Jörg Schaible
unread,May 14, 2021, 9:15:49 AM5/14/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to xstrea...@googlegroups.com
Dear Community,
XStream 1.4.17 has been released and is also available on Maven Central. The
version targets the security vulnerability CVE-2021-29505, a Remote Command
Execution attack, detected and reported by V3geB1rd, white hat hacker from
Tencent Security Response Center - thanks a lot.
The XStream Committers strongly recommends to all users, to use XStream's
security framework to setup a whitelist. None of the found security issues in
the last months applies to such a setup..
Regards,
XStream Committers