Bug#1094762: async-http-client: Please package latest upstream release(s): 2.12.4 (and 3.0.1)
Santiago Ruano Rincón
santiagorr at riseup.net
Thu Jan 30 19:56:08 GMT 2025
Source: async-http-client
Severity: important
User: debian-lts at lists.debian.org
Usertags: upstream-trixie
X-Debbugs-Cc: debian-lts at lists.debian.org
Dear async-http-client maintainer(s),
Testing (trixie) currently ships async-http-client 2.12.3. Upstream released
2.12.4 and 3.0.1 (whose breaking changes are more involving) the last
month of December.
While I am not aware of any release schedule and EOL policy for
async-http-client, I would say that the more recent release can be included
in trixie, the better. And the easier would be to provide security
updates to the users during the trixie life cycle. It is worth noting
that upstream has already fixed one (minor) security issue, with
the above mentioned versions:
https://security-tracker.debian.org/tracker/CVE-2024-53990.
This is actually https://bugs.debian.org/1089228, which made AHC to be
removed from testing.
If you need or want help packaging this recent upstream version, please
don't hesitate to speak up. Someone from the LTS team may be interested
in contributing (CC'ing debian-lts).
Best regards,
-- Santiago, for the LTS Team.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20250130/246c2eb4/attachment.sig>
More information about the pkg-java-maintainers
mailing list