Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66507

update xstream to 1.4.18

    XMLWordPrintable

Details

    Description

      https://github.com/jenkinsci/jenkins/pull/5685 updated XStream (Jenkins 2.309 and higher).

      The library has a public CVE and whilst Jenkins already uses an allow list so is not impacted it would be nice to pull this update into the LTS version to keep some scanners happy.

      This is a retrospective ticket that was assigned after the fact to start an LTS backport discussion.

      See also https://groups.google.com/g/jenkinsci-dev/c/jX0f6Kz6zhc 

      Attachments

        Issue Links

          Activity

            There are no comments yet on this issue.

            People

              Unassigned Unassigned
              teilo James Nord
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: