You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Slawomir Jaranowski (Jira)" <ji...@apache.org> on 2023/03/11 19:13:00 UTC

[jira] [Assigned] (MPH-196) Bump xstream to 1.4.20

     [ https://issues.apache.org/jira/browse/MPH-196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Slawomir Jaranowski reassigned MPH-196:
---------------------------------------

    Assignee: Sylwester Lachiewicz

> Bump xstream to 1.4.20
> ----------------------
>
>                 Key: MPH-196
>                 URL: https://issues.apache.org/jira/browse/MPH-196
>             Project: Maven Help Plugin
>          Issue Type: Dependency upgrade
>            Reporter: Sylwester Lachiewicz
>            Assignee: Sylwester Lachiewicz
>            Priority: Trivial
>             Fix For: 3.4.0
>
>
> [https://x-stream.github.io/changes.html]
>  
> This maintenance release addresses the security vulnerabilities [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
> Note, the next major release 1.5 will require Java 11.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)