openrefine (3.6.2-2+deb12u3) bookworm; urgency=medium * Fix CVE-2024-23833, CVE-2024-47878, CVE-2024-47880, CVE-2024-47881, CVE-2024-47882 and CVE-2024-49760. OpenRefine is a free, open source tool for data processing. Users could be tricked into opening malicious websites which then enabled attackers to run arbitrary code on the server due to improper escaping or code restrictions. -- Markus Koschany Sun, 28 Sep 2025 00:52:50 +0200 openrefine (3.6.2-2+deb12u2) bookworm; urgency=medium * Fix CVE-2023-41887 and CVE-2023-41886: OpenRefine is a powerful free, open source tool for working with messy data. Prior to this version, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. -- Markus Koschany Wed, 04 Oct 2023 15:02:45 +0200 openrefine (3.6.2-2+deb12u1) bookworm; urgency=medium * Fix CVE-2023-37476: OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. (Closes: #1041422) -- Markus Koschany Thu, 07 Sep 2023 21:22:17 +0200 openrefine (3.6.2-2) unstable; urgency=medium * Depend on libjoda-time-java and liboro-java. Thanks to Robert Jäschke for the report! (Closes: #1022760) * Load the refine configuration before parsing the command line options. Thanks to Robert Jäschke for the report! (Closes: #1033355) * Symlink commons-lang-2.6 into server directory to fix another ClassNotFound exception. -- Markus Koschany Wed, 05 Apr 2023 20:20:17 +0200 openrefine (3.6.2-1) unstable; urgency=medium * New upstream version 3.6.2. (Closes: #1022761) * Add 3rdparty missing sources. (Closes: #1022760) These Javascript files are currently missing from the original sources because they are downloaded separately with npm. * Tighten dependency on librhino-java to >= 1.7.14. Otherwise there was a silent error in the web application which made it unusable. * Link titanium-json-ld into webapp directory. -- Markus Koschany Tue, 14 Feb 2023 00:34:16 +0100 openrefine (3.6.1-1) unstable; urgency=medium * New upstream version 3.6.1. * Refresh all patches except of javalamp patch. * Tighten dependency on apache-jena and wikidata toolkit. * Depend on liblanguage-detector-java. * Add gdata-extension.patch. * Declare compliance with Debian Policy 4.6.1. -- Markus Koschany Thu, 29 Sep 2022 23:58:11 +0200 openrefine (3.5.2-2) unstable; urgency=medium * Build-depend on libokhttp-java (>= 3.13.1-3~) * Tighten dependency on libgoogle-api-client-java. * Remove dependency on tomcat9 because the tomcat9-annotations-api is apparently not required. * Update the Dockerfile and add a README file to document how to build the image and run the container. Install both files as examples into /usr/share/doc/openrefine/examples. -- Markus Koschany Tue, 08 Mar 2022 13:49:15 +0100 openrefine (3.5.2-1) unstable; urgency=medium * Upload to unstable. * New upstream version 3.5.2. - Remove non-free lavalamp.js file. - Enable all extensions. * Depend on procps for openrefine script. -- Markus Koschany Sun, 20 Feb 2022 17:03:52 +0100 openrefine (3.5~git20210527-1) experimental; urgency=medium * Initial release. (Closes: #986604 ) -- Markus Koschany Thu, 02 Sep 2021 06:56:05 +0200