node-express - Debian Package Tracker

general

source: node-express (main)
version: 5.1.0+~cs12.3.3-1
maintainer: Debian Javascript Maintainers (archive) (DMD)
uploaders: Jonas Smedegaard [DMD] – Yadd [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.17.1-3
oldstable: 4.18.2+~4.17.14-1
stable: 4.21.2+~cs8.36.27-2
testing: 5.1.0+~cs12.3.3-1
unstable: 5.1.0+~cs12.3.3-1

versioned links

4.17.1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.18.2+~4.17.14-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.21.2+~cs8.36.27-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.0+~cs12.3.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

node-express

action needed

A new upstream version is available: 5.1.0+~cs12.3.5 high

A new upstream version 5.1.0+~cs12.3.5 is available, you should consider packaging it.

Created: 2024-09-14 Last update: 2025-11-07 16:00

debian/patches: 1 patch with invalid metadata high

Among the 3 debian patches available in version 5.1.0+~cs12.3.3-1 of the package, we noticed the following issues:

1 patch with invalid metadata that ought to be fixed.

Created: 2023-02-26 Last update: 2025-10-26 08:02

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 1506707d64fa03046cc204006e0b40b6e7d464f5
Author: Yadd <yadd@debian.org>
Date:   Sun Oct 26 10:50:56 2025 +0100

    Set URL for fix-for-superagent-10.patch

Created: 2025-10-26 Last update: 2025-11-03 16:32

lintian reports 3 warnings normal

Lintian reports 3 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-26 Last update: 2025-10-26 03:31

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-29041: (needs triaging) Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.
CVE-2024-43796: (needs triaging) Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-04-02 Last update: 2025-10-28 05:01

news

[rss feed]

[2025-10-28] node-express 5.1.0+~cs12.3.3-1 MIGRATED to testing (Debian testing watch)
[2025-10-25] Accepted node-express 5.1.0+~cs12.3.3-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-09-23] node-express 4.21.2+~cs8.36.27-3 MIGRATED to testing (Debian testing watch)
[2025-09-21] Accepted node-express 4.21.2+~cs8.36.27-3 (source) into unstable (Alexandre Detiste)
[2025-05-24] node-express 4.21.2+~cs8.36.27-2 MIGRATED to testing (Debian testing watch)
[2025-05-20] Accepted node-express 4.21.2+~cs8.36.27-2 (source) into unstable (Jérémy Lal)
[2025-04-06] node-express 4.21.2+~cs8.36.27-1 MIGRATED to testing (Debian testing watch)
[2025-04-04] Accepted node-express 4.21.2+~cs8.36.27-1 (source) into unstable (Jérémy Lal)
[2024-09-23] node-express 4.21.0+~cs8.36.26-2 MIGRATED to testing (Debian testing watch)
[2024-09-21] Accepted node-express 4.21.0+~cs8.36.26-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2024-09-16] Accepted node-express 4.21.0+~cs8.36.26-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2024-08-15] node-express 4.19.2+~cs8.36.26-1 MIGRATED to testing (Debian testing watch)
[2024-08-13] Accepted node-express 4.19.2+~cs8.36.26-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2024-04-09] node-express 4.19.2+~cs8.36.21-1 MIGRATED to testing (Debian testing watch)
[2024-04-09] node-express 4.19.2+~cs8.36.21-1 MIGRATED to testing (Debian testing watch)
[2024-04-07] Accepted node-express 4.19.2+~cs8.36.21-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2023-06-13] node-express 4.18.2+~cs8.34.50-1 MIGRATED to testing (Debian testing watch)
[2023-04-10] Accepted node-express 4.18.2+~cs8.34.50-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-10-12] node-express 4.18.2+~4.17.14-1 MIGRATED to testing (Debian testing watch)
[2022-10-10] Accepted node-express 4.18.2+~4.17.14-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-05-05] node-express 4.18.1+~4.17.13-1 MIGRATED to testing (Debian testing watch)
[2022-04-30] Accepted node-express 4.18.1+~4.17.13-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-04-29] Accepted node-express 4.18.0+~4.17.13-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-04-03] node-express 4.17.3+~4.17.13-2 MIGRATED to testing (Debian testing watch)
[2022-03-26] Accepted node-express 4.17.3+~4.17.13-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2022-02-20] node-express 4.17.3+~4.17.13-1 MIGRATED to testing (Debian testing watch)
[2022-02-18] Accepted node-express 4.17.3+~4.17.13-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-12-22] node-express 4.17.2+~4.17.13-1 MIGRATED to testing (Debian testing watch)
[2021-12-20] Accepted node-express 4.17.2+~4.17.13-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2021-10-01] node-express 4.17.1+~cs4.17.13-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 3)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.21.2+~cs8.36.27-3