This is an automated email from the ASF dual-hosted git repository.
tiagobento pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git
The following commit(s) were added to refs/heads/main by this push:
new 7bc2985019c NO-ISSUE: Bump `xstream` to version `1.4.21` (#2752)
7bc2985019c is described below
commit 7bc2985019c2caa98d47951b65869a3e30b7c106
Author: Yeser Amer <[email protected]>
AuthorDate: Wed Nov 20 17:21:51 2024 +0100
NO-ISSUE: Bump `xstream` to version `1.4.21` (#2752)
---
packages/dev-deployment-kogito-quarkus-blank-app/pom.xml | 10 ++++++++++
packages/stunner-editors/pom.xml | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
b/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
index 3102095aa91..07fa2b09361 100644
--- a/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
+++ b/packages/dev-deployment-kogito-quarkus-blank-app/pom.xml
@@ -54,6 +54,9 @@
<version.maven.jar.plugin>3.4.1</version.maven.jar.plugin>
<version.maven.clean.plugin>3.4.0</version.maven.clean.plugin>
<version.codehaus.flatten.plugin>1.6.0</version.codehaus.flatten.plugin>
+ <!-- Temporary declaring xstream dependency, a version (1.4.20) is
transitively imported by Quarkus 3.8 affected by CVE
+ When upgrading Quarkus (> 3.15.x) to a new version, please evaluate if
this exclusion can be removed -->
+ <version.com.thoughtworks.xstream>1.4.21</version.com.thoughtworks.xstream>
<!-- Config -->
<maven.compiler.parameters>true</maven.compiler.parameters>
@@ -88,6 +91,13 @@
<artifactId>jbpm-with-drools-quarkus</artifactId>
<version>${version.org.kie.kogito}</version>
</dependency>
+ <!-- Temporary declaring xstream dependency, a version (1.4.20) is
transitively imported by Quarkus 3.8 affected by CVE
+ When upgrading Quarkus (> 3.15.x) to a new version, please evaluate
if this exclusion can be removed -->
+ <dependency>
+ <groupId>com.thoughtworks.xstream</groupId>
+ <artifactId>xstream</artifactId>
+ <version>${version.com.thoughtworks.xstream}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
diff --git a/packages/stunner-editors/pom.xml b/packages/stunner-editors/pom.xml
index e5068660c9f..6e19e7f450d 100644
--- a/packages/stunner-editors/pom.xml
+++ b/packages/stunner-editors/pom.xml
@@ -241,7 +241,7 @@
<version.com.google.guava>32.1.3-jre</version.com.google.guava>
<version.org.gwtproject>2.10.0</version.org.gwtproject>
<version.com.google.jsinterop.base>1.0.0</version.com.google.jsinterop.base>
- <version.com.thoughtworks.xstream>1.4.20</version.com.thoughtworks.xstream>
+ <version.com.thoughtworks.xstream>1.4.21</version.com.thoughtworks.xstream>
<version.enforce-managed-deps-rule>1.3</version.enforce-managed-deps-rule>
<version.enfore-victims-rule>1.3.4</version.enfore-victims-rule>
<version.illegal-transitive-dependency-check>1.7.4</version.illegal-transitive-dependency-check>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
