The XStream library has reported CVE-2024-47072, a vulnerability when XStream uses the BinaryStreamDriver. I see no references to BinaryStreamDriver in any of the active Jenkins source code, but software composition analysis tools will report it as a vulnerability and we'll spend time explaining that Jenkins is not vulnerable.

Let's backport the change from PR-9954 to the stable-2.479 line so that it can be part of Jenkins 2.479.2