Just thought I'd let you know that we released a patched version of XStream to address the vulnerability our use of XStream deserialization caused in Sonatype Nexus.
The code can be found here: https://github.com/sonatype/xstream-whitelist This code is designed specifically for use in Nexus, it isn't intended as for use in other projects. A high level overview of it is here (this link is for end users, so is simplified a lot): https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist If any of the code in the github repo is of use to you please feel free to take it. Regards, Rich --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
