Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65281

Update to xstream 1.4.16 to avoid security scanner complaints

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      2.285

      Description

      The xstream 1.4.16 release resolves security vulnerabilities when unmarshalling with an XStream instance using an uninitialized security framework. As far as I can tell, Jenkins is not susceptible to the vulnerabilities being fixed in xstream 1.4.16. It would be good to include the xstream 1.4.16 in the Jenkins 2.277.x line (like 2.277.3 being released in May) so that security scanners do not need to be taught that Jenkins is not susceptible to the issue in xstream 1.4.15 and earlier.

      See https://github.com/jenkinsci/jenkins/pull/5360 for the delivery of that change into Jenkins 2.285

        Attachments

          Activity

          Hide
          danielbeck Daniel Beck added a comment -

          The filter needs issues to be resolved.

          Show
          danielbeck Daniel Beck added a comment - The filter needs issues to be resolved.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            markewaite Mark Waite
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: