undertow (2.3.18-2) unstable; urgency=medium

  * Team upload.
  * Depend on libtomcat11-java instead of libtomcat10-java
  * Standards-Version updated to 4.7.2

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 17 Mar 2025 00:21:25 +0100

undertow (2.3.18-1) unstable; urgency=medium

  * New upstream version 2.3.18
    - Fix CVE-2023-3223: (Closes: #1054893)
    - Fix CVE-2023-1973: (Closes: #1068815)
    - Fix CVE-2023-4639: (Closes: #1063539)
    - Fix CVE-2024-1459: (Closes: #1068816)
    - Fix CVE-2024-1635: (Closes: #1068817)
    - Fix CVE-2024-3653: (Closes: #1077547)
    - Fix CVE-2024-5971: (Closes: #1077545)
      Fix CVE-2024-7885: (Closes: #1082854)
  * Declare compliance with Debian Policy 4.7.0.

 -- Markus Koschany <apo@debian.org>  Fri, 03 Jan 2025 16:21:53 +0100

undertow (2.3.8-2) unstable; urgency=medium

  * Upload to unstable.

 -- Markus Koschany <apo@debian.org>  Mon, 21 Aug 2023 23:45:46 +0200

undertow (2.3.8-1) experimental; urgency=medium

  * New upstream version 2.3.8.
    - Fix CVE-2022-4492: (Closes: #1032087)
    - Fix CVE-2023-1108: (Closes: #1033253)
    - Builds from source again. (Closes: #1026695)
  * Declare compliance with Debian Policy 4.6.2.
  * Switch to Jakarta API.
  * Drop libundertow-java-doc package.

 -- Markus Koschany <apo@debian.org>  Sun, 20 Aug 2023 20:07:02 +0200

undertow (2.2.21-1) unstable; urgency=medium

  * New upstream version 2.2.21.

 -- Markus Koschany <apo@debian.org>  Sat, 12 Nov 2022 14:50:22 +0100

undertow (2.2.20-1) unstable; urgency=medium

  * New upstream version 2.2.20.

 -- Markus Koschany <apo@debian.org>  Thu, 13 Oct 2022 23:44:06 +0200

undertow (2.2.19-1) unstable; urgency=medium

  * New upstream version 2.2.19.
  * Drop CVE-2022-2053.patch. Fixed upstream.

 -- Markus Koschany <apo@debian.org>  Thu, 18 Aug 2022 13:12:08 +0200

undertow (2.2.18-1) unstable; urgency=medium

  * Track only 2.2.x versions in debian/watch.
  * New upstream version 2.2.18.
  * Declare compliance with Debian Policy 4.6.1.
  * Fix CVE-2022-2053.

 -- Markus Koschany <apo@debian.org>  Tue, 02 Aug 2022 22:22:19 +0200

undertow (2.2.17-1) unstable; urgency=medium

  * New upstream version 2.2.17.

 -- Markus Koschany <apo@debian.org>  Sat, 30 Apr 2022 23:40:58 +0200

undertow (2.2.16-1) unstable; urgency=medium

  * New upstream version 2.2.16.

 -- Markus Koschany <apo@debian.org>  Fri, 11 Feb 2022 19:13:05 +0100

undertow (2.2.14-1) unstable; urgency=medium

  * New upstream version 2.2.14.

 -- Markus Koschany <apo@debian.org>  Sun, 19 Dec 2021 00:28:22 +0100

undertow (2.2.13-1) unstable; urgency=medium

  * New upstream version 2.2.13.

 -- Markus Koschany <apo@debian.org>  Thu, 25 Nov 2021 00:43:07 +0100

undertow (2.2.12-1) unstable; urgency=medium

  * New upstream version 2.2.12.

 -- Markus Koschany <apo@debian.org>  Sat, 02 Oct 2021 00:18:14 +0200

undertow (2.2.10-1) unstable; urgency=medium

  * New upstream version 2.2.10.
  * Declare compliance with Debian Policy 4.6.0.

 -- Markus Koschany <apo@debian.org>  Wed, 18 Aug 2021 23:50:37 +0200

undertow (2.2.8-1) unstable; urgency=medium

  * New upstream version 2.2.8.

 -- Markus Koschany <apo@debian.org>  Sun, 11 Jul 2021 23:10:25 +0200

undertow (2.2.5-1) unstable; urgency=medium

  * New upstream version 2.2.5.

 -- Markus Koschany <apo@debian.org>  Sat, 13 Mar 2021 22:38:51 +0100

undertow (2.2.4-1) unstable; urgency=medium

  * New upstream version 2.2.4.
  * Ignore org.codehaus.mojo:exec-maven-plugin.
  * Ignore jakartaee9 module for now.

 -- Markus Koschany <apo@debian.org>  Fri, 12 Feb 2021 01:33:30 +0100

undertow (2.2.3-1) unstable; urgency=medium

  * New upstream version 2.2.3.
  * Declare compliance with Debian Policy 4.5.1.

 -- Markus Koschany <apo@debian.org>  Sat, 12 Dec 2020 21:34:54 +0100

undertow (2.2.2-1) unstable; urgency=medium

  * New upstream version 2.2.2.

 -- Markus Koschany <apo@debian.org>  Sun, 11 Oct 2020 14:38:18 +0200

undertow (2.2.0-1) unstable; urgency=medium

  * New upstream version 2.2.0.

 -- Markus Koschany <apo@debian.org>  Mon, 14 Sep 2020 23:36:07 +0200

undertow (2.1.3-1) unstable; urgency=medium

  * New upstream version 2.1.3.

 -- Markus Koschany <apo@debian.org>  Thu, 04 Jun 2020 22:48:58 +0200

undertow (2.1.1-1) unstable; urgency=medium

  * New upstream version 2.1.1.
  * Switch to debhelper-compat = 13.

 -- Markus Koschany <apo@debian.org>  Sun, 17 May 2020 22:00:50 +0200

undertow (2.1.0-1) unstable; urgency=medium

  * New upstream version 2.1.0.

 -- Markus Koschany <apo@debian.org>  Sun, 03 May 2020 00:56:55 +0200

undertow (2.0.30-1) unstable; urgency=medium

  * New upstream version 2.0.30.
  * Declare compliance with Debian Policy 4.5.0.

 -- Markus Koschany <apo@debian.org>  Sat, 21 Mar 2020 01:08:19 +0100

undertow (2.0.29-1) unstable; urgency=medium

  * New upstream version 2.0.29.

 -- Markus Koschany <apo@debian.org>  Wed, 08 Jan 2020 22:54:07 +0100

undertow (2.0.28-1) unstable; urgency=medium

  * New upstream version 2.0.28.

 -- Markus Koschany <apo@debian.org>  Sun, 17 Nov 2019 14:41:48 +0100

undertow (2.0.27-1) unstable; urgency=medium

  * New upstream version 2.0.27.
  * Declare compliance with Debian Policy 4.4.1.

 -- Markus Koschany <apo@debian.org>  Sun, 20 Oct 2019 17:16:51 +0200

undertow (2.0.26-1) unstable; urgency=medium

  * New upstream version 2.0.26.

 -- Markus Koschany <apo@debian.org>  Wed, 11 Sep 2019 17:29:42 +0200

undertow (2.0.25-1) unstable; urgency=medium

  * New upstream version 2.0.25.

 -- Markus Koschany <apo@debian.org>  Mon, 26 Aug 2019 21:15:06 +0200

undertow (2.0.23-1) unstable; urgency=medium

  * New upstream version 2.0.23.
    Fixes CVE-2017-12165, CVE-2019-3888, CVE-2019-10184 and CVE-2018-14642.
    (Closes: #885338, #930349, #911796 )
  * Switch to debhelper-compat = 12.
  * Declare compliance with Debian Policy 4.4.0.

