openrefine (3.9.5-1) experimental; urgency=medium

  * New upstream version 3.9.5.
  * Refresh jetty9.patch.
  * Tighten build-dependency on libwikidata-toolkit-java to >= 0.17.0.
  * Declare compliance with Debian Policy 4.7.2.

 -- Markus Koschany <apo@debian.org>  Sat, 27 Sep 2025 23:48:34 +0200

openrefine (3.9.3-1) experimental; urgency=medium

  * New upstream version 3.9.3.
    - gdata and phonetic extensions were removed.
    - install core and grel modules.
  * Refresh all patches.
  * Add MediaWikiErrorMessage.patch because we need to update
    libwikidata-toolkit-java first.
  * Add test-jar.patch and don't require the test jars to build openrefine.
  * Add jackson-datatype-jdk8.patch because we don't support Java 8 anymore.

 -- Markus Koschany <apo@debian.org>  Sun, 25 May 2025 15:30:04 +0200

openrefine (3.8.7-1) unstable; urgency=medium

  * New upstream version 3.8.7.
    - Fix CVE-2024-49760, CVE-2024-47882, CVE-2024-47881, CVE-2024-47880,
      CVE-2024-47879 and CVE-2024-47878. (Closes: #1086041)
  * Refresh the patches.
  * Add new maven plugins to maven.ignore rules.
  * Add jetty9.patch and revert back to Debian's Jetty9 version. We upgrade to
    Jetty12 in the near future.
  * Declare compliance with Debian Policy 4.7.0.

 -- Markus Koschany <apo@debian.org>  Thu, 02 Jan 2025 18:55:19 +0100

openrefine (3.7.8-1) unstable; urgency=high

  * New upstream version 3.7.8
    - Fix CVE-2024-23833: A jdbc attack vulnerability exists in OpenRefine
      where an attacker may construct a JDBC query which may read files on
      the host filesystem. (Closes: #1064192)
      Thanks to Salvatore Bonaccorso for the report.

 -- Markus Koschany <apo@debian.org>  Sat, 06 Apr 2024 21:45:36 +0200

openrefine (3.7.7-1) unstable; urgency=medium

  * New upstream version 3.7.7.

 -- Markus Koschany <apo@debian.org>  Sun, 03 Dec 2023 11:51:18 +0100

openrefine (3.7.6-1) unstable; urgency=medium

  * New upstream version 3.7.6.

 -- Markus Koschany <apo@debian.org>  Tue, 17 Oct 2023 22:34:25 +0200

openrefine (3.7.5-1) unstable; urgency=medium

  * New upstream version 3.7.5.

 -- Markus Koschany <apo@debian.org>  Fri, 15 Sep 2023 12:37:36 +0200

openrefine (3.7.4-1) unstable; urgency=medium

  * New upstream version 3.7.4
  * Drop CVE-2023-37476.patch. Fixed upstream.
  * Remove log4j-api.patch.
  * Remove no-java-files.patch.
  * Build-Depend on liblocalizer-java.
  * Use and document upstream's appstream meta file.
  * Install upstream's desktop file.
  * Depend on fonts-glyphicons-halflings and replace embedded font files.
  * Add debian/openrefine.lintian-overrides.
  * Ignore Lintian warning embedded-javascript-library and explain why.

 -- Markus Koschany <apo@debian.org>  Fri, 08 Sep 2023 13:55:04 +0200

openrefine (3.6.2-3) unstable; urgency=medium

  * Tighten B-D on commons-io to >= 2.11.0.
  * Fix CVE-2023-37476 and automatically refresh all other patches.
    OpenRefine is a free, open source tool for data processing. A carefully
    crafted malicious OpenRefine project tar file can be used to trigger
    arbitrary code execution in the context of the OpenRefine process if a user
    can be convinced to import it. (Closes: #1041422)
  * Declare compliance with Debian Policy 4.6.2.

 -- Markus Koschany <apo@debian.org>  Fri, 18 Aug 2023 01:37:01 +0200

openrefine (3.6.2-2) unstable; urgency=medium

  * Depend on libjoda-time-java and liboro-java.
    Thanks to Robert Jäschke for the report! (Closes: #1022760)
  * Load the refine configuration before parsing the command line options.
    Thanks to Robert Jäschke for the report! (Closes: #1033355)
  * Symlink commons-lang-2.6 into server directory to fix another
    ClassNotFound exception.

 -- Markus Koschany <apo@debian.org>  Wed, 05 Apr 2023 20:20:17 +0200

openrefine (3.6.2-1) unstable; urgency=medium

  * New upstream version 3.6.2. (Closes: #1022761)
  * Add 3rdparty missing sources. (Closes: #1022760)
    These Javascript files are currently missing from the original sources
    because they are downloaded separately with npm.
  * Tighten dependency on librhino-java to >= 1.7.14. Otherwise there was a
    silent error in the web application which made it unusable.
  * Link titanium-json-ld into webapp directory.

 -- Markus Koschany <apo@debian.org>  Tue, 14 Feb 2023 00:34:16 +0100

openrefine (3.6.1-1) unstable; urgency=medium

  * New upstream version 3.6.1.
  * Refresh all patches except of javalamp patch.
  * Tighten dependency on apache-jena and wikidata toolkit.
  * Depend on liblanguage-detector-java.
  * Add gdata-extension.patch.
  * Declare compliance with Debian Policy 4.6.1.

 -- Markus Koschany <apo@debian.org>  Thu, 29 Sep 2022 23:58:11 +0200

openrefine (3.5.2-2) unstable; urgency=medium

  * Build-depend on libokhttp-java (>= 3.13.1-3~)
  * Tighten dependency on libgoogle-api-client-java.
  * Remove dependency on tomcat9 because the tomcat9-annotations-api is
    apparently not required.
  * Update the Dockerfile and add a README file to document how to build the
    image and run the container. Install both files as examples into
    /usr/share/doc/openrefine/examples.

 -- Markus Koschany <apo@debian.org>  Tue, 08 Mar 2022 13:49:15 +0100

openrefine (3.5.2-1) unstable; urgency=medium

  * Upload to unstable.
  * New upstream version 3.5.2.
   - Remove non-free lavalamp.js file.
   - Enable all extensions.
  * Depend on procps for openrefine script.

 -- Markus Koschany <apo@debian.org>  Sun, 20 Feb 2022 17:03:52 +0100

openrefine (3.5~git20210527-1) experimental; urgency=medium

  * Initial release. (Closes: #986604 )

 -- Markus Koschany <apo@debian.org>  Thu, 02 Sep 2021 06:56:05 +0200
