Addressing CVE-2017-7957 in xstream

javamelody / liferay-javamelody

JavaMelody plugin for Liferay

Apache License 2.0

6 stars 8 forks source link

Addressing CVE-2017-7957 in xstream #12

Closed ghenadiibatalski closed 6 years ago

ghenadiibatalski commented 6 years ago

see http://x-stream.github.io/CVE-2017-7957.html for more details

evernat commented 6 years ago

Thanks for the PR

evernat commented 6 years ago

As a side note, I recommend for security to upgrade to the plugin 1.74.0 if you have not already done. See https://github.com/javamelody/javamelody/wiki/ReleaseNotes#1740

ghenadiibatalski commented 6 years ago

OK, thank you for the hint! Could you please build a new release? Is it possible zu publish it in maven central? Our build could load it as a custom scoped dependency.

evernat commented 6 years ago

I have released 1.74.0.1 of the plugin. It is available at: https://github.com/javamelody/liferay-javamelody/releases

Given that the liferay plugin is rarely used, compared to other javamelody uses, I prefer not to publish this release and every next release in maven central.