Jattison 3pp latest version in Xstream 3PP package
64 views
Skip to first unread message
Abhishek Kant
Jan 4, 2023, 12:21:05 AM1/4/23
to XStream User
Hello Team
We have got below High Severity vulnerabilities on Jettison 3PP which is now bundled in Xstream 3PP.
- CVE-2022-40149
- CVE-2022-40150
The latest Xstream 3pp version (1.4.20) currently includes Jettison version 1.2.
Above mentioned vulnerabilities are fixed in the latest Jettison version 1.5.3.
Can you please confirm in which Xstream version this will include the latest Jettison version(1.5.3) in the Xstream package?
Jörg Schaible
Jan 4, 2023, 5:53:34 PM1/4/23
to XStream User
On Wednesday, 4. January 2023, 06:21:05 CET Abhishek Kant wrote:
> Hello Team
>
> We have got below High Severity vulnerabilities on Jettison 3PP which is
> now bundled in Xstream 3PP.
>
> - CVE-2022-40149
> Hello Team
>
> We have got below High Severity vulnerabilities on Jettison 3PP which is
> now bundled in Xstream 3PP.
>
> - CVE-2022-40150
>
> The latest Xstream 3pp version (1.4.20) currently includes Jettison
> version 1.2.
>
> Above mentioned vulnerabilities are fixed in the latest Jettison version
> 1.5.3.
>
> Can you please confirm in which Xstream version this will include the
> latest Jettison version(1.5.3) in the Xstream package?
Jettison is an optional dependency, so it is more or less your choice, what
> The latest Xstream 3pp version (1.4.20) currently includes Jettison
> version 1.2.
>
> Above mentioned vulnerabilities are fixed in the latest Jettison version
> 1.5.3.
>
> Can you please confirm in which Xstream version this will include the
> latest Jettison version(1.5.3) in the Xstream package?
version of Jettison you're actually using (as long as it is no version between
1.2.0 and 4.1.0, those were buggy). For Jettison ·4 or higher you will have to
provide a Jettison configuration that disables root as element wrapper.
Why does XStream 1.4.x use Jettison 1.2? Because it is the only working
version that is still compatible to Java 1.4.
Regards,
Jörg
Abhishek Kant
Jan 6, 2023, 4:20:24 AM1/6/23
to XStream User
Hello Jorg,
Regards,
Abhishek
Abhishek Kant
Jan 9, 2023, 10:41:51 PM1/9/23
to xstrea...@googlegroups.com
Hi Jorg,
Any update on this?
--
You received this message because you are subscribed to a topic in the Google Groups "XStream User" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/xstream-user/xhwq9qP1xBU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to xstream-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xstream-user/7fa68c20-87ad-47d1-94b7-3f8be85118fan%40googlegroups.com.
Abhishek Kant
Jan 16, 2023, 4:49:06 AM1/16/23
to XStream User
hi,
Any update on this..
Any update on this..
Jörg Schaible
Jan 16, 2023, 4:49:14 PM1/16/23
to XStream User
Hello Abhishek,
if it works for you - fine, then use it. For me it is not a compatible
replacement:
================ %< ============
Failed tests:
testArrayList(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithOneSimpleObject(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithSimpleObjects(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithDifferentSimpleObjects(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testSingletonListWithComplexObject(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithComplexNestedObjects(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testEmbeddedXml(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
Tests run: 2035, Failures: 7, Errors: 0, Skipped: 0
================ %< ============
And it is no longer compatible to supported Java versions 1.5 to 1.7 (with
Java 1.4 you have to use Jettison 1.0.1 anyway).
Regards,
Jörg
On Monday, 16. January 2023, 10:49:06 CET Abhishek Kant wrote:
> hi,
>
> Any update on this..
>
> On Tuesday, January 10, 2023 at 9:11:51 AM UTC+5:30 Abhishek Kant wrote:
> > Hi Jorg,
> >
> > Any update on this?
> >
> > On Fri, Jan 6, 2023 at 2:50 PM Abhishek Kant <abhishekk...@gmail.com>
> >
> > wrote:
> >> Hello Jorg,
> >>
> >>
> >> As per GitHub - jettison-json/jettison
> >> <https://github.com/jettison-json/jettison>, latest available version of
if it works for you - fine, then use it. For me it is not a compatible
replacement:
================ %< ============
Failed tests:
testArrayList(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithOneSimpleObject(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithSimpleObjects(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithDifferentSimpleObjects(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testSingletonListWithComplexObject(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testListWithComplexNestedObjects(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
testEmbeddedXml(com.thoughtworks.xstream.io.json.JettisonMappedXmlDriverTest)
Tests run: 2035, Failures: 7, Errors: 0, Skipped: 0
================ %< ============
And it is no longer compatible to supported Java versions 1.5 to 1.7 (with
Java 1.4 you have to use Jettison 1.0.1 anyway).
Regards,
Jörg
On Monday, 16. January 2023, 10:49:06 CET Abhishek Kant wrote:
> hi,
>
> Any update on this..
>
> On Tuesday, January 10, 2023 at 9:11:51 AM UTC+5:30 Abhishek Kant wrote:
> > Hi Jorg,
> >
> > Any update on this?
> >
> > On Fri, Jan 6, 2023 at 2:50 PM Abhishek Kant <abhishekk...@gmail.com>
> >
> > wrote:
> >> Hello Jorg,
> >>
> >>
> >> As per GitHub - jettison-json/jettison
> >> You received this message because you are subscribed to a topic in the
> >> Google Groups "XStream User" group.
> >> To unsubscribe from this topic, visit
> >> https://groups.google.com/d/topic/xstream-user/xhwq9qP1xBU/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to
> >> xstream-user...@googlegroups.com.
> >> To view this discussion on the web visit
> >> https://groups.google.com/d/msgid/xstream-user/7fa68c20-87ad-47d1-94b7-3f
> >> 8be85118fan%40googlegroups.com
> >> <https://groups.google.com/d/msgid/xstream-user/7fa68c20-87ad-47d1-94b7-> >> 3f8be85118fan%40googlegroups.com?utm_medium=email&utm_source=footer> .
> >> Google Groups "XStream User" group.
> >> To unsubscribe from this topic, visit
> >> https://groups.google.com/d/topic/xstream-user/xhwq9qP1xBU/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to
> >> xstream-user...@googlegroups.com.
> >> To view this discussion on the web visit
> >> https://groups.google.com/d/msgid/xstream-user/7fa68c20-87ad-47d1-94b7-3f
> >> 8be85118fan%40googlegroups.com
Abhishek Kant
Jan 17, 2023, 10:06:17 PM1/17/23
to xstrea...@googlegroups.com
Java 8, Jettison 1.5.3 and Xstream 1.4.20
is this combination compatible? Please confirm
--
You received this message because you are subscribed to the Google Groups "XStream User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xstream-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xstream-user/4734686.yZCHtGQ10f%40floh.
Abhishek Kant
Jan 23, 2023, 2:04:51 AM1/23/23
to xstrea...@googlegroups.com
any update on this?
Abhishek Kant
Feb 1, 2023, 6:24:34 AM2/1/23
to xstrea...@googlegroups.com
Hello,
any update on this
Abhishek Kant
Feb 5, 2023, 11:03:38 PM2/5/23
to xstrea...@googlegroups.com
Hi Team,
I am looking for the answer to below request.
Java 8, Jettison 1.5.3 and Xstream 1.4.20
Abhishek Kant
Feb 10, 2023, 12:08:45 AM2/10/23
to xstrea...@googlegroups.com
Hello,
Any update on this?
Any update on this?
Reply all
Reply to author
Forward
0 new messages