Your message dated Sat, 14 Dec 2024 23:04:45 +0000
with message-id <[email protected]>
and subject line Bug#801004: fixed in jenkins-json 2.4-jenkins-8+dfsg-1
has caused the Debian Bug report #801004,
regarding jenkins-json: depends on obsolete libcommons-httpclient-java library
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
801004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801004
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: jenkins-json
Severity: normal
User: [email protected]
Usertags: oldlibs libcommons-httpclient-java
Hi,
jenkins-json depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. jenkins-json should be ported to the new libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.
We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.
Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.
If you have any questions don't hesitate to ask and contact us on
[email protected]
Regards,
Markus
[1] https://hc.apache.org/httpclient-3.x/
[2]
https://security-tracker.debian.org/tracker/source-package/commons-httpclient
--- End Message ---
--- Begin Message ---
Source: jenkins-json
Source-Version: 2.4-jenkins-8+dfsg-1
Done: Pierre Gruet <[email protected]>
We believe that the bug you reported is fixed in the latest version of
jenkins-json, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Pierre Gruet <[email protected]> (supplier of updated jenkins-json package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 14 Dec 2024 23:50:42 +0100
Source: jenkins-json
Architecture: source
Version: 2.4-jenkins-8+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Pierre Gruet <[email protected]>
Closes: 788724 801004 1047096
Changes:
jenkins-json (2.4-jenkins-8+dfsg-1) unstable; urgency=medium
.
* Team upload
* New upstream version 2.4-jenkins-8+dfsg:
- Checking that source package can now be built twice in a row
(Closes: #1047096)
* Refreshing patches
* Repacking without obfuscated js file (Closes: #788724)
* Refreshing d/copyright
* Raising Standards version to 4.7.0
- Setting Rules-Requires-Root: no
- Using the https format for d/copyright
* Handling the junit artifact correctly by providing its version number
* Removing B-D on libcommons-httpclient-java (Closes: #801004)
* Removing unneeded versioned B-D
* Updating Maven ignoreRules
* Marking the POM file with --no-parent
* Simplifying d/rules
Checksums-Sha1:
a44d847215779bf0d0a79364ec4fd601297f8fc8 2307
jenkins-json_2.4-jenkins-8+dfsg-1.dsc
4f0f0c1e950ee31e3a7b1a6402141e4a081d9d35 209876
jenkins-json_2.4-jenkins-8+dfsg.orig.tar.xz
83dde5ff70282fe4986004c24dd6831eabaa90b4 4840
jenkins-json_2.4-jenkins-8+dfsg-1.debian.tar.xz
66ba5c4e2b971255d442523f653d3adbecaaaf43 17973
jenkins-json_2.4-jenkins-8+dfsg-1_source.buildinfo
Checksums-Sha256:
5df213800d6c5366110f8d721830b302453fdd7f72efdbfd7c2b3657786ac99d 2307
jenkins-json_2.4-jenkins-8+dfsg-1.dsc
be26d054e88b606005ef71567881433bc17330b30f50926349c0a4fc7f711e8e 209876
jenkins-json_2.4-jenkins-8+dfsg.orig.tar.xz
fd0d3ff53f7a8a52810cea33e40ac432062280afa63ba2ca2af90c4a5f8d2a25 4840
jenkins-json_2.4-jenkins-8+dfsg-1.debian.tar.xz
8f017d1c86ecf225a4bd6a5a26d71428e6ad1b27c19f5da8569a8763efb97ac5 17973
jenkins-json_2.4-jenkins-8+dfsg-1_source.buildinfo
Files:
dbc9b24962f8e6fa42559cfc6607e2e9 2307 java optional
jenkins-json_2.4-jenkins-8+dfsg-1.dsc
9eee7f9a8597f03cd822ebe5b7d03cee 209876 java optional
jenkins-json_2.4-jenkins-8+dfsg.orig.tar.xz
de4ade460d22b389604cc27c9827308e 4840 java optional
jenkins-json_2.4-jenkins-8+dfsg-1.debian.tar.xz
29e79b033238196b065f69681bf17f3e 17973 java optional
jenkins-json_2.4-jenkins-8+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmdeDBUACgkQYAMWptwn
dHZORQ/+Pxk7KUarf+jZrNuCajbzwnksCm8ITgBd6FUCM4Uh1zS/z82t6ZJJn7UX
J+PbOyfDy7TJ2RmvcsJK1rJgQRg44hgVabLvxaTSjqEJ+Lez/xTyQzydV+2ZNjqf
wgy++8oatG7vXD5WfF+pi+PRkTUAOv7+6QCjfdBk1ldhJtuipK/EmyQJn5F18aKQ
4zJOLcZFvl01Nkt9UE/DDy2ZVBXkwWPwYQIQRiE/hPqHtQTThlhd80kJFV43CfXu
hmdVH9+cnedvIAk3J8wzyswhJ6LTCze4JG1I1Mog+2OIuIt2gBSaMzJ5jqNODfYJ
gCDCiLS9NF+h0mjge3CmhZHA9+geig2C7DxmLuYlKp7q+qHRxVmrkdDdMTHm71LB
UkpZpHBQ5CwccoT5aAHWYqJeQBGdTQ8B+tUZKgYhZr6arvxt80Po2EJfgGjU7YDS
PwDyJl1HAaYaqudj3dWMoASK5lhGOQKN4U0UOzIF9+BGMoToetXJ9PrRQKraacGl
UgztLiPqCD/xKCla8RAzxHyqMfqiYGo+BWt8YpTwE8HV/jEza1qvKaKklALK0xxQ
rQVgFy6y6BGyQ5iCPDjLkQtiWX0aSQLeLKV9mXMiFNmsc1QC6bt9Ark1iIHnIZDW
pYO7nZ0xprDg3YyKB7spc8KJraGc+urnaUhObFX3axUMX/07Xsw=
=8Bhw
-----END PGP SIGNATURE-----
pgpxHk4ABw_F3.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
