commit xstream for openSUSE:Factory

Fri, 04 Feb 2022 12:52:50 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package xstream for openSUSE:Factory checked 
in at 2022-02-04 21:49:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xstream (Old)
 and      /work/SRC/openSUSE:Factory/.xstream.new.1898 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "xstream"

Fri Feb  4 21:49:24 2022 rev:8 rq:951552 version:1.4.19

Changes:
--------
--- /work/SRC/openSUSE:Factory/xstream/xstream.changes  2021-09-28 
19:17:31.868254877 +0200
+++ /work/SRC/openSUSE:Factory/.xstream.new.1898/xstream.changes        
2022-02-04 21:52:42.907020123 +0100
@@ -1,0 +2,18 @@
+Fri Feb  4 10:43:41 UTC 2022 - Fridrich Strba <fst...@suse.com>
+
+- Upgrade to 1.4.19
+  * Security fixes
+    + This maintenance release addresses the security vulnerability
+      CVE-2021-43859, bsc#1195458, when unmarshalling highly
+      recursive collections or maps causing a Denial of Service.
+  * API changes
+    + Added c.t.x.XStream.COLLECTION_UPDATE_LIMIT and
+      c.t.x.XStream.COLLECTION_UPDATE_SECONDS.
+    + Added c.t.x.XStream.setCollectionUpdateLimit(int).
+    + Added c.t.x.core.SecurityUtils.
+    + Added c.t.x.security.AbstractSecurityException and
+      c.t.x.security.InputManipulationException.
+    + c.t.x.security.InputManipulationException derives now from
+      c.t.x.security.AbstractSecurityException.
+
+-------------------------------------------------------------------

Old:
----
  xstream-distribution-1.4.18-src.zip

New:
----
  xstream-distribution-1.4.19-src.zip

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ xstream.spec ++++++
--- /var/tmp/diff_new_pack.P0DKSq/_old  2022-02-04 21:52:43.319017289 +0100
+++ /var/tmp/diff_new_pack.P0DKSq/_new  2022-02-04 21:52:43.323017262 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package xstream
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 # Copyright (c) 2000-2007, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@@ -19,7 +19,7 @@
 
 %bcond_with  hibernate
 Name:           xstream
-Version:        1.4.18
+Version:        1.4.19
 Release:        0
 Summary:        Java XML serialization library
 License:        BSD-3-Clause

Reply via email to