| Release | Version |
|---|---|
| bullseye | 2.18.0+r2.14.6-1 |
| bookworm | 2.20.3-1 |
| trixie | 2.20.11-1.1 |
| forky | 2.20.11-1.1 |
| sid | 2.20.11-1.1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-58782 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | Deserialization of Untrusted Data vulnerability in Apache Jackrabbit C ... |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-53689 | vulnerable | vulnerable | fixed | fixed | fixed | Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-cor ... |
| CVE-2023-37895 | vulnerable | vulnerable | fixed | fixed | fixed | Java object deserialization issue in Jackrabbit webapp/standalone on a ... |
| Bug | Description |
|---|---|
| CVE-2016-6801 | Cross-site request forgery (CSRF) vulnerability in the CSRF content-ty ... |
| CVE-2015-1833 | XML external entity (XXE) vulnerability in Apache Jackrabbit before 2. ... |
| DSA / DLA | Description |
|---|---|
| DSA-3679-1 | jackrabbit - security update |
| DLA-629-1 | jackrabbit - security update |
| DSA-3298-1 | jackrabbit - security update |