| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: xstream-parent | Distribution: openSUSE Leap 15.2 |
| Version: 1.4.17 | Vendor: openSUSE |
| Release: lp152.2.9.1 | Build date: Thu Jun 17 16:14:05 2021 |
| Group: Development/Libraries/Java | Build host: obs-arm-9 |
| Size: 39695 | Source RPM: xstream-1.4.17-lp152.2.9.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://x-stream.github.io/ | |
| Summary: Parent POM for xstream | |
Parent POM for xstream.
BSD-3-Clause
* Mon May 31 2021 Fridrich Strba <fstrba@suse.com>
- Upgrade to 1.4.17
* Security fix:
* bsc#1186651, CVE-2021-29505: potential code execution when
unmarshalling with XStream instances using an uninitialized
security framework
* Thu Apr 15 2021 Fridrich Strba <fstrba@suse.com>
- Upgrade to 1.4.16
* Security fixes:
+ bsc#1184796, CVE-2021-21351: remote attacker to load and
execute arbitrary code
+ bsc#1184797, CVE-2021-21349: SSRF can lead to a remote
attacker to request data from internal resources
+ bsc#1184380, CVE-2021-21350: arbitrary code execution
+ bsc#1184374, CVE-2021-21348: remote attacker could cause
denial of service by consuming maximum CPU time
+ bsc#1184378, CVE-2021-21347: remote attacker to load and
execute arbitrary code from a remote host
+ bsc#1184375, CVE-2021-21344: remote attacker could load and
execute arbitrary code from a remote host
+ bsc#1184379, CVE-2021-21342: server-side forgery
+ bsc#1184377, CVE-2021-21341: remote attacker could cause a
denial of service by allocating 100% CPU time
+ bsc#1184373, CVE-2021-21346: remote attacker could load and
execute arbitrary code
+ bsc#1184372, CVE-2021-21345: remote attacker with sufficient
rights could execute commands
+ bsc#1184376, CVE-2021-21343: replace or inject objects, that
result in the deletion of files on the local host
- Add patch:
* Revert-MXParser-changes.patch
+ revert changes that would force us to add new dependency
* Tue Mar 09 2021 Johannes Renner <jrenner@suse.com>
- Upgrade to 1.4.15
* fixes bsc#1180146, CVE-2020-26258 and bsc#1180145,
CVE-2020-26259
- Upgrade to 1.4.14
* fixes bsc#1180994, CVE-2020-26217
- Update xstream to 1.4.15~susemanager
Removed:
* xstream_1_4_10-jdk11.patch
* xstream_1_4_10-buildsh-sle12.patch
* build.sh
* Tue Mar 05 2019 Frantisek Kobzik <fkobzik@suse.com>
- Update xstream to 1.4.10
Added:
* xstream_1_4_10-jdk11.patch
* xstream_1_4_10-buildsh-sle12.patch
* xstream-XSTREAM_1_4_10.tar.gz
Removed:
* 0001-Prevent-deserialization-of-void.patch
* xstream-XSTREAM_1_4_9.tar.gz
* xstream-XSTREAM_1_4_9-jdk11.patch
- Major changes:
- New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package).
- Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework.
- Improve performance by minimizing call stack of mapper chain.
- XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).
- JavaBeanConverter does not respect ignored unknown elements.
- Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x.
- Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits.
* Tue Feb 05 2019 michele.bologna@suse.com
- Feat: modify patch to be compatible with JDK 11 building
Added:
* xstream-XSTREAM_1_4_9-jdk11.patch
Removed:
* xstream-XSTREAM_1_4_9-jdk9.patch
* Tue Dec 11 2018 moio@suse.com
- fixes for SLE 15 compatibility
* Fri Dec 01 2017 mc@suse.com
- fix possible Denial of Service when unmarshalling void.
(CVE-2017-7957, bsc#1070731)
Added:
* 0001-Prevent-deserialization-of-void.patch
* Tue Nov 07 2017 jgonzalez@suse.com
- Fix build for JDK9
- Disable javadoc generation (broken for SLE15 and Tumbleweed)
- Add:
* xstream-XSTREAM_1_4_9-jdk9.patch
- Changed:
* build.sh
* Tue Apr 05 2016 moio@suse.com
- Require building on Java 8, otherwise the LambdaMapper class is skipped
(issue 30)
* Tue Mar 29 2016 moio@suse.com
- Upgrade to version 1.4.9, which fixes CVE-2016-3674 (bsc#972950)
* Tue Nov 10 2015 moio@suse.com
- Initial version
/usr/share/maven-metadata/xstream-xstream-parent.xml /usr/share/maven-poms/xstream /usr/share/maven-poms/xstream/xstream-parent.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 14:28:18 2024