undertow (1.3.16-1ubuntu0.1~esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: user session takeover issue
    - debian/patches/CVE-2025-12543-1.patch: Add handler to scrutinize Host
      header in request. Fix IP regex patterns to have proper range and
      include embedded adr
    - debian/patches/CVE-2025-12543-2.patch: Add checks for empty Host
      header
    - CVE-2025-12543

 -- Nishit Majithia <nishit.majithia@canonical.com>  Wed, 01 Apr 2026 12:06:44 +0530

undertow (1.3.16-1) unstable; urgency=medium

  * Imported Upstream version 1.3.16.
  * Vcs-Git: Use https.

 -- Markus Koschany <apo@debian.org>  Sat, 30 Jan 2016 17:03:04 +0100

undertow (1.3.11-1) unstable; urgency=medium

  * debian/rules: Do not execute dh_auto_test to prevent a FTBFS due
    to a bug in maven-compiler-plugin 3.2. (Closes: #808691)
  * Imported Upstream version 1.3.11.

 -- Markus Koschany <apo@debian.org>  Thu, 24 Dec 2015 19:56:00 +0100

undertow (1.3.7-1) unstable; urgency=medium

  * Imported Upstream version 1.3.7.

 -- Markus Koschany <apo@debian.org>  Fri, 27 Nov 2015 19:40:51 +0100

undertow (1.3.5-1) unstable; urgency=medium

  * Imported Upstream version 1.3.5.
  * Change homepage field to undertow.io.

 -- Markus Koschany <apo@debian.org>  Mon, 16 Nov 2015 17:25:21 +0100

undertow (1.3.4-1) unstable; urgency=medium

  * Initial release (Closes: #767001)

 -- Markus Koschany <apo@debian.org>  Mon, 02 Nov 2015 17:57:08 +0100
