apache-jena (4.9.0-1) [PTS] [DDPO]

COMMITS: VCS has seen 1 commit since the debian/4.9.0-1 tag

Git: https://salsa.debian.org/java-team/apache-jena.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 55201792
Browser: https://salsa.debian.org/java-team/apache-jena
Last scan: 2023-11-28 22:12:19+00
Next scan: 2023-12-05 07:01:00+00

Debian changelog in Git:

apache-jena (4.9.0-1) unstable; urgency=medium

  * New upstream version 4.9.0.
    - Fix CVE-2023-22665: (Closes: #1041108)
      There is insufficient checking of user queries in Apache Jena versions
      4.7.0 and earlier, when invoking custom scripts. It allows a remote user
      to execute arbitrary javascript via a SPARQL query.
    - Fix CVE-2023-32200: (Closes: #1035952)
      There is insufficient restrictions of called script functions in Apache
      Jena versions 4.8.0 and earlier. It allows a remote user to execute
      javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0
      through 4.8.0.
  * B-D on libcaffeine-java and libcommons-collections4-java.
  * Ignore org.roaringbitmap:RoaringBitmap artifact. Needs packaging.
  * Rebase and update the patches for the new release.

 -- Markus Koschany <apo@debian.org>  Thu, 14 Sep 2023 19:21:03 +0200

This branch is 1 commit ahead of tag debian/4.9.0-1

Git log:

commit b6696db03e6868781659834ba6948dbd0acbb65b
Author: Markus Koschany <apo@debian.org>
Date:   Thu Sep 14 19:43:02 2023 +0200

    d/copyright: remove Files-Excluded paragraph.
    
    The js files have been removed upstream.