You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Sylwester Lachiewicz (Jira)" <ji...@apache.org> on 2023/03/10 16:10:00 UTC
[jira] [Updated] (MPH-196) Bump xstream to 1.4.20
[ https://issues.apache.org/jira/browse/MPH-196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sylwester Lachiewicz updated MPH-196:
-------------------------------------
Description:
[https://x-stream.github.io/changes.html]
This maintenance release addresses the security vulnerabilities [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
Note, the next major release 1.5 will require Java 11.
> Bump xstream to 1.4.20
> ----------------------
>
> Key: MPH-196
> URL: https://issues.apache.org/jira/browse/MPH-196
> Project: Maven Help Plugin
> Issue Type: Dependency upgrade
> Reporter: Sylwester Lachiewicz
> Priority: Trivial
> Fix For: 3.3.1
>
>
> [https://x-stream.github.io/changes.html]
>
> This maintenance release addresses the security vulnerabilities [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
> Note, the next major release 1.5 will require Java 11.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)