update xstream to 1.4.18

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      https://github.com/jenkinsci/jenkins/pull/5685Ā updated XStream (JenkinsĀ 2.309Ā and higher).

      The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.

      This is a retrospective ticket that was assigned after the fact to start an LTS backport discussion.

      See also https://groups.google.com/g/jenkinsci-dev/c/jX0f6Kz6zhcĀ 

            Assignee:
            Unassigned
            Reporter:
            James Nord
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: