Hello, the XStream project is pleased to announce the release of XStream 1.4.7.
The release is primarily a security release to address CVE-2013-7285. XStream will no longer handle any java.bean.EventHandler instance as immediate consequence. If you know what you do, you may still register the ReflectionConverter for this type. Unless you unmarshal such objects, XStream 1.4.7 is meant as drop-in replacement. XStream contains now on top of this a security framework, where you can fine- control any type that is permitted by XStream to unmarshall. All security related aspects are described in this new documentation: http://xstream.codehaus.org/security.html Check it out yourself: http://xstream.codehaus.org/downloads.html Enjoy, XStream Committers --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
