Publishing details

Published on 2023-09-26

Changelog

apache-jena (4.9.0-1build1) mantic; urgency=medium

  * Rebuild

apache-jena (4.9.0-1) unstable; urgency=medium

  * New upstream version 4.9.0.
    - Fix CVE-2023-22665: (Closes: #1041108)
      There is insufficient checking of user queries in Apache Jena versions
      4.7.0 and earlier, when invoking custom scripts. It allows a remote user
      to execute arbitrary javascript via a SPARQL query.
    - Fix CVE-2023-32200: (Closes: #1035952)
      There is insufficient restrictions of called script functions in Apache
      Jena versions 4.8.0 and earlier. It allows a remote user to execute
      javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
      through 4.8.0.
  * B-D on libcaffeine-java and libcommons-collections4-java.
  * Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
  * Rebase and update the patches for the new release.

 -- Vladimir Petko <email address hidden>  Tue, 26 Sep 2023 15:43:36 +1300

Available diffs

diff from 4.5.0-2build1 to 4.9.0-1build1 (3.2 MiB)

Builds

amd64

Built packages

libapache-jena-java Java framework for building Semantic Web applications

Package files

apache-jena_4.9.0-1build1.debian.tar.xz (19.0 KiB)
apache-jena_4.9.0-1build1.dsc (2.3 KiB)
apache-jena_4.9.0.orig.tar.gz (34.5 MiB)
libapache-jena-java_4.9.0-1build1_all.deb (7.3 MiB)