resteasy (3.0.6-3ubuntu0.1~esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: Several vulnerabilities and information disclosures
    - CVE-2016-6345.patch: Information disclosure through async job service
    - CVE-2016-6346.patch: Denial of service through GZIPInterceptor module
    - CVE-2016-6347.patch: XSS in the default exception handler
    - CVE-2016-6348.patch: XSSI through JacksonJsonpInterceptor module
    - CVE-2016-7050.patch: RCE through SerializableProvider module
    - CVE-2020-1695.patch: Input validation issue leads to unexpected behavior
    - CVE-2020-10688.patch: XSS  due to improper URL handling during exception
    - CVE-2021-20289.patch: Endpoint information unexpectedly disclosed
    - CVE-2024-9622.patch: Denial of service through failed http decoder state
    - pre-CVE-2020-25633.patch: Build with java 8 syntax to help backport
    - CVE-2020-25633.patch: Server information disclosure during exception
    - CVE-2023-0482.patch: Temporary files created with insecure permissions

 -- Noam Nedelec-Salmon <noam.nedelecsalmon@canonical.com>  Tue, 01 Jul 2025 11:55:04 +0200

resteasy (3.0.6-3) unstable; urgency=medium

  * Team upload.
  * Removed the build dependencies on glassfish-activation
    and libservlet2.5-java
  * Build depend on libtomcat8-java instead of libtomcat7-java

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 31 Jul 2015 16:03:37 +0200

resteasy (3.0.6-2) unstable; urgency=high

  * Team upload.
  * Fix CVE-2014-7839: External entities expanded by DocumentProvider
    (Closes: #770544)
  * Standards-Version updated to 3.9.6 (no changes)

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 24 Nov 2014 23:36:45 +0100

resteasy (3.0.6-1) unstable; urgency=medium

  * Team upload.
  * revert-to-jsr250-api.diff: Revert a commit to fix build.
  * libresteasy-java.poms: Ignore json-p-ee7 and resteasy-servlet-
    initializer.

 -- Timo Aaltonen <tjaalton@debian.org>  Fri, 17 Oct 2014 18:29:12 +0300

resteasy (3.0.1-1) unstable; urgency=medium

  * Initial release (Closes: #734734)

 -- Timo Aaltonen <tjaalton@debian.org>  Thu, 04 Sep 2014 22:59:53 +0300
