You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lukasz Lenart (Jira)" <ji...@apache.org> on 2021/09/26 07:55:00 UTC

[jira] [Created] (WW-5142) Upgrade XStream to version 1.4.18

Lukasz Lenart created WW-5142:
---------------------------------

             Summary: Upgrade XStream to version 1.4.18
                 Key: WW-5142
                 URL: https://issues.apache.org/jira/browse/WW-5142
             Project: Struts 2
          Issue Type: Dependency
          Components: Core
            Reporter: Lukasz Lenart
             Fix For: 2.6


This maintenance release addresses the security vulnerabilities CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, and CVE-2021-39154, when unmarshalling with an XStream instance using the default blacklist of an uninitialized security framework. XStream is therefore now using a whitelist by default.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)