openrefine (3.5.2-1ubuntu0.1~esm1) jammy-security; urgency=medium

  * SECURITY UPDATE: Information leak
    - debian/patches/CVE-2023-41886-CVE-2023-41887.patch: Escape 
      database name to prevent local file reads
    - debian/patches/CVE-2024-23833.patch: Forbid defining settings in
      the host parameter
    - debian/patches/CVE-2024-49760.patch: Restricts the loading of 
      files to their expected subdirectory
    - CVE-2023-41886
    - CVE-2023-41887
    - CVE-2024-23833
    - CVE-2024-49760
  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2023-37476.patch: Fix zip slip vuln in project
      import command
    - debian/patches/CVE-2024-47878.patch: gdata: Check cb parameter in
      authorized command
    - debian/patches/CVE-2024-47880.patch: Drop support for contentType
      parameter
    - debian/patches/CVE-2024-47881.patch: Add restrictions when opening
      SQLite databases via the database extension
    - debian/patches/CVE-2024-47882.patch: Escape error and stack trace
    - CVE-2023-37476
    - CVE-2024-47878
    - CVE-2024-47880
    - CVE-2024-47881
    - CVE-2024-47882
  * SECURITY UPDATE: Cross site request forgery
    - debian/patches/CVE-2024-47879.patch: Add CSRF protection to
      commands that evaluate expressions
    - CVE-2024-47879

 -- Bruce Cable <bruce.cable@canonical.com>  Thu, 06 Feb 2025 16:13:42 +1100

openrefine (3.5.2-1) unstable; urgency=medium

  * Upload to unstable.
  * New upstream version 3.5.2.
   - Remove non-free lavalamp.js file.
   - Enable all extensions.
  * Depend on procps for openrefine script.

 -- Markus Koschany <apo@debian.org>  Sun, 20 Feb 2022 17:03:52 +0100

openrefine (3.5~git20210527-1) experimental; urgency=medium

  * Initial release. (Closes: #986604 )

 -- Markus Koschany <apo@debian.org>  Thu, 02 Sep 2021 06:56:05 +0200
