Ubuntu
libxstream-java package

libxstream-java 1.4.11.1-1~18.04.1 source package in Ubuntu

Changelog

libxstream-java (1.4.11.1-1~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Command Injection Vulnerability
    - debian/patches/CVE-2020-26217.patch: New predefined blacklist avoids
      vulnerability due to improper setup and update security vulnerability
      test to test default.
    - debian/patches/CVE-2020-26259.patch: Fix arbitrary File Deletion on the
      local host.
    - CVE-2020-26217
    - CVE-2020-26259
  * SECURITY UPDATE: Server-Side Request Forgery Vulnerability
    - debian/patches/CVE-2020-26258.patch: Fix access data streams from an
      arbitrary URL.
    - CVE-2020-26258
  * Add a new maven rule to fix FTBFS.
    - debian/maven.ignoreRules: Add com.sun.xml.ws jaxws-rt.

 -- Paulo Flabiano Smorigo <email address hidden>  Thu, 28 Jan 2021 14:36:59 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo
Uploaded to:
Bionic
Original maintainer:
Debian Java Maintainers
Architectures:
all
Section:
java
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
libxstream-java_1.4.11.1.orig.tar.xz 434.7 KiB 24eb3173a9c4be2d30cdf7271336870c147e1bb0cee0bcc512d6198d7a12d038
libxstream-java_1.4.11.1-1~18.04.1.debian.tar.xz 10.7 KiB cddee8f92845e0fe13aecea087e17c443e91e8a03279eabcc6d60822b30e3c50
libxstream-java_1.4.11.1-1~18.04.1.dsc 2.4 KiB 061f2bc787c8befd1aee7b33269071f933b2271b4a5da1049c2876ecb7a1206f

View changes file

Binary packages built by this source

libxstream-java: Java library to serialize objects to XML and back again

 The features of the XStream library are:
 .
  - Ease of use. A high level facade is supplied that simplifies common
    use cases.
  - No mappings required. Most objects can be serialized without need
    for specifying mappings.
  - Performance. Speed and low memory footprint are a crucial part of
    the design, making it suitable for large object graphs or systems
    with high message throughput.
  - Clean XML. No information is duplicated that can be obtained via
    reflection. This results in XML that is easier to read for humans
    and more compact than native Java serialization.
  - Requires no modifications to objects. Serializes internal fields,
    including private and final. Supports non-public and inner classes.
    Classes are not required to have default constructor.
  - Full object graph support. Duplicate references encountered in the
    object-model will be maintained. Supports circular references.
  - Integrates with other XML APIs. By implementing an interface,
    XStream can serialize directly to/from any tree structure (not just
    XML).
  - Customizable conversion strategies. Strategies can be registered
    allowing customization of how particular types are represented as
    XML.
  - Error messages. When an exception occurs due to malformed XML,
    detailed diagnostics are provided to help isolate and fix the
    problem.
  - Alternative output format. The modular design allows other output
    formats. XStream ships currently with JSON support and morphing.