Your message dated Fri, 24 Sep 2021 22:18:33 +0000
with message-id <[email protected]>
and subject line Bug#800993: fixed in jackrabbit 2.20.3-1
has caused the Debian Bug report #800993,
regarding jackrabbit: depends on obsolete libcommons-httpclient-java library
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
800993: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: jackrabbit
Severity: normal
User: [email protected]
Usertags: oldlibs libcommons-httpclient-java
Hi,
jackrabbit depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. jackrabbit should be ported to the new libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.
We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.
Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.
If you have any questions don't hesitate to ask and contact us on
[email protected]
Regards,
Markus
[1] https://hc.apache.org/httpclient-3.x/
[2]
https://security-tracker.debian.org/tracker/source-package/commons-httpclient
--- End Message ---
--- Begin Message ---
Source: jackrabbit
Source-Version: 2.20.3-1
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
jackrabbit, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated jackrabbit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Sep 2021 23:35:55 +0200
Source: jackrabbit
Architecture: source
Version: 2.20.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 800993
Changes:
jackrabbit (2.20.3-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 2.20.3.
- Drop libcommons-httpclient-java. No longer needed. (Closes: #800993)
* Drop servlet-api.patch.
* Declare compliance with Debian Policy 4.6.0.
* Build-depend on libservlet-api-java.
* Use canonical VCS URI.
* Switch to debhelper-compat = 13.
Checksums-Sha1:
cec684f83807d5a978ef6c11303830ea5a7dc938 2246 jackrabbit_2.20.3-1.dsc
9ebcb81bf38d3d59dce9785aa200dd2df5b55c08 3388088 jackrabbit_2.20.3.orig.tar.xz
2ecc4cb09fc736de4639c1514a64e8c61d6d4733 6160 jackrabbit_2.20.3-1.debian.tar.xz
e93f9b86fcf0f487295af16658892e25528f0daa 13193
jackrabbit_2.20.3-1_amd64.buildinfo
Checksums-Sha256:
a185779e4ed4cf685ef000a3fb2d4120958aab6a177183cdf7c5e144142ee554 2246
jackrabbit_2.20.3-1.dsc
51c7896c2a27be6306bfc037e7f5286a1469bd500b2a9db37813071aa65a284a 3388088
jackrabbit_2.20.3.orig.tar.xz
a1accc68e46e13104b22356b1b5e32931df72f0fd415f74f47c632fd454082cd 6160
jackrabbit_2.20.3-1.debian.tar.xz
f7464b73c3c1229c13f4f6b1758581ea03f34fd14bea2daaec87d1a7e06f776a 13193
jackrabbit_2.20.3-1_amd64.buildinfo
Files:
3954e957da99f67c6c91d35cbb217fa9 2246 java optional jackrabbit_2.20.3-1.dsc
eea92347a47974caa892b02f1693422b 3388088 java optional
jackrabbit_2.20.3.orig.tar.xz
9ac5fdac81b8bf03a240e40184e3323b 6160 java optional
jackrabbit_2.20.3-1.debian.tar.xz
3bc1b106f34fe817ed1a57324fb63230 13193 java optional
jackrabbit_2.20.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFOSjJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk7X0QAJROMBTgv4nxPnuliClRUqFJOTthrKiDBH7J
5/isBFm+89+ZEKuxDHqXfW7aWULeCw24CTKFISK+eueltzzO58emIRN0vbN74kW/
TlztD1mKFxx7T8EK+U42RNbz8rYPEGcskDfClEGRFspjhq05it8irny7XyJsJPWq
3CrwEEE/nwuiZedwjCAJZcjqs5NJIHDC4bpxrr4FVGIhLAhbxqn1jEwcERdxPInm
z7X5Bokqe4VCs+vNkyk1FTH1fZV2rK3m432/5v8s2Ux3ebA2s7tKOptW+BQ8V+ow
1KMkqL+vQJcEqQCr+Yau2GnHBg5wGtwebrrYtqCV0IWd3RPkifRLGkr9KtQ3imRT
fubMWtv3H6ggoXwVYXtvXPnxZZUwUqj3IG34tSMvrh3D781EGKjxG3bxuZ+okq75
HnzRQ07Dip8hGEaJCNjYKC+nU1uRuhcJBSVx+0NJ87O5XkoMoJZbr0R3gvWAQCLZ
9/dkhlrj79VqXRTyh3a+GW18iWxM4gDcpFSU7eC5uBfUc6KbNjXUp2IvyXk/VQBl
6MAS61oEvSON1fj5gcof7gqN1V5sTNo8G5xh8MYpei74Ucnqi3ynsQxVgJmTZgxP
jUVP7lmq0TvXltPNBNQ4oX5GnUAoUOTNeAw5xdnEAfvIiZXMsSqXZP9XGxtizSxx
Di9I+/7Y
=zzcF
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
