[ANN] XStream 1.4.21 Released

23 views

Skip to first unread message

Jörg Schaible

unread,

Nov 7, 2024, 6:13:46 PM11/7/24

to XStream User

Dear Users,

XStream 1.4.21 has been released. This maintenance release addresses the security vulnerability CVE-2024-47072, when using the BinaryDriver to unmarshal a manipulated input stream causing a Denial of Service due to a stack overflow.

A new converter for the WeakHashMap avoids the access to the ReentrantLock introduced with Java 19.

The release contains an optimization for the memory consumption.

View the complete change log and download.

Enjoy,

Your XStream Project

Reply all

Reply to author

Forward

0 new messages