You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2023/03/10 16:10:00 UTC

[jira] [Updated] (MPH-196) Bump xstream to 1.4.20

     [ https://issues.apache.org/jira/browse/MPH-196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sylwester Lachiewicz updated MPH-196:
-------------------------------------
    Description: 
[https://x-stream.github.io/changes.html]

 

This maintenance release addresses the security vulnerabilities [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.

Note, the next major release 1.5 will require Java 11.

> Bump xstream to 1.4.20
> ----------------------
>
>                 Key: MPH-196
>                 URL: https://issues.apache.org/jira/browse/MPH-196
>             Project: Maven Help Plugin
>          Issue Type: Dependency upgrade
>            Reporter: Sylwester Lachiewicz
>            Priority: Trivial
>             Fix For: 3.3.1
>
>
> [https://x-stream.github.io/changes.html]
>  
> This maintenance release addresses the security vulnerabilities [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
> Note, the next major release 1.5 will require Java 11.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)