Use xstream 1.4.16 (#5360) (79ac30d7) · Commits · github / jenkinsci / jenkins

Commit 79ac30d7 authored Mar 21, 2021 by

Mark Waite Committed by beatriz munoz Apr 21, 2021

Use xstream 1.4.16 (#5360)

Changelog: https://x-stream.github.io/changes.html#1.4.16

Switches default parser to a fork of Xpp3 instead of using Xpp3 directly.
Resolves security vulnerabilities when unmarshalling with an XStream
instances using an uninitialized security framework.  As far as I
understand it, Jenkins is not susceptible to those vulnerabilities
because it initializes the security framework.

Also fixes two minor items:

* faulty XmlFriendlyNameCoder optimization
  https://github.com/x-stream/xstream/issues/237

* enum dereferences fail from older versions
  https://github.com/x-stream/xstream/issues/238

(cherry picked from commit 9f2ef985)

parent 555d8eb9

Hide whitespace changes

Inline Side-by-side

Please register or to comment