sseide opened a new pull request #639: URL: https://github.com/apache/jmeter/pull/639
## Description within the current xstream version 1.4.14 two more vulnerabilities were found. These are fixed with the update to 1.4.15. * CVE-2020-26258 (Server-Side Forgery Request) * CVE-2020-26259 (arbitrary file deletion) ## Motivation and Context Fix potential security problems ## How Has This Been Tested? run `gradlew check`, first run failed with one library (xstream) having changed as expected, rerun with `-PupdateExpectedJars` switch. The following executions of `gradlew check` and `gradlew test` succeeded now. ## Screenshots (if appropriate): none ## Types of changes - Bug fix (non-breaking change which fixes an issue) ## Checklist: - [x] My code follows the [code style][style-guide] of this project. - [x] I have updated the documentation accordingly. [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
