CWE-787 Security vulnerability XStream

Geoffrey De Smet

unread,

Sep 27, 2022, 7:28:08 AM9/27/22

to XStream User

Hi all,

Github's Dependabot alerts me to this issue below in XStream.

Is there a fix available on Maven Central? Or in progress?

Wkr, Geoffrey

Geoffrey De Smet

unread,

Sep 27, 2022, 7:31:11 AM9/27/22

to XStream User

The issue reports at severity "High". Even though our open source library (optaplanner) only parses xml files with xstream that are code, so the risk is actually low for us,
it doesn't present an important reputation harm for depending on a vulnerable version.

Vikas Gaur

unread,

Oct 13, 2022, 4:23:49 AM10/13/22

to XStream User

Hello Everyone !

Any version available for this fix soon ?

Can you please help us replying the tentative date for new release which has this issue fixed.

Thanks & Regards

Vikas Gaur

Geoffrey De Smet

unread,

Oct 24, 2022, 2:51:55 AM10/24/22

to XStream User

According to mvnrepository.com, all XStream versions are currently insecure:
https://mvnrepository.com/artifact/com.thoughtworks.xstream/xstream

Selection_1412.png

Vikas Gaur

unread,

Nov 13, 2022, 11:14:36 AM11/13/22

to XStream User

Can somebody please help us, if team is working to fix the security flaw ?
Our release is getting affected.Just help us by atleast replying.

Thanks & Regards
Vikas

Jörg Schaible

unread,

Nov 14, 2022, 8:04:17 PM11/14/22

to XStream User

Hi Vikas,

On Sunday, 13. November 2022, 17:14:36 CET Vikas Gaur wrote:
> Can somebody please help us, if team is working to fix the security flaw ?
> Our release is getting affected.Just help us by atleast replying.

It simply depends on my spare time.

Regards,
Jörg

Reply all

Reply to author

Forward