Register | Log in

commons-vfs

Java API for accessing various filesystems

Choose email to subscribe with

general

source: commons-vfs (main)
version: 2.1-5
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Damien Raude-Morvan [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.1-2
oldstable: 2.1-2
old-sec: 2.1-2+deb11u1
stable: 2.1-4
testing: 2.1-4
unstable: 2.1-5

versioned links

2.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcommons-vfs-java

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://www.apache.org/dist/commons/vfs/source/commons-vfs2-distribution-(.*)-src\.tar\.gz debian uupdate

Created: 2020-10-22 Last update: 2025-04-04 13:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-27553: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Created: 2025-03-24 Last update: 2025-04-03 10:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-27553: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Created: 2025-03-24 Last update: 2025-04-03 10:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2023-01-03 Last update: 2023-02-02 01:03

debian/patches: 1 patch to forward upstream low

Among the 3 debian patches available in version 2.1-5 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-04-03 Last update: 2025-04-03 13:25

testing migrations

excuses:
- Migration status for commons-vfs (2.1-4 to 2.1-5): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 1 of 5 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/c/commons-vfs.html
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Waiting for reproducibility test results on i386 - info ♻
- Not considered

news

[2025-04-03] Accepted commons-vfs 2.1-5 (source) into unstable (Markus Koschany)
[2025-04-02] Accepted commons-vfs 2.1-2+deb11u1 (source) into oldstable-security (Markus Koschany)
[2023-01-08] commons-vfs 2.1-4 MIGRATED to testing (Debian testing watch)
[2023-01-02] Accepted commons-vfs 2.1-4 (source) into unstable (tony mancill)
[2023-01-01] Accepted commons-vfs 2.1-3 (source) into unstable (tony mancill)
[2018-03-14] commons-vfs 2.1-2 MIGRATED to testing (Debian testing watch)
[2018-03-09] Accepted commons-vfs 2.1-2 (source) into unstable (Emmanuel Bourg)
[2016-07-12] commons-vfs 2.1-1 MIGRATED to testing (Debian testing watch)
[2016-07-06] Accepted commons-vfs 2.1-1 (source all) into unstable (Emmanuel Bourg)
[2016-01-24] commons-vfs 2.0-7 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted commons-vfs 2.0-7 (source all) into unstable (Emmanuel Bourg)
[2016-01-05] commons-vfs 2.0-6 MIGRATED to testing (Debian testing watch)
[2015-12-30] Accepted commons-vfs 2.0-6 (source all) into unstable (Emmanuel Bourg)
[2015-12-13] commons-vfs 2.0-5 MIGRATED to testing (Debian testing watch)
[2015-12-07] Accepted commons-vfs 2.0-5 (source all) into unstable (Emmanuel Bourg)
[2015-09-06] commons-vfs 2.0-4 MIGRATED to testing (Britney)
[2015-08-31] Accepted commons-vfs 2.0-4 (source all) into unstable (Emmanuel Bourg)
[2012-07-01] commons-vfs 2.0-3 MIGRATED to testing (Debian testing watch)
[2012-06-20] Accepted commons-vfs 2.0-3 (source all) (Niels Thykier)
[2012-04-19] commons-vfs 2.0-2 MIGRATED to testing (Debian testing watch)
[2012-04-08] Accepted commons-vfs 2.0-2 (source all) (Damien Raude-Morvan)
[2011-09-21] commons-vfs 2.0-1 MIGRATED to testing (Debian testing watch)
[2011-09-11] Accepted commons-vfs 2.0-1 (source all) (Damien Raude-Morvan)
[2011-09-10] commons-vfs 1.0-6 MIGRATED to testing (Debian testing watch)
[2011-08-30] Accepted commons-vfs 1.0-6 (source all) (Torsten Werner)
[2009-12-23] commons-vfs 1.0-5 MIGRATED to testing (Debian testing watch)
[2009-12-12] Accepted commons-vfs 1.0-5 (source all) (Damien Raude-Morvan)
[2009-09-03] commons-vfs 1.0-4 MIGRATED to testing (Debian testing watch)
[2009-08-23] Accepted commons-vfs 1.0-4 (source all) (Damien Raude-Morvan) (signed by: Torsten Werner)
[2009-02-16] commons-vfs 1.0-3 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1-4
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing