libowasp-esapi-java (2.4.0.0-2ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Improper SQL special-element neutralization
    - debian/patches/CVE-2025-5878.patch: Deprecate SQL encodings in
      src/main/java/org/owasp/esapi/Encoder.java,
      src/main/java/org/owasp/esapi/codecs/DB2Codec.java,
      src/main/java/org/owasp/esapi/codecs/MySQLCodec.java,
      src/main/java/org/owasp/esapi/codecs/OracleCodec.java and
      src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
    - CVE-2025-5878

 -- Shafayat Hossain Majumder <shafayat.majumder@canonical.com>  Wed, 15 Apr 2026 13:35:40 -0400

libowasp-esapi-java (2.4.0.0-2) unstable; urgency=medium

  * Team upload.
  * Replace libservlet3.1-java with libservlet-api-java
  * Drop libowasp-esapi-java-doc (see Debian bug #1028166)
  * Bump Standards-Version to 4.6.2
  * Freshen years in debian/copyright
  * Add lintian overrides for long HTML lines
  * Set Rules-Requires-Root: no in debian/control

 -- tony mancill <tmancill@debian.org>  Sun, 08 Jan 2023 10:29:05 -0800

libowasp-esapi-java (2.4.0.0-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 2.4.0.0.
    - Fix CVE-2022-23457 and CVE-2022-24891 and a potential DoS vulnerability
      (CVE-2022-28366). (Closes: #1010339)
    Thanks to Neil Williams for the report.
  * Drop servlet-api.patch because it is no longer required.
  * Use canonical VCS URI.

 -- Markus Koschany <apo@debian.org>  Fri, 29 Apr 2022 15:30:01 +0200

libowasp-esapi-java (2.2.3.1-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 2.2.3.1.
  * Switch to debhelper-compat = 13.
  * Declare compliance with Debian Policy 4.6.0.
  * Switch to commons-collections 4.
  * Rebase 01-servlet-api-compatibility.patch

 -- Markus Koschany <apo@debian.org>  Tue, 12 Oct 2021 15:27:54 +0200

libowasp-esapi-java (2.1.0-3) unstable; urgency=medium

  * Team upload.
  * Transition to the Servlet API 3.1 (Closes: #801021)
  * Build with the DH sequencer instead of CDBS
  * Standards-Version updated to 3.9.8 (no changes)
  * Use secure Vcs-* URLs

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 20 Jun 2016 17:06:57 +0200

libowasp-esapi-java (2.1.0-2) unstable; urgency=low

  * This version to be for unstable
  * Put into git (and add appropriate headers to debian/control)
  * Note the 2 Apache-2.0 licensed files

 -- Matthew Vernon <matthew@debian.org>  Thu, 29 May 2014 18:27:31 +0100

libowasp-esapi-java (2.1.0-1) experimental; urgency=low

  * Initial release (closes: #741416)
  * This is (indirectly) a dependency of the Shibboleth IdP

 -- Matthew Vernon <matthew@debian.org>  Wed, 19 Feb 2014 16:24:11 +0000
