Bug#1108367: marked as pending in jackson-core

Markus Koschany noreply at salsa.debian.org
Wed Apr 15 21:46:55 BST 2026 

Control: tag -1 pending

Hello,

Bug #1108367 in jackson-core reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/java-team/jackson-core/-/commit/6abd4e51de1f0bf56682570de4a587eeb9cfe754

------------------------------------------------------------------------
Import Debian changes 2.14.1-2

jackson-core (2.14.1-2) unstable; urgency=medium
.
  * Team upload.
.
  [ Markus Koschany and Emmanuel Arias ]
  * CVE-2025-52999:
    A limit was added to avoid a StackoverflowError if the parsed JSON is very
    deeply nested. The StackoverflowError issue happens in jackson-databind but
    this change in jackson-core stops it from happening unless you increase the
    StreamReadConstraints.maxNestingDepth() to a high number. (Closes: #1108367).
  * Declare compliance with Debian Policy 4.7.4.
.
jackson-core (2.14.1-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Standards-Version updated to 4.6.2
.
jackson-core (2.14.0-2) unstable; urgency=medium
.
  * Remove two unsupported plugins from jackson-base pom because this was
    causing a FTBFS when building other jackson libraries.
.
jackson-core (2.14.0-1) unstable; urgency=medium
.
  * New upstream version 2.14.0.
  * Declare compliance with Debian Policy 4.6.1.
  * Add myself to Uploaders.
  * Update debian/watch to track current versions.
  * Update jackson's pom files.
  * Compile for Java 8.
.
jackson-core (2.13.0-2) unstable; urgency=medium
.
  * Team upload.
  * Remove all doc packages from Build-Depends.
.
jackson-core (2.13.0-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream version 2.13.0.
  * Declare compliance with Debian Policy 4.6.0.
  * Remove README.source
  * Update pom files to version 2.13.0.
  * Refresh patches.
  * Drop libjackson2-core-java-doc. (Closes: #988896)
.
jackson-core (2.12.1-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Remove the javadoc from the upstream tarball
.
jackson-core (2.12.0-1) unstable; urgency=medium
.
  [ Mechtilde ]
  * [fb664ee] New upstream version 2.12.0
  * [6ffb594] Rediff patches
  * [6fec9a4] Added another build dependency to d/control
  * [b26c3a7] Bumped standard version to 4.5.1
.
jackson-core (2.11.3-1) unstable; urgency=medium
.
  [ Mechtilde ]
  * [f17b6a8] Corrected typo in d/changelog
  * [1544856] New upstream version 2.11.3
  * [b2a1e2a] Bumped compat level to 13
  * [1ba0f89] Setting links to use libjs-jquery and libjs-jquery-ui
  * [1a20284] Added build dependencies libjs-jquery and libjs-jquery-ui
  * [bcf9cc3] Addapt patch d/p/01-no-bundle.patch to new version
  * [0c7d0d5] added URL to issue tracker in d/u/metadata
  * [5b8f435] Added options for a proper d/watch file
  * [66a236c] Added file d/s/lintian-overrides to ignore long lines of
              mapping data in html documentation
.
jackson-core (2.10.3-1) unstable; urgency=medium
.
  [ Mechtilde ]
  * [3cce7a0] New upstream version 2.10.2
  * [6ded601] New upstream version 2.10.3
  * [1f3ed8c] Added debian/upstream/metadata
  * [06056b2] Added year 2020 to d/copyright
  * [71c7a4d] Buped to Standard-Version 4.5.0
  * [a46e8c7] apapted d/p/01-no-bundle-patch to new upstream version
.
jackson-core (2.10.1-1) unstable; urgency=medium
.
  [ Mechtilde ]
  * [63928b7] New upstream version 2.10.1
  * [4ef437a] Updated debian/control
  * [d389c02] Apply patches newly
.
jackson-core (2.10.0-1) unstable; urgency=medium
.
  [ Mechtilde ]
  * [a47457b] Corrected long line and typo in debian/changelog
  * [a3fa1de] New upstream version 2.10.0
  * [4ce8aee] adapt debian/patches/no-bundle.patch to new version
  * [3640475] adapted debian/patches/series and added debian/patches/skip-jacoco.patch for the new version
  * [ba009bd] changed debian/maven.properties to disable test, which need more dependencies
  * [37c6c4e] added Rules-Requires-Root:no to debian/control
.
jackson-core (2.9.9-1) unstable; urgency=medium
.
  [ Mechtilde ]
  * debian/salsa-ci.yml was added when the repo was cloned
  * New upstream version 2.9.9
  * Use compat level 12
  * Add in Copyright entry for debian/*
  * Declare compliance with Debian Policy 4.4.0
    + Add Uploader
    + Change Version of debhelper
  * Removed debian/compat and changed debian/control
    +  Use debhelper-compat for choosing compat level
  * Removed debian/compat and changed debian/control
    +  Use debhelper-compat for choosing compat level
.
jackson-core (2.9.8-3) unstable; urgency=medium
.
  * Team upload.
  * Removed the moditect plugin from the oss-parent pom
.
jackson-core (2.9.8-2) unstable; urgency=medium
.
  * Team upload.
  * Removed the enforcer and gpg plugins from the jackson-base pom
.
jackson-core (2.9.8-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release
    - Refreshed the patches
    - Updated the extra poms installed with the package
    - Updated the path of the upstream changelog
  * Standards-Version updated to 4.3.0
  * Use salsa.debian.org Vcs-* URLs
.
jackson-core (2.9.4-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream version 2.9.4.
  * Use compat level 11.
  * Declare compliance with Debian Policy 4.1.3.
  * Update jackson-bom pom.
  * Install jackson-base-2.9.4.pom which is required by other jackson projects.
  * Drop fix-using-bundle.patch.
  * Add junit.patch, maven-enforcer.patch and no-bundle.patch.
  * Build-Depend on libmaven-enforcer-plugin-java.
.
jackson-core (2.9.1-1) unstable; urgency=medium
.
  * Team upload.
.
  [ Emmanuel Bourg ]
  * Removed the unused build dependency on libmaven-install-plugin-java
.
  [ Markus Koschany ]
  * New upstream version 2.9.1.
  * Declare compliance with Debian Policy 4.1.1.
  * Use source target 1.7.
  * Replace jackson-bom, jackson-parent and oss-parent with latest versions.
  * Drop empty maven.cleanIgnoreRules.
  * Use https for Format field.
  * Refresh fix-using-bundle.patch.
.
jackson-core (2.8.6-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release
.
jackson-core (2.8.5-2) unstable; urgency=medium
.
  * Team upload.
  * Install the jackson-bom POM
.
jackson-core (2.8.5-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Install the jackson-parent POM
  * Switch to debhelper level 10
.
jackson-core (2.7.3-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Removed the build dependency on libmaven-scm-java
  * Standards-Version updated to 3.9.8 (no changes)
  * Use secure Vcs-* URLs
.
jackson-core (2.4.2-1) unstable; urgency=medium
.
  * Team upload.
  * New upstream release.
  * control: Bump policy, no changes.
  * maven.{publishedR,r}ules: Fix version mangling.
  * fix-using-bundle.diff: Use extensions with bundle plugin.
  * control: Add libmaven-bundle-plugin-java to build-deps.
  * depend-on-junit.diff: Prevent needing jackson-parent, add a dependency
    on junit to pom.xml.
  * properties: Set encoding to UTF-8.
.
jackson-core (2.2.2-1) unstable; urgency=low
.
  * Initial release (Closes: #719323)
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1108367

More information about the pkg-java-maintainers mailing list