Dear maintainer,

Your package still depends on the old, obsolete PCRE3[0] libraries
(i.e. libpcre3-dev). This has been end of life for a while now, and
upstream do not intend to fix any further bugs in it. Accordingly, I
would like to remove the pcre3 libraries from Debian, preferably in
time for the release of Bookworm.

The newer PCRE2 library was first released in 2015, and has been in
Debian since stretch. Upstream's documentation for PCRE2 is available
here: https://pcre.org/current/doc/html/

Many large projects that use PCRE have made the switch now (e.g. git,
php); it does involve some work, but we are now at the stage where
PCRE3 should not be used, particularly if it might ever be exposed to
untrusted input.

This mass bug filing was discussed on debian-devel@ in
https://lists.debian.org/debian-devel/2021/11/msg00176.html

Regards,

Matthew [0] Historical reasons mean that old PCRE is packaged as
pcre3 in Debian

Please find attached a patch which I admit I could not test properly.

This package is fairly specialized and I'm absolutely unfamiliar with
it.  It requires some extra knowledge and right configuration in order
to expose the functionality that has to be tested.  Also, some of the
affected plugins fail to load due to #1020989.

The testsuite passes, and the server runs and loads some of the
pcre-based global plugins.  I also tested loading of the remap plugins
with a hack to workaround #1020989 (I'll follow-up there with more
details).

Somehow, trafficserver's bookworm-security version got into unstable and the package has migrated despite this issue.
I have never seen such a thing and am copying FTP Master.

Please note that this is fixed now and will be released with 10.2.0.