-
Bug
-
Resolution: Fixed
-
Minor
-
-
2.485 (upcoming), 2.479.2
The XStream library has reported CVE-2024-47072, a vulnerability when XStream uses the BinaryStreamDriver. I see no references to BinaryStreamDriver in any of the active Jenkins source code, but software composition analysis tools will report it as a vulnerability and we'll spend time explaining that Jenkins is not vulnerable.
Let's backport the change from PR-9954 to the stable-2.479 line so that it can be part of Jenkins 2.479.2