[MPH-196] Bump xstream to 1.4.20 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Dependency upgrade
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.4.0
Component/s: None
Labels:
None

Description

https://x-stream.github.io/changes.html

This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.

Note, the next major release 1.5 will require Java 11.

Attachments

Issue Links

links to

GitHub Pull Request #81

Activity

People

Assignee:: Sylwester Lachiewicz

Reporter:: Sylwester Lachiewicz

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Mar/23 16:06

Updated:: 11/Mar/23 19:12

Resolved:: 10/Mar/23 16:33