 -- Markus Koschany <apo@debian.org>  Fri, 02 Aug 2019 12:11:14 +0200

undertow (1.4.25-2) unstable; urgency=medium

  * Team upload.
  * Depend on libgeronimo-annotation-1.3-spec-java and libservlet3.1-java
    instead of libtomcat8-java
  * Standards-Version updated to 4.2.1
  * Use salsa.debian.org Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 03 Dec 2018 22:37:39 +0100

undertow (1.4.25-1) unstable; urgency=medium

  * New upstream version 1.4.25
    - Fix CVE-2018-1114: File descriptor leak caused by
      JarURLConnection.getLastModified() allows attacker to cause a denial of
      service. (Closes: #897247)
    - Fix CVE-2017-12196: When using Digest authentication the server does not
      ensure that the value of URI in the Authorization header matches the URI
      in HTTP request line. This allows the attacker to cause a MITM attack and
      access the desired content on the server.
  * Declare compliance with Debian Policy 4.1.4.

 -- Markus Koschany <apo@debian.org>  Sun, 06 May 2018 21:29:28 +0200

undertow (1.4.23-3) unstable; urgency=medium

  * Rebuild against libjboss-classfilewriter-java >= 1.2.2-2.
    Fix unsatisfiable dependency.

 -- Markus Koschany <apo@debian.org>  Mon, 26 Mar 2018 20:15:01 +0200

undertow (1.4.23-2) unstable; urgency=medium

  * Add java9.patch and fix FTBFS with Java 9. (Closes: #893532)
  * Use source/target 1.9.

 -- Markus Koschany <apo@debian.org>  Sun, 25 Mar 2018 17:06:48 +0200

undertow (1.4.23-1) unstable; urgency=high

  * New upstream version 1.4.23.
    - Fix CVE-2017-7559: HTTP Request smuggling vulnerability.
      (Closes: #885576)

 -- Markus Koschany <apo@debian.org>  Fri, 02 Mar 2018 20:29:02 +0100

undertow (1.4.22-1) unstable; urgency=medium

  * New upstream version 1.4.22.
  * Use compat level 11.
  * Declare compliance with Debian Policy 4.1.3.
  * Drop websockets-jsr.patch. Not needed anymore.

 -- Markus Koschany <apo@debian.org>  Wed, 17 Jan 2018 21:11:59 +0100

undertow (1.4.21-2) unstable; urgency=medium

  * Add websockets-jsr.patch and implement a yet unsupported new method
    introduced by the recent update of libtomcat8-java to version 8.5.24.
    Thanks to Adrian Bunk for the report. (Closes: #883357)
  * Declare compliance with Debian Policy 4.1.2.

 -- Markus Koschany <apo@debian.org>  Sun, 03 Dec 2017 20:49:51 +0100

undertow (1.4.21-1) unstable; urgency=medium

  * New upstream version 1.4.21.
  * Declare compliance with Debian Policy 4.1.1.

 -- Markus Koschany <apo@debian.org>  Thu, 02 Nov 2017 14:14:55 +0100

undertow (1.4.20-1) unstable; urgency=medium

  * New upstream version 1.4.20.
  * Tighten build-dependency on jboss-xnio.
  * Add no-wildfly.patch and don't require the wildfly openssl dependency.
  * Declare compliance with Debian Policy 4.1.0.

 -- Markus Koschany <apo@debian.org>  Tue, 19 Sep 2017 19:58:15 +0200

undertow (1.4.18-1) unstable; urgency=medium

  * New upstream version 1.4.18.
    - Fixes CVE-2017-2666 and CVE-2017-2670. (Closes: #864405)
  * Declare compliance with Debian Policy 4.0.0.
  * Use https for Format field.
  * Ignore zanata-maven-plugin.
  * Ignore karaf submodule.
  * Add libmaven-bundle-plugin-java to B-D.
  * Remove lintian-overrides file.

 -- Markus Koschany <apo@debian.org>  Thu, 29 Jun 2017 18:05:28 +0200

undertow (1.4.8-1) unstable; urgency=medium

  * New upstream version 1.4.8.

