You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2021/04/06 06:00:54 UTC
[struts] branch master updated: Excludes vulnerable version of
mxparser and uses fixed one
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/master by this push:
new 09f969a Excludes vulnerable version of mxparser and uses fixed one
09f969a is described below
commit 09f969a9bebe31370df64702a61420f14ead6271
Author: Lukasz Lenart <lu...@apache.org>
AuthorDate: Tue Apr 6 08:00:49 2021 +0200
Excludes vulnerable version of mxparser and uses fixed one
---
pom.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/pom.xml b/pom.xml
index 7373522..d0122a7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1122,9 +1122,20 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.16</version>
+ <exclusions>
+ <exclusion>
+ <groupId>io.github.x-stream</groupId>
+ <artifactId>mxparser</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
+ <groupId>io.github.x-stream</groupId>
+ <artifactId>mxparser</artifactId>
+ <version>1.2.1</version>
+ </dependency>
+ <dependency>
<groupId>javax.persistence</groupId>
<artifactId>persistence-api</artifactId>
<version>1.0.2</version>