You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lukasz Lenart (Jira)" <ji...@apache.org> on 2021/09/26 07:57:00 UTC

[jira] [Assigned] (WW-5142) Upgrade XStream to version 1.4.18

     [ https://issues.apache.org/jira/browse/WW-5142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lukasz Lenart reassigned WW-5142:
---------------------------------

    Assignee: Lukasz Lenart

> Upgrade XStream to version 1.4.18
> ---------------------------------
>
>                 Key: WW-5142
>                 URL: https://issues.apache.org/jira/browse/WW-5142
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Core
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>            Priority: Trivial
>             Fix For: 2.6
>
>
> This maintenance release addresses the security vulnerabilities CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, and CVE-2021-39154, when unmarshalling with an XStream instance using the default blacklist of an uninitialized security framework. XStream is therefore now using a whitelist by default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)