[
https://issues.apache.org/jira/browse/MPH-196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sylwester Lachiewicz updated MPH-196:
-------------------------------------
Description:
[https://x-stream.github.io/changes.html]
This maintenance release addresses the security vulnerabilities
[CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and
[CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a
Denial of Service by raising a stack overflow. It also provides new converters
for Optional and Atomic types.
Note, the next major release 1.5 will require Java 11.
> Bump xstream to 1.4.20
> ----------------------
>
> Key: MPH-196
> URL: https://issues.apache.org/jira/browse/MPH-196
> Project: Maven Help Plugin
> Issue Type: Dependency upgrade
> Reporter: Sylwester Lachiewicz
> Priority: Trivial
> Fix For: 3.3.1
>
>
> [https://x-stream.github.io/changes.html]
>
> This maintenance release addresses the security vulnerabilities
> [CVE-2022-40151|https://x-stream.github.io/CVE-2022-40151.html] and
> [CVE-2022-41966|https://x-stream.github.io/CVE-2022-41966.html], causing a
> Denial of Service by raising a stack overflow. It also provides new
> converters for Optional and Atomic types.
> Note, the next major release 1.5 will require Java 11.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
