Register | Log in

commons-vfs

Java API for accessing various filesystems

Choose email to subscribe with

general

source: commons-vfs (main)
version: 2.1-5
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Damien Raude-Morvan [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.1-2
oldstable: 2.1-2
old-sec: 2.1-2+deb11u1
stable: 2.1-4
testing: 2.1-5
unstable: 2.1-5

versioned links

2.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libcommons-vfs-java

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://www.apache.org/dist/commons/vfs/source/commons-vfs2-distribution-(.*)-src\.tar\.gz debian uupdate

Created: 2020-10-22 Last update: 2025-04-26 02:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-27553: Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file". However, when the path contains encoded ".." characters (for example, "%2E%2E/bar.txt"), it might return file objects that are not a descendent of the base file, without throwing an exception. This issue affects Apache Commons VFS: before 2.10.0. Users are recommended to upgrade to version 2.10.0, which fixes the issue.

Created: 2025-03-24 Last update: 2025-04-08 06:32

debian/patches: 1 patch to forward upstream low

Among the 3 debian patches available in version 2.1-5 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-04-03 Last update: 2025-04-03 13:25

news

[2025-04-08] commons-vfs 2.1-5 MIGRATED to testing (Debian testing watch)
[2025-04-03] Accepted commons-vfs 2.1-5 (source) into unstable (Markus Koschany)
[2025-04-02] Accepted commons-vfs 2.1-2+deb11u1 (source) into oldstable-security (Markus Koschany)
[2023-01-08] commons-vfs 2.1-4 MIGRATED to testing (Debian testing watch)
[2023-01-02] Accepted commons-vfs 2.1-4 (source) into unstable (tony mancill)
[2023-01-01] Accepted commons-vfs 2.1-3 (source) into unstable (tony mancill)
[2018-03-14] commons-vfs 2.1-2 MIGRATED to testing (Debian testing watch)
[2018-03-09] Accepted commons-vfs 2.1-2 (source) into unstable (Emmanuel Bourg)
[2016-07-12] commons-vfs 2.1-1 MIGRATED to testing (Debian testing watch)
[2016-07-06] Accepted commons-vfs 2.1-1 (source all) into unstable (Emmanuel Bourg)
[2016-01-24] commons-vfs 2.0-7 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted commons-vfs 2.0-7 (source all) into unstable (Emmanuel Bourg)
[2016-01-05] commons-vfs 2.0-6 MIGRATED to testing (Debian testing watch)
[2015-12-30] Accepted commons-vfs 2.0-6 (source all) into unstable (Emmanuel Bourg)
[2015-12-13] commons-vfs 2.0-5 MIGRATED to testing (Debian testing watch)
[2015-12-07] Accepted commons-vfs 2.0-5 (source all) into unstable (Emmanuel Bourg)
[2015-09-06] commons-vfs 2.0-4 MIGRATED to testing (Britney)
[2015-08-31] Accepted commons-vfs 2.0-4 (source all) into unstable (Emmanuel Bourg)
[2012-07-01] commons-vfs 2.0-3 MIGRATED to testing (Debian testing watch)
[2012-06-20] Accepted commons-vfs 2.0-3 (source all) (Niels Thykier)
[2012-04-19] commons-vfs 2.0-2 MIGRATED to testing (Debian testing watch)
[2012-04-08] Accepted commons-vfs 2.0-2 (source all) (Damien Raude-Morvan)
[2011-09-21] commons-vfs 2.0-1 MIGRATED to testing (Debian testing watch)
[2011-09-11] Accepted commons-vfs 2.0-1 (source all) (Damien Raude-Morvan)
[2011-09-10] commons-vfs 1.0-6 MIGRATED to testing (Debian testing watch)
[2011-08-30] Accepted commons-vfs 1.0-6 (source all) (Torsten Werner)
[2009-12-23] commons-vfs 1.0-5 MIGRATED to testing (Debian testing watch)
[2009-12-12] Accepted commons-vfs 1.0-5 (source all) (Damien Raude-Morvan)
[2009-09-03] commons-vfs 1.0-4 MIGRATED to testing (Debian testing watch)
[2009-08-23] Accepted commons-vfs 1.0-4 (source all) (Damien Raude-Morvan) (signed by: Torsten Werner)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1-4
1 bug

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing