Lukasz Lenart created WW-5329: --------------------------------- Summary: Upgrade xstream to version 1.4.20 Key: WW-5329 URL: https://issues.apache.org/jira/browse/WW-5329 Project: Struts 2 Issue Type: Dependency Components: Core Reporter: Lukasz Lenart Fix For: 6.3.0
This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types. -- This message was sent by Atlassian Jira (v8.20.10#820010)