1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
|
undertow (2.3.18-2) unstable; urgency=medium
* Team upload.
* Depend on libtomcat11-java instead of libtomcat10-java
* Standards-Version updated to 4.7.2
-- Emmanuel Bourg <ebourg@apache.org> Mon, 17 Mar 2025 00:21:25 +0100
undertow (2.3.18-1) unstable; urgency=medium
* New upstream version 2.3.18
- Fix CVE-2023-3223: (Closes: #1054893)
- Fix CVE-2023-1973: (Closes: #1068815)
- Fix CVE-2023-4639: (Closes: #1063539)
- Fix CVE-2024-1459: (Closes: #1068816)
- Fix CVE-2024-1635: (Closes: #1068817)
- Fix CVE-2024-3653: (Closes: #1077547)
- Fix CVE-2024-5971: (Closes: #1077545)
Fix CVE-2024-7885: (Closes: #1082854)
* Declare compliance with Debian Policy 4.7.0.
-- Markus Koschany <apo@debian.org> Fri, 03 Jan 2025 16:21:53 +0100
undertow (2.3.8-2) unstable; urgency=medium
* Upload to unstable.
-- Markus Koschany <apo@debian.org> Mon, 21 Aug 2023 23:45:46 +0200
undertow (2.3.8-1) experimental; urgency=medium
* New upstream version 2.3.8.
- Fix CVE-2022-4492: (Closes: #1032087)
- Fix CVE-2023-1108: (Closes: #1033253)
- Builds from source again. (Closes: #1026695)
* Declare compliance with Debian Policy 4.6.2.
* Switch to Jakarta API.
* Drop libundertow-java-doc package.
-- Markus Koschany <apo@debian.org> Sun, 20 Aug 2023 20:07:02 +0200
undertow (2.2.21-1) unstable; urgency=medium
* New upstream version 2.2.21.
-- Markus Koschany <apo@debian.org> Sat, 12 Nov 2022 14:50:22 +0100
undertow (2.2.20-1) unstable; urgency=medium
* New upstream version 2.2.20.
-- Markus Koschany <apo@debian.org> Thu, 13 Oct 2022 23:44:06 +0200
undertow (2.2.19-1) unstable; urgency=medium
* New upstream version 2.2.19.
* Drop CVE-2022-2053.patch. Fixed upstream.
-- Markus Koschany <apo@debian.org> Thu, 18 Aug 2022 13:12:08 +0200
undertow (2.2.18-1) unstable; urgency=medium
* Track only 2.2.x versions in debian/watch.
* New upstream version 2.2.18.
* Declare compliance with Debian Policy 4.6.1.
* Fix CVE-2022-2053.
-- Markus Koschany <apo@debian.org> Tue, 02 Aug 2022 22:22:19 +0200
undertow (2.2.17-1) unstable; urgency=medium
* New upstream version 2.2.17.
-- Markus Koschany <apo@debian.org> Sat, 30 Apr 2022 23:40:58 +0200
undertow (2.2.16-1) unstable; urgency=medium
* New upstream version 2.2.16.
-- Markus Koschany <apo@debian.org> Fri, 11 Feb 2022 19:13:05 +0100
undertow (2.2.14-1) unstable; urgency=medium
* New upstream version 2.2.14.
-- Markus Koschany <apo@debian.org> Sun, 19 Dec 2021 00:28:22 +0100
undertow (2.2.13-1) unstable; urgency=medium
* New upstream version 2.2.13.
-- Markus Koschany <apo@debian.org> Thu, 25 Nov 2021 00:43:07 +0100
undertow (2.2.12-1) unstable; urgency=medium
* New upstream version 2.2.12.
-- Markus Koschany <apo@debian.org> Sat, 02 Oct 2021 00:18:14 +0200
undertow (2.2.10-1) unstable; urgency=medium
* New upstream version 2.2.10.
* Declare compliance with Debian Policy 4.6.0.
-- Markus Koschany <apo@debian.org> Wed, 18 Aug 2021 23:50:37 +0200
undertow (2.2.8-1) unstable; urgency=medium
* New upstream version 2.2.8.
-- Markus Koschany <apo@debian.org> Sun, 11 Jul 2021 23:10:25 +0200
undertow (2.2.5-1) unstable; urgency=medium
* New upstream version 2.2.5.
-- Markus Koschany <apo@debian.org> Sat, 13 Mar 2021 22:38:51 +0100
undertow (2.2.4-1) unstable; urgency=medium
* New upstream version 2.2.4.
* Ignore org.codehaus.mojo:exec-maven-plugin.
* Ignore jakartaee9 module for now.
-- Markus Koschany <apo@debian.org> Fri, 12 Feb 2021 01:33:30 +0100
undertow (2.2.3-1) unstable; urgency=medium
* New upstream version 2.2.3.
* Declare compliance with Debian Policy 4.5.1.
-- Markus Koschany <apo@debian.org> Sat, 12 Dec 2020 21:34:54 +0100
undertow (2.2.2-1) unstable; urgency=medium
* New upstream version 2.2.2.
