[jira] [Assigned] (MPH-196) Bump xstream to 1.4.20

Slawomir Jaranowski (Jira) Sat, 11 Mar 2023 11:13:05 -0800


     [ 
https://issues.apache.org/jira/browse/MPH-196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Slawomir Jaranowski reassigned MPH-196:
---------------------------------------

    Assignee: Sylwester Lachiewicz

> Bump xstream to 1.4.20
> ----------------------
>
>                 Key: MPH-196
>                 URL: https://issues.apache.org/jira/browse/MPH-196
>             Project: Maven Help Plugin
>          Issue Type: Dependency upgrade
>            Reporter: Sylwester Lachiewicz
>            Assignee: Sylwester Lachiewicz
>            Priority: Trivial
>             Fix For: 3.4.0
>
>
> [https://x-stream.github.io/changes.html]
>  
> This maintenance release addresses the security vulnerabilities 
> [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and 
> [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a 
> Denial of Service by raising a stack overflow. It also provides new 
> converters for Optional and Atomic types.
> Note, the next major release 1.5 will require Java 11.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (MPH-196) Bump xstream to 1.4.20

Reply via email to