Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

xstream-parent-1.4.17-lp152.2.9.1 RPM for noarch

From OpenSuSE Ports Leap 15.2 updates for noarch

Name: xstream-parent Distribution: openSUSE Leap 15.2
Version: 1.4.17 Vendor: openSUSE
Release: lp152.2.9.1 Build date: Thu Jun 17 16:14:05 2021
Group: Development/Libraries/Java Build host: obs-arm-9
Size: 39695 Source RPM: xstream-1.4.17-lp152.2.9.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://x-stream.github.io/
Summary: Parent POM for xstream
Parent POM for xstream.

Provides

Requires

License

BSD-3-Clause

Changelog

* Mon May 31 2021 Fridrich Strba <fstrba@suse.com>
  - Upgrade to 1.4.17
    * Security fix:
    * bsc#1186651, CVE-2021-29505: potential code execution when
      unmarshalling with XStream instances using an uninitialized
      security framework
* Thu Apr 15 2021 Fridrich Strba <fstrba@suse.com>
  - Upgrade to 1.4.16
    * Security fixes:
      + bsc#1184796, CVE-2021-21351: remote attacker to load and
      execute arbitrary code
      + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote
      attacker to request data from internal resources
      + bsc#1184380, CVE-2021-21350: arbitrary code execution
      + bsc#1184374, CVE-2021-21348: remote attacker could cause
      denial of service by consuming maximum CPU time
      + bsc#1184378, CVE-2021-21347: remote attacker to load and
      execute arbitrary code from a remote host
      + bsc#1184375, CVE-2021-21344: remote attacker could load and
      execute arbitrary code from a remote host
      + bsc#1184379, CVE-2021-21342: server-side forgery
      + bsc#1184377, CVE-2021-21341: remote attacker could cause a
      denial of service by allocating 100% CPU time
      + bsc#1184373, CVE-2021-21346: remote attacker could load and
      execute arbitrary code
      + bsc#1184372, CVE-2021-21345: remote attacker with sufficient
      rights could execute commands
      + bsc#1184376, CVE-2021-21343: replace or inject objects, that
      result in the deletion of files on the local host
  - Add patch:
    * Revert-MXParser-changes.patch
      + revert changes that would force us to add new dependency
* Tue Mar 09 2021 Johannes Renner <jrenner@suse.com>
  - Upgrade to 1.4.15
    * fixes bsc#1180146, CVE-2020-26258 and bsc#1180145,
      CVE-2020-26259
  - Upgrade to 1.4.14
    * fixes bsc#1180994, CVE-2020-26217
  - Update xstream to 1.4.15~susemanager
    Removed:
    * xstream_1_4_10-jdk11.patch
    * xstream_1_4_10-buildsh-sle12.patch
    * build.sh
* Tue Mar 05 2019 Frantisek Kobzik <fkobzik@suse.com>
  - Update xstream to 1.4.10
    Added:
    * xstream_1_4_10-jdk11.patch
    * xstream_1_4_10-buildsh-sle12.patch
    * xstream-XSTREAM_1_4_10.tar.gz
    Removed:
    * 0001-Prevent-deserialization-of-void.patch
    * xstream-XSTREAM_1_4_9.tar.gz
    * xstream-XSTREAM_1_4_9-jdk11.patch
  - Major changes:
  - New XStream artifact with -java7 appended as version suffix for a library explicitly without the Java 8 stuff (lambda expression support, converters for java.time.* package).
  - Fix PrimitiveTypePermission to reject type void to prevent CVE-2017-7957 with an initialized security framework.
  - Improve performance by minimizing call stack of mapper chain.
  - XSTR-774: Add converters for types of java.time, java.time.chrono, and java.time.temporal packages (converters for LocalDate, LocalDateTime, LocalTime, OffsetDateTime, and ZonedDateTime by Matej Cimbora).
  - JavaBeanConverter does not respect ignored unknown elements.
  - Add XStream.setupDefaultSecurity to initialize security framework with defaults of XStream 1.5.x.
  - Emit error warning if security framework has not been initialized and the XStream instance is vulnerable to known exploits.
* Tue Feb 05 2019 michele.bologna@suse.com
  - Feat: modify patch to be compatible with JDK 11 building
    Added:
    * xstream-XSTREAM_1_4_9-jdk11.patch
    Removed:
    * xstream-XSTREAM_1_4_9-jdk9.patch
* Tue Dec 11 2018 moio@suse.com
  - fixes for SLE 15 compatibility
* Fri Dec 01 2017 mc@suse.com
  - fix possible Denial of Service when unmarshalling void.
    (CVE-2017-7957, bsc#1070731)
    Added:
    * 0001-Prevent-deserialization-of-void.patch
* Tue Nov 07 2017 jgonzalez@suse.com
  - Fix build for JDK9
  - Disable javadoc generation (broken for SLE15 and Tumbleweed)
  - Add:
    * xstream-XSTREAM_1_4_9-jdk9.patch
  - Changed:
    * build.sh
* Tue Apr 05 2016 moio@suse.com
  - Require building on Java 8, otherwise the LambdaMapper class is skipped
    (issue 30)
* Tue Mar 29 2016 moio@suse.com
  - Upgrade to version 1.4.9, which fixes CVE-2016-3674 (bsc#972950)
* Tue Nov 10 2015 moio@suse.com
  - Initial version

Files

/usr/share/maven-metadata/xstream-xstream-parent.xml
/usr/share/maven-poms/xstream
/usr/share/maven-poms/xstream/xstream-parent.pom


Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Nov 29 23:57:17 2021