You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2021/09/27 10:22:00 UTC

[jira] [Commented] (WW-5142) Upgrade XStream to version 1.4.18

    [ https://issues.apache.org/jira/browse/WW-5142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17420645#comment-17420645 ] 

ASF subversion and git services commented on WW-5142:
-----------------------------------------------------

Commit 8ab65d79ef0ca2baec359608f5180a6ea54fcb71 in struts's branch refs/heads/WW-5142-oval from Lukasz Lenart
[ https://gitbox.apache.org/repos/asf?p=struts.git;h=8ab65d7 ]

WW-5143 WW-5142 Upgrades OVal to ver. 3.2.1 and upgrades XStream to ver 1.4.18


> Upgrade XStream to version 1.4.18
> ---------------------------------
>
>                 Key: WW-5142
>                 URL: https://issues.apache.org/jira/browse/WW-5142
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Core
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>            Priority: Major
>             Fix For: 2.6
>
>
> This maintenance release addresses the security vulnerabilities CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, and CVE-2021-39154, when unmarshalling with an XStream instance using the default blacklist of an uninitialized security framework. XStream is therefore now using a whitelist by default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)