[ANN] XStream 1.4.18 released
27 views
Skip to first unread message
Jörg Schaible
Aug 22, 2021, 2:10:14 PM8/22/21
to XStream User
Dear Community,
XStream 1.4.18 has been released and is also available on Maven Central. The
version targets the security vulnerabilities CVE-2021-39139 to CVE-2021-39141
and CVE-2021-39144 to CVE-2021-39154.
Nine years ago XStream 1.4.12 was released with the possibility to use its
Security Framework to setup a whitelist. Since then XSteam has always strongly
recommended this to all users. The history has shown now that it is not
possible to maintain a blacklist and keep XStream secure, therefore this
release is the first one that uses a whitelist with basic types by default. You
will have to add your own types to this list to process the XML.
Regards,
XStream Committers
XStream 1.4.18 has been released and is also available on Maven Central. The
version targets the security vulnerabilities CVE-2021-39139 to CVE-2021-39141
and CVE-2021-39144 to CVE-2021-39154.
Nine years ago XStream 1.4.12 was released with the possibility to use its
Security Framework to setup a whitelist. Since then XSteam has always strongly
recommended this to all users. The history has shown now that it is not
possible to maintain a blacklist and keep XStream secure, therefore this
release is the first one that uses a whitelist with basic types by default. You
will have to add your own types to this list to process the XML.
Regards,
XStream Committers
Reply all
Reply to author
Forward
0 new messages