Skip to content

There is a vulnerability in com.thoughtworks.xstream.xstream 1.4.20, upgrade recommended #4691

New issue
New issue
Closed
Closed
There is a vulnerability in com.thoughtworks.xstream.xstream 1.4.20, upgrade recommended#4691
@intumchoi1

Description

@intumchoi1
intumchoi1
opened on Nov 26, 2024

Describe the bug
In the current version of OpenGrok (last release is 1.13.24), OpenGrok Suggester includes xstream 1.4.20 which has a vulnerability: CVE-2024-47072

Recommended version 1.4.21 fixes the above vulnerability.

Additional context

I tried updating 1.4.21 to see if it would be a trivial upgrade, but a couple unit test failures in ChronicleMapAdapterTest (testResize() and dataNotLostAfterResizeTest()) fail with the exception: com.thoughtworks.xstream.converters.ConversionException: unable to convert node named=org.apache.lucene.util.BytesRef.

Thank you!

Activity

vladak

vladak commented on Nov 26, 2024

@vladak
vladak
on Nov 26, 2024
Member

Actually, not at all trivial, see PR #4684.

vladak
closed this as completedon Nov 26, 2024
intumchoi1

intumchoi1 commented on Nov 26, 2024

@intumchoi1
intumchoi1
on Nov 26, 2024
Author

thank you for the quick reply! will follow #4684

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @vladak@intumchoi1

        Issue actions
          There is a vulnerability in com.thoughtworks.xstream.xstream 1.4.20, upgrade recommended · Issue #4691 · oracle/opengrok