[Pkg-nginx-maintainers] Bug#1050186: libnginx-mod-http-lua: depends on obsolete pcre3 library
Bastian Germann
bage at debian.org
Mon Aug 21 16:24:33 BST 2023
Source: libnginx-mod-http-lua
Severity: serious
Version: 1:0.10.25-1
User: matthew-pcredep at debian.org
Usertags: obsolete-pcre3
Dear maintainer,
When the pcre3 -> pcre2 mass bug was filed, this package was left out.
I am filing this (edited copy) after the fact:
Your package still depends on the old, obsolete PCRE3 libraries
(i.e. libpcre3-dev). This has been end of life for a while now, and
upstream do not intend to fix any further bugs in it. Accordingly, we
would like to remove the pcre3 libraries from Debian.
The newer PCRE2 library was first released in 2015, and has been in
Debian since stretch. Upstream's documentation for PCRE2 is available
here: https://pcre.org/current/doc/html/
Many large projects that use PCRE have made the switch now (e.g. git,
php); it does involve some work, but we are now at the stage where
PCRE3 should not be used, particularly if it might ever be exposed to
untrusted input.
This mass bug filing was discussed on debian-devel@ in
https://lists.debian.org/debian-devel/2021/11/msg00176.html
Thanks,
Bastian
More information about the Pkg-nginx-maintainers
mailing list