You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jmeter.apache.org by GitBox <gi...@apache.org> on 2021/04/06 16:53:22 UTC
[GitHub] [jmeter] sseide opened a new pull request #655: update x-stream to 1.4.16 (from 1.4.15)
sseide opened a new pull request #655:
URL: https://github.com/apache/jmeter/pull/655
## Description
security update for com.thoughtworks.xstream:xstream from 1.4.15 to 1.4.16
## Motivation and Context
This update fixes the following CVE:
- CVE-2021-21341 (High)
- CVE-2021-21342 (Medium)
- CVE-2021-21343 (Medium)
- CVE-2021-21344 (Medium)
- CVE-2021-21345 (Medium)
- CVE-2021-21346 (Medium)
- CVE-2021-21347 (Medium)
- CVE-2021-21348 (Medium)
- CVE-2021-21349 (Medium)
- CVE-2021-21350 (Medium)
- CVE-2021-21351 (Medium)
## How Has This Been Tested?
Tested with running `gradlew test` and within our own installation where this library was replaced.
## Types of changes
<!--- What types of changes does your code introduce? Delete as appropriate -->
- Bug fix (non-breaking change which fixes an issue)
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [x] My code follows the [code style][style-guide] of this project.
- [x] I have updated the documentation accordingly.
[style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] asfgit closed pull request #655: update x-stream to 1.4.16 (from 1.4.15)
Posted by GitBox <gi...@apache.org>.
asfgit closed pull request #655:
URL: https://github.com/apache/jmeter/pull/655
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] FSchumacher commented on pull request #655: update x-stream to 1.4.16 (from 1.4.15)
Posted by GitBox <gi...@apache.org>.
FSchumacher commented on pull request #655:
URL: https://github.com/apache/jmeter/pull/655#issuecomment-817125585
Thanks for the PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] sseide commented on pull request #655: update x-stream to 1.4.16 (from 1.4.15)
Posted by GitBox <gi...@apache.org>.
sseide commented on pull request #655:
URL: https://github.com/apache/jmeter/pull/655#issuecomment-814278372
Somehow unrelated question - the gradle build tools generate a new / updated `checksum.xml`.
Why does this file contains a reference to xerces:xercesImpl at version 2.9.1 AND 2.12.1? Dependency resolution shows version 2.12.1 only.
Thats the other change for that file after running gradle. It was not me...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jmeter] FSchumacher commented on pull request #655: update x-stream to 1.4.16 (from 1.4.15)
Posted by GitBox <gi...@apache.org>.
FSchumacher commented on pull request #655:
URL: https://github.com/apache/jmeter/pull/655#issuecomment-817125559
> Somehow unrelated question - the gradle build tools generate a new / updated `checksum.xml`.
> Why does this file contains a reference to xerces:xercesImpl at version 2.9.1 AND 2.12.1? Dependency resolution shows version 2.12.1 only.
> Thats the other change for that file after running gradle. It was not me...
The `2.9.1` has been probably forgotten to be removed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org