h2database (1.4.193-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Security researchers of JFrog Security and Ismail Aydemir discovered two
    remote code execution vulnerabilities in the H2 Java SQL database engine
    which can be exploited through various attack vectors, most notably through
    the H2 Console and by loading custom classes from remote servers through
    JNDI. The H2 console is a developer tool and not required by any
    reverse-dependency in Debian. It has been disabled in (old)stable
    releases. Database developers are advised to use at least version
    2.1.210-1, currently available in Debian unstable.

 -- Markus Koschany <apo@debian.org>  Mon, 14 Feb 2022 22:32:54 +0100

h2database (1.4.193-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 11 Nov 2016 22:00:48 +0100

h2database (1.4.192-3) unstable; urgency=medium

  * Transition to the Servlet API 3.1
  * Switch to debhelper level 10

 -- Emmanuel Bourg <ebourg@apache.org>  Wed, 26 Oct 2016 09:18:19 +0200

h2database (1.4.192-2) unstable; urgency=medium

  * Fixed the build failure in offline mode

 -- Emmanuel Bourg <ebourg@apache.org>  Sat, 18 Jun 2016 23:41:19 +0200

h2database (1.4.192-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Team upload.
  * Set the locale when generating the javadoc to improve the reproducibility
  * Standards-Version updated to 3.9.8 (no changes)
  * Use a secure Vcs-Git URL

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 03 Jun 2016 13:00:51 +0200

h2database (1.4.191-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches

 -- Emmanuel Bourg <ebourg@apache.org>  Fri, 29 Jan 2016 22:30:08 +0100

h2database (1.4.190-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
    - Depend on libservlet3.0-java (Closes: #801039)
  * Watch and download the new releases from GitHub

 -- Emmanuel Bourg <ebourg@apache.org>  Mon, 21 Dec 2015 13:52:11 +0100

h2database (1.4.185-2) unstable; urgency=medium

  * Team upload.
  * Drop 04-jts-compatibility.patch. No longer needed with jts 1.13.
  * Switch to libservlet3.1-java. (Closes: #801039)

 -- Markus Koschany <apo@debian.org>  Wed, 11 Nov 2015 18:15:35 +0100

h2database (1.4.185-1) unstable; urgency=low

  * Initial release. (Closes: #607891)

 -- Emmanuel Bourg <ebourg@apache.org>  Tue, 17 Feb 2015 08:16:31 +0100
