libpf4j-java - Debian Package Tracker

general

source: libpf4j-java (main)
version: 3.13.0+dfsg-2
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Pierre Gruet [DMD]
arch: all
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.8.0+dfsg-2
stable: 3.12.0+dfsg-1
unstable: 3.13.0+dfsg-2

versioned links

3.8.0+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.12.0+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.13.0+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libpf4j-java

action needed

A new upstream version is available: 3.15.0 high

A new upstream version 3.15.0 is available, you should consider packaging it.

Created: 2026-03-22 Last update: 2026-05-15 20:33

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Created: 2026-03-27 Last update: 2026-05-07 17:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Created: 2026-03-27 Last update: 2026-05-07 17:30

4 security issues in bookworm high

There are 4 open security issues in bookworm.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

3 ignored issues:

CVE-2023-40826: An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
CVE-2023-40827: An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
CVE-2023-40828: An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.

Created: 2023-08-31 Last update: 2026-05-07 17:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-70952: pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a lack of proper path normalization and validation.

Created: 2026-03-27 Last update: 2026-04-28 19:02

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2026-05-07 Last update: 2026-05-16 02:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01

testing migrations

excuses:
- Migration status: Blocked. Can't migrate due to a non-migratable dependency. Check status below.
- Blocked by: kotlin
- Migration status for libpf4j-java (- to 3.13.0+dfsg-2): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)
- Issues preventing migration:
- ∙ ∙ Build-Depends(-Arch): libpf4j-java kotlin (not considered)
- ∙ ∙ Invalidated by build-dependency
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libp/libpf4j-java.html
- ∙ ∙ Autopkgtest for libpf4j-java/3.13.0+dfsg-2: amd64: Pass, arm64: Pass, i386: Pass, loong64: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproduced on amd64 - info
- ∙ ∙ Reproduced on arm64 - info
- ∙ ∙ Reproduced on armhf - info
- ∙ ∙ Reproduced on i386 - info
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ 55 days old (needed 2 days)
- Not considered

news

[rss feed]

[2026-05-08] libpf4j-java REMOVED from testing (Debian testing watch)
[2026-03-24] libpf4j-java 3.13.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2026-03-21] Accepted libpf4j-java 3.13.0+dfsg-2 (source) into unstable (Pierre Gruet)
[2025-10-04] libpf4j-java 3.13.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2025-10-01] Accepted libpf4j-java 3.13.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2024-10-06] libpf4j-java 3.12.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-10-01] Accepted libpf4j-java 3.12.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2024-02-16] libpf4j-java 3.10.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2024-02-13] Accepted libpf4j-java 3.10.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2023-09-02] libpf4j-java 3.9.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-08-30] Accepted libpf4j-java 3.9.0+dfsg-2 (source) into unstable (tony mancill)
[2023-06-22] libpf4j-java 3.9.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-06-18] Accepted libpf4j-java 3.9.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2022-12-23] libpf4j-java 3.8.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2022-12-20] Accepted libpf4j-java 3.8.0+dfsg-2 (source) into unstable (Pierre Gruet)
[2022-11-18] libpf4j-java 3.8.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-11-15] Accepted libpf4j-java 3.8.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2022-07-08] libpf4j-java 3.7.0+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-07-06] Accepted libpf4j-java 3.7.0+dfsg-1 (source) into unstable (Pierre Gruet)
[2021-12-22] libpf4j-java 3.6.0+dfsg-3 MIGRATED to testing (Debian testing watch)
[2021-12-20] Accepted libpf4j-java 3.6.0+dfsg-3 (source) into unstable (Pierre Gruet)
[2021-08-23] libpf4j-java 3.6.0+dfsg-2 MIGRATED to testing (Debian testing watch)
[2021-08-18] Accepted libpf4j-java 3.6.0+dfsg-2 (source) into unstable (Pierre Gruet)
[2021-08-17] Accepted libpf4j-java 3.6.0+dfsg-1 (source all) into experimental, experimental (Debian FTP Masters) (signed by: Pierre Gruet)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs
popcon
browse source code
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.13.0+dfsg-2