-- Markus Koschany <apo@debian.org> Sun, 11 Oct 2020 14:38:18 +0200
undertow (2.2.0-1) unstable; urgency=medium
* New upstream version 2.2.0.
-- Markus Koschany <apo@debian.org> Mon, 14 Sep 2020 23:36:07 +0200
undertow (2.1.3-1) unstable; urgency=medium
* New upstream version 2.1.3.
-- Markus Koschany <apo@debian.org> Thu, 04 Jun 2020 22:48:58 +0200
undertow (2.1.1-1) unstable; urgency=medium
* New upstream version 2.1.1.
* Switch to debhelper-compat = 13.
-- Markus Koschany <apo@debian.org> Sun, 17 May 2020 22:00:50 +0200
undertow (2.1.0-1) unstable; urgency=medium
* New upstream version 2.1.0.
-- Markus Koschany <apo@debian.org> Sun, 03 May 2020 00:56:55 +0200
undertow (2.0.30-1) unstable; urgency=medium
* New upstream version 2.0.30.
* Declare compliance with Debian Policy 4.5.0.
-- Markus Koschany <apo@debian.org> Sat, 21 Mar 2020 01:08:19 +0100
undertow (2.0.29-1) unstable; urgency=medium
* New upstream version 2.0.29.
-- Markus Koschany <apo@debian.org> Wed, 08 Jan 2020 22:54:07 +0100
undertow (2.0.28-1) unstable; urgency=medium
* New upstream version 2.0.28.
-- Markus Koschany <apo@debian.org> Sun, 17 Nov 2019 14:41:48 +0100
undertow (2.0.27-1) unstable; urgency=medium
* New upstream version 2.0.27.
* Declare compliance with Debian Policy 4.4.1.
-- Markus Koschany <apo@debian.org> Sun, 20 Oct 2019 17:16:51 +0200
undertow (2.0.26-1) unstable; urgency=medium
* New upstream version 2.0.26.
-- Markus Koschany <apo@debian.org> Wed, 11 Sep 2019 17:29:42 +0200
undertow (2.0.25-1) unstable; urgency=medium
* New upstream version 2.0.25.
-- Markus Koschany <apo@debian.org> Mon, 26 Aug 2019 21:15:06 +0200
undertow (2.0.23-1) unstable; urgency=medium
* New upstream version 2.0.23.
Fixes CVE-2017-12165, CVE-2019-3888, CVE-2019-10184 and CVE-2018-14642.
(Closes: #885338, #930349, #911796 )
* Switch to debhelper-compat = 12.
* Declare compliance with Debian Policy 4.4.0.
-- Markus Koschany <apo@debian.org> Fri, 02 Aug 2019 12:11:14 +0200
undertow (1.4.25-2) unstable; urgency=medium
* Team upload.
* Depend on libgeronimo-annotation-1.3-spec-java and libservlet3.1-java
instead of libtomcat8-java
* Standards-Version updated to 4.2.1
* Use salsa.debian.org Vcs-* URLs
-- Emmanuel Bourg <ebourg@apache.org> Mon, 03 Dec 2018 22:37:39 +0100
undertow (1.4.25-1) unstable; urgency=medium
* New upstream version 1.4.25
- Fix CVE-2018-1114: File descriptor leak caused by
JarURLConnection.getLastModified() allows attacker to cause a denial of
service. (Closes: #897247)
- Fix CVE-2017-12196: When using Digest authentication the server does not
ensure that the value of URI in the Authorization header matches the URI
in HTTP request line. This allows the attacker to cause a MITM attack and
access the desired content on the server.
* Declare compliance with Debian Policy 4.1.4.
-- Markus Koschany <apo@debian.org> Sun, 06 May 2018 21:29:28 +0200
undertow (1.4.23-3) unstable; urgency=medium
* Rebuild against libjboss-classfilewriter-java >= 1.2.2-2.
Fix unsatisfiable dependency.
-- Markus Koschany <apo@debian.org> Mon, 26 Mar 2018 20:15:01 +0200
undertow (1.4.23-2) unstable; urgency=medium
* Add java9.patch and fix FTBFS with Java 9. (Closes: #893532)
* Use source/target 1.9.
-- Markus Koschany <apo@debian.org> Sun, 25 Mar 2018 17:06:48 +0200
undertow (1.4.23-1) unstable; urgency=high
* New upstream version 1.4.23.
- Fix CVE-2017-7559: HTTP Request smuggling vulnerability.
(Closes: #885576)
-- Markus Koschany <apo@debian.org> Fri, 02 Mar 2018 20:29:02 +0100
undertow (1.4.22-1) unstable; urgency=medium
* New upstream version 1.4.22.
* Use compat level 11.
* Declare compliance with Debian Policy 4.1.3.
* Drop websockets-jsr.patch. Not needed anymore.
-- Markus Koschany <apo@debian.org> Wed, 17 Jan 2018 21:11:59 +0100
undertow (1.4.21-2) unstable; urgency=medium
* Add websockets-jsr.patch and implement a yet unsupported new method
introduced by the recent update of libtomcat8-java to version 8.5.24.
Thanks to Adrian Bunk for the report. (Closes: #883357)
* Declare compliance with Debian Policy 4.1.2.
