Register | Log in

commons-configuration

Java based library providing a generic configuration interface

Choose email to subscribe with

general

source: commons-configuration (main)
version: 1.10-7
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Torsten Werner [DMD] – Damien Raude-Morvan [DMD] – Emmanuel Bourg [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.10-5
oldstable: 1.10-5
stable: 1.10-6
testing: 1.10-7
unstable: 1.10-7

versioned links

1.10-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.10-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcommons-configuration-java

action needed

A new upstream version is available: 2.12.0 high

A new upstream version 2.12.0 is available, you should consider packaging it.

Created: 2025-04-29 Last update: 2025-07-03 09:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-46392: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.

Created: 2025-05-11 Last update: 2025-05-19 08:00

Depends on packages which need a new maintainer normal

The packages that commons-configuration depends on which need a new maintainer are:

javacc-maven-plugin (#922602)
- Build-Depends: libjavacc-maven-plugin-java

Created: 2019-11-22 Last update: 2025-07-03 10:33

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2025-46392: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.

Created: 2025-05-11 Last update: 2025-05-19 08:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[2024-11-05] commons-configuration 1.10-7 MIGRATED to testing (Debian testing watch)
[2024-10-30] Accepted commons-configuration 1.10-7 (source) into unstable (Emmanuel Bourg)
[2023-01-15] commons-configuration 1.10-6 MIGRATED to testing (Debian testing watch)
[2023-01-09] Accepted commons-configuration 1.10-6 (source) into unstable (tony mancill)
[2017-07-04] commons-configuration 1.10-5 MIGRATED to testing (Debian testing watch)
[2017-06-28] Accepted commons-configuration 1.10-5 (source) into unstable (Emmanuel Bourg)
[2015-12-23] commons-configuration 1.10-4 MIGRATED to testing (Debian testing watch)
[2015-12-17] Accepted commons-configuration 1.10-4 (source all) into unstable (Emmanuel Bourg)
[2015-09-08] commons-configuration 1.10-3 MIGRATED to testing (Britney)
[2015-09-03] Accepted commons-configuration 1.10-3 (source all) into unstable (tony mancill)
[2014-10-05] commons-configuration 1.10-2 MIGRATED to testing (Britney)
[2014-09-30] Accepted commons-configuration 1.10-2 (source all) into unstable (Emmanuel Bourg)
[2013-11-12] commons-configuration 1.10-1 MIGRATED to testing (Debian testing watch)
[2013-11-02] Accepted commons-configuration 1.10-1 (source all) (Emmanuel Bourg)
[2013-07-13] commons-configuration 1.9-1 MIGRATED to testing (Debian testing watch)
[2013-07-02] Accepted commons-configuration 1.9-1 (source all) (Emmanuel Bourg)
[2011-09-21] commons-configuration 1.7-1 MIGRATED to testing (Debian testing watch)
[2011-09-11] Accepted commons-configuration 1.7-1 (source all) (Damien Raude-Morvan)
[2011-09-04] Accepted commons-configuration 1.6-6 (source all) (Damien Raude-Morvan)
[2010-04-22] commons-configuration 1.6-5 MIGRATED to testing (Debian testing watch)
[2010-04-11] Accepted commons-configuration 1.6-5 (source all) (Torsten Werner)
[2009-08-20] commons-configuration 1.6-4 MIGRATED to testing (Debian testing watch)
[2009-08-09] Accepted commons-configuration 1.6-4 (source all) (Torsten Werner)
[2009-07-20] Accepted commons-configuration 1.6-3 (source all) (Ludovic Claude) (signed by: Torsten Werner)
[2009-07-12] Accepted commons-configuration 1.6-2 (source all) (Torsten Werner)
[2009-02-16] commons-configuration 1.6-1 MIGRATED to testing (Debian testing watch)
[2009-01-10] Accepted commons-configuration 1.6-1 (source all) (Torsten Werner)
[2008-08-15] Accepted commons-configuration 1.5-2 (source all) (Torsten Werner)
[2007-12-20] commons-configuration 1.5-1 MIGRATED to testing (Debian testing watch)
[2007-12-09] Accepted commons-configuration 1.5-1 (source all) (Torsten Werner)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.10-7

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing