You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to XStream User
Dear Community,
XStream 1.4.18 has been released and is also available on Maven Central. The
version targets the security vulnerabilities CVE-2021-39139 to CVE-2021-39141
and CVE-2021-39144 to CVE-2021-39154.
Nine years ago XStream 1.4.12 was released with the possibility to use its
Security Framework to setup a whitelist. Since then XSteam has always strongly
recommended this to all users. The history has shown now that it is not
possible to maintain a blacklist and keep XStream secure, therefore this
release is the first one that uses a whitelist with basic types by default. You
will have to add your own types to this list to process the XML.