hugo - Debian Package Tracker

general

source: hugo (main)
version: 0.150.1-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Anthony Fok [DMD] – Dr. Tobias Quathamer [DMD]
arch: any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.80.0-6
o-o-sec: 0.80.0-6+deb11u1
oldstable: 0.111.3-1
stable: 0.131.0-1
testing: 0.131.0-2
unstable: 0.150.1-1

versioned links

0.80.0-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.80.0-6+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.111.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.131.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.131.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.150.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

hugo

action needed

Marked for autoremoval on 27 October: #1111771, #1115127 high

Version 0.131.0-2 of hugo is marked for autoremoval from testing on Mon 27 Oct 2025. It is affected by #1111771, #1115127. The removal of hugo will also cause the removal of (transitive) reverse dependency: bornagain. You should try to prevent the removal by fixing these RC bugs.

Created: 2025-08-28 Last update: 2025-10-03 11:00

Debci reports failed tests high

unstable: pass (log)
The tests ran in 0:04:37
Last run: 2025-09-27T11:00:08.000Z
Previous status: unknown

testing: fail (log)
The tests ran in 0:05:09
Last run: 2025-08-16T22:12:17.000Z
Previous status: unknown

stable: fail (log)
The tests ran in 0:03:32
Last run: 2025-08-11T12:55:03.000Z
Previous status: unknown

Created: 2025-02-02 Last update: 2025-10-02 19:31

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2024-55601: Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates.

Created: 2025-08-09 Last update: 2025-09-28 08:30

4 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 2a8461ea9908d6e178e99a1231e9acb070708496
Author: Dr. Tobias Quathamer <toddy@debian.org>
Date:   Tue Sep 30 17:55:20 2025 +0200

    Use Debian packages instead of local copies.
    
    - golang-github-kyokomi-emoji-dev

commit f86eb146319633556a4d1dec0d600a402e8ded4b
Author: Dr. Tobias Quathamer <toddy@debian.org>
Date:   Sun Sep 28 17:54:53 2025 +0200

    Update patch descriptions, forward patch to upstream

commit 558806d2a4118d8ba4570805170077a72200207c
Author: Dr. Tobias Quathamer <toddy@debian.org>
Date:   Sun Sep 28 00:40:08 2025 +0200

    Use Debian packages instead of local copies.
    
    - golang-github-bep-goportabletext-dev
    - golang-github-gohugoio-hashstructure-dev
    - golang-github-gohugoio-httpcache-dev

commit 1747c5e060d05fe110ab1b640824feb90a0961f2
Author: Dr. Tobias Quathamer <toddy@debian.org>
Date:   Sun Sep 28 00:24:51 2025 +0200

    Update changelog with missing bug numbers

Created: 2025-09-27 Last update: 2025-09-30 18:30

debian/patches: 3 patches to forward upstream low

Among the 8 debian patches available in version 0.150.1-1 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-08-14 Last update: 2025-09-28 10:33

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2024-55601: (needs triaging) Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-12-11 Last update: 2025-09-28 08:30

testing migrations

excuses:
- Migration status for hugo (0.131.0-2 to 0.150.1-1): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 4 of 5 days old
- Additional info:
- ∙ ∙ Updating hugo will fix bugs in testing: #1111771, #1115127
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/h/hugo.html
- ∙ ∙ autopkgtest for hugo/0.150.1-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Failed (not a regression) ♻ (reference ♻), s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- Not considered

news

[rss feed]

[2025-09-27] Accepted hugo 0.150.1-1 (source) into unstable (Dr. Tobias Quathamer)
[2025-09-26] Accepted hugo 0.150.0-1 (source) into unstable (Dr. Tobias Quathamer)
[2025-08-23] hugo 0.131.0-2 MIGRATED to testing (Debian testing watch)
[2025-08-16] Accepted hugo 0.131.0-2 (source) into unstable (Mathias Gibbens)
[2025-04-30] Accepted hugo 0.80.0-6+deb11u1 (source) into oldstable-security (Andrej Shadura) (signed by: Andrew Shadura)
[2024-09-07] hugo 0.131.0-1 MIGRATED to testing (Debian testing watch)
[2024-09-03] Accepted hugo 0.131.0-1 (source) into unstable (Anthony Fok)
[2024-09-02] hugo 0.130.0-2 MIGRATED to testing (Debian testing watch)
[2024-08-30] Accepted hugo 0.130.0-2 (source) into unstable (Anthony Fok)
[2024-08-20] Accepted hugo 0.130.0-1 (source) into unstable (Anthony Fok)
[2024-08-19] hugo 0.129.0-2 MIGRATED to testing (Debian testing watch)
[2024-08-13] Accepted hugo 0.129.0-2 (source) into unstable (Shengjing Zhu)
[2024-08-10] Accepted hugo 0.129.0-1 (source) into unstable (Anthony Fok)
[2024-07-20] hugo 0.128.2-2 MIGRATED to testing (Debian testing watch)
[2024-07-15] Accepted hugo 0.128.2-2 (source) into unstable (Anthony Fok)
[2024-07-14] Accepted hugo 0.128.2-1 (source) into unstable (Anthony Fok)
[2024-06-25] hugo 0.127.0-1 MIGRATED to testing (Debian testing watch)
[2024-06-15] Accepted hugo 0.127.0-1 (source) into unstable (Anthony Fok)
[2024-06-04] Accepted hugo 0.126.3-1 (source) into unstable (Anthony Fok)
[2024-05-31] Accepted hugo 0.126.2-1 (source) into unstable (Anthony Fok)
[2024-05-21] Accepted hugo 0.126.1-1 (source) into unstable (Anthony Fok)
[2024-05-11] Accepted hugo 0.125.7-1 (source) into unstable (Anthony Fok)
[2024-05-08] Accepted hugo 0.125.6-1 (source) into unstable (Anthony Fok)
[2024-05-03] Accepted hugo 0.125.5-1 (source) into unstable (Anthony Fok)
[2024-04-27] Accepted hugo 0.125.4-1 (source) into unstable (Anthony Fok)
[2024-03-31] hugo 0.124.1-1 MIGRATED to testing (Debian testing watch)
[2024-03-25] Accepted hugo 0.124.1-1 (source) into unstable (Anthony Fok)
[2024-03-24] hugo 0.123.8-2 MIGRATED to testing (Debian testing watch)
[2024-03-24] hugo 0.123.8-2 MIGRATED to testing (Debian testing watch)
[2024-03-21] hugo 0.123.8-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.131.0-1