Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5142

Upgrade XStream to version 1.4.18

    XMLWordPrintableJSON

Details

    • Dependency
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.0.0
    • Core
    • None

    Description

      This maintenance release addresses the security vulnerabilities CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, and CVE-2021-39154, when unmarshalling with an XStream instance using the default blacklist of an uninitialized security framework. XStream is therefore now using a whitelist by default.

      Attachments

        Issue Links

          is related to

          Dependency - Issue is dependent on ... WW-5143 Upgrade Oval library to ver. 3.2.1

          • Major - Major loss of function.
          • Closed

          Activity

            People

              lukaszlenart Lukasz Lenart
              lukaszlenart Lukasz Lenart
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: