Register | Log in

libpf4j-java

framework to turn monolithic Java applications into modular ones

Choose email to subscribe with

general

source: libpf4j-java (main)
version: 3.13.0+dfsg-2
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Pierre Gruet [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.8.0+dfsg-2
stable: 3.12.0+dfsg-1
testing: 3.13.0+dfsg-2
unstable: 3.13.0+dfsg-2

versioned links

3.8.0+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.12.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.13.0+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpf4j-java

action needed

4 security issues in bookworm high

There are 4 open security issues in bookworm.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

3 ignored issues:

CVE-2023-40826: An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
CVE-2023-40827: An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
CVE-2023-40828: An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.

Created: 2023-08-31 Last update: 2026-03-27 11:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Created: 2026-03-27 Last update: 2026-03-27 11:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Created: 2026-03-27 Last update: 2026-03-27 11:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Created: 2026-03-27 Last update: 2026-03-27 11:30

A new upstream version is available: 3.15.0 high

A new upstream version 3.15.0 is available, you should consider packaging it.

Created: 2026-03-22 Last update: 2026-03-27 08:30

news

[2026-03-24] libpf4j-java 3.13.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2026-03-21] Accepted libpf4j-java 3.13.0+dfsg-2 (source) into unstable (Pierre Gruet)
[2025-10-04] libpf4j-java 3.13.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-10-01] Accepted libpf4j-java 3.13.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2024-10-06] libpf4j-java 3.12.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-10-01] Accepted libpf4j-java 3.12.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2024-02-16] libpf4j-java 3.10.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-02-13] Accepted libpf4j-java 3.10.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2023-09-02] libpf4j-java 3.9.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-08-30] Accepted libpf4j-java 3.9.0+dfsg-2 (source) into unstable (tony mancill)
[2023-06-22] libpf4j-java 3.9.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-06-18] Accepted libpf4j-java 3.9.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2022-12-23] libpf4j-java 3.8.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-12-20] Accepted libpf4j-java 3.8.0+dfsg-2 (source) into unstable (Pierre Gruet)
[2022-11-18] libpf4j-java 3.8.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-15] Accepted libpf4j-java 3.8.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2022-07-08] libpf4j-java 3.7.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-07-06] Accepted libpf4j-java 3.7.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2021-12-22] libpf4j-java 3.6.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-12-20] Accepted libpf4j-java 3.6.0+dfsg-3 (source) into unstable (Pierre Gruet)
[2021-08-23] libpf4j-java 3.6.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-08-18] Accepted libpf4j-java 3.6.0+dfsg-2 (source) into unstable (Pierre Gruet)
[2021-08-17] Accepted libpf4j-java 3.6.0+dfsg-1 (source all) into experimental, experimental (Debian FTP Masters) (signed by: Pierre Gruet)

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.13.0+dfsg-1ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing