XStream 1.4 has 3 CVEs, does the Saros team plan on updating?
17 views
Skip to first unread message
tcf...@gmail.com
Sep 14, 2018, 9:34:26 AM9/14/18
to Saros User
Does the Saros team plan on moving away from XStream 1.4? It appears that it has three CVEs out for it:
CVE-2013-7285
CVE-2016-3674
CVE-2017-7957
7285 is a 9 while the other two are 7s.
CVE-2013-7285
CVE-2016-3674
CVE-2017-7957
7285 is a 9 while the other two are 7s.
kelvin.glass
Sep 18, 2018, 1:51:44 AM9/18/18
to Saros User
Hello,
we plan to update our out-dated dependencies (especially libraries with a snapshot version). Therefore we are currently working on a JDK update which should allow us to use the newest XStream version (1.4.10).
We already started a corresponding discussions in issue [1].
Feel free to contribute.
Thank you,
Kelvin
[1] - https://github.com/saros-project/saros/issues/209
Reply all
Reply to author
Forward
0 new messages