Skip to content
Commits on Source (3)
libxstream-java (1.4.11.1-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.4.11.1.
-- Markus Koschany <apo@debian.org> Sun, 11 Nov 2018 00:04:59 +0100
libxstream-java (1.4.11-1) unstable; urgency=medium
* Team upload.
......
......@@ -14,7 +14,7 @@
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<packaging>pom</packaging>
<version>1.4.11</version>
<version>1.4.11.1</version>
<name>XStream Parent</name>
<url>http://x-stream.github.io</url>
<description>
......@@ -321,12 +321,12 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
<classifier>tests</classifier>
<type>test-jar</type>
<scope>test</scope>
......@@ -334,43 +334,43 @@
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-hibernate</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-hibernate</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-jmh</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-jmh</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-benchmark</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</dependency>
<dependency>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-benchmark</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
<classifier>javadoc</classifier>
<scope>provided</scope>
</dependency>
......@@ -921,11 +921,11 @@
<distributionManagement>
<repository>
<id>ossrh-staging</id>
<url>http://oss.sonatype.org/service/local/staging/deploy/maven2</url>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
<snapshotRepository>
<id>ossrh-snapshots</id>
<url>http://oss.sonatype.org/content/repositories/snapshots</url>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<!--site>
<id>github</id>
......
......@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</parent>
<artifactId>xstream-benchmark</artifactId>
<packaging>jar</packaging>
......
......@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</parent>
<artifactId>xstream-distribution</artifactId>
<packaging>pom</packaging>
......
......@@ -33,6 +33,15 @@
<p>Not yet released.</p>
-->
<h1 id="1.4.11.1">1.4.11.1</h1>
<p>Released October 27, 2018.</p>
<h2>Hot fix</h2>
<ul>
<li>GHI:#133: XStream 1.4.11 fails to run on a Java Runtime &lt; 8.</li>
</ul>
<h1 id="1.4.11">1.4.11</h1>
......@@ -46,7 +55,7 @@
<ul>
<li>GHPR:#91, GHPR:#106: Clean-up data stacks in UnmarshallingContext implementations in case of exception (by
Mä&auml;rt Bakhoff).</li>
M&auml;rt Bakhoff).</li>
<li>GHI:#2: Unneeded contention in DefaultConverterLookup.</li>
<li>GHI:#94: Fix PathConverter containing absolute Windows paths.</li>
<li>GHI:#105: XStream's ObjectInputStream returns wrong values for readUnsignedByte and readUnsignedShort.</li>
......
......@@ -18,21 +18,21 @@
<p><a href="versioning.html">About XStream version numbers...</a></p>
<h1 id="stable">Stable Version: <span class="version">1.4.11</span></h1>
<h1 id="stable">Stable Version: <span class="version">1.4.11.1</span></h1>
<ul>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11/xstream-distribution-1.4.11-bin.zip">Binary distribution:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11.1/xstream-distribution-1.4.11.1-bin.zip">Binary distribution:</a></b>
Contains the XStream jar files, the Hibernate and Benchmark modules and all the dependencies.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11/xstream-distribution-1.4.11-src.zip">Source distribution:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-distribution/1.4.11.1/xstream-distribution-1.4.11.1-src.zip">Source distribution:</a></b>
Contains the complete XStream project as if checked out from the Subversion version tag.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11/xstream-1.4.11.jar">XStream Core only:</a>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11.1/xstream-1.4.11.1.jar">XStream Core only:</a>
The xstream.jar only as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.11/xstream-hibernate-1.4.11.jar">XStream Hibernate module:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-hibernate/1.4.11.1/xstream-hibernate-1.4.11.1.jar">XStream Hibernate module:</a></b>
The xstream-hibernate.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.11/xstream-jmh-1.4.11-app.zip">XStream JMH module:</a></b>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream-jmh/1.4.11.1/xstream-jmh-1.4.11.1-app.zip">XStream JMH module:</a></b>
The xstream-jmh-app.zip as standalone application with start scripts and all required libraries.</li>
<li><b><a href="http://repo1.maven.org/maven2/com/thoughtworks/xstream/xstream/1.4.11-java7/xstream-1.4.11-java7.jar">XStream Core for Java 7 only:</a>
The xstream.jar only without the Java 8 stuff as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
The xstream.jar only <a href="faq.html#Compatibility_Android">without the Java 8 stuff</a> as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
</ul>
<h1 id="previous-releases">Previous Releases</h1>
......
......@@ -35,12 +35,17 @@
<p>XStream 1.4.x requires Java 1.4 or later. Note, that the XStream libraries contains class files targeting
different Java runtime versions or Java features. These classes are loaded by reflection and only used if XStream
is running on an appropriate runtime environment.</p>
<p>Environments that load all class files of a Java archive can fail with this approach, the
<a href="#Compatibility_Android">Android runtime</a> is such an example. You can build your own version of XStream
with a <a href="#Compatibility_JDK">lower JDK</a> then.</p>
<p>For Java 9 and later you will currently have to permit the now illegal access for XStream to operate.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_JDK">Which JDK is required to build XStream?</h2>
<p>XStream 1.4.x can be build still with JDK 1.4 (see BUILD.txt). However, to support the latest features it
requires currently a JDK of Java 8. Otherwise the resulting jar files will miss some classes not available on
requires currently a JDK of Java 8. Otherwise the resulting jar file will miss some class files not available on
earlier runtimes. Depending on the target environment this can be useful (e.g. for Android or GAE).</p>
<p>Note, that such Java archives will fail on higher Java runtimes then.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_Dependencies">Which dependencies are required to run XStream?</h2>
......@@ -48,6 +53,7 @@
However it depends on the use case. XStream will run without dependencies using the DOM driver on all Java runtimes
or the StAX driver in combination with Java 6 or greater. See the list of <a
href="download.html#optional-deps">optional dependencies</a>.</p>
<p>Note, that XStream's manifest contains OSGi entries that declare all dependencies as optional.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_JVMs">Does XStream behave differently across different JVMs?</h2>
......@@ -66,6 +72,7 @@
starting with R25.1.0. Generally it works for all modern Java runtimes based on OpenJDK. Android basically supports
the enhanced mode as well as the Google Application Engine, but the latter's security model limits the types that
can be handled. Note, that an active SecurityManager might prevent the usage of the enhanced mode also.</p>
<p>Since Java 9 it is required to permit the now illegal access.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_enhanced_mode_advantage">What are the advantages of using enhanced mode over pure Java mode?</h2>
......@@ -87,8 +94,25 @@
<tr><td>Final fields</td><td>Yes &gt;= JDK 1.5</td><td>Yes</td></tr>
</table>
<p>Note, that these undocumented features are still available with Java 9, since there is currently no public
functionality provided as replacement.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_illegal_reflective_access">Java runtime warns me about an illegal reflective access by XStream!</h2>
<p>Yes, this is normal. A big part of XStream is reflection based and there is currently no replacement for the
complete required functionality. You will have to permit this access currently, otherwise XStream will not work.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_no_module">Why does XStream not even declare an automated module name?</h2>
<p>Such a declaration would move XStream automatically into the module class path. However, in this environment a
lot of functionality does no longer work. Therefore it is on purpose that XStream stays currently in the unnamed
module.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_JPMS">Will XStream support the Java Platform Module System (JPMS)?</h2>
<p>At some point definitely. However, you will have to accept a limited functionality only, comparable to the pure
Java mode. The access model is very restrictive and XStream will no longer be able to marshal all types of the Java
runtime like now.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_XPP">Why is my application not able to create a XmlPullParser with the XppDriver since XStream 1.4?</h2>
......@@ -115,7 +139,8 @@
that is equivalent to the Java level supported by the target version of Android.</p>
<p>Since XStream 1.4.10 an additional artifact is deployed to the Central Maven Repository with <em>-java7</em>
appended to the version that explicitly does not contain any Java 8 related stuff.</p>
appended to the version that explicitly does not contain any Java 8 related stuff. Note that this version will fail
on higher runtimes.</p>
<!-- ...................................................... -->
<h2 id="Compatibility_GAE">Which limits exists for XStream in Google's Application Engine (GAE)?</h2>
......
......@@ -73,7 +73,9 @@
<h1 id="news">Latest News</h1>
<h2 id="1.4.11"><b>October 23, 2018</b> XStream 1.4.11 released</h2>
<h2 id="1.4.11.1"><b>October 27, 2018</b> XStream 1.4.11.1 released</h2>
<p class="highlight">Hot fix for XStream 1.4.11: Accidental breakage of Java runtimes %lt; 8.</p>
<p class="highlight">This maintenance release addresses again the security vulnerability <a href="CVE-2013-7285.html">
CVE-2013-7285</a>, an arbitrary execution of commands when unmarshalling for XStream instances with
......
......@@ -13,7 +13,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</parent>
<artifactId>xstream-hibernate</artifactId>
<packaging>jar</packaging>
......
......@@ -13,7 +13,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</parent>
<artifactId>xstream-jmh</artifactId>
<packaging>jar</packaging>
......
......@@ -14,7 +14,7 @@
<parent>
<groupId>com.thoughtworks.xstream</groupId>
<artifactId>xstream-parent</artifactId>
<version>1.4.11</version>
<version>1.4.11.1</version>
</parent>
<artifactId>xstream</artifactId>
<packaging>jar</packaging>
......
......@@ -186,6 +186,7 @@ public class JVM implements Caching {
try {
base64 = (StringCodec)base64Class.newInstance();
} catch (final Exception e) {
} catch (final Error e) {
}
}
if (base64 == null) {
......