You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lukasz Lenart (Jira)" <ji...@apache.org> on 2021/09/26 07:58:00 UTC
[jira] [Updated] (WW-5142) Upgrade XStream to version 1.4.18
[ https://issues.apache.org/jira/browse/WW-5142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Lenart updated WW-5142:
------------------------------
Priority: Major (was: Trivial)
> Upgrade XStream to version 1.4.18
> ---------------------------------
>
> Key: WW-5142
> URL: https://issues.apache.org/jira/browse/WW-5142
> Project: Struts 2
> Issue Type: Dependency
> Components: Core
> Reporter: Lukasz Lenart
> Assignee: Lukasz Lenart
> Priority: Major
> Fix For: 2.6
>
>
> This maintenance release addresses the security vulnerabilities CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, and CVE-2021-39154, when unmarshalling with an XStream instance using the default blacklist of an uninitialized security framework. XStream is therefore now using a whitelist by default.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)