Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74826

Backport the xstream 1.4.21 upgrade to Jenkins 2.479.2

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • 2.485 (upcoming), 2.479.2

      The XStream library has reported CVE-2024-47072, a vulnerability when XStream uses the BinaryStreamDriver. I see no references to BinaryStreamDriver in any of the active Jenkins source code, but software composition analysis tools will report it as a vulnerability and we'll spend time explaining that Jenkins is not vulnerable.

      Let's backport the change from PR-9954 to the stable-2.479 line so that it can be part of Jenkins 2.479.2

            Unassigned Unassigned
            markewaite Mark Waite
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: