jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [jmeter] sseide opened a new pull request #639: update xstreams to 1.4.15 (from 1.4.14)
Date Thu, 17 Dec 2020 11:03:34 GMT

sseide opened a new pull request #639:
URL: https://github.com/apache/jmeter/pull/639


   ## Description
   within the current xstream version 1.4.14 two more vulnerabilities were found. These are
fixed with the update to 1.4.15.
   * CVE-2020-26258 (Server-Side Forgery Request)
   * CVE-2020-26259 (arbitrary file deletion)
   
   ## Motivation and Context
   Fix potential security problems
   
   ## How Has This Been Tested?
   run `gradlew check`, first run failed with one library (xstream) having changed as expected,
rerun with `-PupdateExpectedJars` switch.
   The following executions of `gradlew check` and `gradlew test` succeeded now.
   
   
   ## Screenshots (if appropriate):
   none
   
   ## Types of changes
   - Bug fix (non-breaking change which fixes an issue)
   
   ## Checklist:
   - [x] My code follows the [code style][style-guide] of this project.
   - [x] I have updated the documentation accordingly.
   
   [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message