Upgrade xstream to 1.4.9

Fixes XXE vulnerability in Eureka Server (external entity processing on by default in older versions of the library).

Upgrade xstream to 1.4.9
e63bbed5 · Dave Syer · 8ebdf662 · e63bbed5
Commit e63bbed5 authored Sep 22, 2016 by Dave Syer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

pom.xml spring-cloud-netflix-dependencies/pom.xml +2 -1

No files found.
--- a/spring-cloud-netflix-dependencies/pom.xml
+++ b/spring-cloud-netflix-dependencies/pom.xml
@@ -28,6 +28,7 @@
 		<java.version>1.7</java.version>
 		<turbine.version>1.0.0</turbine.version>
 		<eureka-jersey.version>1.19.1</eureka-jersey.version>
+		<xstream.version>1.4.9</xstream.version>
 	</properties>
 	<dependencyManagement>
 		<dependencies>
@@ -299,7 +300,7 @@
 			<dependency>
 				<groupId>com.thoughtworks.xstream</groupId>
 				<artifactId>xstream</artifactId>
-				<version>1.4.2</version>
+				<version>${xstream.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>com.netflix.feign</groupId>