 -- Markus Koschany <apo@debian.org>  Fri, 23 Dec 2016 00:17:42 +0100

undertow (1.4.7-1) unstable; urgency=medium

  * New upstream version 1.4.7.

 -- Markus Koschany <apo@debian.org>  Sun, 18 Dec 2016 00:12:45 +0100

undertow (1.4.6-1) unstable; urgency=medium

  * New upstream version 1.4.6.

 -- Markus Koschany <apo@debian.org>  Mon, 28 Nov 2016 22:46:45 +0100

undertow (1.4.4-1) unstable; urgency=medium

  * New upstream version 1.4.4.

 -- Markus Koschany <apo@debian.org>  Sat, 29 Oct 2016 18:29:08 +0200

undertow (1.4.3-1) unstable; urgency=medium

  * New upstream version 1.4.3.
    - Fixes CVE-2016-7046. (Closes: #838600)
      Thanks to Salvatore Bonaccorso for the report.
  * Switch to compat level 10.
  * debian/watch: Use version=4.

 -- Markus Koschany <apo@debian.org>  Fri, 23 Sep 2016 19:18:11 +0200

undertow (1.4.1-1) unstable; urgency=medium

  * New upstream version 1.4.1.
  * Ignore org.wildfly.openssl:wildfly-openssl.

 -- Markus Koschany <apo@debian.org>  Fri, 09 Sep 2016 02:21:45 +0200

undertow (1.4.0-1) unstable; urgency=medium

  * Imported Upstream version 1.4.0.

 -- Markus Koschany <apo@debian.org>  Fri, 05 Aug 2016 12:14:46 +0200

undertow (1.3.23-1) unstable; urgency=medium

  * Imported Upstream version 1.3.23.
  * Declare compliance with Debian Policy 3.9.8.
  * Drop JettyALPNClientProvider.patch. Fixed upstream.

 -- Markus Koschany <apo@debian.org>  Sun, 05 Jun 2016 17:47:27 +0200

undertow (1.3.21-1) unstable; urgency=medium

  * Imported Upstream version 1.3.21.
  * Remove http2 test suite from libundertow-java.poms and
    maven.rules.
  * Add JettyALPNClientProvider.patch and fix multiple compilation errors.

 -- Markus Koschany <apo@debian.org>  Sun, 10 Apr 2016 20:12:33 +0200

undertow (1.3.19-1) unstable; urgency=medium

  * Imported Upstream version 1.3.19.
  * Declare compliance with Debian Policy 3.9.7.

 -- Markus Koschany <apo@debian.org>  Sun, 20 Mar 2016 19:17:54 +0100

undertow (1.3.16-1) unstable; urgency=medium

  * Imported Upstream version 1.3.16.
  * Vcs-Git: Use https.

 -- Markus Koschany <apo@debian.org>  Sat, 30 Jan 2016 17:03:04 +0100

undertow (1.3.11-1) unstable; urgency=medium

  * debian/rules: Do not execute dh_auto_test to prevent a FTBFS due
    to a bug in maven-compiler-plugin 3.2. (Closes: #808691)
  * Imported Upstream version 1.3.11.

 -- Markus Koschany <apo@debian.org>  Thu, 24 Dec 2015 19:56:00 +0100

undertow (1.3.7-1) unstable; urgency=medium

  * Imported Upstream version 1.3.7.

 -- Markus Koschany <apo@debian.org>  Fri, 27 Nov 2015 19:40:51 +0100

undertow (1.3.5-1) unstable; urgency=medium

  * Imported Upstream version 1.3.5.
  * Change homepage field to undertow.io.

 -- Markus Koschany <apo@debian.org>  Mon, 16 Nov 2015 17:25:21 +0100

undertow (1.3.4-1) unstable; urgency=medium

  * Initial release (Closes: #767001)

 -- Markus Koschany <apo@debian.org>  Mon, 02 Nov 2015 17:57:08 +0100
