload.
* Imported Upstream version 2.12.2.
* Declare compliance with Debian Policy 3.9.8.
* debian/watch: Use version=4.
* Add a maven rule for the servlet API.
* Add servlet-API-3.1.patch and implement missing methods. (Closes:#828203)
Thanks to Daniel Schepler for the report.
-- Markus Koschany <apo@debian.org> Fri, 15 Jul 2016 08:18:14 +0200
jackrabbit (2.12.1-1) unstable; urgency=medium
* Team upload.
* Imported Upstream version 2.12.1.
* d/rules: really export servlet-api-3.1.jar.
* Declare compliance with Debian Policy 3.9.7.
* Vcs-Git: Use https.
-- Markus Koschany <apo@debian.org> Fri, 01 Apr 2016 04:49:51 +0200
jackrabbit (2.10.1-2) unstable; urgency=medium
* Team upload.
* Switch to libservlet3.1-java. (Closes: #801023)
* maven.rules: Do not depend on a specific version of maven-bundle-plugin
anymore.
* Vcs-Browser: Use https.
-- Markus Koschany <apo@debian.org> Thu, 19 Nov 2015 17:49:29 +0100
jackrabbit (2.10.1-1) unstable; urgency=high
* Team upload.
* Imported Upstream version 2.10.1.
- Fix CVE-2015-1833 (Closes: #787316)
When processing a WebDAV request body containing XML, the XML parser can
be instructed to read content from network resources accessible to the
host, identified by URI schemes such as "http(s)" or "file". Depending on
the WebDAV request, this can not only be used to trigger internal network
requests, but might also be used to insert said content into the request,
potentially exposing it to the attacker and others.
* Update watch file and track upstream's stable releases.
* Update get-orig-source-target. Download the current version.
* Drop orig-tar.sh script. We use upstream's tarballs now.
* Repack the orig tarball. Change compression from zip to tar.xz.
* Remove maven.publishedRules. It is not needed.
* Use compat level 9 and require debhelper >= 9.
* Declare compliance with Debian Policy 3.9.6.
* Use canonical Vcs fields.
* wrap-and-sort -sa.
* Drop modules.diff because we disable all modules except webdav in
libjackrabbit.poms already.
* Fix Format field. Add myself to debian/ copyright holders.
* Use Files-Excluded mechanism to remove binary files.
* Fix lintian warnings dep5-copyright-license-name-not-unique
and comma-separated-files-in-dep5-copyright.
* Drop build-classpath and fix Lintian warning about missing classpath for
dependencies.
* Use maven-debian-helper and Maven as build system. Drop all ant
build-dependencies.
* Add libmaven-bundle-plugin-java to Build-Depends.
* Add maven.properties file and drop build.properties.
* Drop maven.cleanIgnoreRules. It is unused.
-- Markus Koschany <apo@gambaru.de> Sun, 21 Jun 2015 18:35:47 +0200
jackrabbit (2.3.6-1) unstable; urgency=low
* Initial release (Closes: #589450).
-- Damien Raude-Morvan <drazzib@debian.org> Sat, 21 Jan 2012 23:20:41 +0100
|
