node-follow-redirects (1.2.4-1ubuntu0.20.04.1~esm1) focal-security; urgency=medium

  * SECURITY UPDATE: Exposure of private information during cross-domain
    redirect forwarding
    - debian/patches/CVE-2022-0155.patch: Drop Cookie headers across domains in
      index.js and add relevant tests in test/test-with-server.js
    - CVE-2022-0155
  * SECURITY UPDATE: Improper sensitive header removal during cross-scheme
    redirect handling
    - debian/patches/CVE-2022-0536.patch: Drop confidential headers across
      schemes in index.js and add relevant tests in test/test-with-server.js
    - CVE-2022-0536
  * SECURITY UPDATE: Improper URL validation during bracketed hostname parsing
    - debian/patches/CVE-2023-26159.patch: Disallow bracketed hostnames in
      index.js and add relevant tests in test/test-with-server.js
    - debian/patches/CVE-2023-26159-post1.patch: Fix native URL detection in
      index.js
    - CVE-2023-26159
  * SECURITY UPDATE: Exposure of proxy credentials during cross-host redirect
    handling
    - debian/patches/CVE-2024-28849.patch: Drop proxy-authentication headers
      across hosts in index.js and add relevant tests in
      test/test-with-server.js
    - CVE-2024-28849

 -- Shafayat Hossain Majumder <shafayat.majumder@canonical.com>  Fri, 24 Apr 2026 11:09:54 -0400

node-follow-redirects (1.2.4-1) unstable; urgency=low

  * Initial release (Closes: #876032)

 -- Pirate Praveen <praveen@debian.org>  Sun, 17 Sep 2017 21:50:18 +0530
