etatara
commented
1 year ago Testing on /Repast/repast.simphony/tree/xstream-1.4.19. Set the class security permissions to ANY and added more unit tests for scenario deserialization.
Closed etatara closed 1 year ago
etatara
commented
1 year ago Testing on /Repast/repast.simphony/tree/xstream-1.4.19. Set the class security permissions to ANY and added more unit tests for scenario deserialization.
We should investigate updating the xstream lib since it's very old and may have two significant problems.
xstream is throwing the scary looking warning in the console about "future access may be restricted" or similar since it's not properly modularized. There's nothing we can do unless xstream addresses this.
Newer version of xstream address a security vulnerability that seems to focus on remote stream deserialization. It might be good to update, however the security permissions need to be configured for the new version to work, and it's not clear what the settings should be.