Use xstream 1.4.16 (#5360)
Changelog: https://x-stream.github.io/changes.html#1.4.16 Switches default parser to a fork of Xpp3 instead of using Xpp3 directly. Resolves security vulnerabilities when unmarshalling with an XStream instances using an uninitialized security framework. As far as I understand it, Jenkins is not susceptible to those vulnerabilities because it initializes the security framework. Also fixes two minor items: * faulty XmlFriendlyNameCoder optimization https://github.com/x-stream/xstream/issues/237 * enum dereferences fail from older versions https://github.com/x-stream/xstream/issues/238 (cherry picked from commit 9f2ef985)
Please register or sign in to comment