Source: async-http-client Severity: important User: debian-lts@lists.debian.org Usertags: upstream-trixie X-Debbugs-Cc: debian-lts@lists.debian.org
Dear async-http-client maintainer(s), Testing (trixie) currently ships async-http-client 2.12.3. Upstream released 2.12.4 and 3.0.1 (whose breaking changes are more involving) the last month of December. While I am not aware of any release schedule and EOL policy for async-http-client, I would say that the more recent release can be included in trixie, the better. And the easier would be to provide security updates to the users during the trixie life cycle. It is worth noting that upstream has already fixed one (minor) security issue, with the above mentioned versions: https://security-tracker.debian.org/tracker/CVE-2024-53990. This is actually https://bugs.debian.org/1089228, which made AHC to be removed from testing. If you need or want help packaging this recent upstream version, please don't hesitate to speak up. Someone from the LTS team may be interested in contributing (CC'ing debian-lts). Best regards, -- Santiago, for the LTS Team.
signature.asc
Description: PGP signature