-- Markus Koschany <apo@debian.org> Sun, 03 Dec 2017 20:49:51 +0100
undertow (1.4.21-1) unstable; urgency=medium
* New upstream version 1.4.21.
* Declare compliance with Debian Policy 4.1.1.
-- Markus Koschany <apo@debian.org> Thu, 02 Nov 2017 14:14:55 +0100
undertow (1.4.20-1) unstable; urgency=medium
* New upstream version 1.4.20.
* Tighten build-dependency on jboss-xnio.
* Add no-wildfly.patch and don't require the wildfly openssl dependency.
* Declare compliance with Debian Policy 4.1.0.
-- Markus Koschany <apo@debian.org> Tue, 19 Sep 2017 19:58:15 +0200
undertow (1.4.18-1) unstable; urgency=medium
* New upstream version 1.4.18.
- Fixes CVE-2017-2666 and CVE-2017-2670. (Closes: #864405)
* Declare compliance with Debian Policy 4.0.0.
* Use https for Format field.
* Ignore zanata-maven-plugin.
* Ignore karaf submodule.
* Add libmaven-bundle-plugin-java to B-D.
* Remove lintian-overrides file.
-- Markus Koschany <apo@debian.org> Thu, 29 Jun 2017 18:05:28 +0200
undertow (1.4.8-1) unstable; urgency=medium
* New upstream version 1.4.8.
-- Markus Koschany <apo@debian.org> Fri, 23 Dec 2016 00:17:42 +0100
undertow (1.4.7-1) unstable; urgency=medium
* New upstream version 1.4.7.
-- Markus Koschany <apo@debian.org> Sun, 18 Dec 2016 00:12:45 +0100
undertow (1.4.6-1) unstable; urgency=medium
* New upstream version 1.4.6.
-- Markus Koschany <apo@debian.org> Mon, 28 Nov 2016 22:46:45 +0100
undertow (1.4.4-1) unstable; urgency=medium
* New upstream version 1.4.4.
-- Markus Koschany <apo@debian.org> Sat, 29 Oct 2016 18:29:08 +0200
undertow (1.4.3-1) unstable; urgency=medium
* New upstream version 1.4.3.
- Fixes CVE-2016-7046. (Closes: #838600)
Thanks to Salvatore Bonaccorso for the report.
* Switch to compat level 10.
* debian/watch: Use version=4.
-- Markus Koschany <apo@debian.org> Fri, 23 Sep 2016 19:18:11 +0200
undertow (1.4.1-1) unstable; urgency=medium
* New upstream version 1.4.1.
* Ignore org.wildfly.openssl:wildfly-openssl.
-- Markus Koschany <apo@debian.org> Fri, 09 Sep 2016 02:21:45 +0200
undertow (1.4.0-1) unstable; urgency=medium
* Imported Upstream version 1.4.0.
-- Markus Koschany <apo@debian.org> Fri, 05 Aug 2016 12:14:46 +0200
undertow (1.3.23-1) unstable; urgency=medium
* Imported Upstream version 1.3.23.
* Declare compliance with Debian Policy 3.9.8.
* Drop JettyALPNClientProvider.patch. Fixed upstream.
-- Markus Koschany <apo@debian.org> Sun, 05 Jun 2016 17:47:27 +0200
undertow (1.3.21-1) unstable; urgency=medium
* Imported Upstream version 1.3.21.
* Remove http2 test suite from libundertow-java.poms and
maven.rules.
* Add JettyALPNClientProvider.patch and fix multiple compilation errors.
-- Markus Koschany <apo@debian.org> Sun, 10 Apr 2016 20:12:33 +0200
undertow (1.3.19-1) unstable; urgency=medium
* Imported Upstream version 1.3.19.
* Declare compliance with Debian Policy 3.9.7.
-- Markus Koschany <apo@debian.org> Sun, 20 Mar 2016 19:17:54 +0100
undertow (1.3.16-1) unstable; urgency=medium
* Imported Upstream version 1.3.16.
* Vcs-Git: Use https.
-- Markus Koschany <apo@debian.org> Sat, 30 Jan 2016 17:03:04 +0100
undertow (1.3.11-1) unstable; urgency=medium
* debian/rules: Do not execute dh_auto_test to prevent a FTBFS due
to a bug in maven-compiler-plugin 3.2. (Closes: #808691)
* Imported Upstream version 1.3.11.
-- Markus Koschany <apo@debian.org> Thu, 24 Dec 2015 19:56:00 +0100
undertow (1.3.7-1) unstable; urgency=medium
* Imported Upstream version 1.3.7.
-- Markus Koschany <apo@debian.org> Fri, 27 Nov 2015 19:40:51 +0100
undertow (1.3.5-1) unstable; urgency=medium
* Imported Upstream version 1.3.5.
* Change homepage field to undertow.io.
-- Markus Koschany <apo@debian.org> Mon, 16 Nov 2015 17:25:21 +0100
undertow (1.3.4-1) unstable; urgency=medium
* Initial release (Closes: #767001)
-- Markus Koschany <apo@debian.org> Mon, 02 Nov 2015 17:57:08 +0100
|
