Debian Package Tracker
Register | Log in
Subscribe

commons-configuration

Java based library providing a generic configuration interface

Choose email to subscribe with

general
  • source: commons-configuration (main)
  • version: 1.10-7
  • maintainer: Debian Java Maintainers (archive) (DMD)
  • uploaders: Torsten Werner [DMD] – Damien Raude-Morvan [DMD] – Emmanuel Bourg [DMD]
  • arch: all
  • std-ver: 4.7.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.10-5
  • oldstable: 1.10-5
  • stable: 1.10-6
  • testing: 1.10-7
  • unstable: 1.10-7
versioned links
  • 1.10-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.10-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.10-7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libcommons-configuration-java
action needed
A new upstream version is available: 2.12.0 high
A new upstream version 2.12.0 is available, you should consider packaging it.
Created: 2025-04-29 Last update: 2025-07-03 09:30
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-46392: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.
Created: 2025-05-11 Last update: 2025-05-19 08:00
Depends on packages which need a new maintainer normal
The packages that commons-configuration depends on which need a new maintainer are:
  • javacc-maven-plugin (#922602)
    • Build-Depends: libjavacc-maven-plugin-java
Created: 2019-11-22 Last update: 2025-07-03 10:33
No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:
  • CVE-2025-46392: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.
Created: 2025-05-11 Last update: 2025-05-19 08:00
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).
Created: 2025-02-21 Last update: 2025-02-27 13:25
news
[rss feed]
  • [2024-11-05] commons-configuration 1.10-7 MIGRATED to testing (Debian testing watch)
  • [2024-10-30] Accepted commons-configuration 1.10-7 (source) into unstable (Emmanuel Bourg)
  • [2023-01-15] commons-configuration 1.10-6 MIGRATED to testing (Debian testing watch)
  • [2023-01-09] Accepted commons-configuration 1.10-6 (source) into unstable (tony mancill)
  • [2017-07-04] commons-configuration 1.10-5 MIGRATED to testing (Debian testing watch)
  • [2017-06-28] Accepted commons-configuration 1.10-5 (source) into unstable (Emmanuel Bourg)
  • [2015-12-23] commons-configuration 1.10-4 MIGRATED to testing (Debian testing watch)
  • [2015-12-17] Accepted commons-configuration 1.10-4 (source all) into unstable (Emmanuel Bourg)
  • [2015-09-08] commons-configuration 1.10-3 MIGRATED to testing (Britney)
  • [2015-09-03] Accepted commons-configuration 1.10-3 (source all) into unstable (tony mancill)
  • [2014-10-05] commons-configuration 1.10-2 MIGRATED to testing (Britney)
  • [2014-09-30] Accepted commons-configuration 1.10-2 (source all) into unstable (Emmanuel Bourg)
  • [2013-11-12] commons-configuration 1.10-1 MIGRATED to testing (Debian testing watch)
  • [2013-11-02] Accepted commons-configuration 1.10-1 (source all) (Emmanuel Bourg)
  • [2013-07-13] commons-configuration 1.9-1 MIGRATED to testing (Debian testing watch)
  • [2013-07-02] Accepted commons-configuration 1.9-1 (source all) (Emmanuel Bourg)
  • [2011-09-21] commons-configuration 1.7-1 MIGRATED to testing (Debian testing watch)
  • [2011-09-11] Accepted commons-configuration 1.7-1 (source all) (Damien Raude-Morvan)
  • [2011-09-04] Accepted commons-configuration 1.6-6 (source all) (Damien Raude-Morvan)
  • [2010-04-22] commons-configuration 1.6-5 MIGRATED to testing (Debian testing watch)
  • [2010-04-11] Accepted commons-configuration 1.6-5 (source all) (Torsten Werner)
  • [2009-08-20] commons-configuration 1.6-4 MIGRATED to testing (Debian testing watch)
  • [2009-08-09] Accepted commons-configuration 1.6-4 (source all) (Torsten Werner)
  • [2009-07-20] Accepted commons-configuration 1.6-3 (source all) (Ludovic Claude) (signed by: Torsten Werner)
  • [2009-07-12] Accepted commons-configuration 1.6-2 (source all) (Torsten Werner)
  • [2009-02-16] commons-configuration 1.6-1 MIGRATED to testing (Debian testing watch)
  • [2009-01-10] Accepted commons-configuration 1.6-1 (source all) (Torsten Werner)
  • [2008-08-15] Accepted commons-configuration 1.5-2 (source all) (Torsten Werner)
  • [2007-12-20] commons-configuration 1.5-1 MIGRATED to testing (Debian testing watch)
  • [2007-12-09] Accepted commons-configuration 1.5-1 (source all) (Torsten Werner)
  • 1
  • 2
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 1
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1.10-7

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing