Skip to content

Commits on Source 12

Show whitespace changes
Inline Side-by-side
.travis.settings.xml 0 → 100644
View file @ e290d2fa
<settings>
<mirrors>
<mirror>
<id>central</id>
<url>http://repo1.maven.org/maven2</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
</settings>
.travis.yml
View file @ e290d2fa
language: java
sudo: false
addons:
apt:
packages:
- openjdk-6-jdk
jdk:
- openjdk11
- openjdk10
- oraclejdk9
- oraclejdk8
- oraclejdk7
- openjdk7
- openjdk6
install: true
script:
if ( `javac -version 2>&1 | grep '1\.8\.0' > /dev/null` ); then
if [ "$TRAVIS_JDK_VERSION" == "openjdk6" ]; then
wget https://archive.apache.org/dist/maven/maven-3/3.2.5/binaries/apache-maven-3.2.5-bin.zip -P ./target;
unzip -qq ./target/apache-maven-3.2.5-bin.zip -d ./target;
export M2_HOME=$PWD/target/apache-maven-3.2.5;
export PATH=$M2_HOME/bin:$JAVA_HOME/bin:$PATH;
export SETTINGS="-s .travis.settings.xml";
fi;
if [ "$TRAVIS_JDK_VERSION" == "oraclejdk8" ]; then
mkdir -p xstream/profiles/coveralls;
mkdir -p xstream-hibernate/profiles/coveralls;
mvn -V -B -e clean package cobertura:cobertura coveralls:report;
mvn -V -B -e clean package jacoco:report coveralls:report;
else
mvn -V -B -e clean package;
mvn -V -B -e clean package $SETTINGS;
fi
cache:
directories:
......
README.md
View file @ e290d2fa
......@@ -14,16 +14,16 @@ greatly improve the performance of XStream.
## Documentation
Documentation can be found at [GitHub](http://x-stream.github.io). This
includes:
* Introduction and tutorial
* JavaDoc
* Change log
* Frequently asked questions
* [Introduction](http://x-stream.github.io) and [Tutorials](http://x-stream.github.io/tutorial.html)
* [JavaDoc](http://x-stream.github.io/javadoc/index.html)
* [Change History](http://x-stream.github.io/changes.html)
* [Frequently Asked Questions](http://x-stream.github.io/faq.html)
## Source
The complete source for XStream is bundled in the -src archive. This includes:
* Main API [xstream/src/java]
* Unit tests [xstream/src/test]
* Maven build files [pom.xml]
* Hibernate module [xstream-hibernate]
* Unit Tests [xstream/src/test]
* Maven Build Files [pom.xml]
* Hibernate Module [xstream-hibernate]
* Website [xstream-distribution]
README.txt
View file @ e290d2fa
......@@ -17,19 +17,19 @@ greatly improve the performance of XStream.
Documentation can be found at http://x-stream.github.io. This
includes:
* Introduction and tutorial
* Introduction and Tutorials
* JavaDoc
* Change log
* Frequently asked questions
* Change History
* Frequently Asked Questions
--[ Source ]-------------------------------------------------
The complete source for XStream is bundled in the -src archive.
This includes:
* Main API [xstream/src/java]
* Unit tests [xstream/src/test]
* Maven build files [pom.xml]
* Hibernate module [xstream-hibernate]
* Unit Tests [xstream/src/test]
* Maven Build Files [pom.xml]
* Hibernate Module [xstream-hibernate]
* Website [xstream-distribution]
-------------------------------------------------------------
......
debian/changelog
View file @ e290d2fa
libxstream-java (1.4.11-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.4.11.
* Switch to compat level 11.
* Declare compliance with Debian Policy 4.2.1.
* Build-depend on libjaxb-api-java to fix FTBFS with Java 11.
(Closes: #912377)
* Add a new maven rule for xpp3 to fix a FTBFS.
* Remove Damien Raude-Morvan from Uploaders. (Closes: #889445)
-- Markus Koschany <apo@debian.org> Sat, 10 Nov 2018 22:56:01 +0100
libxstream-java (1.4.10-1) unstable; urgency=medium
* New upstream release
......
debian/control
View file @ e290d2fa
......@@ -5,15 +5,15 @@ Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.or
Uploaders:
Torsten Werner <twerner@debian.org>,
Varun Hiremath <varun@debian.org>,
Damien Raude-Morvan <drazzib@debian.org>,
Emmanuel Bourg <ebourg@apache.org>
Build-Depends:
debhelper (>= 10),
debhelper (>= 11),
default-jdk,
javahelper,
libbuild-helper-maven-plugin-java,
libcglib-nodep-java,
libdom4j-java,
libjaxb-api-java,
libjdom1-java,
libjdom2-java,
libjettison-java,
......@@ -26,7 +26,7 @@ Build-Depends:
libxom-java,
libxpp3-java,
maven-debian-helper
Standards-Version: 3.9.8
Standards-Version: 4.2.1
Vcs-Git: https://anonscm.debian.org/git/pkg-java/libxstream-java.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/libxstream-java.git
Homepage: http://x-stream.github.io
......
debian/copyright
View file @ e290d2fa
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: XStream
Source: https://github.com/x-stream/xstream
......
debian/maven.rules
View file @ e290d2fa
......@@ -22,3 +22,4 @@ s/net.sf.kxml/kxml2/ kxml2-min jar s/.*/debian/ * *
s/net.sf.kxml/kxml2/ kxml2 jar s/.*/debian/ * *
org.codehaus.jettison jettison s/bundle/jar/ s/.*/debian/ * *
org.codehaus.woodstox s/wstx-asl/woodstox-core-lgpl/ * s/.*/debian/ * *
xpp3 s/xpp3_min/xpp3/ * s/.*/debian/ * *
pom.xml
View file @ e290d2fa
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<!--
Copyright (C) 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017 XStream committers.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -14,7 +14,7 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<packaging>pom</packaging>
<version>1.4.10</version>
<version>1.4.11</version>
<name>XStream Parent</name>
<url>http://x-stream.github.io</url>
<description>
......@@ -37,17 +37,19 @@
<profiles>
<profile>
<id>jdk19</id>
<id>jdk9-ge</id>
<activation>
<jdk>9</jdk>
<jdk>[9,</jdk>
</activation>
<properties>
<version.java.5>1.6</version.java.5>
<version.java.source>1.6</version.java.source>
<version.java.target>1.6</version.java.target>
<version.plugin.maven.enforcer>3.0.0-M1</version.plugin.maven.enforcer>
</properties>
</profile>
<profile>
<id>jdk18ge</id>
<id>jdk18-ge</id>
<activation>
<jdk>[1.8,)</jdk>
</activation>
......@@ -56,6 +58,16 @@
<version.plugin.felix.bundle>2.5.4</version.plugin.felix.bundle>
</properties>
</profile>
<profile>
<id>jdk18</id>
<activation>
<jdk>1.8</jdk>
</activation>
<properties>
<version.java.source>1.4</version.java.source>
<version.java.target>1.4</version.java.target>
</properties>
</profile>
<profile>
<id>jdk16</id>
<activation>
......@@ -166,6 +178,7 @@
<configuration>
<instructions combine.children="append">
<Export-Package>${bundle.export.package}</Export-Package>
<Import-Package>${bundle.import.package}</Import-Package>
</instructions>
</configuration>
</plugin>
......@@ -190,6 +203,7 @@
</build>
<properties>
<bundle.export.package>${project.groupId}.*;-noimport:=true</bundle.export.package>
<bundle.import.package>*</bundle.import.package>
</properties>
</profile>
<profile>
......@@ -224,20 +238,22 @@
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<configuration>
<formats>
<format>xml</format>
</formats>
<aggregate>true</aggregate>
</configuration>
</plugin>
<plugin>
<groupId>org.eluder.coveralls</groupId>
<artifactId>coveralls-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<executions>
<execution>
<id>prepare-agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
......@@ -305,12 +321,12 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
<classifier>tests</classifier>
<type>test-jar</type>
<scope>test</scope>
......@@ -318,43 +334,43 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-hibernate</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-hibernate</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-jmh</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-jmh</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-benchmark</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-benchmark</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
......@@ -525,7 +541,16 @@
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>${version.javax.activation}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>javax.annotation-api</artifactId>
<version>${version.javax.annotation.api}</version>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId>
<version>${version.javax.xml.bind.api}</version>
</dependency>
<dependency>
......@@ -573,6 +598,16 @@
<version>${version.org.openjdk.jmh}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>${version.commons.codec}</version>
</dependency>
<dependency>
<groupId>com.brsanthu</groupId>
<artifactId>migbase64</artifactId>
<version>${version.com.brsanthu.migbase64}</version>
</dependency>
<!-- always test-scoped -->
<dependency>
......@@ -710,7 +745,7 @@
<additionalparam>${javadoc.xdoclint}</additionalparam>
<source>${version.java.source}</source>
<links>
<link>${link.javadoc.javase}</link>
<link>${javadoc.link.javase}</link>
</links>
<archive>
<manifest>
......@@ -723,6 +758,11 @@
</archive>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>${version.plugin.maven.jxr}</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
......@@ -786,7 +826,6 @@
<artifactId>maven-surefire-plugin</artifactId>
<version>${version.plugin.maven.surefire}</version>
<configuration>
<argLine>${surefire.argline}</argLine>
<forkMode>once</forkMode>
<printSummary>true</printSummary>
<useFile>false</useFile>
......@@ -816,23 +855,6 @@
<artifactId>build-helper-maven-plugin</artifactId>
<version>${version.plugin.mojo.build-helper}</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>cobertura-maven-plugin</artifactId>
<version>${version.plugin.mojo.cobertura}</version>
<executions>
<execution>
<goals>
<goal>clean</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jxr-maven-plugin</artifactId>
<version>${version.plugin.mojo.jxr}</version>
</plugin>
<plugin>
<groupId>org.codehaus.xsite</groupId>
<artifactId>xsite-maven-plugin</artifactId>
......@@ -861,6 +883,11 @@
<artifactId>coveralls-maven-plugin</artifactId>
<version>${version.plugin.eluder.coveralls}</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${version.plugin.jacoco}</version>
</plugin>
</plugins>
</pluginManagement>
<plugins>
......@@ -889,13 +916,6 @@
</configuration>
</plugin>
</plugins>
<extensions>
<extension>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-webdav</artifactId>
<version>${version.org.apache.maven.wagon.webdev}</version>
</extension>
</extensions>
</build>
<distributionManagement>
......@@ -923,6 +943,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<version.java.5>1.5</version.java.5>
<version.java.source>1.5</version.java.source>
<version.java.target>1.5</version.java.target>
<version.java.enforced>[1.4,)</version.java.enforced>
......@@ -940,27 +961,29 @@
<version.plugin.maven.install>2.2</version.plugin.maven.install>
<version.plugin.maven.jar>2.2</version.plugin.maven.jar>
<version.plugin.maven.javadoc>2.10</version.plugin.maven.javadoc>
<version.plugin.maven.jxr>2.5</version.plugin.maven.jxr>
<version.plugin.maven.release>2.1</version.plugin.maven.release>
<version.plugin.maven.resources>2.2</version.plugin.maven.resources>
<version.plugin.maven.site>2.0-beta-6</version.plugin.maven.site>
<version.plugin.maven.source>2.1.2</version.plugin.maven.source>
<version.plugin.maven.surefire>2.4.3</version.plugin.maven.surefire>
<version.plugin.mojo.build-helper>1.5</version.plugin.mojo.build-helper>
<version.plugin.mojo.cobertura>2.7</version.plugin.mojo.cobertura>
<version.plugin.mojo.jxr>2.0-beta-1</version.plugin.mojo.jxr>
<version.plugin.eluder.coveralls>4.2.0</version.plugin.eluder.coveralls>
<version.org.apache.maven.wagon.webdev>1.0-beta-2</version.org.apache.maven.wagon.webdev>
<version.plugin.jacoco>0.8.1</version.plugin.jacoco>
<version.cglib.nodep>2.2</version.cglib.nodep>
<version.com.brsanthu.migbase64>2.2</version.com.brsanthu.migbase64>
<version.com.megginson.sax.xml-writer>0.2</version.com.megginson.sax.xml-writer>
<version.commons.cli>1.1</version.commons.cli>
<version.commons.codec>1.10</version.commons.codec>
<version.commons.io>1.4</version.commons.io>
<version.commons.lang>2.4</version.commons.lang>
<version.dom4j>1.6.1</version.dom4j>
<version.hsqldb>2.2.8</version.hsqldb>
<version.javaassist>3.12.1.GA</version.javaassist>
<version.javax.activation>1.1.1</version.javax.activation>
<version.javax.annotation.api>1.3.2</version.javax.annotation.api>
<version.javax.xml.bind.api>2.3.1</version.javax.xml.bind.api>
<version.jmock>1.0.1</version.jmock>
<version.joda-time>1.6</version.joda-time>
<version.junit>3.8.1</version.junit>
......@@ -972,7 +995,7 @@
<version.org.jdom>1.1.3</version.org.jdom>
<version.org.jdom2>2.0.5</version.org.jdom2>
<version.org.json>20080701</version.org.json>
<version.org.openjdk.jmh>1.19</version.org.openjdk.jmh>
<version.org.openjdk.jmh>1.21</version.org.openjdk.jmh>
<version.org.slf4j>1.6.1</version.org.slf4j>
<version.oro>2.0.8</version.oro>
<version.stax>1.2.0</version.stax>
......@@ -983,8 +1006,10 @@
<version.xom>1.1</version.xom>
<version.xpp3>1.1.4c</version.xpp3>
<link.javadoc.javase>http://docs.oracle.com/javase/8/docs/api/</link.javadoc.javase>
<javadoc.link.javase>http://docs.oracle.com/javase/8/docs/api/</javadoc.link.javase>
<surefire.illegal.access>permit</surefire.illegal.access>
<argLine>${surefire.argline}</argLine>
<javadoc.xdoclint />
<surefire.argline />
</properties>
......
xstream-benchmark/pom.xml
View file @ e290d2fa
......@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</parent>
<artifactId>xstream-benchmark</artifactId>
<packaging>jar</packaging>
......@@ -50,7 +50,7 @@
<detectJavaApiLink>false</detectJavaApiLink>
<source>${version.java.source}</source>
<links>
<link>${link.javadoc.javase}</link>
<link>${javadoc.link.javase}</link>
</links>
</configuration>
</plugin>
......@@ -58,9 +58,9 @@
</reporting>
</profile>
<profile>
<id>jdk15-ge</id>
<id>jdk16-ge</id>
<activation>
<jdk>[1.5,)</jdk>
<jdk>[1.6,)</jdk>
</activation>
<build>
<plugins>
......
xstream-distribution/pom.xml
View file @ e290d2fa
......@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.10</version>
<version>1.4.11</version>
</parent>
<artifactId>xstream-distribution</artifactId>
<packaging>pom</packaging>
......
xstream-distribution/src/content/CVE-2013-7285.html
View file @ e290d2fa
<html>
<!--
Copyright (C) 2017 XStream committers.
Copyright (C) 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -22,6 +22,8 @@
<p>All versions until and including version 1.4.6 are affected, but a <a href="#workaround">workaround</a> exist.</p>
<p>Version 1.4.10 is affected if the security framework has not been initialized.</p>
<h2 id="description">Description</h2>
<p>The processed stream at unmarshalling time contains type information to recreate the formerly written objects.
......@@ -78,5 +80,9 @@ Contact contact = (Contact)xstream.fromXML(xml);
}, XStream.PRIORITY_LOW);
</pre></div>
<h2 id="credits">Credits</h2>
<p>The vulnerability was discovered and reported by Pierre Francis Ernst of IBM Canada.</p>
</body>
</html>
\ No newline at end of file
xstream-distribution/src/content/CVE-2016-3674.html
View file @ e290d2fa
<html>
<!--
Copyright (C) 2017 XStream committers.
Copyright (C) 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -43,6 +43,8 @@
<li>XOM</li>
</ul>
<p>See <a href="faq.html#Security_XXEVulnerability">FAQ</a> for a matrix explaining some parser behavior.</p>
<h2 id="description">Description</h2>
<p>XStream supports a lot of different XML parsers. Some of those can also process external entities which was
......@@ -79,5 +81,9 @@ String s = (String)xstream.fromXML(xml);
<p>Use one of the XML Pull Parser implementations.</p>
<h2 id="credits">Credits</h2>
<p>The vulnerability was discovered and reported by Alexander Klink.</p>
</body>
</html>
\ No newline at end of file
xstream-distribution/src/content/CVE-2017-7957.html
View file @ e290d2fa
......@@ -54,7 +54,7 @@ the provided stream, in XML just by adding a class attribute:</p>
<h2 id="workarounds">Workarounds</h2>
<p>XStream contains since version 1.4.7 a <a href="security.html">security framework</a> to prevent an attack
described in CVE-2013-7285. This framework can also be used to suppress the current vulnerability by setting:</p>
<div class="Source Java"><pre>xstream.denyTypes(void.class, Void.class);
<div class="Source Java"><pre>xstream.denyTypes(new Class[]{ void.class, Void.class });
</pre></div>
<p>Users of older XStream releases can register an own converter for the <em>void</em> type, that also protects
......@@ -74,5 +74,9 @@ the provided stream, in XML just by adding a class attribute:</p>
}, XStream.PRIORITY_VERY_HIGH);
</pre></div>
<h2 id="credits">Credits</h2>
<p>The vulnerability was discovered and reported by Huijun Chen and Xiaolong Zhu of Huawei Technologies Co., Ltd.</p>
</body>
</html>
xstream-distribution/src/content/benchmarks.html
View file @ e290d2fa
<html>
<!--
Copyright (C) 2015, 2016, 2017 XStream committers.
Copyright (C) 2015, 2016, 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -33,7 +33,7 @@
<p>All benchmark values below measure the average throughput in nanosecond per operation. JMH provides additional
measurement options, see online help. The maximum deviation for each benchmark is recorded in the reference files
of the distributed ZIP file. The benchmark is executed on Linux 4.1.12 Gentoo 64-bit system with an Intel Core i7
of the distributed ZIP file. The benchmark is executed on Linux 4.14.65 Gentoo 64-bit system with an Intel Core i7
CPU 920 of 2.67 GHz. Note again, that these values are no replacement for real profiler results and they may
vary from run to run (see reference files) due to this machine's background processes. However, it can give you some
idea of what you can expect using different parser technologies.</p>
......@@ -51,76 +51,76 @@
<th>Nested</th>
</tr>
<tr>
<th>W3C DOM (Oracle JDK 1.8.0_131)</th>
<td>9781342.261</td>
<td>52632217.909</td>
<td>5103544.581</td>
<th>W3C DOM (Oracle JDK 1.8.0_181)</th>
<td>9710278.896</td>
<td>53954694.751</td>
<td>5148010.389</td>
</tr>
<tr>
<th>JDOM (1.1.3)</th>
<td>6303281.491</td>
<td>7066427.706</td>
<td>14168656.571</td>
<td>6387821.035</td>
<td>6898339.792</td>
<td>14111857.552</td>
</tr>
<tr>
<th>JDOM 2 (2.0.5)</th>
<td>5912161.208</td>
<td>9159926.646</td>
<td>10786607.592</td>
<td>5921949.583</td>
<td>8723291.385</td>
<td>10579620.188</td>
</tr>
<tr>
<th>DOM4J (1.6.1)</th>
<td>7737425.182</td>
<td>93587705.473</td>
<td>5832065.181</td>
<td>7452345.867</td>
<td>93099746.029</td>
<td>5533035.930</td>
</tr>
<tr>
<th>XOM (1.1)</th>
<td>8086930.673</td>
<td>36550127.033</td>
<td>7799715.857</td>
<td>8204769.944</td>
<td>42486494.920</td>
<td>8086714.065</td>
</tr>
<tr>
<th>StAX (BEA 1.2.0)</th>
<td>2658801.705</td>
<td>716108.170</td>
<td>579754.753</td>
<td>2879876.995</td>
<td>666062.149</td>
<td>572549.126</td>
</tr>
<tr>
<th>StAX (Woodstox 3.2.7)</th>
<td>1888835.931</td>
<td>622817.191</td>
<td>645986.465</td>
<td>1845769.311</td>
<td>632147.776</td>
<td>604788.852</td>
</tr>
<tr>
<th>StAX (Oracle JDK 1.8.0_131)</th>
<td>7314997.951</td>
<td>727323.621</td>
<td>594349.622</td>
<td>7444273.102</td>
<td>706572.092</td>
<td>617636.917</td>
</tr>
<tr>
<th>XPP (Xpp3 min 1.1.4c)</th>
<td>2084516.475</td>
<td>693019.370</td>
<td>12426115.039</td>
<td>2155470.575</td>
<td>661082.180</td>
<td>12444913.194</td>
</tr>
<tr>
<th>XPP (kXML2 min 2.3.0)</th>
<td>3539743.111</td>
<td>837861.515</td>
<td>34291308.328</td>
<td>3663477.841</td>
<td>854613.418</td>
<td>34372562.351</td>
</tr>
<tr>
<th>Binary (XStream 1.4.10)</th>
<td>1149384.865</td>
<td>438657.801</td>
<td>290646.503</td>
<td>1129812.942</td>
<td>383203.739</td>
<td>260233.635</td>
</tr>
<tr>
<th>Jettison (1.2)</th>
<td>2983598.441</td>
<td>564172.475</td>
<td>632427.902</td>
<td>3016232.225</td>
<td>555908.503</td>
<td>619961.028</td>
</tr>
</table>
......@@ -146,15 +146,15 @@
</tr>
<tr>
<th>Custom</th>
<td>9827295.423</td>
<td>9176744.283</td>
</tr>
<tr>
<th>Java Bean</th>
<td>18939434.561</td>
<td>18353984.976</td>
</tr>
<tr>
<th>Reflection</th>
<td>19450925.166</td>
<td>23371721.858</td>
</tr>
</table>
......@@ -180,27 +180,27 @@
</tr>
<tr>
<th>No Cache</th>
<td>9755034.512</td>
<td>9422597.717</td>
</tr>
<tr>
<th>Intern</th>
<td>12650471.288</td>
<td>12576002.757</td>
</tr>
<tr>
<th>ConcurrentMap (length limit)</th>
<td>12072029.228</td>
<td>10411028.373</td>
</tr>
<tr>
<th>ConcurrentMap (unlimited)</th>
<td>11431423.547</td>
<td>10666492.267</td>
</tr>
<tr>
<th>Sync'd WeakCache (length limit)</th>
<td>12748751.700</td>
<td>10948390.386</td>
</tr>
<tr>
<th>Sync'd WeakCache (unlimited)</th>
<td>11178461.611</td>
<td>11917404.787</td>
</tr>
</table>
......@@ -241,23 +241,23 @@
</tr>
<tr>
<th>No Coding</th>
<td>4057270.642</td>
<td>4190972.243</td>
</tr>
<tr>
<th>Dollar Coding</th>
<td>4635671.256</td>
<td>4621025.135</td>
</tr>
<tr>
<th>Escaped Underscore Coding</th>
<td>5974244.102</td>
<td>5896886.514</td>
</tr>
<tr>
<th>Cached Escaped Underscore Coding</th>
<td>4531410.494</td>
<td>4350643.046</td>
</tr>
<tr>
<th>Xml Friendly Coding</th>
<td>4953594.706</td>
<td>4938586.549</td>
</tr>
</table>
......
xstream-distribution/src/content/changes.html
View file @ e290d2fa
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 XStream committers.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -28,6 +28,82 @@
filter for the appropriate milestone.
</p>
<!--
<h1 id="upcoming-1.4.x">Upcoming 1.4.x maintenance release</h1>
<p>Not yet released.</p>
-->
<h1 id="1.4.11">1.4.11</h1>
<p>Released October 23, 2018.</p>
<p class="highlight">This maintenance release addresses again the security vulnerability <a href="CVE-2013-7285.html">
CVE-2013-7285</a>, an arbitrary execution of commands when unmarshalling for XStream instances with
uninitialized security framework. Only 1.4.10 uninitialized security framework was affected.</p>
<h2>Minor changes</h2>
<ul>
<li>GHPR:#91, GHPR:#106: Clean-up data stacks in UnmarshallingContext implementations in case of exception (by
&auml;rt Bakhoff).</li>
<li>GHI:#2: Unneeded contention in DefaultConverterLookup.</li>
<li>GHI:#94: Fix PathConverter containing absolute Windows paths.</li>
<li>GHI:#105: XStream's ObjectInputStream returns wrong values for readUnsignedByte and readUnsignedShort.</li>
<li>JIRA:XSTR-616 and GHPR:#93: Introduce StringCodec interface to support arbitrary Base64 codec
implementations for EncodedByteArrayConverter. Prefer Base64 codec implementations of the Java runtime over
XStream's own one.</li>
<li>GHI:#97: Support to run out of the box in a Java 1.4 runtime is established again.</li>
<li>Provide methods in AbstractCollectionConverter that read and write in a balanced way from and to the
hierarchical stream.</li>
<li>New future-proof method JVM.isVersion to detect major version of Java runtime (incl. Java 10) as
replacement for individual JVM.isXY methods.</li>
<li>GHI:#115: Dom4JDriver ignores character set of Dom4J configuration creating a Writer.</li>
<li>GHI:#116: Make converters null safe.</li>
<li>GHI:#123 and GHPR:#124: Declare XPP dependencies for OSGi as optional.</li>
<li>Add XppDriver.createDefaultParser for a simpler access to the default XmlPullParserFactory.</li>
<li>Old BEA reference implementation of StAX is outdated, unmaintained and has security issues, therefore
XStream's driver has been deprecated.</li>
<li>Support for JaCoCo: FieldDictionary ignores synthetic fields starting with <em>$jacoco</em> as name.</li>
</ul>
<h2>Stream compatibility</h2>
<ul>
<li>The EncodedByteArrayConverter will now use an encoder by default that does no longer add line breaks as
normally required by the RFC 1521 after 76 characters, making it also easier to use the converter for
attributes. This will not affect XStream's Base64 decoder.</li>
</ul>
<h2>API changes</h2>
<ul>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.readBareItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.readCompleteItem(HierarchicalStreamReader, UnarshallingContext, Object).</li>
<li>Deprecated c.t.x.converters.collection.AbstractCollectionConverter.readItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.writeBareItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.writeCompleteItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Deprecated c.t.x.converters.collection.AbstractCollectionConverter.writeItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.converters.collection.AbstractCollectionConverter.writeNullItem(MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.converters.extended.EncodedByteArrayConverter(StingCodec).</li>
<li>Added c.t.x.converters.extended.NamedCollectionConverter.readBareItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Deprecated c.t.x.converters.extended.NamedCollectionConverter.readItem(HierarchicalStreamReader, UnmarshallingContext, Object).</li>
<li>Added c.t.x.converters.extended.NamedCollectionConverter.writeCompleteItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Deprecated c.t.x.converters.extended.NamedCollectionConverter.writeItem(Object, MarshallingContext, HierarchicalStreamWriter).</li>
<li>Added c.t.x.core.DefaultConverterLookup(Map).</li>
<li>Added c.t.x.core.util.JVM.getBase64Codec().</li>
<li>Added c.t.x.core.util.JVM.isVersion().</li>
<li>Deprecated c.t.x.core.util.JVM.is18().</li>
<li>Deprecated c.t.x.core.util.JVM.is9().</li>
<li>Deprecated c.t.x.io.ExtendedHierarchicalStreamReader.</li>
<li>Deprecated c.t.x.io.ExtendedHierarchicalStreamWriter.</li>
<li>Deprecated c.t.x.io.ExtendedHierarchicalStreamWriterHelper.</li>
<li>Deprecated c.t.x.io.xml.BEAStaxDriver.</li>
<li>Added c.t.x.io.xml.Dom4JReader.Dom4JReader(Branch).</li>
<li>Added c.t.x.io.xml.XppDriver.createDefaultParser().</li>
<li>Added c.t.x.core.util.StingCodec.</li>
</ul>
<h1 id="1.4.10">1.4.10</h1>
<p>Released May 23, 2017.</p>
......@@ -38,6 +114,8 @@
<h2>Major changes</h2>
<ul>
<li>GHI:#84: New XStream artifact with <em>-java7</em> appended as version suffix for a library explicitly
without the Java 8 stuff (lambda expression support, converters for java.time.* package).</li>
<li>Fix PrimitiveTypePermission to reject type <em>void</em> to prevent CVE-2017-7957 with an initialized
security framework.</li>
<li>Improve performance by minimizing call stack of mapper chain.</li>
......
xstream-distribution/src/content/download.html
View file @ e290d2fa
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017 XStream committers.
Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2016, 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -18,45 +18,23 @@
<p><a href="versioning.html">About XStream version numbers...</a></p>
<h1 id="stable">Stable Version: <span class="version">1.4.10</span></h1>
<h1 id="stable">Stable Version: <span class="version">1.4.11</span></h1>
<ul>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.10/xstream-distribution-1.4.10-bin.zip">Binary distribution:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11/xstream-distribution-1.4.11-bin.zip">Binary distribution:</a></b>
Contains the XStream jar files, the Hibernate and Benchmark modules and all the dependencies.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.10/xstream-distribution-1.4.10-src.zip">Source distribution:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11/xstream-distribution-1.4.11-src.zip">Source distribution:</a></b>
Contains the complete XStream project as if checked out from the Subversion version tag.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.10/xstream-1.4.10.jar">XStream Core only:</a>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11/xstream-1.4.11.jar">XStream Core only:</a>
The xstream.jar only as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.10/xstream-hibernate-1.4.10.jar">XStream Hibernate module:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.11/xstream-hibernate-1.4.11.jar">XStream Hibernate module:</a></b>
The xstream-hibernate.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.10/xstream-jmh-1.4.10-app.zip">XStream JMH module:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.11/xstream-jmh-1.4.11-app.zip">XStream JMH module:</a></b>
The xstream-jmh-app.zip as standalone application with start scripts and all required libraries.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11-java7/xstream-1.4.11-java7.jar">XStream Core for Java 7 only:</a>
The xstream.jar only without the Java 8 stuff as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
</ul>
<!--
<h1 id="snapshot">Latest Snapshot HEAD revision</h1>
<p>Below are builds of the latest HEAD version of XStream from the <a href="repository.html">repository</a>.</p>
<ul>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream-distribution/1.5.0-SNAPSHOT/">Complete distributions</a></li>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream/1.5.0-SNAPSHOT/">XStream Core only</a></li>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream-hibernate/1.5.0-SNAPSHOT/">XStream Hibernate module</a></li>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream-jmh/1.5.0-SNAPSHOT/">XStream JMH module</a></li>
</ul>
<h1 id="snapshot-1.4.x">Latest Snapshot 1.4.x BRANCH revision</h1>
<p>Below are builds of the latest 1.4.x branch version of XStream from the <a href="repository.html">repository</a>.</p>
<ul>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream-distribution/1.4.10-SNAPSHOT/">Complete distributions (1.4.x)</a></li>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream/1.4.10-SNAPSHOT/">XStream Core only (1.4.x)</a></li>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream-hibernate/1.4.10-SNAPSHOT/">XStream Hibernate module (1.4.x)</a></li>
<li><a href="https://nexus.codehaus.org/content/groups/public/com/thoughtworks/xstream/xstream-jmh/1.4.10-SNAPSHOT/">XStream JMH module (1.4.x)</a></li>
</ul>
-->
<h1 id="previous-releases">Previous Releases</h1>
<p>Previous releases of XStream are also available. However, use of the latest stable version is recommended.</p>
......@@ -68,6 +46,12 @@
<h1 id="optional-deps">Optional Dependencies</h1>
<p>Note, that all those dependencies can be optional. XStream uses by default the XPP API in combination with the
Xpp3 implementation. Therefore are these dependencies not declared as optional in Maven. However, depending on your
choice of the XML parser, you can exclude the dependencies for the XPP API (e.g. by selecting Xpp3 directly) or
Xpp3 (e.g. by selecting StAX). You will then have to declare the dependencies for the alternative XML parser
yourself unless you use a parser form the Java runtime.</p>
<ul>
<li>Supported XML parsers and packages:
<ul>
......@@ -84,6 +68,7 @@
</li>
<li>Other optional 3rd party dependencies:
<ul>
<li><a href="http://repo.maven.apache.org/maven2/javax/activation/activation/1.1.1/activation-1.1.1.jar">Java Activation module</a> for the ActivationDataFlavorConverter. The dependency is required for the Java 11 runtime.</li>
<li><a href="http://downloads.sourceforge.net/joda-time/joda-time-1.6.zip">Joda Time</a> for optional ISO8601 date/time converters in JDK 1.7 or below.</li>
<li><a href="http://downloads.sourceforge.net/cglib/cglib-nodep-2.2.jar">CGLIB</a> for optional support of some proxies generated with the CGLIB Enhancer.</li>
<li><a href="http://repo.maven.apache.org/maven2/org/codehaus/jettison/jettison/1.2/jettison-1.2.jar">Jettison</a> for serialization and deserialization support with JSON. Note, that newer versions 1.3.x are no longer compatible with XStream.</li>
......
xstream-distribution/src/content/faq.html
View file @ e290d2fa
......@@ -114,6 +114,9 @@
of XStream to the Dalvik runtime. You might have to build a custom version of XStream (see BUILD.txt) with a JDK
that is equivalent to the Java level supported by the target version of Android.</p>
<p>Since XStream 1.4.10 an additional artifact is deployed to the Central Maven Repository with <em>-java7</em>
appended to the version that explicitly does not contain any Java 8 related stuff.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_GAE">Which limits exists for XStream in Google's Application Engine (GAE)?</h2>
......
xstream-distribution/src/content/index.html
View file @ e290d2fa
<html>
<!--
Copyright (C) 2005, 2006 Joe Walnes.
Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014, 2015, 2016, 2017 XStream committers.
Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 XStream committers.
All rights reserved.
The software in this package is published under the terms of the BSD
......@@ -73,14 +73,14 @@
<h1 id="news">Latest News</h1>
<h2 id="1.4.10"><b>May 23, 2017</b> XStream 1.4.10 released</h2>
<h2 id="1.4.11"><b>October 23, 2018</b> XStream 1.4.11 released</h2>
<p class="highlight">This maintenance release addresses the security vulnerability <a href="CVE-2017-7957.html">
CVE-2017-7957</a>, a possibility for a denial of service attack. All previous versions are affected.</p>
<p class="highlight">This maintenance release addresses again the security vulnerability <a href="CVE-2013-7285.html">
CVE-2013-7285</a>, an arbitrary execution of commands when unmarshalling for XStream instances with
uninitialized security framework. Only 1.4.10 with uninitialized security framework was affected.</p>
<p>XStream supports now the java.time.* package of Java 8 with various new converters.</p>
<p>Emit warning message if XStream instance is still running with an uninitialized security framework.</p>
<p>New future-proof method JVM.isVersion to detect major version of Java runtime (incl. Java 10) as
replacement for individual JVM.isXY methods.</p>
<p>View the complete <a href="changes.html">change log</a> and <a href="download.html">download</a>.</p>
......