Commit e63bbed5 by Dave Syer

Upgrade xstream to 1.4.9

Fixes XXE vulnerability in Eureka Server (external entity processing on by default in older versions of the library).
parent 8ebdf662
...@@ -28,6 +28,7 @@ ...@@ -28,6 +28,7 @@
<java.version>1.7</java.version> <java.version>1.7</java.version>
<turbine.version>1.0.0</turbine.version> <turbine.version>1.0.0</turbine.version>
<eureka-jersey.version>1.19.1</eureka-jersey.version> <eureka-jersey.version>1.19.1</eureka-jersey.version>
<xstream.version>1.4.9</xstream.version>
</properties> </properties>
<dependencyManagement> <dependencyManagement>
<dependencies> <dependencies>
...@@ -299,7 +300,7 @@ ...@@ -299,7 +300,7 @@
<dependency> <dependency>
<groupId>com.thoughtworks.xstream</groupId> <groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId> <artifactId>xstream</artifactId>
<version>1.4.2</version> <version>${xstream.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.netflix.feign</groupId> <groupId>com.netflix.feign</groupId>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment